IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This is one of or hottest code paths, I think every bit counts here.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jul 22 19:51:09 CEST 2016 on sn-devel-144
In future ad_dc_ntvfs and ad_dc will differ regarding the Primary:SambaGPG
password feature. So we should test both.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
This key doesn't have a passphrase and allows automatic testing
of decryption.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
This get's the cleartext passwords by decrypting
the 'Primary:SambaGPG' value in order to provide the
virtual attributes: virtualClearTextUTF16, virtualClearTextUTF8,
virtualCryptSHA256, virtualCryptSHA512, virtualSSHA
The virtual attribute virtualSambaGPG provides the raw
(encrypted) value of the 'Primary:SambaGPG' value.
See the "password hash gpg key ids" option for the encryption part
of this feature.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
It's important that Primary:SambaGPG is added as the last element.
This is the indication that it matches the current password.
When a password change happens on a Windows DC,
it will keep the old Primary:SambaGPG value, but as the first element.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
This will be used to store the cleartext utf16 password
GPG encrypted in the supplementalCredentials attribute.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
This will be used to store the cleartext utf16 password
GPG encrypted as 'Primary:SambaGPG' in the
supplementalCredentials attribute.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
This provides an easy way to keep passwords in sync with
another account database, e.g. an OpenLDAP server.
It provides a functionality like the "passwd program"
for the "unix password sync" feature of a standalone, member
and classic (NT4) server, but for an active directory domain
controller.
The provided script is called for each account/password related
change.
Like the 'user getpassword' command it allows virtual attributes like:
virtualClearTextUTF16, virtualClearTextUTF8,
virtualCryptSHA256, virtualCryptSHA512, virtualSSHA
Note that this command should just run on a single domain controller
(typically the PDC-emulator).
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
This provides an easy way to get the passwords of a user
including the cleartext passwords (if stored) and derived
hashes. This is done by providing virtual attributes like:
virtualClearTextUTF16, virtualClearTextUTF8,
virtualCryptSHA256, virtualCryptSHA512, virtualSSHA
This is much easier than using ldbsearch and manually parsing
the supplementalCredentials attribute.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
In future we should use a mix of environments some which support ntlmv1
and some without.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
E.g. we try lanman, ntlmv1 and ntlmv2 authentication.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We already have 'as anon', having an indication for each case makes it
easier to mark some as knownfail.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Jul 22 14:13:52 CEST 2016 on sn-devel-144
