IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
imessaging_client_init() can be used with a wrapper tevent_context,
but only if a global messaging_dgm_ref() already exist.
All other uses of imessaging_init() and imessaging_client_init()
require a raw tevent_context.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Jul 12 02:23:37 CEST 2018 on sn-devel-144
In usecases like using messaging_client_init() with irpc processing we may
free the imessaging_context during the messaging handler.
imessaging_post_handler() is not yet really used, but it will change in
the next commits. imessaging_post_state is a child of imessaging_context
and might be implicitly free'ed before the explicit TALLOC_FREE(state).
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This tests the usage of multiple imessaging_contexts in one process
and also freeing two of them during a message handler.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13514
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
pypolicy module needs appropriate samba_policy library for
extra-python/py3 therefore we need to build it for it to be available
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
In wscript_build, the lib name in deps list may have postfix for Python
3. Instead of hard coding the base name directly, need to load correct
name for each Python version with `bld.pyembed_libname`.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Every caller did a talloc_steal() after socket_create(). Just pass in the
correct memory context.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Feb 13 21:07:17 CET 2018 on sn-devel-144
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Dec 18 08:49:57 CET 2017 on sn-devel-144
this was never disabling ipv6, only v6-only interfaces. This can be achieved
with the interfaces parameter also if wanted.
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 17 00:53:48 CEST 2017 on sn-devel-144
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Aug 16 04:11:47 CEST 2017 on sn-devel-144
The use of SHA-1 has been on the "do not" list for a while now, so make our
self-signed certificates use SHA256 using the new
gnutls_x509_crt_sign2 provided since GNUTLS 1.2.0
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12953
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 15 08:06:40 CEST 2017 on sn-devel-144
We only need to know the prefix "NTLM" and the submech oid GENSEC_OID_NTLMSSP
everything else can be generic.
This should allow us to implement "Negotiate" with GENSEC_OID_SPNEGO
trivial.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
The key is already normalized and should match completely.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
We need to consume full HTTP responses from the socket during the
authentication exchanges, otherwise our HTTP parser gets out of sync for
the next requests.
This will be important for gensec mechs which use an even number
for authentication packets.
I guess this should be done just based on the Content-Length value and
not based on the response code.
So far I saw bodies with 200 and 401 codes.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
We don't need very large headers, the largest ones are
"Authorization" or "WWW-Authenticate", but 128k should be
more than enough for all headers.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
The new logic makes it much clearer that we have a loop of
gensec_update_send()
gensec_update_recv()
http_send_request_send()
http_send_request_recv()
http_read_response_send()
http_read_response_recv()
Until the local gensec and the server are ready.
I've tested this against Windows 2008R2 like this:
bin/smbtorture \
-W BLA --realm=BLA.BASE \
-s /dev/null -Uadministrator%A1b2C3d4 \
ncacn_http:w2k8r2-219[593,RpcProxy=w2k8r2-219.bla.base,HttpUseTls=false,HttpAuthOption=basic] \
rpc.epmapper.epmapper.Lookup_simple \
and:
bin/smbtorture \
-W BLA --realm=BLA.BASE \
-s /dev/null -Uadministrator%A1b2C3d4 \
ncacn_http:w2k8r2-219[593,RpcProxy=w2k8r2-219.bla.base,HttpUseTls=false,HttpAuthOption=ntlm] \
rpc.epmapper.epmapper.Lookup_simple \
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This was missing in commit d718e92d5e.
Sadly we can't have automated tests for this as we only implement
the client side for this protocol.
I've tested with using:
bin/smbtorture \
-W BLA --realm=BLA.BASE \
-s /dev/null -Uadministrator%A1b2C3d4 \
ncacn_http:w2k8r2-219[593,RpcProxy=w2k8r2-219.bla.base,HttpUseTls=false,HttpAuthOption=basic] \
rpc.epmapper.epmapper.Lookup_simple \
and:
bin/smbtorture \
-W BLA --realm=BLA.BASE \
-s /dev/null -Uadministrator%A1b2C3d4 \
ncacn_http:w2k8r2-219[593,RpcProxy=w2k8r2-219.bla.base,HttpUseTls=false,HttpAuthOption=ntlm] \
rpc.epmapper.epmapper.Lookup_simple \
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12919
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jul 21 23:29:39 CEST 2017 on sn-devel-144
This is completely untested and from reading the code it doesn't really
do anything beside always returning None from the get_class_object() method.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue May 30 12:16:57 CEST 2017 on sn-devel-144
Pass in the TALLOC_CTX * from the module init to remove
another talloc_autofree_context() use.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Call popt_free_cmdline_credentials() on successful exit from torture.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Add one use of popt_set_cmdline_credentials().
Fix 80 column limits when cmdline_credentials changes
to popt_get_cmdline_credentials().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Those have been deprecated with GnuTLS 1.0.20 in 2004. I think it is
safe to use them now ;)
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Apr 26 03:09:19 CEST 2017 on sn-devel-144
Not currently used - no logic changes inside.
This will make it possible to pass down a long-lived talloc
context from the loading function for modules to use instead
of having them internally all use talloc_autofree_context()
which is a hidden global.
Updated all known module interface numbers, and added a
WHATSNEW.
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Apr 22 01:17:00 CEST 2017 on sn-devel-144
Defensive programming change. Not strictly needed to prevent
any crash/error.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ensure it is called from process_standard.c after
every fork().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Mar 31 14:48:17 CEST 2017 on sn-devel-144
This will help avoid a dep loop when the low-level auth code relies on the message
code to deliver authentication messages
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
This avoids the python code needing to call getpid() internally,
while declaring a stable task_id.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
These change allow us to write a messaging server in python.
The previous ping_speed test did not actually test anything, so
we use .loop_once() to make it actually work. To enable practial use
a context is supplied in the tuple with the callback, and the server_id
for the reply is not placed inside an additional tuple.
In order to get at the internal event context on which to loop, we
expose imessaging_context in messaging_internal.h and allow the python
bindings to use that header.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This allows tests to be indirectly added for server_id_db_lookup()
and server_id_db_prune_name()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12705
This allows tests to be indirectly added for server_id_db_lookup()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12705
samba-policy requires samba-net which requires PROVISION, which
is disabled when python isn't available.
Signed-off-by: Ian Stakenvicius <axs@gentoo.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Configuration values such as HAVE_STDDEF_H can be set to 0
to indicate a test failure. Waf 1.5 has a few bugs that
prevent configuration tests from setting such values
consistently on failures.
Consequently, conditions such as 'if conf.env.VARNAME' must be
used to indicate that config test successes are expected.
Note that conf.env.VARNAME always returns an empty list (False value)
when no variable is defined so there are no risk of raising
AttributeError/KeyError exceptions.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Tue Feb 21 13:47:07 CET 2017 on sn-devel-144
We were initialising a uint32_t[5] block with memset(..., 5) when we
surely meant memset(..., 5 * sizeof(uint32_t)) or some equivalent.
Thanks go to gcc-7 and -Wmemset-elt-size. The warning looks like this:
../source4/lib/registry/regf.c: In function ‘reg_create_regf_file’:
../source4/lib/registry/regf.c:2095:2: warning: ‘memset’ used with length equal to number of elements without multiplication by element size [-Wmemset-elt-size]
memset(nk.unk3, 0, 5);
^~~~~~
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12419
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Nov 16 16:35:12 CET 2016 on sn-devel-144
Send 1000 messages without picking them up. Then destroy the sending messaging
context.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The variable error_pos is used only with enabled ENABLE_GNUTLS
There are warnings if compiled witout gnutls
../source4/lib/tls/tls_tstream.c: In function ‘_tstream_tls_connect_send’:
../source4/lib/tls/tls_tstream.c:1053:14:
warning: unused variable ‘error_pos’ [-Wunused-variable]
const char *error_pos;
^~~~~~~~~
../source4/lib/tls/tls_tstream.c: In function ‘_tstream_tls_accept_send’:
../source4/lib/tls/tls_tstream.c:1333:14:
warning: unused variable ‘error_pos’ [-Wunused-variable]
const char *error_pos;
^~~~~~~~~
Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Sep 21 00:01:09 CEST 2016 on sn-devel-144
Ensure the messaging dgm context goes away *before* the tevent
context. The messaging dgm context will likely have active fd or timer
events, their rundown will touch the associated tevent context.
Otoh, I deliberately don't free the imessaging context here, that's going
to happen as part of freeing the talloc_autofree_context() as before. I
think it suffers the same problem, eg imessaging_deregister() works on
an imessaging_context that might already be freed. But as it works,
don't change it.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
According to susv4, addr.s6_addr is a
uint8_t s6_addr[16]
which is always != 0
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
With modern messaging this doesn't do anything (it's an
empty destructor). Clean up so we can add a proper destructor
in future.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
