IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Since processes can run under the UID of the logged in user, it's required
to make sure that the users have the permissions here.
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Björn Baumbach <bbaumbach@samba.org>
Autobuild-User(master): Björn Baumbach <bb@sernet.de>
Autobuild-Date(master): Tue Dec 10 11:40:27 UTC 2024 on atb-devel-224
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Fri Dec 6 13:33:38 UTC 2024 on atb-devel-224
man winbinbdd.8 is wrongly mixing two options:
before fix:
-d|--debuglevel=DEBUGLEVEL, --debug-stdout
...
after fix:
-d|--debuglevel=DEBUGLEVEL
...
--debug-stdout
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Dec 5 17:46:49 UTC 2024 on atb-devel-224
This adds tests for the application layer encryption used
based on the secure channel session key.
This will get tests for netr_ServerAuthenticateKerberos()
in order to explore its details.
This runs against Windows 2022 as well as Windows 2025 (preview)
using something like this:
SMB_CONF_PATH=/dev/null \
SERVER=172.31.9.118 DC_SERVER=w2022-118.w2022-l7.base \
DOMAIN="W2022-L7" REALM="W2022-L7.BASE" \
ADMIN_USERNAME="Administrator" ADMIN_PASSWORD="A1b2C3d4" \
STRICT_CHECKING=0 \python/samba/tests/krb5/netlogon.py
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This makes it possible to explore the functions arround
netlogon_creds_CredentialState via python.
This allows us to write tests in order to explore
the details of netr_ServerAuthenticateKerberos().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
It's not useful to use the PyCredentials methods
also as module methods...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This might be the better option when we implement
netr_ServerAuthenticateKerberos().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This can check more than one password and is designed to
support getting a TGT for our machine account also falling
back to older passwords...
If we don't have a plaintext password it falls back to an nt_hash.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This can be used to kinit with a keyblock later
and also a loop over multiple password generations will
be possible.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
wb_dsgetdcname() is typically used by dcerpc_wbint_DsGetDcName_send()
from netr_DsRGetDCName* in the netlogon server, when domain members
try to ask for domain controllers of a trusted domain.
The domain might disabled netbios support, so we better try the
already dns name if available.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
We may get NT_STATUS_NOT_FOUND when the name can't be resolved
and NT_STATUS_INVALID_ADDRESS if the system doesn't have ipv4
addresses...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This will be important when we add support for netr_ServerAuthenticateKerberos().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This breaks compat with 4.21 and moves stuff out of
netlogon_creds_CredentialState_extra_info.
It also prepares support for netr_ServerAuthenticateKerberos()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This reverts commit c3fa132fbe179bd4e1451240ce572ec791356a16.
We break the compat of the netlogon_creds_cli.tdb records compared to
4.21 with the next commits.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
I have basic tests, which have shown that the payload is not
encrypted at application level.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Keep libndr at 6.0.0, this has not been released yet.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Keep libndr at 6.0.0, this has not been released yet.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Thu Dec 5 15:54:57 UTC 2024 on atb-devel-224
To get the expected traces we need:
debug syslog format = no
log level = 10
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Factor out talloc-less sddl_transition_decode_sid()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Dec 3 09:03:01 UTC 2024 on atb-devel-224
dom_sid_parse_endp does accept the lowercase "s" in "s-1-1-0".
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>