IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Only change currently: the CHECK_WSTR calls report the line
number of this function now instead of the handed in
line of the callers. This could be fixed by turning this
function into a macro...
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
The original CHECK_WSTR() macro was not setting torture failure,
leading to errors instead of propoer failures.
The original CHECK_WSTR2() macro was exactly like the CHECK_WSTR
macro but using propoer torture_result() calls.
This patch removes the original CHECK_WSTR(), renames CHECK_WSTR2
to CHECK_WSTR and adapts the callers, hence removing the source
of many potential missing torture_assert messages.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
This macro is not setting torture failure, leading to errors instead
of failures. Use torture_assert_ntstatus_(ok|equal)* macros.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
This macro is not setting torture failure, leading to errors instead
of failures. Use torture_assert_ntstatus_(ok|equal)* macros.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Instead of having every 2nd byte as '\0' in the utf16 password,
because the utf8 form is based on an ascii subset, we convert
the random buffer from CH_UTF16MUNGED to CH_UTF8.
This way we have a random but valid utf8 string,
which is almost like what Windows is doing.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
We should maintain current and previous passwords on both sides of the trust,
which mean we need to pass our view of the new version to the remote DC.
This avoid problems with replication delays and make sure the kvno
for cross-realm tickets is in sync.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Using pdb_get_trust_credentials() works for all kind of trusts
and gives us much more details regarding the credentials.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
SEC_CHAN_DNS_DOMAIN trusts use longer passwords, Windows uses 240 UTF16 bytes.
Some trustAttribute flags may also make impact on the length on Windows,
but we could be better if we know that the remote domain is an AD domain.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
The number of current and previous elements need to match and we have to
fill TRUST_AUTH_TYPE_NONE if needed.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
The number of current and previous elements need to match and we have to
fill TRUST_AUTH_TYPE_NONE if needed.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
When a new trusted domain is added in the LSA server, we need to immediately
have the domain within winbindd. This notification is done via a
MSG_WINBIND_NEW_TRUSTED_DOMAIN message.
In future we might want just a "rescan direct trusts" message,
but that requires a lot of redesign within winbindd.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
This is the environment that is configured like real world configurations.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
We now check the requested access mask in OpenPolicy*()
and return NT_STATUS_ACCESS_DENIED if the request is not granted.
E.g. validating a domain trust via the Windows gui requires this
in order prompt the user for the credentials. Otherwise
we fail any other call with ACCESS_DENIED later and the
gui just displays a strange error message.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
We still grant all access in the access_mask, but we don't check the
mask at all yet...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
This prepares a possibly stripped security descriptor for a client.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
TODO: we should import the whole lists from [MS-DTYP].
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
A lot of calls on the netlogon pipe doesn't require netlogon credentials,
e.g. netr_LogonControl*() should work just with administrator credentials.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Inform the user whether the module was found on the system, or if the
bundled copy is being used. If the module is not found, suggest what
they can do to make it available to Samba.
Change-Id: I89ec57a2acf87768ca3714add59575578d2ee399
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Mon Mar 30 13:40:33 CEST 2015 on sn-devel-104
This makes it possible to use submodules in Samba.
Change-Id: Iccb1876b1daf82864b18486f2dca9036d7d3c75c
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
get_gpfs_fset_id already emits more detailed warnings, there is no need
to print an additional warning in the calling function.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Use -T tcp instead of deprecated options -u and -t. Also, check for
localhost.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Mar 27 09:16:50 CET 2015 on sn-devel-104
It's possible for a RPC service to register only for UDP and not TCP.
Since we assume all the NFS operations are over TCP, always check RPC
services over TCP.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
$RPCMOUNTDOPTS is ignored when restarting rpc.statd due to the service
being unresponsive. This variable can be used to increase the number
of rpc.mountd threads when there are a lot of clients reattaching so
ignoring it can mean that only a single rpc.mount thread is started.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
'syslog' has been deprecated, so use the new 'logging' parameter
instead.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Mar 27 06:38:32 CET 2015 on sn-devel-104
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11180
The issue has been found with nss_wrapper debug output running:
samba4.ntvfs.cifs.krb5.base.lock
In the case here, we fork a child and close the fd without resetting
the pipe fd variable. Then the fd was used to open the nss_wrapper
hosts file which got the same fd. We forked again in the process model
called close() on the re-used fd (of the pipe variable) again without
nss_wrapper noticing. Now Samba opened the secrets tdb and got
the same fd as nss_wrapper was using for the hosts file and next
nss_wrapper tried to parse a TDB ...
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
smbclient //w2012r2-183.w2012r2-l4.base/netlogon -c 'ls' -k yes -Uadministrator@S4XDOM.BASE%A1b2C3d4
worked while
smbclient //w2012r2-183.w2012r2-l4.base/netlogon -c 'ls' -k yes -Uadministrator@s4xdom.base
failed, if aes keys are used across the trust.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Mar 27 04:02:05 CET 2015 on sn-devel-104
The values are the same, but WERR_INVALID_PASSWORD matches the documentation.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
The values are the same, but WERR_INVALID_PASSWORD matches the documentation.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
The values are the same, but WERR_INVALID_PASSWORD matches the documentation
and the new win_errstr() output.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
We only need to specify explicit entries for the local realm
in order to provision the server.
Everything else is handled by real dns or faked dns via resolv wrapper.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
