Direct leak of 20 byte(s) in 1 object(s) allocated from:
#0 0x7f83838f6880 in strdup ../../../../libsanitizer/asan/asan_interceptors.cpp:578
#1 0x55a06cc7c244 in main ../../source4/client/client.c:3470
#2 0x7f837fe2a2ad in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
s4:torture: Fix memory leak in torture_decode_compare_pac()
Direct leak of 200 byte(s) in 1 object(s) allocated from:
#0 0x7f42972fc130 in calloc ../../../../libsanitizer/asan/asan_malloc_linux.cpp:77
#1 0x7f4296cf3054 in wbcAllocateMemory ../../nsswitch/libwbclient/wbclient.c:216
#2 0x7f4296cf386c in wbc_create_auth_info ../../nsswitch/libwbclient/wbc_pam.c:96
#3 0x7f4296cf59a1 in wbcCtxAuthenticateUserEx ../../nsswitch/libwbclient/wbc_pam.c:561
#4 0x7f4296cf5d98 in wbcAuthenticateUserEx ../../nsswitch/libwbclient/wbc_pam.c:578
#5 0x55f8ff6023f1 in torture_decode_compare_pac ../../source4/torture/winbind/winbind.c:120
#6 0x55f8ff6023f1 in torture_winbind_pac ../../source4/torture/winbind/winbind.c:291
#7 0x55f8ff603c98 in torture_winbind_pac_gss_spnego ../../source4/torture/winbind/winbind.c:303
#8 0x7f4295ff560c in wrap_simple_test ../../lib/torture/torture.c:712
#9 0x7f4295ff748d in internal_torture_run_test ../../lib/torture/torture.c:520
#10 0x7f4295ff7904 in torture_run_tcase_restricted ../../lib/torture/torture.c:585
#11 0x7f4295ff7e69 in torture_run_suite_restricted ../../lib/torture/torture.c:439
#12 0x55f8ff7980ba in run_matching ../../source4/torture/smbtorture.c:96
#13 0x55f8ff798141 in run_matching ../../source4/torture/smbtorture.c:106
#14 0x55f8ff798e41 in torture_run_named_tests ../../source4/torture/smbtorture.c:173
#15 0x55f8ff79cf03 in main ../../source4/torture/smbtorture.c:754
#16 0x7f4291a2a2ad in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Direct leak of 44 byte(s) in 2 object(s) allocated from:
#0 0x7f54522f6880 in strdup ../../../../libsanitizer/asan/asan_interceptors.cpp:578
#1 0x7f54520d5a95 in process_domain_info_string ../../nsswitch/libwbclient/wbc_util.c:471
#2 0x7f54520d5a95 in wbcCtxListTrusts ../../nsswitch/libwbclient/wbc_util.c:612
#3 0x7f54520d6426 in wbcListTrusts ../../nsswitch/libwbclient/wbc_util.c:632
#4 0x558c48799cf7 in wbinfo_list_domains ../../nsswitch/wbinfo.c:515
#5 0x558c487a72db in main ../../nsswitch/wbinfo.c:3300
#6 0x7f544f42a2ad in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Direct leak of 832 byte(s) in 13 object(s) allocated from:
#0 0x7efc8e0fc777 in malloc ../../../../libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x562cb6e96d44 in nss_test_initgroups ../../nsswitch/nsstest.c:381
#2 0x562cb6e96d44 in nss_test_users ../../nsswitch/nsstest.c:424
#3 0x562cb6e96d44 in main ../../nsswitch/nsstest.c:493
#4 0x7efc8dc2a2ad in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Direct leak of 48 byte(s) in 1 object(s) allocated from:
#0 0x7ff206afc130 in calloc ../../../../libsanitizer/asan/asan_malloc_linux.cpp:77
#1 0x7ff206837054 in wbcAllocateMemory ../../nsswitch/libwbclient/wbclient.c:216
#2 0x7ff20683c76a in wbc_create_password_policy_info ../../nsswitch/libwbclient/wbc_pam.c:295
#3 0x7ff20683c76a in wbcCtxLogonUser ../../nsswitch/libwbclient/wbc_pam.c:1290
#4 0x7ff20683caec in wbcLogonUser ../../nsswitch/libwbclient/wbc_pam.c:1307
#5 0x556ea348db12 in wbinfo_auth_krb5 ../../nsswitch/wbinfo.c:1723
#6 0x556ea348db12 in main ../../nsswitch/wbinfo.c:3238
#7 0x7ff203c2a2ad in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
David Mulder [Mon, 9 Sep 2024 19:30:55 +0000 (13:30 -0600)]
Fix pam failure to register Pin following mfa poll
Signed-off-by: David Mulder <dmulder@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Wed Oct 23 15:39:09 UTC 2024 on atb-devel-224
David Mulder [Mon, 26 Aug 2024 17:06:31 +0000 (11:06 -0600)]
Fix pam echo not displayed via ssh
Necessary because of OpenSSH bug
https://bugzilla.mindrot.org/show_bug.cgi?id=2876 -
PAM_TEXT_INFO and PAM_ERROR_MSG conversation not
honoured during PAM authentication
Signed-off-by: David Mulder <dmulder@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
David Mulder [Mon, 26 Aug 2024 13:33:25 +0000 (07:33 -0600)]
Add the user's primary group to the cache
We create a fake primary group which simply
matches the user's upn. This is because Entra ID
does not have primary groups, but we can fake it
with a primary group which is a member of all the
users groups.
Signed-off-by: David Mulder <dmulder@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
Martin Schwenke [Tue, 15 Oct 2024 03:11:15 +0000 (14:11 +1100)]
ctdb-scripts: Don't set arp_filter=1 by default in 10.interface
That is, no longer set sysctl net.ipv4.conf.all.arp_filter=1 in
10.interface. Only do this in 13.per_ip_routing.
This effectively reverts commit 0ebd7beb4bcae324acf8e733500a983d22b47e9b by Ronnie Sahlberg from 2007.
I have discussed this with Ronnie. This setting was originally added
to force incoming traffic to the interface hosting each IP. This
would spread the load across multiple interfaces hosting the same
subnet. Without the setting, incoming traffic would go to the first
interface to answer an ARP request, so could be unbalanced if one
interface tended to answer more quickly.
However, networks are now faster and interface bonding/teaming works
well in Linux, so it is less likely that multiple interfaces will be
used in this way.
Also, problems are occurring in exactly the case this is meant to
help: when multiple interfaces host the same subnet.
The Linux kernel documentation for this option says:
arp_filter - BOOLEAN
- 1 - Allows you to have multiple network interfaces on the same
subnet, and have the ARPs for each interface be answered
based on whether or not the kernel would route a packet from
the ARP'd IP out that interface (therefore you must use source
based routing for this to work). In other words it allows control
of which cards (usually 1) will respond to an arp request.
- 0 - (default) The kernel can respond to arp requests with addresses
from other interfaces. This may seem wrong but it usually makes
sense, because it increases the chance of successful communication.
IP addresses are owned by the complete host on Linux, not by
particular interfaces. Only for more complex setups like load-
balancing, does this behaviour cause problems.
arp_filter for the interface will be enabled if at least one of
conf/{all,interface}/arp_filter is set to TRUE,
it will be disabled otherwise
Note the part for arp_filter=1 that says "you must use source based
routing for this to work". The problems are probably due to a lack of
source-based routing when this is only used with 10.interface. In
this case, outbound packets can come from a different
interface (corresponding to the first matching route), with a
different MAC address. There is clearly some infrastructure or packet
filtering out there that objects to such asymmetric packet flows.
So, drop this setting from 10.interface because it isn't working as
intended. Continue to enable it in 13.per_ip_routing, which exists to
set up the required source-based routing.
This change may affect balancing of packet flows when public IP
addresses can be hosted by multiple interfaces, but does not stop that
feature from working.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Thu Oct 17 18:53:32 UTC 2024 on atb-devel-224
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 16 19:05:15 UTC 2024 on atb-devel-224
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Oct 14 12:23:04 UTC 2024 on atb-devel-224
Pavel Filipenský [Sun, 13 Oct 2024 19:57:27 +0000 (21:57 +0200)]
smbtorture: Allow debugging output to be configured using smb.conf parameters
It might be useful to see timestamps for some smbtorture tests.
Timestamps can be printed via 'debug syslog format=always'.
It can be specified either in smb.conf or directly via smbtorture option
-T 'OPTION=VALUE' smb.conf option line
However, smbtorture is not evaluating the option. It needs to call
reopen_logs()->debug_set_settings() to copy
'Globals.debug_syslog_format' to 'state->settings.debug_syslog_format'
dbwrap_lock_order_unlock: release lock order 3 for /home/pfilipen/ws/projects/samba/smbtorture/st/client/lockdir/g_lock.tdb
waited
child 2473726 exited with 0
g_lock_lock_retry: watch_recv returned NT_STATUS_OK
After (see 1 sec delay):
2024-10-13T21:26:56.476859+00:00 addc.addom.samba.example.com smbtorture[2473806]: dbwrap_lock_order_unlock: release lock order 3 for /home/pfilipen/ws/projects/samba/smbtorture/st/client/lockdir/g_lock.tdb
waited
child 2473807 exited with 0
2024-10-13T21:26:57.487363+00:00 addc.addom.samba.example.com smbtorture[2473806]: g_lock_lock_retry: watch_recv returned NT_STATUS_OK
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Oct 10 15:17:46 UTC 2024 on atb-devel-224
dcesrv_core: fix the auth3 for large ntlmssp messages
I know finding any real logic in reading the patch,
doesn't really show what's going on. I tried hard
to simplify it, but this is the only way I found
that fixed the test_auth_pad_ntlm_2889_auth3 test
without breaking other tests...
dcerpc_util: let dcerpc_pull_auth_trailer() ignore data_and_pad for bind, alter, auth3
Sometimes Windows sends 3 presentation contexts (NDR32, NDR64,
BindTimeFeatureNegotiation) in the first BIND of an association.
Binding an additional connection to the association seems to
reuse the BIND buffer and just changes the num_contexts field from
3 to 2 and leaves the BindTimeFeatureNegotiation context as padding
in places.
Note, the auth_pad_length field is send as 0 in that case,
which means we need to ignore it completely, as well as any
padding before the auth header.
tests/dcerpc/raw_protocol: test invalid schannel binds
Note the ad_member will keep these as expected failures,
as it doesn't provide the netlogon service,
while the knownfail for the ADDC is only temporary.
projects / thirdparty / samba.git / log
