IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This change makes automatic mapping for PAR->RPRN opcodes easier.
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
krb5_free_error() is availalbe in MIT and Heimdal. Both implementations
free the contents and the pointer. krb5_free_data_contents() is Heimdal
only. Which function you need to call depends.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 23 05:00:13 CEST 2016 on sn-devel-144
This is from cea4a4b9b2 and
613d085a63ee554084cb99d2150921dd108f6b77
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12107
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Aug 3 21:43:21 CEST 2016 on sn-devel-144
The use of the wrong key can still create structures that parse as a SID,
therefore we can sometimes get an unusual error, which becomes a flapping test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12107
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
These are marked as known_fail pending the next patch ("Extend DsBind
and DsGetDomainControllerInfo to work with w2k8").
Signed-off-by: Dirk Godau <voidswitch@gmail.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
The folks at heimdal didn't like the patch in
commit 6379737b7d and insisted
that kvno should remain unsigned internally, even though it is
encoded as signed in packets. This patch reverts some of the
unsigned->signed changes in that commit, and resolves conversion
issues - in order to be aligned with upstream Heimdal.
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue May 24 03:00:39 CEST 2016 on sn-devel-144
This patch changes the encoding/decoding of kvno (key version number)
in blobs and packets to signed integer, for compatibility with Windows.
Reportedly, MIT Kerberos does the same.
This patch effectively reverts commit 1124c4872dfb81bec9c4b527b8927ca35e39a599
in the heimdal tree.
According to the Kerberos spec (RFC 4120 5.2.9), the kvno field
in encrypted data object is an unsigned integer that fits in
32 bits. The Heimdal Kerberos component bundled with Samba
conforms to this. However, Windows deviates from the standard
and encodes kvno as a signed integer, and this creates
interoperability issues.
ASN.1 DER has no special encoding for unsigned integer. A 32-bit
unsigned integer is encoded as a signed integer, so while a signed
32-bit integer (covering the range of -0x80000000..0x7fffffff) is
encoded using up to 4 bytes, an unsigned integer (covering
0..0xffffffff) could require 5 bytes.
Normally, kvno for a given account starts at 1 and increments on
password changes. Kerberos defined this as unsigned because there's
no meaning for negative version numbers, so the standard writers figured
4 billion versions is better than 2 billion. It was not
expected for a kvno to really go past 0x7fffffff and the disctinction
usually does not matter. However, RODCs use kvnos which
have the most-significant bit set.
In Active Directory, RODCs have a private secret for the krbtgt,
because the assumption is that the RODC is less secure, and
recovering the domain krbtgt secret from the RODC would compromise
the security of the entire domain. The kvno field is being used
to identify the private krbtgt account that owns the key - the
upper 16 bits are the RODC id, and the lower 16 bits identify
the key version number for this specific RODC. It's common to
have an RODC id greater than 0x8000, and therefore to have a
kvno larger than 0x7fffffff, which would be DER-encoded using
5 bytes.
Windows encodes kvno as signed integer - basically taking the
32 bits and treating them as a signed integer rather than an
unsigned integer. This means that in Windows a kvno can
always be encoded using 4 bytes, and Windows DCs reject a kvno
encoded using more than 4 bytes without even generating an error
response (the DC assumes it's an attack).
Heimdal re-encodes the TGT when it creates a TGS request. Obviously
it cannot decode and encode the encrypted parts but it does re-encode
the plain parts, which include the kvno. That leads to a 5-byte
kvno in the TGS request, which is rejected without an error
response.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11900
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat May 7 21:14:21 CEST 2016 on sn-devel-144
running rpc.dsgetinfo.DsGetReplicaInfo results in the following valgrind
trace
==14966== Invalid read of size 8
==14966== at 0x88B2D5D: dcerpc_binding_handle_call (binding_handle.c:538)
==14966== by 0x978F33B: dcerpc_drsuapi_DsUnbind_r (ndr_drsuapi_c.c:319)
==14966== by 0x2E9F19: torture_dsgetinfo_tcase_teardown (dsgetinfo.c:431)
==14966== by 0x95536EF: internal_torture_run_test (torture.c:452)
==14966== by 0x9553A4B: torture_run_test_restricted (torture.c:542)
==14966== by 0x260074: run_matching (smbtorture.c:110)
==14966== by 0x25FF36: run_matching (smbtorture.c:95)
==14966== by 0x260195: torture_run_named_tests (smbtorture.c:143)
==14966== by 0x261E14: main (smbtorture.c:665)
==14966== Address 0x28 is not stack'd, malloc'd or (recently) free'd
==14966==
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Apr 25 14:01:33 CEST 2016 on sn-devel-144
when running smbtorture rpc.samba3.regconfig.regconfig
Note: to fix this particular error only the action_taken variable needed
to be initialised. ZERO-ing the structs for completeness.
==14958== Syscall param writev(vector[...]) points to uninitialised byte(s)
==14958== at 0xFB9FC87: writev (in /lib64/libc-2.19.so)
==14958== by 0x106C8003: writev_handler (async_sock.c:340)
==14958== by 0xF67407E: epoll_event_loop (tevent_epoll.c:728)
==14958== by 0xF67469C: epoll_event_loop_once (tevent_epoll.c:926)
==14958== by 0xF671586: std_event_loop_once (tevent_standard.c:114)
==14958== by 0xF66AD42: _tevent_loop_once (tevent.c:533)
==14958== by 0xF66CB9D: tevent_req_poll (tevent_req.c:256)
==14958== by 0x5D19305: tevent_req_poll_ntstatus (tevent_ntstatus.c:109)
==14958== by 0x88B2DED: dcerpc_binding_handle_call (binding_handle.c:556)
==14958== by 0xBBCE851: dcerpc_winreg_CreateKey_r (ndr_winreg_c.c:1430)
==14958== by 0x3D47C5: torture_samba3_createshare (samba3rpc.c:3192)
==14958== by 0x3D50AC: torture_samba3_regconfig (samba3rpc.c:3299)
==14958== by 0x9553F42: wrap_simple_test (torture.c:632)
==14958== by 0x955366F: internal_torture_run_test (torture.c:442)
==14958== by 0x9553A4B: torture_run_test_restricted (torture.c:542)
==14958== by 0x260074: run_matching (smbtorture.c:110)
==14958== by 0x25FF36: run_matching (smbtorture.c:95)
==14958== by 0x25FF36: run_matching (smbtorture.c:95)
==14958== by 0x260195: torture_run_named_tests (smbtorture.c:143)
==14958== by 0x261E14: main (smbtorture.c:665)
==14958== Address 0x18868ec6 is 598 bytes inside a block of size 1,325 alloc'd
==14958== at 0x4C29110: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==14958== by 0xF45EE38: __talloc_with_prefix (talloc.c:668)
==14958== by 0xF45EFF5: _talloc_pool (talloc.c:721)
==14958== by 0xF45F167: _talloc_pooled_object (talloc.c:790)
==14958== by 0xF66C664: _tevent_req_create (tevent_req.c:66)
==14958== by 0xB0D49CF: smb1cli_req_create (smbXcli_base.c:1322)
==14958== by 0xB0E1E3D: smb1cli_trans_send (smb1cli_trans.c:512)
==14958== by 0xB0ED44D: tstream_smbXcli_np_readv_trans_start (tstream_smbXcli_np.c:901)
==14958== by 0xB0EC817: tstream_smbXcli_np_writev_write_next (tstream_smbXcli_np.c:578)
==14958== by 0xB0EC4A7: tstream_smbXcli_np_writev_send (tstream_smbXcli_np.c:505)
==14958== by 0xC259DDA: tstream_writev_send (tsocket.c:695)
==14958== by 0xC25AD44: tstream_writev_queue_trigger (tsocket_helpers.c:513)
==14958== by 0xF66BF73: tevent_queue_immediate_trigger (tevent_queue.c:149)
==14958== by 0xF66BBFB: tevent_common_loop_immediate (tevent_immediate.c:135)
==14958== by 0xF674602: epoll_event_loop_once (tevent_epoll.c:907)
==14958== by 0xF671586: std_event_loop_once (tevent_standard.c:114)
==14958== by 0xF66AD42: _tevent_loop_once (tevent.c:533)
==14958== by 0xF66CB9D: tevent_req_poll (tevent_req.c:256)
==14958== by 0x5D19305: tevent_req_poll_ntstatus (tevent_ntstatus.c:109)
==14958== by 0x88B2DED: dcerpc_binding_handle_call (binding_handle.c:556)
==14958== by 0xBBCE851: dcerpc_winreg_CreateKey_r (ndr_winreg_c.c:1430)
==14958== by 0x3D47C5: torture_samba3_createshare (samba3rpc.c:3192)
==14958== by 0x3D50AC: torture_samba3_regconfig (samba3rpc.c:3299)
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
running smbtorture test rpc.samba3.winreg.winreg yields the following
valgrind trace
==18533== Syscall param writev(vector[...]) points to uninitialised byte(s)
==18533== at 0xFBA2C87: writev (in /lib64/libc-2.19.so)
==18533== by 0x106CB033: writev_handler (async_sock.c:340)
==18533== by 0xF67812A: ??? (in /usr/lib64/libtevent.so.0.9.26)
==18533== by 0xF6765F6: ??? (in /usr/lib64/libtevent.so.0.9.26)
==18533== by 0xF6727FC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.26)
==18533== by 0xF673ACE: tevent_req_poll (in /usr/lib64/libtevent.so.0.9.26)
==18533== by 0x5D19325: tevent_req_poll_ntstatus (tevent_ntstatus.c:109)
==18533== by 0x88B2E0D: dcerpc_binding_handle_call (binding_handle.c:556)
==18533== by 0xBBD049F: dcerpc_winreg_EnumValue_r (ndr_winreg_c.c:2354)
==18533== by 0x3D3E3E: enumvalues (samba3rpc.c:2982)
==18533== by 0x3D40A5: enumkeys (samba3rpc.c:3042)
==18533== by 0x3D4085: enumkeys (samba3rpc.c:3041)
==18533== Address 0x1886edd6 is 598 bytes inside a block of size 1,325 alloc'd
==18533== at 0x4C29110: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==18533== by 0xF464A73: _talloc_pooled_object (in /usr/lib64/libtalloc.so.2.1.5)
==18533== by 0xF67366D: _tevent_req_create (in /usr/lib64/libtevent.so.0.9.26)
==18533== by 0xB0D49FF: smb1cli_req_create (smbXcli_base.c:1322)
==18533== by 0xB0E1E6D: smb1cli_trans_send (smb1cli_trans.c:512)
==18533== by 0xB0ED47D: tstream_smbXcli_np_readv_trans_start (tstream_smbXcli_np.c:901)
==18533== by 0xB0EC847: tstream_smbXcli_np_writev_write_next (tstream_smbXcli_np.c:578)
==18533== by 0xB0EC4D7: tstream_smbXcli_np_writev_send (tstream_smbXcli_np.c:505)
==18533== by 0xC259DFA: tstream_writev_send (tsocket.c:695)
==18533== by 0xC25AD64: tstream_writev_queue_trigger (tsocket_helpers.c:513)
==18533== by 0xF673023: tevent_common_loop_immediate (in /usr/lib64/libtevent.so.0.9.26)
==18533== by 0xF677EED: ??? (in /usr/lib64/libtevent.so.0.9.26)
==18533==
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
running smbtorture rpc.srvsvc.srvsvc\ (admin\ access).NetDiskEnum results
in the following valgrind trace
==30237== Syscall param writev(vector[...]) points to uninitialised byte(s)
==30237== at 0xDD01C67: writev (in /lib64/libc-2.19.so)
==30237== by 0xE1D09D4: writev_handler (async_sock.c:340)
==30237== by 0xD81A12A: ??? (in /usr/lib64/libtevent.so.0.9.26)
==30237== by 0xD8185F6: ??? (in /usr/lib64/libtevent.so.0.9.26)
==30237== by 0xD8147FC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.26)
==30237== by 0xD815ACE: tevent_req_poll (in /usr/lib64/libtevent.so.0.9.26)
==30237== by 0x5AC726D: tevent_req_poll_ntstatus (in /usr/lib64/libtevent-util.so.0.0.1)
==30237== by 0x8120CEA: dcerpc_binding_handle_call (in /usr/lib64/libdcerpc-binding.so.0.0.1)
==30237== by 0xA9AC6EC: dcerpc_srvsvc_NetDiskEnum_r (ndr_srvsvc_c.c:5388)
==30237== by 0x2ADDF8: ??? (in /usr/bin/smbtorture)
==30237== by 0x898DF8C: ??? (in /usr/lib64/libtorture.so.0.0.1)
==30237== by 0x1F0816: ??? (in /usr/bin/smbtorture)
==30237== Address 0x15952676 is 598 bytes inside a block of size 1,325 alloc'd
==30237== at 0x4C29110: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==30237== by 0xCCCAA73: _talloc_pooled_object (in /usr/lib64/libtalloc.so.2.1.5)
==30237== by 0xD81566D: _tevent_req_create (in /usr/lib64/libtevent.so.0.9.26)
==30237== by 0xA2B7910: smb1cli_req_create (smbXcli_base.c:1322)
==30237== by 0xA2BA4E3: smb1cli_trans_send (smb1cli_trans.c:512)
==30237== by 0xA2C1F91: tstream_smbXcli_np_readv_trans_start (tstream_smbXcli_np.c:901)
==30237== by 0xA2C23AE: tstream_smbXcli_np_writev_send (tstream_smbXcli_np.c:505)
==30237== by 0xAC8E43C: tstream_writev_send (tsocket.c:695)
==30237== by 0xAC8E9BA: tstream_writev_queue_trigger (tsocket_helpers.c:513)
==30237== by 0xD815023: tevent_common_loop_immediate (in /usr/lib64/libtevent.so.0.9.26)
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
The computer name of the NTLMv2 blob needs to match
the schannel connection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
The computer name of the NTLMv2 blob needs to match
the schannel connection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
This create a schannel connection to netlogon, this makes the tests
more realistic.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
It appears that incorrect decryption triggers a different error code,
causing a test which fails every now and again, as sometimes the invalid
data will parse as a SID, and so pass one of the checks.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Mon Mar 14 03:55:16 CET 2016 on sn-devel-144
This is the only way to get a reliable transport session key.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
ncacn_ip_tcp doesn't have the required session key.
It used to be the wellknown "SystemLibraryDTC" constant,
but that's not available in modern systems anymore.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
It appears that incorrect decryption triggers a different error code,
causing a test which fails every now and again, as sometimes the invalid
data will parse as a SID, and so pass one of the checks.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
source4/torture/rpc/forest_trust.c:408:22: warning: 'my_blob' defined but not
used [-Wunused-const-variable]
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
