IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Also remove a level of indentation with a "goto done;"
Best review with "git show -b", almost no code change
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14366
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit ae91d67a247424d4ddc89230f52365558d6ff402)
This wrongly used "frame" instead of "fname", which can never have
worked. A first attempt to fix in 51551e0d53fa6 caused a few followup
patches in an attempt to clean up the test failures 51551e0d53fa6
introduced. They were reverted after a few discussions. So rather than
changing behaviour, just remove the code that introduced the valgrind
error again.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar 20 05:06:07 UTC 2020 on sn-devel-184
(cherry picked from commit 39c910fd9cba3caf7414274b678b9eee33d7e20b)
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Mon May 4 13:19:42 UTC 2020 on sn-devel-144
o CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ
o CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Add search request size limits to ldap_decode calls.
The ldap server uses the smb.conf variable
"ldap max search request size" which defaults to 250Kb.
For cldap the limit is hard coded as 4096.
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The test python/samba/tests/ldap_raw.py does not run under python 3
which means the CI task build_ad_dc_py2 fails. The test is run and
passes in the CI task build_ad_dc. This patch adds a check for the
Python version and skips the tests if running under python 2, allowing
CI to run for V4.10.
This patch is only applied to version 4.10.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Add tests to check that ASN.1 ldap requests with deeply nested elements
are rejected. Previously there was no check on the on the depth of
nesting and excessive nesting could cause a stack overflow.
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
ASQ is a very strange control and a BASE search can return multiple results
that are NOT the requested DN, but the DNs pointed to by it!
Thanks to Andrei Popa <andrei.popa@next-gen.ro> for finding,
reporting and working with us to diagnose this issue!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14331
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
(backported from patch for master due to selftest changes)
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
We want to keep going down the module stack, and not start from the top again.
ASQ is above the ACL modules, but below paged_results and we do not wish to
re-trigger that work.
Thanks to Andrei Popa <andrei.popa@next-gen.ro> for finding,
reporting and working with us to diagnose this issue!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14331
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Thanks to Andrei Popa <andrei.popa@next-gen.ro> for finding,
reporting and working with us to diagnose this issue!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14331
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
(backported from patch for master due to selftest changes)
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
The only place the outgoing connection needs to be stopped is when
there is a timeout when waiting for the connection to become writable.
Add a new function ctdb_tcp_node_connect_timeout() to handle this
case.
All of the other cases are attempts to establish a new outgoing
connection (initial attempt, retry after an error or disconnect, ...)
so drop stopping the connection in those cases.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14295
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Signed-off-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Mar 12 05:29:20 UTC 2020 on sn-devel-184
(cherry picked from commit 319c93f0c6a949545229b616dfbd4f51baf11171)
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Tue Mar 24 10:48:31 UTC 2020 on sn-devel-144
No change in behaviour. This makes the code self-documenting.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14295
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit 2c73dbafba50b28e72a8ec7b4382fae42fca6d17)
No change in behaviour. This makes the code self-documenting.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14295
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit 1e2a967ff41cc29c3a0d7f61a46937c68fdb90ba)
The node dead upcall has already restarted the outgoing connection.
There's no need to repeat it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14295
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit ea37ecdcd5960311f54a7a5510b88a654da23daa)
ctdb_tcp_tnode_cb() is called when we receive data on the outgoing connection.
This can happen when we get an EOF on the connection because the other side as
closed. In this case data will be NULL.
It would also be called if we received data from the peer. In this case data
will not be NULL.
The latter case is a fatal error though and we already call
ctdb_tcp_stop_connection() for this case as well, which means even though the
node is not fully connected anymore, by not calling the node_dead() upcall
NODE_FLAGS_DISCONNECTED will not be set.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14295
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit b83ef98c7466b2a81968555de83fb977bb6ca9f0)
Since commit 77deaadca8e8dbc3c92ea16893099c72f6dc874e, a nodeA which
had previously accepted a connection from nodeB (where nodeB dies
e.g. as as result of fencing) when nodeB attempts to connect again
after restarting is always rejected with
ctdb_listen_event: Incoming queue active, rejecting connection from w.x.y.z
messages.
Consolidate dead node handling in the TCP restart handling.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14295
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit 0ff1b78fc2f0491f9e11131d0040bdaba8873770)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14295
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 15762a34559599cf908e30651a2d4c11560068ed)
If NODE_FLAGS_DISCONNECTED is set the node can be in half-connected state. With
this change we ensure to restart the transport for this case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14295
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit 6a4fa0785fc83561939fa41617d526eb96c1af89)
This gives a casual reader a useful clue.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 750f3938e4fcd6743954db6b1132751a90ee6107)
This gives a casual reader a useful clue.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 53f8492caafa8556d0c2d3f272d08ce5ce098c25)
If *offset is length - 1, we would read ubuf[(*offset)+1] as the lower
bits of the new *offset. This value is undefined, but because it is
checked against the valid range, there is no way to read further
beyond that one byte.
Credit to oss-fuzz.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14242
OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20193
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Feb 7 10:19:39 UTC 2020 on sn-devel-184
(cherry picked from commit 3bc7acc62646b105b03fd3c65e9170a373f95392)
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Wed Mar 18 16:19:59 UTC 2020 on sn-devel-144
In a few rare cases, a test needs to assert aspects both client-side and
server-side aspects. A typical example would be the audit logging, which
is exercising client-side behaviour, but also asserting the server-side
logging.
Usually this has involved a kludge in tests.py to either use
socket-wrapper explicitly, or hardcode in the server smb.conf path.
This patch exposes the existing SERVERCONFFILE env variable to the
tests. DC_SERVERCONFFILE has been added for 2 DC testenvs, where we need
the PDC's smb.conf.
The benefit of doing this way is the filepath/testenv-dependency logic
is all self-contained with the Perl code, and it doesn't bleed out into
tests.py as well.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit aeadf75c24a4af4143e389e2b27d3a90899fb638)
Fixes autobuild with the patches for
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14285
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Wed Mar 4 11:26:37 UTC 2020 on sn-devel-144
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14258
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Feb 6 16:24:25 UTC 2020 on sn-devel-184
(cherry picked from commit c8e3c78d4f2a6f3e122fe458aa6835772290a700)
el->values is caller-provided memory that should be thought of as constant,
it should not be assumed to be a talloc context.
Otherwise, if the caller gives constant memory or a stack
pointer we will get an abort() in talloc when it expects
a talloc magic in the memory preceeding the el->values.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14258
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 3657bbc21182d764ddfcd603025f24ec240fd263)
See https://docs.python.org/3.9/whatsnew/3.9.html#changes-in-the-python-api
"open(), io.open(), codecs.open() and fileinput.FileInput no longer accept 'U'
(“universal newline”) in the file mode. This flag was deprecated since Python
3.3. In Python 3, the “universal newline” is used by default when a file is
open in text mode. The newline parameter of open() controls how universal
newlines works."
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14266
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Feb 6 07:30:13 UTC 2020 on sn-devel-184
(cherry picked from commit 52722746a5eb40c309ba59f78bd8e3d897417bdc)
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Mon Feb 24 11:28:18 UTC 2020 on sn-devel-144
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14283
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Thu Feb 20 15:31:20 UTC 2020 on sn-devel-144
If we can't bind the local end of an outgoing connection then
something has gone wrong. Retrying is better than failing into a
zombie state. The interface might come back up and/or the address my
be reconfigured.
While here, do the same thing for the other (potentially transient)
failures.
The unknown address family failure is special but just handle it via a
retry. Technically it can't happen because the node address parsing
can only return values with address family AF_INET or AF_INET6.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14274
RN: Retry inter-node TCP connections on more transient failures
Reported-by: 耿纪超 <gengjichao@jd.com>
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit a40fc709cc972dadb40efbf1394b10fae3cfcc07)
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Mon Feb 17 15:50:11 UTC 2020 on sn-devel-144
A similar hunk was added via commit
89f753c1fc824fef29aebb7d783ab7e09cd1f04e ("winbind: Use xids2sids in getpwuid"),
but it was missing in commit
e2dda192e7f8b65a5f02120be56cf0f07d03679f ("winbind: Use xids2sids in getgrgid")
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14265
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Feb 5 17:56:58 UTC 2020 on sn-devel-184
(cherry picked from commit 4d0bda9467ac3f45f85f48a281cdb173ce1064eb)
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Tue Feb 11 12:26:52 UTC 2020 on sn-devel-144
When a domain member gets an empty domain name or '.', it should
not forward the authentication to domain controllers of
the primary domain.
But we need to keep passing UPN account names with
an empty domain to the DCs as a domain member.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 590df382bea44eec2dbfd2a28c659b0a29188bca)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit a9eeea6ef78cc44c8423c7125fa1376921060018)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit a63e2a312c761093fedb09bd234b6736485a930a)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 01b8374e7942141e7f6cbdec7623c981a008e4c1)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 72ef8d3a52c1ab07c079a4c014ba8ac7bff528f7)
