IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 531f31df99341b2cb1afc42538022451ca771983)
We assume no values is unlikely, since we have been dereferencing
->values[0] forever, with no known reports of trouble.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit d4e69734c65ade0bbb398447012513a7f27e98bd)
There are further changes coming here.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit d785c1991c922150bab38c36cef3a799448ac304)
the access_mask is the easiest to overflow with subtraction -- other
fields are 8 or 16 bit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Apr 10 23:58:12 UTC 2024 on atb-devel-224
(cherry picked from commit 81598b42455d6758941da532c668b6d4e969cc40)
ace->access_mask is uint32_t, so can overflow a signed int.
This would be easy to trigger, as it is a flags field rather than an
allocation count.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit e35d54fd4d381df67ab9b4f8390e2109b2142678)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 31101a9fa1503be9d8137e42466f57d85136a156)
v->type is an int-sized enum, so overflow might be possible if it could
be arbitrarily set.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 5e99262aaf5fc6601f3859c8b060b680b11bf6ea)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit a197be2003d7e248b1e1294f4ad5473f48762bce)
expire_time is time_t, which is at least int-sized, so overflow is
possible (if this code ever runs).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit d8b97649ef4d3ccaf53878021be0e2d4824b982c)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 66d47537e42caa528c7fab670d9c35d27c513cce)
dnsp_DnssrvRpcRecord.dwTimeStamp is uint32_t, making overflow possible.
dnsp_DnssrvRpcRecord.wType is an enum, which has the size of an int,
though it may be hard to set it to overflowing values.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 42ead213484840121ce6bc0db22941ea0a019105)
SamEntry.idx is uint32_t.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit ed3ab87bdb0f6c6a9ea6323ed240fe267220b759)
Although these are size_t, in practice TDB data is limited to 32 bit.
Even so, overflow of a signed int is possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit dd4a0c276813b2c8516061110a7e580aa9afcf40)
These numbers are all 8 bit, so overflow is unlikely.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 4641a97151783c2ae825582e91b4676d66dcb713)
sid->num_auths is always small (int8 < 16), so this is cosmetic only.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit cb94202c1cf990e871ee2e8e43c577a0e4b9ee6f)
We can still have inconsistent comparisons, because two elements with
the same number of values will always return -1 if they are unequal,
which means they will sort differently depending on the order in which
they are compared.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 21a071e4864dd739840c2ad4adb0c71ec33f8427)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 5c36bc82415b246fccec9eae693da82b7aa45b81)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit e1519c3667841ce27b15983eae378799ef9936f7)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 838c68470299045c5b1c9bdbd527edbeedebf2d6)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit f78b964cd81db11097e78099c0699f571f20e126)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 997b72d79e651ddbc20e67006ae176229528dc6f)
In some situations, like comparison functions for qsort, we don't care
about the actual value, just whethger it was greater or less than
zero.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 6159b098cf35a8043682bfd4c4ea17ef0da6e8ee)
This one was OK, as the numbers are tightly bound, but there is no
real reason not to do it safely.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 3414a894ad6640fa8e282d650b1cc5319991545f)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 4a9d274d43b1adac113419c649bbf530d180229d)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit f07ae6990702f8806c0c815454b80a5596b7219a)
If these are truly unicode codepoints (< ~2m) there is no overflow,
but the type is defined as uint32_t.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 675fdeee3d6570fdf5a055890dc3386a8db5fd88)
We have changed strcasecmp_m() to return -1 in a place where it used
to return -3. This upset a test, but it shouldn't have: the exact
value of the negative int is not guaranteed by the function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit d4ce8231f986a359dc657cd1a6b416270a53c7d3)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit f788a399996a73b2aa206ec2b15f5943b06660e0)
We now test cases:
1. where the first string compares less
2. one of the strings ends before the other
3. the strings differ on a character other than the first.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit a512759d7b216cacc0a780b3304549b7945f919c)
strncasecmp_m is supposed to return a negative, zero, or positive
number, not necessarily the difference between the codepoints in
the first character that differs, which we have been asserting up to
now.
This fixes a knownfail on 32 bit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit dda0bb6fc71bae91f3158f69462cb79fdad210fb)
strcasecmp_m is supposed to return a negative, zero, or positive
number, depending on whether the first argument is less than, equal to,
or greater than the second argument (respectively).
We have been asserting that it returns exactly the difference between
the codepoints in the first character that differs.
This fixes a knownfail on 32 bit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit ac0a8cd92ca4497bfcfad30e2b4d47547b582b92)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 09c98ff1263eb05933f1956e201655dd41e28a0c)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit ee4ebcccd7d9d89dda59615b3653df2632fb1a5d)
prec_{1,2} are uint32_t, and if one is not set we are defaulting to
0xffffffff (a.k.a UINT32_MAX), so an overflow when cast to int seems
extremely likely.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 623adcf4aae00ac06e82d98a75ce4644890501e6)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit a6d76d6ee9f7cfcabe2c20b872b8b1cb598928a6)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 75e51bd99b7a029afd98b55283eddad835319ed6)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 5150b318f4894a8036b2a394c446afd513f8cb60)
In other places we tend to include tsort.h, which also has TYPESAFE_QSORT.
ldb.h already has TYPESAFE_QSORT, so it might as well have NUMERIC_CMP.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit de1b94f79ea8694ecdddab4b455d539caa7e77e2)
In many places we use `return a - b;` in a comparison function. This can
be problematic if the comparison is used in a sort, as `a - b` is not
guaranteed to do what we expect. For example:
* if a and b are 2s-complement ints, a is INT_MIN and b is INT_MAX, then
a - b = 1, which is wrong.
* if a and b are 64 bit pointers, a - b could wrap around many times in
a cmp function returning 32 bit ints. (We do this often).
The issue is not just that a sort could go haywire.
Due to a bug in glibc, this could result in out-of-bounds access:
https://www.openwall.com/lists/oss-security/2024/01/30/7
(We have replicated this bug in ldb_qsort).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 5ab93f48c575db1a3c5a707258cc44f707a5eeb0)
Usually we are dealing with a filename that tells you what the pipe is,
and there is no reason for this debug helper not to be convenient
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 8b6a584170eeb5082a188879be88e5f414b0be81)
If a compare function is non-transitive (for example, if it evaluates
A > B and B > C, but A < C), this implementation of qsort could access
out-of-bounds memory. This was found in glibc's qsort by Qualys, and
their write-up for OSS-Security explains it very well:
https://www.openwall.com/lists/oss-security/2024/01/30/7
An example of a non-transitive compare is one in which does this
int cmp(const void *_a, const void *_b)
{
int a = *(int *)_a;
int b = *(int *)_b;
return a - b;
}
which does the right thing when the magnitude of the numbers is small,
but which will go wrong if a is INT_MIN and b is INT_MAX. Likewise, if
a and b are e.g. uint32_t, the value can wrap when cast to int.
We have functions that are non-transitive regardless of subtraction.
For example, here (which is not used with ldb_qsort):
int codepoint_cmpi(codepoint_t c1, codepoint_t c2)
if (c1 == c2 ||
toupper_m(c1) == toupper_m(c2)) {
return 0;
}
return c1 - c2;
}
The toupper_m() is only called on equality case. Consider {'a', 'A', 'B'}.
'a' == 'A'
'a' > 'B' (lowercase letters come after upper)
'A' < 'B'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15569
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 73e4f6026ad04b73074b413bd8c838ca48ffde7f)
It turns out the timestamp doesn't need to be real, and it isn't used,
but it might as well tell you something. So let's make it tell you what
version of Samba it came from, which could be useful for people who have
lots of old winexes lying around, the poor souls.
00000040 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th|
00000050 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno|
00000060 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS |
00000070 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
00000080 50 45 00 00 64 86 0a 00 00 15 04 00 00 00 00 00 |PE..d...........|
| | |
| | major 4.
| minor 21.
release 0
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13213
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Fri May 31 01:28:06 UTC 2024 on atb-devel-224
(cherry picked from commit 3a7dbf8b77b2a9e7cdc55bc5b339b9f501d037aa)
Windows Portable Executable files have a timestamp field and a
checksum field. By default the timestamp field is updated to the
current time, which consequently changes the checksum. This makes the
build nondeterministic. It looks like this:
--- a/tmp/winexe-1/winexesvc64_exe_binary.c
+++ b/tmp/winexe-2/winexesvc64_exe_binary.c
@@ -23,7 +23,7 @@ const DATA_BLOB *winexesvc64_exe_binary(void)
0x6D, 0x6F, 0x64, 0x65, 0x2E, 0x0D, 0x0D, 0x0A,
0x24, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x50, 0x45, 0x00, 0x00, 0x64, 0x86, 0x0A, 0x00,
- 0xB2, 0x16, 0x55, 0x66, 0x00, 0x00, 0x00, 0x00,
+ 0xD3, 0x3B, 0x55, 0x66, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0xF0, 0x00, 0x2E, 0x02,
0x0B, 0x02, 0x02, 0x26, 0x00, 0x86, 0x00, 0x00,
0x00, 0xBA, 0x00, 0x00, 0x00, 0x0C, 0x00, 0x00,
@@ -33,7 +33,7 @@ const DATA_BLOB *winexesvc64_exe_binary(void)
0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x05, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x40, 0x01, 0x00, 0x00, 0x04, 0x00, 0x00,
- 0x73, 0xD7, 0x00, 0x00, 0x03, 0x00, 0x60, 0x01,
+ 0x94, 0xFC, 0x00, 0x00, 0x03, 0x00, 0x60, 0x01,
0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00,
https://learn.microsoft.com/en-us/windows/win32/debug/pe-format says
that a timestamp of zero can be used to represent a time that is not
"real or meaningful", so we do that.
As far as I can tell, the timestamp and checksum are only used in
DLLs, not directly executed .exe files.
Thanks to Freexian and the Debian LTS project for sponsoring this work.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13213
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit e604f7575167d3572e1b67c6e77ab7273508533d)
Like many languages, Perl uses has randomisation to prevent nasty
users using crafted values that hash to the same number to effect a
denial of service. This means the traversal order of perl HASH tables
is different every time.
The IDL handed to pidl is trusted, so we don't really need
randomisation, but we do want to be sure the build is the same every
time.
I am not aware of hash randomisation causing problems, but it seems
prudent to avoid it.
We do a similar thing with PYTHONHASHSEED for the entire build.
Thanks to Freexian and the Debian LTS project for sponsoring this work.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13213
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 068b366709d005275727a0e8929d272c04cb7bd8)
This function is only used by Python.pm, and was assuming any argument
unrecognised by hasType is a name. It sometimes isn't, resulting in
structures like this:
{
'DATA' => {
'TYPE' => 'STRUCT'
},
'NAME' => {
'TYPE' => 'STRUCT',
'ALIGN' => undef,
'SURROUNDING_ELEMENT' => undef,
'ORIGINAL' => {
'TYPE' => 'STRUCT',
'FILE' => 'source3/librpc/idl/smbXsrv.idl',
'LINE' => 101,
'NAME' => 'tevent_context'
},
'ELEMENTS' => undef,
'NAME' => 'tevent_context',
'PROPERTIES' => undef
},
'TYPE' => 'TYPEDEF'
};
The problem with that is we end up with the HASH reference as a name
in Python bindings, like this
PyErr_SetString(PyExc_TypeError, "Can not convert C Type struct HASH(0x5e2dfe5ee278) from Python");
which makes the build nondeterministic (as well as making the message
a little mysterious).
I think all the structures for which this happens are marked
'[ignore]' in IDL, meaning they are not transmitted on the wire. They
should perhaps also not have useless Python getsetters, but let's call
that a different problem.
Thanks to Freexian and the Debian LTS project for sponsoring this work.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13213
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit f3433f60b8ee83fc785a6e6838513de31bff5a6a)
In case of a trusted domain, we are providing the realm of the primary
trust but specify the KDC IP of the trusted domain. This leads to
Kerberos ticket requests to the trusted domain KDC which doesn't know
about the machine account. However we need a ticket from our primary
trust KDC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15653
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(backported from commit 8989aa47b7493e6b7978c2efc4a40c781e9a2aee)
Autobuild-User(v4-20-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-20-test): Wed Jun 5 15:01:54 UTC 2024 on atb-devel-224
The IP should be optional and we should look it up if not provided.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15653
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 9dcc52d2a57314ec9ddaae82b3c49da051d1f1d2)
Remove the requirement to provide an IP address. We should look up the
IP of the KDC and use it for the specified realm/workgroup.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15653
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 28aa0b815baf4668e3df01d52597c40fd430e2fb)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15633
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
(cherry picked from commit 7a5e7b821259890dd2978e6f113f4a3dad110ea4)
This is needed in order to let nbt_getdc() work against
another AD DC and get back a modern response with
DNS based names. Instead of falling back to
the ugly name_status_find() that simulates just
an NETLOGON_SAM_LOGON_RESPONSE_NT40 response.
This way dsgetdcname() can work with just the netbios
domain name given and still return an active directory
response.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15620
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 796f33c05a0ca337b675b5d4d127f7c53b22528f)
Autobuild-User(v4-20-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-20-test): Thu May 30 10:57:04 UTC 2024 on atb-devel-224
