IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
The advantage of these over the previous use of just RuntimeError is that we can
catch just the errors we want, without having to catch all possible RuntimeError
cases and assume they decode to a tuple
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12398
There are cases where allocating a RID Set can reasonably fail. Catch those nicely.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12398
The WERROR codes are more descriptive for DSDB issues, and almost all the code was
converting from WERROR to NTSTATUS. This will allow us to better catch specific
errors like WERR_DS_DRA_MISSING_PARENT
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12398
We do not want random users with add-user rights to own the new RID Set for this
server, and the ridSet class is thankfully system-only.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9954
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This will help us to correct errors during dbcheck
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9954
This moves some tests from getnc_exop.py regarding RID sets as well as
adding new tests for actions on join.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9954
Pair-programmed-with: Clive Ferreira <cliveferreira@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samaba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Clive Ferreira <cliveferreira@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The reason we choose to provide the string DN is because extended_dn_in
will try to correct the <GUID=...> by searching on it (despite the fact
it does not exist and then failing on a ldb_dn_validate in
objectclass_attrs).
We can now also remove the dangling link test from the knownfail.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12385
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Nov 3 01:46:43 CET 2016 on sn-devel-144
Currently this fails because we rely on a GUID DN, which fails to
resolve in the case that the GUID no longer exists in the database (i.e.
when that object has been purged after 6 months).
The tests use a made up extended DN built from fred where the GUID has
been tweaked.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12385
If an attribute is not replicated or constructed, it is quite normal for
it to be missing. This is the case with both rIDNextRid and
rIDPreviousAllocationPool. This currently prevents us switching the RID
master. On Windows, missing this attribute does not cause any problems
for the RID manager.
We may now remove the knownfail entry added earlier.
Signed-off-by: Clive Ferreira <cliveferreira@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Pair-programmed-with: Bob Campbell <bobcampbell@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12394
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Wed Nov 2 01:28:44 CET 2016 on sn-devel-144
Currently we fail against ourselves due to rIDNextRid and
rIDPreviousAllocationPool normally being unset, despite being mandatory
attributes (being the only attributes in this situation).
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Pair-programmed-with: Clive Ferreira <cliveferreira@catalyst.net.nz>
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12394
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12366
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct 28 03:42:25 CEST 2016 on sn-devel-144
Concurrent requests are only allowed if the client asked for
DCERPC_PFC_FLAG_CONC_MPX in the DCERPC_BIND.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This can be used to pass DCERPC_CONCURRENT_MULTIPLEX, which
sends DCERPC_PFC_FLAG_CONC_MPX in the DCERPC_BIND.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
For now we don't really support any negotiated features.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
We should respond with an explicit result for each presentation context,
while we also accept one new context per BIND/ALTER_CONTEXT.
For now we still only support NDR32, but adding NDR64 should
be fairly easy now.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Windows 2012R2 only returns a protocol error if the client wants to change
between supported transfer syntaxes, e.g. from NDR32 to NDR64.
If the proposed transfer syntax is not known to the server,
the request will be silently ignored.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
It's the same, but call->context might be NULL in future.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This is basically an alias for DCERPC_AUTH_LEVEL_INTEGRITY
in the context of connection oriented DCERPC.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
gensec_check_packet() and gensec_unseal_packet() failures
should generate DCERPC_FAULT_SEC_PKG_ERROR.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This is required in order to support DCERPC_BIND_NAK_REASON_INVALID_AUTH_TYPE
vs. DCERPC_BIND_NAK_REASON_INVALID_CHECKSUM.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This is marked as [flag(NDR_ALIGN8)] DATA_BLOB _pad;
and ndr_push_dcerpc_request() will just ignore the content
and align to 8 bytes with zero padding.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
The 4 bytes of padding are always present and part of the header.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
They're always supported and using gensec_want_feature() on them would require
them in future.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
We need to calculate the signature length based on the negotiated
flags. This is most important on the server side where,
gss_accept_sec_context() doesn't get gss_want_flags, but fills
gss_got_flags.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 20 02:48:30 CEST 2016 on sn-devel-144
h1.data is an array and as such always is != NULL, so it's always true
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Oct 19 05:11:25 CEST 2016 on sn-devel-144
Confirm that Samba matches Windows Server 2016 ReFS behaviour here.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12144
Reported-by: Nick Barrett
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 6 06:14:34 CEST 2016 on sn-devel-144
Send 1000 messages without picking them up. Then destroy the sending messaging
context.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Using domain@realm credentials has been problematic when
global conf setting "winbind use default domain" is enabled, this patch
creates a new s4member_dflt_domain environment (where
"winbind use default domain" is enabled) and runs getent & id against the
normal s4member & and new s4member_dflt_domain environments
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12298
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
A different version has gone upstream, fixing the problem
elsewhere.
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Mon Oct 3 11:12:29 CEST 2016 on sn-devel-144
When reading configuration file, keep an extra copy of
the encryption types, and use this when resetting the
encryption types to default.
GSSAPI always resets the enctypes to default before obtaining
a TGS, because the enctypes might have previously altered,
so this prevents changing the etypes from the configured ones
to the full set of supported etypes.
The same patch has gone into upstream heimdal as commit
a3bece1. It is a different solution to the problem fixed
here by commit 1f90983, so this commit will be reverted next
to keep compatibility with uptream.
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
