Martin Schwenke [Thu, 18 Apr 2024 04:13:11 +0000 (14:13 +1000)]
ctdb-scripts: Do not de-duplicate the interfaces list
Using xargs with sort -u to de-duplicate this list was my idea and
causes a couple of things to go wrong. The use of xargs causes
double-quotes to be lost. The resulting $public_ifaces value also
contains newlines. The newlines could be removed with an additional
xargs at the end of the pipeline... but that would add an extra level
of quote stripping.
I have unsuccessfully tried to find an alternative, but still elegant,
command pipeline that de-duplicates the list, while maintaining
quoting.
So, just drop the de-duplication.
This might make interface_ifindex_exists_with_options() slightly less
efficient. However, that function walks the whole list, only
terminating early when a match is found on both interface and options,
so at least it will be correct.
Include an extra testcase.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Apr 18 09:08:34 UTC 2024 on atb-devel-224
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: David Mulder <dmulder@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Apr 17 19:32:11 UTC 2024 on atb-devel-224
Vinit Agnihotri [Tue, 30 Jan 2024 09:25:37 +0000 (01:25 -0800)]
ctdb-scripts: Rename and relocate function get_all_interfaces()
get_all_interfaces() functions gets all names for all public interfaces.
However name is misleading. Thus renamed it to get_public_ifaces() and
moved it under functions.
Signed-off-by: Vinit Agnihotri <vagnihotri@ddn.com> Reviewed-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
s3: winbindd: winbindd_pam: fix leak in extract_pac_vrfy_sigs
Add missing free for entry variable and its members : key and principal
Found definite memory leaks via valgrind as shown below.
Leak 1 :
==1686== 76,800 bytes in 2,400 blocks are definitely lost in loss record 432 of 433
==1686== at 0x4C38185: malloc (vg_replace_malloc.c:431)
==1686== by 0x79CBFED: krb5int_c_copy_keyblock_contents (keyblocks.c:101)
==1686== by 0x621CFA3: krb5_mkt_get_next (kt_memory.c:500)
==1686== by 0x141186: extract_pac_vrfy_sigs (winbindd_pam.c:3384)
==1686== by 0x141186: winbindd_pam_auth_pac_verify (winbindd_pam.c:3434)
==1686== by 0x17ED21: winbindd_pam_auth_crap_send (winbindd_pam_auth_crap.c:68)
==1686== by 0x127F45: process_request_send (winbindd.c:502)
==1686== by 0x127F45: winbind_client_request_read (winbindd.c:749)
==1686== by 0x124AAF: wb_req_read_done (wb_reqtrans.c:126)
==1686== by 0x66D4706: tevent_common_invoke_fd_handler (tevent_fd.c:142)
==1686== by 0x66DAF4E: epoll_event_loop (tevent_epoll.c:737)
==1686== by 0x66DAF4E: epoll_event_loop_once (tevent_epoll.c:938)
==1686== by 0x66D8F5A: std_event_loop_once (tevent_standard.c:110)
==1686== by 0x66D39B4: _tevent_loop_once (tevent.c:823)
==1686== by 0x1232F3: main (winbindd.c:1718)
Leak 2 :
==1686== at 0x4C38185: malloc (vg_replace_malloc.c:431)
==1686== by 0x62255E4: krb5_copy_principal (copy_princ.c:38)
==1686== by 0x621D003: krb5_mkt_get_next (kt_memory.c:503)
==1686== by 0x141186: extract_pac_vrfy_sigs (winbindd_pam.c:3384)
==1686== by 0x141186: winbindd_pam_auth_pac_verify (winbindd_pam.c:3434)
==1686== by 0x17ED21: winbindd_pam_auth_crap_send (winbindd_pam_auth_crap.c:68)
==1686== by 0x127F45: process_request_send (winbindd.c:502)
==1686== by 0x127F45: winbind_client_request_read (winbindd.c:749)
==1686== by 0x124AAF: wb_req_read_done (wb_reqtrans.c:126)
==1686== by 0x66D4706: tevent_common_invoke_fd_handler (tevent_fd.c:142)
==1686== by 0x66DAF4E: epoll_event_loop (tevent_epoll.c:737)
==1686== by 0x66DAF4E: epoll_event_loop_once (tevent_epoll.c:938)
==1686== by 0x66D8F5A: std_event_loop_once (tevent_standard.c:110)
==1686== by 0x66D39B4: _tevent_loop_once (tevent.c:823)
==1686== by 0x1232F3: main (winbindd.c:1718)
Signed-off-by: Shaleen Bathla <shaleen.bathla@oracle.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Apr 16 10:22:51 UTC 2024 on atb-devel-224
Jo Sutton [Tue, 13 Feb 2024 02:45:21 +0000 (15:45 +1300)]
s4:dsdb: Implement msDS-ManagedPassword attribute
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Apr 16 05:02:30 UTC 2024 on atb-devel-224
Andrew Bartlett [Thu, 11 Apr 2024 04:26:49 +0000 (16:26 +1200)]
selftest: Move some KDS root key tests around to prepare for gMSA server side
Once we have a gMSA server side the impact of deleting root keys becomes real
and so we must do this in a quiet place where it can not impact on other things.
Likewise, we want the samba.tests.dsdb_quiet_provision_tests tests to run
somewhere that is not doing other things, so we can see what a bare provision
will do. We must not allow test ordering inside the file to cause tests that
create root keys to run before checking if provision created a usable root key.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Andrew Bartlett [Thu, 11 Apr 2024 02:33:16 +0000 (14:33 +1200)]
selftest: Remove duplicate setup of "spn/upn namespaces" in the customdc testenv
The call to $self->setup_namespaces() was allways in error, as the design
is to have the in the state that it was backed up in, but before commit 08be28241b808845c4b51a4c47765a9416ca3aa7 the error return was not
checked and so this was harmless.
The customdc environment is not tested in selftest currently, as
it is intended to be used for manual testing of domains from backup
files not as an automatically constructed environment.
This makes:
BACKUP_FILE=samba-backup-2024-04-11T14-10-20.437096.tar.bz2 SELFTEST_TESTENV=customdc make testenv
work again.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
s3:auth: Add support standalone server with MIT Keberos 1.21
This adds support for MIT Kerberos minimal PAC. Tickets from pure
Kerberos realms with MIT Kerberos 1.21 or newer will always include a
minimal PAC. The PAC include the checksum buffers and a logon_name PAC
buffer.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Mon Apr 15 18:47:41 UTC 2024 on atb-devel-224
Pavel Filipenský [Fri, 12 Apr 2024 12:57:11 +0000 (14:57 +0200)]
s3:libsmb: Fix panic in cliconnect.c
This command line panics:
$ bin/rpcclient ncacn_np: -c epmlookup
0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
1 0x00007ffff64ae8a3 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78
2 0x00007ffff645c8ee in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
3 0x00007ffff64448ff in __GI_abort () at abort.c:79
4 0x00007ffff7b01524 in tevent_req_is_nterror (req=0x555555728610, status=0x7fffffff9bb4) at ../../lib/util/tevent_ntstatus.c:66
5 0x00007ffff7b9fd91 in cli_connect_nb_recv (req=0x555555728610, pcli=0x5555556fcb18) at ../../source3/libsmb/cliconnect.c:2731
6 0x00007ffff7ba02a8 in cli_start_connection_connected (subreq=0x555555728610) at ../../source3/libsmb/cliconnect.c:2882
7 0x00007ffff7aecb1a in _tevent_req_notify_callback (req=0x555555728610, location=0x7ffff7bde0e0 "../../source3/libsmb/cliconnect.c:2686") at ../../lib/tevent/tevent_req.c:177
8 0x00007ffff7aeccab in tevent_req_finish (req=0x555555728610, state=TEVENT_REQ_USER_ERROR, location=0x7ffff7bde0e0 "../../source3/libsmb/cliconnect.c:2686") at ../../lib/tevent/tevent_req.c:234
9 0x00007ffff7aecdda in tevent_req_trigger (ev=0x5555557182e0, im=0x555555728720, private_data=0x555555728610) at ../../lib/tevent/tevent_req.c:291
10 0x00007ffff7aeb513 in tevent_common_invoke_immediate_handler (im=0x555555728720, removed=0x0) at ../../lib/tevent/tevent_immediate.c:190
11 0x00007ffff7aeb685 in tevent_common_loop_immediate (ev=0x5555557182e0) at ../../lib/tevent/tevent_immediate.c:236
12 0x00007ffff7af7502 in epoll_event_loop_once (ev=0x5555557182e0, location=0x7ffff7af8ac0 "../../lib/tevent/tevent_req.c:342") at ../../lib/tevent/tevent_epoll.c:905
13 0x00007ffff7af2d22 in std_event_loop_once (ev=0x5555557182e0, location=0x7ffff7af8ac0 "../../lib/tevent/tevent_req.c:342") at ../../lib/tevent/tevent_standard.c:110
14 0x00007ffff7ae93ab in _tevent_loop_once (ev=0x5555557182e0, location=0x7ffff7af8ac0 "../../lib/tevent/tevent_req.c:342") at ../../lib/tevent/tevent.c:820
15 0x00007ffff7aecf9e in tevent_req_poll (req=0x555555728290, ev=0x5555557182e0) at ../../lib/tevent/tevent_req.c:342
16 0x00007ffff7b01647 in tevent_req_poll_ntstatus (req=0x555555728290, ev=0x5555557182e0, status=0x7fffffff9f4c) at ../../lib/util/tevent_ntstatus.c:109
17 0x00007ffff7ba246a in cli_full_connection_creds (output_cli=0x7fffffffa220, my_name=0x555555701990 "CLUSTEREDMEMBER", dest_host=0x0, dest_ss=0x0, port=0, service=0x5555556981d1 "IPC$", service_type=0x5555556981d6 "IPC", creds=0x5555556fa410, flags=4096) at ../../source3/libsmb/cliconnect.c:3807
18 0x0000555555619ae9 in main (argc=4, argv=0x7fffffffa3e8) at ../../source3/rpcclient/rpcclient.c:1308
tevent_req_is_nterror() expects error set by tevent_req_nterror()
- to have TEVENT_NTERROR_MAGIC, otherwise it calls abort().
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Mon Apr 15 14:55:21 UTC 2024 on atb-devel-224
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Apr 12 15:18:05 UTC 2024 on atb-devel-224
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Apr 10 23:58:12 UTC 2024 on atb-devel-224
Douglas Bagnall [Wed, 3 Apr 2024 22:26:25 +0000 (11:26 +1300)]
ldb: reduce non-transitive comparisons in ldb_msg_element_compare()
We can still have inconsistent comparisons, because two elements with
the same number of values will always return -1 if they are unequal,
which means they will sort differently depending on the order in which
they are compared.
We have changed strcasecmp_m() to return -1 in a place where it used
to return -3. This upset a test, but it shouldn't have: the exact
value of the negative int is not guaranteed by the function.
Douglas Bagnall [Fri, 5 Apr 2024 01:43:42 +0000 (14:43 +1300)]
torture:charset: use < and > assertions for strncasecmp_m
strncasecmp_m is supposed to return a negative, zero, or positive
number, not necessarily the difference between the codepoints in
the first character that differs, which we have been asserting up to
now.
Douglas Bagnall [Fri, 5 Apr 2024 00:14:38 +0000 (13:14 +1300)]
torture:charset: use < and > assertions for strcasecmp_m
strcasecmp_m is supposed to return a negative, zero, or positive
number, depending on whether the first argument is less than, equal to,
or greater than the second argument (respectively).
We have been asserting that it returns exactly the difference between
the codepoints in the first character that differs.