| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
|
| |
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Tue Dec 15 03:17:52 CET 2015 on sn-devel-104
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
lastLogon is supposed to be updated for every interactive or kerberos
login, and (according to testing against Windows2012r2) when the bad
password count is non-zero but the lockout time is zero. It is not
replicated.
lastLogonTimestamp is updated if the old value is more than 14 -
random.choice([0, 1, 2, 3, 4, 5]) days old, and it is replicated. The
14 in this calculation is the default, stored as
"msDS-LogonTimeSyncInterval", which we offer no interface for
changing.
The authsam_zero_bad_pwd_count() function is a convenient place to
update these values, as it is called upon a successful logon however
that logon is performed. That makes the function's name inaccurate, so
we rename it authsam_logon_success_accounting(). It also needs to be
told whet5her the login is interactive.
The password_lockout tests are extended to test lastLogon and
lasLogonTimestamp.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
In a few places where a login should fail in a particular way, an
actual login success would not have triggered a test failure -- only
the wrong kind of login failure was caught.
This makes a helper function to deal with them all.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
|
|
|
|
|
|
| |
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Nov 6 13:43:45 CET 2015 on sn-devel-104
|
|
|
|
|
|
|
|
|
|
| |
This shows the correct way to accept a value that may be a list of strings
or a proper ldb.MessageElement.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
|
|
|
|
|
|
|
|
|
| |
We should never get a secret from a server when we specify DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING
This asserts that this is the case.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
|
|
|
|
|
| |
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
|
|
|
|
|
| |
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
|
|
|
|
|
|
|
| |
LDB_SCOPE_BASE is 0, so this works, but the corresponding parameter
is "struct ldb_control **controls", so I'd say NULL is more appropriate
here. Fixes a warning I just saw pass by.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
|
|
|
| |
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
|
|
|
| |
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Unknown attributeID values would cause an exception previously, and
unsorted attributes cause a failure to replicate with Samba 4.2.
In commit 61b978872fe86906611f64430b2608f5e7ea7ad8 we started
to sort these values correctly, but previous versions of Samba
did not sort them correctly (we sorted high-bit-set values as
negative), and then after 9c9df40220234cba973e84b4985d90da1334a1d1
we stoped accepting these.
To ensure we are allowed to make this unusual change to the
replPropertyMetaData, a new OID is allocated and checked
for in repl_meta_data.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10973
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
|
|
|
| |
The high bit may be set in these integers, so we need an unsigned int to store it in
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11429
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
|
|
|
| |
This reverts commit 1a012d591bca727b5cabacf6455d2009afb16bd7.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10493
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
|
|
| |
flaky tests
Change-Id: I323a2cd5eb2449a44a9cb53abab5a127d21c5967
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
|
| |
This fixes a signedness warning.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
|
|
|
|
|
|
| |
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jul 15 04:50:36 CEST 2015 on sn-devel-104
|
|
|
|
|
|
|
| |
We check for dir == NULL but dereference it during variable declaration.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
|
|
|
| |
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
|
|
|
| |
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
|
|
|
|
|
|
|
|
|
| |
This is used to merge the netr_GetForestTrustInformation() result with
the existing information in msDS-TrustForestTrustInfo.
New top level names are added with LSA_TLN_DISABLED_NEW
while all others keep their flags.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
dsdb_trust_verify_forest_info()
These will be used in dcesrv_lsa_lsaRSetForestTrustInformation() in the
following order:
- dsdb_trust_normalize_forest_info_step1() verifies the input
forest_trust_information and does some basic normalization.
- the output of step1 is used in dsdb_trust_verify_forest_info()
to verify overall view of trusts and forests, this may generate
collision records and marks records as conflicting.
- dsdb_trust_normalize_forest_info_step2() prepares the records
to be stored in the msDS-TrustForestTrustInfo attribute.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
|
| |
This emulates a lsa_TrustDomainInfoInfoEx struct for our own domain.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
| |
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
|
|
| |
This extracts the current and previous nt hashes from trustAuthIncoming
as the passed TDO ldb_message.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
|
|
|
| |
Only the LSA and NETLOGON server should be able to change this, otherwise
the incoming passwords in the trust account and trusted domain object
get out of sync.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
|
| |
We also need to update trustAuthIncoming of the trustedDomain object.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
|
| |
This will simplify the following commits.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
|
| |
For trust account we need to store version number provided by the client.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
AAC=0x00000400(ACB_AUTOLOCK) and user="example.com."
Windows reuses the ACB_AUTOLOCK flag to handle SEC_CHAN_DNS_DOMAIN domains,
but this not documented yet...
This is triggered by the NETLOGON_CONTROL_REDISCOVER with a domain string
of "example.com\somedc.example.com".
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
|
| |
These are more generic and will replace the existing sam_get_results_trust().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The most important things is the dsdb_trust_routing_table with the
dsdb_trust_routing_table_load() and dsdb_trust_routing_by_name() functions.
The routing table has knowledge about trusted domains/forests and
enables the dsdb_trust_routing_by_name() function to find the direct trust
that is responsable for the given name.
This will be used in the kdc and later winbindd to handle cross-trust/forest
routing.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Coverity was confused by the 'seq_num' variable as an argument for the
'local_usn' parameter, where also a 'seq_num' parameter exists. Doesn't hurt,
and if it kills a Coverity warning, why not...
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: "Stefan (metze) Metzmacher" <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jul 1 14:09:14 CEST 2015 on sn-devel-104
|
|
|
|
|
|
|
|
| |
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 24 01:02:22 CEST 2015 on sn-devel-104
|
|
|
|
|
| |
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
|
|
|
|
|
| |
We assigned lp_ctx twice...
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
|
|
|
| |
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
|
|
|
| |
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
|
|
|
| |
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
|
|
|
| |
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
|
|
|
| |
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
|
|
|
|
|
| |
This is a cut&paste error
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
|
|
|
|
|
|
|
|
| |
This was preventing the correct generation of error messages and referrals on an RODC.
An RODC does not have a RID set.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
|
| |
This allows us to tell if this script even executes, without looking in the logs.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
|
|
|
|
|
|
|
|
|
|
|
| |
rootnamingcontext
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Change-Id: I96fd5c7f39280090d5ec1dcdcb445fd7a44bd1c6
Autobuild-User(master): Matthieu Patou <mat@samba.org>
Autobuild-Date(master): Wed May 27 18:40:35 CEST 2015 on sn-devel-104
|
|
|
|
|
|
|
|
|
|
| |
Call server_id_str_buf instead
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 28 20:48:01 CEST 2015 on sn-devel-104
|
|
|
|
|
| |
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
|
|
|
|
|
|
|
|
|
| |
This involves switching to krb5_data, smb_krb5_get_pw_salt and
smb_krb5_create_key_from_string.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
| |
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
|
|
|
| |
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|