summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* autobuild: move nt4_dc_schannel out of 'samba'Stefan Metzmacher2019-02-271-1/+6
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:selftest: make use of ad_dc_backupStefan Metzmacher2019-02-271-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* selftest:Samba4: add ad_dc_backup alias to ad_dcStefan Metzmacher2019-02-272-0/+9
| | | | | | | | This will allow us to run really most tests in an isolated autobuild/ci task later. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:selftest: make use of ad_dc_defaultStefan Metzmacher2019-02-274-57/+56
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* selftest:Samba4: add ad_dc_default alias to ad_dc_ntvfsStefan Metzmacher2019-02-272-0/+9
| | | | | | | | | | | This will allow us to run really most tests in an isolated autobuild/ci task later. This will apply to tests, which may not rely on the ntvfs backend, so the ad_dc_default alias can point to another environment in future. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:selftest: make use of ad_dc_slowtestsStefan Metzmacher2019-02-272-7/+8
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* selftest:Samba4: add ad_dc_slowtests alias to ad_dc_ntvfsStefan Metzmacher2019-02-272-0/+9
| | | | | | | | This will allow us to run really slow tests in an isolated autobuild/ci task later. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:selftest: use the fl2008dc alias when looping over all functional levelsStefan Metzmacher2019-02-271-4/+7
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* selftest:Samba4: add fl2008dc as alias to ad_dc_ntvfsStefan Metzmacher2019-02-272-2/+22
| | | | | | | | | Using aliases it will be possible to split the large amount of tests which use ad_dc_ntvfs into multiple autobuild/ci tasks/jobs later. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:selftest: move very slow tests on ad_dc_ntvfs into one location in tests.pyStefan Metzmacher2019-02-271-8/+6
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* libcli:auth: Remove unused header fileAndreas Schneider2019-02-271-1/+0
| | | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Wed Feb 27 10:00:32 UTC 2019 on sn-devel-144
* s4:torture: Remove unused header fileAndreas Schneider2019-02-271-1/+0
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* s4:dsdb: Remove unused header fileAndreas Schneider2019-02-271-1/+0
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* libcli:samsync: Remove unused header fileAndreas Schneider2019-02-271-1/+0
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* s4:dsdb: Only use the required md4 and md5 header filesAndreas Schneider2019-02-271-1/+2
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* s4:dsdb: Only use the required md4 header fileAndreas Schneider2019-02-271-1/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* libcli:auth: Only use the required md4 headerAndreas Schneider2019-02-271-1/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* libcli:auth: Only use the required md4 headerAndreas Schneider2019-02-271-1/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* krb5_wrap: Only use the required md4 headerAndreas Schneider2019-02-271-1/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* lib:crypto: Include only the required header filesAndreas Schneider2019-02-2710-12/+19
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* libcli:auth: Avoid explicit ZERO_STRUCTAndreas Schneider2019-02-271-3/+1
| | | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Feb 27 03:22:50 CET 2019 on sn-devel-144
* auth:gensec: Make sure we zero the checksum after useAndreas Schneider2019-02-271-0/+2
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli:smb: Zero sensitive memory after useAndreas Schneider2019-02-271-0/+4
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* rpc_server: Use dom_sid_str_bufVolker Lendecke2019-02-271-3/+4
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libnet: Use dom_sid_str_bufVolker Lendecke2019-02-271-13/+27
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* dsdb: Align integer typesVolker Lendecke2019-02-271-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* audit_log: Use dom_sid_str_bufVolker Lendecke2019-02-271-6/+4
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* winbind: Avoid a "==False"Volker Lendecke2019-02-271-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* winbind: Fix an error path memleakVolker Lendecke2019-02-271-0/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* winbind: Align integer typesVolker Lendecke2019-02-271-3/+3
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* winbindd: Fix typosVolker Lendecke2019-02-271-2/+2
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libads: Align integer typesVolker Lendecke2019-02-271-3/+3
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libads: Use dom_sid_str_bufVolker Lendecke2019-02-271-2/+2
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* pdbtest: Use dom_sid_str_bufVolker Lendecke2019-02-271-4/+9
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* addns: Remove some unused definesVolker Lendecke2019-02-271-50/+0
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* ldb: version 1.6.2ldb-1.6.2Stefan Metzmacher2019-02-264-1/+285
| | | | | | | | | * Fix standalone build of ldb. Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Feb 26 12:10:40 CET 2019 on sn-devel-144
* tevent: version 0.9.39tevent-0.9.39Stefan Metzmacher2019-02-262-1/+127
| | | | | | | | * py_tevent: add_timer takes float argument * C99 build fixes. * Fix standalone build of tevent. Signed-off-by: Stefan Metzmacher <metze@samba.org>
* talloc: version 2.1.16talloc-2.1.16Stefan Metzmacher2019-02-264-1/+97
| | | | | | * Fix standalone build of talloc. Signed-off-by: Stefan Metzmacher <metze@samba.org>
* tdb: version 1.3.18tdb-1.3.18Stefan Metzmacher2019-02-262-1/+74
| | | | | | | | * Fix build problems with older python versions. * C99 build fixes. * Fix standalone build of tdb. Signed-off-by: Stefan Metzmacher <metze@samba.org>
* Search for location of waf scriptDavid Mulder2019-02-264-4/+8
| | | | | | | | | | | | When calling make from the ldb, talloc, tdb, and tevent bundles, we need to first find the location of the waf script. Currently the build fails since it can't find waf. Fixes regression caused by a660b7f. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2019-3824 ldb: Release ldb 1.6.1ldb-1.6.1Gary Lockyer2019-02-254-1/+285
| | | | | | | | | | | | * CVE-2019-3824 out of bounds read in wildcard compare (bug 13773) BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Autobuild-User(master): Gary Lockyer <gary@samba.org> Autobuild-Date(master): Mon Feb 25 22:54:13 CET 2019 on sn-devel-144
* CVE-2019-3824 ldb: Add tests for ldb_wildcard_matchGary Lockyer2019-02-253-1/+214
| | | | | | | | | | | | | | | Add cmocka tests for ldb_wildcard_match. Running test_wildcard_match under valgrind reproduces CVE-2019-3824 out of bounds read in wildcard compare (bug 13773) valgrind --suppressions=lib/ldb/tests/ldb_match_test.valgrind\ bin/ldb_match_test BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2019-3824 ldb: wildcard_match end of data checkGary Lockyer2019-02-251-1/+1
| | | | | | | | | | | | | ldb_handler_copy and ldb_val_dup over allocate by one and add a trailing '\0' to the data, to make them safe to use the C string functions on. However testing for the trailing '\0' is not the correct way to test for the end of a value, the length should be checked instead. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2019-3824 ldb: wildcard_match check tree operationGary Lockyer2019-02-251-0/+5
| | | | | | | | | | | | | | Check the operation type of the passed parse tree, and return LDB_INAPPROPRIATE_MATCH if the operation is not LDB_OP_SUBSTRING. A query of "attribute=*" gets parsed as LDB_OP_PRESENT, checking the operation and failing ldb_wildcard_match should help prevent confusion writing tests. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2019-3824 ldb: ldb_parse_tree use talloc_zeroGary Lockyer2019-02-251-1/+1
| | | | | | | | | | | Initialise the created ldb_parse_tree with talloc_zero, this ensures that it is correctly initialised if inadvertently passed to a function expecting a different operation type. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2019-3824 ldb: Improve code style and layout in wildcard processingAndrew Bartlett2019-02-251-3/+5
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* CVE-2019-3824 ldb: Extra comments to clarify no pointer wrap in wildcard ↵Andrew Bartlett2019-02-251-2/+23
| | | | | | | | | processing BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* CVE-2019-3824 ldb: Out of bound read in ldb_wildcard_compareLukas Slebodnik2019-02-251-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is valgrind error in few tests tests/test-generic.sh 91 echo "Test wildcard match" 92 $VALGRIND ldbadd $LDBDIR/tests/test-wildcard.ldif || exit 1 93 $VALGRIND ldbsearch '(cn=test*multi)' || exit 1 95 $VALGRIND ldbsearch '(cn=*test_multi)' || exit 1 97 $VALGRIND ldbsearch '(cn=test*multi*test*multi)' || exit 1 e.g. ==3098== Memcheck, a memory error detector ==3098== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==3098== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info ==3098== Command: ./bin/ldbsearch (cn=test*multi) ==3098== ==3098== Invalid read of size 1 ==3098== at 0x483CEE7: memchr (vg_replace_strmem.c:890) ==3098== by 0x49A9073: memmem (in /usr/lib64/libc-2.28.9000.so) ==3098== by 0x485DFE9: ldb_wildcard_compare (ldb_match.c:313) ==3098== by 0x485DFE9: ldb_match_substring (ldb_match.c:360) ==3098== by 0x485DFE9: ldb_match_message (ldb_match.c:572) ==3098== by 0x558F8FA: search_func (ldb_kv_search.c:549) ==3098== by 0x48C78CA: ??? (in /usr/lib64/libtdb.so.1.3.17) ==3098== by 0x48C7A60: tdb_traverse_read (in /usr/lib64/libtdb.so.1.3.17) ==3098== by 0x557B7C4: ltdb_traverse_fn (ldb_tdb.c:274) ==3098== by 0x558FBFA: ldb_kv_search_full (ldb_kv_search.c:594) ==3098== by 0x558FBFA: ldb_kv_search (ldb_kv_search.c:854) ==3098== by 0x558E497: ldb_kv_callback (ldb_kv.c:1713) ==3098== by 0x48FCD58: tevent_common_invoke_timer_handler (in /usr/lib64/libtevent.so.0.9.38) ==3098== by 0x48FCEFD: tevent_common_loop_timer_delay (in /usr/lib64/libtevent.so.0.9.38) ==3098== by 0x48FE14A: ??? (in /usr/lib64/libtevent.so.0.9.38) ==3098== Address 0x4b4ab81 is 0 bytes after a block of size 129 alloc'd ==3098== at 0x483880B: malloc (vg_replace_malloc.c:309) ==3098== by 0x491048B: talloc_strndup (in /usr/lib64/libtalloc.so.2.1.15) ==3098== by 0x48593CA: ldb_casefold_default (ldb_utf8.c:59) ==3098== by 0x485F68D: ldb_handler_fold (attrib_handlers.c:64) ==3098== by 0x485DB88: ldb_wildcard_compare (ldb_match.c:257) ==3098== by 0x485DB88: ldb_match_substring (ldb_match.c:360) ==3098== by 0x485DB88: ldb_match_message (ldb_match.c:572) ==3098== by 0x558F8FA: search_func (ldb_kv_search.c:549) ==3098== by 0x48C78CA: ??? (in /usr/lib64/libtdb.so.1.3.17) ==3098== by 0x48C7A60: tdb_traverse_read (in /usr/lib64/libtdb.so.1.3.17) ==3098== by 0x557B7C4: ltdb_traverse_fn (ldb_tdb.c:274) ==3098== by 0x558FBFA: ldb_kv_search_full (ldb_kv_search.c:594) ==3098== by 0x558FBFA: ldb_kv_search (ldb_kv_search.c:854) ==3098== by 0x558E497: ldb_kv_callback (ldb_kv.c:1713) ==3098== by 0x48FCD58: tevent_common_invoke_timer_handler (in /usr/lib64/libtevent.so.0.9.38) ==3098== # record 1 dn: cn=test_multi_test_multi_test_multi,o=University of Michigan,c=TEST cn: test_multi_test_multi_test_multi description: test multi wildcards matching objectclass: person sn: multi_test name: test_multi_test_multi_test_multi distinguishedName: cn=test_multi_test_multi_test_multi,o=University of Michiga n,c=TEST # returned 1 records # 1 entries # 0 referrals BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Lukas Slebodnik <lslebodn@fedoraproject.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* libcli: Pass buf/len to smb2_negotiate_context_addVolker Lendecke2019-02-254-25/+31
| | | | | | | | | | | Every caller did a data_blob_const() right before calling smb2_negotiate_context_add(). Avoid that. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Feb 25 21:07:22 CET 2019 on sn-devel-144
* libsmb: Resolve special _recv handling in cli_ntcreateVolker Lendecke2019-02-251-12/+28
| | | | | | | | cli_smb2_create_fnum_recv will gain output create blobs soon and thus differ from the NT1 function. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
View Lorry Controller Status