IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
We don't need all of Samba just to dump contents of this tdb, make
exporting profile information cheaper.
No direct use yet, but it's a good cleanup IMHO
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
We have that available in smbXsrv_connection that is available almost
everywhere.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 15 06:30:35 UTC 2023 on atb-devel-224
This is similar, but not identical, to the existing ‘Authorization’
event. It will be used to log Kerberos TGS-REQs.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This can be included in logged authentications and authorizations.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
If the ‘server_audit_info_out’ parameter is non-NULL, auditing
information will be returned so that it might be logged.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This will provide more detail to be logged.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We’re going to extend this code, and so we will require functions from
the utility module.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
If the ‘audit_info_out’ parameter is non-NULL, auditing information will
be returned so that it might be logged.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
These functions return various pieces of information about an audit
event that can go into audit logs.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
These values will be used to represent TGT lifetimes, which might or
might not be present.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This more clearly indicates that it is the raw TGT lifetime value
straight from the database.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This ensures that this code will still be usable by other libraries and
subsystems if Samba is built with ‘--without-ad-dc’.
We also drop dependencies on ‘ldb’ and ‘talloc’ that we shouldn’t have
needed anyway.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jun 14 23:55:42 UTC 2023 on atb-devel-224
KerberosCredentials objects now keep track of their account’s SID, which
removes the need to look it up with KDCBaseTest.get_objectSid().
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This prevents having to look them up in the database when tests need
them.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
It is useful to test a combination of device restrictions and TGT
lifetime restrictions so that we can check what TGT lifetime values end
up in the logs.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This allows us to determine which parts of an authentication policy
apply to a particular account, which will be necessary to test audit
logging.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This makes it clearer that we are assigning a value to both together.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
If a client was authorized, we would ignore the Kerberos error code and
just log the return value of authsam_logon_success_accounting().
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
These authentications are actually failing (due to RESPONSE_TOO_BIG
errors), but our authentication logging infrastructure hides this.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add NT_STATUS_OK to our pre-generated list of status codes. Ensure it
goes first in the list to ensure that code that previously found this
error code in ‘special_errs’ maintains the same behaviour by falling
back to ‘nt_errs’.
This makes NT_STATUS_OK available to Python code using the ‘ntstatus’
module.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>