IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Tue Aug 19 09:45:46 UTC 2025 on atb-devel-224
In wbinfo_lookup_sids ret was not initialised and was not set in
the error return paths. Returning an uninitialised value in the
event of an error, and in all probability something that evaluated to
true, so would not have signalled the error to the caller.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Anoop C S <anoopcs@samba.org>
This will be used when auth_winbind is used with
make_auth3_context_for_netlogon().
This will allow winbindd to use different rules
for LogonSamLogon requests compared to
local authentications for smbd.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
==379167==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 44 byte(s) in 2 object(s) allocated from:
#0 0x7f54522f6880 in strdup ../../../../libsanitizer/asan/asan_interceptors.cpp:578
#1 0x7f54520d5a95 in process_domain_info_string ../../nsswitch/libwbclient/wbc_util.c:471
#2 0x7f54520d5a95 in wbcCtxListTrusts ../../nsswitch/libwbclient/wbc_util.c:612
#3 0x7f54520d6426 in wbcListTrusts ../../nsswitch/libwbclient/wbc_util.c:632
#4 0x558c48799cf7 in wbinfo_list_domains ../../nsswitch/wbinfo.c:515
#5 0x558c487a72db in main ../../nsswitch/wbinfo.c:3300
#6 0x7f544f42a2ad in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Direct leak of 832 byte(s) in 13 object(s) allocated from:
#0 0x7efc8e0fc777 in malloc ../../../../libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x562cb6e96d44 in nss_test_initgroups ../../nsswitch/nsstest.c:381
#2 0x562cb6e96d44 in nss_test_users ../../nsswitch/nsstest.c:424
#3 0x562cb6e96d44 in main ../../nsswitch/nsstest.c:493
#4 0x7efc8dc2a2ad in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Direct leak of 48 byte(s) in 1 object(s) allocated from:
#0 0x7ff206afc130 in calloc ../../../../libsanitizer/asan/asan_malloc_linux.cpp:77
#1 0x7ff206837054 in wbcAllocateMemory ../../nsswitch/libwbclient/wbclient.c:216
#2 0x7ff20683c76a in wbc_create_password_policy_info ../../nsswitch/libwbclient/wbc_pam.c:295
#3 0x7ff20683c76a in wbcCtxLogonUser ../../nsswitch/libwbclient/wbc_pam.c:1290
#4 0x7ff20683caec in wbcLogonUser ../../nsswitch/libwbclient/wbc_pam.c:1307
#5 0x556ea348db12 in wbinfo_auth_krb5 ../../nsswitch/wbinfo.c:1723
#6 0x556ea348db12 in main ../../nsswitch/wbinfo.c:3238
#7 0x7ff203c2a2ad in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
This changes the wbcErr from WBC_ERR_DOMAIN_NOT_FOUND to WBC_ERR_NOT_MAPPED.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Samuel Cabrero <scabrero@samba.org>
Autobuild-Date(master): Wed Dec 13 16:05:19 UTC 2023 on atb-devel-224
SAMBA_LIBARY()’s ‘keep_underscore’ parameter has an effect only if None
is passed in for ‘bundled_name’. However, SAMBA_PLUGIN() always passes
in a string for ‘bundled_name’. Therefore ‘keep_underscore’ will never
have any effect — remove it.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
When we are called in wb_atfork_child() or winbind_destructor(),
wb_thread_ctx_destructor() is not called for the global state
of the current nor any other thread, which means we would
leak the related memory and socket fds.
Now we maintain a global list protected by a global mutex.
We traverse the list and close all socket fds, which are no
longer used (winbind_destructor) or no longer valid in the
current process (wb_atfork_child), in addition we 'autofree'
the ones, which are only visible internally as global (per thread)
context.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15464
Tested-by: Krzysztof Piotr Oledzki <ole@ans.pl>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Sep 14 18:53:07 UTC 2023 on atb-devel-224
If nss_winbind is loaded into a process that uses fork multiple times
without any further calls into nss_winbind, wb_atfork_child handler
was using a wb_global_ctx.key that was no longer registered in the
pthread library, so we operated on a slot that was potentially
reused by other libraries or the main application. Which is likely
to cause memory corruption.
So we better don't call pthread_key_delete() in wb_atfork_child().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15464
Reported-by: Krzysztof Piotr Oledzki <ole@ans.pl>
Tested-by: Krzysztof Piotr Oledzki <ole@ans.pl>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This is more consistent with the other testing functions.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
This is the behaviour that most existing callers expect, but the
function actually returns a non-zero status code in that case.
Adjust all callers expecting the opposite behaviour to match.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Not a comprehensive test for all possible combinations, but it shows
the basic functionality, and it found a bug in the initial
implementation :-)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
nsswitch/pam_winbind.c:3360:24: error: cast from 'time_t **' (aka 'long **') to
'const void **' must have all intermediate pointers const qualified to be safe
[-Werror,-Wcast-qual]
(const void **)&pwdlastset_update);
^
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
One of changes is somewhat interesting, it is "tfork waiter proces"
process title in tfork.c. I wonder why no one noticed this before.
There's another similar process title in there, "tfork waiter process(%d)".
Hopefully no one does grep for "proces$" (and there's no reason to).
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Rowland Penny <rpenny@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jan 26 20:46:11 UTC 2023 on atb-devel-224
Found by ASAN:
$ bin/stress-nss-libwbclient
...
==1639426==ERROR: AddressSanitizer: unknown-crash on address 0x7f3907d85000 at pc 0x7f3907d649fb bp 0x7ffc6545f5b0 sp 0x7ffc6545f5a8
READ of size 4 at 0x7f3907d85000 thread T0
#0 0x7f3907d649fa in winbind_close_sock ../../nsswitch/wb_common.c:220
#1 0x7f3907d65866 in winbind_destructor ../../nsswitch/wb_common.c:246
#2 0x7f3907da5d3d in _dl_fini /usr/src/debug/glibc-2.35-20.fc36.x86_64/elf/dl-fini.c:142
#3 0x7f3907241044 in __run_exit_handlers (/lib64/libc.so.6+0x41044)
#4 0x7f39072411bf in exit (/lib64/libc.so.6+0x411bf)
#5 0x7f3907229516 in __libc_start_call_main (/lib64/libc.so.6+0x29516)
#6 0x7f39072295c8 in __libc_start_main_impl (/lib64/libc.so.6+0x295c8)
#7 0x56236a2042b4 in _start (/data/git/samba/scratch3/bin/default/nsswitch/stress-nss-libwbclient+0x22b4)
Address 0x7f3907d85000 is a wild pointer inside of access range of size 0x000000000004.
SUMMARY: AddressSanitizer: unknown-crash ../../nsswitch/wb_common.c:220 in winbind_close_sock
The pthread key in wb_global_ctx.key is only initialized if
wb_thread_ctx_initialize() is called via get_wb_global_ctx() -> get_wb_thread_ctx().
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jan 6 15:04:46 UTC 2023 on sn-devel-184
We're now thread-safe by using TLS, so the global lock isn't needed anymore.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Jan 5 12:34:35 UTC 2023 on sn-devel-184
The global locking can lead to deadlocks when using nscd: when processing the
first request in winbind, when we know we call into code that will recurse into
winbind we call winbind_off() which sets an environment variable which is later
checked here in the nsswitch module.
But with nscd in the stack, we don't see the env variable in nsswitch, so when
we try to acquire the global lock again, it is already locked and we deadlock.
By using a thread specific winbindd_context, plus a few other thread local global
variables, we don't need a global lock anymore.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Switch to using TLS for all global variables. No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
