IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
If the struct has zero or two schedules, that is what it has, and we
should let that be.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Mar 22 06:19:51 UTC 2020 on sn-devel-184
Limit the max_recursion on self recursive definitions in the idl to
20,000. This value is hopefully large eneough to not impact normal
operation, but small eneough to prevent stack over flow issues.
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19820
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14254
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Feb 27 02:29:21 UTC 2020 on sn-devel-184
Remove the decode_* functions as they are no longer needed, and this
will reduce the amount of untested automatically generated code.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Encrypt the samba secret attributes on disk. This is intended to
mitigate the inadvertent disclosure of the sam.ldb file, and to mitigate
memory read attacks.
Currently the key file is stored in the same directory as sam.ldb but
this could be changed at a later date to use an HSM or similar mechanism
to protect the key.
Data is encrypted with AES 128 GCM. The encryption uses gnutls where
available and if it supports AES 128 GCM AEAD modes, otherwise nettle is
used.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add the blobs required to allow the storing of an sha256 or sha512 hash of
the password in supplemental credentials
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
This will be used to store the cleartext utf16 password
GPG encrypted in the supplementalCredentials attribute.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
This commit moves the autogenerated ndr_{pull,push}_supplementalCredentialsSubBlob()
function to the handwritten librpc/ndr/ndr_drsblobs.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
This is used as binary data for the msDS-RevealedUsers attribute.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
This allows parsing and construction of the supplementatlCredentials
attribute in python.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Dec 10 19:08:33 CET 2010 on sn-devel-104
C code generation for python module generates invalid code
(i.e. can not be compiled).
Another reason to 'hide' those types from Python is
that those types are not used at the moment
(and most probably won't be used in the future)
Simo, it's not really worth to add a new idl type just for being able to omit
the size field. The size field is part of the spec in MS-ADTS 7.1.6.9.3.1 so we
should have it as well.
Guenther
The documentation shows that all these functions in fact use the same
flags variable type. To be consistent between functions, and to allow
easy reference to the WSPP docs, it is better for us to also use this
generic DrsOptions bitfield rather than one per operations.
Metze pointed out what the windows tool ldp.exe will examine repsTo
attributes on remote DCs, so we do in fact need to use the same format
that windows uses. This patch changes the server side implementation
of UpdateRefs to use the windows format
