IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
We should build with lmdb support also if it is not in AD case. The lmdb
backend is also used e.g. by sssd.
If you don't want to build it, you can always specify --without-ldb-lmdb
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15721
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Sep 25 05:36:13 UTC 2024 on atb-devel-224
(cherry picked from commit fdef894d79793feafc286ff9e21cb01e4c777b26)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15643
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Sep 27 09:06:43 UTC 2024 on atb-devel-224
(cherry picked from commit 20a3a94e06a2294206ec233ccc7f873d6ef2aca0)
Autobuild-User(v4-21-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-21-test): Wed Oct 2 09:28:09 UTC 2024 on atb-devel-224
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15643
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit d6ff05cb5708fb6746176821bee5f713195efa54)
It should be off by default, as this is not needed by default. It
crashes named on startup, if bind is built with jemalloc support.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15643
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit dc6927fdca2ad77dbcf212ef4d3ba0d118ec7bdf)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15643
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 8d6b5183770895fef002b6cce84902d1874fa502)
Same fix as in commit 09d7690
'samba-tool domain provision -d10' fails if the included file does not
exist:
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
Processing section "[global]"
Can't find include file /etc/samba/usershares.conf
pm_process() returned No
ERROR: Unable to load default file
File "/usr/lib64/python3.12/site-packages/samba/netcmd/domain/provision.py", line 183, in run
lp = sambaopts.get_loadparm()
^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib64/python3.12/site-packages/samba/getopt.py", line 282, in get_loadparm
self._lp.load_default()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15698
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Aug 21 00:04:19 UTC 2024 on atb-devel-224
(cherry picked from commit ffc75c569c69ce22a39b5d1df8cb4906095c8654)
Autobuild-User(v4-21-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-21-test): Wed Aug 21 11:19:48 UTC 2024 on atb-devel-224
* Regression fix for ABI problem
TDB_1_4_11 vs. TDB_1.4.11
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15673
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Aug 6 16:16:27 UTC 2024 on atb-devel-224
(cherry picked from commit 6b10cfbaf2c522cceb48c610c18656d2d69cf60b)
An accidental negation means that ldb_version.h is not installed when
ldb is built as a public library.
This is a regression introduced by commit
625fb48326ec62a33ce0abdbfb0f6f3d33d7cc64.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15690
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Sun Aug 4 01:35:55 UTC 2024 on atb-devel-224
(cherry picked from commit 5851ae555425ea2ba8e431162142ebae47be802e)
* Add tdbdump -x option to output all data as hex values
* Add missing overflow check for num_values in pytdb.c
* Remove Py2 related tests
* Update times in tdb_transaction_commit per fd, not per name
* Fix compilation with TDB_TRACE=1
* Allow tracing of internal tdb
Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Sat Jul 27 23:51:44 UTC 2024 on atb-devel-224
Just in case, but also so ldb_kv_index_transaction_cancel() can use
this and retain the same logic.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
We can't just free it, because has the GUID index list as a child, and
these are shared by the new dn list (from the subtransaction we are
committing). But if the dn list is long and the main transaction is
long-lived, we can save a lot of memory by turning this dn list into
an almost empty node in the talloc tree. This returns us to roughly
the situation we had prior to the last commit.
For example, with the repro.sh script on bug 15590 in indexes mode
with 10000 rules, The last 3 commits use this much memory at the end
of an unusually large transaction:
full talloc report on 'struct ldb_context' (total 4012222 bytes in 90058 blocks)
full talloc report on 'struct ldb_context' (total 2405482219 bytes in 90058 blocks)
full talloc report on 'struct ldb_context' (total 4282195 bytes in 90058 blocks)
That is, the last commit increased usage 500 fold, and this commit
brings it back to normal.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15590
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
We don't want to modify the original list, but we can reuse the keys
if we treat them as immutable and don't free them. That makes it a lot
quicker if there are many keys (i.e. where an index is useful) and may
sub-transactions. In particular, it avoids O(n²) talloc_memdups.
A removed comment that says "We have to free the top level index
memory otherwise we would leak", and this will be addressed in the
next commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15590
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
The strict flag is only read in list intersection, so most of the time
it doesn't matter whether it is set because that path is not used.
Nevertheless seeing it set to all kinds of values is distracting.
The undefined behaviour has likely been hidden from static analysis
because the structure is passed through the in-memory tdb before use.
Incorrect true values will have disabled an optimisation but not
caused the wrong result.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This will trace internal databases to files like this:
tdb_0x5da896b51870.trace.267290
We avoid strlen(name) because name could be NULL in this case (which
works fine with glibc but feels bad).
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
../../lib/tdb/common/tdb.c: In function ‘tdb_trace_record’:
../../lib/tdb/common/tdb.c:1224:22: error: ‘snprintf’ output truncated before the last format character [-Werror=format-truncation=]
1224 | p += snprintf(p, 2, %02x, rec.dptr[i]);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../lib/tdb/common/tdb.c:1224:22: note: ‘snprintf’ output 3 bytes into a destination of size 2
cc1: all warnings being treated as errors
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
The trace looks like below. Useful is the last filed - hex dump of the
data - allows to search for all manipulations.
KEYTAB_TRACE sync_pw2keytabs_process_keytab:622 add ADMEMKEYTAB$@ADDOM.SAMBA.EXAMPLE.COM 14 17 C66D244CB26005C7D6FF9FC00FCBBE4A
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
"Error: RESOURCE_LEAK (CWE-772):
samba-4.20.0rc2/lib/util/close_low_fd.c:40: open_fn: Returning handle opened by ""open"". [Note: The source code implementation of the function has been overridden by a user model.]
samba-4.20.0rc2/lib/util/close_low_fd.c:40: var_assign: Assigning: ""dev_null"" = handle returned from ""open(""/dev/null"", 2, 0)"".
samba-4.20.0rc2/lib/util/close_low_fd.c:52: overwrite_var: Overwriting handle ""dev_null"" in ""dev_null = open(""/dev/null"", 2, 0)"" leaks the handle.
50| }
51|
52|-> dev_null = open(""/dev/null"", O_RDWR, 0);
53| if (dev_null == -1) {
54| dev_null = open(""/dev/null"", O_WRONLY, 0);"
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
We burn arguments to all unknown options containing "pass" (e.g.
"--passionate=false") in case they are a password option, but is bad
in the case where the unknown option takes no argument but the next
option *is* a password (like "--overpass --password2 barney". In that
case "--password2" would be burnt and not "barney".
The burning behaviour doesn't change with this commit, but users will now
see an error message explaining that the option was unknown. This is not
so much aimed at end users -- for who an invalid option will hopefully
lead to --help like output -- but to developers who add a new "pass"
option.
This also slightly speeds up the processing of known password options,
which is a little bit important because we are in a race to replace the
command line in /proc before an attacker sees it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Jul 10 06:28:08 UTC 2024 on atb-devel-224
Patch updated for recent samba versions in merge request #3295 by kvvloten
Initial patch created by Jeremy Allison (https://www.spinics.net/lists/samba/msg161128.html) to log LDAP server queries/functions in a separate file
Signed-off-by: Andréas Leroux <aleroux@tranquil.it>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jul 9 08:37:22 UTC 2024 on atb-devel-224
This is the long form of -U in samba-tool.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
We treat any option containing 'pass' with suspicion, unless we know it
is OK.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
We have more secret arguments, like --client-password, --adminpass,
so we are going to use an allowlist for options containing 'pass', but
we don't want to burn the likes of --group=passionfruit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
We have options that start with --user or --password that we don't
want to burn. Some grepping says:
2 --user1
1 --user2
10 --user-allowed-to-authenticate-from
6 --user-allowed-to-authenticate-to
2 --user-allow-ntlm-auth
25 --user-authentication-policy
1 --user-config
4 --user-domgroups
5 --user-ext-name
2 --user-groups
6 --user-info
27 --username
1 --username2
2 --userou
1 --users
2 --user-sidinfo
6 --user-sids
14 --user-tgt-lifetime-mins
2 --password2
118 --password-file
2 --password-from-stdin
# from here, grepping for strings around POPT_ constants
5 "user"
2 "user1"
2 "user2"
1 "userd"
1 "user-domgroups"
1 "user-groups"
1 "user-info"
2 "username"
1 "user-sidinfo"
1 "user-sids"
1 passwordd
4 "password"
Not all of these use lib/cmdline, but I think most do, via Python
which defers to cmdline_burn().
Note that there are options we should burn that aren't on this list,
like --adminpass. That's another matter.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
As this function increases in complexity, it helps to keep things close.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Before we have been trying to cram three cases into a boolean return
value:
* cmdline had secrets, we burnt them -> true
* cmdline had no secrets, all good -> false
* cmdline has NULL string, WTF! emergency! -> false
This return value is only used by Python which wants to know whether to
go to the trouble of replacing the command line. If samba_cmdline_burn()
returns false, no action is taken.
If samba_cmdline_burn() burns a password and then hits a NULL, it would
be better not to do nothing. It would be better to crash. And that is
what Python will end up doing, by some talloc returning NULL triggering
a MemoryError.
What about the case like {"--foo", NULL, "-Ua%b"} where the secret comes
after the NULL? That will still be ignored by Python, as it is by all C
tools, but we are hoping that can't happen anyway.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
We weren't treating "--password secret" the same as "--password=secret",
which sometimes led to secrets not being redacted.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
If argv contains a secret option without an '=' (or in the case of
"-U", the username is separated by space), we will get to the
`if (strlen(p) == ulen) { continue; }` without resetting the found
and is_user variables. This *sometimes* has the right effect, because
the next string in argv ought to contain the secret.
But in a case like {"--password", "1234567890"}, where the secret
string is the same length as the option, we *again* take that branch
and the password is not redacted, though the argument after it will be
unless it is also of the same length.
If we always set the flags at the start we avoid this. This makes
things worse in the short term for secrets that are not the same
length as their options, but we'll get to that in another commit soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
We return true from this function when a secret has been erased,
and were accidentally treating as if it had secrets.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15671
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
As we now require GnuTLS 3.6.13, we can rely on GnuTLS providing these
macros.
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Martin Schwenke <martin@meltin.net>
We might have a relative filename in tdb->name, so we might do the
wrong thing here. And as we have the fd, why not use it...
We call futimens in vfs_default without #ifdef and it's Posix 2018 or
before. So I don't think we need to check for it.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
lib/util/util.c: In function ‘dump_data_block16’:
lib/util/util.c:503:40: error: ‘%04zX’ directive output may be truncated
writing between 4 and 16 bytes into a region of size 15
[-Werror=format-truncation=]
503 | snprintf(tmp, sizeof(tmp), "%s[%04zX]", prefix, idx);
| ^~~~~
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This is done by adding a new API that avoids the problems of
ldb_dn_copy() and makes it clear that a struct ldb_context *
pointer will be stored in the new copy.
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
ldb_wrap is a caching mechansim, and it should probably be removed
but for now provide a way to avoid it in specific cases where we
know it is harmful.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
