sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-06 13:18:07 +03:00
Code
3e8d6e681f
samba-mirror/source4
History
Andrew Bartlett 3e8d6e681f CVE-2021-3670 ldap_server: Clearly log LDAP queries and timeouts 
This puts all the detail on one line so it can be searched
by IP address and connecting SID.

This relies on the anr handling as otherwise this log
becomes the expanded query, not the original one.

RN: Provide clear logs of the LDAP search and who made it, including
a warning (at log level 3) for queries that are 1/4 of the hard timeout.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14694

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Nov 25 02:30:42 UTC 2021 on sn-devel-184

(cherry picked from commit 3507e96b3d)
2021-12-02 10:33:13 +00:00
..
auth CVE-2020-25718 kdc: Confirm the RODC was allowed to issue a particular ticket 2021-11-08 10:46:45 +01:00
build/pasn1
cldap_server s4: rename source4/smbd/ to source4/samba/ 2020-11-27 10:07:18 +00:00
client lib/util: remove extra safe_string.h file 2020-08-28 02:18:40 +00:00
cluster dbwrap: Remove calls to loadparm 2018-04-24 01:53:19 +02:00
dns_server dns_update.c: handle DNS_QTYPE_ALL 2020-12-19 18:20:30 +00:00
dsdb CVE-2021-3670 dsdb/anr: Do a copy of the potentially anr query before starting to modify it 2021-12-02 10:33:13 +00:00
echo_server s4: rename source4/smbd/ to source4/samba/ 2020-11-27 10:07:18 +00:00
heimdal Revert "CVE-2020-25719 heimdal:kdc: Require authdata to be present" 2021-11-08 10:46:45 +01:00
heimdal_build kdc: sign ticket using Windows PAC 2021-10-26 12:00:27 +00:00
include lib: Remove global xfile.h includes 2016-11-20 06:23:19 +01:00
kdc CVE-2020-25722 kdc: Do not honour a request for a 3-part SPN (ending in our domain/realm) unless a DC 2021-11-08 10:46:45 +01:00
ldap_server CVE-2021-3670 ldap_server: Clearly log LDAP queries and timeouts 2021-12-02 10:33:13 +00:00
lib auth:creds: Rename CRED_USE_KERBEROS values 2020-11-03 15:25:37 +00:00
libcli CVE-2016-2124: s4:libcli/sesssetup: don't fallback to non spnego authentication if we require kerberos 2021-11-08 10:46:45 +01:00
libnet s4:libnet:py_net - free event context in dealloc fn 2020-11-06 04:58:31 +00:00
librpc CVE-2021-23192: dcesrv_core: only the first fragment specifies the auth_contexts 2021-11-08 10:46:45 +01:00
nbt_server s4: rename source4/smbd/ to source4/samba/ 2020-11-27 10:07:18 +00:00
ntp_signd s4: rename source4/smbd/ to source4/samba/ 2020-11-27 10:07:18 +00:00
ntvfs python: Ensure reference counts are properly incremented 2021-09-16 06:50:11 +00:00
param s4:param: Add 'weak crypto' getter to pyparam 2020-10-29 14:19:36 +00:00
rpc_server CVE-2021-3738 s4:rpc_server/samr: make use of dcesrv_samdb_connect_as_*() helper 2021-11-08 10:46:46 +01:00
samba Happy New Year 2021! 2021-01-01 11:56:23 +00:00
script PY3: change shebang to python3 in source4/dsdb dir 2018-12-14 14:40:20 +01:00
scripting gpo: Apply Group Policy Sudo Rights from VGP 2020-12-19 08:11:50 +00:00
selftest CVE-2020-25717: tests/krb5: Add a test for idmap_nss mapping users to SIDs 2021-11-18 06:40:13 +00:00
setup CVE-2020-25722 blackbox/upgrades tests: ignore SPN for ldapcmp 2021-11-08 10:46:44 +01:00
smb_server CVE-2020-25717: s4:smb_server: start with authoritative = 1 2021-11-08 10:46:43 +01:00
torture torture: add a test for NTTIME_FREEZE and NTTIME_THAW 2021-11-10 14:37:13 +00:00
utils lib/util: remove extra safe_string.h file 2020-08-28 02:18:40 +00:00
winbind s4: rename source4/smbd/ to source4/samba/ 2020-11-27 10:07:18 +00:00
wrepl_server s4: rename source4/smbd/ to source4/samba/ 2020-11-27 10:07:18 +00:00
.clang_complete
.valgrind_suppressions
wscript_build