IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
We burn arguments to all unknown options containing "pass" (e.g.
"--passionate=false") in case they are a password option, but is bad
in the case where the unknown option takes no argument but the next
option *is* a password (like "--overpass --password2 barney". In that
case "--password2" would be burnt and not "barney".
The burning behaviour doesn't change with this commit, but users will now
see an error message explaining that the option was unknown. This is not
so much aimed at end users -- for who an invalid option will hopefully
lead to --help like output -- but to developers who add a new "pass"
option.
This also slightly speeds up the processing of known password options,
which is a little bit important because we are in a race to replace the
command line in /proc before an attacker sees it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Jul 10 06:28:08 UTC 2024 on atb-devel-224
(cherry picked from commit 86843685419921e28c37f3c1b33011f14940e02f)
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
(cherry picked from commit d2b119e34b4e523a3bc6699e4d8a370bf8403d0b)
This is the long form of -U in samba-tool.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
(cherry picked from commit 63a83fb7bb312731047f361f89766e0be492f83e)
We have more secret arguments, like --client-password, --adminpass,
so we are going to use an allowlist for options containing 'pass', but
we don't want to burn the likes of --group=passionfruit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
(cherry picked from commit c4df89e9640c1306aa390cdacaa974c870c3f5bb)
We weren't treating "--password secret" the same as "--password=secret",
which sometimes led to secrets not being redacted.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
(cherry picked from commit 53a1184525279741e116350a9b53da15cb2f41d0)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
(cherry picked from commit 05128a1f5f17c55a8d8da42c6c52c4235adf36d4)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
(cherry picked from commit f17a2b1b25f2ffa5e3caeb8f81101e66b843cc29)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 6794cc476249452c415881396bce4df663fc4fba)
ldap server require strong auth = allow_sasl_over_tls
is now an alias for 'allow_sasl_without_tls_channel_bindings'
and should be avoided and changed to 'yes' or
'allow_sasl_without_tls_channel_bindings'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 6c17e3d2800723bafebd1986ab59a9422c881f0b)
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Apr 10 06:15:46 UTC 2024 on atb-devel-224
(cherry picked from commit 60df2a09a4394d2b494224ad3d33314079e73066)
This lets us match the Windows FAST reply when the password is expired.
Windows clients were upset by the NTSTATUS field in the edata,
apparently interpreting it to mean “insufficient resource”.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15655
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit fe90576871b5d644b9e888fd7a0b0351feaba750)
Autobuild-User(v4-20-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-20-test): Wed Jul 3 10:06:33 UTC 2024 on atb-devel-224
Heimdal matches Windows in the no‐FAST case, but produces NTSTATUS codes
when it shouldn’t in the FAST case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15655
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit c5ee0b60b20011aeaa60c2f549c2a78269c97c8f)
We only turn desired into off in the NT4 domain member case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15666
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jun 19 10:17:28 UTC 2024 on atb-devel-224
(cherry picked from commit 5b40cdf6e8885c9db6c5ffa972112f3516e4130a)
Autobuild-User(v4-20-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-20-test): Wed Jun 19 14:07:17 UTC 2024 on atb-devel-224
This shows that they are ignored for machine accounts as domain member.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15666
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit db2c576f329675e8d66e19c336fe04ccba918b4a)
If the configuration is reloaded strings and string lists
in recycle_config_data could become stale pointers
leading to segmentation faults...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15659
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 2175856fef17964cef7cf8618b39736168219eec)
Forcing a reload of the smb.conf option values means the pointer learned
in vfs_recycle_connect() become stale.
This will be reverted at the end of the patset again.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15659
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 6467c47cbe562e99e970dbb895e1068f54e6295b)
If a client for whatever reason calls FSCTL_SRV_COPYCHUNK[_WRITE] without
FSCTL_SRV_REQUEST_RESUME_KEY, we call vfswrap_offload_write_send
before vfswrap_offload_read_send.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15664
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Jun 17 18:02:27 UTC 2024 on atb-devel-224
(cherry picked from commit 462b74da79c51f9ba6dbd24e603aa904485d5123)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15664
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
(cherry picked from commit 372476aeb003e9c608cd2c0a78a9c577b57ba8f4)
This patch also removes known fail for existing test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jun 11 19:31:40 UTC 2024 on atb-devel-224
(cherry picked from commit 788ef8f07c75d5e6eca5b8f18d93d96f31574267)
[noel.power@suse.com backported to Samba 4.20 minor change to use
4.20 create_open_symlink_err fn instead of read_symlink_reparse]
Autobuild-User(v4-20-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-20-test): Tue Jun 18 08:33:30 UTC 2024 on atb-devel-224
On master attempting to chdir into a nested dfs link
e.g. cd dfslink (works)
cd dfslink/another_dfslink (fails)
[1] Add a test for this scenario (nested chdir)
[2] Add test for enumerating a dfs link in root of dfs share
[3] Add a test to check case insensitive chdir into dfs link on widelink
enabled share
Add knownfails for tests 1 and 3
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435
(cherry picked from commit 7f1de90f72d6e8287aec6ab1d9f7776b7df624e5)
If the client does not have permissions to update the record,
but the record already has the data the update tries to apply,
it's a no-op that should result in success instead of failing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 6 03:18:16 UTC 2024 on atb-devel-224
(cherry picked from commit ed61c57e02309b738e73fb12877a0a565b627724)
This means we no longer generate strange errors/warnings
in the Windows event log nor in the nsupdate -g output.
Note: this is a only difference between gss-tsig and
the legacy gss.microsoft.com algorithms.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 76fec2668e73b9d15447abee551d5c04148aaf27)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 5906ed94f2c5c68e83c63e7c201534eeb323cfe7)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit ae7538af04435658d2ba6dcab109beecb6c5f13e)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit fa0f23e69eaf4f475bc9dc9aa0e23c7bd5208250)
This demonstrates that access_denied is only generated if the client
really generates a change in the database.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 708a6fae6978e1462e1a53f4ee08f11b51a5637a)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 848318338b2972f331e067bf1c8d6c7dac0748c8)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 8324d0739dfdd0a081c403e298a9038ee7df681f)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit de4ed363d378f2065a4634f94af80ea0e3965c96)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit b9b03ca503c43c7ee06df6c331839bd47f9eac8c)
Also test using the additional record in the answers section.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 3c7cb85eaf8371be55a371601cc354440dab7a94)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 740bda87a80b97816d892e8f7aae28759f6916ec)
Failed DNS updates just echo the request flaged as response,
all other elements are unchanged.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 6e997f93d53ac45af79aec030bad73f51bdc5629)
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15662
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jun 11 17:00:38 UTC 2024 on atb-devel-224
(cherry picked from commit e535bcc698bd5eb31f5c5e0c144692988a044e79)
Autobuild-User(v4-20-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-20-test): Wed Jun 12 10:22:36 UTC 2024 on atb-devel-224
We have changed strcasecmp_m() to return -1 in a place where it used
to return -3. This upset a test, but it shouldn't have: the exact
value of the negative int is not guaranteed by the function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit d4ce8231f986a359dc657cd1a6b416270a53c7d3)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit f788a399996a73b2aa206ec2b15f5943b06660e0)
strncasecmp_m is supposed to return a negative, zero, or positive
number, not necessarily the difference between the codepoints in
the first character that differs, which we have been asserting up to
now.
This fixes a knownfail on 32 bit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit dda0bb6fc71bae91f3158f69462cb79fdad210fb)
strcasecmp_m is supposed to return a negative, zero, or positive
number, depending on whether the first argument is less than, equal to,
or greater than the second argument (respectively).
We have been asserting that it returns exactly the difference between
the codepoints in the first character that differs.
This fixes a knownfail on 32 bit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit ac0a8cd92ca4497bfcfad30e2b4d47547b582b92)
This is needed in order to let nbt_getdc() work against
another AD DC and get back a modern response with
DNS based names. Instead of falling back to
the ugly name_status_find() that simulates just
an NETLOGON_SAM_LOGON_RESPONSE_NT40 response.
This way dsgetdcname() can work with just the netbios
domain name given and still return an active directory
response.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15620
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 796f33c05a0ca337b675b5d4d127f7c53b22528f)
Autobuild-User(v4-20-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-20-test): Thu May 30 10:57:04 UTC 2024 on atb-devel-224
I have captures where a client tries smb3 encryption on an anonymous session,
we used to allow that before commit da7dcc443f45d07d9963df9daae458fbdd991a47
was released with samba-4.15.0rc1.
Testing against Windows Server 2022 revealed that anonymous signing is always
allowed (with the session key derived from 16 zero bytes) and
anonymous encryption is allowed after one authenticated session setup on
the tcp connection.
https://bugzilla.samba.org/show_bug.cgi?id=15412
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit f3ddfb828e66738ca461c3284c423defb774547c)
These demonstrate how anonymous encryption and signing work.
They pass against Windows 2022 as ad dc.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15412
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 6c5781b5f154857f1454f41133687fba8c4c9df9)
This expects PermissionError: [Errno 1] Operation not permitted,
but it seems that setxattr() for security.NTACL works on gitlab
runners without being root.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 237d9d0228cfed6d2e08b41b888d30aac5ab89e3)
Inherit-only flag applies only to the container it was set to and it
shouldn't be automatically propagated to children.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15636
Signed-off-by: Anna Popova <popova.anna235@gmail.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Apr 29 10:56:48 UTC 2024 on atb-devel-224
(cherry picked from commit 80159018e411c643fbfe7ef82bd33e30b6147901)
Autobuild-User(v4-20-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-20-test): Tue May 7 08:52:48 UTC 2024 on atb-devel-224
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15636
Signed-off-by: Anna Popova <popova.anna235@gmail.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit eba2bfde347041a395f0fbd3c57235be63b1890d)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15605
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 2dab3a331b5511b4f2253f2b3b4513db7e52ea9a)
Also removes knownfail for test that now passes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit a18c53a9b98e2e8dea08cf0ef08efc59e58ec137)
Autobuild-User(v4-20-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-20-test): Thu Apr 11 12:24:08 UTC 2024 on atb-devel-224
And add a known fail because there is a bug :-(
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 93709d31590d4ca25fbac813b9e499755b81ddb5)
Also removes the knownfail for the chunked transfer test
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611
(cherry picked from commit 03240c91fb6ffcf5afe47c14a1ba7a8bc12f2348)
