IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Logging the returned mode bits should be only "informational" (level 5).
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jul 9 15:36:30 CEST 2015 on sn-devel-104
"Informational" is a better description for this message; change the log
level accordingly (level 5).
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The interesting information is already logged later; having an
additional message when entering the function should be only done as
debug message (level 10).
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The dsgetdcname() function is able to try just DNS lookup, just NetBIOS,
or start with DNS and fall back to NetBIOS. For "net ads join", we know
most of the time whether the name of the domain we're joining is a DNS
name or a NetBIOS name. In that case, it makes no sense to try both lookup
methods, especially that DNS may fail and we want to fall back from site-aware
DNS lookup to site-less DNS lookup, with no NetBIOS lookup in between.
This change lets "net ads join" tell libnet what is the type of the domain
name, if it is known.
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
Reviewed-by: Jeremy Allison <jra@samba.org>
replace.h has to be the first file included in order to correctly act
upon the definitions in config.h.
Specifically, this change fixes 32-bit i686 builds, which depend upon
_FILE_OFFSET_BITS=64 to be set before any standard library file is
included.
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: "Stefan (metze) Metzmacher" <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Jul 9 12:32:03 CEST 2015 on sn-devel-104
60.nfs backgrounds it so it persists in the background causing
problems. In particular, it causes the "ctdb ip" command stub to be
run in parallel, which produces inconstent results.
Better not to run it at all in the NFS tests.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Jul 9 09:27:02 CEST 2015 on sn-devel-104
If statd-callout is unwanted, so is removed, then this code fails.
Change to an "if" so that it succeeds as intended.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
To do any cleanup before exiting the test, register hooks with
test_cleanup(). Multiple hooks can be registered. All the hooks will
be called before exiting from the test.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
This code was copied from onnode unit tests, but not used.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
This is now achieved by defining functions extra_header() and
extra_footer().
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Bring the list of supported socket options in smb.conf in sync
with the code
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jul 9 03:48:13 CEST 2015 on sn-devel-104
This fixes a deadlock in tdb that is a bad interaction between tdb_lockall
and tdb_traverse. This deadlock condition has been around even before
tdb mutexes, it's just that the kernel fcntl EDEADLK detection protected
us from this ABBA lock condition to become a real deadlock stalling
processes. With tdb mutexes, this deadlock protection is gone, so we do
lock dead.
This patch glosses over this particular ABBA condition, making tdb with
mutexes behave the same as tdb without mutexes. Admittedly this is no
real fix, but it works around a real user's problem.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11381
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
More size_t != uintmax_t issues:
../source4/libcli/ldap/ldap_bind.c: In function ‘ldap_bind_sasl’:
../source4/libcli/ldap/ldap_bind.c:237:3: error: format ‘%ju’ expects argument of type ‘uintmax_t’, but argument 2 has type ‘size_t’ [-Werror=format=]
DEBUG(1, ("SASL bind triggered with non empty send_queue[%ju]: %s\n",
^
cc1: all warnings being treated as errors
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Fixes this:
../source4/auth/gensec/gensec_gssapi.c:1017:3: error: format ‘%ju’ expects argument of type ‘uintmax_t’, but argument 3 has type ‘size_t’ [-Werror=format=]
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This adds a lot more validation arround trust credentials and
krb5 interaction.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jul 8 21:41:17 CEST 2015 on sn-devel-104
lsa_EnumTrusts() may also return non direct trusted domains in the forest.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
That verifies kinit and smbclient work across trusts.
It also tests a trust password change and a following
access.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Available subcommands:
create - Create a domain or forest trust.
delete - Delete a domain trust.
list - List domain trusts.
namespaces - Manage forest trust namespaces.
show - Show trusted domain details.
validate - Validate a domain trust.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This way we have have two sets or credentials on the command line,
while at least one uses some prefix (special_name) for the arguments.
The default options without special_name are:
Credentials Options:
--simple-bind-dn=DN
DN to use for a simple bind
--password=PASSWORD
Password
-U USERNAME, --username=USERNAME
Username
-W WORKGROUP, --workgroup=WORKGROUP
Workgroup
-N, --no-pass Don't ask for a password
-k KERBEROS, --kerberos=KERBEROS
Use Kerberos
--ipaddress=IPADDRESS
IP address of server
-P, --machine-pass Use stored machine account password
With special_name='local-dc' it's:
Credentials Options (local-dc):
--local-dc-simple-bind-dn=DN
DN to use for a simple bind
--local-dc-password=PASSWORD
Password
--local-dc-username=USERNAME
Username
--local-dc-workgroup=WORKGROUP
Workgroup
--local-dc-no-pass Don't ask for a password
--local-dc-kerberos=KERBEROS
Use Kerberos
--local-dc-ipaddress=IPADDRESS
IP address of server
--local-dc-machine-pass
Use stored machine account password
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is needed to get the time from modules in python/samba/netcmd/
where a time.py exist.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This should only work on a forest root domain controller and a forest function
level >= 2003.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This collects the whole information about the local forest,
including all domains and defined top level names (uPNSuffixes and
msDS-SPNSuffixes).
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We redirect this to remote DC as netr_GetForestTrustInformation() via an IRPC
call to winbindd.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This allows the netlogon server to forward netr_DrsGetForestTrustInformation()
to winbindd in order to do the work.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We use in internal connection to our local LSA server
in order to update the local msDS-TrustForestTrustInfo attribute.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This will be used by the netr_DrsGetForestTrustInformation()
in order to contact remote domains via winbindd.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We pass NETLOGON_CONTROL_{REDISCOVER,TC_QUERY,TC_VERIFY,CHANGE_PASSWORD} to
winbindd and do the hard work there, while we answer NETLOGON_CONTROL_QUERY
directly.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This can be called by the netlogon server to pass netr_LogonControl*()
to a winbindd child process in order to do the real work.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This implements NETLOGON_CONTROL_{REDISCOVER,TC_QUERY,TC_VERIFY,CHANGE_PASSWORD}.
These are triggered by the netlogon server (currently only as AD DC) via IRPC.
While NETLOGON_CONTROL_REDISCOVER ignores an optional '\dcname' at the end of
the specified domain name for now.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This will be used by the netr_LogonControl()
in order to contact remote domains via winbindd.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This means we return mostly the same error codes as a Windows
and also normalize the given information before storing.
Storing is now done within a transaction in order to avoid races
and inconsistent values.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is used to merge the netr_GetForestTrustInformation() result with
the existing information in msDS-TrustForestTrustInfo.
New top level names are added with LSA_TLN_DISABLED_NEW
while all others keep their flags.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
These will be used in dcesrv_lsa_lsaRSetForestTrustInformation() in the
following order:
- dsdb_trust_normalize_forest_info_step1() verifies the input
forest_trust_information and does some basic normalization.
- the output of step1 is used in dsdb_trust_verify_forest_info()
to verify overall view of trusts and forests, this may generate
collision records and marks records as conflicting.
- dsdb_trust_normalize_forest_info_step2() prepares the records
to be stored in the msDS-TrustForestTrustInfo attribute.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This emulates a lsa_TrustDomainInfoInfoEx struct for our own domain.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
