Commits on Source (69)
-
Jule Anger authored
and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger <janger@samba.org>
eeae9fe4 -
Andrew Bartlett authored
This allows us to have tests, which pass on Windows, that use a very short maxPwdAge. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz> (cherry picked from commit 3669479f) BUG: https://bugzilla.samba.org/show_bug.cgi?id=15655
4e57b8a5 -
Jo Sutton authored
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 7cc8f455) BUG: https://bugzilla.samba.org/show_bug.cgi?id=15655
c1433f82 -
Andrew Bartlett authored
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz> (backported from commit b2fe1ea1) BUG: https://bugzilla.samba.org/show_bug.cgi?id=15655 [jsutton@samba.org Fixed conflicting import statements in python/samba/tests/krb5/pkinit_tests.py]
50a417a2 -
Jo Sutton authored
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15655 Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> (backported from commit 6dc61687) [jsutton@samba.org Fixed conflicting import statements in python/samba/tests/krb5/kdc_base_test.py]
d4c1e215 -
Jo Sutton authored
Heimdal matches Windows in the no‐FAST case, but produces NTSTATUS codes when it shouldn’t in the FAST case. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15655 Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> (cherry picked from commit c5ee0b60)
41c8a42c -
Jo Sutton authored
third_party/heimdal: Import lorikeet-heimdal-202406240121 (commit 4315286377278234be2f3b6d52225a17b6116d54) This lets us match the Windows FAST reply when the password is expired. Windows clients were upset by the NTSTATUS field in the edata, apparently interpreting it to mean “insufficient resource”. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15655 Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> (cherry picked from commit fe905768) Autobuild-User(v4-20-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-20-test): Wed Jul 3 10:06:33 UTC 2024 on atb-devel-224
bff728a8 -
Douglas Bagnall authored
There is no reason to think '-' and '+' are the only characters that might sneak into a vendor string; Debian habitually use '~'. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15673 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz> (cherry picked from commit 0bc5b6f2)
5531ef4d -
Douglas Bagnall authored
In practice there isn't a use for two options, and neither quite matched what people thought they were doing. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15673 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz> (cherry picked from commit 673c8e6c)
95058b97 -
Xavi Hernandez authored
CTDB uses a queue to receive requests and send answers. It works asynchronously using the tevent framework. However there was an issue that gave priority to the receiving side so, when a request was processed and the answer posted to the queue, if another incoming request arrived, it was served before sending the previous answer. This scenario could repeat for long periods of time if the frequency of incoming requests was high enough. Eventually, a small time gap between incoming request gave a chance to process the pending output queue, sending many answers in a burst. This patch makes sure that both queues (input and output) are processed if the event contains the appropriate flag. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15678 RN: Fix unnecessary delays in CTDB while processing requests under high load. Signed-off-by: Xavi Hernandez <xhernandez@redhat.com> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Mon Jul 1 09:17:43 UTC 2024 on atb-devel-224 (cherry picked from commit 60550fbe) Autobuild-User(v4-20-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-20-test): Tue Jul 9 09:43:01 UTC 2024 on atb-devel-224
63b47dc0 -
Douglas Bagnall authored
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Apr 10 06:15:46 UTC 2024 on atb-devel-224 (cherry picked from commit 60df2a09)
52fc6551 -
Stefan Metzmacher authored
Otherwise we'll crash in a lot of places later. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 8007569e)
07e707c4 -
Stefan Metzmacher authored
Without a valid loadparm_context we can't connect. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 2435ab1a)
5545d934 -
Stefan Metzmacher authored
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 8deba427)
39ffaf05 -
Stefan Metzmacher authored
There's no point in asking the server for supportedSASLMechanisms, every server (we care about) supports GSS-SPNEGO. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 68f6a461)
461f1425 -
Stefan Metzmacher authored
At the time of https://bugzilla.samba.org/show_bug.cgi?id=7218, we tested this versions: 2.4.1 -> broken 2.4.2 -> broken 2.6.0 -> broken 2.8.0 -> broken 2.8.1 -> broken 2.8.2 -> OK 2.8.3 -> OK 2.8.4 -> OK 2.8.5 -> OK 2.8.6 -> OK 2.10.0 -> broken 2.10.1 -> broken 2.10.2 -> OK These seemed to be the fixes in gnutls upstream. Change 2.8.1 -> 2.8.2: http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=28fb34099edaf62e5472cc6e5e2749fed369ea01 Change 2.10.1 -> 2.10.2: http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=0d07d8432d57805a8354ebd6c1e7829f3ab159cb This shouldn't be a problem with recent (>= 3.6) versions of gnutls. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 5844ef27)
52adc59a -
Stefan Metzmacher authored
Before the handshare or disconnect is over we need to wait until we delivered the lowlevel messages to the transport/kernel socket. Otherwise we'll have a problem if another tevent_context is used after the handshake. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 6688945f)
c117f54c -
Stefan Metzmacher authored
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit ac4bca77)
3e90d30b -
Stefan Metzmacher authored
Review with: git show --patience BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 60b11645)
0c8fd43c -
Stefan Metzmacher authored
We require gnutls 3.6.13 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit ecdd7691)
a55356b7 -
Stefan Metzmacher authored
This is not strictly needed, but it might be useful for load balancers. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 15fb8fcc)
1f0e6a44 -
Stefan Metzmacher authored
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 3186cdce)
f1ca22f5 -
Stefan Metzmacher authored
This will be able simplify the callers a lot... BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 604413b9)
8989c3cd -
Stefan Metzmacher authored
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit b8b874ef)
7a6ce2be -
Stefan Metzmacher authored
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 493d35a6)
254fa504 -
Stefan Metzmacher authored
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit c200cf1b)
b2f44b81 -
Stefan Metzmacher authored
gnutls_session_channel_binding(GNUTLS_CB_TLS_SERVER_END_POINT) is only available with gnutls 3.7.2, but we still want to support older gnutls versions and that's easily doable... BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 2f2af3aa)
6fec41bd -
Stefan Metzmacher authored
This is based on GNUTLS_CB_TLS_SERVER_END_POINT and is the value that is required for channel bindings in LDAP of active directory domain controllers. For gnutls versions before 3.7.2 we basically copied the code from the GNUTLS_CB_TLS_SERVER_END_POINT implementation as it only uses public gnutls functions and it was easy to re-implement. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit cbd7ce44)
20d5335d -
Stefan Metzmacher authored
third_party/heimdal: import lorikeet-heimdal-202404171655 (commit 28a56d818074e049f0361ef74d7017f2a9391847) BUG: https://bugzilla.samba.org/show_bug.cgi?id=15603 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621 See also: https://github.com/heimdal/heimdal/pull/1234 https://github.com/heimdal/heimdal/pull/1238 https://github.com/heimdal/heimdal/pull/1240 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 9b92cbac)
c86e8742 -
Stefan Metzmacher authored
See https://github.com/heimdal/heimdal/pull/1234 and https://github.com/krb5/krb5/pull/1329. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 546e39a6)
2668243d -
Stefan Metzmacher authored
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit e912ba57)
c41feb6c -
Stefan Metzmacher authored
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit f1d34a43)
1219bf38 -
Stefan Metzmacher authored
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 1831006b)
7b62c5f7 -
Stefan Metzmacher authored
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 811d04fe)
64d4c1cd -
Stefan Metzmacher authored
ldap server require strong auth = allow_sasl_over_tls is now an alias for 'allow_sasl_without_tls_channel_bindings' and should be avoided and changed to 'yes' or 'allow_sasl_without_tls_channel_bindings'. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 6c17e3d2)
7f2e3839 -
Stefan Metzmacher authored
We still allow 'ldap_testing:tls_channel_bindings = no' and 'ldap_testing:channel_bound = no' for testing the old behavior in order to have expected failures in our tests. And we have 'ldap_testing:forced_channel_binding = somestring' in order to force invalid bindings. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 7acb15a5)
7c6c7421 -
Stefan Metzmacher authored
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 6794cc47)
ac22551d -
Stefan Metzmacher authored
s4:selftest: also test samba4.ldb.simple.ldap*SASL-BIND with ldap_testing:{channel_bound,tls_channel_bindings,forced_channel_binding} BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 065da873) Autobuild-User(v4-20-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-20-test): Tue Jul 9 10:53:40 UTC 2024 on atb-devel-224
16b430e7 -
Ralph Boehme authored
third_party/heimdal: Import lorikeet-heimdal-202407041740 (commit 42ba2a6e5dd1bc14a8b5ada8c9b8ace85956f6a0) Fix clock skew error message and memory cache clock skew recovery BUG: https://bugzilla.samba.org/show_bug.cgi?id=15676 Signed-off-by: Ralph Boehme <slow@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Fri Jul 5 10:02:26 UTC 2024 on atb-devel-224 (cherry picked from commit e4d6a19e) Autobuild-User(v4-20-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-20-test): Wed Jul 10 09:14:10 UTC 2024 on atb-devel-224
f4604a86 -
Andreas Schneider authored
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Jul 4 08:08:49 UTC 2024 on atb-devel-224 (cherry picked from commit 93a3dd48)
6b0b6d06 -
Pavel Filipenský authored
This is to fix the error when pushing to personal gitlab repo: 2024-07-04 08:16:05,460 Running: 'git clone --recursive --shared /builds/pfilipen/samba /builds/samba-testbase/master' in '/builds/pfilipen/samba' Cloning into '/builds/samba-testbase/master'... fatal: detected dubious ownership in repository at '/builds/pfilipen/samba/.git' To add an exception for this directory, call: git config --global --add safe.directory /builds/pfilipen/samba/.git fatal: Could not read from remote repository. Instead of adding more and more explicit repositories we should just allow any, we're in an isolated environment... BUG: https://bugzilla.samba.org/show_bug.cgi?id=15660 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Jul 10 10:35:00 UTC 2024 on atb-devel-224 (cherry picked from commit 3a21b7d9) Autobuild-User(v4-20-test): Stefan Metzmacher <metze@samba.org> Autobuild-Date(v4-20-test): Thu Jul 11 11:45:35 UTC 2024 on atb-devel-224
f5920cee -
Douglas Bagnall authored
The default value (30) truncates "Samba 4.21.0pre1-DEVELOPERBUILD" to "Samba 4.21.0pre1-DEVELOPE" in the bottom left corner of the man page. ("Samba 4.21.0pre1-DEVELOPE" is only 25 bytes long, not 30, but let's not worry about that). On narrow terminals (< ~75 columns) this makes it more likely that the version string will run into the date string. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15672 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz> (cherry picked from commit 7fb38aee)
73207ff8 -
Douglas Bagnall authored
We return true from this function when a secret has been erased, and were accidentally treating as if it had secrets. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15671 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz> (cherry picked from commit f3b240da)
5d99875b -
Douglas Bagnall authored
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz> (cherry picked from commit f17a2b1b)
9cbb5bdd -
Douglas Bagnall authored
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz> (cherry picked from commit 05128a1f)
f900e532 -
Douglas Bagnall authored
If argv contains a secret option without an '=' (or in the case of "-U", the username is separated by space), we will get to the `if (strlen(p) == ulen) { continue; }` without resetting the found and is_user variables. This *sometimes* has the right effect, because the next string in argv ought to contain the secret. But in a case like {"--password", "1234567890"}, where the secret string is the same length as the option, we *again* take that branch and the password is not redacted, though the argument after it will be unless it is also of the same length. If we always set the flags at the start we avoid this. This makes things worse in the short term for secrets that are not the same length as their options, but we'll get to that in another commit soon. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz> (cherry picked from commit 2f6020cf)
25329b38 -
Douglas Bagnall authored
We weren't treating "--password secret" the same as "--password=secret", which sometimes led to secrets not being redacted. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz> (cherry picked from commit 53a11845)
916d5bde -
Douglas Bagnall authored
Before we have been trying to cram three cases into a boolean return value: * cmdline had secrets, we burnt them -> true * cmdline had no secrets, all good -> false * cmdline has NULL string, WTF! emergency! -> false This return value is only used by Python which wants to know whether to go to the trouble of replacing the command line. If samba_cmdline_burn() returns false, no action is taken. If samba_cmdline_burn() burns a password and then hits a NULL, it would be better not to do nothing. It would be better to crash. And that is what Python will end up doing, by some talloc returning NULL triggering a MemoryError. What about the case like {"--foo", NULL, "-Ua%b"} where the secret comes after the NULL? That will still be ignored by Python, as it is by all C tools, but we are hoping that can't happen anyway. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz> (cherry picked from commit d3d8dffc)
1315b61e -
Douglas Bagnall authored
As this function increases in complexity, it helps to keep things close. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz> (cherry picked from commit f5233ddf)
66da2345 -
Douglas Bagnall authored
We have options that start with --user or --password that we don't want to burn. Some grepping says: 2 --user1 1 --user2 10 --user-allowed-to-authenticate-from 6 --user-allowed-to-authenticate-to 2 --user-allow-ntlm-auth 25 --user-authentication-policy 1 --user-config 4 --user-domgroups 5 --user-ext-name 2 --user-groups 6 --user-info 27 --username 1 --username2 2 --userou 1 --users 2 --user-sidinfo 6 --user-sids 14 --user-tgt-lifetime-mins 2 --password2 118 --password-file 2 --password-from-stdin # from here, grepping for strings around POPT_ constants 5 "user" 2 "user1" 2 "user2" 1 "userd" 1 "user-domgroups" 1 "user-groups" 1 "user-info" 2 "username" 1 "user-sidinfo" 1 "user-sids" 1 passwordd 4 "password" Not all of these use lib/cmdline, but I think most do, via Python which defers to cmdline_burn(). Note that there are options we should burn that aren't on this list, like --adminpass. That's another matter. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz> (cherry picked from commit 6effed31)
0d89d096 -
Douglas Bagnall authored
We have more secret arguments, like --client-password, --adminpass, so we are going to use an allowlist for options containing 'pass', but we don't want to burn the likes of --group=passionfruit. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz> (cherry picked from commit c4df89e9)
6bcdbdab -
Douglas Bagnall authored
We treat any option containing 'pass' with suspicion, unless we know it is OK. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz> (cherry picked from commit f1fbba6d)
481eb6ab -
Douglas Bagnall authored
This is the long form of -U in samba-tool. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz> BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674 (cherry picked from commit 63a83fb7)
8560c854 -
Douglas Bagnall authored
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz> (cherry picked from commit 97be45f9)
957654eb -
Douglas Bagnall authored
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz> BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674 (cherry picked from commit d2b119e3)
93d34546 -
Douglas Bagnall authored
We burn arguments to all unknown options containing "pass" (e.g. "--passionate=false") in case they are a password option, but is bad in the case where the unknown option takes no argument but the next option *is* a password (like "--overpass --password2 barney". In that case "--password2" would be burnt and not "barney". The burning behaviour doesn't change with this commit, but users will now see an error message explaining that the option was unknown. This is not so much aimed at end users -- for who an invalid option will hopefully lead to --help like output -- but to developers who add a new "pass" option. This also slightly speeds up the processing of known password options, which is a little bit important because we are in a race to replace the command line in /proc before an attacker sees it. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz> Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org> Autobuild-Date(master): Wed Jul 10 06:28:08 UTC 2024 on atb-devel-224 (cherry picked from commit 86843685)
d6f01009 -
Andreas Schneider authored
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15683 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> (cherry picked from commit 0a532378) Autobuild-User(v4-20-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-20-test): Tue Jul 23 08:56:24 UTC 2024 on atb-devel-224
4cf9af91 -
Douglas Bagnall authored
In AD_DS_Classes_Windows_Server_v1903.ldf from https://www.microsoft.com/en-us/download/details.aspx?id=23782, we see defaultSecurityDescriptor: O:BAG:BAD: (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU) BUG: https://bugzilla.samba.org/show_bug.cgi?id=15685 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz> Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org> Autobuild-Date(master): Thu Jul 25 06:27:27 UTC 2024 on atb-devel-224 (cherry picked from commit 8903876f) Autobuild-User(v4-20-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-20-test): Mon Jul 29 13:29:27 UTC 2024 on atb-devel-224
f8e50d04 -
Michael Tokarev authored
This reverts commit 717035db.
47c99181 -
Michael Tokarev authored
This reverts commit f47ff9bb.
63a883c3 -
Michael Tokarev authoredae38f745
-
Stefan Metzmacher authored
Signed-off-by: Stefan Metzmacher <metze@samba.org>
a13bed3b -
Stefan Metzmacher authored
Signed-off-by: Stefan Metzmacher <metze@samba.org>
803665cb -
Michael Tokarev authored5b88b71a
-
Michael Tokarev authored
Update to upstream version '4.20.3+dfsg' with Debian dir 48ef9a280e969199004fee7703a2983fe5f7e236
85478db3 -
Michael Tokarev authored6763d663
-
Michael Tokarev authored386c8f41
-
Michael Tokarev authored300b84ad
-
Michael Tokarev authoreda0650673
Showing
- .gitlab-ci-main.yml 1 addition, 2 deletions.gitlab-ci-main.yml
- VERSION 1 addition, 1 deletionVERSION
- WHATSNEW.txt 105 additions, 2 deletionsWHATSNEW.txt
- auth/gensec/gensec.c 63 additions, 0 deletionsauth/gensec/gensec.c
- auth/gensec/gensec.h 8 additions, 0 deletionsauth/gensec/gensec.h
- auth/gensec/gensec_internal.h 18 additions, 0 deletionsauth/gensec/gensec_internal.h
- auth/gensec/gensec_start.c 1 addition, 0 deletionsauth/gensec/gensec_start.c
- auth/ntlmssp/ntlmssp_client.c 7 additions, 6 deletionsauth/ntlmssp/ntlmssp_client.c
- auth/ntlmssp/ntlmssp_private.h 2 additions, 0 deletionsauth/ntlmssp/ntlmssp_private.h
- auth/ntlmssp/ntlmssp_server.c 47 additions, 0 deletionsauth/ntlmssp/ntlmssp_server.c
- auth/ntlmssp/ntlmssp_util.c 98 additions, 0 deletionsauth/ntlmssp/ntlmssp_util.c
- buildtools/wafsamba/samba_abi.py 3 additions, 3 deletionsbuildtools/wafsamba/samba_abi.py
- ctdb/common/ctdb_io.c 11 additions, 6 deletionsctdb/common/ctdb_io.c
- debian/changelog 7 additions, 6 deletionsdebian/changelog
- debian/libldb2.symbols 1 addition, 0 deletionsdebian/libldb2.symbols
- debian/libsmbclient0.symbols 1 addition, 0 deletionsdebian/libsmbclient0.symbols
- debian/libwbclient0.symbols 1 addition, 0 deletionsdebian/libwbclient0.symbols
- debian/patches/series 0 additions, 1 deletiondebian/patches/series
- debian/patches/tilde-in-version.diff 0 additions, 23 deletionsdebian/patches/tilde-in-version.diff
- debian/rules 2 additions, 3 deletionsdebian/rules
debian/patches/tilde-in-version.diff
deleted
100644 → 0