IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Obvious omission
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Sun Oct 6 02:25:09 UTC 2024 on atb-devel-224
ADD_TO_ARRAY with an explicit NULL mem_ctx is only used in 3
places. I've checked the other places, and I think I made sure that the
mem_ctx being passed in is non-NULL everywhere else.
This makes the "legacy" use with SMB_REALLOC more obvious.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This is ugly, but it's less ugly than doing it deep
inside of cli_spoolss.c and other code.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
On a cluster we need to use the ctdb controlled database and not
a local secrets.tdb...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15714
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Sep 20 05:54:43 UTC 2024 on atb-devel-224
This will allow doing tests and make sure using anonymous credentials
doesn't cause false positive results...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15714
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
FreeIPA uses own procedure to retrieve keytabs and during the setup of
Samba on FreeIPA client the keytab is already present, only machine
account needs to be set in the secrets database.
'sync machine password to keytab' option handling broke this use case by
always attempting to contact a domain controller and failing to do so
(Fedora bug https://bugzilla.redhat.com/show_bug.cgi?id=2309199).
The original synchronizing machine account password to keytab feature
did not have a mechanism to disable its logic at all.
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Fri Sep 13 13:16:09 UTC 2024 on atb-devel-224
I could not find any caller which uses rap_error outside of the
routine implementing the rap client call itself.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Aug 21 12:49:45 UTC 2024 on atb-devel-224
cli_oem_change_password() returns a bool, net_rap_password must return
0 for success
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
It will be done in secrets_{prepare,finish}_password_change
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Function trust_pw_change() originally from library trustis_util was updated
to call functionality from ads library. This would introduce circular
dependency between the two libraries. To avoid it, trusts_util is merged
into ads.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Run ntlm_auth with options --lm-response/--nt-response/--challenge, and pass
wrong length to these options, got error prompted logs about 'only got xxx
bytes', which are not consistent with length check. This patch revise logs
for length check to make it more consistent.
For example --lm-response requires exact 24 hex, let us input three kinds
of length 23 24 25, prompted logs said 'only got 25 bytes' seems confusing.
script:
for length in 23 24 25; \
do \
ntlm_auth --username=${un} --password=${pw} \
--lm-response="`openssl rand -hex ${length}`"; \
done;
output:
hex decode of 04db772593f5e6023d0ab4bc67a942c9179963477eb49d failed! (only got 23 bytes)
NT_STATUS_OK: The operation completed successfully. (0x0)
hex decode of 1e57749feb46bedcf969af6cbbe10e21d0232e35c27eb07294 failed! (only got 25 bytes)
After patch it shows 'got 25 bytes, expected 24' seems more consistent:
hex decode of e13e70c9cf2ac1e20015657c4bec53435b1b948febb63f failed! (got 23 bytes, expected 24)
NT_STATUS_OK: The operation completed successfully. (0x0)
hex decode of 64647005243092b036856f572faad262e0b69386d095d60f54 failed! (got 25 bytes, expected 24)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15677
Signed-off-by: Jones Syue <jonessyue@qnap.com>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jul 6 00:52:02 UTC 2024 on atb-devel-224
Found by Covscan.
"Error: INTEGER_OVERFLOW (CWE-190):
samba-4.20.0rc2/source3/utils/regedit_list.c:522: tainted_data_return: Called function ""get_window_height(list)"", and a possible return value may be less than zero.
samba-4.20.0rc2/source3/utils/regedit_list.c:522: cast_underflow: An assign of a possibly negative number to an unsigned type, which might trigger an underflow.
samba-4.20.0rc2/source3/utils/regedit_list.c:526: overflow: The expression ""list->cursor_row -= page"" is deemed underflowed because at least one of its arguments has underflowed.
samba-4.20.0rc2/source3/utils/regedit_list.c:529: overflow_sink: ""list->cursor_row"", which might have underflowed, is passed to ""data_get_row_n(list, list->cursor_row)"".
527| list->start_row -= page;
528| }
529|-> tmp = data_get_row_n(list, list->cursor_row);
530| break;
531| case ML_CURSOR_PGDN:"
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 6 21:32:53 UTC 2024 on atb-devel-224
This is not used anywhere in that functions or the functions we are
calling. It was replaced by command line cli credentials stored in
c->creds. This fixes a memory leak.
Direct leak of 12 byte(s) in 1 object(s) allocated from:
#0 0x7f17fdaf5830 in strdup ../../../../libsanitizer/asan/asan_interceptors.cpp:578
#1 0x7f17fc7e7339 in smb_xstrdup ../../lib/util/util.c:752
#2 0x55f079bf0723 in rpc_trustdom_establish ../../source3/utils/net_rpc.c:6591
#3 0x55f079c529af in net_run_function ../../source3/utils/net_util.c:464
#4 0x55f079bdbecf in rpc_trustdom ../../source3/utils/net_rpc.c:7483
#5 0x55f079c529af in net_run_function ../../source3/utils/net_util.c:464
#6 0x55f079bfe7de in net_rpc ../../source3/utils/net_rpc.c:8413
#7 0x55f079c529af in net_run_function ../../source3/utils/net_util.c:464
#8 0x55f079baa0a8 in main ../../source3/utils/net.c:1436
#9 0x7f17f8a2a1ef in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Otherwise we don't get the correct header include paths and krb5.h in
a non default location won't be found.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We should mark sessions/tcons with anonymous encryption or signing
in a special way, as the value of it is void, all based on a
session key with 16 zero bytes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15412
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu May 23 13:37:09 UTC 2024 on atb-devel-224
We already do that for sessions and also for the json output,
but it was missing in the non-json output for tcons.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15412
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
We already do that for sessions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15412
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
We never use the signing flags from the session, as the tcon
has its own signing flags.
https://bugzilla.samba.org/show_bug.cgi?id=15412
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
name_to_fqdn() requires /etc/hosts to be set up in a special way to find
out the fqdn for dns updates. They are not set up by default and the
DNS update fails. Normally the fqdn is just <lp_netbios_name>.<realm>
and we should just use that. However if it is different, you can set
it to the special value in the smb.conf now.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We got this wrong in commit 31101a9fa1.
In fact, we should probably not reorder the inherited ACLs, but that
is for another patch series.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
