IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Tweak eventscript unit test infrastructure to support.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
If there are insufficient arguments then they can't be shifted.
This function will be removed shortly. However, it needs to work for
now as tests will be added that depend on it to work.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
We validate everything except the whole LOGON_INFO structure,
we even decrypt the PAC_CREDENTIALS_INFO blob and verify
PAC_CREDENTIAL_DATA_NDR and PAC_CREDENTIAL_NTLM_SECPKG.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jul 21 01:07:28 CEST 2016 on sn-devel-144
MIT only defined this as CKSUMTYPE_HMAC_SHA1_96_AES128,
while Heimdal has CKSUMTYPE_HMAC_SHA1_96_AES_128.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
This difference is the reason why we can't fully (ndr)validate some
PAC blobs.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
This is included because this sample helped us addres issues in the previous attempt at
handling PAC_UPN_DNS_INFO correctly, and I have Tris's permission to include this in our
tests.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This one nicely demonstrates that the strings are really non-null terminated.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Someone changed the PAC buffer union without adding proper tests, now we
sometimes fail to parse the PAC completely due to that...
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
We need to have two subcontexts to get the padding right,
the outer subcontext uses NDR_ROUND(_ndr_size, 8), while
the inner subcontext only uses _ndr_size.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
This coveres the case without AES keys, and before the IDL was changed for SambaGPG support
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
From the mail to dochelp:
I've also got cases (where I created an account with
UF_NORMAL_ACCOUNT|UF_ACCOUNTDISABLE|UF_SMARTCARD_REQUIRED
in the LDAP add) with the following strange blobs:
One time:
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00
and once:
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 53
The original issue I reported was the following, a user was created
with a password and then userAccountControl was changed to
UF_NORMAL_ACCOUNT|UF_SMARTCARD_REQUIRED. In that case I'm getting:
[0000] 00 00 00 00 62 00 00 00 00 00 00 00 20 00 20 00
[0010] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00
[0020] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00
[0030] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00
[0040] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00
[0050] 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00
[0060] 20 00 20 00 20 00 20 00 20 00 20 00 50 00 30
As you see the last byte (unknown3) is always different on Windows,
but always 0x00 from Samba, so I used 0x00 in order to allow the
test to pass.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Hoping the new name is not as confusing as the old name.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This commit moves the autogenerated ndr_{pull,push}_supplementalCredentialsSubBlob()
function to the handwritten librpc/ndr/ndr_drsblobs.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Typically this is automatically set in ndr_push_supplementalCredentialsBlob(),
but we need to change that behavior in order to handle strange formated
values.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
==27786== Syscall param write(buf) points to uninitialised byte(s)
==27786== at 0x62820D0: __write_nocancel (syscall-template.S:84)
==27786== by 0x428B57: ctdb_queue_send (ctdb_io.c:322)
==27786== by 0x41F3B1: ctdb_client_queue_pkt (ctdb_client.c:153)
==27786== by 0x41F3B1: ctdb_client_send_message (ctdb_client.c:603)
==27786== by 0x419FA3: srvid_broadcast.constprop.26 (ctdb.c:1965)
==27786== by 0x41B869: control_reload_nodes_file (ctdb.c:5696)
==27786== by 0x404DBA: main (ctdb.c:6008)
==27786== Address 0x7ead310 is 144 bytes inside a block of size 168 alloc'd
==27786== at 0x4C2BBCF: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==27786== by 0x564DBEC: __talloc_with_prefix (talloc.c:675)
==27786== by 0x564DBEC: __talloc (talloc.c:716)
==27786== by 0x564DBEC: _talloc_named_const (talloc.c:873)
==27786== by 0x564DBEC: _talloc_zero (talloc.c:2318)
==27786== by 0x41E1E2: _ctdbd_allocate_pkt (ctdb_client.c:59)
==27786== by 0x41F37D: ctdb_client_send_message (ctdb_client.c:594)
==27786== by 0x419FA3: srvid_broadcast.constprop.26 (ctdb.c:1965)
==27786== by 0x41B869: control_reload_nodes_file (ctdb.c:5696)
==27786== by 0x404DBA: main (ctdb.c:6008)
==27786==
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
State is stolen onto tmp_ctx above so can't be referenced after
tmp_ctx is freed. So, state->status has to be looked at earlier.
Moving it immediately before the talloc_free(tmp_ctx) isn't sufficient
because invoking the callback appears to cause a recursive call to
ctdb_control_recv(), which also frees state.
Referencing it at the top seems safe.
==23982== Invalid read of size 4
==23982== at 0x4204AE: ctdb_control_recv (ctdb_client.c:1181)
==23982== by 0x420645: invoke_control_callback (ctdb_client.c:971)
==23982== by 0x5E675EC: tevent_common_loop_timer_delay (tevent_timed.c:341)
==23982== by 0x5E68639: epoll_event_loop_once (tevent_epoll.c:911)
==23982== by 0x5E66BD6: std_event_loop_once (tevent_standard.c:114)
==23982== by 0x5E622EC: _tevent_loop_once (tevent.c:533)
==23982== by 0x4255F7: ctdb_client_async_wait (ctdb_client.c:3385)
==23982== by 0x42578A: ctdb_client_async_control (ctdb_client.c:3442)
==23982== by 0x41B405: ctdb_get_nodes_files (ctdb.c:5488)
==23982== by 0x41B405: check_all_node_files_are_identical (ctdb.c:5530)
==23982== by 0x41B405: control_reload_nodes_file (ctdb.c:5673)
==23982== by 0x404DBA: main (ctdb.c:6008)
==23982== Address 0x7e98d9c is 108 bytes inside a block of size 168 free'd
==23982== at 0x4C2CDFB: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23982== by 0x5652692: _tc_free_internal (talloc.c:1125)
==23982== by 0x5652692: _tc_free_children_internal (talloc.c:1570)
==23982== by 0x564B952: _tc_free_internal (talloc.c:1081)
==23982== by 0x564B952: _talloc_free_internal (talloc.c:1151)
==23982== by 0x564B952: _talloc_free (talloc.c:1693)
==23982== by 0x4204C9: ctdb_control_recv (ctdb_client.c:1182)
==23982== by 0x4207AA: async_callback (ctdb_client.c:3350)
==23982== by 0x4204AD: ctdb_control_recv (ctdb_client.c:1179)
==23982== by 0x420645: invoke_control_callback (ctdb_client.c:971)
==23982== by 0x5E675EC: tevent_common_loop_timer_delay (tevent_timed.c:341)
==23982== by 0x5E68639: epoll_event_loop_once (tevent_epoll.c:911)
==23982== by 0x5E66BD6: std_event_loop_once (tevent_standard.c:114)
==23982== by 0x5E622EC: _tevent_loop_once (tevent.c:533)
==23982== by 0x4255F7: ctdb_client_async_wait (ctdb_client.c:3385)
==23982== Block was alloc'd at
==23982== at 0x4C2BBCF: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23982== by 0x564DBEC: __talloc_with_prefix (talloc.c:675)
==23982== by 0x564DBEC: __talloc (talloc.c:716)
==23982== by 0x564DBEC: _talloc_named_const (talloc.c:873)
==23982== by 0x564DBEC: _talloc_zero (talloc.c:2318)
==23982== by 0x42017F: ctdb_control_send (ctdb_client.c:1086)
==23982== by 0x425746: ctdb_client_async_control (ctdb_client.c:3431)
==23982== by 0x41B405: ctdb_get_nodes_files (ctdb.c:5488)
==23982== by 0x41B405: check_all_node_files_are_identical (ctdb.c:5530)
==23982== by 0x41B405: control_reload_nodes_file (ctdb.c:5673)
==23982== by 0x404DBA: main (ctdb.c:6008)
==23982==
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
The point of this code is almost certainly to return non-zero when
state->errormsg is set. So, return state->status if non-zero, -1
otherwise.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This in particular helps the docs.py test halve in time (at least on my machine)
NOTE: The removal of enable_null_tracking is required because we are no
longer importing join.py in every single samba-tool invocation. Without
removing this line, memory would be hanging from both the actual NULL
context and the talloc_null_context (causing a segfault at system_exit).
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Wed Jul 20 12:47:24 CEST 2016 on sn-devel-144
notifyd_send() is called as part of smbd initialization both in normal daemon
mode after a fork, but also in interactive mode. In interactive mode, notifyd
should not modify the global signal state with BlockSignals(). This patch moves
the signal blocking to the place where we know that notifyd is a child daemon.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jul 20 09:04:00 CEST 2016 on sn-devel-144
When notifyd is restarted, the parent will broadcast that fact to all workers.
They will then re-register their notify requests.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
When notifyd crashes, it will be restarted. We need to restore the filters with
notifyd
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
So far, we haven't TALLOC_FREE'ed the notify context. This will change.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
We have all information that was kept in "notify_list" in other parts of smbd
as well. The only possible downside of this patch is that we possibly have a
lot more fsp's than fsp's with notifies, so notify_callback() might be a bit
slower in this situation. If this turns out to be a problem, I'd rather put
some more smarts into the notifyd protocol to enable a better indexed
notify_callback(). For now, this avoids data to be kept in two places.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This protection right now lives in notify_msg.c with the notify_list, but that
will go.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
We do not have different callbacks per notify, put the callback function into
the notify context
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Okay, this is similar to full_path_tos, but with variable arrays now and much
simpler :-)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Before this patch, failure of notify_init was ignored. Also, no proper error
handling of a messaging_register failure was done. Fix those, also adding some
debug messages.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
If a stream is open, refuse the unlink. Ensure UNIX unlink
request can remove a file containing streams.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12021
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Jul 20 05:20:29 CEST 2016 on sn-devel-144
When using UNIX extensions to delete a file containing streams,
the open for delete and close operations need to enumerate the
contained streams and do CREATE and UNLINK operations on the
stream names. These must always be done as Windows operations
(remove the SMB_FILENAME_POSIX_PATH flag) as the stream names
are Windows paths.
Without this the create operation under the unlink will
recurse and cause the client to time out (or a server crash).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12021
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
