IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
We should not pass a NULL pointer into dom_sid_split_rid().
Unlike samdb_result_dom_sid(), samdb_result_dom_sid_buf() produces an
error code on failure and does not require a heap allocation.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
384 bytes is not a strict threshold below which claims are never to be
compressed. Windows has been known to compress claims a mere 368 bytes
in size.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Windows doesn’t reject these, nor do we have any reason to do so.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This allows us to call them from elsewhere.
Change their names accordingly to start with ‘samba_kdc_’.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
When we are called in wb_atfork_child() or winbind_destructor(),
wb_thread_ctx_destructor() is not called for the global state
of the current nor any other thread, which means we would
leak the related memory and socket fds.
Now we maintain a global list protected by a global mutex.
We traverse the list and close all socket fds, which are no
longer used (winbind_destructor) or no longer valid in the
current process (wb_atfork_child), in addition we 'autofree'
the ones, which are only visible internally as global (per thread)
context.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15464
Tested-by: Krzysztof Piotr Oledzki <ole@ans.pl>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Sep 14 18:53:07 UTC 2023 on atb-devel-224
If nss_winbind is loaded into a process that uses fork multiple times
without any further calls into nss_winbind, wb_atfork_child handler
was using a wb_global_ctx.key that was no longer registered in the
pthread library, so we operated on a slot that was potentially
reused by other libraries or the main application. Which is likely
to cause memory corruption.
So we better don't call pthread_key_delete() in wb_atfork_child().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15464
Reported-by: Krzysztof Piotr Oledzki <ole@ans.pl>
Tested-by: Krzysztof Piotr Oledzki <ole@ans.pl>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The HAVE_PTHREAD logic inside of get_wb_global_ctx() will do all
required magic.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15464
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
At the time of this commit, GitLab shared runners
tagged "gce" were 2x AMD EPYC 7B12 with 8GB ram.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This is better then requiring private runners,
as we'll be able to use shared runners for ext4 soon.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This got lost in commit bcc22d0056
for ubuntu1804-samba-o3 at the time...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Sep 12 17:08:17 UTC 2023 on atb-devel-224
Fixes reading the password from STDIN or environment vars if it was already
given in the command line:
$ export PASSWD_FD=0
$ ./bin/net offlinejoin composeodj <...> --password=FOO
<Waiting to read password from STDIN>
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Sep 11 03:36:28 UTC 2023 on atb-devel-224
Avoid unnecessary credentials allocation and initialization by passing the
net's cmdline creds to libnetapi_net_init() directly.
Fixes the problem of running cli_credentials_guess() (which runs password
callbacks) twice, one for the net's cmdline creds and a second time for the
creds initialized in libnetapi_net_init(), just to override them immediately
after.
Example:
$ export PASSWD_FD=0
$ ./bin/net offlinejoin composeodj <...>
foo
bar
Password is read from STDIN twice.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The net's tool cmdline lp_ctx can be reused, no need to init a new one except
for external library users.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is because commit f893cf85cc
changed the security token in secuirty.idl, and bumping the version
was missed.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The opensuse155 image has MIT 1.20, not the required MIT 1.21, so build
with intenral Heimdal instead.
The opensuse155 image was chosen deliberatly in commit
f2eb411646 so this changes
the KDC choice rather than the image. Eventually we will
need to do both.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>