[SCM] Samba Shared Repository - branch v4-15-test updated
Stefan Metzmacher
metze at samba.org
Thu Mar 17 10:36:02 UTC 2022
The branch, v4-15-test has been updated
via 9d91942913e s3:libads: Fix creating local krb5.conf
via 736df42fdf9 s3:libads: Check print_canonical_sockaddr_with_port() for NULL in get_kdc_ip_string()
via 9319309ac1a s3:libads: Remove obsolete free's of kdc_str
via 3016f01d0c4 s3:libads: Allocate all memory on the talloc stackframe
via a76c64f86d8 s3:libads: Use talloc_asprintf_append() in get_kdc_ip_string()
via 1f7b6fc56c5 s3:libads: Improve debug messages for get_kdc_ip_string()
via 5608804f02d s3:libads: Leave early on error in get_kdc_ip_string()
via fd2373c6bcf s3:libads: Remove trailing spaces in kerberos.c
via 12c58adffe4 testprogs: Add test that local krb5.conf has been created
via 9b6e8ae65e2 s3:libsmb: Fix errno for failed authentication in SMBC_server_internal()
via 1f1d6d4e745 s4:auth: let authenticate_ldap_simple_bind() pass down the mapped nt4names
via 54fd8eb1aac auth: let auth logging prefer user_info->orig_client.{account,domain}_name if available
via 5e81cde9fae s4:auth: rename user_info->mapped_state to user_info->cracknames_called
via 2c15a949f5d winbindd: don't set mapped_state in winbindd_dual_auth_passdb()
via 2e41cbc8bec nsswitch: let test_wbinfo.sh also test wbinfo -a $USERNAME@$DOMAIN
via 8cd57a22283 s3:auth: make_user_info_map() should not set mapped_state
via 249b023f2b8 s4:auth: fix confusing DEBUG message in authsam_want_check()
via a304052c4fc s4:auth: check for user_info->mapped.account_name if it needs to be filled
via 070af6f1fa0 s4:rpc_server/samr: don't set mapped_state in auth_usersupplied_info for audit logging
via 63a6fb82a77 s4:kdc: don't set mapped_state in auth_usersupplied_info for audit logging
via c6bb5e62776 s4:dsdb: don't set mapped_state in auth_usersupplied_info for audit logging
via dffebcba823 s4:smb_server: don't set mapped_state explicitly in auth_usersupplied_info
via 240785f4e4f auth/ntlmssp: don't set mapped_state explicitly in auth_usersupplied_info
via db17de0b611 s4:auth: encrypt_user_info() should set password_state instead of mapped_state
via 2d425bb116a s4:auth: a simple bind uses the DCs name as workstation
via 02824c7942d s3:rpc_client: let rpccli_netlogon_network_logon() fallback to workstation = lp_netbios_name()
via e6926484533 rodc: Add tests for simple BIND alongside NTLMSSP binds
via af30bd71cd3 s4:auth_sam: use USER_INFO_INTERACTIVE_LOGON as inducation for an interactive logon
via 0fcbfd39583 s3:auth: let make_user_info_netlogon_interactive() set USER_INFO_INTERACTIVE_LOGON
via 0da8b2b3683 dsdb/tests: add test_login_basics_simple()
via ec84a7acfcc dsdb/tests: prepare BasePasswordTestCase for simple bind tests
via 72698f73949 dsdb/tests: introduce assertLoginSuccess
via 7b63119267a dsdb/tests: make use of assertLoginFailure helper
via 92da29a1136 dsdb/tests: let all BasePasswordTestCase tests provide self.host_url[_ldaps]
via 84f7b94852a dsdb/tests: passwords.py don't need to import BasePasswordTestCase
via 2bbb9a4298c python:tests: let insta_creds() also copy the bind_dn from the template
from 39ae6f10fa6 VERSION: Bump version up to Samba 4.15.7...
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test
- Log -----------------------------------------------------------------
commit 9d91942913e0481cfb4af80eeb5a316f6c9d2c3f
Author: Andreas Schneider <asn at samba.org>
Date: Tue Mar 15 13:10:06 2022 +0100
s3:libads: Fix creating local krb5.conf
We create an KDC ip string entry directly at the beginning, use it if we
don't have any additional DCs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Wed Mar 16 14:26:36 UTC 2022 on sn-devel-184
(cherry picked from commit 68d181ee676e17a5cdcfc12c5cc7eef242fdfa6c)
Autobuild-User(v4-15-test): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(v4-15-test): Thu Mar 17 10:35:11 UTC 2022 on sn-devel-184
commit 736df42fdf9b4f7977eb6857ff3ab91a5df62b65
Author: Andreas Schneider <asn at samba.org>
Date: Tue Mar 15 13:02:05 2022 +0100
s3:libads: Check print_canonical_sockaddr_with_port() for NULL in get_kdc_ip_string()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 12c843ad0a97fcbaaea738b82941533e5d2aec99)
commit 9319309ac1adf42765e9f3bf325000b92585cd3e
Author: Andreas Schneider <asn at samba.org>
Date: Tue Mar 15 12:57:18 2022 +0100
s3:libads: Remove obsolete free's of kdc_str
This is allocated on the stackframe now!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit cca189d0934790418e27d9d01282370b1e6a057f)
commit 3016f01d0c4b4d2845d8b921070b18ed03f4e917
Author: Andreas Schneider <asn at samba.org>
Date: Tue Mar 15 12:56:58 2022 +0100
s3:libads: Allocate all memory on the talloc stackframe
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 652c8ce1672dfead00c7af6af22e3bb3927764ec)
commit a76c64f86d80c465d54bae60943fc6dd53e61f34
Author: Andreas Schneider <asn at samba.org>
Date: Tue Mar 15 12:48:23 2022 +0100
s3:libads: Use talloc_asprintf_append() in get_kdc_ip_string()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 812032833aa65729dbbfd4313a6e3fe072c88530)
commit 1f7b6fc56c51958af02a2370fe857995bfa5fd10
Author: Andreas Schneider <asn at samba.org>
Date: Tue Mar 15 12:10:47 2022 +0100
s3:libads: Improve debug messages for get_kdc_ip_string()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 7f721dc2eee0064a1ddd480fcaf77bf1659c7a26)
commit 5608804f02d1af530fd2b70537da1904168a3bec
Author: Andreas Schneider <asn at samba.org>
Date: Tue Mar 15 12:04:34 2022 +0100
s3:libads: Leave early on error in get_kdc_ip_string()
This avoids useless allocations.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 313f03c78487ae49747b8143220ecbfe8ad9310a)
commit fd2373c6bcf3f2128532cec8868c876569fc13ab
Author: Andreas Schneider <asn at samba.org>
Date: Tue Mar 15 12:03:40 2022 +0100
s3:libads: Remove trailing spaces in kerberos.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 567b1996796e5d3cf572653f38817d832fa135ca)
commit 12c58adffe4b364208a510a10181daace91638bf
Author: Andreas Schneider <asn at samba.org>
Date: Tue Mar 15 16:53:02 2022 +0100
testprogs: Add test that local krb5.conf has been created
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit d2ac90cdd5672330ed9c323fc474f8ba62750a6f)
commit 9b6e8ae65e24788c82022e761bfb2c78b59260d9
Author: Elia Geretto <elia.f.geretto at gmail.com>
Date: Fri Mar 11 19:32:30 2022 +0100
s3:libsmb: Fix errno for failed authentication in SMBC_server_internal()
In SMBC_server_internal(), when authentication fails, the errno value is
currently hard-coded to EPERM, while it should be EACCES instead. Use the
NT_STATUS map to set the appropriate value.
This bug was found because it breaks listing printers protected by
authentication in GNOME Control Panel.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14983
Signed-off-by: Elia Geretto <elia.f.geretto at gmail.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Mar 16 19:44:18 UTC 2022 on sn-devel-184
(cherry picked from commit 70b9977a46e5242174b4461a7f49d5f640c1db62)
commit 1f1d6d4e745b99fea2986e4ee65006be5f77ec09
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Mar 3 11:10:00 2022 +0100
s4:auth: let authenticate_ldap_simple_bind() pass down the mapped nt4names
authenticate_ldap_simple_bind*() needs to pass the
result of the cracknames operation into the auth stack
as user_info->client.{account,domain}_name, because
user_info->client.{account,domain}_name is also used
when forwarding the request via netrLogonSamLogon*
to a remote server, for exactly that the values are
also used in order to map a AUTH_PASSWORD_PLAIN into
AUTH_PASSWORD_RESPONSE, where the NTLMv2 response
contains the account and domain names passed in the
netr_IdentityInfo value.
Otherwise it would not be possible to forward the
LDAP simple bind authentication request to a remote
DC.
Currently this only applies to an RODC that forwards
the request to an RWDC.
But note that LDAP simple binds (as on Windows) only
work for users in the DCs forest, as the DsCrackNames
need to work and it can't work for users of remote
forests. I tested that in a DC of a forest root domain,
if rejected the LDAP simple bind against a different forest,
but allowed it for a users of a child domain in the
same forest. The NTLMSSP bind worked in both cases.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Mar 10 04:10:54 UTC 2022 on sn-devel-184
(cherry picked from commit 40f2070d3b2b1b13cc08f7844bfe4945e9f0cd86)
commit 54fd8eb1aac02cbd30c65b1617025dd1b7cf425e
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Mar 3 11:10:00 2022 +0100
auth: let auth logging prefer user_info->orig_client.{account,domain}_name if available
The optional user_info->orig_client.{account,domain}_name are
the once really used by the client and should be used in
audit logging. But we still fallback to
user_info->client.{account,domain}_name.
This will be important for the next commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 24b580cae23860a0fe6c9d3a285d60564057043d)
commit 5e81cde9faeb2dda7b2ee807611365c830fb1adf
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Mar 3 11:10:00 2022 +0100
s4:auth: rename user_info->mapped_state to user_info->cracknames_called
This makes it much clearer what it is used for and
it is a special hack for authenticate_ldap_simple_bind_send()
in order to avoid some additional work in
authsam_check_password_internals().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 427125d182252d8aee3dd906ee34a909cdbb8ef3)
commit 2c15a949f5da95eae73a478f17edf124de81ecfe
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Mar 3 23:23:21 2022 +0100
winbindd: don't set mapped_state in winbindd_dual_auth_passdb()
mapped_state is a special hack for authenticate_ldap_simple_bind_send()
in order to avoid some additional work in authsam_check_password_internals()
This doesn't apply here. We should also handle wbinfo -a
authentication UPN names, e.g. administrator at DOMAIN,
even if the account belongs to the local sam.
With this change the behavior is consistent also locally on DCs and
also an RODC can handle these requests locally for cached accounts.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15003
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 8dfdbe095a4c8a7bedd29341656a7c3164517713)
commit 2e41cbc8bec5707ac54fb6f43bdab54ae69e6317
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Mar 7 20:57:52 2022 +0100
nsswitch: let test_wbinfo.sh also test wbinfo -a $USERNAME@$DOMAIN
When winbindd forwards wbinfo -a via netrLogonSamLogon* to a remote
DC work fine for upn names, e.g. administrator at DOMAIN.
But it currently fails locally on a DC against the local sam.
For the RODC only work because it forwards the request to
an RWDC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15003
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit e1d2c59d360fb4e72dafe788b5d9dbb0572bf811)
commit 8cd57a22283033efd70d67fc6593b4dbc205b9d5
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Mar 3 23:24:25 2022 +0100
s3:auth: make_user_info_map() should not set mapped_state
mapped_state is only evaluated in authsam_check_password_internals()
of auth_sam.c in source4, so setting it in the auth3 code
doesn't make any difference. I've proved that with
an SMB_ASSERT() and a full pipeline not triggering it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit c56cb12f347b7582290ce1d4dfe3959d69050bd9)
commit 249b023f2b89f02443106585b16ecd56922b3411
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Mar 7 21:16:51 2022 +0100
s4:auth: fix confusing DEBUG message in authsam_want_check()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit a12683bd1206df4d4d87a3842d92e34a69e172b7)
commit a304052c4fcc8f5f59e923e4032dd30fa139ca86
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Mar 3 23:14:10 2022 +0100
s4:auth: check for user_info->mapped.account_name if it needs to be filled
mapped_state is a special hack for authenticate_ldap_simple_bind_send()
in order to avoid some additional work in authsam_check_password_internals().
But that code will be changed in the next commits, so we can simplify
the logic and only check for user_info->mapped.account_name being NULL.
As it's the important factor that user_info->mapped.account_name is
non-NULL down in the auth stack.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit c7b8c71b2b71bb9d95c33d403c4204376f443852)
commit 070af6f1fa07e528e5ada8a0f13cdaf6a5858890
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Mar 3 23:16:13 2022 +0100
s4:rpc_server/samr: don't set mapped_state in auth_usersupplied_info for audit logging
mapped_state is completely irrelevant for audit logging and
will also be removed in the next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 52787b9c1e9370133ff4481c62c2e7b9393c2439)
commit 63a6fb82a77940d47ce2a2862c5b2245c8f16af3
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Mar 3 23:16:13 2022 +0100
s4:kdc: don't set mapped_state in auth_usersupplied_info for audit logging
mapped_state is completely irrelevant for audit logging and
will also be removed in the next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit ca6948642bc2ff821ec4ca8ab24902b1ba9e8397)
commit c6bb5e6277667e3993ac73b21afa76bb5b24e4d5
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Mar 3 23:16:13 2022 +0100
s4:dsdb: don't set mapped_state in auth_usersupplied_info for audit logging
mapped_state is completely irrelevant for audit logging and
will also be removed in the next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 99efe5f4e9ce426b28cef94d858849707ce15739)
commit dffebcba823c13b1cf29ac2d6209223e248f278c
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Mar 3 23:16:13 2022 +0100
s4:smb_server: don't set mapped_state explicitly in auth_usersupplied_info
We already use talloc_zero() and mapped_state will be removed in the
next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 859c7817350553259eb09c889bc40afebb60064a)
commit 240785f4e4fe10788790be169f8e591cf2d777b7
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Mar 3 23:15:31 2022 +0100
auth/ntlmssp: don't set mapped_state explicitly in auth_usersupplied_info
We already use talloc_zero() and mapped_state will be removed in the
next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 9a4ac8ab2e2c8ee48f6bf5a6ecf7988c435ba1c6)
commit db17de0b611e4d5de824fe3790c81f17805ec23c
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Mar 3 23:14:38 2022 +0100
s4:auth: encrypt_user_info() should set password_state instead of mapped_state
user_info->mapped_state has nothing to do with enum auth_password_state,
user_info->password_state is the one that holds the auth_password_state value.
Luckily user_info->password_state was never referenced in the
encrypt_user_info() callers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit a6fb598d9dcbfe21ef285b5f30fabcb88a259c93)
commit 2d425bb116a93ed219f01ee0203b58867748ae8b
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Mar 2 14:32:41 2022 +0100
s4:auth: a simple bind uses the DCs name as workstation
I've seen that in LogonSamLogonEx request triggered
by a simple bind with a user of a trusted domain
within the same forest. Note simple binds don't
work with users for another forest/external domain,
as the DsCrackNames call on the bind_dn fails.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14641
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 31db704882bbcd569c2abb764ac1d3691ee0a267)
commit 02824c7942db4b93bd0e1a525361ad00b13eca1c
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 4 11:41:20 2022 +0100
s3:rpc_client: let rpccli_netlogon_network_logon() fallback to workstation = lp_netbios_name()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14641
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 5c04c01354944fc3a64bb109bf3e9bf89086cc6f)
commit e69264845334eb51773afdac4841ad7d9fca6b04
Author: Garming Sam <garming at catalyst.net.nz>
Date: Mon Apr 1 15:46:48 2019 +1300
rodc: Add tests for simple BIND alongside NTLMSSP binds
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 62fb6c1dc8527db6cf0f08d4d06e8813707f767a)
commit af30bd71cd33512fd78e686a9864d8fb3189c60c
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 4 19:09:41 2022 +0100
s4:auth_sam: use USER_INFO_INTERACTIVE_LOGON as inducation for an interactive logon
Using != AUTH_PASSWORD_RESPONSE is not the correct indication
due to the local mappings from AUTH_PASSWORD_PLAIN via
AUTH_PASSWORD_HASH to AUTH_PASSWORD_RESPONSE.
It means an LDAP simble bind will now honour
'old password allowed period'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15001
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 2ad44686229ba02f98de5769c26a3dfeaf5ada2b)
commit 0fcbfd39583e42354263018bb2b703413a781473
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Mar 8 15:14:09 2022 +0100
s3:auth: let make_user_info_netlogon_interactive() set USER_INFO_INTERACTIVE_LOGON
This is not really relevant for now, as USER_INFO_INTERACTIVE_LOGON is
not evaluated in the source3/auth stack. But better add it to
be consistent.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15001
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 012bd9f5b780f7a90cf3bd918f044ea67fae7017)
commit 0da8b2b368321d57368424374bd9c8d0536900ac
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 4 21:53:06 2022 +0100
dsdb/tests: add test_login_basics_simple()
This demonstrates that 'old password allowed period' also
applies to LDAP simple binds and not only to GSS-SPNEGO/NTLMSSP binds.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15001
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 3625d1381592f7af8ec14715c6c2dfa4d9f02676)
commit ec84a7acfcc92cf5e722bac7113e7a071f934ff4
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 4 21:53:06 2022 +0100
dsdb/tests: prepare BasePasswordTestCase for simple bind tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 0b1fbc9d56e2a25e3f1527ee5bc54880bdc65fc6)
commit 72698f73949536f2e44d0165ffa44f2dd38c9ddc
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 4 23:35:26 2022 +0100
dsdb/tests: introduce assertLoginSuccess
This makes it possible to catch failures with knownfail entries.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 751ce671a4af32bc1c56433a5a1c8161377856c5)
commit 7b63119267a92f8ac752325b95f90b75ffa6db1f
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 4 23:35:26 2022 +0100
dsdb/tests: make use of assertLoginFailure helper
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 03ba5af3d9eaeb5f0c7c1a1a61ef2ac454eb8392)
commit 92da29a1136eb8c97db2bf97e927e539edd7b8cc
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Mar 5 00:09:17 2022 +0100
dsdb/tests: let all BasePasswordTestCase tests provide self.host_url[_ldaps]
This will make further changes easier.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 5a3214c99048a88b0a9f509e3b5b38326529b02c)
commit 84f7b94852a7719df716ca5285e4da29d793d1a0
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Mar 5 01:36:50 2022 +0100
dsdb/tests: passwords.py don't need to import BasePasswordTestCase
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 90754591a7e4d5a3af70c01425930f4ec063c516)
commit 2bbb9a4298c19ccbf0fbd6ca4e984f1cd329f04e
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 4 21:50:15 2022 +0100
python:tests: let insta_creds() also copy the bind_dn from the template
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit a30a7626254c863f95b98c97ea46ff54b98078ad)
-----------------------------------------------------------------------
Summary of changes:
auth/auth_log.c | 20 ++++--
auth/common_auth.h | 4 +-
auth/ntlmssp/ntlmssp_server.c | 1 -
nsswitch/tests/test_wbinfo.sh | 2 +
python/samba/tests/__init__.py | 4 ++
source3/auth/auth_util.c | 3 +-
source3/libads/kerberos.c | 80 ++++++++++++----------
source3/libsmb/libsmb_server.c | 2 +-
source3/rpc_client/cli_netlogon.c | 4 ++
source3/winbindd/winbindd_pam.c | 3 -
source4/auth/ntlm/auth.c | 7 +-
source4/auth/ntlm/auth_sam.c | 13 ++--
source4/auth/ntlm/auth_simple.c | 10 +--
source4/auth/ntlm/auth_util.c | 4 +-
source4/dsdb/samdb/ldb_modules/password_hash.c | 1 -
source4/dsdb/tests/python/login_basics.py | 32 ++++++---
source4/dsdb/tests/python/password_lockout.py | 7 +-
source4/dsdb/tests/python/password_lockout_base.py | 36 +++++++---
source4/dsdb/tests/python/passwords.py | 1 -
source4/dsdb/tests/python/rodc_rwdc.py | 63 +++++++++++------
source4/kdc/hdb-samba4.c | 1 -
source4/rpc_server/samr/samr_password.c | 1 -
source4/smb_server/smb/sesssetup.c | 2 -
testprogs/blackbox/test_net_ads.sh | 6 ++
24 files changed, 189 insertions(+), 118 deletions(-)
Changeset truncated at 500 lines:
diff --git a/auth/auth_log.c b/auth/auth_log.c
index 60bc6334591..dc1cea12390 100644
--- a/auth/auth_log.c
+++ b/auth/auth_log.c
@@ -152,6 +152,12 @@ static void log_authentication_event_json(
char negotiate_flags[11];
char logon_id[19];
int rc = 0;
+ const char *clientDomain = ui->orig_client.domain_name ?
+ ui->orig_client.domain_name :
+ ui->client.domain_name;
+ const char *clientAccount = ui->orig_client.account_name ?
+ ui->orig_client.account_name :
+ ui->client.account_name;
authentication = json_new_object();
if (json_is_invalid(&authentication)) {
@@ -203,12 +209,12 @@ static void log_authentication_event_json(
goto failure;
}
rc = json_add_string(
- &authentication, "clientDomain", ui->client.domain_name);
+ &authentication, "clientDomain", clientDomain);
if (rc != 0) {
goto failure;
}
rc = json_add_string(
- &authentication, "clientAccount", ui->client.account_name);
+ &authentication, "clientAccount", clientAccount);
if (rc != 0) {
goto failure;
}
@@ -594,6 +600,12 @@ static void log_authentication_event_human_readable(
char *trust_account_name = NULL;
char *logon_line = NULL;
const char *password_type = NULL;
+ const char *clientDomain = ui->orig_client.domain_name ?
+ ui->orig_client.domain_name :
+ ui->client.domain_name;
+ const char *clientAccount = ui->orig_client.account_name ?
+ ui->orig_client.account_name :
+ ui->client.account_name;
frame = talloc_stackframe();
@@ -640,8 +652,8 @@ static void log_authentication_event_human_readable(
" %s\n",
ui->service_description,
ui->auth_description,
- log_escape(frame, ui->client.domain_name),
- log_escape(frame, ui->client.account_name),
+ log_escape(frame, clientDomain),
+ log_escape(frame, clientAccount),
ts,
password_type,
nt_errstr(status),
diff --git a/auth/common_auth.h b/auth/common_auth.h
index 0452c673ebc..d922b66ab4d 100644
--- a/auth/common_auth.h
+++ b/auth/common_auth.h
@@ -49,14 +49,14 @@ struct auth_usersupplied_info
uint32_t logon_parameters;
- bool mapped_state;
+ bool cracknames_called;
bool was_mapped;
uint64_t logon_id;
/* the values the client gives us */
struct {
const char *account_name;
const char *domain_name;
- } client, mapped;
+ } client, mapped, orig_client;
enum auth_password_state password_state;
diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c
index ce78af1d32d..e077c2f7379 100644
--- a/auth/ntlmssp/ntlmssp_server.c
+++ b/auth/ntlmssp/ntlmssp_server.c
@@ -771,7 +771,6 @@ static NTSTATUS ntlmssp_server_preauth(struct gensec_security *gensec_security,
user_info->logon_parameters = MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT | MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT;
user_info->flags = 0;
- user_info->mapped_state = false;
user_info->client.account_name = ntlmssp_state->user;
user_info->client.domain_name = ntlmssp_state->domain;
user_info->workstation_name = ntlmssp_state->client.netbios_name;
diff --git a/nsswitch/tests/test_wbinfo.sh b/nsswitch/tests/test_wbinfo.sh
index 2ac83828a0e..198918494cf 100755
--- a/nsswitch/tests/test_wbinfo.sh
+++ b/nsswitch/tests/test_wbinfo.sh
@@ -294,6 +294,8 @@ testit "wbinfo --user-sids against $TARGET" $wbinfo --user-sids $admin_sid || fa
testit "wbinfo -a against $TARGET with domain creds" $wbinfo -a "$DOMAIN/$USERNAME"%"$PASSWORD" || failed=`expr $failed + 1`
+testit "wbinfo -a against $TARGET with domain upn creds" $wbinfo -a "$USERNAME@$DOMAIN"%"$PASSWORD" || failed=$(expr $failed + 1)
+
testit "wbinfo --getdcname against $TARGET" $wbinfo --getdcname=$DOMAIN
testit "wbinfo -p against $TARGET" $wbinfo -p || failed=`expr $failed + 1`
diff --git a/python/samba/tests/__init__.py b/python/samba/tests/__init__.py
index 6d4993ac255..3bb7995052c 100644
--- a/python/samba/tests/__init__.py
+++ b/python/samba/tests/__init__.py
@@ -171,6 +171,8 @@ class TestCase(unittest.TestCase):
username = template.get_username()
userpass = template.get_password()
+ simple_bind_dn = template.get_bind_dn()
+
if kerberos_state is None:
kerberos_state = template.get_kerberos_state()
@@ -184,6 +186,8 @@ class TestCase(unittest.TestCase):
c.set_gensec_features(c.get_gensec_features()
| gensec.FEATURE_SEAL)
c.set_kerberos_state(kerberos_state)
+ if simple_bind_dn:
+ c.set_bind_dn(simple_bind_dn)
return c
def assertStringsEqual(self, a, b, msg=None, strip=False):
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 28850cd8520..b60dd2647c8 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -137,8 +137,6 @@ NTSTATUS make_user_info_map(TALLOC_CTX *mem_ctx,
lm_interactive_pwd, nt_interactive_pwd,
plaintext, password_state);
if (NT_STATUS_IS_OK(result)) {
- /* We have tried mapping */
- (*user_info)->mapped_state = true;
/* did we actually map the user to a different name? */
(*user_info)->was_mapped = was_mapped;
}
@@ -265,6 +263,7 @@ bool make_user_info_netlogon_interactive(TALLOC_CTX *mem_ctx,
if (NT_STATUS_IS_OK(nt_status)) {
(*user_info)->logon_parameters = logon_parameters;
+ (*user_info)->flags |= USER_INFO_INTERACTIVE_LOGON;
}
ret = NT_STATUS_IS_OK(nt_status) ? true : false;
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index 75beeef4a44..3fd86e87064 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -1,4 +1,4 @@
-/*
+/*
Unix SMB/CIFS implementation.
kerberos utility library
Copyright (C) Andrew Tridgell 2001
@@ -37,11 +37,11 @@
#define LIBADS_CCACHE_NAME "MEMORY:libads"
/*
- we use a prompter to avoid a crash bug in the kerberos libs when
+ we use a prompter to avoid a crash bug in the kerberos libs when
dealing with empty passwords
this prompter is just a string copy ...
*/
-static krb5_error_code
+static krb5_error_code
kerb_prompter(krb5_context ctx, void *data,
const char *name,
const char *banner,
@@ -192,7 +192,7 @@ int kerberos_kinit_password_ext(const char *given_principal,
krb5_get_init_creds_opt_set_address_list(opt, addr->addrs);
}
- if ((code = krb5_get_init_creds_password(ctx, &my_creds, me, discard_const_p(char,password),
+ if ((code = krb5_get_init_creds_password(ctx, &my_creds, me, discard_const_p(char,password),
kerb_prompter, discard_const_p(char, password),
0, NULL, opt))) {
goto out;
@@ -299,7 +299,7 @@ int ads_kdestroy(const char *cc_name)
}
if ((code = krb5_cc_destroy (ctx, cc))) {
- DEBUG(3, ("ads_kdestroy: krb5_cc_destroy failed: %s\n",
+ DEBUG(3, ("ads_kdestroy: krb5_cc_destroy failed: %s\n",
error_message(code)));
}
@@ -348,10 +348,10 @@ int kerberos_kinit_password(const char *principal,
int time_offset,
const char *cache_name)
{
- return kerberos_kinit_password_ext(principal,
- password,
- time_offset,
- 0,
+ return kerberos_kinit_password_ext(principal,
+ password,
+ time_offset,
+ 0,
0,
cache_name,
False,
@@ -434,17 +434,25 @@ static char *get_kdc_ip_string(char *mem_ctx,
struct netlogon_samlogon_response **responses = NULL;
NTSTATUS status;
bool ok;
- char *kdc_str = talloc_asprintf(mem_ctx, "%s\t\tkdc = %s\n", "",
- print_canonical_sockaddr_with_port(mem_ctx, pss));
+ char *kdc_str = NULL;
+ char *canon_sockaddr = NULL;
+
+ SMB_ASSERT(pss != NULL);
+
+ canon_sockaddr = print_canonical_sockaddr_with_port(frame, pss);
+ if (canon_sockaddr == NULL) {
+ goto out;
+ }
+ kdc_str = talloc_asprintf(frame,
+ "\t\tkdc = %s\n",
+ canon_sockaddr);
if (kdc_str == NULL) {
- TALLOC_FREE(frame);
- return NULL;
+ goto out;
}
ok = sockaddr_storage_to_samba_sockaddr(&sa, pss);
if (!ok) {
- TALLOC_FREE(kdc_str);
goto out;
}
@@ -454,7 +462,7 @@ static char *get_kdc_ip_string(char *mem_ctx,
*/
if (sitename) {
- status = get_kdc_list(talloc_tos(),
+ status = get_kdc_list(frame,
realm,
sitename,
&ip_sa_site,
@@ -462,7 +470,6 @@ static char *get_kdc_ip_string(char *mem_ctx,
if (!NT_STATUS_IS_OK(status)) {
DBG_ERR("get_kdc_list fail %s\n",
nt_errstr(status));
- TALLOC_FREE(kdc_str);
goto out;
}
DBG_DEBUG("got %zu addresses from site %s search\n",
@@ -472,7 +479,7 @@ static char *get_kdc_ip_string(char *mem_ctx,
/* Get all KDC's. */
- status = get_kdc_list(talloc_tos(),
+ status = get_kdc_list(frame,
realm,
NULL,
&ip_sa_nonsite,
@@ -480,7 +487,6 @@ static char *get_kdc_ip_string(char *mem_ctx,
if (!NT_STATUS_IS_OK(status)) {
DBG_ERR("get_kdc_list (site-less) fail %s\n",
nt_errstr(status));
- TALLOC_FREE(kdc_str);
goto out;
}
DBG_DEBUG("got %zu addresses from site-less search\n", count_nonsite);
@@ -488,7 +494,6 @@ static char *get_kdc_ip_string(char *mem_ctx,
if (count_site + count_nonsite < count_site) {
/* Wrap check. */
DBG_ERR("get_kdc_list_talloc (site-less) fail wrap error\n");
- TALLOC_FREE(kdc_str);
goto out;
}
@@ -496,7 +501,6 @@ static char *get_kdc_ip_string(char *mem_ctx,
dc_addrs = talloc_array(talloc_tos(), struct sockaddr_storage,
count_site + count_nonsite);
if (dc_addrs == NULL) {
- TALLOC_FREE(kdc_str);
goto out;
}
@@ -516,17 +520,20 @@ static char *get_kdc_ip_string(char *mem_ctx,
}
}
- dc_addrs2 = talloc_zero_array(talloc_tos(),
- struct tsocket_address *,
- num_dcs);
-
DBG_DEBUG("%zu additional KDCs to test\n", num_dcs);
if (num_dcs == 0) {
- TALLOC_FREE(kdc_str);
+ /*
+ * We do not have additional KDCs, but we have the one passed
+ * in via `pss`. So just use that one and leave.
+ */
+ result = talloc_move(mem_ctx, &kdc_str);
goto out;
}
+
+ dc_addrs2 = talloc_zero_array(talloc_tos(),
+ struct tsocket_address *,
+ num_dcs);
if (dc_addrs2 == NULL) {
- TALLOC_FREE(kdc_str);
goto out;
}
@@ -543,7 +550,6 @@ static char *get_kdc_ip_string(char *mem_ctx,
status = map_nt_error_from_unix(errno);
DEBUG(2,("Failed to create tsocket_address for %s - %s\n",
addr, nt_errstr(status)));
- TALLOC_FREE(kdc_str);
goto out;
}
}
@@ -561,7 +567,6 @@ static char *get_kdc_ip_string(char *mem_ctx,
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10,("get_kdc_ip_string: cldap_multi_netlogon failed: "
"%s\n", nt_errstr(status)));
- TALLOC_FREE(kdc_str);
goto out;
}
@@ -573,22 +578,25 @@ static char *get_kdc_ip_string(char *mem_ctx,
}
/* Append to the string - inefficient but not done often. */
- new_kdc_str = talloc_asprintf(mem_ctx, "%s\t\tkdc = %s\n",
- kdc_str,
- print_canonical_sockaddr_with_port(mem_ctx, &dc_addrs[i]));
- TALLOC_FREE(kdc_str);
+ new_kdc_str = talloc_asprintf_append(
+ kdc_str,
+ "\t\tkdc = %s\n",
+ print_canonical_sockaddr_with_port(
+ mem_ctx, &dc_addrs[i]));
if (new_kdc_str == NULL) {
goto out;
}
kdc_str = new_kdc_str;
}
- result = kdc_str;
+ result = talloc_move(mem_ctx, &kdc_str);
out:
- DBG_DEBUG("Returning\n%s\n", kdc_str);
+ if (result != NULL) {
+ DBG_DEBUG("Returning\n%s\n", kdc_str);
+ } else {
+ DBG_NOTICE("Failed to get KDC ip address\n");
+ }
- TALLOC_FREE(ip_sa_site);
- TALLOC_FREE(ip_sa_nonsite);
TALLOC_FREE(frame);
return result;
}
diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_server.c
index d5c9fac6f05..4163a29a77a 100644
--- a/source3/libsmb/libsmb_server.c
+++ b/source3/libsmb/libsmb_server.c
@@ -572,7 +572,7 @@ SMBC_server_internal(TALLOC_CTX *ctx,
!NT_STATUS_IS_OK(cli_session_setup_anon(c))) {
cli_shutdown(c);
- errno = EPERM;
+ errno = map_errno_from_nt_status(status);
return NULL;
}
}
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index 049186e5a51..50dae9d7f3e 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -687,6 +687,10 @@ NTSTATUS rpccli_netlogon_network_logon(
return NT_STATUS_NO_MEMORY;
}
+ if (workstation == NULL) {
+ workstation = lp_netbios_name();
+ }
+
if (workstation[0] != '\\' && workstation[1] != '\\') {
workstation_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", workstation);
} else {
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index a24cef78440..1a2628b50ba 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1430,9 +1430,6 @@ static NTSTATUS winbindd_dual_auth_passdb(TALLOC_CTX *mem_ctx,
return NT_STATUS_NO_MEMORY;
}
- /* We don't want any more mapping of the username */
- user_info->mapped_state = True;
-
/* We don't want to come back to winbindd or to do PAM account checks */
user_info->flags |= USER_INFO_INFO3_AND_NO_AUTHZ;
diff --git a/source4/auth/ntlm/auth.c b/source4/auth/ntlm/auth.c
index 3dd2ffc9276..09d660a392b 100644
--- a/source4/auth/ntlm/auth.c
+++ b/source4/auth/ntlm/auth.c
@@ -220,17 +220,12 @@ _PUBLIC_ struct tevent_req *auth_check_password_send(TALLOC_CTX *mem_ctx,
state->user_info = user_info;
state->authoritative = 1;
- if (!user_info->mapped_state) {
+ if (user_info->mapped.account_name == NULL) {
struct auth_usersupplied_info *user_info_tmp;
/*
* We don't really do any mapping here.
*
- * So we don't set user_info->mapped_state,
- * but we set mapped.domain_name and
- * mapped.account_name to the client
- * provided values.
- *
* It's up to the backends to do mappings
* for their authentication.
*/
diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c
index dbbf97665db..cf0656ae0da 100644
--- a/source4/auth/ntlm/auth_sam.c
+++ b/source4/auth/ntlm/auth_sam.c
@@ -410,10 +410,11 @@ static NTSTATUS authsam_password_check_and_record(struct auth4_context *auth_con
return NT_STATUS_WRONG_PASSWORD;
}
- if (user_info->password_state != AUTH_PASSWORD_RESPONSE) {
+ if (user_info->flags & USER_INFO_INTERACTIVE_LOGON) {
/*
* The authentication was OK against the previous password,
- * but it's not a NTLM network authentication.
+ * but it's not a NTLM network authentication,
+ * LDAP simple bind or something similar.
*
* We just return the original wrong password.
* This skips the update of the bad pwd count,
@@ -657,7 +658,7 @@ static NTSTATUS authsam_check_password_internals(struct auth_method_context *ctx
* really, really want to get back to exactly the same account
* we got the DN for.
*/
- if (user_info->mapped_state == false) {
+ if (!user_info->cracknames_called) {
p = strchr_m(account_name, '@');
} else {
/*
@@ -866,17 +867,17 @@ static NTSTATUS authsam_want_check(struct auth_method_context *ctx,
return NT_STATUS_OK;
}
- if (user_info->mapped_state) {
+ if (user_info->cracknames_called) {
/*
* The caller already did a cracknames call.
*/
- DBG_DEBUG("%s is not one domain name (DC)\n",
+ DBG_DEBUG("%s is not own domain name (DC)\n",
effective_domain);
return NT_STATUS_NOT_IMPLEMENTED;
}
if (!strequal(effective_domain, "")) {
- DBG_DEBUG("%s is not one domain name (DC)\n",
+ DBG_DEBUG("%s is not own domain name (DC)\n",
effective_domain);
return NT_STATUS_NOT_IMPLEMENTED;
}
diff --git a/source4/auth/ntlm/auth_simple.c b/source4/auth/ntlm/auth_simple.c
index b2e76381395..006e4d8279a 100644
--- a/source4/auth/ntlm/auth_simple.c
+++ b/source4/auth/ntlm/auth_simple.c
@@ -26,6 +26,7 @@
#include "lib/util/tevent_ntstatus.h"
#include "auth/auth.h"
#include "dsdb/samdb/samdb.h"
+#include "lib/param/param.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
@@ -80,7 +81,7 @@ _PUBLIC_ struct tevent_req *authenticate_ldap_simple_bind_send(TALLOC_CTX *mem_c
/* No client.domain_name, use account_name instead */
/* user_info->mapped.* will be filled below */
- user_info->workstation_name = NULL;
+ user_info->workstation_name = lpcfg_netbios_name(lp_ctx);
user_info->remote_host = remote_address;
user_info->local_host = local_address;
@@ -120,9 +121,10 @@ _PUBLIC_ struct tevent_req *authenticate_ldap_simple_bind_send(TALLOC_CTX *mem_c
return tevent_req_post(req, ev);
}
- user_info->mapped.account_name = nt4_username;
- user_info->mapped.domain_name = nt4_domain;
--
Samba Shared Repository
More information about the samba-cvs
mailing list