IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Aug 3 15:25:01 UTC 2023 on atb-devel-224
We should not be making modifications to caller memory. In
particular, this causes problems for logging of requests if the
original request becomes modified.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15442
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Aug 2 12:10:20 UTC 2023 on atb-devel-224
We should not be stealing caller memory like this, and while a
talloc_reference() is not much better, this combined with a
shallow copy should be a little better in terms of polite
memory management.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15442
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15442
Signed-off-by: Arvid Requate <requate@univention.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
[abartlet@samba.org combination of two patches by the above authors]
This combination was known to cause a segfault in Samba 4.13, fixed by
5f0590362c5c0c5ee20503a67467f9be2d50e73b in later versions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14970
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
The aim of this tracing is to make it simple to follow the
requests made from the RPC server and similar to LDB now that
gendb_search_v() is no longer the dominant interface.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Jul 31 11:49:19 UTC 2023 on atb-devel-224
The aim of this tracing is to make it simple to follow the
requests made from the RPC server and similar to LDB now that
gendb_search_v() is no longer the dominant interface.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This will be useful when adding debugging to other routines.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reported by Red Hat internal covscan
leaked_storage: Variable "keytab" going out of scope leaks the storage it points to.
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reported by Red Hat internal covscan
leaked_storage: Variable "keytab" going out of scope leaks the storage it points to.
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reported by Red Hat internal covscan
leaked_storage: Variable "princ" going out of scope leaks the storage it points to.
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
By doing this we use the common samdb_get_system_container_dn() routine and we
avoid doing a linerize and parse step on the main DN, instead using the
already stored parse of the DN. This is more hygenic.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This will replace many calls crafting or searching for this DN
elsewhere in the code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
As hinted in f2416493c0c779356606aebf0aceca8fa416b55c the DCOM and WMI
IDL is now unused. These generate code with PIDL, costing a small
amount of build time but more importantly are fuzzed, which costs an
ongoing amount of CPU time as oss-fuzz tries to find parsing issues.
We do not need to continue this waste, and these can be restored
if this effort is ever to start again.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This follows f2416493c0c779356606aebf0aceca8fa416b55c, removing the remaining parts
of our DCOM effort. This can be resumed at a later time, but for now this is untested
(as we have no server) and just uses build time.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This tests the reload (and if needed regeneration) of
tls certificates.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reload certificates with the command 'smbcontrol ldap_server reload-certs'.
The message is send to the master process, who forwards it to the workers
processes.
The master process reload and, if necessary, create the certificates first,
then the workers processes reload them.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We store individual pointers we need and adjust them
as needed in ldapsrv_post_fork() and the newly added
ldapsrv_before_loop().
This will be required for the next steps.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The following commits will implement the reloading of tls certificates.
Therefore we need to overwrite the interal memory.
Note we need to make sure x509_cred and dh_params from
tstream_tls_params_internal stay alive for the whole lifetime
of this session!
See 'man gnutls_credentials_set' and
'man gnutls_certificate_set_dh_params'.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
In order to allow the before_loop() hook to register messages or event
handlers, we need to fix up task->event_ctx and create a new
task->msg_ctx. It also means the struct task_server pointer
changes in the master before_loop() hook.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This gives the service a chance to register messaging and/or event handlers
on the correct contexts.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Sending a message to a process with multiple tevent contexts
can cause a message to get stuck and cause a data leak.
In general it's safer to call imessaging_dgm_unref_ev() before
talloc_free()...
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
sl_pack_alloc() does the buffer allocation that previously all callers of
sl_pack() did themselves.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Sends a maliciously crafted packet where the value in a key/value style
dictionary for the "scope" key is a simple string object whereas the server
expects an array. As the server doesn't perform type validation on the value, it
crashes when trying to use the "simple" object as a "complex" one.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15341
Signed-off-by: Ralph Boehme <slow@samba.org>
Send a maliciously crafted packet where a nil type has a subcount of 0. This
triggers an endless loop in mdssvc sl_unpack_loop().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15340
Signed-off-by: Ralph Boehme <slow@samba.org>
