IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
creds->sid will be removed soon...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
creds->sid will be removed soon...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
creds->sid will be removed soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
As server we are free to change the netlogon_creds_CredentialState
database record format at will as it uses CLEAR_IF_FIRST.
For now that format doesn't really changes, because we
only move dom_sid into a wrapper structure.
In order to avoid changing all callers in this commit,
we maintain creds->sid as in memory pointer.
In the following patches we'll also use it in order
to store client related information...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This will make the following changes simpler...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This will make the following changes simpler...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Only remove the unsupported flags from local_negotiate_flags for
the next try...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
If LogonGetCapabilities was downgraded by an DCERPC Fault, we
rely on the schannel message ordering to detect failures.
Instead of letting any real winbindd request trigger this,
we do it directly in netlogon_creds_cli_check() with
a LogonControl that is also used for 'wbinfo --ping-dc'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
But we can send arcfour and strong key on the wire and don't need to
remove them from the proposed flags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Only remove the unsupported flags from state->current_flags for
the next try...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
With SAMBA_WEAK_CRYPTO_DISALLOWED dcesrv_netr_ServerAuthenticate3_check_downgrade()
will return DOWNGRADE_DETECTED with negotiate_flags = 0, if AES was not
negotiated...
And if AES was negotiated there's no harm in returning the ARCFOUR
flag...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
With SAMBA_WEAK_CRYPTO_DISALLOWED we will return DOWNGRADE_DETECTED with negotiate_flags = 0,
if AES was not negotiated...
And if AES was negotiated there's no harm in returning the ARCFOUR
flag...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
We should check that we can actually negotiated the strong AES
crypto instead of just checking that NETLOGON_NEG_ARCFOUR is not
there...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This was missing from commit 6140c3177a and causes
all opens of directories to be handled as stat opens, bypassing the sharemode
check.
Not adding a test at this time, as my (hopefully) soon to be merged Directory
Leases branch has a test which actually detected this problem.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15732
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Oct 29 12:44:49 UTC 2024 on atb-devel-224
Essentially FSP_POSIX_FLAGS_OPEN implies FSP_POSIX_FLAGS_PATHNAMES, so we can
just remove FSP_POSIX_FLAGS_PATHNAMES and simplify things.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
This option of the vfs_fruit VFS module that could be used to enable POSIX
directory rename behaviour for OS X clients has been removed as it could result
in severe problems for Windows clients.
As a possible workaround it is possible to prevent creation of .DS_Store files
(a Finder thingy to store directory view settings) on network mounts by running
$ defaults write com.apple.desktopservices DSDontWriteNetworkStores true
on the Mac.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Prefer a safe version of ceph_readdir, where the directory entry struct
is allocated by the caller. Use a dynamic-allocated 'struct dirent'
which is associated with a directory vfs_ceph_fh (optional), which is
allocated on-the-fly upon start of READDIR and released at the end or
CLOSEDIR (or unlikely readdir error).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703
Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Fri Oct 25 10:29:44 UTC 2024 on atb-devel-224
Follow recent convention to write sync wrappers
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Oct 25 09:04:11 UTC 2024 on atb-devel-224
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Oct 24 12:05:10 UTC 2024 on atb-devel-224
==36258==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x51300000b096 at pc 0x7fb6b4880b46 bp 0x7ffc67d44b40 sp 0x7ffc67d44300
READ of size 1 at 0x51300000b096 thread T0
#0 0x7fb6b4880b45 in strlen ../../../../libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:391
#1 0x560fe898cde3 in winbindd_wins_byip_done ../../source3/winbindd/winbindd_wins_byip.c:111
#2 0x7fb6b4ef8ae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#3 0x7fb6b4ef8d1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#4 0x7fb6b4ef8d84 in _tevent_req_done ../../lib/tevent/tevent_req.c:240
#5 0x7fb6b1e24c80 in node_status_query_done ../../source3/libsmb/namequery.c:904
#6 0x7fb6b4ef8ae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#7 0x7fb6b4ef8d1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#8 0x7fb6b4ef8d84 in _tevent_req_done ../../lib/tevent/tevent_req.c:240
#9 0x7fb6b1e250bc in nb_trans_done ../../source3/libsmb/namequery.c:756
#10 0x7fb6b4ef8ae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#11 0x7fb6b4ef8d1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#12 0x7fb6b4ef8d84 in _tevent_req_done ../../lib/tevent/tevent_req.c:240
#13 0x7fb6b1e270af in sock_packet_read_got_socket ../../source3/libsmb/namequery.c:537
#14 0x7fb6b4ef8ae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#15 0x7fb6b4ef8d1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#16 0x7fb6b4ef8d84 in _tevent_req_done ../../lib/tevent/tevent_req.c:240
#17 0x7fb6b33db183 in tdgram_recvfrom_done ../../lib/tsocket/tsocket.c:240
#18 0x7fb6b4ef8ae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#19 0x7fb6b4ef8d1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#20 0x7fb6b4ef8d84 in _tevent_req_done ../../lib/tevent/tevent_req.c:240
#21 0x7fb6b33e0d99 in tdgram_bsd_recvfrom_handler ../../lib/tsocket/tsocket_bsd.c:1087
#22 0x7fb6b33e0263 in tdgram_bsd_fde_handler ../../lib/tsocket/tsocket_bsd.c:811
#23 0x7fb6b4ef5ac1 in tevent_common_invoke_fd_handler ../../lib/tevent/tevent_fd.c:174
#24 0x7fb6b4f0b185 in epoll_event_loop ../../lib/tevent/tevent_epoll.c:696
#25 0x7fb6b4f0b185 in epoll_event_loop_once ../../lib/tevent/tevent_epoll.c:926
#26 0x7fb6b4f037b8 in std_event_loop_once ../../lib/tevent/tevent_standard.c:110
#27 0x7fb6b4ef3549 in _tevent_loop_once ../../lib/tevent/tevent.c:820
#28 0x560fe8a15198 in main ../../source3/winbindd/winbindd.c:1729
#29 0x7fb6afe2a2ad in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#30 0x7fb6afe2a378 in __libc_start_main_impl ../csu/libc-start.c:360
#31 0x560fe89454e4 in _start ../sysdeps/x86_64/start.S:115
0x51300000b096 is located 12 bytes after 330-byte region [0x51300000af40,0x51300000b08a)
allocated by thread T0 here:
#0 0x7fb6b48fc777 in malloc ../../../../libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fb6b3a64c57 in __talloc_with_prefix ../../lib/talloc/talloc.c:783
#2 0x7fb6b3a66acf in __talloc ../../lib/talloc/talloc.c:825
#3 0x7fb6b3a66acf in _talloc_named_const ../../lib/talloc/talloc.c:982
#4 0x7fb6b3a66acf in _talloc_array ../../lib/talloc/talloc.c:2784
#5 0x7fb6b1e2b43e in parse_node_status ../../source3/libsmb/namequery.c:337
#6 0x7fb6b1e2b43e in node_status_query_recv ../../source3/libsmb/namequery.c:921
#7 0x560fe898cc4f in winbindd_wins_byip_done ../../source3/winbindd/winbindd_wins_byip.c:87
#8 0x7fb6b4ef8ae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#9 0x7fb6b4ef8d1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#10 0x7fb6b4ef8d84 in _tevent_req_done ../../lib/tevent/tevent_req.c:240
#11 0x7fb6b1e24c80 in node_status_query_done ../../source3/libsmb/namequery.c:904
#12 0x7fb6b4ef8ae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#13 0x7fb6b4ef8d1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#14 0x7fb6b4ef8d84 in _tevent_req_done ../../lib/tevent/tevent_req.c:240
#15 0x7fb6b1e250bc in nb_trans_done ../../source3/libsmb/namequery.c:756
#16 0x7fb6b4ef8ae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#17 0x7fb6b4ef8d1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#18 0x7fb6b4ef8d84 in _tevent_req_done ../../lib/tevent/tevent_req.c:240
#19 0x7fb6b1e270af in sock_packet_read_got_socket ../../source3/libsmb/namequery.c:537
#20 0x7fb6b4ef8ae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#21 0x7fb6b4ef8d1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#22 0x7fb6b4ef8d84 in _tevent_req_done ../../lib/tevent/tevent_req.c:240
#23 0x7fb6b33db183 in tdgram_recvfrom_done ../../lib/tsocket/tsocket.c:240
#24 0x7fb6b4ef8ae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#25 0x7fb6b4ef8d1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#26 0x7fb6b4ef8d84 in _tevent_req_done ../../lib/tevent/tevent_req.c:240
#27 0x7fb6b33e0d99 in tdgram_bsd_recvfrom_handler ../../lib/tsocket/tsocket_bsd.c:1087
#28 0x7fb6b33e0263 in tdgram_bsd_fde_handler ../../lib/tsocket/tsocket_bsd.c:811
#29 0x7fb6b4ef5ac1 in tevent_common_invoke_fd_handler ../../lib/tevent/tevent_fd.c:174
#30 0x7fb6b4f0b185 in epoll_event_loop ../../lib/tevent/tevent_epoll.c:696
#31 0x7fb6b4f0b185 in epoll_event_loop_once ../../lib/tevent/tevent_epoll.c:926
#32 0x7fb6b4f037b8 in std_event_loop_once ../../lib/tevent/tevent_standard.c:110
#33 0x7fb6b4ef3549 in _tevent_loop_once ../../lib/tevent/tevent.c:820
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Direct leak of 120 byte(s) in 1 object(s) allocated from:
#0 0x7f2f7f0fc777 in malloc ../../../../libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7f2f7ee24c57 in __talloc_with_prefix ../../lib/talloc/talloc.c:783
#2 0x7f2f7ee26acf in __talloc ../../lib/talloc/talloc.c:825
#3 0x7f2f7ee26acf in _talloc_named_const ../../lib/talloc/talloc.c:982
#4 0x7f2f7ee26acf in _talloc_array ../../lib/talloc/talloc.c:2784
#5 0x7f2f7e3f6a99 in data_blob_talloc_named ../../lib/util/data_blob.c:58
#6 0x7f2f7e3f6b1b in data_blob_named ../../lib/util/data_blob.c:40
#7 0x5570b9e36100 in test_lm_ntlm_broken ../../source3/utils/ntlm_auth_diagnostics.c:56
#8 0x5570b9e36b5d in test_ntlm ../../source3/utils/ntlm_auth_diagnostics.c:180
#9 0x5570b9e387f3 in diagnose_ntlm_auth ../../source3/utils/ntlm_auth_diagnostics.c:707
#10 0x5570b9e34efd in main ../../source3/utils/ntlm_auth.c:2855
#11 0x7f2f7ba2a2ad in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
Reviewed-by: Martin Schwenke <martin@meltin.net>
Direct leak of 192 byte(s) in 1 object(s) allocated from:
#0 0x7fc5afefc777 in malloc ../../../../libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fc5afaefc57 in __talloc_with_prefix ../../lib/talloc/talloc.c:783
#2 0x7fc5afaf18cf in __talloc ../../lib/talloc/talloc.c:825
#3 0x7fc5afaf18cf in _talloc_named_const ../../lib/talloc/talloc.c:982
#4 0x7fc5afaf18cf in _talloc_zero ../../lib/talloc/talloc.c:2421
#5 0x7fc5aeac4809 in loadparm_init_s3 ../../lib/param/loadparm.c:3223
#6 0x560ee34b3949 in main ../../source3/utils/ntlm_auth.c:2806
#7 0x7fc5ac62a2ad in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
