IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
With an AD DC, wbcListGroups returns the users in the DOMAIN SEPARATOR
GROUPNAME format. The test then calls wbcLookupName with the domain
name and the previous string (including domain and separator) as
username. Fix this by passing the correct username and adding some
additional checks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13312
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
With an AD DC, wbcListUsers returns the users in the DOMAIN SEPARATOR
USERNAME format. The test then calls wbcLookupName with the domain name
and the previous string (including domain and separator) as username.
Fix this by passing the correct username and adding some additional
checks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13312
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Remove wrong "Local" strcmp(), there's another one, the correct one, a few lines
below. Since commit 95e3307917
WBC_DOMINFO_TRUSTTYPE_NONE, which corresponded to the string "None" in the
winbindd response, is not used anymore.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13313
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar 2 05:49:18 CET 2018 on sn-devel-144
Add one use of popt_set_cmdline_credentials().
Fix 80 column limits when cmdline_credentials changes
to popt_get_cmdline_credentials().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Mar 23 12:55:26 CET 2017 on sn-devel-144
We don't need to change the protocol version because:
1. An old client may provide the "initial_blob"
(which was and is still ignored when going
via the wbcCredentialCache() function)
and the new winbindd won't use new_spnego.
2. A new client will just get a zero byte
from an old winbindd. As it uses talloc_zero() to
create struct winbindd_response.
3. Changing the version number would introduce problems
with backports to older Samba versions.
New clients which are capable of using the new_spnego field
will use "negotiate_blob" instead of "initial_blob".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
An implementation of https://lists.samba.org/archive/samba/2012-March/166497.html (which has been discussed in 2012, but was never implemented).
It has been tested on a Debian Jessie system with this patch added to the Debian package (which is currently 4.1.17). Even though this is Samba 4, the ntlm_auth installed is the one from Samba 3 (yes, it surprised me too). The backend was a machine with Windows 2012R2.
It was first tested with the local security policy 'Network Security: LAN Manager authentication level' setting changed to 'Send NTLMv2 Response Only' (allow ntlm v1). This way we are able to authenticate with and without the MSV1_0_ALLOW_MSVCHAPV2 flag (as expected).
After the basic step has been verified, the local security policy 'Network Security: LAN Manager authentication level' setting was changed to 'Send NTLMv2 Response Only. Refuse LM & NTLM' (only allow ntlm v2). The behaviour now changed according to the MSV1_0_ALLOW_MSVCHAPV2 flag (again: as expected).
$ ntlm_auth --request-nt-key --username=XXXXXXXXXXXXX --challenge=XXXXXXXXXXXXXXXXX --nt-response=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX --domain=
Logon failure (0xc000006d)
$ ntlm_auth --request-nt-key --username=XXXXXXXXXXXXX --challenge=XXXXXXXXXXXXXXXXX --nt-response=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX --domain= --allow-mschapv2
NT_KEY: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
The changes in `wbclient.h` are intended for programs that use libwinbind directly instead of authenticating via `ntlm_auth`. I intend to use that within FreeRADIUS (see https://bugzilla.samba.org/show_bug.cgi?id=11149).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11694
Signed-off-by: Herwin Weststrate <herwin@quarantainenet.nl>
Reviewed-by: Kai Blin <kai@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The test gets handed a name, so we first need
to resolve the name to an IP before we can
pass that on to ResolveWinsByIp.
Bug uncovered by the new nss_wrapper code (1.1.2).
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Increment the minor version of the libwbclient library after new
context functions added. (Major version increase not required as
the only two functions with changed parameters are private to the
library.)
Signed-off-by: Matthew Newton <matthew-git@newtoncomputing.co.uk>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 10 03:24:45 CET 2015 on sn-devel-104
There are some global variables in use in the libwbclient
library. Now that we have a context, move these into it so that
they are thread-safe when the wbcCtx* functions are used.
Signed-off-by: Matthew Newton <matthew-git@newtoncomputing.co.uk>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
To make the libwbclient library thread-safe, all functions
that call through to wb_common winbindd_request_response need
to have context that they can use. This commit adds all the
necessary functions.
Signed-off-by: Matthew Newton <matthew-git@newtoncomputing.co.uk>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
To enable libwbclient to pass winbindd context through
to the winbind client library in wb_common.
Signed-off-by: Matthew Newton <matthew-git@newtoncomputing.co.uk>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The basic context structure and functions for libwbclient so that
libwbclient can be made thread-safe.
Signed-off-by: Matthew Newton <matthew-git@newtoncomputing.co.uk>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Updating API call in libwbclient, wbinfo, ntlm_auth and
winbind_nss_* as per previous commit to wb_common.c.
Signed-off-by: Matthew Newton <matthew-git@newtoncomputing.co.uk>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
https://bugzilla.samba.org/show_bug.cgi?id=10692
Revert "libwbclient: reject unknown named blobs in wbcCredentialCache()"
This reverts commit 740d12d1e7.
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Jul 14 21:54:08 CEST 2014 on sn-devel-104
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10692
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jul 10 22:30:45 CEST 2014 on sn-devel-104
The password is made more complex, and the test domain is made to
use the command line options.
Andrew Bartlett
Change-Id: Ia1ec24a9fc393e7f7b210f845bcf32dbc933d48f
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Might as well fix it to handle large authority values properly. Also
correct some of the formatting.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri May 17 01:09:33 CEST 2013 on sn-devel-104
