IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This old password change mechanism does not provide the plaintext to
validate against password complexity, and it is not used by modern
clients. It also has quite difficult semantics to handle regarding
password lockout.
The missing features in both implementations (by design) were:
- the password complexity checks (no plaintext)
- the minimum password length (no plaintext)
Additionally, the source3 version did not check:
- the minimum password age
- pdb_get_pass_can_change() which checks the security
descriptor for the 'user cannot change password' setting.
- the password history
- the output of the 'passwd program' if 'unix passwd sync = yes'.
Finally, the mechanism was almost useless, as it was incorrectly
only made available to administrative users with permission
to reset the password. It is removed here so that it is not
mistakenly reinstated in the future.
Andrew Bartlett
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245
Change-Id: If2edd3183c177e5ff37c9511b0d0ad0dd9038c66
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://gerrit.samba.org/37
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10344
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10344
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Use "filename=string" to define a file where to save the unencrypted PAC to.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Mar 12 13:02:59 CET 2014 on sn-devel-104
Rename it to "net ads kerberos pac dump" and add a "type=num" option to allow
dumping of individial pac buffer types. Ommitting type= or using type=0 will
dump the whole PAC structure on stdout.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
gencache_parse calling tdb shows up in profiles when we do a lot of open/close
traffic with large ACLs. For every file we convert unix ids to sids, and in the
domain member case this goes through gencache.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 11 19:56:47 CET 2014 on sn-devel-104
Clients using UNIX extensions need chmod() to go through catia.
Signed-off-by: Ralph Boehme <rb@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Mar 11 13:39:17 CET 2014 on sn-devel-104
Add stream name defines that are usable with Samba's way of storing
stream names internally.
Signed-off-by: Ralph Boehme <rb@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Change-Id: I19bbd3b34548258201dabdc0ec8dc049e28d0049
Reviewed-by: David Disseldorp <ddiss@samba.org>
Tested-by: Thomas Schulz <schulz@adi.com>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Mar 8 05:53:08 CET 2014 on sn-devel-104
This avoids issues with whatever sys.platform may return, fixes the
order of arguments to the CHECK_FUNCS_IN call, and only runs after
Linux-style POSIX ACL detection fails.
Andrew Bartlett
Change-Id: I930dff1e03c1cd1ceb8f3a35823ceb805694b66a
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Tested-by: Thomas Schulz <schulz@adi.com>
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Mar 8 03:52:44 CET 2014 on sn-devel-104
Just calling print_canonical_sockaddr() is sufficient, as it already deals with
ipv6 as well. The port handling, which was only done for IPv6 (not IPv4), is
removed as well. It was pointless because it always derived the port number from
the provided address which was either a SMB (usually port 445) or LDAP
connection. No KDC will ever run on port 389 or 445 on a Windows/Samba DC.
Finally, the kerberos libraries that we support and build with, can deal with
ipv6 addresses in krb5.conf, so we no longer put the (unnecessary) burden of
resolving the DC name on the kerberos library anymore.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
In the common case with just one request, we can use a preallocated
req->out.vector.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 6 00:59:29 CET 2014 on sn-devel-104
It is only important that the content of info->data stays alive
for the lifetime of the request, but the DATA_BLOB structure itself
can be on the stack, while passing it as 'dyn' to smbd_smb2_request_done_ex().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Use a preallocated buffer for the first response in the compound chain.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
We can use a preallocated buffer for the possible error
response of the first response in the compound chain.
This avoids a talloc_array_zero() call for the common case.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
We can avoid a talloc_zero_array() call in the
common case (without compound requests) and use a
preallocated array instead.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10422
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Mar 5 22:53:34 CET 2014 on sn-devel-104
Using helper variables make it much easier to understand.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
We're now sure that sconn->smb1.sessions.max_send is >= SMB_BUFFER_SIZE_MIN.
in order to garantee some progress we need to make sure our assumed
header overhead is less than SMB_BUFFER_SIZE_MIN.
Assuming 372 bytes for the SMBtrans headers should still be more than
enough.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10422
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This makes sure sconn->smb1.sessions.max_send is always >= SMB_BUFFER_SIZE_MIN.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10422
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
SMB_BUFFER_SIZE_MAX is UINT16_MAX and the largest value a client
can possibly specify in the session setup request.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10422
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The current limit of 128*1024 causes problems as the value has to be
<= UINT16_MAX otherwise some clients get confused, as they want to
use the MaxBufferSize value from the negprot response (uint32_t)
for the MaxBufferSize value in thet session setup request (uint16_t).
E.g. Windows 7 (as client) sends MaxBufferSize = 0 if the server value
is > UINT16_MAX.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10422
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This is the original cause of the wbc NT_STATUS_OBJECT_NAME_NOT_FOUND issues in recent git master, as the
build was able to progress without the correct path being set as an override.
Andrew Bartlett
Change-Id: I1dbc7350695756356e869199b589eb781eb5c673
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Mar 5 18:34:48 CET 2014 on sn-devel-104
Following the current coding guidelines, it is considered bad practice to return from
within a macro and change control flow as they look like normal function calls.
Change-Id: I421e169275fe323e2b019c6cc5d386289aec07f7
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Following the current coding guidelines, it is considered bad practice to return from
within a macro and change control flow as they look like normal function calls.
Change-Id: I133eb5a699757ae57b87d3bd3ebbcf5b556b0268
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
smbd currently prints the following level 0 error when a client attempts
to connect to an unsupported named pipe (e.g. browser):
ERROR! 'browser' is not a registred pipe
This change reduces the severity of the error (0->2) and fixes a couple
of typos.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Wed Mar 5 16:31:42 CET 2014 on sn-devel-104
Windows Server starts some named pipe services on demand, and responds
to initial open requests with STATUS_PIPE_NOT_AVAILABLE. The FssagentRpc
named pipe on Windows Server 2012 exhibits this behaviour.
This change sees rpcclient retry named pipe open requests when the
server responds with STATUS_PIPE_NOT_AVAILABLE. The retry logic is
contained in an asynchronous tevent_timer callback, to allow for
non-blocking callers.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
While running smbtorture test raw.write under valgrind an "Invalid read"
was reported in methid reply_writeclose, it seems after closing a file
sometime later we try to access it again.
Signed-off-by: Noel Power <noel.power@suse.com>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Mar 3 20:42:40 CET 2014 on sn-devel-104
This might be the reason for a few flaky builds.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Mar 3 16:30:53 CET 2014 on sn-devel-104
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Simo Sorce <simo@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
The current could would crash if a pthreadpool was created, deleted and the
process then fork()s. "pthreadpools" is NULL in this case, but the
pthread_atfork handlers are in place. This fixes walking the pthreadpools list
in reverse.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Simo Sorce <simo@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
If the same process tries to re-lock the same record
it has already locked, don't go to the ctdbd again.
There are situations where we already have a lock on a record
and then do a dbwrap_parse_record() on that record, for instance
in locking code:
do_lock()
-> grabs lock on brl record with brl_get_locks()
-> calls brl_lock()
-> calls brl_lock_posix or _windows_default()
-> calls contend_level2_oplocks_begin()
-> calls brl_locks_get_read_only()
-> calls dbwrap_parse_record on the same brl record as above
In the local (tdb) case, this is not a problem, because
identical fcntl locks in the same process don't contend each other,
but calling out to ctdb for this lets smbd and ctdb deadlock.
db_ctdb_fetch_lock() already correclty checks first
whether we can simply try to lock locally. But db_ctdb_parse_record()
failed to do so for empty records, i.e. records that only
consist of the ctdb record header. (These can be deleted records
but can also be freshly created and still empty records.)
This patch lets db_ctdb_parse_record() not skip local access
for empty records, hence fixing the deadlock.
PLAN: In the long run, it would be better to solve this
generically on the dbwrap_layer, i.e. root the notion of
an already locked record there, and skip any call to the
db (tdb or ctdb backend) if we have it. This would also
solve the problem for all calls like fetch_locked, parse_record
and possibly others. But this is the urgent fix for now.
Pair-Programmed-With: Volker Lendecke <vl@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Tested-by: Björn Baumbach <bb@sernet.de>
The current FSCTL_GET_SHADOW_COPY_DATA/FSCTL_SRV_ENUMERATE_SNAPSHOTS
handler squashes all non-ENOSYS errors into an NT_STATUS_UNSUCCESSFUL
response.
This commit ensures that all errors are propagated up to the client, to
aid debugging.
The Windows Explorer "Previous Versions" dialogue doesn't appear to
distinguish between error codes. It displays "There are no previous
versions available".
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Feb 27 22:42:50 CET 2014 on sn-devel-104
brl_get_locks_readonly() currently returns NULL when it can't
find any byte range locks on the file. This is an error - it
should return a valid struct byte_range_lock containing num_locks == 0
so it can be cached.
Returning NULL when there are no locks causes POSIX lock
tests to fail returning NT_STATUS_NO_MEMORY (as it thinks
it can't allocate the struct) instead of NT_STATUS_OK.
Fixes bug:
Bug 10431 - STATUS_NO_MEMORY response from Query File Posix Lock request
https://bugzilla.samba.org/show_bug.cgi?id=10431
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
We have messaging_send_buf, so there's no point to use an explicit
DATA_BLOB here.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Feb 25 23:27:21 CET 2014 on sn-devel-104
Change-Id: I74347199e54be0d1dc031985534da1e56fd3e280
Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
Reviewed-by: Christopher R. Hertel <crh@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Change-Id: If1b54e62b4fc2240aa17e5d1eae8f279f2fdfc42
Signed-off-by: Christopher R. Hertel <crh@samba.org>
Reviewed-by: Jose A. Rivera <jarrpa@redhat.com>
Reviewed-by: Ira Cooper <ira@samba.org>
Change-Id: I98b512da2e0e56f061247a7c48ce576287b43827
Signed-off-by: Christopher R. Hertel <crh@samba.org>
Reviewed-by: Jose A. Rivera <jarrpa@redhat.com>
Reviewed-by: Ira Cooper <ira@samba.org>
https://bugzilla.samba.org/show_bug.cgi?id=9993
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Feb 25 13:19:37 CET 2014 on sn-devel-104
If we have no name indexes for a domain, all names were domain
names and have been resolved earlier, including the domain name.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10463
Change-Id: I5a7a387fa89d2b2bdd465c13b3dca0e18ca0482c
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Feb 25 11:17:18 CET 2014 on sn-devel-104
Hand the *input* name as input into the normalize call,
not the (potentially uninitialized...) *output* name...
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10463
Change-Id: I4f3fc25882c22d96329e252d0a53bbe13d533472
Pair-Programmed-With: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10463
Change-Id: I6a8a8c272b9cf7dbce4f9a99012209c29c31e839
Pair-Programmed-With: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Previously only members of these domains were handled.
But we also need to handle the domain itself.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10463
Change-Id: I44f85267eda243d586fffd24a799e153de0ff982
Pair-Programmed-With: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@sernet.de>
Reviewed-by: Michael Adam <obnox@samba.org>
Coverity-Id: 710708
Signed-off-by: Poornima Gurusiddaiah <pgurusid@redhat.com>
Reviewed-by: Ira Cooper <ira@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Coverity-id: 1107228,1107227
Signed-off-by: Poornima Gurusiddaiah <pgurusid@redhat.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
secrets_fetch_machine_password() sets pwd to point to memdup()'d (and thus
malloc()'d) memory. This memory should be freed before we go out of scope.
Change-Id: I07e575819c309fa5b85627dce2eb969bc720ce4e
Coverity-Id: 1168001
Reviewed-by: Ira Cooper <ira@samba.org>
Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
Reviewed-by: Simo Sorce <idra@samba.org>
Autobuild-User(master): Simo Sorce <idra@samba.org>
Autobuild-Date(master): Sat Feb 22 00:58:23 CET 2014 on sn-devel-104
Moved the call to the talloc autofree function to as early a point as
possible. init_ldap_from_sam() already calls smbldap_set_mod(), and there's
a chance that the init will fail after having already allocated memory for
&mods.
Coverity-Id: 1167997
Change-Id: Ic26bfb3c530f90aa885e447b8409deba49708d64
Reviewed-by: Ira Cooper <ira@samba.org>
Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
Reviewed-by: Simo Sorce <idra@samba.org>
As a domain member we should always use a DC of our own domain.
It would be possible to pass all sids in one single dcerpc_wbint_LookupSids()
call. For now we just fix bug.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10458
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
We need to make sure that r->out.domains remains valid,
otherwise we're not able to marshall the response.
Note that wbint_LookupSids() has [out,ref] lsa_RefDomainList *domains,
while lsa_LookupSids() has [out,ref] lsa_RefDomainList **domains.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10458
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
If smbd_server_connection_terminate("CTDB_SRVID_RELEASE_IP") is triggered from
within ctdbd_migrate(), we got a smb_panic complaining about invalid
lock_order, as ctdbd_migrate is called from dbwrap_fetch_locked().
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10444
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Feb 21 14:51:51 CET 2014 on sn-devel-104
If it returns true the passed ip address matched and we
let a nested ctdb operation fail with NT_STATUS_ADDRESS_CLOSED.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
If this isn't NT_STATUS_OK, we skip any io on the socket.
This avoids possible problems during shutdown.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
