IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
MIT only defined this as CKSUMTYPE_HMAC_SHA1_96_AES128,
while Heimdal has CKSUMTYPE_HMAC_SHA1_96_AES_128.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit bb64c550ae19b08ad4e6d8d26f68c2474cb251e6)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12471
Patches for CVE-2016-2126 break build with MIT Kerberos
Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Mon Jan 2 11:30:28 CET 2017 on sn-devel-104
aes based checksums can only be checked with the
corresponding aes based keytype.
Otherwise we may trigger an undefined code path
deep in the kerberos libraries, which can leed to
segmentation faults.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12446
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This disabled the usage of GSS_C_DELEG_FLAG by default, as
GSS_C_DELEG_POLICY_FLAG is still used by default we let the
KDC decide if we should send delegated credentials to a remote server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12445
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
We should only use GSS_C_DELEG_POLICY_FLAG in order to let
the KDC decide if we should send delegated credentials to
a remote server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12445
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
This is just an example script that's not directly used by samba,
but we should avoid sending delegated credentials to dns servers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12445
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Thanks to Trend Micro's Zero Day Initiative and Frederic Besler for finding
this vulnerability with a PoC and a good analysis.
Signed-off-by: Volker Lendecke <vl@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12409
aes based checksums can only be checked with the
corresponding aes based keytype.
Otherwise we may trigger an undefined code path
deep in the kerberos libraries, which can leed to
segmentation faults.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12446
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This disabled the usage of GSS_C_DELEG_FLAG by default, as
GSS_C_DELEG_POLICY_FLAG is still used by default we let the
KDC decide if we should send delegated credentials to a remote server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12445
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
We should only use GSS_C_DELEG_POLICY_FLAG in order to let
the KDC decide if we should send delegated credentials to
a remote server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12445
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
This is just an example script that's not directly used by samba,
but we should avoid sending delegated credentials to dns servers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12445
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Thanks to Trend Micro's Zero Day Initiative and Frederic Besler for finding
this vulnerability with a PoC and a good analysis.
Signed-off-by: Volker Lendecke <vl@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12409
Most callers just set "KRB5CCNAME", but leave ads->auth.ccache_name = NULL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12369
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 13 00:35:21 CEST 2016 on sn-devel-144
(cherry picked from commit a5f895a53016af71db53967062728fec5bc307ca)
Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Thu Oct 20 14:06:17 CEST 2016 on sn-devel-104
Most callers just set "KRB5CCNAME", but leave ads->auth.ccache_name = NULL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12369
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 890b1bbdb8e965c4ff6e35214acc96ffbbff5dfd)
This works on waf based builds as source files are not modified during the build
TODO: In order to make sure build doesn't influence each other,
we need to add something like:
try:
if options.rebase is not None:
rebase_tree(options.rebase, rebase_branch=options.branch)
+ run_cmd("find -type f | xargs chmod -w", show=True, dir=test_master)
except Exception:
But that means we need to change the way 'make distcheck' works for the
standalone libraries.
For now this will help to reduce the (mem)disk usage of an autobuild a lot.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit cce16123feedfbf0e325182c6e301377d8a60749)
Removed path from driver files.
We only need the basenames.
(cherry picked from commit d61993043fcb7676a58658476421f5f4ff1a3fea)
(cherry picked from commit 9f07ef2249dc21eab37cd5888623e6edc84b2b59)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8618
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 5 19:19:39 CEST 2016 on sn-devel-144
(cherry picked from commit eb7555397fd4e9f66e041179aadff59f2a39d14f)
Remove all tevent internal code.
Everything is now stock tevent.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(similar to commit 4ed790ebbf474c4e4ef9b4f0f3aeca65118796df)
We can now remove source3/lib/events.c
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit fbfea52e1ce8f22d8d020a2bf3aebd1bc69faceb)
If needed we can add this into actual tevent.
Preparing to remove source3/lib/events.c
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 72785309aa2d1bed7abc6dd7c6475ff0f78411da)
Removes unused references to fds array used for (removed)
poll call. Renames create_listen_pollfds() to
create_listen_array().
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 6e8bd13660d7795df429dbf852345124db38ea96)
This will allow us to eventually remove source3/lib/events.c
dependency and make nmbd purely tevent based.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit b857bf9b3fa3a836647edc40ead92db7b782d367)
We will use this to create real tevent timer and fd
events.
This will allow us to eventually remove source3/lib/events.c
dependency and make nmbd purely tevent based.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 36b67729a6fc8518da71944db3fac6d9236b9348)
This will allow us to eventually remove source3/lib/events.c
dependency and make nmbd purely tevent based.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit cca25c8f75147873280464eaf2699ff449f609ad)
This will allow us to eventually remove source3/lib/events.c
dependency and make nmbd purely tevent based.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 376e04656b6755d1a182430b39273a93495d00b2)
This will allow us to eventually remove source3/lib/events.c
dependency and make nmbd purely tevent based.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 7f0717e751930cd5da029c1852ff9f61f95e40b7)
Zero the attrs array on allocation, and mirror the fd's.
This will allow us to eventually remove source3/lib/events.c
dependency and make nmbd purely tevent based.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit d8ade0730797df22bfe28847e034eb6d116b0e00)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12285
We were reporting the OS minor number as the driver version number in all
GetDriver/EnumDriver calls.
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit a9a1a16cc8b87a84cdfa049ebd26bf4eac1b3618)
Autobuild-User(v4-3-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-3-test): Thu Oct 13 20:12:54 CEST 2016 on sn-devel-104
Look for an exact match first, before a free slot.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12272
Back-port from 085542fc93b3c603e8cda6e481e94d5fe2dfc669
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Tue Sep 20 13:38:44 CEST 2016 on sn-devel-104
This ensures the destructors get called in the proper order.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12272
Back-port from c132b78c484c14d255a98567e90b934b73ebf8c2
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
When "ignore system acls" is set to "yes, we need to ensure filesystem
permission always grant access so that when doing our own access checks
we don't run into situations where we grant access but the filesystem
doesn't.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12181
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Aug 31 18:41:20 CEST 2016 on sn-devel-144
(cherry picked from commit b72287514cc78c9019db7385af4c9b9d94f60894)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12181
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit cbe8f0d63b90e4380da35e9f9f5a05d8ccc2058b)
During path checking, the vfs connectpath_fn is called to
determine the share's root, relative to the file being
queried (for example, in snapshot file this may be other
than the share's "usual" root directory). connectpath_fn
must be able to answer this question even if the path does
not exist and its parent does exist. The convention in this
case is that this refers to a yet-uncreated file under the parent
and all queries are relative to the parent.
This also serves as a workaround for the case where connectpath_fn
has to handle wildcards, as with the case of SMB1 trans2 findfirst.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12172
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 25 05:35:29 CEST 2016 on sn-devel-144
(cherry picked from commit f41f439335efb352d03a842c370212a0af77262a)
Verify that directories are also listable.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12172
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 22c3982100a1d6bf67979a0659604942ef6f11f0)
Add tests which verify that a snapshot file is readable
if and only if it its metadata can be retrieved. Also
verify (in most tests) that file is retrieved from the
correct snapshot.
Together with the existing test for number of previous
versions we can stat, this test checks that we can read
those files, and also that we cannot break out of a snapshot
if wide links are not allowed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12172
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 495b8177363bf1930f3afb373ad73caac022f353)
This will allow reading them and verifying we got the right version
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12172
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 523046080dd65607eacb901d58ee3b6e54de865e)
