IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
ads_find_dc() uses c_domain = ads->server.workgroup and
don't expect it to get out of scope deep in resolve_and_ping_dns().
The result are corrupted domain values in the debug output.
Valgrind shows this:
Invalid read of size 1
at 0x483EF46: strlen (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x608BE94: __vfprintf_internal (vfprintf-internal.c:1688)
by 0x609ED49: __vasprintf_internal (vasprintf.c:57)
by 0x5D2EC0F: __dbgtext_va (debug.c:1860)
by 0x5D2ED3F: dbgtext (debug.c:1881)
by 0x4BFFB50: ads_find_dc (ldap.c:570)
by 0x4C001F4: ads_connect (ldap.c:704)
by 0x4C1DC12: ads_dc_name (namequery_dc.c:84)
Address 0xb69f6f0 is 0 bytes inside a block of size 11 free'd
at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x4BFF0AF: ads_try_connect (ldap.c:299)
by 0x4BFF40E: cldap_ping_list (ldap.c:367)
by 0x4BFF75F: resolve_and_ping_dns (ldap.c:468)
by 0x4BFFA91: ads_find_dc (ldap.c:556)
by 0x4C001F4: ads_connect (ldap.c:704)
by 0x4C1DC12: ads_dc_name (namequery_dc.c:84)
Block was alloc'd at
at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x60B250E: strdup (strdup.c:42)
by 0x4FF1492: smb_xstrdup (util.c:743)
by 0x4C10E62: ads_init (ads_struct.c:148)
by 0x4C1DB68: ads_dc_name (namequery_dc.c:73)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14981
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This attribute was added to the search in commit
4f389c1f78. But it’s not clear to me that
anything actually retrieves the unicodePwd from the result (excluding
inconsequential things like ads_dump()).
Furthermore, this being a search over LDAP, it will never return a
unicodePwd.
Removing this attribute from the search means that we no longer have to
worry about the account possibly being a Group Managed Service Account
and the unicodePwd being out‐of‐date.
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Indirect leak of 291 byte(s) in 2 object(s) allocated from:
#0 0x7fd77b6dc03f in malloc (/lib64/libasan.so.8+0xdc03f) (BuildId: 3e1694ad218c99a8b1b69231666a27df63cf19d0)
#1 0x7fd77b094bc2 in __talloc_with_prefix ../../lib/talloc/talloc.c:783
#2 0x7fd77b096034 in __talloc ../../lib/talloc/talloc.c:825
#3 0x7fd77b096034 in __talloc_strlendup ../../lib/talloc/talloc.c:2454
#4 0x7fd77b096034 in talloc_strdup ../../lib/talloc/talloc.c:2470
#5 0x7fd779996633 in add_string_to_array ../../lib/util/util_strlist.c:504
#6 0x7fd77b10c754 in ads_create_machine_acct ../../source3/libads/ldap.c:2662
#7 0x7fd77b46705f in libnet_join_precreate_machine_acct ../../source3/libnet/libnet_join.c:390
#8 0x7fd77b46705f in libnet_DomainJoin ../../source3/libnet/libnet_join.c:2852
#9 0x7fd77b46705f in libnet_Join ../../source3/libnet/libnet_join.c:3036
#10 0x55fb9788d91a in net_ads_join ../../source3/utils/net_ads.c:1853
#11 0x55fb9793ab86 in net_join ../../source3/utils/net_join.c:45
#12 0x55fb9793084f in net_run_function ../../source3/utils/net_util.c:454
#13 0x55fb97889859 in main ../../source3/utils/net.c:1372
#14 0x7fd7768281af in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Wed Oct 18 15:47:09 UTC 2023 on atb-devel-224
Fixes CID 1547073: Control flow issues (DEADCODE).
This reverts commit 184a48d657.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Commit 8132edf119 introduced a retry loop
arround cldap_multi_netlogon(), but it forgot to reset num_requests to 0
for the retries.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15416
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jul 5 11:17:43 UTC 2023 on atb-devel-224
We have a list of ip addresses, so we can request them
all together under a single timeout, instead of asking
each ip with it's own timeout.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Sep 8 08:12:46 UTC 2022 on sn-devel-184
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Jun 27 20:39:31 UTC 2022 on sn-devel-184
The ads_destroy() function is now static and only called from the
ADS_STRUCT destructor.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Fixes the problem described in commit a26f535ded
but for ads_domain_func_level() function.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Before commit 1d066f37b9, when the LDAP
connection wasn't established yet (ads->ldap.ld == NULL), the
ads_current_time() function always allocated and initialized a new
ADS_STRUCT even when ads->ldap.ss had a good address after having called
ads_find_dc().
After that commit, when the ADS_STRUCT is reused and passed to the
ads_connect() call, ads_try_connect() may fail depending on the
contacted DC because ads->config.flags field can contain the flags
returned by the previous CLDAP call. For example, when having 5 DCs:
* 192.168.101.31 has PDC FSMO role
* 192.168.101.32
* 192.168.101.33
* 192.168.101.34
* 192.168.101.35
$> net ads info -S 192.168.101.35
net_ads_info()
ads_startup_nobind()
ads_startup_int()
ads_init()
ads_connect()
ads_try_connect(192.168.101.35)
check_cldap_reply_required_flags(returned=0xF1FC, required=0x0)
ads_current_time()
ads_connect()
ads_try_connect(192.168.101.35)
check_cldap_reply_required_flags(returned=0xF1FC, required=0xF1FC)
The check_cldap_reply_required_flags() call fails because
ads->config.flags contain the flags returned by the previous CLDAP call,
even when the returned and required values match because they have
different semantics:
if (req_flags & DS_PDC_REQUIRED)
RETURN_ON_FALSE(ret_flags & NBT_SERVER_PDC);
translates to:
if (0xF1FC & 0x80)
RETURN_ON_FALSE(0xF1FC & 0x01);
which returns false because 192.168.101.35 has no PDC FSMO role.
The easiest fix for now is to reset ads->config.flags in
ads_current_time() when reusing an ADS_STRUCT before calling
ads_connect(), but we should consider storing the required and returned
flags in different fields or at least use the same bitmap for them
because check_cldap_reply_required_flags() is checking a
netr_DsRGetDCName_flags value using the nbt_server_type bitmap.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14674
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon May 23 19:18:38 UTC 2022 on sn-devel-184
We no longer use cldap_ping_list(), comment it out
for removal.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Preparing for get_sorted_dc_list() returning such an array.
ifdef'ed out as not yet used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
ADS_STRUCT may be being reused after a
DC lookup from ads_find_dc(), so ads->ldap.ss may already have a
good address (even if ads->server.ldap_server == NULL).
Only re-initialize the ADS_STRUCT and redo the ads_find_fc()
DNS lookups if we have to.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Aug 18 09:46:28 UTC 2020 on sn-devel-184
