IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <josutton@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Aug 28 05:39:36 UTC 2024 on atb-devel-224
I think this may be a root cause of some Coverity false positives.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <josutton@catalyst.net.nz>
A Coverity false positive (we check for error) but it is worth
doing per README.Coding
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <josutton@catalyst.net.nz>
ldb_wrap is a caching mechansim, and it should probably be removed
but for now provide a way to avoid it in specific cases where we
know it is harmful.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
We do this by allowing the password change control to indicate
that the password is to be randomised, bypassing the quality
checks (as true random passwords often fail these) and
re-randomising with the same code as is used for the KDC.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
This both allows the time to be overriden in some future unit tests
(which is incredibly helpful in testing) and gets a full NTTIME
rather than just a time_t based time, so we do not need to wait
an extra second for the NTTIME to change.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
While the passwords are random and rolled on the server, we can tell
about the expiry by setting pwdLastSet to 0.
Samba now honours the password expiry.
This is only enabled for domain functional level 2016 and when
msDS-ExpirePasswordsOnSmartCardOnlyAccounts is set to TRUE.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
This allows us to have tests, which pass on Windows, that
use a very short maxPwdAge.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
This is because the smartcard reset now generates all the keys
on Windows, so we want to match Windows 2022 as at April 2024
behaviour.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
No change at all in the result, just saving lines and branches.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Before we had (with a TODO of regret):
if (!a1 || !a2) {
return strcasecmp(e1->name, e2->name);
}
so, given {name:"A", id 2}, {name:"B", NO id}, {name:"C", id 1},
A < B by name
B < C by name
A > C by id
Now the sort order is always A > C > B.
This sort could have caused mysterious crashes in repl_meta_data if
the schema is out of sync.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This ldb context can be used to query the current gMSA time.
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Apr 16 05:02:30 UTC 2024 on atb-devel-224
prec_{1,2} are uint32_t, and if one is not set we are defaulting to
0xffffffff (a.k.a UINT32_MAX), so an overflow when cast to int seems
extremely likely.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We need to change the internal types assumed in Samba for the opaque
integers to "unsigned long long" as this is what ldb.set_opaque() will
create, and we want to move to this interface rather than have a
duplicate.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
dsdb_have_system_access() takes into account the AS_SYSTEM control as
well as the result of dsdb_module_am_system().
This change means that we can reset the password of an account without
being SYSTEM by means of the AS_SYSTEM control. This is essential for
ldapsrv_SearchRequest() to be able to process the automatic password
changes of Group Managed Service Accounts.
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This takes into account the dsdb session info, as well as the presence
or absence of an AS_SYSTEM control.
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This entry is identical to the third array entry.
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
