IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
MIT only defined this as CKSUMTYPE_HMAC_SHA1_96_AES128,
while Heimdal has CKSUMTYPE_HMAC_SHA1_96_AES_128.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit bb64c550ae19b08ad4e6d8d26f68c2474cb251e6)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12471
Patches for CVE-2016-2126 break build with MIT Kerberos
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Tue Dec 20 15:58:07 CET 2016 on sn-devel-144
Calling programs expect to cleanly read from STDOUT.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12467
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 9fbd544b90c2b27985637a9bb3fa520f891f8696)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Thu Dec 15 12:21:27 CET 2016 on sn-devel-144
Reported and proposed fix by Shilpa K <shilpa.krishnareddy@gmail.com>.
When processing DENY ACE entries for owner rights SIDs (S-1-3-4) the
code OR's in the deny access mask bits without taking into account if
they were being requested in the requested access mask.
E.g. The current logic has:
An ACL containining:
[0] SID: S-1-3-4
TYPE: DENY
MASK: WRITE_DATA
[1] SID: S-1-3-4
TYPE: ALLOW
MASK: ALLOW_ALL
prohibits an open request by the owner for READ_DATA - even though this
is explicitly allowed.
Furthermore a non-canonical ACL containing:
[0] SID: User SID 1-5-21-something
TYPE: ALLOW
MASK: READ_DATA
[1] SID: S-1-3-4
TYPE: DENY
MASK: READ_DATA
[2] SID: User SID 1-5-21-something
TYPE: ALLOW
MASK: WRITE_DATA
prohibits an open request by the owner for READ_DATA|WRITE_DATA - even
though READ_DATA is explicitly allowed in ACE no 0 and is thus already
filtered out of the "access-still-needed" mask when the deny ACE no 1 is
evaluated.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12466
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 29b02cf22f3c0f2d556408e9e768d68c1efc3b96)
Based on code from Michael Zeis <mzeis.quantum@gmail.com>.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12460
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 91b591224ab7f8ea7b4594da9f61efef14353f7f)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12460
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit beb8a73e95e768565760f79c2a16586bafb4e58c)
Noticed by Michael Zeis <mzeis.quantum@gmail.com>.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12460
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 2bfad1c9d3237ad8d174b7dc2d1e6e3c53fdb8dc)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12412
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Thu Dec 8 14:52:52 CET 2016 on sn-devel-144
Due to a misspelling in the option parser in all Samba versions up to
and including 4.5.1 this options must be given "fruit:ressource", ie
with two "s".
Samba 4.6 will accept both the correct the correct and the wrong
spelling, Samba 4.7 onwards will only accept the correct
spelling.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12412
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The rule is, a directory (with any other attributes) should always also
set FILE_ATTRIBUTE_DIRECTORY, a file should only set
FILE_ATTRIBUTE_NORMAL if no other attributes is set.
Iow, if a file contains any existing attributes (e.g. FILE_ATTRIBUTE_HIDDEN),
don't add in the FILE_ATTRIBUTE_NORMAL attribute.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12436
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Nov 19 11:55:35 CET 2016 on sn-devel-144
(cherry picked from commit a0783e8dd966a0b2d24d2ca5baa6bed3fe5a7d5a)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Thu Dec 1 14:51:30 CET 2016 on sn-devel-144
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12269
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 08d1ac0e36339e97e4464f6a6724464b0a568347)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Wed Nov 30 15:50:43 CET 2016 on sn-devel-144
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12433
The test is known to be failing if sealing is turned on in some
circumstances. In this case a secret is created and then the function
dcerpc_fetch_session_key() fails. The secret is not removed!
We use torturesecret-%08x with random() to fill in the number. Sometimes
it happens that random() returns a number we already used. So we end up
trying to create a secret for an entry which already exists and run
into a collision
This change makes sure we always cleanup behind us and do not leave
secret objects we created.
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Nov 17 22:30:36 CET 2016 on sn-devel-144
(cherry picked from commit 9de04626c058563a6cf4c13e4f5399039e345ef5)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12415
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 9c0f2576d8aa3dd95be1c5ddda2b10d891add0bc)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12415
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 4d9f4bfc69a5899bdf91406dfb7efb70a530446c)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12392
Earlier we were relying on SCHED_RESET_ON_FORK to reset the priority of lock
helper processes. Since SCHED_RESET_ON_FORK support has been removed, the
scheduling priority of child processes created using vfork() need to be reset
explicitly in the helper processes.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Nov 18 10:18:27 CET 2016 on sn-devel-144
(cherry picked from commit 6c6d63c04497fdfdbe665508f2a503f2392dc526)
ULONG_PTR needs to be decoded as a uint3264 and not as a 'uint32 *'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11197
Guenther
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 73f664710a8c9b312a54d0cf41d2f4440c8b42eb)
build: Fix build with perl on debian sid.
It appears that "." is no longer in perl_inc
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12395
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Sat Oct 29 09:32:37 CEST 2016 on sn-devel-144
(cherry picked from commit da67acbcfe2167fce9c360a55416ab10e9537a2a)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Wed Nov 16 14:32:10 CET 2016 on sn-devel-144
Printers with long names are supported in the meantime. However we issue
a warning that if one printer exceeeds 15 chars we warn about it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12195
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 2611fd02a0a6a0a0a506df70fe1a1eb4a2e76062)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Mon Nov 14 15:56:11 CET 2016 on sn-devel-144
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12183
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit c160ae9afb222466c50ae170447a6a0805f7169f)
https://bugzilla.samba.org/show_bug.cgi?id=12404
This makes us independent of the allocation
method used inside glfs_realpath.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Oct 22 00:28:41 CEST 2016 on sn-devel-144
(cherry picked from commit 92a0a56c3852726e0812d260e043957c879aefa4)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Tue Nov 8 15:35:20 CET 2016 on sn-devel-144
The domain child for the MACHINE ACCOUNT might fail with
NT_STATUS_NO_MEMORY because an emtpy user list is returned.
*pnum_info is already set to 0 at the beginngin so we should just
declare victory here!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12405
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit e714dc03e0ccf9ec17da6bacc1bcfcaea7518e22)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Fri Nov 4 15:18:16 CET 2016 on sn-devel-144
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12366
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct 28 03:42:25 CEST 2016 on sn-devel-144
(cherry picked from commit 2959c8888d46902e140963ed4190d23a7609b8da)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Thu Nov 3 12:29:19 CET 2016 on sn-devel-144
In time, other things will end up in /use/local/share/ctdb/.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12104
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit fd8e562069e3c01720be62069b7d58d14c10afd5)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Mon Oct 31 14:58:04 CET 2016 on sn-devel-144
This fixes a regression introduced by commit
f98d10af2a05f0261611f4cabdfe274cd9fe91c0
(smbd: Always use UCF_PREP_CREATEFILE for filename_convert calls to resolve a path for open)
The main problem was that Windows client seem to verify
the access to user.V2\ntuser.ini is rejected with NT_STATUS_ACCESS_DENIED,
using the machine credentials.
Passing UCF_PREP_CREATEFILE to filename_convert() triggers a code path
that implements a dropbox behaviour. A dropbox is a directory with only -wx permissions,
so get_real_filename fails with EACCESS, it needs to list the directory.
EACCESS is ignored with UCF_PREP_CREATEFILE.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10297
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 25 05:33:36 CEST 2016 on sn-devel-144
(cherry picked from commit 759416582c54a16aacbef0e0dfe4649bddff8c5e)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12392
Feature SCHED_RESET_ON_FORK is completely broken on RHEL6 and RHEL7
distributions. So do not rely on SCHED_RESET_ON_FORK for now.
This reverts commit 1be8564e553ce044426dbe7b3987edf514832940.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Oct 25 11:28:28 CEST 2016 on sn-devel-144
(cherry picked from commit 71b69b0169dc6e2843325f1567f64b6acd43e6b8)
conn->cwd can change over the life of the connection,
conn->connectpath remains static.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12387
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Mon Oct 24 23:52:48 CEST 2016 on sn-devel-144
(cherry picked from commit 1366385d1c3e9ac0556e954864e60e72f6906942)
Avoid potential crash in TALLOC_FREE(hdr).
Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 4194c0797f78293fe48105ce5af70f36a3c233a8)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12372
ctdb: bad free in ctdbd_migrate()
aes based checksums can only be checked with the
corresponding aes based keytype.
Otherwise we may trigger an undefined code path
deep in the kerberos libraries, which can leed to
segmentation faults.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12446
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This disabled the usage of GSS_C_DELEG_FLAG by default, as
GSS_C_DELEG_POLICY_FLAG is still used by default we let the
KDC decide if we should send delegated credentials to a remote server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12445
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
We should only use GSS_C_DELEG_POLICY_FLAG in order to let
the KDC decide if we should send delegated credentials to
a remote server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12445
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
This is just an example script that's not directly used by samba,
but we should avoid sending delegated credentials to dns servers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12445
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
