IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri May 13 03:50:10 CEST 2016 on sn-devel-144
in run_opentest()
While fixing this, also convert to using talloc_asprintf instead.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
As in commit 841845dea3, this avoids
quoting problems in user DN's.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11751
Signed-off-by: Mantas Mikulėnas <grawity@gmail.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This helps us understand failure modes in selftest
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
We don't need to walk to the end of the list to find out if the first
one is NULL.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We were calling str_list_length(new_attrs) three times when one is
enough.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This patch changes the encoding/decoding of kvno (key version number)
in blobs and packets to signed integer, for compatibility with Windows.
Reportedly, MIT Kerberos does the same.
This patch effectively reverts commit 1124c4872dfb81bec9c4b527b8927ca35e39a599
in the heimdal tree.
According to the Kerberos spec (RFC 4120 5.2.9), the kvno field
in encrypted data object is an unsigned integer that fits in
32 bits. The Heimdal Kerberos component bundled with Samba
conforms to this. However, Windows deviates from the standard
and encodes kvno as a signed integer, and this creates
interoperability issues.
ASN.1 DER has no special encoding for unsigned integer. A 32-bit
unsigned integer is encoded as a signed integer, so while a signed
32-bit integer (covering the range of -0x80000000..0x7fffffff) is
encoded using up to 4 bytes, an unsigned integer (covering
0..0xffffffff) could require 5 bytes.
Normally, kvno for a given account starts at 1 and increments on
password changes. Kerberos defined this as unsigned because there's
no meaning for negative version numbers, so the standard writers figured
4 billion versions is better than 2 billion. It was not
expected for a kvno to really go past 0x7fffffff and the disctinction
usually does not matter. However, RODCs use kvnos which
have the most-significant bit set.
In Active Directory, RODCs have a private secret for the krbtgt,
because the assumption is that the RODC is less secure, and
recovering the domain krbtgt secret from the RODC would compromise
the security of the entire domain. The kvno field is being used
to identify the private krbtgt account that owns the key - the
upper 16 bits are the RODC id, and the lower 16 bits identify
the key version number for this specific RODC. It's common to
have an RODC id greater than 0x8000, and therefore to have a
kvno larger than 0x7fffffff, which would be DER-encoded using
5 bytes.
Windows encodes kvno as signed integer - basically taking the
32 bits and treating them as a signed integer rather than an
unsigned integer. This means that in Windows a kvno can
always be encoded using 4 bytes, and Windows DCs reject a kvno
encoded using more than 4 bytes without even generating an error
response (the DC assumes it's an attack).
Heimdal re-encodes the TGT when it creates a TGS request. Obviously
it cannot decode and encode the encrypted parts but it does re-encode
the plain parts, which include the kvno. That leads to a 5-byte
kvno in the TGS request, which is rejected without an error
response.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11900
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat May 7 21:14:21 CEST 2016 on sn-devel-144
Quite a few callers already did check for !=NULL. With the current code this is
pointless due to a SMB_ASSERT in base64_encode_data_blob() itself. Make the
callers consistently check, so that we can remove SMB_ASSERT from base64.c.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This tests what happens with the VLV if the results are subject to
an expression.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The VLV was wrongly returning an operations error when the list of
results was empty.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The new tests show that single and multiple forwarders work as expected.
They also describe the behaviour encountered when the DNS server
encounters a CNAME from a forwarded request (which is not to pursue any
further).
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This allows a secondary DNS forwarder for a trivial failover. Requests
which fail/timeout at the primary DNS forwarder will be restarted
entirely with the next forwarder in the list.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Unchecked return value of gnutls_global_init().
Signed-off-by: Robin Hack <hack.robin@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
There is missing check of status value in
http_auth.c:http_create_auth_request() which can leave values
inside 'DATA_BLOB in' unitialized.
http_auth.c:http_create_auth_request() calls
http_auth.c:http_parse_auth_response() which can return NT_STATUS_NOT_SUPPORTED
and which is not checked by caller and later passed as argument to other functions.
For example:
'DATA_BLOB in' can be passed to
auth/gensec/spnego.c:gensec_spnego_update() later:
...
switch (spnego_state->state_position) {
..
case SPNEGO_SERVER_START:
if (in.length) {
Signed-off-by: Robin Hack <hack.robin@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
running rpc.dsgetinfo.DsGetReplicaInfo results in the following valgrind
trace
==14966== Invalid read of size 8
==14966== at 0x88B2D5D: dcerpc_binding_handle_call (binding_handle.c:538)
==14966== by 0x978F33B: dcerpc_drsuapi_DsUnbind_r (ndr_drsuapi_c.c:319)
==14966== by 0x2E9F19: torture_dsgetinfo_tcase_teardown (dsgetinfo.c:431)
==14966== by 0x95536EF: internal_torture_run_test (torture.c:452)
==14966== by 0x9553A4B: torture_run_test_restricted (torture.c:542)
==14966== by 0x260074: run_matching (smbtorture.c:110)
==14966== by 0x25FF36: run_matching (smbtorture.c:95)
==14966== by 0x260195: torture_run_named_tests (smbtorture.c:143)
==14966== by 0x261E14: main (smbtorture.c:665)
==14966== Address 0x28 is not stack'd, malloc'd or (recently) free'd
==14966==
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Apr 25 14:01:33 CEST 2016 on sn-devel-144
when running smbtorture test
'vfs.fruit.SMB2/CREATE context AAPL.SMB2/CREATE context AAPL'
(on non-osx system) the following valgrind errors occur
==2419== Invalid read of size 8
==2419== at 0x4055EA: test_aapl (fruit.c:1939)
==2419== by 0x48B452: wrap_simple_1smb2_test (smb2.c:52)
==2419== by 0x955368F: internal_torture_run_test (torture.c:442)
==2419== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==2419== by 0x26013F: run_matching (smbtorture.c:110)
==2419== by 0x260001: run_matching (smbtorture.c:95)
==2419== by 0x260001: run_matching (smbtorture.c:95)
==2419== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==2419== by 0x261EDF: main (smbtorture.c:665)
==2419== Address 0x10 is not stack'd, malloc'd or (recently) free'd
==2419==
===============================================================
INTERNAL ERROR: Signal 11 in pid 2419 (4.2.4)
Please read the Trouble-Shooting section of the Samba HOWTO
===============================================================
PANIC: internal error
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
smbtorture test net.api.delshare.api.delshare generates the following
valgrind trace
==29209== Syscall param writev(vector[...]) points to uninitialised byte(s)
==29209== at 0xFBA2C87: writev (in /lib64/libc-2.19.so)
==29209== by 0x106CB033: writev_handler (async_sock.c:340)
==29209== by 0xF67812A: ??? (in /usr/lib64/libtevent.so.0.9.26)
==29209== by 0xF6765F6: ??? (in /usr/lib64/libtevent.so.0.9.26)
==29209== by 0xF6727FC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.26)
==29209== by 0xF673ACE: tevent_req_poll (in /usr/lib64/libtevent.so.0.9.26)
==29209== by 0x5D19325: tevent_req_poll_ntstatus (tevent_ntstatus.c:109)
==29209== by 0x88B2E0D: dcerpc_binding_handle_call (binding_handle.c:556)
==29209== by 0xBC6B4A1: dcerpc_srvsvc_NetShareAdd_r (ndr_srvsvc_c.c:3327)
==29209== by 0x5990D8: test_addshare (libnet_share.c:194)
==29209== by 0x5992D5: torture_delshare (libnet_share.c:228)
==29209== by 0x9553F62: wrap_simple_test (torture.c:632)
==29209== by 0x955368F: internal_torture_run_test (torture.c:442)
==29209== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==29209== by 0x26013F: run_matching (smbtorture.c:110)
==29209== by 0x260001: run_matching (smbtorture.c:95)
==29209== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==29209== by 0x261EDF: main (smbtorture.c:665)
==29209== Address 0x1887fd16 is 598 bytes inside a block of size 1,325 alloc'd
==29209== at 0x4C29110: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==29209== by 0xF464A73: _talloc_pooled_object (in /usr/lib64/libtalloc.so.2.1.5)
==29209== by 0xF67366D: _tevent_req_create (in /usr/lib64/libtevent.so.0.9.26)
==29209== by 0xB0D49FF: smb1cli_req_create (smbXcli_base.c:1322)
==29209== by 0xB0E1E6D: smb1cli_trans_send (smb1cli_trans.c:512)
==29209== by 0xB0ED47D: tstream_smbXcli_np_readv_trans_start (tstream_smbXcli_np.c:901)
==29209== by 0xB0EC847: tstream_smbXcli_np_writev_write_next (tstream_smbXcli_np.c:578)
==29209== by 0xB0EC4D7: tstream_smbXcli_np_writev_send (tstream_smbXcli_np.c:505)
==29209== by 0xC259DFA: tstream_writev_send (tsocket.c:695)
==29209== by 0xC25AD64: tstream_writev_queue_trigger (tsocket_helpers.c:513)
==29209== by 0xF673023: tevent_common_loop_immediate (in /usr/lib64/libtevent.so.0.9.26)
==29209== by 0xF677EED: ??? (in /usr/lib64/libtevent.so.0.9.26)
==29209== by 0xF6765F6: ??? (in /usr/lib64/libtevent.so.0.9.26)
==29209== by 0xF6727FC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.26)
==29209== by 0xF673ACE: tevent_req_poll (in /usr/lib64/libtevent.so.0.9.26)
==29209== by 0x5D19325: tevent_req_poll_ntstatus (tevent_ntstatus.c:109)
==29209== by 0x88B2E0D: dcerpc_binding_handle_call (binding_handle.c:556)
==29209== by 0xBC6B4A1: dcerpc_srvsvc_NetShareAdd_r (ndr_srvsvc_c.c:3327)
==29209== by 0x5990D8: test_addshare (libnet_share.c:194)
==29209== by 0x5992D5: torture_delshare (libnet_share.c:228)
==29209== by 0x9553F62: wrap_simple_test (torture.c:632)
==29209== by 0x955368F: internal_torture_run_test (torture.c:442)
==29209== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==29209== by 0x26013F: run_matching (smbtorture.c:110)
==29209== by 0x260001: run_matching (smbtorture.c:95)
==29209== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==29209== by 0x261EDF: main (smbtorture.c:665)
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
smbtorture test net.domopen.domopen generated the following valgrind
trace.
==29054== Conditional jump or move depends on uninitialised value(s)
==29054== at 0x9788D31: libnet_DomainOpen_send (libnet_domain.c:617)
==29054== by 0x9788E01: libnet_DomainOpen (libnet_domain.c:676)
==29054== by 0x595F5D: test_domainopen (domain.c:41)
==29054== by 0x5961AD: torture_domainopen (domain.c:101)
==29054== by 0x9553F62: wrap_simple_test (torture.c:632)
==29054== by 0x955368F: internal_torture_run_test (torture.c:442)
==29054== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==29054== by 0x26013F: run_matching (smbtorture.c:110)
==29054== by 0x260001: run_matching (smbtorture.c:95)
==29054== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==29054== by 0x261EDF: main (smbtorture.c:665)
==29054==
==29054== Conditional jump or move depends on uninitialised value(s)
==29054== at 0x9788D95: libnet_DomainOpen_recv (libnet_domain.c:648)
==29054== by 0x9788E1D: libnet_DomainOpen (libnet_domain.c:677)
==29054== by 0x595F5D: test_domainopen (domain.c:41)
==29054== by 0x5961AD: torture_domainopen (domain.c:101)
==29054== by 0x9553F62: wrap_simple_test (torture.c:632)
==29054== by 0x955368F: internal_torture_run_test (torture.c:442)
==29054== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==29054== by 0x26013F: run_matching (smbtorture.c:110)
==29054== by 0x260001: run_matching (smbtorture.c:95)
==29054== by 0x260260: torture_run_named_tests (smbtorture.c:143)
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
smbtorture test smb2.streams.attributes.attributes generates the following
valgrind trace,
==17997== Use of uninitialised value of size 8
==17997== at 0x8F005C2: _samba_rijndaelEncrypt (rijndael-alg-fst.c:957)
==17997== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==17997== by 0x8F01A74: aes_cmac_128_update (aes_cmac_128.c:151)
==17997== by 0xB0D11B7: smb2_signing_sign_pdu (smb2_signing.c:74)
==17997== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==17997== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==17997== by 0x5B030F3: smb2_close_send (close.c:42)
==17997== by 0x5B0358A: smb2_close (close.c:78)
==17997== by 0x5B087B3: smb2_util_close (util.c:40)
==17997== by 0x521457: test_stream_attributes (streams.c:1750)
==17997== by 0x48B452: wrap_simple_1smb2_test (smb2.c:52)
==17997== by 0x955368F: internal_torture_run_test (torture.c:442)
==17997== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==17997== by 0x26013F: run_matching (smbtorture.c:110)
==17997== by 0x260001: run_matching (smbtorture.c:95)
==17997== by 0x260001: run_matching (smbtorture.c:95)
==17997== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==17997== by 0x261EDF: main (smbtorture.c:665)
==17997==
==17997== Use of uninitialised value of size 8
==17997== at 0x8F005DE: _samba_rijndaelEncrypt (rijndael-alg-fst.c:958)
==17997== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==17997== by 0x8F01A74: aes_cmac_128_update (aes_cmac_128.c:151)
==17997== by 0xB0D11B7: smb2_signing_sign_pdu (smb2_signing.c:74)
==17997== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==17997== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==17997== by 0x5B030F3: smb2_close_send (close.c:42)
==17997== by 0x5B0358A: smb2_close (close.c:78)
==17997== by 0x5B087B3: smb2_util_close (util.c:40)
==17997== by 0x521457: test_stream_attributes (streams.c:1750)
==17997== by 0x48B452: wrap_simple_1smb2_test (smb2.c:52)
==17997== by 0x955368F: internal_torture_run_test (torture.c:442)
==17997== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==17997== by 0x26013F: run_matching (smbtorture.c:110)
==17997== by 0x260001: run_matching (smbtorture.c:95)
==17997== by 0x260001: run_matching (smbtorture.c:95)
==17997== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==17997== by 0x261EDF: main (smbtorture.c:665)
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
smbtorture test smb2.streams.rename2.rename2 generates the following valgrind
trace
==17379== Use of uninitialised value of size 8
==17379== at 0x8F005C2: _samba_rijndaelEncrypt (rijndael-alg-fst.c:957)
==17379== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==17379== by 0x8F01A74: aes_cmac_128_update (aes_cmac_128.c:151)
==17379== by 0xB0D11B7: smb2_signing_sign_pdu (smb2_signing.c:74)
==17379== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==17379== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==17379== by 0x5B030F3: smb2_close_send (close.c:42)
==17379== by 0x5B0358A: smb2_close (close.c:78)
==17379== by 0x5B087B3: smb2_util_close (util.c:40)
==17379== by 0x51FBA7: test_stream_rename2 (streams.c:1381)
==17379== by 0x48B452: wrap_simple_1smb2_test (smb2.c:52)
==17379== by 0x955368F: internal_torture_run_test (torture.c:442)
==17379== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==17379== by 0x26013F: run_matching (smbtorture.c:110)
==17379== by 0x260001: run_matching (smbtorture.c:95)
==17379== by 0x260001: run_matching (smbtorture.c:95)
==17379== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==17379== by 0x261EDF: main (smbtorture.c:665)
==17379==
==17379== Use of uninitialised value of size 8
==17379== at 0x8F005DE: _samba_rijndaelEncrypt (rijndael-alg-fst.c:958)
==17379== by 0x8EFF24C: samba_AES_encrypt (aes.c:60)
==17379== by 0x8F01A74: aes_cmac_128_update (aes_cmac_128.c:151)
==17379== by 0xB0D11B7: smb2_signing_sign_pdu (smb2_signing.c:74)
==17379== by 0xB0D984A: smb2cli_req_compound_submit (smbXcli_base.c:3062)
==17379== by 0x5AFD5F5: smb2_transport_send (transport.c:237)
==17379== by 0x5B030F3: smb2_close_send (close.c:42)
==17379== by 0x5B0358A: smb2_close (close.c:78)
==17379== by 0x5B087B3: smb2_util_close (util.c:40)
==17379== by 0x51FBA7: test_stream_rename2 (streams.c:1381)
==17379== by 0x48B452: wrap_simple_1smb2_test (smb2.c:52)
==17379== by 0x955368F: internal_torture_run_test (torture.c:442)
==17379== by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==17379== by 0x26013F: run_matching (smbtorture.c:110)
==17379== by 0x260001: run_matching (smbtorture.c:95)
==17379== by 0x260001: run_matching (smbtorture.c:95)
==17379== by 0x260260: torture_run_named_tests (smbtorture.c:143)
==17379== by 0x261EDF: main (smbtorture.c:665)
==17379==
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
