IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This used to not properly store the chained credentials back into the
netlogon_creds_cli tdb. This by the way is the bug that all the
routines for the NT4 style sam replication had that just disappeared.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Sep 25 13:42:19 CEST 2017 on sn-devel-144
This is the one-stop shop to a working, schannel'ed connection to the
netlogon RPC interface. Jeremy tells me it needs more comments :-)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This will be used in a later commit in the rpcclient "capabilities"
command. Avoids another netlogon_creds_cli_get in the next commit.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This will be used for the "fast path" to netlogon when we already have
credentials.
This slightly widens the area of code covered by the netlogon_creds
lock: cli_rpc_pipe_open is now also covered by the lock.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This does the reqchallenge/serverauth while assuming we have the
netlogon_creds_cli_lck already held. The _locked flavor will be called
from a routine that covers more under one single lock.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This widens the lock range to cover the check for established
credentials. Before this patch it could happen that more than one
winbind finds no credentials and does the auth3. This can pile up.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
netlogon_creds_cli_lck provides the locking around the operation
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This provides cleaner data dependencies. A netlogon_creds_ctx contains
everything required to open an schannel, there is no good reason to
require cli_credentials here.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Don't implicitly TALLOC_FREE(creds) in the pure delete routine
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We don't need to check this here. rpccli_create_netlogon_creds_ctx via
netlogon_creds_cli_context_global returns NT_STATUS_INVALID_PARAMETER for an
unknown schannel type. Slightly different error code, but we could change the
one in netlogon_creds_cli_context_global if necessary.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Trying to understand this code it's important for me to name variables
indicating their use: A netlogon_creds_cli_context is a context with access to
credentials, it's not the credentials itself.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
If you're a domain member, use winbind. Auth_domain is from times when we did
not have winbind. It has served its purpose, but we should move on.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep 22 00:02:29 CEST 2017 on sn-devel-144
This uses the NT4 replication commands. Samba does not have a server
for this, no tests, and whoever needs to migrate a native domain can
use an old Samba version
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
These three commands don't use the netlogon credential chain
correctly. They are missing the netlogon_creds_store after the dcerpc
call, so they destroy the correct use of the netlogon creds.
The only valid server for these calls that I know of would be NT4, and
that should be gone long ago.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This is an addition to the fixes for CVE-2015-5296.
It applies to smb2mount -e, smbcacls -e and smbcquotas -e.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This allows to check if the current cli_state uses encryption
(either via unix extentions or via SMB3).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12996
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This allows debugging of why the LDB failed to start up.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This creates a context with access to a credentials, not credentials
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
rpccli_create_netlogon_creds_with_creds just extracts the values we set here
from cli_credentials, and the lower-level interface is supposed to go away.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
There's no point recompiling all of source3 if netlogon_creds_cli.h is changed
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
select() is no longer useful on modern systems.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sat Sep 16 08:35:39 CEST 2017 on sn-devel-144
This happens when vfs_streams_xattr is loaded, log level is set to 10
and the default stream of a file or directory is accessed. In that case
streams_xattr_open does not allocate the stream_io fsp extension. The
DBG_DEBUG message in streams_xattr_fstat tries to access the stream_io
before checking for a NULL value, resulting in the crash. Fix this by
moving the debug message after the check for a NULL pointer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13032
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Sep 14 10:58:12 CEST 2017 on sn-devel-144
Correctly do filename conversion.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13003
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Sep 12 10:50:57 CEST 2017 on sn-devel-144
Can be ignored (pass-through) in streams_xattr VFS module.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13003
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
