IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This can be useful for debugging tdb databases, the hex output of the
key can be used for "net tdb" or ctdb commands.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
When this test is called from wscript, only the exit code is checked.
Track failures and return as non-zero exit code.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add missing free for entry variable and its members : key and principal
Found definite memory leaks via valgrind as shown below.
Leak 1 :
==1686== 76,800 bytes in 2,400 blocks are definitely lost in loss record 432 of 433
==1686== at 0x4C38185: malloc (vg_replace_malloc.c:431)
==1686== by 0x79CBFED: krb5int_c_copy_keyblock_contents (keyblocks.c:101)
==1686== by 0x621CFA3: krb5_mkt_get_next (kt_memory.c:500)
==1686== by 0x141186: extract_pac_vrfy_sigs (winbindd_pam.c:3384)
==1686== by 0x141186: winbindd_pam_auth_pac_verify (winbindd_pam.c:3434)
==1686== by 0x17ED21: winbindd_pam_auth_crap_send (winbindd_pam_auth_crap.c:68)
==1686== by 0x127F45: process_request_send (winbindd.c:502)
==1686== by 0x127F45: winbind_client_request_read (winbindd.c:749)
==1686== by 0x124AAF: wb_req_read_done (wb_reqtrans.c:126)
==1686== by 0x66D4706: tevent_common_invoke_fd_handler (tevent_fd.c:142)
==1686== by 0x66DAF4E: epoll_event_loop (tevent_epoll.c:737)
==1686== by 0x66DAF4E: epoll_event_loop_once (tevent_epoll.c:938)
==1686== by 0x66D8F5A: std_event_loop_once (tevent_standard.c:110)
==1686== by 0x66D39B4: _tevent_loop_once (tevent.c:823)
==1686== by 0x1232F3: main (winbindd.c:1718)
Leak 2 :
==1686== at 0x4C38185: malloc (vg_replace_malloc.c:431)
==1686== by 0x62255E4: krb5_copy_principal (copy_princ.c:38)
==1686== by 0x621D003: krb5_mkt_get_next (kt_memory.c:503)
==1686== by 0x141186: extract_pac_vrfy_sigs (winbindd_pam.c:3384)
==1686== by 0x141186: winbindd_pam_auth_pac_verify (winbindd_pam.c:3434)
==1686== by 0x17ED21: winbindd_pam_auth_crap_send (winbindd_pam_auth_crap.c:68)
==1686== by 0x127F45: process_request_send (winbindd.c:502)
==1686== by 0x127F45: winbind_client_request_read (winbindd.c:749)
==1686== by 0x124AAF: wb_req_read_done (wb_reqtrans.c:126)
==1686== by 0x66D4706: tevent_common_invoke_fd_handler (tevent_fd.c:142)
==1686== by 0x66DAF4E: epoll_event_loop (tevent_epoll.c:737)
==1686== by 0x66DAF4E: epoll_event_loop_once (tevent_epoll.c:938)
==1686== by 0x66D8F5A: std_event_loop_once (tevent_standard.c:110)
==1686== by 0x66D39B4: _tevent_loop_once (tevent.c:823)
==1686== by 0x1232F3: main (winbindd.c:1718)
Signed-off-by: Shaleen Bathla <shaleen.bathla@oracle.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Apr 16 10:22:51 UTC 2024 on atb-devel-224
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Apr 16 05:02:30 UTC 2024 on atb-devel-224
Modifications to unicodePwd require an encrypted connection. This change
allows unicodePwd to be modified over an ldapi connection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15634
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Once we have a gMSA server side the impact of deleting root keys becomes real
and so we must do this in a quiet place where it can not impact on other things.
Likewise, we want the samba.tests.dsdb_quiet_provision_tests tests to run
somewhere that is not doing other things, so we can see what a bare provision
will do. We must not allow test ordering inside the file to cause tests that
create root keys to run before checking if provision created a usable root key.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
The call to $self->setup_namespaces() was allways in error, as the design
is to have the in the state that it was backed up in, but before commit
08be28241b the error return was not
checked and so this was harmless.
The customdc environment is not tested in selftest currently, as
it is intended to be used for manual testing of domains from backup
files not as an automatically constructed environment.
This makes:
BACKUP_FILE=samba-backup-2024-04-11T14-10-20.437096.tar.bz2 SELFTEST_TESTENV=customdc make testenv
work again.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
This adds support for MIT Kerberos minimal PAC. Tickets from pure
Kerberos realms with MIT Kerberos 1.21 or newer will always include a
minimal PAC. The PAC include the checksum buffers and a logon_name PAC
buffer.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This gets rid of the multiple goto and just have a single destructor
goto.
Best view this commit with `git show -b <sha> --color-moved=zebra`
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is in preparation to split up the function into several functions.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The traceid debug header field is a useful feature, let's make it
default.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15631
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Mon Apr 15 18:47:41 UTC 2024 on atb-devel-224
This command line panics:
$ bin/rpcclient ncacn_np: -c epmlookup
0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
1 0x00007ffff64ae8a3 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78
2 0x00007ffff645c8ee in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
3 0x00007ffff64448ff in __GI_abort () at abort.c:79
4 0x00007ffff7b01524 in tevent_req_is_nterror (req=0x555555728610, status=0x7fffffff9bb4) at ../../lib/util/tevent_ntstatus.c:66
5 0x00007ffff7b9fd91 in cli_connect_nb_recv (req=0x555555728610, pcli=0x5555556fcb18) at ../../source3/libsmb/cliconnect.c:2731
6 0x00007ffff7ba02a8 in cli_start_connection_connected (subreq=0x555555728610) at ../../source3/libsmb/cliconnect.c:2882
7 0x00007ffff7aecb1a in _tevent_req_notify_callback (req=0x555555728610, location=0x7ffff7bde0e0 "../../source3/libsmb/cliconnect.c:2686") at ../../lib/tevent/tevent_req.c:177
8 0x00007ffff7aeccab in tevent_req_finish (req=0x555555728610, state=TEVENT_REQ_USER_ERROR, location=0x7ffff7bde0e0 "../../source3/libsmb/cliconnect.c:2686") at ../../lib/tevent/tevent_req.c:234
9 0x00007ffff7aecdda in tevent_req_trigger (ev=0x5555557182e0, im=0x555555728720, private_data=0x555555728610) at ../../lib/tevent/tevent_req.c:291
10 0x00007ffff7aeb513 in tevent_common_invoke_immediate_handler (im=0x555555728720, removed=0x0) at ../../lib/tevent/tevent_immediate.c:190
11 0x00007ffff7aeb685 in tevent_common_loop_immediate (ev=0x5555557182e0) at ../../lib/tevent/tevent_immediate.c:236
12 0x00007ffff7af7502 in epoll_event_loop_once (ev=0x5555557182e0, location=0x7ffff7af8ac0 "../../lib/tevent/tevent_req.c:342") at ../../lib/tevent/tevent_epoll.c:905
13 0x00007ffff7af2d22 in std_event_loop_once (ev=0x5555557182e0, location=0x7ffff7af8ac0 "../../lib/tevent/tevent_req.c:342") at ../../lib/tevent/tevent_standard.c:110
14 0x00007ffff7ae93ab in _tevent_loop_once (ev=0x5555557182e0, location=0x7ffff7af8ac0 "../../lib/tevent/tevent_req.c:342") at ../../lib/tevent/tevent.c:820
15 0x00007ffff7aecf9e in tevent_req_poll (req=0x555555728290, ev=0x5555557182e0) at ../../lib/tevent/tevent_req.c:342
16 0x00007ffff7b01647 in tevent_req_poll_ntstatus (req=0x555555728290, ev=0x5555557182e0, status=0x7fffffff9f4c) at ../../lib/util/tevent_ntstatus.c:109
17 0x00007ffff7ba246a in cli_full_connection_creds (output_cli=0x7fffffffa220, my_name=0x555555701990 "CLUSTEREDMEMBER", dest_host=0x0, dest_ss=0x0, port=0, service=0x5555556981d1 "IPC$", service_type=0x5555556981d6 "IPC", creds=0x5555556fa410, flags=4096) at ../../source3/libsmb/cliconnect.c:3807
18 0x0000555555619ae9 in main (argc=4, argv=0x7fffffffa3e8) at ../../source3/rpcclient/rpcclient.c:1308
tevent_req_is_nterror() expects error set by tevent_req_nterror()
- to have TEVENT_NTERROR_MAGIC, otherwise it calls abort().
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Mon Apr 15 14:55:21 UTC 2024 on atb-devel-224
This shouldn't have been DBG_ERR, and it might as well say something
about the tombstone.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15630
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Apr 12 15:18:05 UTC 2024 on atb-devel-224
the access_mask is the easiest to overflow with subtraction -- other
fields are 8 or 16 bit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Apr 10 23:58:12 UTC 2024 on atb-devel-224
ace->access_mask is uint32_t, so can overflow a signed int.
This would be easy to trigger, as it is a flags field rather than an
allocation count.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
v->type is an int-sized enum, so overflow might be possible if it could
be arbitrarily set.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>