IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Sometimes NTSTATUS fields return things like
HRES_SEC_E_WRONG_PRINCIPAL.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Dec 18 18:30:08 UTC 2024 on atb-devel-224
The first time I came across this I missed the "FALL_THROUGH" and had
to look closely at what happens. I had expected
IMPLICIT_OWNER_READ_CONTROL_AND_WRITE_DAC_RIGHTS to grant two rights,
which to me is now more obvious. It was correct before, but to me this
is now more obvious. YMMV.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Use ndr_pull_struct_blob_noalloc, we don't need talloc here.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
This allows the callback to decide if the updated creds should be stored
or not.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This shows that STRONG_KEY without ARCFOUR means no encryption
for ServerPasswordSet2.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This will be important when we add support for netr_ServerAuthenticateKerberos().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This breaks compat with 4.21 and moves stuff out of
netlogon_creds_CredentialState_extra_info.
It also prepares support for netr_ServerAuthenticateKerberos()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This reverts commit c3fa132fbe179bd4e1451240ce572ec791356a16.
We break the compat of the netlogon_creds_cli.tdb records compared to
4.21 with the next commits.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
I have basic tests, which have shown that the payload is not
encrypted at application level.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Factor out talloc-less sddl_transition_decode_sid()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Dec 3 09:03:01 UTC 2024 on atb-devel-224
dom_sid_parse_endp does accept the lowercase "s" in "s-1-1-0".
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
We have security_descriptor_initialise() for this
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
With this we compare pointers, not numbers
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon Dec 2 05:52:56 UTC 2024 on atb-devel-224
Probably does not matter code-wise, but looks nicer to me.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Streamline the info-level defines. Also get rid of
SMB2_FILE_POSIX_INFORMATION_INTERNAL which is not needed for an info-level that
is exclusive to SMB2.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
This structure is only used in torture/ldap/netlogon.c now for
historic reasons. Replacing it with something else would be the right
thing to do...
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
struct netlogon_samlogon_response has subpointers, this patch enables
a proper talloc hierarchy.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
We should not pass booleans down where the caller can do the same
thing with equal effort
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This was somehow missing in commit
7a5ad9f64a
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Nov 7 09:14:33 UTC 2024 on atb-devel-224
MS-SMB2 3.3.5.9.11 Handling the SMB2_CREATE_REQUEST_LEASE_V2 Create Context:
If the SMB2_LEASE_FLAG_PARENT_LEASE_KEY_SET bit is set in the Flags field of
the request, Lease.ParentLeaseKey MUST be set to the ParentLeaseKey of the
request.
Found by MS-SMB2-Prototocol-Testsuite test "Compare_Zero_LeaseFlag_ParentLeaseKey".
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
MS-SMB2 3.3.5.9.11 Handling the SMB2_CREATE_REQUEST_LEASE_V2 Create Context:
The server MUST attempt to locate a Lease by performing a lookup in the
LeaseTable.LeaseList using the LeaseKey ...
If no lease is found, one MUST be allocated with the following values set:
...
* Lease.Breaking is set to FALSE.
...
Ensures we ignore SMB2_LEASE_FLAG_BREAK_IN_PROGRESS. Found by
MS-SMB2-Prototocol-Testsuite "BreakReadLeaseV2TestCaseS0".
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
MS-SMB2 2.2.13.2.8 SMB2_CREATE_REQUEST_LEASE:
LeaseFlags (4 bytes): This field MUST NOT be used and MUST be reserved.
The client MUST set this to 0, and the server MUST ignore it on receipt.
LeaseDuration (8 bytes): This field MUST NOT be used and MUST be reserved.
The client MUST set this to 0, and the server MUST ignore it on receipt.
So let's really, really ignore it.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
