IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Apr 15 11:20:22 CEST 2015 on sn-devel-104
We need to use real async calls in this test and add some clusapi commands so we
can remotely modify the cluster to actually trigger notifications.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
We should not assume that names in the domain
specified by 'torture:winbindd_netbios_domain' have no DOMAIN\ prefix.
On an AD DC we prefix all principals.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11183
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Apr 9 19:35:38 CEST 2015 on sn-devel-104
We need to make sure we return when torture_assert_passwd_equal()
or torture_assert_group_equal() fails.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11183
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
local.nss test might print lines starting with 'test allowed:...'
and that confused the subunit parser.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
leaked_storage: Variable pk going out of scope leaks the storage it points to.
On failure get_pk_from_raw_keypair_params function should free up
the private key (pk) it allocates internally.
Signed-off-by: Rajesh Joseph <rjoseph@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Apr 2 19:38:22 CEST 2015 on sn-devel-104
Test the storage and retrieval of FSRVP server state, with varying
shadow-copy set, shadow copy and share map hierarchies.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Windows uses a username of 'domain.example.com.' and we need to return it that
way in the NETLOGON_SAM_LOGON_RESPONSE_EX.
See e6e2ec0001fe3c010445e26cc0efddbc1f73416b for further details.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Mar 30 16:18:04 CEST 2015 on sn-devel-104
Only change currently: the CHECK_WSTR calls report the line
number of this function now instead of the handed in
line of the callers. This could be fixed by turning this
function into a macro...
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
The original CHECK_WSTR() macro was not setting torture failure,
leading to errors instead of propoer failures.
The original CHECK_WSTR2() macro was exactly like the CHECK_WSTR
macro but using propoer torture_result() calls.
This patch removes the original CHECK_WSTR(), renames CHECK_WSTR2
to CHECK_WSTR and adapts the callers, hence removing the source
of many potential missing torture_assert messages.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
This macro is not setting torture failure, leading to errors instead
of failures. Use torture_assert_ntstatus_(ok|equal)* macros.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
This macro is not setting torture failure, leading to errors instead
of failures. Use torture_assert_ntstatus_(ok|equal)* macros.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
The number of current and previous elements need to match and we have to
fill TRUST_AUTH_TYPE_NONE if needed.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
This is the environment that is configured like real world configurations.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
We now check the requested access mask in OpenPolicy*()
and return NT_STATUS_ACCESS_DENIED if the request is not granted.
E.g. validating a domain trust via the Windows gui requires this
in order prompt the user for the credentials. Otherwise
we fail any other call with ACCESS_DENIED later and the
gui just displays a strange error message.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
We still grant all access in the access_mask, but we don't check the
mask at all yet...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11180
The issue has been found with nss_wrapper debug output running:
samba4.ntvfs.cifs.krb5.base.lock
In the case here, we fork a child and close the fd without resetting
the pipe fd variable. Then the fd was used to open the nss_wrapper
hosts file which got the same fd. We forked again in the process model
called close() on the re-used fd (of the pipe variable) again without
nss_wrapper noticing. Now Samba opened the secrets tdb and got
the same fd as nss_wrapper was using for the hosts file and next
nss_wrapper tried to parse a TDB ...
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
smbclient //w2012r2-183.w2012r2-l4.base/netlogon -c 'ls' -k yes -Uadministrator@S4XDOM.BASE%A1b2C3d4
worked while
smbclient //w2012r2-183.w2012r2-l4.base/netlogon -c 'ls' -k yes -Uadministrator@s4xdom.base
failed, if aes keys are used across the trust.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Mar 27 04:02:05 CET 2015 on sn-devel-104
When requesting initiator credentials fails, we need to map the error code
KRB5KRB_AP_ERR_BAD_INTEGRITY to NT_STATUS_LOGON_FAILURE as well. This is what
current MIT kerberos returns.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
With MIT Kerberos it is possible that the GSS_C_DELEG_FLAG is set, but
the delegated_cred_handle is NULL which results in a NULL-pointer
dereference. This way we fix it.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
