IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
The tdc cache is not reliable. The main dynamic check is
netsamlogon_cache_have: The only reliable way to see a domain as valid
for allocating a range for is a successful login. With a recent addition
to netsamlogon_cache_store, we can now reliably tell from there whether
a domain is trusted.
This also adds a few heuristic checks, such as allocation for the local
domains and additional ranges where we already have a mapping for range
index 0 for.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
If autorid.tdb already has a mapping for a domain range, we can just
return that. Even if the volatile tdc cache at this point does not have
the domain, we should return a correct mapping.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Simplification -- from the callers perspective looks like a complex
routine which it is not
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Simplification -- from the callers perspective looks like a complex
routine which it is not
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
We should only allow '#' as a sid/range-number separator in autorid.tdb.
The logic might be a bit clumsy. But the switch statement with failure
fall thru was the clearest I could come up with.
Signed-off-by: Volker Lendecke <vl@samba.org>
A non-null terminated record would make string_to_sid read beyond the
end of allocated data.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This is no longer just a user, we can also check for domains
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This will be used by autorid and possibly others instead of the tdc
cache. The only reliable way to find a domain to be trusted is via a
successful login. We indicate successful login via a netsamlogon_cache.tdb
entry. This patch also adds the user's domain sid with an entry, so we
can check for that existence without traversing the cache.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
We're interested in existence only, we should be able to trust the data
format consistency for this type of query.
netsamlogon_cache_get calls netsamlogon_cache_init for us, now we have
to do it directly.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Thanks to Stef Walter <stefw@gnome.org>
BUG: http://bugzilla.samba.org/show_bug.cgi?id=8888
Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Fri Dec 16 16:22:32 CET 2016 on sn-devel-144
Redundant RELEASE_IPs gives nodes a preview of where an IP address
will move to. However, if the associated TAKEOVER_IP fails then the
node will actually be unhosted.
This is similar to commit 77a29b3733.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12470
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Fri Dec 16 12:32:02 CET 2016 on sn-devel-144
Otherwise it prints 4294967295 for the PNN.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12470
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
The GET_PUBLIC_IP_INFO control fails for unassigned addresses because
PNN is CTDB_UNKNOWN_PNN.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12470
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
First argument to talloc_asprintf_append() is the string being
appended to, not a talloc context.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12470
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
The new hash-table-based method of merging the IP information does not
sort, whereas the RB-tree method implicitly sorted. This probably
only really matters for the "all" case, but sort regardless to ensure
consistent output format.
Sorting has to be done here instead of when printing to ensure
consistency between ip[] and ipinfo[].
No longer reverse the sort order.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12470
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Add new function ctdb_sock_addr_cmp(), which returns a 3-way result
useful for qsort(3). Reimplent ctdb_sock_addr_same() using this.
In the process, make arguments const so that ctdb_sock_addr_cmp() can
be used with qsort().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12470
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
The name of the addresses file to modify is based on the original
selection of a test node at the top of the test. Repeating the
selection a test node can result in a mismatch between the new test
node and the addresses file. This occurs on local daemons, because
the addresses file name has the original node number in it but the
test is being performed on the the newly selected node number.
For some reason this test has only occasionally failed. An upcoming
commit that stops the output of "ctdb ip" from being reversed causes
this test to fail (nearly?) every time.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12470
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
When the test is over, the exit_hook will remove the temporary event
script directory and then CTDB is restarted. Explicitly shutting down
CTDB ensures that event script directory is not removed while CTDB is
still running.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
This simplifies comparing the output to the expected output.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
This gets rid of implicit check if a service needs to configured. As a
side effect, we also get rid of the monitor "replay" which was
introduced to avoid a collision between a script executed via event and
manually. Event scripts are not expected to be run by hand.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
This will help get rid of implicit ctdb_service_check_reconfigure.
We still need to keep "reconfigure" event in 13.per_ip_routing, so that
the per ip routing can be refreshed if the configuration has changed.
The correct fix for this is to add caching of configuration and checking
of configuration changes in "ipreallocated" event.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
These features are going away. There is nothing to reconfigure for
NFS anyway.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Dec 16 05:43:12 CET 2016 on sn-devel-144
This proves we can act like Windows and over lsarpc over netlogon if we want
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Dec 15 12:11:09 CET 2016 on sn-devel-144
The idea here is that perhaps some real client relies on this (and not just Samba torture
commands), so we need a way to support it for the 4.6 release.
If no such client emerges, it can be deprecated and removed in the normal way.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This prevents making the netlogon process multi-threaded.
This works on Windows becuase NETLOGON is part of lsad
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This allows the netlogon server to be moved into a multi-process model
while still supporting clients that use a challenge from a different
network connection.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Dec 14 20:12:14 CET 2016 on sn-devel-144
This test ensures that when the per-pipe challenge is used, the tdb cache
is wiped as well
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Dec 14 15:56:37 CET 2016 on sn-devel-144
This test covers credentials reuse on the same process.
We test with direct re-use, and for the case where the challenge
is reset to zeros.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This tests ensures we can not re-use the entries in global challenge table.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This allows this test to pass after "allow nt4 crypto" is removed from
the default environment.
We now only set it in ad_dc
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This allows it to run against modern servers that do not permit NT4 crypto
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This test confirms that the challenge set up is available
after the ServerAuthenticate has failed at the NT_STATUS_DOWNGRADE_DETECTED
check.
This is needed for NetApp ONTAP member servers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11291
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
GUID_from_data_blob() was relying on sscanf to parse strings, which was
slow and quite accepting of invalid GUIDs. Instead we directly read a
fixed number of hex bytes for each field.
This now passes the samba4.local.ndr.*.guid_from_string_invalid tests.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Dec 14 08:55:42 CET 2016 on sn-devel-144
These tests reveal that the current implementation accepts all kinds
of invalid GUIDs. In particular, we fail on these ones:
"00000001-0002-0003-0405--060708090a0"
"-0000001-0002-0003-0405-060708090a0b"
"-0000001-0002-0003-04-5-060708090a0b"
"d0000001-0002-0003-0405-060708090a-b"
"00000001- -2-0003-0405-060708090a0b"
"00000001-0002-0003-0405- 060708090a0"
"0x000001-0002-0003-0405-060708090a0b"
"00000001-0x02-0x03-0405-060708090a0b"
This test is added to selftest/knownfail.
The test for valid string GUIDs is extended to test upper and mixed case
GUIDs.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Fix a memory leak in out-of-memory condition
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Dec 13 22:30:44 CET 2016 on sn-devel-144
Needs to be done even on success (cli_is_error() checks if
cli->raw_status was NT_STATUS_OK).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12468
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
