IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat May 12 12:05:31 CEST 2018 on sn-devel-144
During the new samba-tool domain backup restore the NTDS GUID changes
as the server is taken over by the new DC record.
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
priorSecret, like secret, can contain a machine account password
(for secrets.ldb) and so should not be printed in a debug
trace.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13353
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
These should be done using features provided by the operating system.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Sat May 12 09:13:28 CEST 2018 on sn-devel-144
The existing configuration file is disappearing so these configuration
options need a new home that is not handled by ctdbd_wrapper.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Some of these just aim to load the generic script.options file while
others target more specific files.
For NFS configuration, always use 60.nfs.options - even for 06.nfs.
This could be carefully documented but will change a lot before
release so there is no need.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
This allows other scripts to use the given options for a particular
event script. One interesting example is that the ctdb_natgw tool
should look for configuration in events.d/11.natgw.options.
In the future this will be something like
events/failover/11.natgw.options, so require the component to be
specified even though it isn't yet used.
Test support is also updated.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Including 60.nfs was too simple a hack, since we will want to do some
magic to use the configuration from 60.nfs for 06.nfs.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Just document that NAT gateway and LVS are not compatible with this
option. Update the documentation to make it clear that this is a
10.interface option.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
onnode does not use any configuration options.
Drop sourcing of functions file since the only function used was
loadconfig().
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
The only configuration options used by statd-callout are NFS_HOSTNAME,
which comes from the NFS system configuration file, and
CTDB_NFS_CALLOUT, which is exported by the 60.nfs event script.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
At the moment the whole test run aborts without printing a summary of
results but inexplicably succeeds. Instead, generate a clear failure
for a non-executable testcase.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
There are two options which are undocumented.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat May 12 04:57:29 CEST 2018 on sn-devel-144
.ini files are normally set as hidden, and will not be found over SMB.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This function will repeat on each packet.
Avoid exception for getattr, which is expensive for performance.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Avoid str.split, which will repeat for each packet.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Make code compact, and improve performance a little bit.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Some packets need user to have write permission, e.g.: writeaccountspn
Grant user write permission then we can send packets successfully.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
For traffic_replay script, when user provides `--workgroup` or `-W` option,
it will be set on the creds option group, not the default opts one.
The previous code will not work properly when smb.conf file is missing.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
The domain is missing in traffic user and machine credential, this will cause
some packet tests fail against windows.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
The `drsuapi.DsWriteAccountSpnRequest1` struct in this packet was empty before.
Samba lets it go but Windows will report an invalid parameter error.
Provision the request with proper data, and give user permission to
write account SPN.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
For `NetrServerPasswordSet2`, the 2nd arg `account_name` must end with a
$, otherwise windows will return an `Access Denied` error.
Use `creds.get_username()` instead of `creds.get_workstation()` to
include the trailing $.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
To run packet_ldap_0 simple bind test against Windows, we need to
install CA on Windows with following PowerShell commands:
Install-windowsfeature ADCS-Cert-Authority
Install-AdcsCertificationAuthority -CAType EnterpriseRootCA
Restart-Computer
Otherwise we will get `NT_STATUS_CONNECTION_RESET` error.
Didn't change any code, just add above instructions in comment.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Sharename list for Windows:
Sharename Type Comment
--------- ---- -------
ADMIN$ Disk Remote Admin
C$ Disk Default share
IPC$ IPC Remote IPC
For Samba:
Sharename Type Comment
--------- ---- -------
netlogon Disk
sysvol Disk
IPC$ IPC IPC Service
While test packet_srvsvc_16 with share_name `netlogon`,
it passed Samba, and got a WERR_NERR_NETNAMENOTFOUND error for Windows.
Change share name to `IPC$` so Samba and Windows have it in common.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Level 102 will cause WERR_ACCESS_DENIED error against Windows, because:
> If the level is 102 or 502, the Windows implementation checks whether
> the caller is a member of one of the groups previously mentioned or
> is a member of the Power Users local group.
It passed against Samba since this check is not implemented by Samba yet.
refer to:
https://msdn.microsoft.com/en-us/library/cc247297.aspx#Appendix_A_80
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
lp and creds are missing in SamrContext and samr connection.
While run traffic_replay against windows, this will cause
`Access Denied` error.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
For packet_lsarpc_39, samba will return NT_STATUS_OBJECT_NAME_NOT_FOUND,
however, windows will return NT_STATUS_NO_SUCH_DOMAIN.
Allow both status for now to keep compatiable with both samba and
windows DC.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
While running traffic_replay script against windows dc, it will fail
with a `LDAP_UNWILLING_TO_PERFORM` error for adding user.
Windows requires the credentials to be encrypted before sending.
`set_gensec_features` will fix it.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
While there are more then 1000 records in the search result from Windows,
a `LDAP_SIZE_LIMIT_EXCEEDED` error will be returned.
Add paged_results control to fix.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
We have only set, need get.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
The dswriteaccountspn command is missing in drsuapi, add it so we can
use it in rpcclient.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
- Add missing refpurpose and describe the "circumstances"
- Replace dangling link by archive.org backup
- Add fixed Linux version and commit link
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
.TH header should match file name (i.e 3pm and not 3 for Parse::Pidl::NDR).
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
