IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
imessaging_client_init() can be used with a wrapper tevent_context,
but only if a global messaging_dgm_ref() already exist.
All other uses of imessaging_init() and imessaging_client_init()
require a raw tevent_context.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Jul 12 02:23:37 CEST 2018 on sn-devel-144
In usecases like using messaging_client_init() with irpc processing we may
free the imessaging_context during the messaging handler.
imessaging_post_handler() is not yet really used, but it will change in
the next commits. imessaging_post_state is a child of imessaging_context
and might be implicitly free'ed before the explicit TALLOC_FREE(state).
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This tests the usage of multiple imessaging_contexts in one process
and also freeing two of them during a message handler.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13514
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
pypolicy module needs appropriate samba_policy library for
extra-python/py3 therefore we need to build it for it to be available
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
In wscript_build, the lib name in deps list may have postfix for Python
3. Instead of hard coding the base name directly, need to load correct
name for each Python version with `bld.pyembed_libname`.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Every caller did a talloc_steal() after socket_create(). Just pass in the
correct memory context.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Feb 13 21:07:17 CET 2018 on sn-devel-144
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Dec 18 08:49:57 CET 2017 on sn-devel-144
this was never disabling ipv6, only v6-only interfaces. This can be achieved
with the interfaces parameter also if wanted.
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 17 00:53:48 CEST 2017 on sn-devel-144
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Aug 16 04:11:47 CEST 2017 on sn-devel-144
The use of SHA-1 has been on the "do not" list for a while now, so make our
self-signed certificates use SHA256 using the new
gnutls_x509_crt_sign2 provided since GNUTLS 1.2.0
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12953
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 15 08:06:40 CEST 2017 on sn-devel-144
We only need to know the prefix "NTLM" and the submech oid GENSEC_OID_NTLMSSP
everything else can be generic.
This should allow us to implement "Negotiate" with GENSEC_OID_SPNEGO
trivial.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
The key is already normalized and should match completely.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
We need to consume full HTTP responses from the socket during the
authentication exchanges, otherwise our HTTP parser gets out of sync for
the next requests.
This will be important for gensec mechs which use an even number
for authentication packets.
I guess this should be done just based on the Content-Length value and
not based on the response code.
So far I saw bodies with 200 and 401 codes.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
We don't need very large headers, the largest ones are
"Authorization" or "WWW-Authenticate", but 128k should be
more than enough for all headers.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
The new logic makes it much clearer that we have a loop of
gensec_update_send()
gensec_update_recv()
http_send_request_send()
http_send_request_recv()
http_read_response_send()
http_read_response_recv()
Until the local gensec and the server are ready.
I've tested this against Windows 2008R2 like this:
bin/smbtorture \
-W BLA --realm=BLA.BASE \
-s /dev/null -Uadministrator%A1b2C3d4 \
ncacn_http:w2k8r2-219[593,RpcProxy=w2k8r2-219.bla.base,HttpUseTls=false,HttpAuthOption=basic] \
rpc.epmapper.epmapper.Lookup_simple \
and:
bin/smbtorture \
-W BLA --realm=BLA.BASE \
-s /dev/null -Uadministrator%A1b2C3d4 \
ncacn_http:w2k8r2-219[593,RpcProxy=w2k8r2-219.bla.base,HttpUseTls=false,HttpAuthOption=ntlm] \
rpc.epmapper.epmapper.Lookup_simple \
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This was missing in commit d718e92d5e.
Sadly we can't have automated tests for this as we only implement
the client side for this protocol.
I've tested with using:
bin/smbtorture \
-W BLA --realm=BLA.BASE \
-s /dev/null -Uadministrator%A1b2C3d4 \
ncacn_http:w2k8r2-219[593,RpcProxy=w2k8r2-219.bla.base,HttpUseTls=false,HttpAuthOption=basic] \
rpc.epmapper.epmapper.Lookup_simple \
and:
bin/smbtorture \
-W BLA --realm=BLA.BASE \
-s /dev/null -Uadministrator%A1b2C3d4 \
ncacn_http:w2k8r2-219[593,RpcProxy=w2k8r2-219.bla.base,HttpUseTls=false,HttpAuthOption=ntlm] \
rpc.epmapper.epmapper.Lookup_simple \
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12919
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jul 21 23:29:39 CEST 2017 on sn-devel-144
This is completely untested and from reading the code it doesn't really
do anything beside always returning None from the get_class_object() method.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue May 30 12:16:57 CEST 2017 on sn-devel-144
Pass in the TALLOC_CTX * from the module init to remove
another talloc_autofree_context() use.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Call popt_free_cmdline_credentials() on successful exit from torture.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Add one use of popt_set_cmdline_credentials().
Fix 80 column limits when cmdline_credentials changes
to popt_get_cmdline_credentials().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Those have been deprecated with GnuTLS 1.0.20 in 2004. I think it is
safe to use them now ;)
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Apr 26 03:09:19 CEST 2017 on sn-devel-144
Not currently used - no logic changes inside.
This will make it possible to pass down a long-lived talloc
context from the loading function for modules to use instead
of having them internally all use talloc_autofree_context()
which is a hidden global.
Updated all known module interface numbers, and added a
WHATSNEW.
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Apr 22 01:17:00 CEST 2017 on sn-devel-144
