summaryrefslogtreecommitdiff
path: root/source4
Commit message (Collapse)AuthorAgeFilesLines
* CVE-2018-16851 ldap_server: Check ret before manipulating blobGarming Sam2018-11-261-2/+2
| | | | | | | | | | | | | | In the case of hitting the talloc ~256MB limit, this causes a crash in the server. Note that you would actually need to load >256MB of data into the LDAP. Although there is some generated/hidden data which would help you reach that limit (descriptors and RMD blobs). BUG: https://bugzilla.samba.org/show_bug.cgi?id=13674 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2018-16841 heimdal: Fix segfault on PKINIT with mis-matching principalAndrew Bartlett2018-11-261-3/+3
| | | | | | | | | | | | | In Heimdal KRB5_KDC_ERR_CLIENT_NAME_MISMATCH is an enum, so we tried to double-free mem_ctx. This was introduced in 9a0263a7c316112caf0265237bfb2cfb3a3d370d for the MIT KDC effort. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13628 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* CVE-2018-14629 dns: CNAME loop prevention using counterAaron Haslett2018-11-261-0/+6
| | | | | | | | | | | Count number of answers generated by internal DNS query routine and stop at 20 to match Microsoft's loop prevention mechanism. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600 Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4:torture: split smb2.session.expire{1,2} to run with signing and encryptpionStefan Metzmacher2018-10-101-4/+46
| | | | | | | | | | This reproduces the problem we have with expired encrypted sessions. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13624 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 01b868455c9bae309d1ca7ddad54077fc5d7f4b1)
* krb5-samba: interdomain trust uses different salt principalAlexander Bokovoy2018-09-051-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Salt principal for the interdomain trust is krbtgt/DOMAIN@REALM where DOMAIN is the sAMAccountName without the dollar sign ($) The salt principal for the BLA$ user object was generated wrong. dn: CN=bla.base,CN=System,DC=w4edom-l4,DC=base securityIdentifier: S-1-5-21-4053568372-2049667917-3384589010 trustDirection: 3 trustPartner: bla.base trustPosixOffset: -2147483648 trustType: 2 trustAttributes: 8 flatName: BLA dn: CN=BLA$,CN=Users,DC=w4edom-l4,DC=base userAccountControl: 2080 primaryGroupID: 513 objectSid: S-1-5-21-278041429-3399921908-1452754838-1597 accountExpires: 9223372036854775807 sAMAccountName: BLA$ sAMAccountType: 805306370 pwdLastSet: 131485652467995000 The salt stored by Windows in the package_PrimaryKerberosBlob (within supplementalCredentials) seems to be 'W4EDOM-L4.BASEkrbtgtBLA' for the above trust and Samba stores 'W4EDOM-L4.BASEBLA$'. While the salt used when building the keys from trustAuthOutgoing/trustAuthIncoming is 'W4EDOM-L4.BASEkrbtgtBLA.BASE', which we handle correct. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13539 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Alexander Bokovoy <ab@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Sep 5 03:57:22 CEST 2018 on sn-devel-144 (cherry picked from commit f3e349bebc443133fdbe4e14b148ca8db8237060) Autobuild-User(v4-7-test): Stefan Metzmacher <metze@samba.org> Autobuild-Date(v4-7-test): Wed Sep 5 18:44:46 CEST 2018 on sn-devel-144
* s4:selftest: test kinit with the interdomain trust user accountAlexander Bokovoy2018-09-051-0/+1
| | | | | | | | | | | | | | To test it, add a blackbox test that ensures we pass a keytab-based authentication with the trust user account for a trusted domain. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13539 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Alexander Bokovoy <ab@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 7df505298f71432d5adbcffccde8f97c117a57a6)
* torture: Make sure that fruit_ftruncate only unlinks streamsVolker Lendecke2018-09-051-0/+45
| | | | | | | | | | Follow-up to Bug: https://bugzilla.samba.org/show_bug.cgi?id=13441 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit c39ec64231b261fe4ada02f1f1b9aa344cf35bb5)
* selftest: add a durable handle test with delayed disconnectRalph Boehme2018-09-053-0/+98
| | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=13549 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 5508024a861e7c85e6c837552ad142aa1d5e8eca)
* s4:selftest: reformat smb2_s3only listRalph Boehme2018-09-051-1/+6
| | | | | | | | | | No change besides reformatting the list to one entry per line. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13549 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 3255822f75163cb38e53f634a5c6b03d46bfaff1)
* s4:rpc_server/netlogon: don't treet trusted domains as primary in ↵Stefan Metzmacher2018-09-051-57/+82
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | LogonGetDomainInfo() We need to handle trusted domains differently than our primary domain. The most important part is that we don't return NETR_TRUST_FLAG_PRIMARY for them. NETR_TRUST_FLAG_{INBOUND,OUTBOUND,IN_FOREST} are the relavant flags for trusts. This is an example of what Windows returns in a complex trust environment: netr_LogonGetDomainInfo: struct netr_LogonGetDomainInfo out: struct netr_LogonGetDomainInfo return_authenticator : * return_authenticator: struct netr_Authenticator cred: struct netr_Credential data : f48b51ff12ff8c6c timestamp : Tue Aug 28 22:59:03 2018 CEST info : * info : union netr_DomainInfo(case 1) domain_info : * domain_info: struct netr_DomainInformation primary_domain: struct netr_OneDomainInfo domainname: struct lsa_StringLarge length : 0x0014 (20) size : 0x0016 (22) string : * string : 'W2012R2-L4' dns_domainname: struct lsa_StringLarge length : 0x0020 (32) size : 0x0022 (34) string : * string : 'w2012r2-l4.base.' dns_forestname: struct lsa_StringLarge length : 0x0020 (32) size : 0x0022 (34) string : * string : 'w2012r2-l4.base.' domain_guid : 0a133c91-8eac-4df0-96ac-ede69044a38b domain_sid : * domain_sid : S-1-5-21-2930975464-1937418634-1288008815 trust_extension: struct netr_trust_extension_container length : 0x0000 (0) size : 0x0000 (0) info : NULL dummy_string2: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_string3: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_string4: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_long1 : 0x00000000 (0) dummy_long2 : 0x00000000 (0) dummy_long3 : 0x00000000 (0) dummy_long4 : 0x00000000 (0) trusted_domain_count : 0x00000006 (6) trusted_domains : * trusted_domains: ARRAY(6) trusted_domains: struct netr_OneDomainInfo domainname: struct lsa_StringLarge length : 0x000e (14) size : 0x0010 (16) string : * string : 'FREEIPA' dns_domainname: struct lsa_StringLarge length : 0x0018 (24) size : 0x001a (26) string : * string : 'freeipa.base' dns_forestname: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL domain_guid : 00000000-0000-0000-0000-000000000000 domain_sid : * domain_sid : S-1-5-21-429948374-2562621466-335716826 trust_extension: struct netr_trust_extension_container length : 0x0010 (16) size : 0x0010 (16) info : * info: struct netr_trust_extension length : 0x00000008 (8) dummy : 0x00000000 (0) size : 0x00000008 (8) flags : 0x00000022 (34) 0: NETR_TRUST_FLAG_IN_FOREST 1: NETR_TRUST_FLAG_OUTBOUND 0: NETR_TRUST_FLAG_TREEROOT 0: NETR_TRUST_FLAG_PRIMARY 0: NETR_TRUST_FLAG_NATIVE 1: NETR_TRUST_FLAG_INBOUND 0: NETR_TRUST_FLAG_MIT_KRB5 0: NETR_TRUST_FLAG_AES parent_index : 0x00000000 (0) trust_type : LSA_TRUST_TYPE_UPLEVEL (2) trust_attributes : 0x00000008 (8) 0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE 0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY 0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN 1: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE 0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION 0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST 0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL 0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION dummy_string2: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_string3: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_string4: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_long1 : 0x00000000 (0) dummy_long2 : 0x00000000 (0) dummy_long3 : 0x00000000 (0) dummy_long4 : 0x00000000 (0) trusted_domains: struct netr_OneDomainInfo domainname: struct lsa_StringLarge length : 0x0016 (22) size : 0x0018 (24) string : * string : 'S1-W2012-L4' dns_domainname: struct lsa_StringLarge length : 0x0036 (54) size : 0x0038 (56) string : * string : 's1-w2012-l4.w2012r2-l4.base' dns_forestname: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL domain_guid : afe7fbde-af82-46cf-88a2-2df6920fc33e domain_sid : * domain_sid : S-1-5-21-1368093395-3821428921-3924672915 trust_extension: struct netr_trust_extension_container length : 0x0010 (16) size : 0x0010 (16) info : * info: struct netr_trust_extension length : 0x00000008 (8) dummy : 0x00000000 (0) size : 0x00000008 (8) flags : 0x00000023 (35) 1: NETR_TRUST_FLAG_IN_FOREST 1: NETR_TRUST_FLAG_OUTBOUND 0: NETR_TRUST_FLAG_TREEROOT 0: NETR_TRUST_FLAG_PRIMARY 0: NETR_TRUST_FLAG_NATIVE 1: NETR_TRUST_FLAG_INBOUND 0: NETR_TRUST_FLAG_MIT_KRB5 0: NETR_TRUST_FLAG_AES parent_index : 0x00000004 (4) trust_type : LSA_TRUST_TYPE_UPLEVEL (2) trust_attributes : 0x00000020 (32) 0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE 0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY 0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN 0: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE 0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION 1: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST 0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL 0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION dummy_string2: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_string3: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_string4: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_long1 : 0x00000000 (0) dummy_long2 : 0x00000000 (0) dummy_long3 : 0x00000000 (0) dummy_long4 : 0x00000000 (0) trusted_domains: struct netr_OneDomainInfo domainname: struct lsa_StringLarge length : 0x0006 (6) size : 0x0008 (8) string : * string : 'BLA' dns_domainname: struct lsa_StringLarge length : 0x0010 (16) size : 0x0012 (18) string : * string : 'bla.base' dns_forestname: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL domain_guid : 00000000-0000-0000-0000-000000000000 domain_sid : * domain_sid : S-1-5-21-4053568372-2049667917-3384589010 trust_extension: struct netr_trust_extension_container length : 0x0010 (16) size : 0x0010 (16) info : * info: struct netr_trust_extension length : 0x00000008 (8) dummy : 0x00000000 (0) size : 0x00000008 (8) flags : 0x00000022 (34) 0: NETR_TRUST_FLAG_IN_FOREST 1: NETR_TRUST_FLAG_OUTBOUND 0: NETR_TRUST_FLAG_TREEROOT 0: NETR_TRUST_FLAG_PRIMARY 0: NETR_TRUST_FLAG_NATIVE 1: NETR_TRUST_FLAG_INBOUND 0: NETR_TRUST_FLAG_MIT_KRB5 0: NETR_TRUST_FLAG_AES parent_index : 0x00000000 (0) trust_type : LSA_TRUST_TYPE_UPLEVEL (2) trust_attributes : 0x00000008 (8) 0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE 0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY 0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN 1: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE 0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION 0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST 0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL 0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION dummy_string2: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_string3: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_string4: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_long1 : 0x00000000 (0) dummy_long2 : 0x00000000 (0) dummy_long3 : 0x00000000 (0) dummy_long4 : 0x00000000 (0) trusted_domains: struct netr_OneDomainInfo domainname: struct lsa_StringLarge length : 0x000c (12) size : 0x000e (14) string : * string : 'S4XDOM' dns_domainname: struct lsa_StringLarge length : 0x0016 (22) size : 0x0018 (24) string : * string : 's4xdom.base' dns_forestname: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL domain_guid : 00000000-0000-0000-0000-000000000000 domain_sid : * domain_sid : S-1-5-21-313966788-4060240134-2249344781 trust_extension: struct netr_trust_extension_container length : 0x0010 (16) size : 0x0010 (16) info : * info: struct netr_trust_extension length : 0x00000008 (8) dummy : 0x00000000 (0) size : 0x00000008 (8) flags : 0x00000022 (34) 0: NETR_TRUST_FLAG_IN_FOREST 1: NETR_TRUST_FLAG_OUTBOUND 0: NETR_TRUST_FLAG_TREEROOT 0: NETR_TRUST_FLAG_PRIMARY 0: NETR_TRUST_FLAG_NATIVE 1: NETR_TRUST_FLAG_INBOUND 0: NETR_TRUST_FLAG_MIT_KRB5 0: NETR_TRUST_FLAG_AES parent_index : 0x00000000 (0) trust_type : LSA_TRUST_TYPE_UPLEVEL (2) trust_attributes : 0x00000008 (8) 0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE 0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY 0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN 1: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE 0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION 0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST 0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL 0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION dummy_string2: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_string3: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_string4: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_long1 : 0x00000000 (0) dummy_long2 : 0x00000000 (0) dummy_long3 : 0x00000000 (0) dummy_long4 : 0x00000000 (0) trusted_domains: struct netr_OneDomainInfo domainname: struct lsa_StringLarge length : 0x0014 (20) size : 0x0016 (22) string : * string : 'W2012R2-L4' dns_domainname: struct lsa_StringLarge length : 0x001e (30) size : 0x0020 (32) string : * string : 'w2012r2-l4.base' dns_forestname: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL domain_guid : 0a133c91-8eac-4df0-96ac-ede69044a38b domain_sid : * domain_sid : S-1-5-21-2930975464-1937418634-1288008815 trust_extension: struct netr_trust_extension_container length : 0x0010 (16) size : 0x0010 (16) info : * info: struct netr_trust_extension length : 0x00000008 (8) dummy : 0x00000000 (0) size : 0x00000008 (8) flags : 0x0000001d (29) 1: NETR_TRUST_FLAG_IN_FOREST 0: NETR_TRUST_FLAG_OUTBOUND 1: NETR_TRUST_FLAG_TREEROOT 1: NETR_TRUST_FLAG_PRIMARY 1: NETR_TRUST_FLAG_NATIVE 0: NETR_TRUST_FLAG_INBOUND 0: NETR_TRUST_FLAG_MIT_KRB5 0: NETR_TRUST_FLAG_AES parent_index : 0x00000000 (0) trust_type : LSA_TRUST_TYPE_UPLEVEL (2) trust_attributes : 0x00000000 (0) 0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE 0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY 0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN 0: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE 0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION 0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST 0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL 0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION dummy_string2: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_string3: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_string4: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_long1 : 0x00000000 (0) dummy_long2 : 0x00000000 (0) dummy_long3 : 0x00000000 (0) dummy_long4 : 0x00000000 (0) trusted_domains: struct netr_OneDomainInfo domainname: struct lsa_StringLarge length : 0x0016 (22) size : 0x0018 (24) string : * string : 'S2-W2012-L4' dns_domainname: struct lsa_StringLarge length : 0x004e (78) size : 0x0050 (80) string : * string : 's2-w2012-l4.s1-w2012-l4.w2012r2-l4.base' dns_forestname: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL domain_guid : 29daace6-cded-4ce3-a754-7482a4d9127c domain_sid : * domain_sid : S-1-5-21-167342819-981449877-2130266853 trust_extension: struct netr_trust_extension_container length : 0x0010 (16) size : 0x0010 (16) info : * info: struct netr_trust_extension length : 0x00000008 (8) dummy : 0x00000000 (0) size : 0x00000008 (8) flags : 0x00000001 (1) 1: NETR_TRUST_FLAG_IN_FOREST 0: NETR_TRUST_FLAG_OUTBOUND 0: NETR_TRUST_FLAG_TREEROOT 0: NETR_TRUST_FLAG_PRIMARY 0: NETR_TRUST_FLAG_NATIVE 0: NETR_TRUST_FLAG_INBOUND 0: NETR_TRUST_FLAG_MIT_KRB5 0: NETR_TRUST_FLAG_AES parent_index : 0x00000001 (1) trust_type : LSA_TRUST_TYPE_UPLEVEL (2) trust_attributes : 0x00000000 (0) 0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE 0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY 0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN 0: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE 0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION 0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST 0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL 0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION dummy_string2: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_string3: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_string4: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_long1 : 0x00000000 (0) dummy_long2 : 0x00000000 (0) dummy_long3 : 0x00000000 (0) dummy_long4 : 0x00000000 (0) lsa_policy: struct netr_LsaPolicyInformation policy_size : 0x00000000 (0) policy : NULL dns_hostname: struct lsa_StringLarge length : 0x0036 (54) size : 0x0038 (56) string : * string : 'torturetest.w2012r2-l4.base' dummy_string2: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_string3: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL dummy_string4: struct lsa_StringLarge length : 0x0000 (0) size : 0x0000 (0) string : NULL workstation_flags : 0x00000003 (3) 1: NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS 1: NETR_WS_FLAG_HANDLES_SPN_UPDATE supported_enc_types : 0x0000001f (31) 1: KERB_ENCTYPE_DES_CBC_CRC 1: KERB_ENCTYPE_DES_CBC_MD5 1: KERB_ENCTYPE_RC4_HMAC_MD5 1: KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96 1: KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96 0: KERB_ENCTYPE_FAST_SUPPORTED 0: KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTED 0: KERB_ENCTYPE_CLAIMS_SUPPORTED 0: KERB_ENCTYPE_RESOURCE_SID_COMPRESSION_DISABLED dummy_long3 : 0x00000000 (0) dummy_long4 : 0x00000000 (0) result : NT_STATUS_OK Best viewed with: git show --histogram -w BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 2099add0657126e4a5427ec2db0fe8025478b355)
* s4:rpc_server/netlogon: make use of talloc_zero_array() for the ↵Stefan Metzmacher2018-09-051-1/+1
| | | | | | | | | | | | | netr_OneDomainInfo array It's much safer than having uninitialized memory when we hit an error case. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit ef0b489ad0d93199e08415dd895da5cfe2d1c11a)
* s4:rpc_server/netlogon: use samdb_domain_guid()/dsdb_trust_local_tdo_info() ↵Stefan Metzmacher2018-09-051-18/+91
| | | | | | | | | | | | | | | | | to build our netr_OneDomainInfo values The logic for constructing the values for our own primary domain differs from the values of trusted domains. In order to make the code easier to understand we have a new fill_our_one_domain_info() helper that only takes care of our primary domain. The cleanup for the trust case will follow in a separate commit. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 61333f7787d78e3ec5c7bd2874d5a0f1f536275a)
* s4:dsdb/common: add samdb_domain_guid() helper functionStefan Metzmacher2018-09-051-0/+55
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 0e442e094240abbf79aaca00a9d1a053a200a7e8)
* dsdb:util_trusts: add dsdb_trust_local_tdo_info() helper functionStefan Metzmacher2018-09-051-0/+16
| | | | | | | | | | | This is similar to dsdb_trust_xref_tdo_info(), but will also work if we ever support more than one domain in our forest. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit c1b0ac95db5c6112d90356c7ada8c3d445e9b668)
* dsdb/util_trusts: domain_dn is an input parameter of ↵Stefan Metzmacher2018-09-051-6/+0
| | | | | | | | | | | | | | dsdb_trust_crossref_tdo_info() We should not overwrite it within the function. Currently it doesn't matter as we don't have multiple domains within our forest, but that will change in future. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit f5f96f558b499770cdeb3d38998167a387e058b9)
* s4:torture/rpc/netlogon: verify the trusted domains output of ↵Stefan Metzmacher2018-09-051-1/+129
| | | | | | | | | | | | | LogonGetDomainInfo() This makes sure we don't treat trusted domains in the same way we treat our primary domain. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit d5dd8fdc647d6a202c5da0451d395116c2cd92b9)
* s4:torture/rpc/netlogon: assert that ↵Stefan Metzmacher2018-09-051-0/+16
| | | | | | | | | | | | | cli_credentials_get_{workstation,password} don't return NULL This is better that generating a segfault while dereferencing a NULL pointer later. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit dffc182c6943d21513d8db9f6cf66bdc09206b17)
* torture: Demonstrate the invalid lock order panicVolker Lendecke2018-08-231-0/+89
| | | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13584 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Aug 21 02:33:05 CEST 2018 on sn-devel-144 (cherry picked from commit ec3c37ee53f21d8c0e80b1d3b3d7e95a4ac8e0bc) Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-7-test): Thu Aug 23 15:48:56 CEST 2018 on sn-devel-144
* Merge tag 'samba-4.7.9' into v4-7-testKarolin Seeger2018-08-147-35/+1447
|\ | | | | | | samba: tag release samba-4.7.9
| * CVE-2018-10919 tests: Add extra test for dirsync deleted object corner-caseTim Beale2018-08-111-26/+131
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The acl_read.c code contains a special case to allow dirsync to work-around having insufficient access rights. We had a concern that the dirsync module could leak sensitive information for deleted objects. This patch adds a test-case to prove whether or not this is happening. The new test case is similar to the existing dirsync test except: - We make the confidential attribute also preserve-on-delete, so it hangs around for deleted objcts. Because the attributes now persist across test case runs, I've used a different attribute to normal. (Technically, the dirsync search expressions are now specific enough that the regular attribute could be used, but it would make things quite fragile if someone tried to add a new test case). - To handle searching for deleted objects, the search expressions are now more complicated. Currently dirsync adds an extra-filter to the '!' searches to exclude deleted objects, i.e. samaccountname matches the test-objects AND the object is not deleted. We now extend this to include deleted objects with lastKnownParent equal to the test OU. The search expression matches either case so that we can use the same expression throughout the test (regardless of whether the object is deleted yet or not). This test proves that the dirsync corner-case does not actually leak sensitive information on Samba. This is due to a bug in the dirsync code - when the buggy line is removed, this new test promptly fails. Test also passes against Windows. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
| * CVE-2018-10919 acl_read: Fix unauthorized attribute access via searchesTim Beale2018-08-111-0/+247
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A user that doesn't have access to view an attribute can still guess the attribute's value via repeated LDAP searches. This affects confidential attributes, as well as ACLs applied to an object/attribute to deny access. Currently the code will hide objects if the attribute filter contains an attribute they are not authorized to see. However, the code still returns objects as results if confidential attribute is in the search expression itself, but not in the attribute filter. To fix this problem we have to check the access rights on the attributes in the search-tree, as well as the attributes returned in the message. Points of note: - I've preserved the existing dirsync logic (the dirsync module code suppresses the result as long as the replPropertyMetaData attribute is removed). However, there doesn't appear to be any test that highlights that this functionality is required for dirsync. - To avoid this fix breaking the acl.py tests, we need to still permit searches like 'objectClass=*', even though we don't have Read Property access rights for the objectClass attribute. The logic that Windows uses does not appear to be clearly documented, so I've made a best guess that seems to mirror Windows behaviour. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
| * CVE-2018-10919 acl_read: Flip the logic in the dirsync checkTim Beale2018-08-111-10/+7
| | | | | | | | | | | | | | | | | | This better reflects the special case we're making for dirsync, and gets rid of a 'if-else' clause. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
| * CVE-2018-10919 acl_read: Small refactor to aclread_callback()Tim Beale2018-08-111-14/+17
| | | | | | | | | | | | | | | | | | Flip the dirsync check (to avoid a double negative), and use a helper boolean variable. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
| * CVE-2018-10919 acl_read: Split access_mask logic out into helper functionTim Beale2018-08-111-19/+35
| | | | | | | | | | | | | | | | So we can re-use the same logic laster for checking the search-ops. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
| * CVE-2018-10919 tests: test ldap searches for non-existent attributes.Gary Lockyer2018-08-111-0/+9
| | | | | | | | | | | | | | | | | | It is perfectly legal to search LDAP for an attribute that is not part of the schema. That part of the query should simply not match. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
| * CVE-2018-10919 tests: Add test case for object visibility with limited rightsTim Beale2018-08-111-0/+68
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently Samba is a bit disclosive with LDB_OP_PRESENT (i.e. attribute=*) searches compared to Windows. All the acl.py tests are based on objectClass=* searches, where Windows will happily tell a user about objects they have List Contents rights, but not Read Property rights for. However, if you change the attribute being searched for, suddenly the objects are no longer visible on Windows (whereas they are on Samba). This is a problem, because Samba can tell you about which objects have confidential attributes, which in itself could be disclosive. This patch adds a acl.py test-case that highlights this behaviour. The test passes against Windows but fails against Samba. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
| * CVE-2018-10919 tests: Add tests for guessing confidential attributesTim Beale2018-08-112-0/+923
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds tests that assert that a confidential attribute cannot be guessed by an unprivileged user through wildcard DB searches. The tests basically consist of a set of DB searches/assertions that get run for: - basic searches against a confidential attribute - confidential attributes that get overridden by giving access to the user via an ACE (run against a variety of ACEs) - protecting a non-confidential attribute via an ACL that denies read- access (run against a variety of ACEs) - querying confidential attributes via the dirsync controls These tests all pass when run against a Windows Dc and all fail against a Samba DC. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
| * CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when not ↵Andrew Bartlett2018-08-112-1/+45
| | | | | | | | | | | | | | | | | | | | | | | | | | | | servicePrincipalName is set on a user This regression was introduced in Samba 4.7 by bug 12842 and in master git commit eb2e77970e41c1cb62c041877565e939c78ff52d. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13552 CVE-2018-10918: Denial of Service Attack on AD DC DRSUAPI server. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* | dns wildcards: fix BUG 13536Gary Lockyer2018-07-281-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | The current position in the dns name was not advanced past the '.' character Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Jul 20 04:40:31 CEST 2018 on sn-devel-144 (cherry picked from commit cef1b31cd1f33074e8ab6de52aa0fb74e9b57a9f)
* | s4: torture: run test_durable_v2_open_reopen2_lease() in a subdirectoryRalph Boehme2018-07-281-2/+9
| | | | | | | | | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=13535 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 725319743f1f2de934cbde477ca84430f5b2b4b4)
* | s4:librpc: autonegotiate SMB1/2/3Stefan Metzmacher2018-07-281-139/+120
| | | | | | | | | | | | | | | | | | | | | | | | Windows Server 1709 defaults to SMB2 and does not have SMB1 enabled. When establishing trust, samba-tool does not specify SMB protocol version and fail by default. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> (cherry picked from commit 4422f7382aad3090cb959ade030a02bf4fef81ac)
* | s4:libcli: add smb_connect_nego_{send,recv}()Stefan Metzmacher2018-07-283-5/+246
| | | | | | | | | | | | | | | | | | | | | | This can be used to create a connection up to a negotiated smbXcli_conn. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> (cherry picked from commit e4910f35eab008a41cfcac3d97b3647c721ac679)
* | s4:libcli: allow a fallback to NTLMSSP if SPNEGO is not supported locallyStefan Metzmacher2018-07-281-5/+30
| | | | | | | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> (cherry picked from commit 5188454bdce80f6e2bfc45deca18bd1b7289a7a6)
* | s4:libcli: add fallback_to_anonymous to smb2_connect_send()Stefan Metzmacher2018-07-282-0/+33
| | | | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> (cherry picked from commit ca000d8901e6acb8a7c59d26d4f75c9d92bafece)
* | s4:libcli: allow passing an already negotiated connection to smb2_connect_send()Stefan Metzmacher2018-07-282-0/+22
| | | | | | | | | | | | | | | | | | | | It will just do the session setup and tree connect steps. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> (cherry picked from commit f20e607c15b4c8ae56ade5d7e68d832542a2cd5e)
* | s4:libcli: split out smb2_connect_session_start()Stefan Metzmacher2018-07-281-4/+12
| | | | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> (cherry picked from commit 5ad5b81b6ef601596583b4ad7d6a14241fa99a71)
* | s4:libcli: add smb2_transport_raw_init()Stefan Metzmacher2018-07-281-0/+35
| | | | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> (cherry picked from commit ce2248c4b5aad2d00155a2e77b3e6340ce824979)
* | s4:libcli: allow passing an already negotiated connection to ↵Stefan Metzmacher2018-07-284-10/+41
| | | | | | | | | | | | | | | | | | | | | | | | smb_composite_connect() It will just do the session setup and tree connect steps. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> (cherry picked from commit 2b68f9b8b0dd944fa89b9e0037886ddd4fb4e5f9)
* | s4:libcli: use talloc_zero() for struct smb_composite_connect in fetchfile.cStefan Metzmacher2018-07-281-1/+1
| | | | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> (cherry picked from commit 87d73397f9a9dee8fa0055a2ff08244b2c85e120)
* | s4:libcli: add smbcli_transport_raw_init()Stefan Metzmacher2018-07-281-0/+44
| | | | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> (cherry picked from commit b7e99c2571e31971a6d7f1898e7458c16dc1031e)
* | s4:libcli: split out smb_raw_negotiate_fill_transport()Stefan Metzmacher2018-07-281-30/+44
| | | | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> (cherry picked from commit 17b12a9b9a9dfd859679de77aa0c7ffbc782f1bc)
* | s4:torture/vfs/fruit: adjust test testing basefile rename to expect failureRalph Boehme2018-07-121-21/+4
| | | | | | | | | | | | | | | | | | | | | | Renaming a basefile that has open streams must fail with NT_STATUS_ACCESS_DENIED. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13451 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit f166207fc0344b51879d863857055ab7ff36a09b)
* | s4:torture/smb2/streams: try to rename basefile while is has open streamsRalph Boehme2018-07-121-0/+82
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This tests the following: - create a file with a stream - open the the stream and keep it open - on a second connection, try to rename the basefile, this should fail with NT_STATUS_ACCESS_DENIED Bug: https://bugzilla.samba.org/show_bug.cgi?id=13451 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 00d19bdab15102083b8ba395ede161824c898be1)
* | s4:torture: test setting EOF of a stream to 0 with enabled AAPL extensionsRalph Boehme2018-07-121-0/+197
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | macOS SMB server uses xattrs as storage backend for streams, directly exposing xattr get/set characteristics. Setting EOF on a stream to 0 just deletes the xattr as macOS doesn't support 0-byte sized xattrs. Note that this does not apply to the AFP_AfpInfo and AFP_Resource streams, they have even stranger semantics and we have other tests for those. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13441 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit cf5d471544f0cb0d072e4af1ee36798580d32897)
* | s4:torture/vfs/fruit: decrease large resource fork size in test from 1 GB to ↵Ralph Boehme2018-07-121-2/+2
| | | | | | | | | | | | | | | | | | | | | | 64 MB 64 MB is a more realistic value and lets the test pass on FreeBSD with fruit:resource=stream and vfs_streams_xattr. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 2729b4329af0ad0b6a8bd188450b8abd76670d8a)
* | s4:kcc: Add a NULL check before qsort()Andreas Schneider2018-06-271-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ../source4/dsdb/kcc/kcc_topology.c: In function ‘kcctpl_get_all_bridgehead_dcs.constprop’: ../source4/dsdb/kcc/kcc_topology.c:1330:3: error: argument 1 null where non-null expected [-Werror=nonnull] qsort(bridgeheads.data, bridgeheads.count, ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-7-test): Wed Jun 27 14:52:13 CEST 2018 on sn-devel-144
* | samdb: Fix build error with gcc8Andreas Schneider2018-06-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ../source4/dsdb/samdb/ldb_modules/samldb.c: In function ‘samldb_add’: ../source4/dsdb/samdb/ldb_modules/samldb.c:424:6: error: ‘found’ may be used uninitialized in this function [-Werror=maybe-uninitialized] if (found) { ^ ../source4/dsdb/samdb/ldb_modules/samldb.c:348:11: note: ‘found’ was declared here bool ok, found; ^~~~~ BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> (cherry picked from commit 76828876faa3cd463023e323983df0be597c7361)
* | s4:ntvfs: Fix string copy of share_nameAndreas Schneider2018-06-271-2/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | ../source4/ntvfs/ipc/rap_server.c:70:3: error: ‘strncpy’ specified bound 13 equals destination size [-Werror=stringop-truncation] strncpy((char *)r->out.info[j].info1.share_name, ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ snames[i], ~~~~~~~~~~ sizeof(r->out.info[0].info1.share_name)); ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> (cherry picked from commit 609ef35c12900bbd5ecaa557f7b5d71b5784a103)
* | s4:torture: Use strlcpy() in gen_name()Andreas Schneider2018-06-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ../source4/torture/basic/mangle_test.c: In function ‘gen_name’: ../source4/torture/basic/mangle_test.c:148:3: error: ‘strncpy’ output truncated before terminating nul copying 5 bytes from a string of the same length [-Werror=stringop-truncation] strncpy(p, "ABCDE", 5); ^~~~~~~~~~~~~~~~~~~~~~ BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> (cherry picked from commit 7a00d90d668f53914ffe035c41a5e79e60b51521)
* | s4-torture: fix format-truncation warning in smb2 session tests.Günther Deschner2018-06-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ../source4/torture/smb2/session.c: In function ‘test_session_reauth5’: ../source4/torture/smb2/session.c:645:36: error: ‘\file.dat’ directive output may be truncated writing 9 bytes into a region of size between 1 and 256 [-Werror=format-truncation=] snprintf(fname, sizeof(fname), "%s\\file.dat", dname); ^~~~~~~~~~ ../source4/torture/smb2/session.c:645:2: note: ‘snprintf’ output between 10 and 265 bytes into a destination of size 256 snprintf(fname, sizeof(fname), "%s\\file.dat", dname); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ../source4/torture/smb2/session.c:696:38: error: ‘\file2.dat’ directive output may be truncated writing 10 bytes into a region of size between 1 and 256 [-Werror=format-truncation=] snprintf(fname2, sizeof(fname2), "%s\\file2.dat", dname); ^~~~~~~~~~~ ../source4/torture/smb2/session.c:696:2: note: ‘snprintf’ output between 11 and 266 bytes into a destination of size 256 snprintf(fname2, sizeof(fname2), "%s\\file2.dat", dname); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ cc1: some warnings being treated as errors BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437 Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 5729898248041794ffdd0b769332e015baf12cce)
View Lorry Controller Status