IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
The initial implementation of gnutls_aead_cipher_decrypt() had a bug and
used:
*ptext_len = ctext_len;
instead of:
*ptext_len = ctext_len - tag_size;
This got fixed with gnutls 3.5.2.
As we only require gnutls 3.4.7 we need to cope with this...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14968
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Feb 2 18:29:08 UTC 2022 on sn-devel-184
(cherry picked from commit 735f3d7dde)
Autobuild-User(v4-14-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-14-test): Mon Feb 14 10:34:10 UTC 2022 on sn-devel-184
When the ptext_size != m_total check fails, we call this:
status = gnutls_error_to_ntstatus(rc, NT_STATUS_INTERNAL_ERROR);
goto out;
As rc is 0 at that point we'll exit smb2_signing_decrypt_pdu()
with NT_STATUS_OK, but without copying the decrypted data
back into the callers buffer. Which leads to strange errors
in the caller.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14968
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 99182af4ab)
We run the quicktest on each linux distro as part of samba-o3 builds.
We should make sure smb2 signing/enctyption works on all of them
and all different system libraries.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14968
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 68e62962b0)
is_zero_addr() doesn't work with addresses that have been zero-initialized.
This fixes the logic added in c863cc2ba3.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14674
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2354
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Feb 8 20:24:12 UTC 2022 on sn-devel-184
(cherry picked from commit 3ee690455e)
Autobuild-User(v4-14-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-14-test): Wed Feb 9 11:42:37 UTC 2022 on sn-devel-184
Strips off any DFS prefix from the target if passed in.
Remove knownfail selftest/knownfail.d/msdfs-rename.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Fri Feb 4 12:02:36 UTC 2022 on sn-devel-184
(cherry picked from commit b9b82f3611)
Strips off any DFS prefix from the target if passed in.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit 4473aea926)
Strips off any DFS prefix from the target if passed in.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit dd0317f6ec)
Currently we don't pass MSDFS names as targets here, but a caller
may erroneously do this later, and for non-DFS names this is a no-op.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit cf3e572442)
Currently we don't pass MSDFS names as targets here, but a caller
may erroneously do this later, and for non-DFS names this is a no-op.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit 4bdbe3c2fc)
Strips any DFS prefix from a target name that will be passed
to an SMB1/2/3 rename or hardlink call. Returns a pointer
into the original target name after the prefix. Not yet used.
If the incoming filename is *NOT* a DFS prefix, the
original filename is returned unchanged.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit 2abba0ea10)
We fail this on SMB2 for a subtle reason.
Our client code called from smbclient only sets the SMB2_HDR_FLAG_DFS flag
in the outgoing packet on the SMB2_CREATE call, and SMB2 rename does the
following operations:
SMB2_CREATE(src_path) // We set SMB2_HDR_FLAG_DFS here for a MSDFS share.
SMB2_SETINFO: SMB2_FILE_RENAME_INFO(dst_path). // We don't set SMB2_HDR_FLAG_DFS
However, from smbclient, dst_path is a MSDFS path but we don't set the flag,
so even though the rename code inside smbd will cope with a MSDFS path
(as used in the SMB1 SMBmv call) it fails as the correct flag isn't set.
Add knownfail selftest/knownfail.d/msdfs-rename.
Note we need to add the new test to "selftest/knownfail.d/smb1-tests"
as test_smbclient_s3.sh is run against the (ad_member|nt4_member)
environments first using NT1 (SMB1) protocol and then using SMB3,
but the (ad_member|nt4_member) environments don't support SMB1.
Seems a bit strange to me, but all the other SMB1 tests inside
test_smbclient_s3.sh have already been added to "selftest/knownfail.d/smb1-tests"
so just go with the test environment.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit 44cc9fb0e0)
We pass this already as the cmd_hardlink in smbclient doesn't
do the DFS path conversion on the hardlink target. But it's
good to have the test.
Note we need to add the new test to "selftest/knownfail.d/smb1-tests"
as test_smbclient_s3.sh is run against the (ad_member|nt4_member)
environments first using NT1 (SMB1) protocol and then using SMB3,
but the (ad_member|nt4_member) environments don't support SMB1.
Seems a bit strange to me, but all the other SMB1 tests inside
test_smbclient_s3.sh have already been added to "selftest/knownfail.d/smb1-tests"
so just go with the test environment.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit d7deb87605)
Identical change as used in cli_unlink(), cli_mkdir(), cli_rmdir()
cli_chkpath() to ensure SMB2 calls correctly set raw_status for
libsmbclient uses.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14938
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Feb 2 21:50:31 UTC 2022 on sn-devel-184
(cherry picked from commit ca60f6350d)
Autobuild-User(v4-14-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-14-test): Sun Feb 6 12:39:25 UTC 2022 on sn-devel-184
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14914
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
[slow@samba.org: conflict due to missing test in selftest/tests.py]
This ensures ad_unpack_xattrs() is only called for an ad_type of ADOUBLE_RSRC,
which is used for parsing ._ AppleDouble sidecar files, and the buffer
ad->ad_data is AD_XATTR_MAX_HDR_SIZE bytes large which is a prerequisite for all
buffer out-of-bounds access checks in ad_unpack_xattrs().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14914
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This is an internal xattr that should not be user visible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14914
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
[slow@samba.org: conflict due to changed includes in source3/smbd/trans2.c]
If an added SPN already exists on an object, we still want to check the
rest of the element values for conflicts.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14950
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This test currently fails, as re-adding an SPN means that later checks
do not run.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14950
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This actually reveals that ndr_push_string() for TargetName="" was
failing before because it resulted in 1 byte for a subcontext with
TargetLen=0.
This is fixed now and we no longer expect ndrdump to exit with 1.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Jan 24 16:18:34 UTC 2022 on sn-devel-184
(cherry picked from commit 12464bd4c2)
Autobuild-User(v4-14-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-14-test): Sun Jan 30 10:21:21 UTC 2022 on sn-devel-184
convert_string_talloc_handle() tries to play an the safe side
and always returns a null terminated array.
But for NDR we need to be correct on the wire...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 43648e95a5)
convert_string_talloc() never returns a string with len=0 and always
implies zero termination byte(s).
For ndr_push_string this is unexpected as we need to be compatible on
the wire and push 0 bytes for an empty string.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 8da26cb672)
This makes it much easier to detect differences in the given and
generated buffers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit d1a7f392a8)
That will make it easy to see the difference
between two memory buffers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit b489b7feda)
The cleanup using dump_data_block16() fixed the space handling.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 9110a8854a)
This simplifies the logic a lot for me.
It also fixes some corner cases regarding whitespaces in the
output, that's why we have to mark a few tests as knownfail,
they will be fixed in the next commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 58b09e107c)
This is important for the source3/rpc_server code as it might
be called embedded in smbd and may not run as root with access
to our private tdb/ldb files.
Note this is only really needed for 4.15 and older, as
we no longer run the rpc_server embedded in smbd,
but we better be consistent for now.
This should be able to fix the problem the printing no longer works
on Windows 7 with 2021-10 monthly rollup patch (KB5006743).
Windows uses NTLMSSP with privacy at the DCERPC layer on top
of NCACN_NP (smb).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14867
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(similar to commit 0651fa474c)
It can happen that the vlv_results() failes, e.g. due to
LDB_ERR_TIME_LIMIT_EXCEEDED, if that happens we should not
dereference ares->response, if ares is NULL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14952
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jan 20 10:04:39 UTC 2022 on sn-devel-184
(cherry picked from commit 7d16a56b9d)
Autobuild-User(v4-14-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-14-test): Wed Jan 26 11:02:44 UTC 2022 on sn-devel-184
It can happen that the paged_results() failes, e.g. due to
LDB_ERR_TIME_LIMIT_EXCEEDED, if that happens we should not
dereference ares->response, if ares is NULL.
We also should not call ldb_module_done() if paged_results()
fails, as it was already called.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14952
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 19fa22b1fb)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14936
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jan 11 22:03:03 UTC 2022 on sn-devel-184
(cherry picked from commit 1243f52f7a)
CVE-2021-3670 ldb: Confirm the request has not yet timed out in ldb filter processing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14694
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(v4-14-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-14-test): Mon Jan 24 14:00:42 UTC 2022 on sn-devel-184
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14932
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jan 4 20:57:41 UTC 2022 on sn-devel-184
(cherry picked from commit dd98861005)
Autobuild-User(v4-14-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-14-test): Wed Jan 19 09:11:23 UTC 2022 on sn-devel-184
We should avoid spamming the logs with wellknown messages like:
ndr_pull_error(Buffer Size Error): Pull bytes 39016
They just confuse admins (and developers).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14932
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 23bedd69b2)
Windows doesn't complain about invalid av_pair blobs,
we need to do the same.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14932
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit f123c1a171)
A netapp diag tool uses a NTLMv2_CLIENT_CHALLENGE with invalid bytes
as av_pair blob. Which is supposed to be ignored by DCs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14932
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(similar to commit e7e521fe9b)
Otherwise cli_credentials_get_ntlm_response() will return session keys
with a 0 length, which leads to errors in the NTLMSSP code.
This wasn't noticed as cli_credentials_set_ntlm_response() has no
callers yet, but that will change in the next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14932
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 0ef1254f44)
commit d0062d312c introduced
SMBC_ENCRYPTLEVEL_DEFAULT as default, but the logic to enforce
signing wasn't adjusted, so we required smb signing by default.
That broke guest authentication for libsmbclient using applications.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14935
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Dec 27 16:38:11 UTC 2021 on sn-devel-184
(cherry picked from commit 9d2bf01537)
Autobuild-User(v4-14-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-14-test): Tue Jan 18 18:56:06 UTC 2022 on sn-devel-184
This demonstrates the problem with guest access being rejected
by default.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14935
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 0a808f6b53)
guest authentication is an old school concept,
so we should make sure it also works with SMB1.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14935
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 648b476dcd)
If delete_all_streams() fails.
Found by Andrew Walker <awalker@ixsystems.com>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14944
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jan 14 03:34:47 UTC 2022 on sn-devel-184
(cherry picked from commit 5f9dbf3dec)
Autobuild-User(v4-14-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-14-test): Mon Jan 17 09:57:52 UTC 2022 on sn-devel-184
