IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This is a confusing hold-over from the NTVFS fileserver that never became part of
the merged architecture.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Mar 24 13:11:52 UTC 2021 on sn-devel-184
We had the test in the Samba Python segfault suite because
a) the signal catching infrastructure was there, and
b) the ldb tests lack Samba's knownfail mechanism, which allowed us to
assert the failure.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14595
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
A DN string with lots of trailing space can cause ldb_dn_explode() to
put a zero byte in the wrong place in the heap.
When a DN string has a value represented with trailing spaces,
like this
"CN=foo ,DC=bar"
the whitespace is supposed to be ignored. We keep track of this in the
`t` pointer, which is NULL when we are not walking through trailing
spaces, and points to the first space when we are. We are walking with
the `p` pointer, writing the value to `d`, and keeping the length in
`l`.
"CN=foo ,DC= " ==> "foo "
^ ^ ^
t p d
--l---
The value is finished when we encounter a comma or the end of the
string. If `t` is not NULL at that point, we assume there are trailing
spaces and wind `d and `l` back by the correct amount. Then we switch
to expecting an attribute name (e.g. "CN"), until we get to an "=",
which puts us back into looking for a value.
Unfortunately, we forget to immediately tell `t` that we'd finished
the last value, we can end up like this:
"CN=foo ,DC= " ==> ""
^ ^ ^
t p d
l=0
where `p` is pointing to a new value that contains only spaces, while
`t` is still referring to the old value. `p` notices the value ends,
and we subtract `p - t` from `d`:
"CN=foo ,DC= " ==> ? ""
^ ^ ^
t p d
l ~= SIZE_MAX - 8
At that point `d` wants to terminate its string with a '\0', but
instead it terminates someone else's byte. This does not crash if the
number of trailing spaces is small, as `d` will point into a previous
value (a copy of "foo" in this example). Corrupting that value will
ultimately not matter, as we will soon try to allocate a buffer `l`
long, which will be greater than the available memory and the whole
operation will fail properly.
However, with more spaces, `d` will point into memory before the
beginning of the allocated buffer, with the exact offset depending on
the length of the earlier attributes and the number of spaces.
What about a longer DN with more attributes? For example,
"CN=foo ,DC= ,DC=example,DC=com" -- since `d` has moved out of
bounds, won't we continue to use it and write more DN values into
mystery memory? Fortunately not, because the aforementioned allocation
of `l` bytes must happen first, and `l` is now huge. The allocation
happens in a talloc_memdup(), which is by default restricted to
allocating 256MB.
So this allows a person who controls a string parsed by ldb_dn_explode
to corrupt heap memory by placing a single zero byte at a chosen
offset before the allocated buffer.
An LDAP bind request can send a string DN as a username. This DN is
necessarily parsed before the password is checked, so an attacker does
not need proper credentials. The attacker can easily cause a denial of
service and we cannot rule out more subtle attacks.
The immediate solution is to reset `t` to NULL when a comma is
encountered, indicating that we are no longer looking at trailing
whitespace.
Found with the help of Honggfuzz.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14595
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
For a string that had N spaces at the beginning, we would
try to move N bytes beyond the end of the string.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14655
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Don't close unconsumed file descriptors in messaging_recv_cb(). Via
multiple registrations on different tevent contexts we might call
messaging_recv_cb() multiple times: All but the first tevent context
handled in the loop in msg_dgm_ref_recv() will not see file
descriptors anymore, it will just get a -1, even if the first
reference had no receiver interested in the fds.
Change the API such that consumers can set the file descriptor to -1
if it's consumed. If nobody wanted them, do the close where they were
created via recvmsg, in messages_dgm.c.
If you want multiple handlers to consume the file descriptors, you
should dup() them in the filter function handed to
messaging_filtered_read_send and save the duplicate in your private
data for later consumption.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Mar 19 08:18:26 UTC 2021 on sn-devel-184
There is no flags argument.
There are more URI forms.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
pytalloc is currently GPL, while the rest of talloc is LGPL.
This situation arose because pytalloc was originally developed under
source4/scripting/python/, and moved into talloc proper with commit
0f043c197c473c801fc32c727194b5a2d6ae232f ("Move pytalloc to talloc
directory.", October 2008).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9931
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 16 18:17:43 UTC 2021 on sn-devel-184
To compile the AFL binaries, we need every fuzzer to have a consistent
set of functions. Some fuzzers require the initialize function, so all
the rest must have an empty one.
AFL binaires are handy for testing the fuzz results in a less magical
environment than libfuzzer/honggfuzz give you.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
LLVMFuzzerTestOneInput() NEVER returns non-zero, but if it does, we might as well
know what made it do so
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
is_myname() looks at lp_* directly, nmbd maintains its own list: We don't
need the baroque loadparm handler anymore.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Use F_GETLK to get the lock holder PID, this is more accurate than
reading the file contents: A conflicting process might not have
written its PID yet. Also, F_GETLK easily allows to do a retry if the
lock holder just died.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
c.f. the identical static function in lib/ldb-samba/ldif_handlers.c
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
nothing that allocates memory can be pure, unless it guarantees to
allocate exactly the same pointer very time (which it does not).
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14044
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Mar 10 09:51:25 UTC 2021 on sn-devel-184
We already ensure the no-trailing-asterisk case ends at the end of the
string.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14044
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14044
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
A wildcard search is divided into chunks by the asterisks. While most
chunks match the first suitable string, the last chunk matches the
last possible string (unless there is a trailing asterisk, in which
case this distinction is moot).
We always knew this in our hearts, but we tried to do it in a funny
complicated way that stepped through the string, comparing here and
there, leading to CVE-2019-3824 and missed matches (bug 14044).
With this patch, we just jump to the end of the string and compare it.
As well as being correct, this should also improve performance, as the
previous algorithm involved a quadratic loop of erroneous memmem()s.
See https://tools.ietf.org/html/rfc4517
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14044
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The lib/param code does not service smbd, no home directories nor printers are handled
in this codebase and these functions are uncalled.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14658
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
All the socket options were a large block in debug output. Put them on
one line.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
When samba runs as ADDC only the main 'samba' daemon have to notify
its status to systemd because our systemd unit files contains implied
NotifyAccess=main since commit d1740fb3d5a72cb49e30b330bb0b01e7ef3e09cc.
This commit adds a function to disable the systemd notification in the
smbd and winbinddd child processes started by the main 'samba' daemon in
AD DC mode to avoid warnings like:
systemd[1]: samba-ad-dc.service: Got notification message from PID 26194,
but reception only permitted for main PID 26187
systemd[1]: samba-ad-dc.service: Got notification message from PID 26222,
but reception only permitted for main PID 26187
$ pstree -p
...
├─samba(26187)─┬─tfork(26189)(26188)───s3fs[master](26189)───tfork(26194)(26193)───smbd(26194)─┬─cleanupd(+
│ │ ├─lpqd(2623+
│ │ └─smbd-noti+
│ ├─tfork(26191)(26190)───rpc[master](26191)─┬─tfork(26198)(26195)───rpc(0)(26198)
│ │ ├─tfork(26200)(26199)───rpc(1)(26200)
│ │ ├─tfork(26206)(26201)───rpc(2)(26206)
│ │ └─tfork(26212)(26207)───rpc(3)(26212)
│ ├─tfork(26196)(26192)───nbt[master](26196)
│ ├─tfork(26202)(26197)───wrepl[master](26202)
│ ├─tfork(26204)(26203)───ldap[master](26204)─┬─tfork(26242)(26241)───ldap(0)(26242)
│ │ ├─tfork(26244)(26243)───ldap(1)(26244)
│ │ ├─tfork(26246)(26245)───ldap(2)(26246)
│ │ └─tfork(26248)(26247)───ldap(3)(26248)
│ ├─tfork(26208)(26205)───cldap[master](26208)
│ ├─tfork(26210)(26209)───kdc[master](26210)───tfork(26218)(26215)───krb5kdc(26218)
│ ├─tfork(26213)(26211)───drepl[master](26213)
│ ├─tfork(26216)(26214)───winbindd[master(26216)───tfork(26222)(26219)───winbindd(26222)───wi+
│ ├─tfork(26220)(26217)───ntp_signd[maste(26220)
│ ├─tfork(26223)(26221)───kcc[master](26223)
│ ├─tfork(26225)(26224)───dnsupdate[maste(26225)
│ └─tfork(26227)(26226)───dns[master](26227)
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Björn Baumbach <bb@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@suse.com>
Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Mon Feb 22 15:50:55 UTC 2021 on sn-devel-184
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14625
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Feb 3 10:57:01 UTC 2021 on sn-devel-184
error: format string is not a string literal [-Werror,-Wformat-nonliteral]
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
error: format string is not a string literal [-Werror,-Wformat-nonliteral]
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough]
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Return "bool" instead of NTSTATUS, use hex_byte() instead of
read_hex_bytes(). And parse directly into a struct GUID instead of the
components. 99 lines less code.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Commit 7d0981f5e78bc881ca6521932379c69604c33a38 broke the build on
FreeBSD:
[1589/3917] Compiling lib/util/util_runcmd.c
../../lib/util/util_runcmd.c:310:7: warning: implicit declaration of function 'WIFEXITED' is invalid in C99 [-Wimplicit-function-declaration]
if (WIFEXITED(status)) {
^
../../lib/util/util_runcmd.c:311:13: warning: implicit declaration of function 'WEXITSTATUS' is invalid in C99 [-Wimplicit-function-declaration]
status = WEXITSTATUS(status);
^
../../lib/util/util_runcmd.c:312:14: warning: implicit declaration of function 'WIFSIGNALED' is invalid in C99 [-Wimplicit-function-declaration]
} else if (WIFSIGNALED(status)) {
^
../../lib/util/util_runcmd.c:313:13: warning: implicit declaration of function 'WTERMSIG' is invalid in C99 [-Wimplicit-function-declaration]
status = WTERMSIG(status);
^
4 warnings generated.
[1590/3917] Linking bin/default/source4/dsdb/libsamdb-common-samba4.so
ld: error: undefined symbol: WIFEXITED
>>> referenced by util_runcmd.c
>>> lib/util/util_runcmd.c.94.o:(samba_runcmd_io_handler)
ld: error: undefined symbol: WEXITSTATUS
>>> referenced by util_runcmd.c
>>> lib/util/util_runcmd.c.94.o:(samba_runcmd_io_handler)
ld: error: undefined symbol: WIFSIGNALED
>>> referenced by util_runcmd.c
>>> lib/util/util_runcmd.c.94.o:(samba_runcmd_io_handler)
ld: error: undefined symbol: WTERMSIG
>>> referenced by util_runcmd.c
>>> lib/util/util_runcmd.c.94.o:(samba_runcmd_io_handler)
clang: error: linker command failed with exit code 1 (use -v to see invocation)
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Jan 25 09:48:09 UTC 2021 on sn-devel-184
This is helpful if you are in a listening loop with the same receiver
for many sockets doing the same thing.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
