summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* CVE-2021-3670 ldb: Confirm the request has not yet timed out in ldb filter ↵ldb-2.5.0Andrew Bartlett2021-11-255-2/+85
| | | | | | | | | | | | | | | | processing The LDB filter processing is where the time is spent in the LDB stack but the timeout event will not get run while this is ongoing, so we must confirm we have not yet timed out manually. RN: Ensure that the LDB request has not timed out during filter processing as the LDAP server MaxQueryDuration is otherwise not honoured. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14694 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* CVE-2021-3670 ldap_server: Ensure value of MaxQueryDuration is greater than zeroJoseph Sutton2021-11-251-1/+3
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14694 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* CVE-2021-3670 ldap_server: Set timeout on requests based on MaxQueryDurationJoseph Sutton2021-11-251-1/+11
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14694 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* CVE-2021-3670 tests/krb5/test_ldap.py: Add test for LDAP timeoutsJoseph Sutton2021-11-252-0/+64
| | | | | | | | | | | We allow a timeout of 2x over to avoid this being a flapping test. Samba is not very accurate on the timeout, which is not otherwise an issue but makes this test fail sometimes. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14694 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* pytest/docs: better spelling of set_smbconf_arbitraryDouglas Bagnall2021-11-221-2/+2
| | | | | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org> Autobuild-User(master): Noel Power <npower@samba.org> Autobuild-Date(master): Mon Nov 22 11:18:09 UTC 2021 on sn-devel-184
* pytest/docs: set_smbconf_arbitrary_opposite() needs param_typeDouglas Bagnall2021-11-221-2/+4
| | | | | | | also, we fixed the name ("arbitrary", not "arbitary"). Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org>
* pytest/dns_aging: remove duplicate testsDouglas Bagnall2021-11-221-12/+0
| | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org>
* pytest/dns_aging: use correct variable namesDouglas Bagnall2021-11-221-2/+2
| | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* py/dnsserver: add a missing exception variableDouglas Bagnall2021-11-221-1/+1
| | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org>
* py/dnsserver: add missing importsDouglas Bagnall2021-11-221-0/+1
| | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.com>
* third_party/update: forget pep8Douglas Bagnall2021-11-191-5/+0
| | | | | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org> Autobuild-User(master): Noel Power <npower@samba.org> Autobuild-Date(master): Fri Nov 19 13:25:16 UTC 2021 on sn-devel-184
* pytest/source_chars: forget thirdparty/pep8 test fileDouglas Bagnall2021-11-191-2/+0
| | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org>
* third_party: remove pep8Douglas Bagnall2021-11-1954-5446/+0
| | | | | | | | | | | | | This was a *partial* copy of the python linting tool that has been known as 'pycodestyle' since 2017. I say partial copy, because it does not seem to contain the pep8 binary itself, just some documentation and tests. It has not been changed since it was added in 2015. It is GOOD that people run python linters, but this doesn't help them in the slightest. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org>
* cmdline: Make -P work in clustered modeVolker Lendecke2021-11-173-2/+29
| | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Wed Nov 17 18:29:09 UTC 2021 on sn-devel-184
* cmdline: Add a callback to set the machine account detailsVolker Lendecke2021-11-172-2/+18
| | | | | | | | | | source3 clients need to work in clustered mode, the default cli_credentials_set_machine_account() only looks at the local secrets.tdb file Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* lib: Add required includes to source3/include/secrets.hVolker Lendecke2021-11-171-0/+3
| | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* selftest: Add reproducer for bug 14908Volker Lendecke2021-11-173-0/+32
| | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=14908 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* lib/replace/timegm: use utf-8Douglas Bagnall2021-11-172-2/+1
| | | | | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Wed Nov 17 05:27:39 UTC 2021 on sn-devel-184
* s4/auth/gensec/gensec_krb5_heimdal: use utf-8Douglas Bagnall2021-11-172-2/+1
| | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Ralph Boehme <slow@samba.org>
* test/blackbox/test_samba-tool_ntacl: use utf-8Douglas Bagnall2021-11-172-2/+1
| | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3/modules/vfs_acl_common.h: use utf-8Douglas Bagnall2021-11-172-2/+1
| | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Ralph Boehme <slow@samba.org>
* test/bad_chars: ensure our tests could failDouglas Bagnall2021-11-172-0/+36
| | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Ralph Boehme <slow@samba.org>
* pytests: check that we don't have bad format charactersDouglas Bagnall2021-11-172-0/+254
| | | | | | | | | | | | | | | | | | | | | | | | Unicode has format control characters that affect the appearance — including the apparent order — of other characters. Some of these, like the bidi controls (for mixing left-to-right scripts with right-to-left scripts) can be used make text that means one thing look very much like it means another thing. The potential for duplicity using these characters has recently been publicised under the name “Trojan Source”, and CVE-2021-42694. A specific example, as it affects the Rust language is CVE-2021-42574. We don't have many format control characters in our code — in fact, just the non-breaking space (\u200b) and the redundant BOM thing (\ufeff), and this test aims to ensure we keep it that way. The test uses a series of allow-lists and deny-lists to check most text files for unknown format control characters. The filtering is fairly conservative but not exhaustive. For example, XML and text files are checked, but UTF-16 files are not. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3: smbd: In SMB1 call_trans2findnext() add and use a helper variable to ↵Jeremy Allison2021-11-161-1/+3
| | | | | | | | | | ensure we don't call mangle_is_mangled() with a posix name. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Tue Nov 16 21:06:38 UTC 2021 on sn-devel-184
* s3: smbd: In unlink_internals() ensure we never call mangle_is_mangled for a ↵Jeremy Allison2021-11-161-0/+2
| | | | | | | posix path. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3: smbd: SMB1 reply_copy(). Posix pathnames always means case_sensitive = true.Jeremy Allison2021-11-161-1/+2
| | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3: smbd: SMB1 reply_copy(). Posix pathnames should never call into ↵Jeremy Allison2021-11-161-0/+1
| | | | | | | mangle_is_mangled(). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3: smbd: In SMB1 reply_copy(), make req->posix_pathnames a helper variable.Jeremy Allison2021-11-161-1/+2
| | | | | | | I need to use it elsewhere in here. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3: smbd: Add and use helper variables for case_sensitive, case_preserve, ↵Jeremy Allison2021-11-161-3/+7
| | | | | | | short_case_preserve to rename_internals(). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3: smbd: Ensure we never call mangle_is_mangled() for a posix path.Jeremy Allison2021-11-161-0/+1
| | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3: smbd: Add and use helper variable posix_pathname in rename_internals().Jeremy Allison2021-11-161-1/+2
| | | | | | | We're going to re-use it inside this function. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3: smbd: Add and use helper variables case_sensitive, case_preserve in ↵Jeremy Allison2021-11-161-1/+5
| | | | | | | rename_internals_fsp(). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3: smbd: Add and use case_sensitive helper variable to unlink_internals().Jeremy Allison2021-11-161-1/+4
| | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3: smbd: Use a helper variable in smbd_smb2_query_directory_send().Jeremy Allison2021-11-161-1/+2
| | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3: smbd: In open_file() use the helper variable to select correct ↵Jeremy Allison2021-11-161-1/+1
| | | | | | | case_sensitive setting to is_in_path(). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3: smbd: In open_file(), use a helper variable instead of always checking ↵Jeremy Allison2021-11-161-2/+3
| | | | | | | sp->posix_flags & FSP_POSIX_FLAGS_OPEN. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3: smbd: Use dptr_case_sensitive() in directory listing code.Jeremy Allison2021-11-161-3/+4
| | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3: smbd: Add dptr_case_sensitive(). Not yet used.Jeremy Allison2021-11-162-0/+6
| | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3: smbd: In OpenDir_fsp(), set dir_hnd->case_sensitive to true if ↵Jeremy Allison2021-11-161-1/+5
| | | | | | | FSP_POSIX_FLAGS_OPEN is set. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3: smbd: Use dir_hnd->case_sensitive instead of conn->case_sensitive.Jeremy Allison2021-11-161-4/+4
| | | | | | | No logic change. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3: smbd: Add case_sensitive to struct smb_Dir.Jeremy Allison2021-11-161-0/+2
| | | | | | | | | | Not yet used. This allows it to be independent of conn settings on a per-handle-basis for SMB2 posix. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3: smbd: Use state->case_sensitive instead of state->conn->case_sensitive.Jeremy Allison2021-11-161-4/+4
| | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3: smbd: Add 'bool case_sensitive' to struct smbd_dirptr_lanman2_state.Jeremy Allison2021-11-161-0/+2
| | | | | | | Initialize from conn->case_sensitive. Not yet used. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3: smbd: In unix_convert() component_was_mangled is always false for posix.Jeremy Allison2021-11-161-1/+7
| | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3: smbd: In unix_convert_step_search_fail() ensure posix names don't call ↵Jeremy Allison2021-11-161-0/+9
| | | | | | | into name mangling functions. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3: smbd: Add comment to unix_convert() explaining why posix never calls ↵Jeremy Allison2021-11-161-0/+3
| | | | | | | into mangle_is_mangled() here. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3: smbd: Turn on case sensitivity for a posix filename lookup.Jeremy Allison2021-11-161-0/+7
| | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3: smbd: Use state->short_case_preserve instead of ↵Jeremy Allison2021-11-161-1/+1
| | | | | | | | | state->conn->short_case_preserve. No logic changes. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3: smbd: Use state->case_preserve instead of state->conn->case_preserve.Jeremy Allison2021-11-161-1/+1
| | | | | | | No logic change. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3: smbd: Use state->case_sensitive instead of state->conn->case_sensitive.Jeremy Allison2021-11-161-5/+5
| | | | | | | No logic change. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
View Lorry Controller Status