IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Only temporary, next step is a new more general symlink_target_path
routine, we'll need that in libcli/smb as well.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jul 4 08:08:49 UTC 2024 on atb-devel-224
This reverts commit a836b433ed.
Wireshark's NDR dissector dissects both signed and unsigned types
of the same size and alignment with the same functions, e.g. see
the handling of "udlong" and "dlong." It is passing the FT_UINT64
vs FT_INT64 field type enum value that determines at the last
moment whether a value is cast to signed. dissect_ndr_uint64()
already has the proper behavior for 8-byte aligned signed 64 bit
integers, and a dissect_ndr_int64() function will not need to be
introduced.
Signed-off-by: John Thacker <johnthacker@gmail.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jul 3 14:19:04 UTC 2024 on atb-devel-224
Review with: git show -U5
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jul 3 11:41:12 UTC 2024 on atb-devel-224
Picked from Wireshark's fork:
commit e1d9a226a2b8f2824a0eb162a8dc972e6e6c2dd4
Author: Guy Harris <gharris@sonic.net>
Date: Thu Jun 18 18:14:46 2020 -0700
Fix the type of arrays of pointers to hf_ values for bitfield routines.
The static arrays are supposed to be arrays of const pointers to int,
not arrays of non-const pointers to const int.
Fixing that means some bugs (scribbling on what's *supposed* to be a
const array) will be caught (see packet-ieee80211-radiotap.c for
examples, the first of which inspired this change and the second of
which was discovered while testing compiles with this change), and
removes the need for some annoying casts.
Also make some of those arrays static while we're at it.
Update documentation and dissector-generator tools.
Change-Id: I789da5fc60aadc15797cefecfd9a9fbe9a130ccc
Reviewed-on: https://code.wireshark.org/review/37517
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Signed-off-by: John Thacker <johnthacker@gmail.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Jul 3 02:35:43 UTC 2024 on atb-devel-224
Picked from Wireshark's fork:
commit 7cd6906056922e4b8f68f1216d94eaa0809896fe
Author: Guy Harris <guy@alum.mit.edu>
Date: Mon Jan 9 22:18:49 2017 -0800
Rename tvb_new_subset() to tvb_new_subset_length_caplen().
This emphasizes that there is no such thing as *the* routine to
construct a subset tvbuff; you need to choose one of
tvb_new_subset_remaining() (if you want a new tvbuff that contains
everything past a certain point in an existing tvbuff),
tvb_new_subset_length() (if you want a subset that contains everything
past a certain point, for some number of bytes, in an existing tvbuff),
and tvb_new_subset_length_caplen() (for all other cases).
Many of the calls to tvb_new_subset_length_caplen() should really be
calling one of the other routines; that's the next step. (This also
makes it easier to find the calls that need fixing.)
Change-Id: Ieb3d676d8cda535451c119487d7cd3b559221f2b
Reviewed-on: https://code.wireshark.org/review/19597
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Signed-off-by: John Thacker <johnthacker@gmail.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Picked from Wireshark's fork:
commit 5ae9af9e50c89d8700e5a166a9c345fc46b3a4ca
Author: Guy Harris <guy@alum.mit.edu>
Date: Sun Nov 6 11:02:51 2016 -0800
Get rid of Boolean "flags" that don't have any bit set.
And tweak the Pidl generator for Wireshark not to generate "flags" like
that.
(The generator also does field name and true/false strings' case
differently, so I didn't use it to regenerate the dissectors; that needs
to be looked at.)
Change-Id: Ie1657a782ebdb107e58792cedd29bbaa79b17bd4
Reviewed-on: https://code.wireshark.org/review/18695
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Signed-off-by: John Thacker <johnthacker@gmail.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Picked from the Wireshark fork:
commit 9a5e6a6884b2369527638fecd49c4c58d8c10378
Author: Michael Mann <mmann78@netscape.net>
Date: Wed Jun 15 15:35:51 2016 -0400
DCE/RPC proto_tree_add_boolean -> proto_tree_add_bitmask_with_flags
Change-Id: I8891ec90244ffd9609d8443df631a7c8e6453b7e
Reviewed-on: https://code.wireshark.org/review/15942
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Signed-off-by: John Thacker <johnthacker@gmail.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This is the long form of -U in samba-tool.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
We treat any option containing 'pass' with suspicion, unless we know it
is OK.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
We have more secret arguments, like --client-password, --adminpass,
so we are going to use an allowlist for options containing 'pass', but
we don't want to burn the likes of --group=passionfruit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
We have options that start with --user or --password that we don't
want to burn. Some grepping says:
2 --user1
1 --user2
10 --user-allowed-to-authenticate-from
6 --user-allowed-to-authenticate-to
2 --user-allow-ntlm-auth
25 --user-authentication-policy
1 --user-config
4 --user-domgroups
5 --user-ext-name
2 --user-groups
6 --user-info
27 --username
1 --username2
2 --userou
1 --users
2 --user-sidinfo
6 --user-sids
14 --user-tgt-lifetime-mins
2 --password2
118 --password-file
2 --password-from-stdin
# from here, grepping for strings around POPT_ constants
5 "user"
2 "user1"
2 "user2"
1 "userd"
1 "user-domgroups"
1 "user-groups"
1 "user-info"
2 "username"
1 "user-sidinfo"
1 "user-sids"
1 passwordd
4 "password"
Not all of these use lib/cmdline, but I think most do, via Python
which defers to cmdline_burn().
Note that there are options we should burn that aren't on this list,
like --adminpass. That's another matter.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
As this function increases in complexity, it helps to keep things close.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Before we have been trying to cram three cases into a boolean return
value:
* cmdline had secrets, we burnt them -> true
* cmdline had no secrets, all good -> false
* cmdline has NULL string, WTF! emergency! -> false
This return value is only used by Python which wants to know whether to
go to the trouble of replacing the command line. If samba_cmdline_burn()
returns false, no action is taken.
If samba_cmdline_burn() burns a password and then hits a NULL, it would
be better not to do nothing. It would be better to crash. And that is
what Python will end up doing, by some talloc returning NULL triggering
a MemoryError.
What about the case like {"--foo", NULL, "-Ua%b"} where the secret comes
after the NULL? That will still be ignored by Python, as it is by all C
tools, but we are hoping that can't happen anyway.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
We weren't treating "--password secret" the same as "--password=secret",
which sometimes led to secrets not being redacted.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
If argv contains a secret option without an '=' (or in the case of
"-U", the username is separated by space), we will get to the
`if (strlen(p) == ulen) { continue; }` without resetting the found
and is_user variables. This *sometimes* has the right effect, because
the next string in argv ought to contain the secret.
But in a case like {"--password", "1234567890"}, where the secret
string is the same length as the option, we *again* take that branch
and the password is not redacted, though the argument after it will be
unless it is also of the same length.
If we always set the flags at the start we avoid this. This makes
things worse in the short term for secrets that are not the same
length as their options, but we'll get to that in another commit soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
We return true from this function when a secret has been erased,
and were accidentally treating as if it had secrets.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15671
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
The default value (30) truncates "Samba 4.21.0pre1-DEVELOPERBUILD" to
"Samba 4.21.0pre1-DEVELOPE" in the bottom left corner of the man page.
("Samba 4.21.0pre1-DEVELOPE" is only 25 bytes long, not 30, but let's
not worry about that).
On narrow terminals (< ~75 columns) this makes it more likely that
the version string will run into the date string.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15672
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
In practice there isn't a use for two options, and neither quite
matched what people thought they were doing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15673
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
There is no reason to think '-' and '+' are the only characters that
might sneak into a vendor string; Debian habitually use '~'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15673
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Fails with some compilers with
error: expected ';', ',' or ')' before 'lineptr'
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Jul 2 23:52:37 UTC 2024 on atb-devel-224
It has been a while since --with-libcephfs option was dropped. Therefore
stop advertising it through waf scripts.
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Jul 2 09:13:20 UTC 2024 on atb-devel-224
It has been a while since --with-libcephfs option was dropped. Therefore
stop advertising it through waf scripts.
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
If either of HAVE_FSTATFS and HAVE_LINUX_MAGIC_H are not defined, gcc
produces the following error:
../../source3/smbd/open.c: In function ‘reopen_from_fsp’:
../../source3/smbd/open.c:1222:1: error: label ‘namebased_open’ defined but not used [-Werror=unused-label]
1222 | namebased_open:
| ^~~~~~~~~~~~~~
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Jul 2 04:44:56 UTC 2024 on atb-devel-224
Since we have ensured that val->length >= sizeof(hash->hash),
MIN(val->length, sizeof(hash->hash)) will here always be equal to
sizeof(hash->hash).
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Martin Schwenke <martin@meltin.net>
As we now require GnuTLS 3.6.13, we can rely on GnuTLS providing these
macros.
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Martin Schwenke <martin@meltin.net>
CTDB uses a queue to receive requests and send answers. It works
asynchronously using the tevent framework. However there was an issue
that gave priority to the receiving side so, when a request was
processed and the answer posted to the queue, if another incoming
request arrived, it was served before sending the previous answer.
This scenario could repeat for long periods of time if the frequency of
incoming requests was high enough.
Eventually, a small time gap between incoming request gave a chance to
process the pending output queue, sending many answers in a burst.
This patch makes sure that both queues (input and output) are processed
if the event contains the appropriate flag.
Signed-off-by: Xavi Hernandez <xhernandez@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Jul 1 09:17:43 UTC 2024 on atb-devel-224
"Error: INTEGER_OVERFLOW (CWE-190):
samba-4.20.0rc2/source3/winbindd/winbindd_cache.c:849: cast_overflow: Truncation due to cast operation on ""len"" from 32 to 8 bits.
samba-4.20.0rc2/source3/winbindd/winbindd_cache.c:851: overflow_sink: ""len"", which might have overflowed, is passed to ""memcpy(centry->data + centry->ofs, s, len)"". [Note: The source code implementation of the function has been overridden by a builtin model.]
849| centry_put_uint8(centry, len);
850| centry_expand(centry, len);
851|-> memcpy(centry->data + centry->ofs, s, len);
852| centry->ofs += len;
853| }"
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
"Error: REVERSE_NEGATIVE (CWE-191):
samba-4.20.0rc2/source3/libsmb/pylibsmb.c:215: negative_sink_in_call: Passing ""t->shutdown_pipe[1]"" to a parameter that cannot be negative.
samba-4.20.0rc2/source3/libsmb/pylibsmb.c:230: check_after_sink: You might be using variable ""t->shutdown_pipe[1]"" before verifying that it is >= 0.
228| t->shutdown_pipe[0] = -1;
229| }
230|-> if (t->shutdown_pipe[1] != -1) {
231| close(t->shutdown_pipe[1]);
232| t->shutdown_pipe[1] = -1;"
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
