IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Only in case we have an SMB encrypted connection ...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
lib/util/safe_string.h is similar to source3/include/safe_string.h, but
the former has fewer checks. It is missing bcopy, strcasecmp, and
strncasecmp.
Add the missing elements to lib/util/safe_string.h remove the other
safe_string.h which is in the source3-specific path. To accomodate
existing uses of str(n?)casecmp, add #undef lines to source files where
they are used.
Signed-off-by: Matthew DeVore <matvore@google.com>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 28 02:18:40 UTC 2020 on sn-devel-184
Normally this returns the right status code, which normally is:
NT_STATUS_NO_USER_SESSION_KEY
This is consitent with the source3 samr server implmentation.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Autobuild-User(master): Isaac Boukris <iboukris@samba.org>
Autobuild-Date(master): Wed Nov 20 22:29:35 UTC 2019 on sn-devel-184
Add a helper function to retrieve the imessaging_context from the
stream connection.
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
EnumDomainUsers currently takes too long, significantly slowing down
calls to winbind's getpwent which is a core unix API. The time is taken
up by a GUID lookup for every record in the cached result. The advantages
of this approach are:
1. It meets the specified requirement that if a record yet to be returned
by a search in progress (with a resume handle) is deleted or
modified, the future returned results correctly reflect the
new changes.
2. Memory footprint for a search in progress is only 16 bytes per record.
But, those benefits are not worth the significant performance hit
of the lookups, so this patch changes the function to run the search
and cache the RIDs and names of all records matching the search when
the request is made. This makes the memory footprint around 200 bytes
per record or up to 2MB per concurrent search for a 100k user database.
The speedup achieved by this change is around 50%, and in tandem with
some winbindd improvements as part of the same task has achieved around
15x speedup for getpwent.
The lost specification compliance is unlikely to cause a problem for any
known usage of this RPC call.
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This allows the use of GnuTLS for the underlying RC4 crypto operations.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Use dsdb_domain_count instead of samdb_search_count to determine the
number of users, groups and aliases. This gives a performance gain of
around 10%, reduces the total memory allocated and fixes the incorrect
count returned for aliases.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This allows the check password script to reject the username and other
things.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Different gcc versions complain at different places.
I recently got these:
../source4/rpc_server/samr/dcesrv_samr.c: In function
‘dcesrv_samr_QueryDisplayInfo2’:
../source4/rpc_server/samr/dcesrv_samr.c:4117:2: error: ‘q.out.result.v’
may be used uninitialized in this function [-Werror=maybe-uninitialized]
return result;
^
../source4/rpc_server/samr/dcesrv_samr.c: In function
‘dcesrv_samr_QueryDisplayInfo3’:
../source4/rpc_server/samr/dcesrv_samr.c:4151:2: error: ‘q.out.result.v’
may be used uninitialized in this function [-Werror=maybe-uninitialized]
return result;
^
cc1: all warnings being treated as errors
../source4/rpc_server/samr/dcesrv_samr.c: In function
‘dcesrv_samr_QueryDisplayInfo3’:
../source4/rpc_server/samr/dcesrv_samr.c:4151:2: error: ‘q.out.result.v’
may be used uninitialized in this function [-Werror=maybe-uninitialized]
return result;
^
In file included from ../source4/rpc_server/samr/dcesrv_samr.c:4447:0:
default/librpc/gen_ndr/ndr_samr_s.c: In function ‘samr__op_dispatch’:
default/librpc/gen_ndr/ndr_samr_s.c:597:18: error: ‘q.out.result.v’ may
be used uninitialized in this function [-Werror=maybe-uninitialized]
r2->out.result = dcesrv_samr_QueryDisplayInfo2(dce_call, mem_ctx,
r2);
^
cc1: all warnings being treated as errors
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Move the calls to GUID_buf_string and dom_sid_str_buf into the
coresponding DBG_WARNING call, instead of using an intermediate variable.
While this violates the coding guidelines, doing this makes the code less
cluttred and means the functions are only called if the debug message is
printed.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Nov 21 01:50:11 CET 2018 on sn-devel-144
Add a cache of GUID's that matched the last samr_EnunDomainUsers made on a
domain handle. The cache is cleared if resume_handle is zero, and when the
final results are returned to the caller.
The existing code repeated the database query for each chunk requested.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add a cache of GUID's that matched the last samr_EnunDomainGroups made on a
domain handle. The cache is cleared if resume_handle is zero, and when the
final results are returned to the caller.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add a cache of GUID's that matched the last samr_QueryDisplayInfo made on a
domain handle. The cache is cleared if the requested start index is
zero, or if the level does not match that in the cache.
The cache is maintained in the guid_caches array of the dcesrv_handle.
Note: that currently this cache exists for the lifetime of the RPC
handle.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is not a general purpose profiling solution, but these JSON logs are already being
generated and stored, so this is worth adding.
Some administrators are very keen to know how long authentication
takes, particularly due to long replication transactions in other
processes.
This complements a similar patch set to log the transaction duration.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
To get the SAMR password_lockout test passing, we now just need to query
the msDS-ResultantPSO attribute for the user in the SAMR code. The
common code will then determine that a PSO applies to the user, and use
the PSO's lockout settings.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
The lockOutObservationWindow is used to calculate the badPwdCount. When
a PSO applies to a user, we want to use the PSO's lockout-observation
window rather the the default domain setting.
This is finally enough to get some of the PSO password_lockout tests
to pass.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
In contrast to source3, this is run as root and without substitution.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The logic in samdb_result_force_password_change() is incomplete
and the correct logic is already available via the constructed
"msDS-UserPasswordExpiryTimeComputed" attribute.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The password_hash module will take care of translating "-1"
to the current time.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9654
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
By reading the SID values from the memberOf links, we avoid an un-indexed search on
the member attribute.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Because of this typo, the primary group ID was returned as 0
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
As in commit 841845dea35089a187fd1626c9752d708989ac7b, this avoids
quoting problems in user DN's.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11751
Signed-off-by: Mantas Mikulėnas <grawity@gmail.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
