IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This is needed because the smb2.create.mkdir-dup test creates a race,
and against an AD DC this can cause a flapping test if the lstat() and
stat() calls are made either side of the chown() due to creation of a
file by administrator.
Fix based on original patches by myself, by Douglas Bagnall
<douglas.bagnall@catalyst.net.nz>. and Jeremy Allison <jra@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11780
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Mar 12 09:43:21 CET 2016 on sn-devel-144
Valgrind reports the following:
==26599== Syscall param ioctl(SIOCETHTOOL) points to uninitialised byte(s)
==26599== at 0x7014707: ioctl (in /usr/lib64/libc-2.22.so)
==26599== by 0x79D1585: query_iface_speed_from_name (interfaces.c:152)
==26599== by 0x79D1BBA: _get_interfaces (interfaces.c:277)
==26599== by 0x79D1E80: get_interfaces (interfaces.c:368)
==26599== by 0x508A7E3: load_interfaces (interface.c:612)
==26599== by 0x150B30: main (net.c:963)
==26599== Address 0xffefff0d8 is on thread 1's stack
==26599== in frame #1, created by query_iface_speed_from_name
(interfaces.c:130)
==26599==
==26599== Syscall param ioctl(SIOCETHTOOL) points to uninitialised byte(s)
==26599== at 0x7014707: ioctl (in /usr/lib64/libc-2.22.so)
==26599== by 0x79D15CC: query_iface_speed_from_name (interfaces.c:164)
==26599== by 0x79D1BBA: _get_interfaces (interfaces.c:277)
==26599== by 0x79D1E80: get_interfaces (interfaces.c:368)
==26599== by 0x508A7E3: load_interfaces (interface.c:612)
==26599== by 0x150B30: main (net.c:963)
==26599== Address 0xffefff0d8 is on thread 1's stack
==26599== in frame #1, created by query_iface_speed_from_name
(interfaces.c:130)
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
See https://lists.samba.org/archive/samba-technical/2016-March/112861.html
found 517 lines matching '^UNEXPECTED' in 641 files matching 'samba.stdout$'
175 UNEXPECTED(failure): samba4.winbind.struct.domain_info(ad_member:local)
19 UNEXPECTED(failure): samba4.winbind.struct.domain_info(s3member:local)
12 UNEXPECTED(failure): samba4.rpc.backupkey with seal.backupkey.server_wrap_encrypt_decrypt_wrong_key(ad_dc_ntvfs)
12 UNEXPECTED(failure): samba4.drs.delete_object.python(promoted_dc).delete_object.DrsDeleteObjectTestCase.test_ReplicateDeletedObject1(promoted_dc)
12 UNEXPECTED(failure): samba4.rpc.backupkey with seal.backupkey.server_wrap_decrypt_wrong_r2(ad_dc_ntvfs)
11 UNEXPECTED(failure): samba4.ldap.notification.python(ad_dc_ntvfs).__main__.LDAPNotificationTest.test_max_search(ad_dc_ntvfs)
We'll see if we also need to add
samba4.winbind.struct.domain_info.s3member
before we're able to identify and fix the problem.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Mar 12 02:14:39 CET 2016 on sn-devel-144
This is only available in python 2.7 and >= 3.1
This should fix make test with python 2.6.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We saw a lot of flapping tests with:
[1793(11038)/1892 at 1h55m26s]
samba4.ldap.notification.python(ad_dc_ntvfs)(ad_dc_ntvfs)
UNEXPECTED(failure):
samba4.ldap.notification.python(ad_dc_ntvfs).__main__.LDAPNotificationTest.test_max_search(ad_dc_ntvfs)
REASON: Exception: Exception: Traceback (most recent call last):
File
"/memdisk/autobuild/fl/b1782183/samba/source4/dsdb/tests/python/notification.py",
line 181, in test_max_search
self.assertEquals(num, ERR_TIME_LIMIT_EXCEEDED)
AssertionError: 11 != 3
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
An implementation of https://lists.samba.org/archive/samba/2012-March/166497.html (which has been discussed in 2012, but was never implemented).
It has been tested on a Debian Jessie system with this patch added to the Debian package (which is currently 4.1.17). Even though this is Samba 4, the ntlm_auth installed is the one from Samba 3 (yes, it surprised me too). The backend was a machine with Windows 2012R2.
It was first tested with the local security policy 'Network Security: LAN Manager authentication level' setting changed to 'Send NTLMv2 Response Only' (allow ntlm v1). This way we are able to authenticate with and without the MSV1_0_ALLOW_MSVCHAPV2 flag (as expected).
After the basic step has been verified, the local security policy 'Network Security: LAN Manager authentication level' setting was changed to 'Send NTLMv2 Response Only. Refuse LM & NTLM' (only allow ntlm v2). The behaviour now changed according to the MSV1_0_ALLOW_MSVCHAPV2 flag (again: as expected).
$ ntlm_auth --request-nt-key --username=XXXXXXXXXXXXX --challenge=XXXXXXXXXXXXXXXXX --nt-response=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX --domain=
Logon failure (0xc000006d)
$ ntlm_auth --request-nt-key --username=XXXXXXXXXXXXX --challenge=XXXXXXXXXXXXXXXXX --nt-response=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX --domain= --allow-mschapv2
NT_KEY: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
The changes in `wbclient.h` are intended for programs that use libwinbind directly instead of authenticating via `ntlm_auth`. I intend to use that within FreeRADIUS (see https://bugzilla.samba.org/show_bug.cgi?id=11149).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11694
Signed-off-by: Herwin Weststrate <herwin@quarantainenet.nl>
Reviewed-by: Kai Blin <kai@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
On a busy system, TRANS3_COMMIT control can take upto or longer than
3 seconds. On timeout, there are few possible outcomes.
1. The transaction has completed on all nodes and TRANS3_COMMIT control
has returned. In such a case, there is no problem.
2. The transaction has completed on the local node, but TRANS3_COMMIT
control is still active. In such a case, ctdb_transaction_commit()
can return successfully. If this is being called from ctdb, then
ctdb will exit. This will cause ctdb daemon to trigger recovery
since the client exited while transaction is active. This will cause
unnecessary recovery.
3. Database recovery was started and ctdb_transaction_commit() will
retry till the recovery completes the transaction.
Increasing the timeout to 30 seconds will avoid the spurious database
recoveries when TRANS3_COMMIT control takes longer to finish.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Mar 11 19:59:53 CET 2016 on sn-devel-144
smb2srv_session_close_previous_check crashes if
ndr_pull_smbXsrv_session_globalB fails for some reason. It depends on "is_free"
to be correctly set. All we can do for an invalid database is to discard the
record and set it free.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar 11 00:12:18 CET 2016 on sn-devel-144
Removes the use of an extraneous 'struct smb_filename *'
which wasn't being created correctly, only as a place
holder for two char * pointers.
Use split_stream_filename() to create the char * pointers
directly and make it clearer what we're up to here.
The logic here is still complex, but I'm satified
it does the correct thing.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Use standard parent_dirname() function instead of hand-hacking
using strrchr_m(xxx, '/'). Next commit should enable removal
of synthetic_smb_fname_split().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Perform a testjoin between steps to verify join status
Perform most testjoins with machine account because that's
the more common case.
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Thu Mar 10 14:41:13 CET 2016 on sn-devel-144
net ads join command changes machine password, thus affecting
the test environment beyond the thing we want to test.
This cange runs the test in a private client env, with its
own hostname, newly-generated machine SID, and a separate
secrets.tdb, thus not affecting the running AD member server,
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This matches modern Windows servers.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Mar 10 10:15:21 CET 2016 on sn-devel-144
Windows servers doesn't return the raw NT_STATUS_NO_USER_SESSION_KEY
error, but return WRONG_PASSWORD or even hide the error by using a random
session key, that results in an invalid, unknown, random NTHASH.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is the only way to get a reliable transport session key.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
It requires a transport session key, which is only reliable available
over SMB.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
ncacn_ip_tcp doesn't have the required session key.
It used to be the wellknown "SystemLibraryDTC" constant,
but that's not available in modern systems anymore.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This pares a fix for https://bugzilla.samba.org/show_bug.cgi?id=10288
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
It will be possible to use this for more than just NTLMSSP in future.
This prepares a fix for https://bugzilla.samba.org/show_bug.cgi?id=10288
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This pares a fix for https://bugzilla.samba.org/show_bug.cgi?id=10288
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Everything uses the top level ntlmssp code via gensec now.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This pares a fix for https://bugzilla.samba.org/show_bug.cgi?id=10288
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Caller will use them instead of the full principal in future.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
It will be possible to use this for more than just NTLMSSP in future.
Similar to https://bugzilla.samba.org/show_bug.cgi?id=10288
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This avoids using the hand made spnego code, that
doesn't support the GENSEC_FEATURE_NEW_SPNEGO protection.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
This is more generic and will handle the
ntlmssp_[un]wrap() behaviour at the right level.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The LDAP client library uses tstream and that handles non blocking
sockets natively.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
We need to start with an empty input buffer.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
This is now handled by GENSEC_FEATURE_LDAP_STYLE.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We want also work against old Samba servers which didn't had
GENSEC_FEATURE_LDAP_STYLE we negotiate SEAL too. We may remove this in a few
years. As all servers should support GENSEC_FEATURE_LDAP_STYLE by then.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
We need to handle NTLMSSP_NEGOTIATE_SIGN as
NTLMSSP_NEGOTIATE_SEAL if GENSEC_FEATURE_LDAP_STYLE
is requested.
This works arround a bug in Windows, which allow signed only
messages using NTLMSSP and LDAP.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
This will be used for LDAP connections and may trigger
backend specific behaviour.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>