sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-12 21:58:10 +03:00
Code
136,564 Commits 62 Branches 1,150 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Ralph Boehme 201edcb5c6 winbindd: fix listing trusted domains with NT trusts 
Commit e07f8901ec95aab8c36965000de185d99e642644 broke handling of NT4 domains
which lack a DNS domain names. As the dns_name is NULL, talloc_steal(dns_name)
returns NULL, which causes _wbint_ListTrustedDomains to return
NT_STATUS_NO_MEMORY.

To make things worse, at that point the new struct netr_DomainTrust is not yet
initialized correctly and the "out->count = n + 1" already increased the array
counter at the start of the loop without initializing it.

Later when NDR-pushing the result in dcesrv_call_dispatch_local(), the ndr_push() can
crash when accesssing the ununitialized values:

2023-12-08T14:07:42.759691+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: ===============================================================
2023-12-08T14:07:42.759702+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: INTERNAL ERROR: Signal 11: Segmentation fault in winbindd (wb[ADDOMAIN]) (domain child [ADDOMAIN]) pid 157227 (4.20.0pre1-DEVELOPERBUILD)
2023-12-08T14:07:42.759712+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting
2023-12-08T14:07:42.759723+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: ===============================================================
2023-12-08T14:07:42.759730+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: PANIC (pid 157227): Signal 11: Segmentation fault in 4.20.0pre1-DEVELOPERBUILD
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: BACKTRACE: 36 stack frames:
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #0 bin/shared/private/libgenrand-samba4.so(log_stack_trace+0x1f) [0x7f1396acd441]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #1 bin/shared/private/libgenrand-samba4.so(smb_panic_log+0x20f) [0x7f1396acd3d5]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #2 bin/shared/private/libgenrand-samba4.so(smb_panic+0x18) [0x7f1396acd3f0]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #3 bin/shared/private/libgenrand-samba4.so(+0x2eb5) [0x7f1396acceb5]
92023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #4 bin/shared/private/libgenrand-samba4.so(+0x2eca) [0x7f1396acceca]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #5 /lib64/libc.so.6(+0x3dbb0) [0x7f139687abb0]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #6 bin/shared/private/libsamba-security-samba4.so(ndr_push_dom_sid2+0x2a) [0x7f13977e5437]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #7 bin/shared/libndr-standard.so.0(ndr_push_netr_DomainTrust+0x4ad) [0x7f1396deb64c]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #8 bin/shared/libndr-standard.so.0(ndr_push_netr_DomainTrustList+0x204) [0x7f1396dec7a9]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #9 bin/shared/private/libndr-samba4.so(+0x239bf9) [0x7f1397639bf9]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #10 winbindd: domain child [ADDOMAIN](winbind__op_ndr_push+0x5a) [0x55741e6857a8]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #11 bin/shared/libdcerpc-server-core.so.0(dcesrv_call_dispatch_local+0x49b) [0x7f1397be6219]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #12 winbindd: domain child [ADDOMAIN](winbindd_dual_ndrcmd+0x375) [0x55741e67a204]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #13 winbindd: domain child [ADDOMAIN](+0x9cf0d) [0x55741e674f0d]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #14 winbindd: domain child [ADDOMAIN](+0x9f792) [0x55741e677792]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #15 bin/shared/private/libtevent-samba4.so(tevent_common_invoke_fd_handler+0x121) [0x7f139802f816]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #16 bin/shared/private/libtevent-samba4.so(+0x19cef) [0x7f139803bcef]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #17 bin/shared/private/libtevent-samba4.so(+0x1a3dc) [0x7f139803c3dc]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #18 bin/shared/private/libtevent-samba4.so(+0x15b52) [0x7f1398037b52]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #19 bin/shared/private/libtevent-samba4.so(_tevent_loop_once+0x113) [0x7f139802e1db]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #20 winbindd: domain child [ADDOMAIN](+0xa03ca) [0x55741e6783ca]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #21 winbindd: domain child [ADDOMAIN](+0x9ba9c) [0x55741e673a9c]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #22 bin/shared/private/libtevent-samba4.so(_tevent_req_notify_callback+0xba) [0x7f139803194a]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #23 bin/shared/private/libtevent-samba4.so(+0xfadb) [0x7f1398031adb]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #24 bin/shared/private/libtevent-samba4.so(_tevent_req_done+0x25) [0x7f1398031b07]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #25 bin/shared/private/libtevent-samba4.so(+0xf125) [0x7f1398031125]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #26 bin/shared/private/libtevent-samba4.so(+0xe9cf) [0x7f13980309cf]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #27 bin/shared/private/libtevent-samba4.so(tevent_common_invoke_immediate_handler+0x207) [0x7f1398030343]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #28 bin/shared/private/libtevent-samba4.so(tevent_common_loop_immediate+0x37) [0x7f13980304b5]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #29 bin/shared/private/libtevent-samba4.so(+0x1a332) [0x7f139803c332]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #30 bin/shared/private/libtevent-samba4.so(+0x15b52) [0x7f1398037b52]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #31 bin/shared/private/libtevent-samba4.so(_tevent_loop_once+0x113) [0x7f139802e1db]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #32 winbindd: domain child [ADDOMAIN](main+0x1689) [0x55741e6b210a]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #33 /lib64/libc.so.6(+0x27b8a) [0x7f1396864b8a]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #34 /lib64/libc.so.6(__libc_start_main+0x8b) [0x7f1396864c4b]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #35 winbindd: domain child [ADDOMAIN](_start+0x25) [0x55741e63a045]
2023-12-08T14:07:42.760685+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: smb_panic(): calling panic action [cd /data/git/samba/scratch3 && /data/git/samba/scratch3/selftest/gdb_backtrace 157227 ./bin/winbindd]

Deferring assignment of r->out.domains->array and r->out.domains->count to the
end of the function ensures we don't return inconsistent state in case of an
error.

Also, r->out.domains is already set by the NDR layer, no need to create and
assign a struct netr_DomainTrustList object.

Using talloc_move() ensures we don't leave dangling pointers. Better to crash
reliably on accessing NULL, then accessing some unknown memory via a wild
pointer. As talloc_move() can't fail, there's no need to check the return value.

And using a struct initializer ensures all members are properly initialized.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Jan 20 14:23:51 UTC 2024 on atb-devel-224
2024-01-20 14:23:51 +00:00
.github
Added redirect from GitHub to GitLab
2018-12-05 16:35:33 +01:00
auth
auth:creds: Add cli_credentials_get_domain_and_obtained()
2023-12-10 21:24:38 +00:00
bootstrap
gitlab-ci: Update Fedora to version 39
2023-11-20 16:38:20 +00:00
buildtools
wafsamba: fix the usage of --private-extension-exception
2024-01-04 11:39:36 +00:00
coverity
coverity: Add modeling file for Coverity scan
2017-02-23 07:11:18 +01:00
ctdb
ctdb: add comments to "addip"/"delip" when CTDB_{CONTROL,EVENT,SRVID}_IPREALLOCATED happens
2024-01-04 11:39:36 +00:00
dfs_server
dfs_server: Fix debug statement if searched_site is NULL
2023-04-27 07:21:33 +00:00
docs-xml
docs: Update idmap_ad.8 that rfc2307 is the default
2024-01-12 14:51:56 +00:00
dynconfig
dynconfig: Fix code spelling
2023-04-11 09:06:35 +00:00
examples
examples/scripts: add smbXsrvdump
2024-01-09 10:21:34 +00:00
file_server
s3: Remove --log-stdout from daemons
2021-04-29 03:58:37 +00:00
include
lib
time.c: fix ctime which was feeded with the mtime seconds
2024-01-16 14:37:31 +00:00
libcli
python: Generate HRESULT definitions automatically
2024-01-15 01:56:53 +00:00
libds/common
libds: Add Managed Service Accounts well-known GUID
2023-05-05 02:54:31 +00:00
libgpo
libgpo: fix wrong lineending in admx files
2023-11-27 01:12:40 +00:00
librpc
dcesrv_reply: just drop responses if the connection is already terminating
2024-01-09 11:26:55 +00:00
nsswitch
winbind_nss_netbsd: fix missing semicolon
2023-12-29 12:49:34 +00:00
packaging
packaging:systemd: Fix code spelling
2023-06-23 13:44:31 +00:00
pidl
librpc: Change type of ‘u16string’ from ‘const uint16_t *’ to ‘const unsigned char *’
2023-12-21 23:48:46 +00:00
python
python: Generate HRESULT definitions automatically
2024-01-15 01:56:53 +00:00
release-scripts
release-script: Fix shellcheck errors
2022-08-17 11:03:54 +00:00
script
script/autobuild.py: add some --private-libraries=ALL testing
2024-01-04 12:45:58 +00:00
selftest
winbindd: fix listing trusted domains with NT trusts
2024-01-20 14:23:51 +00:00
source3
winbindd: fix listing trusted domains with NT trusts
2024-01-20 14:23:51 +00:00
source4
s4/rpc_server: return NULL dns_name for NT4 trusts
2024-01-20 13:20:37 +00:00
testdata
testdata: Fix spelling
2023-10-25 22:23:38 +00:00
testprogs
CVE-2018-14628: python:descriptor: let samba-tool dbcheck fix the nTSecurityDescriptor on CN=Deleted Objects containers
2023-10-16 14:39:33 +00:00
tests
tests: Fix code spelling
2023-08-14 21:45:30 +00:00
testsuite
testsuite: Reformat shell scripts
2022-08-10 13:17:31 +00:00
third_party
third_party/*_wrapper: use SAMBA_LIBRARY(force_unversioned=True)
2024-01-04 11:39:36 +00:00
wintest
wintest: Fix invalid escape sequences
2023-10-13 04:55:06 +00:00
.bzrignore
.clang-format
clang-format: sort alphabetically
2023-10-24 14:47:57 +00:00
.clangd
Add .clangd configuration file
2023-03-29 16:57:34 +00:00
.codespellignore
codespellignore: ignore some spellings introduced with wsp files
2023-10-25 22:23:38 +00:00
.codespellrc
s4:scripting: Generate HRESULT definitions as part of the build process
2024-01-15 00:48:40 +00:00
.editorconfig
editorconfig: We always inserted a new line so keep doing that
2022-02-28 10:22:34 +00:00
.git-blame-ignore-revs
Add a git-blame-ignore-revs file
2023-03-03 02:02:51 +00:00
.gitattributes
.gitattributes: Treat file containing test SDDL as binary
2023-10-25 22:23:37 +00:00
.gitignore
gitignore: add WAF lockfile
2023-10-17 04:16:29 +00:00
.gitlab-ci-coverage-runners.yml
add .gitlab-ci-coverage.yml for a scheduled build
2021-04-13 09:33:14 +00:00
.gitlab-ci-coverage.yml
add .gitlab-ci-coverage.yml for a scheduled build
2021-04-13 09:33:14 +00:00
.gitlab-ci-default-runners.yml
.gitlab-ci: make it explicit that some tests require ext4/5.15 kernel
2023-09-14 17:56:30 +00:00
.gitlab-ci-default.yml
.gitlab-ci.yml: Honour AUTOBUILD_SKIP_SAMBA_O3 in GitLab CI
2021-10-13 11:10:44 +00:00
.gitlab-ci-main.yml
gitlab-ci: Update Fedora to version 39
2023-11-20 16:38:20 +00:00
.gitlab-ci-private.yml
.gitlab-ci.yml: move the content to .gitlab-ci-main.yml
2021-04-13 08:23:35 +00:00
.gitlab-ci.yml
.gitlab-ci.yml: move the content to .gitlab-ci-main.yml
2021-04-13 08:23:35 +00:00
.gitleaks.toml
Add gitleaks configuration file to avoid false positives
2023-02-13 18:45:21 +00:00
.testr.conf
testr: Use waf testonly and create a custom directory for new workers.
2014-10-14 06:44:07 +02:00
.ycm_extra_conf.py
PEP8: fix E302: expected 2 blank lines, found 1
2018-08-24 07:49:29 +02:00
callcatcher-exceptions.grep
configure
configure/Makefile: export PYTHONHASHSEED=1 in all 'configure/Makefile' scripts
2022-03-29 22:32:32 +00:00
configure.developer
lib: Change socket_wrapper to preloadable version.
2014-04-17 14:56:06 +02:00
COPYING
GPG_AA99442FB680B620_replaces_6F33915B6568B7EA.txt
ReleaseKey: add GnuPG key transition statement for the Samba release key
2021-01-21 13:57:45 +01:00
Makefile
build: Add 'make printversion' to provide version string
2023-10-17 03:19:38 +00:00
PFIF.txt
docs: protocolfreedom.org is no longer
2020-06-12 22:11:43 +00:00
README.cifs-utils
README.Coding.md
Revert "README.Coding.md: add DBG_STARTUP_NOTICE macro"
2023-11-24 10:34:58 +00:00
README.contributing
Rename Samba's DCO to Samba Developer's Declaration
2020-10-20 22:54:01 +00:00
README.md
Update README.md with more up to date information
2020-06-12 22:11:43 +00:00
SECURITY.md
SECURITY.md: Fix spelling
2023-10-25 22:23:37 +00:00
setup.cfg
pep8 tidy up config
2020-12-17 00:54:51 +00:00
VERSION
Happy New Year 2024!
2024-01-01 10:20:06 +01:00
VFS-License-clarification.txt
VFS-License-clarification: minor improvements aligning w/ GPLv3 text
2020-11-04 21:29:40 +00:00
WHATSNEW.txt
WHATSNEW: Add entry for "samba-tool user get-kerberos-ticket"
2023-12-21 03:04:12 +00:00
wscript
wscript: use opt.PRIVATE_EXTENSION_DEFAULT('private-samba')
2024-01-04 11:39:36 +00:00
wscript_build
libcli/wsp: Add support for simplified Advanced Query Syntax
2023-10-25 22:23:38 +00:00
wscript_build_embedded_heimdal
wafsamba: Remove clangdb code which doesn't work
2022-01-21 23:33:36 +00:00
wscript_build_system_heimdal
wscript: Correctly determine dependencies for system Heimdal build
2022-11-08 02:39:37 +00:00
wscript_build_system_mitkrb5
wafsamba: Remove clangdb code which doesn't work
2022-01-21 23:33:36 +00:00
wscript_configure_embedded_heimdal
HEIMDAL: move code from source4/heimdal* to third_party/heimdal*
2022-01-19 21:41:59 +00:00
wscript_configure_system_gnutls
wscript: Remove unused imports
2023-08-30 02:15:29 +00:00
wscript_configure_system_heimdal
build: Add build time detection for the MIT FAST ccache API
2023-11-29 03:11:34 +00:00
wscript_configure_system_mitkrb5
build: Add build time detection for the MIT FAST ccache API
2023-11-29 03:11:34 +00:00

README.md

About Samba

Samba is the standard Windows interoperability suite of programs for Linux and Unix. Samba is Free Software licensed under the GNU General Public License and the Samba project is a member of the Software Freedom Conservancy. Since 1992, Samba has provided secure, stable and fast file and print services for all clients using the SMB/CIFS protocol, such as all versions of DOS and Windows, OS/2, Linux and many others. Samba is an important component to seamlessly integrate Linux/Unix Servers and Desktops into Active Directory environments. It can function both as a domain controller or as a regular domain member.

For the AD DC implementation a full HOWTO is provided at: https://wiki.samba.org/index.php/Samba4/HOWTO

Community guidelines can be read at: https://wiki.samba.org/index.php/How_to_do_Samba:_Nicely

This software is freely distributable under the GNU public license, a copy of which you should have received with this software (in a file called COPYING).

CONTRIBUTIONS

Please see https://wiki.samba.org/index.php/Contribute for detailed set-by-step instructions on how to submit a patch for Samba via GitLab.

Samba's GitLab mirror is at https://gitlab.com/samba-team/samba

OUR CONTRIBUTORS

See https://www.samba.org/samba/team/ for details of the Samba Team, as well as details of all those currently active in Samba development.

If you like a particular feature then look through the git change-log (on the web at https://gitweb.samba.org/?p=samba.git;a=summary) and see who added it, then send them an email.

Remember that free software of this kind lives or dies by the response we get. If no one tells us they like it then we'll probably move onto something else.

MORE INFO

DOCUMENTATION

There is quite a bit of documentation included with the package, including man pages and the wiki at https://wiki.samba.org

If you would like to help with our documentation, please contribute that improved content to the wiki, we are moving as much content there as possible.

MAILING LIST

Please do NOT send subscription/unsubscription requests to the lists!

There is a mailing list for discussion of Samba. For details go to https://lists.samba.org/ or send mail to samba-subscribe@lists.samba.org

There is also an announcement mailing list where new versions are announced. To subscribe go to https://lists.samba.org/ or send mail to samba-announce-subscribe@lists.samba.org. All announcements also go to the samba list, so you only need to be on one.

For details of other Samba mailing lists and for access to archives, see https://lists.samba.org/

MAILING LIST ETIQUETTE

A few tips when submitting to this or any mailing list.

  1. Make your subject short and descriptive. Avoid the words "help" or "Samba" in the subject. The readers of this list already know that a) you need help, and b) you are writing about samba (of course, you may need to distinguish between Samba PDC and other file sharing software). Avoid phrases such as "what is" and "how do i". Some good subject lines might look like "Slow response with Excel files" or "Migrating from Samba PDC to NT PDC".

  2. If you include the original message in your reply, trim it so that only the relevant lines, enough to establish context, are included. Chances are (since this is a mailing list) we've already read the original message.

  3. Trim irrelevant headers from the original message in your reply. All we need to see is a) From, b) Date, and c) Subject. We don't even really need the Subject, if you haven't changed it. Better yet is to just preface the original message with "On [date] [someone] wrote:".

  4. Please don't reply to or argue about spam, spam filters or viruses on any Samba lists. We do have a spam filtering system that is working quite well thank you very much but occasionally unwanted messages slip through. Deal with it.

  5. Never say "Me too." It doesn't help anyone solve the problem. Instead, if you ARE having the same problem, give more information. Have you seen something that the other writer hasn't mentioned, which may be helpful?

  6. If you ask about a problem, then come up with the solution on your own or through another source, by all means post it. Someone else may have the same problem and is waiting for an answer, but never hears of it.

  7. Give as much relevant information as possible such as Samba release number, OS, kernel version, etc...

  8. RTFM. Google.

WEBSITE

A Samba website has been setup with lots of useful info. Connect to:

https://www.samba.org/

As well as general information and documentation, this also has searchable archives of the mailing list and links to other useful resources such as the wiki.

Description
https://gitlab.com/samba-team/samba is the Official GitLab mirror of https://git.samba.org/samba.git -- Merge requests should be made on GitLab (not on GitHub)
samba
Readme 453 MiB
Languages
C 76.4%
Python 18.8%
Shell 2.8%
Perl 1.4%
Rust 0.3%
Other 0.1%