1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Commit Graph

2058 Commits

Author SHA1 Message Date
Stefan Metzmacher
460e280d3a docs-xml: add 'vfs mkdir use tmp name' option
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15693

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2024-08-21 08:02:30 +00:00
Volker Lendecke
89da15756d loadparm: Add lp_wi_scan_share_parametrics
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15688
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-31 08:39:29 +00:00
Volker Lendecke
0536ac96e9 loadparm: Factor out lp_wi_scan_parametrics
We'll scan share parametrics soon as well.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15688
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-31 08:39:29 +00:00
Jo Sutton
8a456f373f s3:param: Check return value of strlower_m() (CID 1598446)
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2024-07-02 03:39:35 +00:00
Andreas Schneider
758bb9aacd docs-xml: Add smb.conf option 'dns hostname'
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-05-22 20:33:36 +00:00
Volker Lendecke
0baae61e42 lib: Give lib/util/util_file.c its own header file
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
2024-04-16 23:51:45 +00:00
Pavel Filipenský
75a4fbbf6a smbdotconf: Enable "winbind debug traceid" by default
The traceid debug header field is a useful feature, let's make it
default.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15631

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Mon Apr 15 18:47:41 UTC 2024 on atb-devel-224
2024-04-15 18:47:41 +00:00
Joseph Sutton
507ff19263 s3:param: Remove unnecessary use of discard_const_p()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-21 20:21:34 +00:00
Ralph Boehme
631e6aa0d0 smbd: bring back "smb3 unix extensions" option
This basically reverts commit b3cae8dcf1
with a few important differences:

* SMB3 UNIX extensions are always built, but disabled by default at runtime.

* They are globally enabled in the fileserver test environment.

* It's now a per-share option, so admins can selectively disable them
  on a per-share basis. This allows clients to detect early that a share
  doesn't support user mount requested POSIX and fail appropiately, passing
  the failure to the requesting application (mount command).

Signed-off-by: Ralph Boehme <slow@samba.org>
2023-11-27 18:31:35 +00:00
Andreas Schneider
9621a3d7a6 Use python.h from libreplace
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15513

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-20 15:37:33 +00:00
Andreas Schneider
d7a6488da8 lib:param: Set a memory context for the globals if not initialized yet
Typically once the smb.conf starts to be loaded,
loadparm_s3_init_globals() will be called and a memory context for
strings on the static Globals will be created.  But we might call
lpcfg_set_cmdline() before we load the smb.conf file, so we (via a
helper pointer) call loadparm_s3_init_globals() to get that
initialisation done earlier, ensuring that all allocations on Globals is
done on a memory context that we can later TALLOC_FREE() before exit().

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-25 22:23:37 +00:00
Andreas Schneider
0e45a0cec9 s3:param: Make init_globals() public
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-25 22:23:37 +00:00
Andreas Schneider
e30c404fb7 s3:param: Use the memory context we just created instead of tos
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-25 22:23:37 +00:00
Andreas Schneider
49424f18b1 s3:param: Use a talloc stackframe in pyparam
Several parts of the code use talloc_tos() requiring a stackframe to be
present. This is needed as loadparm_init_s3() will call init_globals()
later.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-25 22:23:37 +00:00
Andrew Bartlett
3cf1beed5d CVE-2023-42669 s4-rpc_server: Disable rpcecho server by default
The rpcecho server is useful in development and testing, but should never
have been allowed into production, as it includes the facility to
do a blocking sleep() in the single-threaded rpc worker.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15474

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2023-10-10 14:49:39 +00:00
Andrew Bartlett
1223b89d81 docs-xml: Add new parameter "acl claims evaluation"
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-09-26 23:45:35 +00:00
Volker Lendecke
b3cae8dcf1 conf: Remove "smb3 unix extensions" parameter
Always offer it, it's a client thing to ask for it or not.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Sep 21 17:43:23 UTC 2023 on atb-devel-224
2023-09-21 17:43:23 +00:00
Andreas Schneider
96e18e1774 s3:param: Remove unused lp_set_cmdline()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Kalugin <pkalugin@inno.tech>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Sep 14 22:30:06 UTC 2023 on atb-devel-224
2023-09-14 22:30:06 +00:00
Pavel Kalugin
c291ab2a03 s3:param: Use lpcfg_set_cmdline()
Signed-off-by: Pavel Kalugin <pkalugin@inno.tech>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-08-23 08:27:30 +00:00
Andreas Schneider
57047ca56d s3:param: Fix code spelling
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-07-19 09:58:37 +00:00
Andreas Schneider
f8d5e70a91 s3:param: Rename bLoaded global variable
This makes codespell happy.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-07-19 09:58:37 +00:00
Volker Lendecke
79b07271ee smbd: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-07-03 19:40:35 +00:00
Volker Lendecke
c37d6be2db smbd: Remove unused dptr_SearchDir() and the dir cache
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-06-13 23:33:39 +00:00
Andrew Bartlett
e5c3e076c8 param: Add new parameter "ad dc functional level"
This allows the new unsupported functional levels to be unlocked, but with an smb.conf
option that is easily seen.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-05-16 23:29:32 +00:00
Rob van der Linde
b74b9f4b06 CVE-2023-0922 set default ldap client sasl wrapping to seal
This avoids sending new or reset passwords in the clear
(integrity protected only) from samba-tool in particular.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15315

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Apr  5 03:08:51 UTC 2023 on atb-devel-224
2023-04-05 03:08:51 +00:00
Andreas Schneider
56c6f0b6d6 selftest: Only run samba.tests.smb3unix in developer mode
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jan 26 13:13:50 UTC 2023 on atb-devel-224
2023-01-26 13:13:50 +00:00
Andreas Schneider
ac0e844ea8 param: Use a higher time resolution for lp_file_list_changed()
It is possible that in our test environment one of the config 'include' files
change more than once per second. To avoid missing a file update we use a
higher time resolution than seconds.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-01-26 12:15:33 +00:00
Andrew Walker
5b19288949 s3:params:lp_do_section - protect against NULL deref
iServiceIndex may indicate an empty slot in the ServicePtrs
array. In this case, lpcfg_serivce_ok(ServicePtrs[iServiceIndex])
may trigger a NULL deref and crash. Skipping the check
here will cause a scan of the array in add_a_service() and the
NULL slot will be used safely.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15267

Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Dec 20 18:49:54 UTC 2022 on sn-devel-184
2022-12-20 18:49:54 +00:00
Günther Deschner
39e8489dfc s3-librpc: add ads.idl and convert ads_struct to talloc.
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-16 20:38:32 +00:00
Stefan Metzmacher
fa64f8fa8d CVE-2022-37966 param: let "kdc default domain supportedenctypes = 0" mean the default
In order to allow better upgrades we need the default value for smb.conf to the
same even if the effective default value of the software changes in future.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-13 13:07:30 +00:00
Stefan Metzmacher
7504a4d6fe CVE-2022-37966 param: don't explicitly initialize "kdc force enable rc4 weak session keys" to false/"no"
This is not squashed in order to allow easier backports...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-13 13:07:30 +00:00
Andrew Bartlett
ee18bc29b8 CVE-2022-37966 param: Add support for new option "kdc force enable rc4 weak session keys"
Pair-Programmed-With: Joseph Sutton <josephsutton@catalyst.net.nz>

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-12-13 13:07:29 +00:00
Joseph Sutton
d861d4eb28 CVE-2022-37966 param: Add support for new option "kdc default domain supportedenctypes"
This matches the Windows registry key

HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\KDC\DefaultDomainSupportedEncTypes

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-12-13 13:07:29 +00:00
Stefan Metzmacher
7732a4b0bd CVE-2022-38023 docs-xml/smbdotconf: add "server schannel require seal[:COMPUTERACCOUNT]" options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-12-13 13:07:29 +00:00
Stefan Metzmacher
c8e53394b9 CVE-2022-38023 docs-xml/smbdotconf: change 'reject md5 clients' default to yes
AES is supported by Windows Server >= 2008R2, Windows (Client) >= 7 and Samba >= 4.0,
so there's no reason to allow md5 clients by default.
However some third party domain members may need it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-12-13 13:07:29 +00:00
Stefan Metzmacher
1c6c112990 CVE-2022-38023 docs-xml/smbdotconf: change 'reject md5 servers' default to yes
AES is supported by Windows >= 2008R2 and Samba >= 4.0 so there's no
reason to allow md5 servers by default.

Note the change in netlogon_creds_cli_context_global() is only cosmetic,
but avoids confusion while reading the code. Check with:

 git show -U35 libcli/auth/netlogon_creds_cli.c

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-12-13 13:07:29 +00:00
Volker Lendecke
5d82af05f3 smbd: Remove a few "extern userdom_struct current_user_info"
get_current_username() returns current_user_info.smb_name

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Dec 12 22:14:20 UTC 2022 on sn-devel-184
2022-12-12 22:14:20 +00:00
Volker Lendecke
8cc0489c80 lib: Add get_current_user_info_domain()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-12 21:16:33 +00:00
Volker Lendecke
9321a533cd lib: Add lp_allow_local_address()
Helper function for listing and accessing shares

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-11-10 07:27:31 +00:00
Andreas Schneider
80dc3bc2b8 s3:param: Fix old-style function definition
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-10-27 18:18:36 +00:00
Noel Power
19eb88bc53 s3/param: Check return of talloc_strdup
followup to commit ff003fc87b

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-10-17 18:46:29 +00:00
Noel Power
ff003fc87b s3/param: Fix use after free with popt-1.19
popt1.19 fixes a leak that exposes a use as free,
make sure we duplicate return of poptGetArg if
poptFreeContext is called before we use it.

==5325== Invalid read of size 1
==5325==    at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325==    by 0x4859E1C: talloc_strdup (talloc.c:2470)
==5325==    by 0x48C0D37: talloc_sub_basic (substitute.c:303)
==5325==    by 0x4894B98: lp_load_ex (loadparm.c:4004)
==5325==    by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325==    by 0x10ABD7: main (test_lp_load.c:98)
==5325==  Address 0x72da8b0 is 0 bytes inside a block of size 20 free'd
==5325==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325==    by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325==    by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325==    by 0x10AB8E: main (test_lp_load.c:90)
==5325==  Block was alloc'd at
==5325==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325==    by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325==    by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 1
==5325==    at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325==    by 0x4859E1C: talloc_strdup (talloc.c:2470)
==5325==    by 0x48C0D37: talloc_sub_basic (substitute.c:303)
==5325==    by 0x4894B98: lp_load_ex (loadparm.c:4004)
==5325==    by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325==    by 0x10ABD7: main (test_lp_load.c:98)
==5325==  Address 0x72da8b1 is 1 bytes inside a block of size 20 free'd
==5325==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325==    by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325==    by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325==    by 0x10AB8E: main (test_lp_load.c:90)
==5325==  Block was alloc'd at
==5325==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325==    by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325==    by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 8
==5325==    at 0x484D3AE: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325==    by 0x4859DC2: __talloc_strlendup (talloc.c:2457)
==5325==    by 0x4859E32: talloc_strdup (talloc.c:2470)
==5325==    by 0x48C0D37: talloc_sub_basic (substitute.c:303)
==5325==    by 0x4894B98: lp_load_ex (loadparm.c:4004)
==5325==    by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325==    by 0x10ABD7: main (test_lp_load.c:98)
==5325==  Address 0x72da8b0 is 0 bytes inside a block of size 20 free'd
==5325==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325==    by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325==    by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325==    by 0x10AB8E: main (test_lp_load.c:90)
==5325==  Block was alloc'd at
==5325==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325==    by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325==    by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 2
==5325==    at 0x484D400: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325==    by 0x4859DC2: __talloc_strlendup (talloc.c:2457)
==5325==    by 0x4859E32: talloc_strdup (talloc.c:2470)
==5325==    by 0x48C0D37: talloc_sub_basic (substitute.c:303)
==5325==    by 0x4894B98: lp_load_ex (loadparm.c:4004)
==5325==    by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325==    by 0x10ABD7: main (test_lp_load.c:98)
==5325==  Address 0x72da8c0 is 16 bytes inside a block of size 20 free'd
==5325==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325==    by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325==    by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325==    by 0x10AB8E: main (test_lp_load.c:90)
==5325==  Block was alloc'd at
==5325==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325==    by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325==    by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 1
==5325==    at 0x484D430: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325==    by 0x4859DC2: __talloc_strlendup (talloc.c:2457)
==5325==    by 0x4859E32: talloc_strdup (talloc.c:2470)
==5325==    by 0x48C0D37: talloc_sub_basic (substitute.c:303)
==5325==    by 0x4894B98: lp_load_ex (loadparm.c:4004)
==5325==    by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325==    by 0x10ABD7: main (test_lp_load.c:98)
==5325==  Address 0x72da8c2 is 18 bytes inside a block of size 20 free'd
==5325==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325==    by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325==    by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325==    by 0x10AB8E: main (test_lp_load.c:90)
==5325==  Block was alloc'd at
==5325==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325==    by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325==    by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 1
==5325==    at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325==    by 0x4859E1C: talloc_strdup (talloc.c:2470)
==5325==    by 0x4B3B74B: add_to_file_list (loadparm.c:1023)
==5325==    by 0x4894BD4: lp_load_ex (loadparm.c:4011)
==5325==    by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325==    by 0x10ABD7: main (test_lp_load.c:98)
==5325==  Address 0x72da8b0 is 0 bytes inside a block of size 20 free'd
==5325==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325==    by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325==    by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325==    by 0x10AB8E: main (test_lp_load.c:90)
==5325==  Block was alloc'd at
==5325==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325==    by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325==    by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 1
==5325==    at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325==    by 0x4859E1C: talloc_strdup (talloc.c:2470)
==5325==    by 0x4B3B74B: add_to_file_list (loadparm.c:1023)
==5325==    by 0x4894BD4: lp_load_ex (loadparm.c:4011)
==5325==    by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325==    by 0x10ABD7: main (test_lp_load.c:98)
==5325==  Address 0x72da8b1 is 1 bytes inside a block of size 20 free'd
==5325==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325==    by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325==    by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325==    by 0x10AB8E: main (test_lp_load.c:90)
==5325==  Block was alloc'd at
==5325==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325==    by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325==    by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 8
==5325==    at 0x484D3AE: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325==    by 0x4859DC2: __talloc_strlendup (talloc.c:2457)
==5325==    by 0x4859E32: talloc_strdup (talloc.c:2470)
==5325==    by 0x4B3B74B: add_to_file_list (loadparm.c:1023)
==5325==    by 0x4894BD4: lp_load_ex (loadparm.c:4011)
==5325==    by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325==    by 0x10ABD7: main (test_lp_load.c:98)
==5325==  Address 0x72da8b0 is 0 bytes inside a block of size 20 free'd
==5325==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325==    by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325==    by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325==    by 0x10AB8E: main (test_lp_load.c:90)
==5325==  Block was alloc'd at
==5325==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325==    by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325==    by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 2
==5325==    at 0x484D400: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325==    by 0x4859DC2: __talloc_strlendup (talloc.c:2457)
==5325==    by 0x4859E32: talloc_strdup (talloc.c:2470)
==5325==    by 0x4B3B74B: add_to_file_list (loadparm.c:1023)
==5325==    by 0x4894BD4: lp_load_ex (loadparm.c:4011)
==5325==    by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325==    by 0x10ABD7: main (test_lp_load.c:98)
==5325==  Address 0x72da8c0 is 16 bytes inside a block of size 20 free'd
==5325==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325==    by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325==    by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325==    by 0x10AB8E: main (test_lp_load.c:90)
==5325==  Block was alloc'd at
==5325==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325==    by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325==    by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 1
==5325==    at 0x484D430: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325==    by 0x4859DC2: __talloc_strlendup (talloc.c:2457)
==5325==    by 0x4859E32: talloc_strdup (talloc.c:2470)
==5325==    by 0x4B3B74B: add_to_file_list (loadparm.c:1023)
==5325==    by 0x4894BD4: lp_load_ex (loadparm.c:4011)
==5325==    by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325==    by 0x10ABD7: main (test_lp_load.c:98)
==5325==  Address 0x72da8c2 is 18 bytes inside a block of size 20 free'd
==5325==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325==    by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325==    by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325==    by 0x10AB8E: main (test_lp_load.c:90)
==5325==  Block was alloc'd at
==5325==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325==    by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325==    by 0x10AB49: main (test_lp_load.c:74)
==5325==

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-10-14 12:37:29 +00:00
Volker Lendecke
0f75963cf4 param: Add "smb3 unix extensions"
Only available in DEVELOPER builds. Adding now to get some testing
step by step done.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-09-02 13:31:38 +00:00
Andrew Bartlett
d2a473a7b7 dsdb: Allow password history and password changes without an NT hash
We now allow this to be via the ENCTYPE_AES256_CTS_HMAC_SHA1_96 hash instead
which allows us to decouple Samba from the unsalted NT hash for
organisations that are willing to take this step (for user accounts).

(History checking is limited to the last three passwords only, as
ntPwdHistory is limited to NT hash values, and the PrimaryKerberosCtr4
package only stores three sets of keys.)

Since we don't store a salt per-key, but only a single salt, the check
will fail for a previous password if the account was renamed prior to a
newer password being set.

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-06-26 22:10:29 +00:00
Christian Ambach
5f1f3b0f06 docs-xml: add new parameter volume serial number
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14765
RN: add new smb.conf parameter "volume serial number" to allow overriding
the generated default value

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-06-06 16:46:35 +00:00
Thomas Debesse
206909d52b s4: dns: Add customizable dns port option
Signed-off-by: Thomas Debesse <dev@illwieckz.net>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar 25 20:25:28 UTC 2022 on sn-devel-184
2022-03-25 20:25:28 +00:00
Stefan Metzmacher
12b623088c docs-xml: add 'kdc enable fast' option
This will be useful to test against a KDC without FAST support
and find/prevent regressions.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15002
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15005

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-03-11 17:10:29 +00:00
Jeremy Allison
41393579de s3: Simple rename 'struct smb_signing_state' -> 'struct smb1_signing_state'
This is only used by the SMB1 signing code, except for one
bool for SMB2 which we will replace next.

Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: David Mulder <dmulder@samba.org>
2022-03-08 22:12:37 +00:00
Jeremy Allison
fadb2d60ae s3: smbd: Update widelinks_warning() to cope with SMB1 and SMB2 unix extensions.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2022-02-01 16:30:37 +00:00
Jeremy Allison
7a5fea262f s3: smbd: lp_widelinks(). Turn off widelinks if either SMB1 or SMB2 unix extensions are turned on.
NB. Currently it's impossible to turn on SMB2 unix extensions.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2022-02-01 16:30:37 +00:00