IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Debugging samba_kcc with all exceptions turned off just is not practical.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This was preventing the correct generation of error messages and referrals on an RODC.
An RODC does not have a RID set.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This matches other forwarded calls
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This allows us to tell if this script even executes, without looking in the logs.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This is a subtle bug that causes CLDAP pings to fail if SRV records
discovered cannot be resolved or connection to them cannot be
established. The code that fires up CLDAP ping will silently cancel
the whole tevent request without going to the next server in the queue.
This may happen, for example, when connection to IPv6 addresses couldn't
be established, or when IPv4 address is not online or blocked by
firewall.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11284
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
FreeIPA can generate tickets with a client principal of
'host/hostname.example.com'.
verify_logonname() should just verify the principal name
in the PAC_LOGON_NAME is the same as the principal of
the client principal (without realm) of the ticket.
Samba commit b7cc8c1187ff967e44587cd0d09185330378f366
break this. We try to compare ['host']['hostname.example.com']
with ['host/hostname.example.com]' (as we interpret it as enterprise principal)
this fail if we don't compare them as strings.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11142
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
tmp.data is uninitialized in the fwrite call
Hopefully I don't create a problem here: If tmp.data is supposed to be randomly
set, I think the right fix would have been to explicitly call a random function
initializing it.
<jra@samba.org>
------------------------------------------------------------
I have looked through the code carefully. Your fix is safe.
The first entry in the replay file created in krb5_rc_initialize()
is only used to store the 'krb5_deltat auth_lifespan' value, the
associated data[16] value is never looked at. (Look at the
code in krb5_rc_store() and krb5_rc_get_lifespan() to confirm).
Only subsequent data[16] values are checked with memcmp.
------------------------------------------------------------
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This is a BEHAVIOUR CHANGE from Samba 4.0 and 4.1, if mixed-case
usernames were in use.
However, it matches the behaviour in winbindd in all other use cases.
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This ensures we still test the internal winbind on the AD DC
and winbindd as a member server.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
By doing this, we avoid the test being dependent on if the lsa trusted domains tests have run.
Otherwise, we may have a non-null extra_data against the internal winbind, but
only 1 trusted domain (torturedom), but not the local domains that were expected
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This also matches the behaviour of the source4/winbind code.
In Samba 4.0 and 4.1 we had the following
> getent passwd administrator
S4XDOM\Administrator:*:0:100::/home/S4XDOM/Administrator:/bin/false
> getent passwd S4XDOM\\administrator
S4XDOM\Administrator:*:0:100::/home/S4XDOM/Administrator:/bin/false
With Samba 4.2.0 we have:
> getent passwd administrator
administrator:*:0:100::/home/S4XDOM/administrator:/bin/false
> getent passwd S4XDOM\\administrator
administrator:*:0:100::/home/S4XDOM/administrator:/bin/false
With the patches we have:
> getent passwd administrator
S4XDOM\administrator:*:0:100::/home/S4XDOM/administrator:/bin/false
> getent passwd S4XDOM\\administrator
S4XDOM\administrator:*:0:100::/home/S4XDOM/administrator:/bin/false
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11183
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This fixes a bug in commit 0c6c081dc4e743c142a59d90c9e7f5b6e4cf5bd1.
We need to wb_opts should be a temporary copy of wb_opts_default
and the following wb_opts += should only change wb_opts and not wb_opts_default.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Gordon Ross <gordon.w.ross@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr 30 02:20:15 CEST 2015 on sn-devel-104
gnutls_certificate_type_set_priority() was removed in GnuTLS 3.4.0. Use
gnutls_priority_set_direct instead.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8780
Signed-off-by: Björn Jacke <bj@sernet.de>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Wed Apr 29 22:29:02 CEST 2015 on sn-devel-104
Fixes bug:
https://bugzilla.samba.org/show_bug.cgi?id=11236
Based on code from Julien Kerihuel <j.kerihuel@openchange.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Apr 25 02:43:22 CEST 2015 on sn-devel-104
This adds the correct salt principal to the secretsdb so that we
generate a valid keytab entries for AES and DES keys. The test doesn't
fails with Heimdal cause it always uses RC4 which doesn't have a salt.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Apr 24 13:02:37 CEST 2015 on sn-devel-104
We need to cancel a pending FileChangeNotify with DELETE_PENDING if the
directory watched is about to be deleted.
I know I just deleted a bool parameter, but to me torture is different :-)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr 23 01:36:48 CEST 2015 on sn-devel-104
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Wed Apr 22 20:21:18 CEST 2015 on sn-devel-104
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Apr 15 11:20:22 CEST 2015 on sn-devel-104
We need to use real async calls in this test and add some clusapi commands so we
can remotely modify the cluster to actually trigger notifications.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
We should not assume that names in the domain
specified by 'torture:winbindd_netbios_domain' have no DOMAIN\ prefix.
On an AD DC we prefix all principals.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11183
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Apr 9 19:35:38 CEST 2015 on sn-devel-104
We need to make sure we return when torture_assert_passwd_equal()
or torture_assert_group_equal() fails.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11183
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
