IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This code impacts on LDB, which is now built from the main build
so we need to combined this with the check that was in lib/ldb
or else we get conflicts.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
if we are doing NULL check for range, then we should assign its member
after the NULL check.
Signed-off-by: Shaleen Bathla <shaleen.bathla@oracle.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Thu Feb 22 10:57:38 UTC 2024 on atb-devel-224
reduce scope of variable as a best practice
Signed-off-by: Shaleen Bathla <shaleen.bathla@oracle.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
remove re-initialization of entry variable in for loop
Signed-off-by: Shaleen Bathla <shaleen.bathla@oracle.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Previous to this commit we were modifying the offset before
the array offset check. This was causing a spurious debug
message indicating the offset was out of bounds. An second
problem is that upon detecting the error we don't exit the loop.
A third problem was that when reading the offset the check
didn't cater for the size of the integer address about to be read.
This commit moves the offset check to before the first read,
additionally when an error is detected now we actually exit the loop
and the offset have been corrected to include the size of the
integer to be read
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15579
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sat Feb 17 17:58:43 UTC 2024 on atb-devel-224
The max buf size of rows buffer should not exceed 0x00004000.
Ensuring this value is within limits means we can safely use
uint32_t offsets.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15579
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
This attribute was added to the search in commit
4f389c1f78. But it’s not clear to me that
anything actually retrieves the unicodePwd from the result (excluding
inconsequential things like ads_dump()).
Furthermore, this being a search over LDAP, it will never return a
unicodePwd.
Removing this attribute from the search means that we no longer have to
worry about the account possibly being a Group Managed Service Account
and the unicodePwd being out‐of‐date.
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
rpcd_witness needs ncacn_ip_tcp support and that's only
available if samba-dcerpcd is not started on demand.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15577
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Prior to this change fn 'extract_variant_addresses' actually returns offsets
to the variant stored not the addresses, additionally the param in the
signature of the method is named offset where the param in reality is a
base address.
This change makes fn 'extract_variant_addresses' actually return addresses
instead of offsets and also changes the name of the incoming param. The
resulting changes are propaged to callers which hopefully makes what the
code is actually doing a little clearer
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Tue Jan 30 17:22:37 UTC 2024 on atb-devel-224
if 64bit offsets are used the hi 32-bits of address are stored in
the ulreserved2 member of the message header field and the low 32-bits
are stored in the ulclientbase member of the cpmgetrows message
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Offset can be a 32 or 64 bit address depending on the indexing addressing
mode negotiated by the client
With a 32 bit param we can only specify a 32 bit base address. This change
alone doesn't affect anything as it is the client itself that choses and
passes the base address offset and wspsearch is the only current user of
this code.
In this case even with 64bit addressing negotiated the address passed
represents only the lower 32-bits part of the address.
However, for coverage purposes it would be better for the client to use an
address that covers the full 64bit range of the address (when 64 bit
addressing is negotiated).
This change will alow the wspsearch client in a future commit to pass a
base address value with both the hi and low 32 bits values set to make up
the full 64 bit address.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Sat Jan 27 00:01:12 UTC 2024 on atb-devel-224
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jan 26 18:04:10 UTC 2024 on atb-devel-224
This allows generating any possible AsyncNotify response
for the specified selection of witness registrations
from rpcd_witness_registration.tdb.
This can be used by developers to test the (windows)
client behavior to specific AsyncNotify responses.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
This allows removing of the specified selection
of witness registrations from rpcd_witness_registration.tdb.
Any pending AsyncNotify will get WERR_NOT_FOUND.
Typically this triggers a clean re-registration on the client.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
These can be used to generate CLIENT_MOVE or SHARE_MOVE message
to the specified selection of witness registrations from
rpcd_witness_registration.tdb
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
This implements the server side features for the
'net witness [client-move,...]' commands in the end.
These are administrator driven notifications for the witness client.
RPCD_WITNESS_REGISTRATION_UPDATE_FORCE_RESPONSE and
RPCD_WITNESS_REGISTRATION_UPDATE_FORCE_UNREGISTER will be very useful
for later automated testing.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
This will be used for rpcd_witness_registration_updateB messages
in 'net witness [client-move,...]' commands later.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
It lists the entries from the rpcd_witness_registration.tdb.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
This will allow 'net witness list' to be implemented in the end.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
A rpcd_witness_registration.tdb will be added shortly in order to
implement useful 'net witness [list,client-move,...]' commands
in the end.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
The design is relatively simple in the end:
- We use ctdbd_all_ip_foreach() in order to build an
in memory list of interfaces(ip addresses) and
record if:
- they are currently available or not
- if they node local or not
- The current list is would we use for the
GetInterfaceList() call.
- Register[Ex] will create an in memory structure
holding a queue for pending AsyncNotify requests.
- Unregister() will cancel pending AsyncNotify requests and
let them return NOT_FOUND.
- CTDB_SRVID_IPREALLOCATED messages will cause we refresh
with ctdbd_all_ip_foreach():
- this will detect changes in the interface state
and remove stale interfaces.
- for each change the list of registrations is checked
for a matching ip address and a RESOURCE_CHANGE
will be scheduled in the queue of the registration,
the started queue will trigger AsyncNotify responses
- We also register the connections with ctdb in order
to give other nodes a chance to generate tickle-acks
for the witness tcp connections.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
This can we used to traverse through all ip addresses ctdb knows
about.
The caller can select node ips and/or public ips.
This will we useful to monitor the addresses from a witness
service...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
In future we also want to ask other nodes for their public_ips.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
This is very useful in order to predict NETWORK_SESSION_EXPIRED
messages...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Jan 26 16:56:59 UTC 2024 on atb-devel-224
*at() variants for various libcephfs APIs were added with Ceph v17.x.
Any other version less than v17.x is soon to be considered EOL[1] which
we will now indicate with the help of a warning message during configure
time. Going further such a situation will result in disabling the module
altogether with the next major Samba version after v4.20.
[1] https://docs.ceph.com/en/latest/releases/#ceph-releases-index
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Although wspsearch client is experimental it is probably better to
enable its building by default so it gets has some opportunity to be
used/tested by users.
Signed-off-by: Noel Power <noel.power@suse.com>
This reverts commit 0e3836e396.
With capabilities preferred over become_root() we failed to achieve
the basic goal of storing NT ACLs in xattrs using vfs_acl_xattr. This
is due to the fact that apart from CAP_DAC_OVERRIDE it is manadatory
to have CAP_SYS_ADMIN for write access to xattrs from security
namespace[1]. Despite the option to configure the xattr name within
the module we should not anticipate and miss to consider xattrs from
security namespace which is far more protected even with our default
name "security.NTACL".
Theorotically we could make it work by adding another capability on
top of existing ones. But given the functions designed around this
area we may not be able to come up with a cleaner change which can
handle the fallback mechanism to become_root(). Any failure to set
the very first capability would put us in become_root() path where
further capabilities are mostly not required. Thus reverting to old
behaviour to always become_root() until we have a cleaner approach
to handle the fallback while modifying multiple capabilities at once.
[1] https://www.man7.org/linux/man-pages/man7/xattr.7.html
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan 24 00:35:33 UTC 2024 on atb-devel-224
Direct leak of 68 byte(s) in 1 object(s) allocated from:
#0 0x7f4f39cdc03f in malloc (/lib64/libasan.so.8+0xdc03f) (BuildId: 3e1694ad218c99a8b1b69231666a27df63cf19d0)
#1 0x7f4f36fbe427 in malloc_ ../../source3/lib/util_malloc.c:38
#2 0x7f4f394b5e19 in pdb_generate_sam_sid ../../source3/passdb/machine_sid.c:90
#3 0x7f4f394b5e19 in get_global_sam_sid ../../source3/passdb/machine_sid.c:211
#4 0x7f4f394af366 in secrets_store_domain_sid ../../source3/passdb/machine_account_secrets.c:143
#5 0x7f4f394b5eb5 in pdb_generate_sam_sid ../../source3/passdb/machine_sid.c:110
#6 0x7f4f394b5eb5 in get_global_sam_sid ../../source3/passdb/machine_sid.c:211
#7 0x7f4f394af366 in secrets_store_domain_sid ../../source3/passdb/machine_account_secrets.c:143
#8 0x557a1f11d62c in net_setlocalsid ../../source3/utils/net.c:416
#9 0x557a1f1c9972 in net_run_function ../../source3/utils/net_util.c:464
#10 0x557a1f121129 in main ../../source3/utils/net.c:1372
#11 0x7f4f34c281af in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jan 23 14:30:58 UTC 2024 on atb-devel-224
Indirect leak of 291 byte(s) in 2 object(s) allocated from:
#0 0x7fd77b6dc03f in malloc (/lib64/libasan.so.8+0xdc03f) (BuildId: 3e1694ad218c99a8b1b69231666a27df63cf19d0)
#1 0x7fd77b094bc2 in __talloc_with_prefix ../../lib/talloc/talloc.c:783
#2 0x7fd77b096034 in __talloc ../../lib/talloc/talloc.c:825
#3 0x7fd77b096034 in __talloc_strlendup ../../lib/talloc/talloc.c:2454
#4 0x7fd77b096034 in talloc_strdup ../../lib/talloc/talloc.c:2470
#5 0x7fd779996633 in add_string_to_array ../../lib/util/util_strlist.c:504
#6 0x7fd77b10c754 in ads_create_machine_acct ../../source3/libads/ldap.c:2662
#7 0x7fd77b46705f in libnet_join_precreate_machine_acct ../../source3/libnet/libnet_join.c:390
#8 0x7fd77b46705f in libnet_DomainJoin ../../source3/libnet/libnet_join.c:2852
#9 0x7fd77b46705f in libnet_Join ../../source3/libnet/libnet_join.c:3036
#10 0x55fb9788d91a in net_ads_join ../../source3/utils/net_ads.c:1853
#11 0x55fb9793ab86 in net_join ../../source3/utils/net_join.c:45
#12 0x55fb9793084f in net_run_function ../../source3/utils/net_util.c:454
#13 0x55fb97889859 in main ../../source3/utils/net.c:1372
#14 0x7fd7768281af in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
