Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
By using SamLogonEx we avoid setting up the credentials chain for each
request.
(Needs to be pushed further up the stack, to only connect to NETLOGON once).
Andrew Bartlett
|
|
|
|
|
|
It turns out (seen in MS-SAMR 3.1.1.7.1 for example) that the primary
way the krbtgt account is recognised as special is that RID. This
should fix issues such as 'password expired' on the kpasswd service.
Andrew Bartlett
|
|
The sheer volume of messages generated by tevent when the trace level is set to
10 makes it difficult to debug issues in a level 10 log. Increasing this to
50 allows tevent tracing to be enabled if needed, but otherwise keeps the extra
chatter out of a level 10 log.
|
|
|
|
|
|
metze
|
|
We need to loop over all given dialects and check
if we can find SMB2_DIALECT_REVISION_202.
metze
|
|
Also send them in the order a windows client would
send them (the lowest first).
metze
|
|
metze
|
|
|
|
Without this entry, opening the COM+ tab under the properties of an OU within
ADUC results in the following error:
"Unable to retrieve all user properties, 0x80072030"
|
|
Without these entries, using the 'Delegate Control' option in ADUC results in
the following error message in the Delegation of Control Wizard:
"The templates could not be applied. One or more of the templates is not
applicable. Click Back and select different templates, and then try again."
|
|
The classDisplayName attribute controls the actual text displayed to the user
for the top-level menus, so added it to the existing entries.
The attributeDisplayNames attribute contains both the text displayed to the
user and a mapping to the internal directory attribute name for the particular
field, so added these to the existing entries as well.
Added new entries as appropriate to properly complete all menus and labels
within ADUC.
|
|
A single AD server can only host a single domain, so don't stuff about
with looking up our crossRef record in the cn=Partitions container.
We instead trust that lp_realm() and lp_workgroup() works correctly.
Andrew Bartlett
|
|
File descriptor leaks only when we use file instead of stdout.
Found by cppcheck:
[./source3/torture/smbiconv.c:219]: (error) Resource leak: out
[./source4/torture/smbiconv.c:211]: (error) Resource leak: out
|
|
This rather simple test creates 4500 objects on a domain controller and checks
the enum calls for the correct number of results.
Guenther
|
|
Guenther
|
|
Guenther
|
|
This bit actually means that we should ignore the minimum password
length field for this user. It doesn't mean that the password should
be seen as empty
|
|
The client side code was not falling back to older routines correctly
as it didn't check for the operation range error appropriately. It
also used the old rpc semantics.
|
|
When lanman auth is disabled and a user calls a password change
method that requires it we should give NT_STATUS_NOT_SUPPORTED
|
|
Samba4 cannot pass this test currently as in Samba4 (unlike Samba3)
the LSA and SAMR account are stored in the same db.
Once you delete a SAMR user the LSA privilege account is deleted
at the same time (which is wrong).
Guenther
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
RPC-SAMR-USERS-PRIVILEGES test.
Guenther
|
|
This change brings ntvfs_connect into compliance with other ntvfs functions
which take an ntvfs module, an ntvfs request and an smb io union.
It now becomes the responsibility of ntvfs modules to examine
tcon->generic.level themselves and derive the share name and any other
options
directly; e.g.
const char *sharename;
switch (tcon->generic.level) {
case RAW_TCON_TCON:
sharename = tcon->tcon.in.service;
break;
case RAW_TCON_TCONX:
sharename = tcon->tconx.in.path;
break;
case RAW_TCON_SMB2:
default:
return NT_STATUS_INVALID_LEVEL;
}
if (strncmp(sharename, "\\\\", 2) == 0) {
char *p = strchr(sharename+2, '\\');
if (p) {
sharename = p + 1;
}
}
service.c smbsrv_tcon_backend() is called before ntvfs_connect and fills in
some of the tcon->..out values.
For the case of RAW_TCON_TCONX, it filles out tcon->tconx.out.tid and
tcon->tconx.out.options
For the case of RAW_TCON_TCON it fills out tcon->tcon.out.tid and
tcon->tcon.out.max_xmit
Thus the ntvfs_connect function for vfs modules may override these values
if desired, but are not required to.
ntvfs_connect functions are required to fill in the tcon->tconx.out.*_type
fields, for RAW_TCON_TCONX, perhaps something like:
if (tcon->generic.level == RAW_TCON_TCONX) {
tcon->tconx.out.fs_type = ntvfs->ctx->fs_type;
tcon->tconx.out.dev_type = ntvfs->ctx->dev_type;
}
Signed-off-by: Sam Liddicott <sam@liddicott.com>
(I fixed the ntvfs_connect() in the smb_server/smb2/
and the RAW_TCON_SMB2 switch case in the modules)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Stop packet_recv getting greedy and reading the whole socket
and then dispatching te extra packets in a timer loop
Signed-off-by: Sam Liddicott <sam@liddicott.com>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
metze
|
|
|
|
Guenther
|
|
This test demonstrates the independence of the lsa and samr accounts while
remove a samr users that still has privileges granted.
Guenther
|
|
This module didn't have any functionality that we actually used yet, and
it was quite small.
Tevent is quite low level and perhaps doesn't make much sense to expose
directly as a Python module. It was also causing build problems when used with a
system-tevent. We can always back later if necessary.
|
|
|
|
This was breaking the Samba 4 installation since it added dependencies
on header files we weren't installing.
Confirmed with Kai.
|
|
|
|
|
|
|
|
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
internal.
|
|
Guenther
|
|
Samba3.
Note that they are skipped for all objects while testing Samba4.
Guenther
|
|
in RPC-SAMR.
Guenther
|