IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This type of account is often used by e-mail hosting platforms
that do not wish to create an AD domain for each DNS domain that
they host mail for.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13598
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
This means nt_status_squash() will map NT_STATUS_NO_SUCH_USER to
LOGON_FAILURE later.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
I think it's better to handle them in spnego.c, instead of squashing
them already in the gssapi/gse modules. This is related to
KRB5KDC_ERR_{C,S}_PRINCIPAL_UNKNOWN and KRB5_REALM_UNKNOWN.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This adds a generic way to get to the raw (verified) PAC
and will be used in multiple places in future.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
TestCase.assertEquals() is an alias for TestCase.assertEqual() and
has been deprecated since Python 2.7.
When we run our tests with in python developer mode (`PYTHONDEVMODE=1
make test`) we get 580 DeprecationWarnings about this.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
The fake async code has been pushed down into the 3 users, remove the sync
callback. Overall it's more lines of code, but the central interface is
simplified.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Jan 6 23:34:00 UTC 2020 on sn-devel-184
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106
Signed-off-by: Isaac Boukris <iboukris@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Sat Oct 12 15:51:42 UTC 2019 on sn-devel-184
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106
Signed-off-by: Isaac Boukris <iboukris@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
We should not use the mech list sent by the server in the last
'negotiate' packet in CIFS protocol, as it is not protected and
may be subject to downgrade attacks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106
Signed-off-by: Isaac Boukris <iboukris@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Workaround bug present in gnutls 3.6.8:
gnutls_cipher_decrypt() uses an optimization
internally that breaks decryption when processing
buffers with their length not being a multiple
of the blocksize.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Wed Aug 14 16:26:47 UTC 2019 on sn-devel-184
The "|O" signature is saying the password argument is optional, which
makes no sense in terms of the funxtion and immediately leads to a
TypeError (or until last commit, segfault). Removing the "|" leaves it
with a TypeError, but it is better worded and faster.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Non-talloc objects were treated as talloc objects, to no good effect
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Because we include pyrpc_util.h, pycredentials doesn't need its own
PyStringFromStringOrNull().
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This prevents a segfault with
credentials.Credentials.guess(x)
where x is not a Credentials object.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Fixes:
auth/gensec/spnego.c:877:2: warning: Value stored to 'status' is never read <--[clang]
status = sub_status;
^ ~~~~~~~~~~
1 warning generated.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Fixes:
auth/kerberos/gssapi_pac.c:136:3: warning: Value stored to 'gss_maj' is never read <--[clang]
gss_maj = gss_release_buffer(&gss_min, &pac_buffer);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
auth/kerberos/gssapi_pac.c:137:3: warning: Value stored to 'gss_maj' is never read <--[clang]
gss_maj = gss_release_buffer(&gss_min, &pac_display_buffer);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
auth/kerberos/gssapi_pac.c:265:4: warning: Value stored to 'gss_maj' is never read <--[clang]
gss_maj = gss_release_buffer_set(&gss_min, &set);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
auth/kerberos/gssapi_pac.c:273:4: warning: Value stored to 'gss_maj' is never read <--[clang]
gss_maj = gss_release_buffer_set(&gss_min, &set);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
auth/kerberos/gssapi_pac.c:279:4: warning: Value stored to 'gss_maj' is never read <--[clang]
gss_maj = gss_release_buffer_set(&gss_min, &set);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
auth/kerberos/gssapi_pac.c:285:5: warning: Value stored to 'gss_maj' is never read <--[clang]
gss_maj = gss_release_buffer_set(&gss_min, &set);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
auth/kerberos/gssapi_pac.c:291:2: warning: Value stored to 'gss_maj' is never read <--[clang]
gss_maj = gss_release_buffer_set(&gss_min, &set);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
7 warnings generated.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Mon Jul 8 11:04:15 UTC 2019 on sn-devel-184
This is a simplified version of the original patch by:
Felix Botner <botner@univention.de>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11362
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jul 3 13:52:55 UTC 2019 on sn-devel-184
We no longer need Samba to be py2/py3 compatible so we choose to return to the standard
function names.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
