1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

138448 Commits

Author SHA1 Message Date
Shachar Sharon
0bc917b01f vfs_ceph: use talloc in realpath hook
Prefer talloc_asprintf over asprintf when resolving realpath.
Re-format code using 'git clang-format'.

Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
2024-06-27 05:34:33 +00:00
Shachar Sharon
ee72f127c3 vfs_ceph: re-map unimplemented hooks
Code cleanup: prefer standard convenience helpers for unimplemented
VFS hooks.

Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
2024-06-27 05:34:33 +00:00
Shachar Sharon
b7e3f93ef0 vfs_ceph: align lines-length with coding standard
Coding standard requires following Linux kernel style guide, with an
explicit statement that "Maximum Line Width is 80 Characters". Align
vfs_ceph.c with this convention: split long lines into multiple lines
and use 'git clang-format' to do auto-formatting based on Samba project
'.clang-format' settings.

Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
2024-06-27 05:34:33 +00:00
Shachar Sharon
4e21a8b278 vfs_ceph: improve readability of cephwrap_realpath
Minor code cleanup: use local variable to reference current-work dir.
This commit is in preparation to following code-cleanup which aligns
line-length with Samba's coding conventions.

Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
2024-06-27 05:34:33 +00:00
Oliver Mihatsch
3c1691aff5 Extended the documentation for the "tls certfile" parameter in the smb.conf.
Signed-off-by: Oliver Mihatsch <om-git@q4k.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Jun 27 05:33:17 UTC 2024 on atb-devel-224
2024-06-27 05:33:17 +00:00
Jo Sutton
f9215b3754 third_party/heimdal: Import lorikeet-heimdal-202406270253 (commit cbd2c0b8ec604686dc7b363d1dcec69bf5f7a7ec)
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-06-27 04:29:41 +00:00
Jo Sutton
fe90576871 third_party/heimdal: Import lorikeet-heimdal-202406240121 (commit 4315286377278234be2f3b6d52225a17b6116d54)
This lets us match the Windows FAST reply when the password is expired.

Windows clients were upset by the NTSTATUS field in the edata,
apparently interpreting it to mean “insufficient resource”.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15655

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-06-27 04:29:41 +00:00
Jo Sutton
c5ee0b60b2 tests/krb5: Add tests for errors produced when logging in with unusable accounts
Heimdal matches Windows in the no‐FAST case, but produces NTSTATUS codes
when it shouldn’t in the FAST case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15655

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-06-27 04:29:41 +00:00
Jo Sutton
6dc6168719 tests/krb5: Allow creation of disabled accounts for testing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15655

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-06-27 04:29:41 +00:00
Martin Schwenke
415f9f0745 ctdb-failover: Split statd_callout add-client/del-client
rpc.statd is single-threaded and runs its HA callout synchronously. If
it is too slow then latency accumulates and rpc.statd's backlog grows.

Running a pair of add-client/del-client events with the current code
averages ~0.030s in my test environment.  This mean that 1000 clients
reclaiming locks after failover can easily cause 10s of latency.  This
could cause rpc.statd to become unresponsive, resulting in a time out
for an rpcinfo-based health check of the status service.

Split the add-client/del-client events out to a standalone
statd_callout executable, written in C, to be used as the HA callout
for rpc.statd.  All other functions move to statd_callout_helper.
Now, running a pair of add-client/del-client events in my test
environment averages only ~0.002s.  This seems less likely to cause
latency problems.

The standalone statd_callout executable needs to read a configuration
file, which is generated by statd_callout_helper from the "startup"
event.  It also needs access to a list of currently assigned public
IPs.

For backward compatibility, during installation a symlink is created
from $CTDB_BASE/statd-callout to the new statd_callout, which is
installed in the helper directory.

Testing this as part of the eventscript unit tests starts to become
even more of a hack than it used to be.  However, the dependency on
stubs and the corresponding setup of fake state makes it hard to move
this elsewhere.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Jun 25 04:24:57 UTC 2024 on atb-devel-224
2024-06-25 04:24:57 +00:00
Martin Schwenke
089aec2885 ctdb-doc: Drop unnecessary, broken attempt at rpc.statd stack trace
There is a typo here, since there will be no process called "status".
Instead of fixing it, drop this because rpc.statd isn't the focus of
this monitoring check and when systemd is init rpc.statd isn't
restarted with nfs-ganesha.  It stays running, so a confusing stack
trace for rpc.statd is always logged.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2024-06-25 03:16:37 +00:00
Martin Schwenke
707e0ef55b ctdb-scripts: Fail monitoring after 1 x NFS-Ganesha not running
If ganesha.nfsd is gone then a node can't provide an NFS service, so
should be marked unhealthy.  A later restart may bring it back to
health.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2024-06-25 03:16:37 +00:00
Martin Schwenke
4766d4568b ctdb-doc: Add example for NFS-Ganesha RPC checking
This one does an rpcinfo check, along with statistics mitigation.  It
can be used in combination with the existing 20.nfs_ganesha.check.

The equivalent kernel NFS file only restarts every 10 failures.  This
one can be a little more proactive given that false positives are less
likely with the statistics mitigation.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2024-06-25 03:16:37 +00:00
Martin Schwenke
d96078e263 ctdb-scripts: Implement NFS statistics retrieval for NFS-Ganesha
Simplicity is preferred here over absolute correctness.  If the
ganesha_stats command exits with an error or times out then no output
is produced so, implicitly, the statistics do not change.  Also, the
statistics always change at startup.  However, it is likely that the
statistics change when NFS makes progress and do not change when NFS
does not make progress.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2024-06-25 03:16:37 +00:00
Martin Schwenke
5b7d17d44d ctdb-scripts: Add service_stats_command variable to NFS checks
When monitoring an RPC service, the rpcinfo command might time out
even though the service is making progress.  In this case, it is just
slow, so counting the timeout as a failure and potentially restarting
the service will not help.  The problem is determining if a service is
making progress.

Add a new NFS checks service_stats_command.  This command is intended
to run a statistics command.  The output is naively compared using
cmp(1).  If the output changes then rpcinfo failures are converted to
successes.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2024-06-25 03:16:37 +00:00
Volker Lendecke
d86f9ff7fd smbd: Simplify callers of notify_filter_string
This is exactly the application talloc_tos() was made for

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Jun 24 17:27:04 UTC 2024 on atb-devel-224
2024-06-24 17:27:04 +00:00
Volker Lendecke
a37ea9d750 smbd: Simplify notify_filter_string
Just a single NULL check through talloc_asprintf_addbuf

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-06-24 16:21:32 +00:00
Volker Lendecke
6e7a1cc646 smbd: Modernize a DEBUG
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-06-24 16:21:32 +00:00
Volker Lendecke
6d0444a7bf lib: Align an integer type
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-06-24 16:21:32 +00:00
Volker Lendecke
fc0c605aac smbd: Simplify smbd_do_qfilepathinfo()
Use fsctl_get_reparse_tag()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-06-24 16:21:32 +00:00
Volker Lendecke
4af84350bd lib: Avoid an includes.h
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-06-24 16:21:32 +00:00
Volker Lendecke
1b47fae676 lib: Move 286 bytes from R/W data to R/O text segment
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-06-24 16:21:32 +00:00
Volker Lendecke
3f2e45aa16 tdb: Update times in tdb_transaction_commit per fd, not per name
We might have a relative filename in tdb->name, so we might do the
wrong thing here. And as we have the fd, why not use it...

We call futimens in vfs_default without #ifdef and it's Posix 2018 or
before. So I don't think we need to check for it.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-06-24 16:21:32 +00:00
Volker Lendecke
06aff34586 smbd: Fix DEBUG messages
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-06-24 16:21:32 +00:00
Volker Lendecke
1cea29c398 credentials: Protect the cred's nt hash with talloc_keep_secret
This avoids the need for an explict ZERO_STRUCT before TALLOC_FREE

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-06-24 16:21:32 +00:00
Volker Lendecke
3c84a84fff spnego: Fix typos
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-06-24 16:21:32 +00:00
Volker Lendecke
2b06123a9b gensec: Fix whitespace
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-06-24 16:21:32 +00:00
Volker Lendecke
9be7dbd9c4 gse: Simplify gse_errstr() with talloc_asprintf_addbuf()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-06-24 16:21:32 +00:00
Volker Lendecke
221ef3ca86 gse: Avoid explicit ZERO_STRUCT in gse_errstr()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-06-24 16:21:32 +00:00
Volker Lendecke
7fba822817 libsmb: "clang-format" for an if-condition
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-06-24 16:21:32 +00:00
Volker Lendecke
7f935e2774 lib: Remove pointless \ line endings
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-06-24 16:21:32 +00:00
Volker Lendecke
4f64e455f6 tdb: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-06-24 16:21:32 +00:00
Volker Lendecke
f3934fb9d0 heimdal_build: Fix whitespace
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-06-24 16:21:32 +00:00
Volker Lendecke
8a7aad7fe0 torture4: Fix some whitespace
Review with "git show -w"

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-06-24 16:21:32 +00:00
Andreas Schneider
cfb81b0c31 packaging: Add missing quotes in smbprint
Found by Covscan.

"Error: SHELLCHECK_WARNING (CWE-569):
/usr/bin/smbprint:49:21: warning[SC1083]: This } is literal. Check expression (missing ;/\n?) or quote it.
   47|   #   Concat this with /.config to get the config file.
   48|   #
   49|-> eval acct_file=\${$#}
   50|   spool_dir=$(dirname $acct_file)
   51|   config_file=$spool_dir/.config"

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Signed-off-by: Martin Schwenke <mschwenke@ddn.com>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jun 24 07:14:54 UTC 2024 on atb-devel-224
2024-06-24 07:14:54 +00:00
Andreas Schneider
b57bddacd7 s3:registry: Add missing return value checks
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
2024-06-24 06:14:36 +00:00
Andreas Schneider
8c4f807350 s3:registry: Avoid possible double frees
Found by Covscan.

"Error: USE_AFTER_FREE (CWE-416):
samba-4.20.0rc2/source3/registry/reg_perfcount.c:309: freed_arg: ""_reg_perfcount_multi_sz_from_tdb"" frees ""*retbuf"".
samba-4.20.0rc2/source3/registry/reg_perfcount.c:313: double_free: Calling ""_reg_perfcount_multi_sz_from_tdb"" frees pointer ""*retbuf"" which has already been freed.
  311|   	for(i = 1; i <= base_index; i++)
  312|   	{
  313|-> 		buffer_size = _reg_perfcount_multi_sz_from_tdb(names, i*2, retbuf, buffer_size);
  314|   	}
  315|   	tdb_close(names);"

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
2024-06-24 06:14:36 +00:00
Andreas Schneider
10b95ff436 s3:registry: Remove trailing spaces in reg_perfcount.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
2024-06-24 06:14:36 +00:00
Andreas Schneider
3cb4073cd0 s4:dsdb: Avoid possible underflows with new_len
Found by Covscan.

"Error: INTEGER_OVERFLOW (CWE-190):
samba-4.20.0rc2/source4/dsdb/schema/schema_query.c:403: tainted_data_argument: The check ""i < new_len"" contains the tainted expression ""i"" which causes ""new_len"" to be considered tainted.
samba-4.20.0rc2/source4/dsdb/schema/schema_query.c:407: overflow: The expression ""new_len - i"" is deemed underflowed because at least one of its arguments has underflowed.
samba-4.20.0rc2/source4/dsdb/schema/schema_query.c:407: overflow: The expression ""(new_len - i) * 8UL"" is deemed underflowed because at least one of its arguments has underflowed.
samba-4.20.0rc2/source4/dsdb/schema/schema_query.c:407: overflow_sink: ""(new_len - i) * 8UL"", which might have underflowed, is passed to ""memmove(val1, val2, (new_len - i) * 8UL)"". [Note: The source code implementation of the function has been overridden by a builtin model.]
  405|   			const char **val2 = &attr_list[i];
  406|   			if (ldb_attr_cmp(*val1, *val2) == 0) {
  407|-> 				memmove(val1, val2, (new_len - i) * sizeof( *attr_list));
  408|   				attr_list[new_len-1] = NULL;
  409|   				new_len--;"

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
2024-06-24 06:14:36 +00:00
Andreas Schneider
44db391ae1 s4:dsdb: Remove trailing spaces in schema_query.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
2024-06-24 06:14:36 +00:00
Andreas Schneider
94c06dd189 s4:torture: Initialize struct wrepl_wins_name
Found by Covscan.

"Error: UNINIT (CWE-457):
samba-4.20.0rc2/source4/torture/nbt/winsreplication.c:5040: var_decl: Declaring variable ""wins_name_"" without initializer.
samba-4.20.0rc2/source4/torture/nbt/winsreplication.c:5041: assign: Assigning: ""wins_name"" = ""&wins_name_"", which points to uninitialized data.
samba-4.20.0rc2/source4/torture/nbt/winsreplication.c:6680: uninit_use_in_call: Using uninitialized value ""*wins_name"". Field ""wins_name->is_group"" is uninitialized when calling ""test_wrepl_update_one"".
 6678|   			wins_name->unknown	= ""255.255.255.255"";
 6679|
 6680|-> 			ret &= test_wrepl_update_one(tctx, ctx, &ctx->b, wins_name);
 6681|   			ret &= test_wrepl_is_applied(tctx, ctx, &ctx->b, wins_name, true);
 6682|   		} else {"

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
2024-06-24 06:14:36 +00:00
Andreas Schneider
5d568f6e61 s4:torture: Remove trailing spaces in winsreplication.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
2024-06-24 06:14:36 +00:00
Andreas Schneider
067a30c527 s3:utils: Fix get_window_height() return value
Found by Covscan.

"Error: INTEGER_OVERFLOW (CWE-190):
samba-4.20.0rc2/source3/utils/regedit_list.c:522: tainted_data_return: Called function ""get_window_height(list)"", and a possible return value may be less than zero.
samba-4.20.0rc2/source3/utils/regedit_list.c:522: cast_underflow: An assign of a possibly negative number to an unsigned type, which might trigger an underflow.
samba-4.20.0rc2/source3/utils/regedit_list.c:526: overflow: The expression ""list->cursor_row -= page"" is deemed underflowed because at least one of its arguments has underflowed.
samba-4.20.0rc2/source3/utils/regedit_list.c:529: overflow_sink: ""list->cursor_row"", which might have underflowed, is passed to ""data_get_row_n(list, list->cursor_row)"".
  527|   			list->start_row -= page;
  528|   		}
  529|-> 		tmp = data_get_row_n(list, list->cursor_row);
  530|   		break;
  531|   	case ML_CURSOR_PGDN:"

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
2024-06-24 06:14:36 +00:00
Andreas Schneider
a0b6d18a25 s3:rpc_server: Make sure struct security_ace is initialized
Found by Covscan.

"Error: UNINIT (CWE-457):
samba-4.20.0rc2/source3/rpc_server/samr/srv_samr_nt.c:235: var_decl: Declaring variable ""ace"" without initializer.
samba-4.20.0rc2/source3/rpc_server/samr/srv_samr_nt.c:269: uninit_use_in_call: Using uninitialized value ""*ace"". Field ""ace->object"" is uninitialized when calling ""make_sec_acl"".
  267|   	/* create the security descriptor */
  268|
  269|-> 	if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace)) == NULL)
  270|   		return NT_STATUS_NO_MEMORY;
  271|"

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
2024-06-24 06:14:35 +00:00
Andreas Schneider
c709cb8a17 s3:lib: Make sure struct security_ace is fully initialized
Found by Covscan.

"Error: UNINIT (CWE-457):
samba-4.20.0rc2/source3/lib/sharesec.c:275: var_decl: Declaring variable ""ace"" without initializer.
samba-4.20.0rc2/source3/lib/sharesec.c:285: uninit_use_in_call: Using uninitialized value ""ace"". Field ""ace.object"" is uninitialized when calling ""make_sec_acl"".
  283|   	init_sec_ace(&ace, &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0);
  284|
  285|-> 	if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 1, &ace)) != NULL) {
  286|   		psd = make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1,
  287|   				    SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL,"

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
2024-06-24 06:14:35 +00:00
Andreas Schneider
d6a7a97bc2 s3:lib: Remove trailing spaces in sharesec.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
2024-06-24 06:14:35 +00:00
Andreas Schneider
36fb8a3d65 nsswitch:krb5_plugin: Avoid a possible double free
Found by Covscan.

"Error: USE_AFTER_FREE (CWE-416):
samba-4.20.0rc2/nsswitch/krb5_plugin/winbind_krb5_localauth.c:122: freed_arg: ""wbcFreeMemory"" frees ""pwd"".
samba-4.20.0rc2/nsswitch/krb5_plugin/winbind_krb5_localauth.c:144: pass_freed_arg: Passing freed pointer ""pwd"" as an argument to ""wbcFreeMemory"".
  142|   		break;
  143|   	}
  144|-> 	wbcFreeMemory(pwd);
  145|   	if (code != 0) {
  146|   		goto out;"

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
2024-06-24 06:14:35 +00:00
Stefan Metzmacher
5b40cdf6e8 auth/credentials: don't ignore "client use kerberos" and --use-kerberos for machine accounts
We only turn desired into off in the NT4 domain member case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15666

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jun 19 10:17:28 UTC 2024 on atb-devel-224
2024-06-19 10:17:28 +00:00
Stefan Metzmacher
eeb60574b6 auth/credentials: add tests for cli_credentials_get_kerberos_state[_obtained]()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15666

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-06-19 09:07:36 +00:00
Stefan Metzmacher
c715ac5e49 auth/credentials: add cli_credentials_get_kerberos_state_obtained() helper
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15666

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-06-19 09:07:36 +00:00