IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
These functions are intended to be used in ctdbd, the ctdb tool and
fake_ctdbd, replacing the different copies in each place.
ctdb_read_nodes() will replace ctdb_read_nodes_file(). The name
change is intentional - in future the location may be something other
than a simple filename.
The static copies of ctdb_read_nodes_file() and node_map_add() are
slightly sanitised versions of those in tools/ctdb.c, with a call to
ctdb_parse_node_address(). A bit more care is taken in node_map_add()
to avoid undefined behaviour if talloc_realloc() fails.
ctdb_parse_node_address() will replace ctdb_parse_address(). There is
an obvious argument change, since the ctdb context argument was
unused. It can only fail on an invalid node address, so return a
bool. This function might be changed later to allow the input address
string to include an optional port.
Where to put this module isn't entirely clear. It could go in common,
so be part of ctdb-util. However, if it later needs
ctdb-conf (e.g. to allow the node list location to be configurable)
then there would be a direct cyclic dependency. This is configuration
handling, so conf/ seems sane. However, I didn't want to put it into
the ctdb-conf target, since some code might need to parse a nodes list
but not need to parse ctdb.conf.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Anoop C S <anoopcs@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15683
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jul 19 11:13:28 UTC 2024 on atb-devel-224
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/examples/winexe/winexesvc.c:60: var_decl: Declaring variable ""ea"" without initializer.
samba-4.20.0rc2/examples/winexe/winexesvc.c:86: uninit_use_in_call: Using uninitialized value ""ea"". Field ""ea.Trustee.pMultipleTrustee"" is uninitialized when calling ""SetEntriesInAclA"".
84|
85| /* Create a new ACL that contains the new ACEs */
86|-> dwRes = SetEntriesInAcl(1, &ea, NULL, &pACL);
87| if (ERROR_SUCCESS != dwRes) {
88| dbg(""SetEntriesInAcl Error %lu\n"", GetLastError());"
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jul 18 12:36:25 UTC 2024 on atb-devel-224
The test needs --option="torture:Forest_Trust_Dom2_Binding=..." in order
to be useful, so the skip is correct, but the knownfail entry should
have been removed with e5163dfd57694351bf556565e92f74b71221db29.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
net.export_keytab() includes the current timestamp into the resulting
keytab. So we need to make sure the two compared exports actually
run within the same second.
And klist may also print the keytab filename...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jul 17 14:21:30 UTC 2024 on atb-devel-224
In standalone setups we use the PAM stack to verify
the plaintext authentication, so we need to pass it
down...
There are still production systems out there
(legacy audio/video recording systems...)
using this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9705
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jul 17 11:17:54 UTC 2024 on atb-devel-224
This allows testing a plaintext password authentication
on a standalone server using the PAM stack to verify it.
There are still production systems out in the wild using this...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9705
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
pam_matrix calls smb_pam_conv() with resp=NULL in some situation,
we should not segfault...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9705
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This allows testing pam with simple passwords.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9705
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Updating things like the bad pwd count should not clear the
stored LM HASH with 'lanman auth = no'.
This allows testing with 'lanman auth = no' and 'lanman auth = yes'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9705
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This demonstrates that we currently have problems with
plaintext and lanman authentication. In both domain member
and standalone setups.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9705
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Note that the LM HASH is only generated for passwords
up to 14 characters...
We use extra_options_before_inject in order to
allow overriding any existing parameter.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9705
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This allows overriding any existing parameter.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9705
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
DEBUG_PASSWORDS --> DEBUG_PASSWORD
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Wed Jul 17 08:49:46 UTC 2024 on atb-devel-224
The current fake_ctdbd code for reloading the nodes file overruns the
allocation when adding a deleted node at the end. This is a very
unlikely case, but it might as well work.
Check the size of the internal node map when marking a node deleted.
Also, update the code that adds a node to correctly set the deleted
flag when appropriate.
The included test case tests this.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Jul 17 00:06:53 UTC 2024 on atb-devel-224
There are no existing tests to exercise node IP address change
detection.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
`sr.in.info = info` is correctly set later after we called
dcerpc_lsa_QueryTrustedDomainInfoByName_r() which filling the info
pointer with data.
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/source4/torture/rpc/forest_trust.c:211: var_decl: Declaring variable ""info"" without initializer.
samba-4.20.0rc2/source4/torture/rpc/forest_trust.c:248: uninit_use: Using uninitialized value ""info"".
246| sr.in.trusted_domain = talloc_zero(tctx, struct lsa_String);
247| sr.in.trusted_domain->string = name;
248|-> sr.in.info = info;
249|
250| for (c = 0; il[c].info_level != -1; c++) {"
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Jul 16 12:42:39 UTC 2024 on atb-devel-224
"Error: INTEGER_OVERFLOW (CWE-190):
samba-4.20.0rc2/source3/modules/vfs_preopen.c:215: tainted_data_return: Called function ""read(sock_fd, namebuf + nread, talloc_get_size(namebuf) - nread)"", and a possible return value may be less than zero.
samba-4.20.0rc2/source3/modules/vfs_preopen.c:215: assign: Assigning: ""thistime"" = ""read(sock_fd, namebuf + nread, talloc_get_size(namebuf) - nread)"".
samba-4.20.0rc2/source3/modules/vfs_preopen.c:221: overflow: The expression ""nread"" is considered to have possibly overflowed.
samba-4.20.0rc2/source3/modules/vfs_preopen.c:215: overflow: The expression ""talloc_get_size(namebuf) - nread"" is deemed overflowed because at least one of its arguments has overflowed.
samba-4.20.0rc2/source3/modules/vfs_preopen.c:215: overflow_sink: ""talloc_get_size(namebuf) - nread"", which might have underflowed, is passed to ""read(sock_fd, namebuf + nread, talloc_get_size(namebuf) - nread)"". [Note: The source code implementation of the function has been overridden by a builtin model.]
213| ssize_t thistime;
214|
215|-> thistime = read(sock_fd, namebuf + nread,
216| talloc_get_size(namebuf) - nread);
217| if (thistime <= 0) {"
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
"Error: RESOURCE_LEAK (CWE-772):
samba-4.20.0rc2/lib/util/close_low_fd.c:40: open_fn: Returning handle opened by ""open"". [Note: The source code implementation of the function has been overridden by a user model.]
samba-4.20.0rc2/lib/util/close_low_fd.c:40: var_assign: Assigning: ""dev_null"" = handle returned from ""open(""/dev/null"", 2, 0)"".
samba-4.20.0rc2/lib/util/close_low_fd.c:52: overwrite_var: Overwriting handle ""dev_null"" in ""dev_null = open(""/dev/null"", 2, 0)"" leaks the handle.
50| }
51|
52|-> dev_null = open(""/dev/null"", O_RDWR, 0);
53| if (dev_null == -1) {
54| dev_null = open(""/dev/null"", O_WRONLY, 0);"
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
