git.ipfire.org Git - thirdparty/samba.git/log

]> git.ipfire.org Git - thirdparty/samba.git/log

projects / thirdparty / samba.git / log

summary | shortlog | log | commit | commitdiff | tree
first ⋅ prev ⋅ next

commit | commitdiff | tree

Shachar Sharon [Wed, 4 Sep 2024 12:59:21 +0000 (15:59 +0300)]

vfs_ceph_new: avoid setting errno in cephmount_cache_update

Do not set 'errno' to ENOENT in cephmount_cache_update. Setting this
errno value upon newly inserted entry may cause vfs_ceph_connect to
change errno to non-zero value even though the final result is OK.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703

Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: John Mulligan <jmulligan@redhat.com>

commit | commitdiff | tree

Shachar Sharon [Wed, 4 Sep 2024 11:55:50 +0000 (14:55 +0300)]

vfs_ceph_new: refactor error-case in cephmount_mount_fs

Align code-style of 'cephmount_mount_fs' with rest of the code: use
'goto' for bail-out upon error case (with proper cleanups). For the
common case of successful operation complete execution and return final
value. Added extra debug-logging for good-path case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703

Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: John Mulligan <jmulligan@redhat.com>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 16 Oct 2024 07:45:21 +0000 (07:45 +0000)]

s3:winbindd: call process_set_title() for locator child

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15749

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Oct 31 14:02:39 UTC 2024 on atb-devel-224

commit | commitdiff | tree

Stefan Metzmacher [Wed, 30 Oct 2024 13:33:45 +0000 (13:33 +0000)]

s3:cli_netlogon: don't change remote_name in rpccli_setup_netlogon_creds_locked()

This was missing in commit 628d7b6f2e626c9c530473d06c038dfec9cbd17a.

We should not alter the name to '<UNKNOWN>'!

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

commit | commitdiff | tree

Ralph Boehme [Thu, 10 Oct 2024 17:29:09 +0000 (19:29 +0200)]

smbd: fix breaking leases on rename

We must also break leases on other opens if the open of the rename doesn't have
a lease itself. The existing test test_lease_v2_rename() that was added
alongside the deferred rename server code didn't cover this case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15697

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Oct 31 12:47:24 UTC 2024 on atb-devel-224

commit | commitdiff | tree

Ralph Boehme [Thu, 10 Oct 2024 17:25:30 +0000 (19:25 +0200)]

smbd: force sync rename with lease break

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15697

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

commit | commitdiff | tree

Ralph Boehme [Mon, 26 Aug 2024 08:48:34 +0000 (10:48 +0200)]

smbd: return correct error for compound related requests that went async

For a compound related request chain of eg CREATE+NOTIFY+GETINFO, the NOTIFY
will typically go async. When this is noted in smbd_smb2_request_pending_queue()
the pending async tevent_req is cancelled which means we return
NT_STATUS_CANCELLED to the client while Windows returns
NT_STATUS_INTERNAL_ERROR.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15697

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

commit | commitdiff | tree

Ralph Boehme [Fri, 20 Sep 2024 23:28:07 +0000 (01:28 +0200)]

smbtorture: test rename with other opens on the file

Windows allows this. Samba also already implements this correctly.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15697

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

commit | commitdiff | tree

Ralph Boehme [Thu, 17 Oct 2024 15:45:26 +0000 (17:45 +0200)]

smbtorture: add a bunch of tests for async rename and async interim responses

All tests pass against Windows 2022, we have some bugs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15697

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

commit | commitdiff | tree

Ralph Boehme [Thu, 17 Oct 2024 15:44:13 +0000 (17:44 +0200)]

smbtorture: rename CHECK_VALUE() to CHECK_VAL() in smb2/compound.c

Prepares for using macros from lease_break_handler.h which makes use of
CHECK_VAL() while relying on a definition of CHECK_VAL() in the .c file.

While at it, add a goto done which is always a good thing to get clear failures
from tests.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15697

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

commit | commitdiff | tree

Andréas Leroux [Wed, 30 Oct 2024 14:34:35 +0000 (15:34 +0100)]

netcmd: More explicit warning when python-gpg is missing

Signed-off-by: Andréas Leroux <aleroux@tranquil.it>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Oct 31 00:23:09 UTC 2024 on atb-devel-224

commit | commitdiff | tree

Stefan Metzmacher [Tue, 29 Oct 2024 12:42:06 +0000 (13:42 +0100)]

libcli/auth: split out netlogon_creds_cli_check_transport()

This will make it easier to implement netr_ServerAuthenticateKerberos()
later...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 19 Jul 2023 19:02:23 +0000 (21:02 +0200)]

libcli/auth: let netlogon_creds_copy() copy all scalar elements

This version is good for now, as we want it to be backportable.
For master we'll add a ndr_deepcopy_struct() helper in order
to avoid future problems.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Tue, 29 Oct 2024 09:31:52 +0000 (10:31 +0100)]

s4:librpc/rpc: make use of netlogon_creds_client_verify()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Tue, 29 Oct 2024 09:02:40 +0000 (10:02 +0100)]

libcli/auth: make use of netlogon_creds_client_verify()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Tue, 29 Oct 2024 08:54:42 +0000 (09:54 +0100)]

libcli/auth: split out netlogon_creds_client_verify() that takes auth_{type,level}

This will make it easier to implement netr_ServerAuthenticateKerberos()
later...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Tue, 29 Oct 2024 08:46:07 +0000 (09:46 +0100)]

libcli/auth: pass auth_{type,level} to netlogon_creds_server_step_check()

This will make it easier to implement netr_ServerAuthenticateKerberos() later...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Tue, 29 Oct 2024 08:44:52 +0000 (09:44 +0100)]

libcli/auth: pass auth_{type,level} to schannel_check_creds_state()

This will make it easier to implement netr_ServerAuthenticateKerberos() later...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Mon, 28 Oct 2024 15:54:48 +0000 (16:54 +0100)]

libcli/auth: return INVALID_PARAMETER for DES in netlogon_creds_{de,en}crypt_samlogon_logon

For the NetlogonGenericInformation case we want an error instead of no
encryption if only DES was negotiated...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Mon, 28 Oct 2024 16:51:21 +0000 (17:51 +0100)]

libcli/auth: make sure low level crypto function are not used directly

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Mon, 28 Oct 2024 15:30:19 +0000 (16:30 +0100)]

s4:rpc_server/netlogon: make use of netlogon_creds_decrypt_SendToSam

This will make it easier to implement netr_ServerAuthenticateKerberos() later...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Mon, 28 Oct 2024 15:30:19 +0000 (16:30 +0100)]

s4:rpc_server/netlogon: make use of netlogon_creds_decrypt_samr_CryptPassword

This will make it easier to implement netr_ServerAuthenticateKerberos() later...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Mon, 28 Oct 2024 15:28:47 +0000 (16:28 +0100)]

s4:rpc_server/netlogon: make use of netlogon_creds_{de,en}crypt_samr_Password()

This will make it easier to implement netr_ServerAuthenticateKerberos() later...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Mon, 28 Oct 2024 15:25:11 +0000 (16:25 +0100)]

s3:rpc_server/netlogon: make use of netlogon_creds_decrypt_samr_CryptPassword()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Mon, 28 Oct 2024 16:12:16 +0000 (17:12 +0100)]

s3:rpc_server/netlogon: make use of netlogon_creds_{de,en}crypt_samr_Password

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Mon, 28 Oct 2024 16:43:40 +0000 (17:43 +0100)]

s4:torture/rpc: make use of netlogon_creds_{de,en}crypt_samr_Password

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Mon, 28 Oct 2024 15:22:36 +0000 (16:22 +0100)]

s4:torture/rpc: make use of netlogon_creds_encrypt_samr_CryptPassword()

This will make it easier to implement netr_ServerAuthenticateKerberos() later...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Mon, 28 Oct 2024 15:57:53 +0000 (16:57 +0100)]

s4:torture/rpc: make use of netlogon_creds_decrypt_samlogon_validation()

This will make it easier to implement netr_ServerAuthenticateKerberos() later...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Mon, 28 Oct 2024 11:58:11 +0000 (12:58 +0100)]

s4:torture/rpc: make use of netlogon_creds_encrypt_samlogon_logon()

This will make it easier to catch all places where we need to
implement the logic for netr_ServerAuthenticateKerberos...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Mon, 28 Oct 2024 16:19:09 +0000 (17:19 +0100)]

libcli/auth: make use of netlogon_creds_{de,en}crypt_samr_Password

This will make it easier to implement netr_ServerAuthenticateKerberos() later...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Mon, 28 Oct 2024 15:00:52 +0000 (16:00 +0100)]

libcli/auth: make use of netlogon_creds_encrypt_SendToSam

This will help when implementing netr_ServerAuthenticateKerberos()...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Mon, 28 Oct 2024 14:56:09 +0000 (15:56 +0100)]

libcli/auth: make use of netlogon_creds_encrypt_samr_CryptPassword

This will help when implementing netr_ServerAuthenticateKerberos()...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Mon, 28 Oct 2024 14:52:13 +0000 (15:52 +0100)]

libcli/auth: make netlogon_creds_des_{de,en}crypt_LMKey() static

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Mon, 28 Oct 2024 14:44:07 +0000 (15:44 +0100)]

auth/credentials: remove unused netlogon_creds_session_encrypt()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Mon, 28 Oct 2024 13:04:52 +0000 (14:04 +0100)]

pycredentials: remove unused .encrypt_samr_password()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Mon, 28 Oct 2024 14:39:57 +0000 (15:39 +0100)]

python/tests: use encrypt_netr_PasswordInfo in KDCBaseTest._test_samlogon()

This will make it easier to implement netr_ServerAuthenticateKerberos()
later...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Mon, 28 Oct 2024 14:22:47 +0000 (15:22 +0100)]

pycredentials: add py_creds_encrypt_netr_PasswordInfo helper

This will replace py_creds_encrypt_samr_password in the next steps
and prepares the introduction of netr_ServerAuthenticateKerberos().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Mon, 28 Oct 2024 13:06:28 +0000 (14:06 +0100)]

pycredentials: make use of netlogon_creds_encrypt_samr_CryptPassword in py_creds_encrypt_netr_crypt_password

These will simplify adding the logic for netr_ServerAuthenticateKerberos...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Mon, 28 Oct 2024 12:13:50 +0000 (13:13 +0100)]

libcli/auth: add netlogon_creds_{de,en}crypt_SendToSam()

These will simplify adding the logic for netr_ServerAuthenticateKerberos...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Mon, 28 Oct 2024 12:12:24 +0000 (13:12 +0100)]

libcli/auth: add netlogon_creds_{de,en}crypt_samr_CryptPassword()

These will simplify adding the logic for netr_ServerAuthenticateKerberos...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Mon, 28 Oct 2024 12:03:37 +0000 (13:03 +0100)]

libcli/auth: add netlogon_creds_{de,en}crypt_samr_Password()

These will simplify adding the logic for netr_ServerAuthenticateKerberos...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Mon, 28 Oct 2024 11:55:12 +0000 (12:55 +0100)]

libcli/auth: pass auth_{type,level} to netlogon_creds_{de,en}crypt_samlogon_logon()

This will be needed when we implement netr_ServerAuthenticateKerberos...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Mon, 28 Oct 2024 11:43:44 +0000 (12:43 +0100)]

libcli/auth: pass auth_{type,level} to netlogon_creds_{de,en}crypt_samlogon_validation()

This will be needed when we implement netr_ServerAuthenticateKerberos...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Tue, 30 Apr 2024 13:14:47 +0000 (15:14 +0200)]

netlogon.idl: add netr_ServerAuthenticateKerberos() and related stuff

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Tue, 10 Sep 2024 11:56:38 +0000 (13:56 +0200)]

s3:rpc_server: add DCESRV_COMPAT_NOT_USED_ON_WIRE() helper macro

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Tue, 10 Sep 2024 11:56:38 +0000 (13:56 +0200)]

dcesrv_core: add DCESRV_NOT_USED_ON_WIRE() helper macro

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 16 Oct 2024 15:55:41 +0000 (17:55 +0200)]

s4:rpc_server/netlogon: split out dcesrv_netr_ServerAuthenticateGeneric()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 16 Oct 2024 15:49:26 +0000 (17:49 +0200)]

s4:dsdb/common: dsdb_trust_get_incoming_passwords only needs a const ldb_message

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 16 Oct 2024 15:47:22 +0000 (17:47 +0200)]

libcli/auth: split out netlogon_creds_alloc()

Review with: git show --patience

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Thu, 10 Oct 2024 11:39:38 +0000 (13:39 +0200)]

libcli/auth: let netlogon_creds_cli_store_internal check netlogon_creds_CredentialState_legacy

Before storing the structure into a ctdb managed volatile database
we check against netlogon_creds_CredentialState_legacy (the structure
used before recent changes). This makes sure unpatched cluster nodes
would not get a parsing error.

We'll remove this again in master when we try to implement
netr_ServerAuthenticateKerberos() and the related changes
to netlogon_creds_CredentialState, which will break the compat...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Thu, 10 Oct 2024 11:24:37 +0000 (13:24 +0200)]

libcli/auth: let netlogon_creds_cli_store_internal() use talloc_stackframe()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 2 Oct 2024 17:06:59 +0000 (19:06 +0200)]

libcli/auth: also use netlogon_creds_CredentialState_extra_info for the client

In order to allow backports and cluster updates we simulate a
dom_sid, so that the old code is able to parse the blob.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Tue, 29 Oct 2024 08:27:30 +0000 (09:27 +0100)]

s4:torture/rpc: let test_netlogon_capabilities() fail on legacy servers

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 19 Jul 2023 16:00:31 +0000 (18:00 +0200)]

s4:rpc_server/netlogon: implement netr_LogonGetCapabilities query_level=2

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 19 Jul 2023 16:03:09 +0000 (18:03 +0200)]

s3:rpc_server/netlogon: implement netr_LogonGetCapabilities query_level=2

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 2 Oct 2024 17:06:59 +0000 (19:06 +0200)]

libcli/auth: remember client_requested_flags and auth_time in netlogon_creds_server_init()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 2 Oct 2024 17:04:02 +0000 (19:04 +0200)]

libcli/auth: remove unused creds->sid

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 2 Oct 2024 17:01:39 +0000 (19:01 +0200)]

s4:rpc_server/netlogon: make use of creds->ex->client_sid

creds->sid will be removed soon...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 2 Oct 2024 17:01:39 +0000 (19:01 +0200)]

s3:rpc_server/netlogon: make use of creds->ex->client_sid

creds->sid will be removed soon...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 2 Oct 2024 17:00:45 +0000 (19:00 +0200)]

librpc/rpc: make use of creds->ex->client_sid in dcesrv_netr_check_schannel_get_state()

creds->sid will be removed soon.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 2 Oct 2024 16:54:05 +0000 (18:54 +0200)]

libcli/auth: split out netlogon_creds_CredentialState_extra_info

As server we are free to change the netlogon_creds_CredentialState
database record format at will as it uses CLEAR_IF_FIRST.

For now that format doesn't really changes, because we
only move dom_sid into a wrapper structure.

In order to avoid changing all callers in this commit,
we maintain creds->sid as in memory pointer.

In the following patches we'll also use it in order
to store client related information...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 2 Oct 2024 16:46:43 +0000 (18:46 +0200)]

libcli/auth: pass client_sid to netlogon_creds_server_init()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 2 Oct 2024 16:06:44 +0000 (18:06 +0200)]

s4:rpc_server/netlogon: add client_sid helper variables

This will make the following changes simpler...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 2 Oct 2024 16:06:44 +0000 (18:06 +0200)]

s3:rpc_server/netlogon: add client_sid helper variables

This will make the following changes simpler...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 2 Oct 2024 16:04:27 +0000 (18:04 +0200)]

s4:dsdb/common: samdb_confirm_rodc_allowed_to_repl_to() only needs a const sid

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 30 Oct 2024 11:10:49 +0000 (12:10 +0100)]

s3:cli_netlogon: let rpccli_connect_netlogon() use force_reauth = true on retry

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Thu, 20 Jul 2023 11:29:12 +0000 (13:29 +0200)]

s4:torture/rpc/netlogon: adjust test_netlogon_capabilities query_level=2 to request_flags

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 2 Oct 2024 14:38:53 +0000 (16:38 +0200)]

s4:librpc/rpc: use netr_LogonGetCapabilities query_level=2 to verify the proposed capabilities

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 2 Oct 2024 14:38:53 +0000 (16:38 +0200)]

s4:librpc/rpc: define required schannel flags and enforce them

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 2 Oct 2024 14:44:26 +0000 (16:44 +0200)]

s4:librpc/rpc: don't allow any unexpected upgrades of negotiate_flags

Only remove the unsupported flags from local_negotiate_flags for
the next try...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 2 Oct 2024 14:15:46 +0000 (16:15 +0200)]

s4:librpc/rpc: do LogonControl after LogonGetCapabilities downgrade

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 2 Oct 2024 11:43:36 +0000 (13:43 +0200)]

libcli/auth: use netr_LogonGetCapabilities query_level=2 to verify the proposed capabilities

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 2 Oct 2024 12:25:19 +0000 (14:25 +0200)]

libcli/auth: use a LogonControl after a LogonGetCapabilities downgrade

If LogonGetCapabilities was downgraded by an DCERPC Fault, we
rely on the schannel message ordering to detect failures.

Instead of letting any real winbindd request trigger this,
we do it directly in netlogon_creds_cli_check() with
a LogonControl that is also used for 'wbinfo --ping-dc'.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Thu, 10 Oct 2024 10:31:18 +0000 (12:31 +0200)]

libcli/auth: if we require aes we don't need to require arcfour nor strong key

But we can send arcfour and strong key on the wire and don't need to
remove them from the proposed flags.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 2 Oct 2024 13:03:21 +0000 (15:03 +0200)]

libcli/auth: don't allow any unexpected upgrades of negotiate_flags

Only remove the unsupported flags from state->current_flags for
the next try...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 19 Jul 2023 15:43:00 +0000 (17:43 +0200)]

libcli/auth: make use of netlogon_creds_cli_store_internal() in netlogon_creds_cli_auth_srvauth_done()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 2 Oct 2024 17:06:59 +0000 (19:06 +0200)]

libcli/auth: remove unused netlogon_creds_client_init_session_key()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 19 Jul 2023 07:27:48 +0000 (09:27 +0200)]

netlogon.idl: the capabilities in query_level=2 are the ones send by the client

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Thu, 10 Oct 2024 10:34:33 +0000 (12:34 +0200)]

s4:rpc_server/netlogon: if we require AES there's no need to remove the ARCFOUR flag

With SAMBA_WEAK_CRYPTO_DISALLOWED dcesrv_netr_ServerAuthenticate3_check_downgrade()
will return DOWNGRADE_DETECTED with negotiate_flags = 0, if AES was not
negotiated...

And if AES was negotiated there's no harm in returning the ARCFOUR
flag...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Thu, 10 Oct 2024 10:34:33 +0000 (12:34 +0200)]

s3:rpc_server/netlogon: if we require AES there's no need to remove the ARCFOUR flag

With SAMBA_WEAK_CRYPTO_DISALLOWED we will return DOWNGRADE_DETECTED with negotiate_flags = 0,
if AES was not negotiated...

And if AES was negotiated there's no harm in returning the ARCFOUR
flag...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Wed, 19 Jul 2023 10:55:33 +0000 (12:55 +0200)]

s3:rpc_server/netlogon: correctly negotiate flags in ServerAuthenticate2/3

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Thu, 10 Oct 2024 13:02:16 +0000 (15:02 +0200)]

s4:torture/rpc: without weak crypto we should require AES

We should check that we can actually negotiated the strong AES
crypto instead of just checking that NETLOGON_NEG_ARCFOUR is not
there...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Stefan Metzmacher [Thu, 10 Oct 2024 13:08:01 +0000 (15:08 +0200)]

s4:torture/rpc: check that DOWNGRADE_DETECTED has no bits negotiated

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Ralph Boehme [Fri, 25 Oct 2024 15:22:57 +0000 (17:22 +0200)]

smbd: fix sharing access check for directories

This was missing from commit 6140c3177a0330f42411618c3fca28930ea02a21 and causes
all opens of directories to be handled as stat opens, bypassing the sharemode
check.

Not adding a test at this time, as my (hopefully) soon to be merged Directory
Leases branch has a test which actually detected this problem.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15732

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Oct 29 12:44:49 UTC 2024 on atb-devel-224

commit | commitdiff | tree

Ralph Boehme [Fri, 4 Oct 2024 17:22:39 +0000 (19:22 +0200)]

smbd: convert fsp->posix_flags to fsp->fsp_flags.posix_open

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Oct 25 11:50:01 UTC 2024 on atb-devel-224

commit | commitdiff | tree

Ralph Boehme [Fri, 4 Oct 2024 17:05:36 +0000 (19:05 +0200)]

smbd: remove seperate flag FSP_POSIX_FLAGS_PATHNAMES

Essentially FSP_POSIX_FLAGS_OPEN implies FSP_POSIX_FLAGS_PATHNAMES, so we can
just remove FSP_POSIX_FLAGS_PATHNAMES and simplify things.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

commit | commitdiff | tree

Ralph Boehme [Fri, 4 Oct 2024 17:01:19 +0000 (19:01 +0200)]

smbd: remove "fruit:posix_rename"

This option of the vfs_fruit VFS module that could be used to enable POSIX
directory rename behaviour for OS X clients has been removed as it could result
in severe problems for Windows clients.

As a possible workaround it is possible to prevent creation of .DS_Store files
(a Finder thingy to store directory view settings) on network mounts by running

$ defaults write com.apple.desktopservices DSDontWriteNetworkStores true

on the Mac.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

commit | commitdiff | tree

Shachar Sharon [Tue, 3 Sep 2024 13:54:03 +0000 (16:54 +0300)]

vfs_ceph_new: switch to ceph_readdir_r

Prefer a safe version of ceph_readdir, where the directory entry struct
is allocated by the caller. Use a dynamic-allocated 'struct dirent'
which is associated with a directory vfs_ceph_fh (optional), which is
allocated on-the-fly upon start of READDIR and released at the end or
CLOSEDIR (or unlikely readdir error).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703

Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Fri Oct 25 10:29:44 UTC 2024 on atb-devel-224

commit | commitdiff | tree

Volker Lendecke [Thu, 24 Oct 2024 11:59:42 +0000 (13:59 +0200)]

cldap: Save a few lines in cldap_netlogon

Follow recent convention to write sync wrappers

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Oct 25 09:04:11 UTC 2024 on atb-devel-224

commit | commitdiff | tree

Volker Lendecke [Thu, 24 Oct 2024 11:58:04 +0000 (13:58 +0200)]

cldap: Simplify cldap_netlogon with tevent_req_poll_ntstatus

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

commit | commitdiff | tree

Volker Lendecke [Thu, 24 Oct 2024 11:51:49 +0000 (13:51 +0200)]

idl: nbt.idl references NTTIME

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

commit | commitdiff | tree

Volker Lendecke [Thu, 24 Oct 2024 10:10:42 +0000 (12:10 +0200)]

libads: Modernize DEBUGs

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

commit | commitdiff | tree

Volker Lendecke [Thu, 24 Oct 2024 09:51:41 +0000 (11:51 +0200)]

net_ads: Fix indentation in net_ads_cldap_netlogon_json

This was not easy to read

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

commit | commitdiff | tree

Volker Lendecke [Thu, 24 Oct 2024 09:37:55 +0000 (11:37 +0200)]

libads: Simplify get_kdc_ip_string with talloc_asprintf_addbuf

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

commit | commitdiff | tree

Volker Lendecke [Thu, 24 Oct 2024 09:19:09 +0000 (11:19 +0200)]

libads: Init a variable to NULL

README.Coding

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

commit | commitdiff | tree

Volker Lendecke [Tue, 22 Oct 2024 11:43:23 +0000 (13:43 +0200)]

libads: Simplify cldap_multi_netlogon_send()

Save a few lines with a struct initialization

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

commit | commitdiff | tree

Volker Lendecke [Thu, 24 Oct 2024 11:43:09 +0000 (13:43 +0200)]

nmbd: Remove the "nmbd proxy logon" feature

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

commit | commitdiff | tree

Andreas Schneider [Fri, 18 Oct 2024 06:07:47 +0000 (08:07 +0200)]

s3:libsmb: Make parse_node_status() more robust

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Oct 24 12:05:10 UTC 2024 on atb-devel-224

commit | commitdiff | tree

Andreas Schneider [Thu, 17 Oct 2024 17:33:47 +0000 (19:33 +0200)]

s3:winbind: Fix heap buffer overflow in winbind

==36258==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x51300000b096 at pc 0x7fb6b4880b46 bp 0x7ffc67d44b40 sp 0x7ffc67d44300
READ of size 1 at 0x51300000b096 thread T0
    #0 0x7fb6b4880b45 in strlen ../../../../libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:391
    #1 0x560fe898cde3 in winbindd_wins_byip_done ../../source3/winbindd/winbindd_wins_byip.c:111
    #2 0x7fb6b4ef8ae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
    #3 0x7fb6b4ef8d1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
    #4 0x7fb6b4ef8d84 in _tevent_req_done ../../lib/tevent/tevent_req.c:240
    #5 0x7fb6b1e24c80 in node_status_query_done ../../source3/libsmb/namequery.c:904
    #6 0x7fb6b4ef8ae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
    #7 0x7fb6b4ef8d1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
    #8 0x7fb6b4ef8d84 in _tevent_req_done ../../lib/tevent/tevent_req.c:240
    #9 0x7fb6b1e250bc in nb_trans_done ../../source3/libsmb/namequery.c:756
    #10 0x7fb6b4ef8ae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
    #11 0x7fb6b4ef8d1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
    #12 0x7fb6b4ef8d84 in _tevent_req_done ../../lib/tevent/tevent_req.c:240
    #13 0x7fb6b1e270af in sock_packet_read_got_socket ../../source3/libsmb/namequery.c:537
    #14 0x7fb6b4ef8ae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
    #15 0x7fb6b4ef8d1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
    #16 0x7fb6b4ef8d84 in _tevent_req_done ../../lib/tevent/tevent_req.c:240
    #17 0x7fb6b33db183 in tdgram_recvfrom_done ../../lib/tsocket/tsocket.c:240
    #18 0x7fb6b4ef8ae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
    #19 0x7fb6b4ef8d1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
    #20 0x7fb6b4ef8d84 in _tevent_req_done ../../lib/tevent/tevent_req.c:240
    #21 0x7fb6b33e0d99 in tdgram_bsd_recvfrom_handler ../../lib/tsocket/tsocket_bsd.c:1087
    #22 0x7fb6b33e0263 in tdgram_bsd_fde_handler ../../lib/tsocket/tsocket_bsd.c:811
    #23 0x7fb6b4ef5ac1 in tevent_common_invoke_fd_handler ../../lib/tevent/tevent_fd.c:174
    #24 0x7fb6b4f0b185 in epoll_event_loop ../../lib/tevent/tevent_epoll.c:696
    #25 0x7fb6b4f0b185 in epoll_event_loop_once ../../lib/tevent/tevent_epoll.c:926
    #26 0x7fb6b4f037b8 in std_event_loop_once ../../lib/tevent/tevent_standard.c:110
    #27 0x7fb6b4ef3549 in _tevent_loop_once ../../lib/tevent/tevent.c:820
    #28 0x560fe8a15198 in main ../../source3/winbindd/winbindd.c:1729
    #29 0x7fb6afe2a2ad in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #30 0x7fb6afe2a378 in __libc_start_main_impl ../csu/libc-start.c:360
    #31 0x560fe89454e4 in _start ../sysdeps/x86_64/start.S:115

0x51300000b096 is located 12 bytes after 330-byte region [0x51300000af40,0x51300000b08a)
allocated by thread T0 here:
    #0 0x7fb6b48fc777 in malloc ../../../../libsanitizer/asan/asan_malloc_linux.cpp:69
    #1 0x7fb6b3a64c57 in __talloc_with_prefix ../../lib/talloc/talloc.c:783
    #2 0x7fb6b3a66acf in __talloc ../../lib/talloc/talloc.c:825
    #3 0x7fb6b3a66acf in _talloc_named_const ../../lib/talloc/talloc.c:982
    #4 0x7fb6b3a66acf in _talloc_array ../../lib/talloc/talloc.c:2784
    #5 0x7fb6b1e2b43e in parse_node_status ../../source3/libsmb/namequery.c:337
    #6 0x7fb6b1e2b43e in node_status_query_recv ../../source3/libsmb/namequery.c:921
    #7 0x560fe898cc4f in winbindd_wins_byip_done ../../source3/winbindd/winbindd_wins_byip.c:87
    #8 0x7fb6b4ef8ae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
    #9 0x7fb6b4ef8d1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
    #10 0x7fb6b4ef8d84 in _tevent_req_done ../../lib/tevent/tevent_req.c:240
    #11 0x7fb6b1e24c80 in node_status_query_done ../../source3/libsmb/namequery.c:904
    #12 0x7fb6b4ef8ae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
    #13 0x7fb6b4ef8d1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
    #14 0x7fb6b4ef8d84 in _tevent_req_done ../../lib/tevent/tevent_req.c:240
    #15 0x7fb6b1e250bc in nb_trans_done ../../source3/libsmb/namequery.c:756
    #16 0x7fb6b4ef8ae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
    #17 0x7fb6b4ef8d1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
    #18 0x7fb6b4ef8d84 in _tevent_req_done ../../lib/tevent/tevent_req.c:240
    #19 0x7fb6b1e270af in sock_packet_read_got_socket ../../source3/libsmb/namequery.c:537
    #20 0x7fb6b4ef8ae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
    #21 0x7fb6b4ef8d1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
    #22 0x7fb6b4ef8d84 in _tevent_req_done ../../lib/tevent/tevent_req.c:240
    #23 0x7fb6b33db183 in tdgram_recvfrom_done ../../lib/tsocket/tsocket.c:240
    #24 0x7fb6b4ef8ae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
    #25 0x7fb6b4ef8d1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
    #26 0x7fb6b4ef8d84 in _tevent_req_done ../../lib/tevent/tevent_req.c:240
    #27 0x7fb6b33e0d99 in tdgram_bsd_recvfrom_handler ../../lib/tsocket/tsocket_bsd.c:1087
    #28 0x7fb6b33e0263 in tdgram_bsd_fde_handler ../../lib/tsocket/tsocket_bsd.c:811
    #29 0x7fb6b4ef5ac1 in tevent_common_invoke_fd_handler ../../lib/tevent/tevent_fd.c:174
    #30 0x7fb6b4f0b185 in epoll_event_loop ../../lib/tevent/tevent_epoll.c:696
    #31 0x7fb6b4f0b185 in epoll_event_loop_once ../../lib/tevent/tevent_epoll.c:926
    #32 0x7fb6b4f037b8 in std_event_loop_once ../../lib/tevent/tevent_standard.c:110
    #33 0x7fb6b4ef3549 in _tevent_loop_once ../../lib/tevent/tevent.c:820

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

commit | commitdiff | tree

Andreas Schneider [Fri, 18 Oct 2024 13:32:58 +0000 (15:32 +0200)]

s3:utils: Fix memory leak in test_lmv2_ntlmv2_broken()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Mirror of https://github.com/samba-team/samba.git