IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
A newline is missing but also use DBG_INFO macro and cleanup spelling.
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Replace kerberos context initialization from
raw krb5_init_context() to smb_krb5_init_context_basic()
which is adding common tracing as well.
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
The protos were declared in lib/krb5_wrap but the functions are not
available there.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Add the ability to leave the domain with --keep-account argument to avoid
removal of the host machine account.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13498
Signed-off-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
We need to open the ncacn_np (smb) transport connection with
anonymous credentials.
In order to do netr_ServerPasswordSet*() we need to
establish a 2nd netlogon connection using dcerpc schannel
authentication.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13149
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This provides cleaner data dependencies. A netlogon_creds_ctx contains
everything required to open an schannel, there is no good reason to
require cli_credentials here.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This creates a context with access to a credentials, not credentials
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
rpccli_create_netlogon_creds_with_creds just extracts the values we set here
from cli_credentials, and the lower-level interface is supposed to go away.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
These don't use any krb5_context related functions and they just
work on secrets.tdb, so they really belong to machine_account_secrets.c.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
We should not store the secrets before we did all remote changes
(except the optional dns updates).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
We should separate the calculation and the storing steps.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
username[strlen(username)] is *always* '\0'!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Trever L. Adams <trever.adams@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 13 04:26:26 CEST 2016 on sn-devel-144
[MS-WKST] states that SetUserInfo2 should be used to set the account
flags. We already call this a few lines down to set the password.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The function should also return if it failed or not.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sun Sep 25 12:56:17 CEST 2016 on sn-devel-144
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jun 24 05:58:35 CEST 2016 on sn-devel-144
Inspired by initial patch from Matt Rogers @ RedHat.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11977
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Wed Jun 22 05:05:47 CEST 2016 on sn-devel-144
This prevents irritating warning messages.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jun 17 08:13:55 CEST 2016 on sn-devel-144
Initial patch from Matt Rogers @ RedHat.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11977
Guenther
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Jun 15 20:28:31 CEST 2016 on sn-devel-144
When domain member is joined to AD, we need to use the same DC to
authenticate against after the join because the machine account might
not be replicated yet to other domain controllers, including off-site.
Bug https://bugzilla.samba.org/show_bug.cgi?id=11769 dealt with
detection of the site pre-join. However, we rewrite private local
krb5.conf afterwards without taking the discovered site name into
account.
Fix this by reusing the site discovered pre-join.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11975
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jun 15 15:25:44 CEST 2016 on sn-devel-144
Add all listed smb.conf netbios aliases as SPNs to the machine account:
HOST/NETBIOS_ALIAS@REALM
and
HOST/netbios_alias.dnsdomain.name@REALM
Bug: https://bugzilla.samba.org/show_bug.cgi?id=1703
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed May 4 17:58:05 CEST 2016 on sn-devel-144
Quite a few callers already did check for !=NULL. With the current code this is
pointless due to a SMB_ASSERT in base64_encode_data_blob() itself. Make the
callers consistently check, so that we can remove SMB_ASSERT from base64.c.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Use SMB_SIGNING_IPC_DEFAULT for RPC connections.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Guenther
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11755
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Mar 14 19:38:48 CET 2016 on sn-devel-144
This is a preparation to move smb_krb5_kt_add_entry() to krb5_wrap.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
When joining a domain using Kerberos authentication, create a
configuration file for the Kerberos libs to prefer on-site
domain controllers, without relying on the winbindd Kerberos
locator, which many not be operational at this stage.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11769
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 8 01:30:35 CET 2016 on sn-devel-144
We may not have the permission to modify the object after creation.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11755
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bj@sernet.de>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Feb 26 11:30:03 CET 2016 on sn-devel-144
We should never get a secret from a server when we specify DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING
This asserts that this is the case.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
The dsgetdcname() function is able to try just DNS lookup, just NetBIOS,
or start with DNS and fall back to NetBIOS. For "net ads join", we know
most of the time whether the name of the domain we're joining is a DNS
name or a NetBIOS name. In that case, it makes no sense to try both lookup
methods, especially that DNS may fail and we want to fall back from site-aware
DNS lookup to site-less DNS lookup, with no NetBIOS lookup in between.
This change lets "net ads join" tell libnet what is the type of the domain
name, if it is known.
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
Reviewed-by: Jeremy Allison <jra@samba.org>
osServicePack paramater allows the default behaviour ( which is to use
the samba version string as the operatingSystemServicePack attribute )
to be overridden
Additionally make sure if blank string is passed that it is treated
as attribute deletion. This is necessary as values for the os attributes
are eventually passed to ads_modlist_add if the value is "" then the
attempt to add this attribute fails in the underlying ldap
'ldap_modfiy_ext_s' function. In this case we need to pass NULL as the
value to force deletion of the ldap attribute
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jan 8 00:18:05 CET 2015 on sn-devel-104
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10891
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
This partially reverts 15f6e27bd5.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10891
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
This is very helpful in the trusted domain situation, as we may not
have a two-way trust but we can use our domain trust account to set up
a connection to NETLOGON
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Oct 8 12:48:15 CEST 2014 on sn-devel-104
Signed-off-by: Samuel Cabrero <scabrero@zentyal.com>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
