"Error: UNINIT (CWE-457):
samba-4.20.0rc2/examples/winexe/winexesvc.c:60: var_decl: Declaring variable ""ea"" without initializer.
samba-4.20.0rc2/examples/winexe/winexesvc.c:86: uninit_use_in_call: Using uninitialized value ""ea"". Field ""ea.Trustee.pMultipleTrustee"" is uninitialized when calling ""SetEntriesInAclA"".
84|
85| /* Create a new ACL that contains the new ACEs */
86|-> dwRes = SetEntriesInAcl(1, &ea, NULL, &pACL);
87| if (ERROR_SUCCESS != dwRes) {
88| dbg(""SetEntriesInAcl Error %lu\n"", GetLastError());"
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
s4:torture: Add new LSA test_query_forest_trust_info()
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jul 18 12:36:25 UTC 2024 on atb-devel-224
selftest: Remove samba4.rpc.lsa.forest.trust from knownfail
The test needs --option="torture:Forest_Trust_Dom2_Binding=..." in order
to be useful, so the skip is correct, but the knownfail entry should
have been removed with e5163dfd57694351bf556565e92f74b71221db29.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
python:tests: make test_export_keytab_nochange_update() more reliable
net.export_keytab() includes the current timestamp into the resulting
keytab. So we need to make sure the two compared exports actually
run within the same second.
And klist may also print the keytab filename...
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jul 17 14:21:30 UTC 2024 on atb-devel-224
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jul 17 11:17:54 UTC 2024 on atb-devel-224
Pavel Filipenský [Tue, 23 Jan 2024 09:01:35 +0000 (10:01 +0100)]
s3:lib: Fix a typo in MACRO
DEBUG_PASSWORDS --> DEBUG_PASSWORD
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Wed Jul 17 08:49:46 UTC 2024 on atb-devel-224
Martin Schwenke [Thu, 11 Jul 2024 02:14:07 +0000 (12:14 +1000)]
ctdb-tests: Correctly handle adding a deleted node at the end
The current fake_ctdbd code for reloading the nodes file overruns the
allocation when adding a deleted node at the end. This is a very
unlikely case, but it might as well work.
Check the size of the internal node map when marking a node deleted.
Also, update the code that adds a node to correctly set the deleted
flag when appropriate.
The included test case tests this.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Jul 17 00:06:53 UTC 2024 on atb-devel-224
s3:modules: Make nread a size_t and check for possible overflow
"Error: INTEGER_OVERFLOW (CWE-190):
samba-4.20.0rc2/source3/modules/vfs_preopen.c:215: tainted_data_return: Called function ""read(sock_fd, namebuf + nread, talloc_get_size(namebuf) - nread)"", and a possible return value may be less than zero.
samba-4.20.0rc2/source3/modules/vfs_preopen.c:215: assign: Assigning: ""thistime"" = ""read(sock_fd, namebuf + nread, talloc_get_size(namebuf) - nread)"".
samba-4.20.0rc2/source3/modules/vfs_preopen.c:221: overflow: The expression ""nread"" is considered to have possibly overflowed.
samba-4.20.0rc2/source3/modules/vfs_preopen.c:215: overflow: The expression ""talloc_get_size(namebuf) - nread"" is deemed overflowed because at least one of its arguments has overflowed.
samba-4.20.0rc2/source3/modules/vfs_preopen.c:215: overflow_sink: ""talloc_get_size(namebuf) - nread"", which might have underflowed, is passed to ""read(sock_fd, namebuf + nread, talloc_get_size(namebuf) - nread)"". [Note: The source code implementation of the function has been overridden by a builtin model.]
213| ssize_t thistime;
214|
215|-> thistime = read(sock_fd, namebuf + nread,
216| talloc_get_size(namebuf) - nread);
217| if (thistime <= 0) {"
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
lib:util: Move open() of /dev/null into the if-clause
"Error: RESOURCE_LEAK (CWE-772):
samba-4.20.0rc2/lib/util/close_low_fd.c:40: open_fn: Returning handle opened by ""open"". [Note: The source code implementation of the function has been overridden by a user model.]
samba-4.20.0rc2/lib/util/close_low_fd.c:40: var_assign: Assigning: ""dev_null"" = handle returned from ""open(""/dev/null"", 2, 0)"".
samba-4.20.0rc2/lib/util/close_low_fd.c:52: overwrite_var: Overwriting handle ""dev_null"" in ""dev_null = open(""/dev/null"", 2, 0)"" leaks the handle.
50| }
51|
52|-> dev_null = open(""/dev/null"", O_RDWR, 0);
53| if (dev_null == -1) {
54| dev_null = open(""/dev/null"", O_WRONLY, 0);"
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
python:tests: pass bytes.decode() instead of str(bytes) to assertMultiLineEqual() to get better failure output
When not equal a diff of the two strings highlighting the differences
will be included this way.
This is a flapping test.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jul 16 07:40:41 UTC 2024 on atb-devel-224
python:tests: Use assertMultiLineEqual() to get better failure output
When not equal a diff of the two strings highlighting the differences
will be included this way.
This is a flapping test.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jul 15 13:51:03 UTC 2024 on atb-devel-224
smbd: Show blk and chr devices as nfs reparse points
Can't test these in selftest, we can't create devices and I don't want
us to depend on /dev to exist. Tested manually on a system where
/dev/null exists:
Try "help" to get a list of possible commands.
smb: \> allinfo null
altname: null
create_time: Fri Jun 21 02:45:59 PM 2024 CEST
access_time: Fri Jun 21 02:45:59 PM 2024 CEST
write_time: Fri Jun 21 02:45:59 PM 2024 CEST
change_time: Fri Jun 21 02:45:59 PM 2024 CEST
attributes: (480)
stream: [::$DATA], 0 bytes
0x80000014 (IO_REPARSE_TAG_NFS)
0x524843 (NFS_SPECFILE_CHR)
1/3
smb: \>
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jul 12 21:36:16 UTC 2024 on atb-devel-224
Change an automated sizeof() call in the pidl dissector generation from
prefixing a "g" to getting the actual C type.
Ping #19116
Signed-off-by: John Thacker <johnthacker@gmail.com> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jul 12 11:08:03 UTC 2024 on atb-devel-224
pidl: Don't assign hash undef, assign it an empty array
Perl works, but complains if warnings are on, if a hash is
initialized to undef instead of to empty. Upstream Samba turned on
warnings in the next commit to catch things like this.
Signed-off-by: John Thacker <johnthacker@gmail.com> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
This moves about 56 kBytes of data from a read-write data section to read-only.
The various dissectors were _not_ regenerated for this commit. Instead, this
commit was produced using the following command:
find * -type f -exec sed -i -e 's/\(["'\'']\|^\)static dcerpc_sub_dissector/\1static const dcerpc_sub_dissector/' \{\} \;
This updates the generator script and its test, as well as making an identical
change to all of the dissectors, regardless of whether or not those dissectors
were produced by the generator script.
Signed-off-by: John Thacker <johnthacker@gmail.com> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Remove init of proto, header field, expert info and subtree variables.
This will reduces the binary size by approximate 1266320 bytes due to
using .bss to zero-initialize the fields.
The conversion is done using the tools/convert-proto-init.py script
Signed-off-by: John Thacker <johnthacker@gmail.com> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
This is to fix the error when pushing to personal gitlab repo:
2024-07-04 08:16:05,460 Running: 'git clone --recursive --shared /builds/pfilipen/samba /builds/samba-testbase/master' in '/builds/pfilipen/samba'
Cloning into '/builds/samba-testbase/master'...
fatal: detected dubious ownership in repository at '/builds/pfilipen/samba/.git'
To add an exception for this directory, call:
git config --global --add safe.directory /builds/pfilipen/samba/.git
fatal: Could not read from remote repository.
Instead of adding more and more explicit repositories
we should just allow any, we're in an isolated environment...
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jul 10 10:35:00 UTC 2024 on atb-devel-224
Douglas Bagnall [Fri, 5 Jul 2024 02:31:58 +0000 (14:31 +1200)]
cmdline:burn: list commands to always burn; warn on unknown
We burn arguments to all unknown options containing "pass" (e.g.
"--passionate=false") in case they are a password option, but is bad
in the case where the unknown option takes no argument but the next
option *is* a password (like "--overpass --password2 barney". In that
case "--password2" would be burnt and not "barney".
The burning behaviour doesn't change with this commit, but users will now
see an error message explaining that the option was unknown. This is not
so much aimed at end users -- for who an invalid option will hopefully
lead to --help like output -- but to developers who add a new "pass"
option.
This also slightly speeds up the processing of known password options,
which is a little bit important because we are in a race to replace the
command line in /proc before an attacker sees it.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Jul 10 06:28:08 UTC 2024 on atb-devel-224
Anoop C S [Mon, 8 Jul 2024 07:24:06 +0000 (12:54 +0530)]
vfs_ceph: Disable the module on unsupported Ceph versions
For the last major release(v4.20) we had a warning issued(fe16ae1fe834)
to inform about the plan to disable building vfs_ceph in the absence of
certain required APIs. This is now due to make the changes and further
disable building the module if minimum required libcephfs APIs are not
present. As we speak this requirement includes ceph_select_filesystem()
and *at() variants of libcephfs APIs. These were around since v17(even
earlier for ceph_select_filesystem) which is the lowest non-EOL version
of Ceph available[1] at the moment.
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Tue Jul 9 13:05:47 UTC 2024 on atb-devel-224
ldap_server: Add a ldapsrv debug class to log LDAP queries
Patch updated for recent samba versions in merge request #3295 by kvvloten
Initial patch created by Jeremy Allison (https://www.spinics.net/lists/samba/msg161128.html) to log LDAP server queries/functions in a separate file
Signed-off-by: Andréas Leroux <aleroux@tranquil.it> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jul 9 08:37:22 UTC 2024 on atb-devel-224
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/source3/rpc_server/svcctl/srv_svcctl_nt.c:163: var_decl: Declaring variable ""ace"" without initializer.
samba-4.20.0rc2/source3/rpc_server/svcctl/srv_svcctl_nt.c:182: uninit_use_in_call: Using uninitialized value ""*ace"". Field ""ace->object"" is uninitialized when calling ""make_sec_acl"".
180| /* create the security descriptor */
181|
182|-> if ( !(theacl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace)) )
183| return NULL;
184|"
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jul 8 08:37:46 UTC 2024 on atb-devel-224
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/examples/libsmbclient/testacl.c:35: var_decl: Declaring variable ""value"" without initializer.
samba-4.20.0rc2/examples/libsmbclient/testacl.c:254: uninit_use_in_call: Using uninitialized value ""*value"" as argument to ""%s"" when calling ""printf"". [Note: The source code implementation of the function has been overridden by a builtin model.]
252| }
253|
254|-> printf(""Attributes for [%s] are:\n%s\n"", path, value);
255|
256| if (stat_and_retry)"
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
"Error: INTEGER_OVERFLOW (CWE-190):
samba-4.20.0rc2/source3/registry/regfio.c:175: tainted_data_argument: The check ""bytes_read < block_size"" contains the tainted expression ""bytes_read"" which causes ""block_size"" to be considered tainted.
samba-4.20.0rc2/source3/registry/regfio.c:176: overflow: The expression ""block_size - bytes_read"" is deemed overflowed because at least one of its arguments has overflowed.
samba-4.20.0rc2/source3/registry/regfio.c:176: overflow_sink: ""block_size - bytes_read"", which might have underflowed, is passed to ""read(file->fd, buffer + bytes_read, block_size - bytes_read)"". [Note: The source code implementation of the function has been overridden by a builtin model.]
174|
175| while ( bytes_read < block_size ) {
176|-> if ( (returned = read( file->fd, buffer+bytes_read, block_size-bytes_read )) == -1 ) {
177| DEBUG(0,(""read_block: read() failed (%s)\n"", strerror(errno) ));
178| return False;"
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jul 8 06:28:47 UTC 2024 on atb-devel-224
Jones Syue [Fri, 5 Jul 2024 09:36:46 +0000 (17:36 +0800)]
s3:ntlm_auth: make logs more consistent with length check
Run ntlm_auth with options --lm-response/--nt-response/--challenge, and pass
wrong length to these options, got error prompted logs about 'only got xxx
bytes', which are not consistent with length check. This patch revise logs
for length check to make it more consistent.
For example --lm-response requires exact 24 hex, let us input three kinds
of length 23 24 25, prompted logs said 'only got 25 bytes' seems confusing.
script:
for length in 23 24 25; \
do \
ntlm_auth --username=${un} --password=${pw} \
--lm-response="`openssl rand -hex ${length}`"; \
done;
Signed-off-by: Jones Syue <jonessyue@qnap.com> Reviewed-by: David Mulder <dmulder@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jul 6 00:52:02 UTC 2024 on atb-devel-224
Signed-off-by: Ralph Boehme <slow@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Jul 5 10:02:26 UTC 2024 on atb-devel-224
libcli: New routine symlink_target_path for [MS-SMB2] 2.2.2.2.1.1
Right now the only user is the user-space symlink following in
smbd. We will use it in libsmb as well to correctly handle
STOPPED_ON_SYMLINK. When trying to upstream that code I found the
previous_slash function incredibly hard to understand.
This new routine makes copy of "const char *_name_in", so that we can
replace previous_slash with a simple strrchr_m. If that's too
slow (which I doubt, this is "only" chasing symlinks) we can always do
something smarter again.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
gitlab-ci: Also add the git directory for pipeline in the main mirror
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jul 4 08:08:49 UTC 2024 on atb-devel-224
Wireshark's NDR dissector dissects both signed and unsigned types
of the same size and alignment with the same functions, e.g. see
the handling of "udlong" and "dlong." It is passing the FT_UINT64
vs FT_INT64 field type enum value that determines at the last
moment whether a value is cast to signed. dissect_ndr_uint64()
already has the proper behavior for 8-byte aligned signed 64 bit
integers, and a dissect_ndr_int64() function will not need to be
introduced.
Signed-off-by: John Thacker <johnthacker@gmail.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jul 3 14:19:04 UTC 2024 on atb-devel-224
smbd: correctly restore ENOENT if fstatfs() modifies it
Review with: git show -U5
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jul 3 11:41:12 UTC 2024 on atb-devel-224
Fix the type of arrays of pointers to hf_ values for bitfield routines.
The static arrays are supposed to be arrays of const pointers to int,
not arrays of non-const pointers to const int.
Fixing that means some bugs (scribbling on what's *supposed* to be a
const array) will be caught (see packet-ieee80211-radiotap.c for
examples, the first of which inspired this change and the second of
which was discovered while testing compiles with this change), and
removes the need for some annoying casts.
Also make some of those arrays static while we're at it.
Update documentation and dissector-generator tools.
Change-Id: I789da5fc60aadc15797cefecfd9a9fbe9a130ccc
Reviewed-on: https://code.wireshark.org/review/37517
Petri-Dish: Guy Harris <gharris@sonic.net> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com> Signed-off-by: John Thacker <johnthacker@gmail.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Jul 3 02:35:43 UTC 2024 on atb-devel-224
projects / thirdparty / samba.git / log
