samba-mirror

mirror of https://github.com/samba-team/samba.git synced 2025-01-20 14:03:59 +03:00

Author	SHA1	Message	Date
Joseph Sutton	d0db0ff268	s4:dsdb: Check whether ‘p’ is NULL before dereferencing it (CID 240875) Commit 6baf7608dfc3517cb3798fc53db849f49c6d157a added a NULL check in one place, but not everywhere ‘p’ was dereferenced. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-13 02:18:31 +00:00
Joseph Sutton	1ad4dd9288	s4:dns_server: Check return value of ldb_transaction_commit() (CID 1034631) Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-13 02:18:31 +00:00
Joseph Sutton	d3b1aa6359	s4:dns_server: Merge similar code paths Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-13 02:18:31 +00:00
Joseph Sutton	fa68f26167	s4:auth: Remove event context on failure Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-13 02:18:31 +00:00
Joseph Sutton	79a9a07c79	s4:auth: Fix resource leak (CID 1107222) Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-13 02:18:31 +00:00
Joseph Sutton	ac00851fc9	s3:utils: Check return value of cli_RNetServiceEnum() (CID 1273313) Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-13 02:18:31 +00:00
Joseph Sutton	59e1687321	s3:utils: Avoid integer overflow (CID 1035488) Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-13 02:18:31 +00:00
Joseph Sutton	7eaad46f8c	smb2_server: Check status codes (CID 1474441) Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-13 02:18:31 +00:00
Joseph Sutton	7774ca87e7	smb2_server: Remove unreachable code (CID 1444981) Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-13 02:18:31 +00:00
Joseph Sutton	68fb12cb79	Revert "smbd: Fix CID 1504457 Resource leak" We cannot free ‘enc’ — it may be a copy of ‘buffer’, in which parameter both construct_reply_chain() and smb_request_done() pass arrays of automatic storage duration! Fixes CID 1505354. This reverts commit a395f752f0748751d4ade533c41066903f26c2dd. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-13 02:18:31 +00:00
Joseph Sutton	dbf96126cb	s3:smbd: Avoid integer overflow (CID 1035487) Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-13 02:18:31 +00:00
Joseph Sutton	1e4d4e6abd	s3:rpcclient: Do not pass uninitialized pointer to printf() (CID 1476170) Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-13 02:18:31 +00:00
Joseph Sutton	67b2dc725d	s3:nmbd: Remove redundant code (CID 1414756) ‘buf’ is reassigned a few lines down. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-13 02:18:31 +00:00
Joseph Sutton	c30aa741ee	s3:modules: Initialize mask_permset (CID 1435850) If this code had ever run, sys_acl_clear_perms() would have attempted to write to some random address in memory. ‘mask_permset’ must be a valid non‐NULL pointer. Commit 9b79d5f2a2f8af75ef13bdc41d2dc296e19ba098 seems to have been a previous attempt to fix this issue. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-13 02:18:31 +00:00
Joseph Sutton	86b0755a4b	s3:modules: Remove unreachable code (CID 1508998) Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-13 02:18:31 +00:00
Joseph Sutton	d53483a540	s3:libsmb: Fix array traversal (CID 1034683) Commit 033185e2a1b2892fe8dc74a18a38e5e13e08cb22 changed the sentinel value to an empty character array, but failed to update the traversal code to match. Commit 48a453996ac161d7c7a7cb15a047e57cbdbb1e87 then tried to fix the situation, but did not do so correctly. Fix this code by forgetting about sentinel values altogether. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-13 02:18:31 +00:00
Joseph Sutton	0c2d2f833e	s3:libnet: Remove always‐false comparison (CID 241309) Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-13 02:18:31 +00:00
Joseph Sutton	728177088c	Revert "s3:libads: Don’t do first loop iteration if ‘attr’ is NULL" Fixes CID 1547073: Control flow issues (DEADCODE). This reverts commit 184a48d65772f359bd81f83256daada8c9e500b3. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-13 02:18:31 +00:00
Joseph Sutton	7eb47179b5	s3:lib: Rearrange preprocessor directives to avoid structurally dead code (CID 242032) Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-13 02:18:31 +00:00
Joseph Sutton	3179fc2a70	s3:client: Correctly call setgroups() (CID 1449449) Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-13 02:18:31 +00:00
Joseph Sutton	b28a268b45	smbXcli: Remove unreachable code (CID 1444978) Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-13 02:18:31 +00:00
Joseph Sutton	86f8cde6b3	lib:util: Remove always‐false comparison (CID 242193) ‘id’ is an unsigned variable, and so it can never be less than zero. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-13 02:18:31 +00:00
Joseph Sutton	700754b096	util: Remove redundant assertion (CID 1497841) Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-13 02:18:31 +00:00
Joseph Sutton	757cd49b84	tdb: Do not pass non–null‐terminated strings to strcmp() (CID 1449485) Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-13 02:18:30 +00:00
Joseph Sutton	8f4aa3508c	lib:replace: Properly check result of write() and read() (CID 1034925) Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-13 02:18:30 +00:00
Joseph Sutton	fe86989fcc	lib:printer_driver: Check return value of gp_inifile_enum_section() (CID 1444835) Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-13 02:18:30 +00:00
Joseph Sutton	03ca8c25d0	lib:compression: Correctly fix sign extension of long matches (CID 1517275) Commit 6b4d94c9877ec59081b9da946c00fa2647cad928 was a previous attempt to fix this issue. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-13 02:18:30 +00:00
Joseph Sutton	a2d96f5e29	s4:kdc: Always regard device info when checking a server authentication policy Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Oct 13 00:11:08 UTC 2023 on atb-devel-224	2023-10-13 00:11:08 +00:00
Joseph Sutton	c0ef3b4292	s4:dsdb: Skip allocation of empty device SIDs array Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-12 23:13:32 +00:00
Joseph Sutton	4b19a707f2	s4:kdc: Use claims to evaluate RBCD conditions Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-12 23:13:32 +00:00
Joseph Sutton	f7064f6fd2	s4:kdc: Use device info to evaluate RBCD conditions Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-12 23:13:32 +00:00
Joseph Sutton	9b4dbaecfe	s4:kdc: Pass claims and device info into samba_kdc_check_s4u2proxy_rbcd() Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-12 23:13:32 +00:00
Joseph Sutton	51d516cc2f	s4:kdc: Rename ‘user_info_dc’ to ‘client_info’ Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-12 23:13:32 +00:00
Joseph Sutton	310c537ffa	s4:kdc: Call samba_kdc_get_user_info_dc() to get client information Among other things, this function can deal with RODC‐issued PACs. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-12 23:13:32 +00:00
Joseph Sutton	6c02e9ac62	s4:kdc: Add comment regarding RODC‐issued evidence tickets for constrained delegation Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-12 23:13:32 +00:00
Joseph Sutton	b13701ac18	s4:kdc: Factor creation of user_info_dc out of samba_kdc_check_s4u2proxy_rbcd() into its callers Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-12 23:13:32 +00:00
Joseph Sutton	390be7d332	s4:kdc: Adapt interface to new Heimdal revision NOTE: This commit finally works again! Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-12 23:13:32 +00:00
Andrew Bartlett	204b1f0c12	third_party/heimdal: import lorikeet-heimdal-202310092248 (commit cd12cddd8058d9fe627b5b203e471b8d761dcfbb) NOTE: THIS COMMIT WON’T COMPILE/WORK ON ITS OWN! Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>	2023-10-12 23:13:32 +00:00
Joseph Sutton	3280893ae8	third_party/heimdal: Fix PKINIT freshness token memory handling (Import lorikeet-heimdal-202310092148 (commit 38aa80e35b6b1e16b081fa9c005c03b1e6994204)) The issue here is that only the size of the pointer, not the size of the struture was allocated with calloc(). This means that the malloc() for the freshness token bytes would have the memory address written beyond the end of the allocated memory. Additionally, the allocation was not free()ed, resulting in a memory leak. This means that a user could trigger ongoing memory allocation in the server. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15491 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-12 23:13:32 +00:00
Joseph Sutton	09857f86f5	s4:kdc: Use claims and device info to evaluate server authentication policy Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-12 23:13:32 +00:00
Joseph Sutton	3c511c59ca	s4:kdc: Make samba_kdc_get_user_info_dc() non‐static Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-12 23:13:32 +00:00
Joseph Sutton	03e3a3a49a	s4:kdc: Use ‘claims_data’ functions to create client claims blob Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-12 23:13:32 +00:00
Joseph Sutton	608c8d493c	s4:kdc: Use device claims to evaluate client authentication policy Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-12 23:13:32 +00:00
Joseph Sutton	7336fbb2ec	s4:kdc: Use claims and device info to evaluate server authentication policy Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-12 23:13:32 +00:00
Joseph Sutton	9cef5de95a	s4:kdc: Have samba_kdc_allowed_to_authenticate_to() take claims and device info Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-12 23:13:32 +00:00
Joseph Sutton	430f7a8918	s4:kdc: Fetch device claims for server restrictions View with ‘git show -b’. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-12 23:13:32 +00:00
Joseph Sutton	407a979b98	s4:kdc: Do not perform compound authentication for services without Compound Identity support Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-12 23:13:32 +00:00
Joseph Sutton	43cce1d190	tests/krb5: Correctly test services that do not support Compound Identity These two tests now pass against Windows. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-12 23:13:32 +00:00
Joseph Sutton	3199a815db	s4:kdc: Make samba_kdc_add_compounded_auth() static Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-12 23:13:32 +00:00
Joseph Sutton	981411ba4a	s4:kdc: Remove ‘compounded_auth’ parameter from samba_kdc_add_compounded_auth() It’s only ever equal to SAMBA_COMPOUNDED_AUTH_INCLUDE. View with ‘git show -b’. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-10-12 23:13:32 +00:00

1 2 3 4 5 ...

135331 Commits