IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This is recent enough to justify just a README.Coding formatting change
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
We should use the configfile specified, but also
fallback if none is specified.
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Some users of push_ascii_nstring() (notably name_to_unstring())
expect the output to be truncated if it would exceed the size of
an nstring after conversion. However this broke in 2011 due to
commit d546adeab5 ("Change convert_string_internal() and
convert_string_error() to bool return"). This patch restores the
old behavior.
The issue can be observed in syslog after setting the
``workgroup`` to a 16+ characters long string which triggers a
DEBUG() message:
Oct 17 11:28:45 dev nmbd[11716]: name_to_nstring: workgroup name 0123456789ABCDEF0123456789ABCDEF is too long. Truncating to
Signed-off-by: Philipp Gesang <philipp.gesang@intra2net.com>
Reviewed-by: Noel Power <npower@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Tue Oct 25 16:25:40 UTC 2022 on sn-devel-184
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15212
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Tue Oct 25 15:21:08 UTC 2022 on sn-devel-184
Startup scripts were failing to execute when no
parameters were provided to the script.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15212
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
subdir_of() calculates the share-relative rest for us, don't do the
strlen(connectpath) calculation twice. subdir_of() also checks that
the target properly ends on a directory. With just strncmp a symlink
to x->/aa/etc would qualify as in share /a, so a "get x/passwd" leads to a
pretty unfortunate result. This is the proper fix for bug 15207, so we
need to change the expected error code to OBJECT_PATH_NOT_FOUND
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15207
Signed-off-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jule Anger <janger@samba.org>
Autobuild-Date(master): Tue Oct 25 11:27:02 UTC 2022 on sn-devel-184
fault.h has:
which leads to SMB_ASSERT not being defined when you include
samba_util.h (and thus fault.h) before debug.h.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15207
Signed-off-by: Volker Lendecke <vl@samba.org>
This test shows that we don't properly check whether symlink targets
are inside the exported share. Linking to <share-root>a/etc makes us
loop back into filename_convert_dirfsp_nosymlink() with /etc as a
directory name.
On Linux systems with openat2(RESOLVE_NO_SYMLINKS) we pass "/etc"
directly into that call after some checks for "."/".." as invalid file
name components. "/etc" is okay for openat2(), but this test must also
succeed on systems without RESOLVE_NO_SYMLINKS (sn-devel-184 for
example). On systems without RESOLVE_NO_SYMLINKS split up the path
"/etc" into path components, in this case "" and "etc". So we pass ""
down to openat(), which correctly fails with ENOENT.
Summary: Only with RESOLVE_NO_SYMLINKS we're hit by bug 15207, and
this test shows by expecting CONNECTION_DISCONNECTED that we violate
the internal assumption of empty path components with an unexpected
symlink target, making it testable on systems with and without
RESOLVE_NO_SYMLINKS.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15207
Signed-off-by: Volker Lendecke <vl@samba.org>
We later subtract 8 when calculating the length of the output message
buffer. If padlength is excessively high, this calculation can underflow
and result in a very large positive value.
Now we properly constrain the value of padlength so underflow shouldn't
be possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
If len_len is equal to total_len - 1 (i.e. the input consists only of a
0x60 byte and a length), the expression 'total_len - 1 - len_len - 1',
used as the 'len' parameter to der_get_length(), will overflow to
SIZE_MAX. Then der_get_length() will proceed to read, unconstrained,
whatever data follows in memory. Add a check to ensure that doesn't
happen.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We should make sure that the result of 'total_len - mech_len' won't
overflow, and that we don't memcmp() past the end of the buffer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
By decrementing 'pad' only when we know it's safe, we ensure we can't
stray backwards past the start of a buffer, which would be undefined
behaviour.
In the previous version of the loop, 'i' is the number of bytes left to
check, and 'pad' is the current byte we're checking. 'pad' was
decremented at the end of each loop iteration. If 'i' was 1 (so we
checked the final byte), 'pad' could potentially be pointing to the
first byte of the input buffer, and the decrement would put it one
byte behind the buffer.
That would be undefined behaviour.
The patch changes it so that 'pad' is the byte we previously checked,
which allows us to ensure that we only decrement it when we know we
have a byte to check.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The surrounding checks all use ct_memcmp(), so this one was presumably
meant to as well.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This allows us to access (and so test) functions internal to GSSAPI by
depending on this subsystem.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
As described by the C standard, __func__ is a variable, not a macro.
Hence this #ifndef check does not work as intended, and only serves to
unconditionally disable __func__. A nonoperating __func__ prevents
cmocka operating correctly, so remove this definition.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
later gnutls that support GNUTLS_PBKDF2 currently fail,
we need to conditionally switch test data to reflect use of
'samr_ChangePasswordUser3' or 'samr_ChangePasswordUser4'
depending on whether GNUTLS_PBKDF2 is supported or not
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Oct 25 10:30:59 UTC 2022 on sn-devel-184
prior to this commit return of samdb_set_password_aes was set to
NT_STATUS_WRONG_PASSWORD on failure. Useful status that should be
returned such as NT_STATUS_PASSWORD_RESTRICTION are swallowed here
otherwise (and in this case can be partially responsible for failures
in test samba.tests.auth_log_pass_change (with later gnutls)
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
GPFS 3.5 introduced support for storing the DACL_PROTECTED flag as part
of the ACL. That version has long been superceded. Remove this now
unused codepath.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15211
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Bjoern Jacke <bjacke@samba.org>
This only enforces user group policy at logon.
We should also enforce this policy every 90 to
120 minutes, but a logoff will need to cancel the
timer and we cannot have multiple timers if there
are multiple sessions for the same user.
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct 21 18:48:18 UTC 2022 on sn-devel-184
This was written prior to the release of Windows Vista and later
versions.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Fri Oct 21 04:53:47 UTC 2022 on sn-devel-184
These escapes are meant for the regular expression engine
not the string parser.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Samba is now a mature user of Python and can cope with a
list comprehension from time to time.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
