IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
We should not attempt to build local copies of Heimdal utilities against
a system krb5 library.
Inspired by a WIP commit by Stefan Metzmacher <metze@samba.org> in his
lorikeet-heimdal import branch of patches to upgrade to a modern Heimdal.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14924
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
This provides the defines that may be needed to use the
compiler-provided atomics, rather than a fallback.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
The client-side testing done by these callbacks is no longer needed, and
the server-side testing is covered by Python-based tests. Removing these
leaves us with a more manageable test of the Kerberos API.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This test combination is not needed. Removing it allows us to avoid
modifying requests prior to sending them, which can cause problems with
an upgraded Heimdal version.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Dec 6 22:57:54 UTC 2021 on sn-devel-184
This behaviour is already covered by existing Python tests. This test
stage also modifies the request prior to sending it, which can cause
problems with an upgraded Heimdal version.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Using a SPN should only be permitted if it is also a UPN, and is not an
enterprise principal.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is currently not checked in several places due to STRICT_CHECKING
being set to 0.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This allows us to ensure that the correct name makes it through to the
PAC.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This decreases the time that the tests take to run.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
If you have libkrb5 in a non-standard include path, we would not check the
latest version but search default paths (e.g. /usr/include) first.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is needed if you have headers in non-standard include paths.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
There is no need for ads.h which would pull in krb5.h and much more ...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The net ads join command already handles this,
and the call was missing from the python bindings
for samba-tool domain join member.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This will otherwise break the system-heimdal build.
This is correct regardless.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Dec 6 21:48:30 UTC 2021 on sn-devel-184
This include was being set on too many subsystems, including some MIT-related.
This was a problem because it would then trigger the mixing of MIT and Heimdal
krb5.h files. It is now only set on the plugins and services that use the
embedded Heimdal KDC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14924
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
This got changed by 6e65c283120e3e627f0d8570601263f904529996 without updating
the manpage.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14926
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Dec 6 18:24:24 UTC 2021 on sn-devel-184
As pointed out in https://lwn.net/Articles/875964, forbidding bidi
marker characters is not always going to be enough to avoid
right-to-left vs left-to-right confusion. Consider this:
$ python -c's = "b = x # 2 * n * m"; print(s); print(s.replace("x", "א").replace("n", "ח"))'
b = x # 2 * n * m
b = א # 2 * ח * m
Those two lines are semantically the same, with the Hebrew letters
"א" and "ח" replacing "x" and "n". But they look like they mean
different things.
It is not enough to say we only allow these scripts (or indeed
non-ascii) in strings and comments, as demonstrated in this example:
$ python -c's = "b = \"x#\" # n"; print(s); print(s.replace("x", "א").replace("n", "ח"))'
b = "x#" # n
b = "א#" # ח
where the second line is visually disordered but looks valid. Any series
of neutral characters between teo RTL characters will be reversed (and
possibly mirrored).
In practice this affects one file, which is a text file for testing
unicode normalisation.
I think, for the reasons shown above, we are unlikely to see legitimate
RTL code outside perhaps of documentation files — but if we do, we can
add those files to the allow-list.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Dec 3 18:53:43 UTC 2021 on sn-devel-184
Our previous behaviour was to try to os.stat() the non-existent
target.
The new code greatly improves efficiency for this little task.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14918
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14923
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Dec 3 12:54:04 UTC 2021 on sn-devel-184
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14912
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Dec 2 14:49:35 UTC 2021 on sn-devel-184
We should not fail this just because the user doesn't have
permissions on the share root.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Dec 1 11:51:50 UTC 2021 on sn-devel-184
Demonstrate that smbd fails FSCTL_QUERY_NETWORK_INTERFACE_INFO
only because the user doesn't have permissions on the share root.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
smbd_smb2_request_process_ioctl() already detailed checks for file_ids,
which not reached before.
.allow_invalid_fileid = true was only used for SMB2_OP_IOCTL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
An invalid file id for FSCTL_QUERY_NETWORK_INTERFACE_INFO gives
INVALID_PARAMETER instead of FILE_CLOSED.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
We should not send more data than the client requested.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
It seems that we currently don't have BUFFER_TOO_SMALL handling
for FSCTL/IOCTL calls.
FSCTL_QUERY_NETWORK_INTERFACE_INFO is just an easy example
to demonstrate it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
We should not fail this just because the user doesn't have permissions
on the share root.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
There's no reason to handle FSCTL_SMBTORTURE_FORCE_UNACKED_TIMEOUT
differently if signing/encryption is used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
