[SCM] Samba Shared Repository - branch master updated
Andreas Schneider
asn at samba.org
Tue Jun 4 23:32:03 UTC 2019
The branch, master has been updated
via 843fbb1207e ctdb-scripts: Fix tcp_tw_recycle existence check
via b9b3acf23e3 ctdb:takeover: add better debugging when a client connects to a non public address
via 3ce9069a65c ctdb:protocol_util: remove 'const' from allocated strings
via dbf3e81f7f0 docs: Improve documentation of "lanman auth" and "ntlm auth" connection
via 046de055215 s3:modules: Put debug msg into the if clause checking the strings exists
via dc82866dd76 nsswitch: cppcheck: Fix ctunullpointer error
via a0ccec6291a lib/util/tests: clang fix Value stored to 'lines' is never read warning
via 71e7b5d14e6 ctdb/server: cppcheck: fix shiftTooManyBitsSigned error
via edbef9e0403 s3/winbdind: cppcheck: fix nullPointerArithmetic error
via 52cf237b1d4 s3/modules: cppcheck: Fix ctunullpointer error
via 4d095bd052c lib/pthreadpool: cppcheck: Fix Memory leak
via e2ee3f89431 s3/rpcclient: cppcheck: Fix shiftTooManyBitsSigned error
via a497fa9bc3f s4/torture/unix: cppcheck: Fix shiftTooManyBitsSigned error
via 43500e4134c s4/torture/smb2: cppcheck: Fix shiftTooManyBitsSigned error
via c8cdc016b4c s4/torture/smb2: cppcheck: Fix shiftTooManyBitsSigned error
via 90a82a41cfd s4/torture/raw: cppcheck: Fix shiftTooManyBitsSigned error
via bb00a7e0188 s4/torture/raw: cppcheck: Fix shiftTooManyBitsSigned error
via f3f79a267ee nsswitch: cppcheck: Fix memleakOnRealloc errors
via 9c7113a418c s4/smdb: cppcheck: fix nullPointer: Possible null pointer dereference warning.
via 8c49cf70fc5 s4/smb_server/smb: cppcheck: Fix uninitvar & uninitStructMember errors
via bcc6b8c2492 s4/rpc_server/dnsserver: clang: fix Value stored to 'status' is never read
via 2bed937e7fb s4/rpc_server/dnsserver: cppcheck: Fix Uninitialized variable error.
via 05d0806e71b s4/ntvfs/cifs: cppcheck: squash nullPointer: Possible null pointer dereference
via 0b6e37c9e80 s3:rpc_server:netlogon: simplify AUTH_TYPE_SCHANNEL check in netr_creds_server_step_check()
via fa5215ce5b9 s3:rpc_server:netlogon: don't require NEG_AUTHENTICATED_RPC in netr_ServerAuthenticate*()
via ead9b93ce5c s4:rpc_server:netlogon: don't require NEG_AUTHENTICATED_RPC in netr_ServerAuthenticate*()
from eb2e29c354c s3-smbcontrol: Replace && with || to declare variables in do_sleep()
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 843fbb1207ee7ac84f3282974b66b9290d8da0ac
Author: Rafael David Tinoco via samba-technical <samba-technical at lists.samba.org>
Date: Sun Jun 2 23:44:15 2019 -0300
ctdb-scripts: Fix tcp_tw_recycle existence check
net.ipv4.tcp_tw_recycle has been removed from Linux 4.12 but, still,
makes sense to check its existence. Unfortunately, current check does
not test for the procfs file existence. This commit fixes the issue.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13984
Signed-off-by: Rafael David Tinoco <rafaeldtinoco at ubuntu.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Jun 4 23:31:24 UTC 2019 on sn-devel-184
commit b9b3acf23e3306ba5cfd1fd254250eef97793921
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Apr 2 10:24:02 2019 +0200
ctdb:takeover: add better debugging when a client connects to a non public address
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
commit 3ce9069a65c5e943c6eda38711f527a9a42c7b6b
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon May 27 12:31:51 2019 +0200
ctdb:protocol_util: remove 'const' from allocated strings
The caller should be able to call TALLOC_FREE() on the returned
strings.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
commit dbf3e81f7f0b28c69dca004b32ea3a7344b0cad3
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat Jun 1 09:04:48 2019 +1200
docs: Improve documentation of "lanman auth" and "ntlm auth" connection
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13981
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 046de055215615697619452f9735cfad01fdbb03
Author: Andreas Schneider <asn at samba.org>
Date: Mon Jun 3 11:00:01 2019 +0200
s3:modules: Put debug msg into the if clause checking the strings exists
error: '%s' directive argument is null [-Werror=format-overflow=]
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
commit dc82866dd76c043f73a93cde061af730cc010695
Author: Noel Power <noel.power at suse.com>
Date: Thu May 23 13:56:39 2019 +0000
nsswitch: cppcheck: Fix ctunullpointer error
Fixes
nsswitch/pam_winbind.c:1379: error: ctunullpointer: Null pointer dereference: info <--[cppcheck]
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit a0ccec6291a219ded9b1a86ddaa18a61456699da
Author: Noel Power <noel.power at suse.com>
Date: Thu May 23 13:52:50 2019 +0000
lib/util/tests: clang fix Value stored to 'lines' is never read warning
Fixes
lib/util/tests/file.c:153:2: warning: Value stored to 'lines' is never read <--[clang]
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 71e7b5d14e65ced795a3d1a63891e94e284f2eb6
Author: Noel Power <noel.power at suse.com>
Date: Thu May 23 13:15:58 2019 +0000
ctdb/server: cppcheck: fix shiftTooManyBitsSigned error
Fixes
ctdb/server/ipalloc_lcp2.c:61: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit edbef9e0403482a66243d3aa8752804fa1666e43
Author: Noel Power <noel.power at suse.com>
Date: Wed May 22 14:17:48 2019 +0000
s3/winbdind: cppcheck: fix nullPointerArithmetic error
Fixes
source3/winbindd/winbindd_cache.c:4386: error: nullPointerArithmetic: Pointer addition with NULL pointer. <--[cppcheck]
source3/winbindd/winbindd_cache.c:4400: error: nullPointerArithmetic: Pointer addition with NULL pointer. <--[cppcheck]
source3/winbindd/winbindd_cache.c:1569:24: warning: Dereference of null pointer <--[clang]
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 52cf237b1d4a2f1d6f5541f3cdbcced95ff6f5ff
Author: Noel Power <noel.power at suse.com>
Date: Wed May 22 14:07:44 2019 +0000
s3/modules: cppcheck: Fix ctunullpointer error
Fixes
source3/modules/vfs_syncops.c:117: error: ctunullpointer: Null pointer dereference: smb_fname <--[cppcheck]
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 4d095bd052cbe55c05835275eec8d9f2cee7f02e
Author: Noel Power <noel.power at suse.com>
Date: Wed May 22 13:16:19 2019 +0000
lib/pthreadpool: cppcheck: Fix Memory leak
Fixes
lib/pthreadpool/tests.c:63: error: memleak: Memory leak: finished <--[cppcheck]
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit e2ee3f8943140df2e52c9778fe43feb544cda977
Author: Noel Power <noel.power at suse.com>
Date: Wed May 22 13:15:19 2019 +0000
s3/rpcclient: cppcheck: Fix shiftTooManyBitsSigned error
Fixes
source3/rpcclient/cmd_srvsvc.c:44: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit a497fa9bc3fd66230270fa6cfd1c5cfd535451e6
Author: Noel Power <noel.power at suse.com>
Date: Wed May 22 13:10:47 2019 +0000
s4/torture/unix: cppcheck: Fix shiftTooManyBitsSigned error
Fixes
source4/torture/unix/unix_info2.c:300: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 43500e4134cfa875d7ba71c2150760c97dded2c8
Author: Noel Power <noel.power at suse.com>
Date: Wed May 22 13:07:28 2019 +0000
s4/torture/smb2: cppcheck: Fix shiftTooManyBitsSigned error
Fixes
source4/torture/smb2/notify.c:974: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/smb2/notify.c:994: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/smb2/notify.c:1002: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/smb2/notify.c:1011: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/smb2/notify.c:1025: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/smb2/notify.c:1040: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/smb2/notify.c:1048: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/smb2/notify.c:1062: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/smb2/notify.c:1081: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/smb2/notify.c:1096: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/smb2/notify.c:1112: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/smb2/notify.c:1125: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit c8cdc016b4c53109454f25ee675d083b556cc134
Author: Noel Power <noel.power at suse.com>
Date: Wed May 22 12:03:36 2019 +0000
s4/torture/smb2: cppcheck: Fix shiftTooManyBitsSigned error
Fixes
source4/torture/smb2/create.c:197: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/smb2/create.c:234: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/smb2/create.c:265: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 90a82a41cfd6981397aa5c4e4b462bf14e57cd66
Author: Noel Power <noel.power at suse.com>
Date: Wed May 22 11:29:33 2019 +0000
s4/torture/raw: cppcheck: Fix shiftTooManyBitsSigned error
Fix
source4/torture/raw/open.c:1009: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/raw/open.c:1048: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit bb00a7e018800c6d70d9d0937183961c7af970b9
Author: Noel Power <noel.power at suse.com>
Date: Wed May 22 11:24:43 2019 +0000
s4/torture/raw: cppcheck: Fix shiftTooManyBitsSigned error
Fix
source4/torture/raw/notify.c:831: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/raw/notify.c:838: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/raw/notify.c:849: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/raw/notify.c:861: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/raw/notify.c:869: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/raw/notify.c:882: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/raw/notify.c:892: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/raw/notify.c:903: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/raw/notify.c:914: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/raw/notify.c:929: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/raw/notify.c:941: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/raw/notify.c:951: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/raw/notify.c:961: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/raw/notify.c:972: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/raw/notify.c:982: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit f3f79a267ee656f22df01e8a7bb9d4db64e78781
Author: Noel Power <noel.power at suse.com>
Date: Wed May 22 11:09:41 2019 +0000
nsswitch: cppcheck: Fix memleakOnRealloc errors
Fixes the following errors
nsswitch/nsstest.c:192: error: memleakOnRealloc: Common realloc mistake: 'buf' nulled but not freed upon failure <--[cppcheck]
nsswitch/nsstest.c:230: error: memleakOnRealloc: Common realloc mistake: 'buf' nulled but not freed upon failure <--[cppcheck]
nsswitch/nsstest.c:269: error: memleakOnRealloc: Common realloc mistake: 'buf' nulled but not freed upon failure <--[cppcheck]
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 9c7113a418ce169b486f86238643e2d03112410b
Author: Noel Power <noel.power at suse.com>
Date: Wed May 22 10:57:53 2019 +0000
s4/smdb: cppcheck: fix nullPointer: Possible null pointer dereference warning.
Insert unreachable return to satisfy the following warnings
source4/smbd/server.c:692: warning: nullPointer: Possible null pointer dereference: state <--[cppcheck]
source4/smbd/server.c:694: warning: nullPointer: Possible null pointer dereference: state <--[cppcheck]
source4/smbd/server.c:699: warning: nullPointer: Possible null pointer dereference: state <--[cppcheck]
source4/smbd/server.c:758: warning: nullPointer: Possible null pointer dereference: state <--[cppcheck]
source4/smbd/server.c:789: warning: nullPointer: Possible null pointer dereference: state <--[cppcheck]
source4/smbd/server.c:849: warning: nullPointer: Possible null pointer dereference: state <--[cppcheck]
source4/smbd/server.c:866: warning: nullPointer: Possible null pointer dereference: state <--[cppcheck]
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 8c49cf70fc519059b8606bc6432c69b2d5ec06ab
Author: Noel Power <noel.power at suse.com>
Date: Wed May 22 10:32:15 2019 +0000
s4/smb_server/smb: cppcheck: Fix uninitvar & uninitStructMember errors
Fixes the following errors (note: existing code is safe the way it is
currently all accesses to the structure are 'after' it is assigned)
source4/smb_server/smb/negprot.c:447: error: uninitvar: Uninitialized variable: blob <--[cppcheck]
source4/smb_server/smb/negprot.c:453: error: uninitStructMember: Uninitialized struct member: blob.data <--[cppcheck]
source4/smb_server/smb/negprot.c:447: error: uninitStructMember: Uninitialized struct member: blob.length <--[cppcheck]
source4/smb_server/smb/negprot.c:453: error: uninitStructMember: Uninitialized struct member: blob.length <--[cppcheck]
source4/smb_server/smb/negprot.c:454: error: uninitStructMember: Uninitialized struct member: blob.length <--[cppcheck]
source4/smb_server/smb/negprot.c:455: error: uninitStructMember: Uninitialized struct member: blob.length <--[cppcheck]
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit bcc6b8c2492b87fb4ac6bdb5075a5831d71bade8
Author: Noel Power <noel.power at suse.com>
Date: Wed May 22 09:47:27 2019 +0000
s4/rpc_server/dnsserver: clang: fix Value stored to 'status' is never read
Fix the following warnings
source4/rpc_server/dnsserver/dcerpc_dnsserver.c:1021: error: uninitvar: Uninitialized variable: answer_integer <--[cppcheck]
source4/rpc_server/dnsserver/dcerpc_dnsserver.c:1723:4: warning: Value stored to 'status' is never read <--[clang]
status = dns_fill_records_array(tmp_ctx, NULL, DNS_TYPE_A,
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
source4/rpc_server/dnsserver/dcerpc_dnsserver.c:1881:4: warning: Value stored to 'status' is never read <--[clang]
status = dns_fill_records_array(tmp_ctx, NULL, DNS_TYPE_A,
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 2bed937e7fbb551bebfed3c76d7bf4317f72b425
Author: Noel Power <noel.power at suse.com>
Date: Wed May 22 09:37:40 2019 +0000
s4/rpc_server/dnsserver: cppcheck: Fix Uninitialized variable error.
source4/rpc_server/dnsserver/dcerpc_dnsserver.c:715: error: uninitvar: Uninitialized variable: answer_integer <--[cppcheck]
This error is benign and somewhat false because the code pointed to does
not run (due to a different check) if answer_integer is not actually
initialsed. It is easy to squash it though by just initialising the var.
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 05d0806e71b6c3c31e4457c239bd2a5886187bf4
Author: Noel Power <noel.power at suse.com>
Date: Wed May 22 09:29:18 2019 +0000
s4/ntvfs/cifs: cppcheck: squash nullPointer: Possible null pointer dereference
Fix the following cppcheck warnings
/home/samba/samba-pidl/source4/ntvfs/cifs/vfs_cifs.c:604: warning: nullPointer: Possible null pointer dereference: file <--[cppcheck]
/home/samba/samba-pidl/source4/ntvfs/cifs/vfs_cifs.c:605: warning: nullPointer: Possible null pointer dereference: file <--[cppcheck]
/home/samba/samba-pidl/source4/ntvfs/cifs/vfs_cifs.c:648: warning: nullPointer: Possible null pointer dereference: file <--[cppcheck]
/home/samba/samba-pidl/source4/ntvfs/cifs/vfs_cifs.c:649: warning: nullPointer: Possible null pointer dereference: file <--[cppcheck]
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 0b6e37c9e801435e094194dd60d9213b4868c3de
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon May 27 13:12:14 2019 +0200
s3:rpc_server:netlogon: simplify AUTH_TYPE_SCHANNEL check in netr_creds_server_step_check()
The gensec schannel module already asserts that at least
AUTH_LEVEL_INTEGRITY is used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13949
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit fa5215ce5b93fb032df341e718d7011e619f0916
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon May 27 12:38:43 2019 +0200
s3:rpc_server:netlogon: don't require NEG_AUTHENTICATED_RPC in netr_ServerAuthenticate*()
The domain join with VMWare Horizon Quickprep seems to use
netr_ServerAuthenticate3() with just the NEG_STRONG_KEYS
(and in addition the NEG_SUPPORTS_AES) just to verify a password.
Note: NETLOGON_NEG_SCHANNEL is an alias to NEG_AUTHENTICATED_RPC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13464 (maybe)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13949
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit ead9b93ce5c2c67bbdb778232805d6d9e70112fc
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon May 27 12:38:43 2019 +0200
s4:rpc_server:netlogon: don't require NEG_AUTHENTICATED_RPC in netr_ServerAuthenticate*()
The domain join with VMWare Horizon Quickprep seems to use
netr_ServerAuthenticate3() with just the NEG_STRONG_KEYS
(and in addition the NEG_SUPPORTS_AES) just to verify a password.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13464 (maybe)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13949
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
-----------------------------------------------------------------------
Summary of changes:
ctdb/config/nfs-linux-kernel-callout | 4 +-
ctdb/protocol/protocol_util.c | 13 ++---
ctdb/protocol/protocol_util.h | 10 ++--
ctdb/server/ctdb_takeover.c | 58 +++++++++++++-------
ctdb/server/ipalloc_lcp2.c | 2 +-
docs-xml/smbdotconf/security/lanmanauth.xml | 14 ++---
docs-xml/smbdotconf/security/ntlmauth.xml | 9 ++--
lib/pthreadpool/tests.c | 6 +++
lib/util/tests/file.c | 2 +-
nsswitch/nsstest.c | 6 +++
nsswitch/pam_winbind.c | 10 ++--
source3/modules/vfs_ceph_snapshots.c | 3 +-
source3/modules/vfs_syncops.c | 12 +++--
source3/rpc_server/netlogon/srv_netlog_nt.c | 52 ++----------------
source3/rpcclient/cmd_srvsvc.c | 2 +-
source3/winbindd/winbindd_cache.c | 6 ++-
source4/ntvfs/cifs/vfs_cifs.c | 9 ++++
source4/rpc_server/dnsserver/dcerpc_dnsserver.c | 11 +++-
source4/rpc_server/netlogon/dcerpc_netlogon.c | 15 ------
source4/smb_server/smb/negprot.c | 2 +-
source4/smbd/server.c | 71 ++++++++++++++++++++++++-
source4/torture/raw/notify.c | 4 +-
source4/torture/raw/open.c | 5 +-
source4/torture/smb2/create.c | 6 +--
source4/torture/smb2/notify.c | 4 +-
source4/torture/unix/unix_info2.c | 2 +-
26 files changed, 205 insertions(+), 133 deletions(-)
Changeset truncated at 500 lines:
diff --git a/ctdb/config/nfs-linux-kernel-callout b/ctdb/config/nfs-linux-kernel-callout
index def69a04649..71d8ecf8074 100755
--- a/ctdb/config/nfs-linux-kernel-callout
+++ b/ctdb/config/nfs-linux-kernel-callout
@@ -281,8 +281,8 @@ nfs_startup ()
basic_stop "nfs" || true
basic_start "nfs"
_f="${PROCFS_PATH}/sys/net/ipv4/tcp_tw_recycle"
- if [ "$_f" ] ; then
- echo 1 >"$_f"
+ if [ -f "$_f" ] ; then
+ echo 1 >"$_f"
fi
}
diff --git a/ctdb/protocol/protocol_util.c b/ctdb/protocol/protocol_util.c
index d120213b70a..f43afbc58d0 100644
--- a/ctdb/protocol/protocol_util.c
+++ b/ctdb/protocol/protocol_util.c
@@ -155,8 +155,9 @@ int ctdb_sock_addr_to_buf(char *buf, socklen_t buflen,
return 0;
}
-const char *ctdb_sock_addr_to_string(TALLOC_CTX *mem_ctx,
- ctdb_sock_addr *addr, bool with_port)
+char *ctdb_sock_addr_to_string(TALLOC_CTX *mem_ctx,
+ ctdb_sock_addr *addr,
+ bool with_port)
{
size_t len = 64;
char *cip;
@@ -493,9 +494,9 @@ int ctdb_connection_to_buf(char *buf, size_t buflen,
return 0;
}
-const char *ctdb_connection_to_string(TALLOC_CTX *mem_ctx,
- struct ctdb_connection *conn,
- bool client_first)
+char *ctdb_connection_to_string(TALLOC_CTX *mem_ctx,
+ struct ctdb_connection *conn,
+ bool client_first)
{
const size_t len = 128;
char *out;
@@ -612,7 +613,7 @@ int ctdb_connection_list_sort(struct ctdb_connection_list *conn_list)
return 0;
}
-const char *ctdb_connection_list_to_string(
+char *ctdb_connection_list_to_string(
TALLOC_CTX *mem_ctx,
struct ctdb_connection_list *conn_list, bool client_first)
{
diff --git a/ctdb/protocol/protocol_util.h b/ctdb/protocol/protocol_util.h
index a51cbcdda98..b01db8e9934 100644
--- a/ctdb/protocol/protocol_util.h
+++ b/ctdb/protocol/protocol_util.h
@@ -37,7 +37,7 @@ enum ctdb_event ctdb_event_from_string(const char *event_str);
*/
int ctdb_sock_addr_to_buf(char *buf, socklen_t buflen,
ctdb_sock_addr *addr, bool with_port);
-const char *ctdb_sock_addr_to_string(TALLOC_CTX *mem_ctx,
+char *ctdb_sock_addr_to_string(TALLOC_CTX *mem_ctx,
ctdb_sock_addr *addr, bool with_port);
int ctdb_sock_addr_from_string(const char *str,
ctdb_sock_addr *addr, bool with_port);
@@ -57,16 +57,16 @@ bool ctdb_sock_addr_same(const ctdb_sock_addr *addr1,
int ctdb_connection_to_buf(char *buf, size_t buflen,
struct ctdb_connection * conn, bool client_first);
-const char *ctdb_connection_to_string(TALLOC_CTX *mem_ctx,
- struct ctdb_connection * conn,
- bool client_first);
+char *ctdb_connection_to_string(TALLOC_CTX *mem_ctx,
+ struct ctdb_connection * conn,
+ bool client_first);
int ctdb_connection_from_string(const char *str, bool client_first,
struct ctdb_connection *conn);
int ctdb_connection_list_add(struct ctdb_connection_list *conn_list,
struct ctdb_connection *conn);
int ctdb_connection_list_sort(struct ctdb_connection_list *conn_list);
-const char *ctdb_connection_list_to_string(
+char *ctdb_connection_list_to_string(
TALLOC_CTX *mem_ctx,
struct ctdb_connection_list *conn_list, bool client_first);
int ctdb_connection_list_read(TALLOC_CTX *mem_ctx,
diff --git a/ctdb/server/ctdb_takeover.c b/ctdb/server/ctdb_takeover.c
index 424d0d6ff4a..d8dc1c34af5 100644
--- a/ctdb/server/ctdb_takeover.c
+++ b/ctdb/server/ctdb_takeover.c
@@ -1243,7 +1243,8 @@ int32_t ctdb_control_tcp_client(struct ctdb_context *ctdb, uint32_t client_id,
TDB_DATA data;
struct ctdb_client_ip *ip;
struct ctdb_vnn *vnn;
- ctdb_sock_addr addr;
+ ctdb_sock_addr src_addr;
+ ctdb_sock_addr dst_addr;
/* If we don't have public IPs, tickles are useless */
if (ctdb->vnn == NULL) {
@@ -1252,36 +1253,54 @@ int32_t ctdb_control_tcp_client(struct ctdb_context *ctdb, uint32_t client_id,
tcp_sock = (struct ctdb_connection *)indata.dptr;
- addr = tcp_sock->src;
- ctdb_canonicalize_ip(&addr, &tcp_sock->src);
- addr = tcp_sock->dst;
- ctdb_canonicalize_ip(&addr, &tcp_sock->dst);
+ src_addr = tcp_sock->src;
+ ctdb_canonicalize_ip(&src_addr, &tcp_sock->src);
+ ZERO_STRUCT(src_addr);
+ memcpy(&src_addr, &tcp_sock->src, sizeof(src_addr));
+
+ dst_addr = tcp_sock->dst;
+ ctdb_canonicalize_ip(&dst_addr, &tcp_sock->dst);
+ ZERO_STRUCT(dst_addr);
+ memcpy(&dst_addr, &tcp_sock->dst, sizeof(dst_addr));
- ZERO_STRUCT(addr);
- memcpy(&addr, &tcp_sock->dst, sizeof(addr));
- vnn = find_public_ip_vnn(ctdb, &addr);
+ vnn = find_public_ip_vnn(ctdb, &dst_addr);
if (vnn == NULL) {
- switch (addr.sa.sa_family) {
+ char *src_addr_str = NULL;
+ char *dst_addr_str = NULL;
+
+ switch (dst_addr.sa.sa_family) {
case AF_INET:
- if (ntohl(addr.ip.sin_addr.s_addr) != INADDR_LOOPBACK) {
- DEBUG(DEBUG_ERR,("Could not add client IP %s. This is not a public address.\n",
- ctdb_addr_to_str(&addr)));
+ if (ntohl(dst_addr.ip.sin_addr.s_addr) == INADDR_LOOPBACK) {
+ /* ignore ... */
+ return 0;
}
break;
case AF_INET6:
- DEBUG(DEBUG_ERR,("Could not add client IP %s. This is not a public ipv6 address.\n",
- ctdb_addr_to_str(&addr)));
break;
default:
- DEBUG(DEBUG_ERR,(__location__ " Unknown family type %d\n", addr.sa.sa_family));
+ DEBUG(DEBUG_ERR,(__location__ " Unknown family type %d\n",
+ dst_addr.sa.sa_family));
+ return 0;
}
+ src_addr_str = ctdb_sock_addr_to_string(client, &src_addr, false);
+ dst_addr_str = ctdb_sock_addr_to_string(client, &dst_addr, false);
+ DEBUG(DEBUG_ERR,(
+ "Could not register TCP connection from "
+ "%s to %s (not a public address) (port %u) "
+ "(client_id %u pid %u).\n",
+ src_addr_str,
+ dst_addr_str,
+ ctdb_sock_addr_port(&dst_addr),
+ client_id, client->pid));
+ TALLOC_FREE(src_addr_str);
+ TALLOC_FREE(dst_addr_str);
return 0;
}
if (vnn->pnn != ctdb->pnn) {
DEBUG(DEBUG_ERR,("Attempt to register tcp client for IP %s we don't hold - failing (client_id %u pid %u)\n",
- ctdb_addr_to_str(&addr),
+ ctdb_addr_to_str(&dst_addr),
client_id, client->pid));
/* failing this call will tell smbd to die */
return -1;
@@ -1291,7 +1310,7 @@ int32_t ctdb_control_tcp_client(struct ctdb_context *ctdb, uint32_t client_id,
CTDB_NO_MEMORY(ctdb, ip);
ip->ctdb = ctdb;
- ip->addr = addr;
+ ip->addr = dst_addr;
ip->client_id = client_id;
talloc_set_destructor(ip, ctdb_client_ip_destructor);
DLIST_ADD(ctdb->client_ip_list, ip);
@@ -1310,7 +1329,7 @@ int32_t ctdb_control_tcp_client(struct ctdb_context *ctdb, uint32_t client_id,
data.dptr = (uint8_t *)&t;
data.dsize = sizeof(t);
- switch (addr.sa.sa_family) {
+ switch (dst_addr.sa.sa_family) {
case AF_INET:
DEBUG(DEBUG_INFO,("registered tcp client for %u->%s:%u (client_id %u pid %u)\n",
(unsigned)ntohs(tcp_sock->dst.ip.sin_port),
@@ -1324,7 +1343,8 @@ int32_t ctdb_control_tcp_client(struct ctdb_context *ctdb, uint32_t client_id,
(unsigned)ntohs(tcp_sock->src.ip6.sin6_port), client_id, client->pid));
break;
default:
- DEBUG(DEBUG_ERR,(__location__ " Unknown family %d\n", addr.sa.sa_family));
+ DEBUG(DEBUG_ERR,(__location__ " Unknown family %d\n",
+ dst_addr.sa.sa_family));
}
diff --git a/ctdb/server/ipalloc_lcp2.c b/ctdb/server/ipalloc_lcp2.c
index 565b58c9a0c..1146bb60f16 100644
--- a/ctdb/server/ipalloc_lcp2.c
+++ b/ctdb/server/ipalloc_lcp2.c
@@ -58,7 +58,7 @@ static uint32_t ip_distance(ctdb_sock_addr *ip1, ctdb_sock_addr *ip2)
/* Count number of leading zeroes.
* FIXME? This could be optimised...
*/
- while ((x & (1 << 31)) == 0) {
+ while ((x & ((uint32_t)1 << 31)) == 0) {
x <<= 1;
distance += 1;
}
diff --git a/docs-xml/smbdotconf/security/lanmanauth.xml b/docs-xml/smbdotconf/security/lanmanauth.xml
index a9e4f88b89f..97f2fb04dcb 100644
--- a/docs-xml/smbdotconf/security/lanmanauth.xml
+++ b/docs-xml/smbdotconf/security/lanmanauth.xml
@@ -24,16 +24,18 @@
auth is re-enabled later on.
</para>
- <para>Unlike the <command moreinfo="none">encrypt
- passwords</command> option, this parameter cannot alter client
+ <para>Unlike the <parameter moreinfo="none">encrypt
+ passwords</parameter> option, this parameter cannot alter client
behaviour, and the LANMAN response will still be sent over the
network. See the <command moreinfo="none">client lanman
auth</command> to disable this for Samba's clients (such as smbclient)</para>
- <para>If this option, and <command moreinfo="none">ntlm
- auth</command> are both disabled, then only NTLMv2 logins will be
- permited. Not all clients support NTLMv2, and most will require
- special configuration to use it.</para>
+ <para>This parameter is overriden by <parameter moreinfo="none">ntlm
+ auth</parameter>, so unless that it is also set to
+ <constant>ntlmv1-permitted</constant> or <constant>yes</constant>,
+ then only NTLMv2 logins will be permited and no LM hash will be
+ stored. All modern clients support NTLMv2, and but some older
+ clients require special configuration to use it.</para>
</description>
<value type="default">no</value>
diff --git a/docs-xml/smbdotconf/security/ntlmauth.xml b/docs-xml/smbdotconf/security/ntlmauth.xml
index dceae44d81b..dd5dbaea117 100644
--- a/docs-xml/smbdotconf/security/ntlmauth.xml
+++ b/docs-xml/smbdotconf/security/ntlmauth.xml
@@ -19,11 +19,9 @@
control NTLM authentiation for domain users, this must option must
be configured on each DC.</para>
- <para>By default with <command moreinfo="none">lanman
- auth</command> set to <constant>no</constant> and
- <command moreinfo="none">ntlm auth</command> set to
+ <para>By default with <command moreinfo="none">ntlm auth</command> set to
<constant>ntlmv2-only</constant> only NTLMv2 logins will be
- permited. Most clients support NTLMv2 by default, but some older
+ permited. All modern clients support NTLMv2 by default, but some older
clients will require special configuration to use it.</para>
<para>The primary user of NTLMv1 is MSCHAPv2 for VPNs and 802.1x.</para>
@@ -35,6 +33,9 @@
<para><constant>ntlmv1-permitted</constant>
(alias <constant>yes</constant>) - Allow NTLMv1 and above for all clients.</para>
+ <para>This is the required setting for to enable the <parameter
+ moreinfo="none">lanman auth</parameter> parameter.</para>
+
</listitem>
<listitem>
diff --git a/lib/pthreadpool/tests.c b/lib/pthreadpool/tests.c
index d57754603a2..08cb59ecf59 100644
--- a/lib/pthreadpool/tests.c
+++ b/lib/pthreadpool/tests.c
@@ -60,6 +60,7 @@ static int test_jobs(int num_threads, int num_jobs)
if (ret != 0) {
fprintf(stderr, "pthreadpool_pipe_init failed: %s\n",
strerror(ret));
+ free(finished);
return -1;
}
@@ -68,6 +69,7 @@ static int test_jobs(int num_threads, int num_jobs)
if (ret != 0) {
fprintf(stderr, "pthreadpool_pipe_add_job failed: "
"%s\n", strerror(ret));
+ free(finished);
return -1;
}
}
@@ -78,10 +80,12 @@ static int test_jobs(int num_threads, int num_jobs)
if (ret < 0) {
fprintf(stderr, "pthreadpool_pipe_finished_jobs "
"failed: %s\n", strerror(-ret));
+ free(finished);
return -1;
}
if ((ret != 1) || (jobid >= num_jobs)) {
fprintf(stderr, "invalid job number %d\n", jobid);
+ free(finished);
return -1;
}
finished[jobid] += 1;
@@ -91,6 +95,7 @@ static int test_jobs(int num_threads, int num_jobs)
if (finished[i] != 1) {
fprintf(stderr, "finished[%d] = %d\n",
i, finished[i]);
+ free(finished);
return -1;
}
}
@@ -99,6 +104,7 @@ static int test_jobs(int num_threads, int num_jobs)
if (ret != 0) {
fprintf(stderr, "pthreadpool_pipe_destroy failed: %s\n",
strerror(ret));
+ free(finished);
return -1;
}
diff --git a/lib/util/tests/file.c b/lib/util/tests/file.c
index ca0416e20e6..55c9d4cec9a 100644
--- a/lib/util/tests/file.c
+++ b/lib/util/tests/file.c
@@ -150,7 +150,7 @@ static bool test_file_lines_load(struct torture_context *tctx)
strlen(TEST_DATA_EMPTY)),
"saving file");
- lines = file_lines_load(TEST_FILENAME, &numlines, 0, mem_ctx);
+ (void)file_lines_load(TEST_FILENAME, &numlines, 0, mem_ctx);
torture_assert_int_equal(tctx, numlines, 0, "Lines");
diff --git a/nsswitch/nsstest.c b/nsswitch/nsstest.c
index 6d92806cffc..e8c4306441d 100644
--- a/nsswitch/nsstest.c
+++ b/nsswitch/nsstest.c
@@ -188,9 +188,11 @@ static struct group *nss_getgrent(void)
again:
status = _nss_getgrent_r(&grp, buf, buflen, &nss_errno);
if (status == NSS_STATUS_TRYAGAIN) {
+ char *oldbuf = buf;
buflen *= 2;
buf = (char *)realloc(buf, buflen);
if (!buf) {
+ SAFE_FREE(oldbuf);
return NULL;
}
goto again;
@@ -226,9 +228,11 @@ static struct group *nss_getgrnam(const char *name)
again:
status = _nss_getgrnam_r(name, &grp, buf, buflen, &nss_errno);
if (status == NSS_STATUS_TRYAGAIN) {
+ char *oldbuf = buf;
buflen *= 2;
buf = (char *)realloc(buf, buflen);
if (!buf) {
+ SAFE_FREE(oldbuf);
return NULL;
}
goto again;
@@ -265,9 +269,11 @@ static struct group *nss_getgrgid(gid_t gid)
again:
status = _nss_getgrgid_r(gid, &grp, buf, buflen, &nss_errno);
if (status == NSS_STATUS_TRYAGAIN) {
+ char *oldbuf = buf;
buflen *= 2;
buf = (char *)realloc(buf, buflen);
if (!buf) {
+ SAFE_FREE(oldbuf);
return NULL;
}
goto again;
diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c
index 0ba1955f007..7841377fdd6 100644
--- a/nsswitch/pam_winbind.c
+++ b/nsswitch/pam_winbind.c
@@ -1375,14 +1375,16 @@ static void _pam_set_data_string(struct pwb_context *ctx,
static void _pam_set_data_info3(struct pwb_context *ctx,
const struct wbcAuthUserInfo *info)
{
- _pam_set_data_string(ctx, PAM_WINBIND_HOMEDIR,
+ if (info != NULL) {
+ _pam_set_data_string(ctx, PAM_WINBIND_HOMEDIR,
info->home_directory);
- _pam_set_data_string(ctx, PAM_WINBIND_LOGONSCRIPT,
+ _pam_set_data_string(ctx, PAM_WINBIND_LOGONSCRIPT,
info->logon_script);
- _pam_set_data_string(ctx, PAM_WINBIND_LOGONSERVER,
+ _pam_set_data_string(ctx, PAM_WINBIND_LOGONSERVER,
info->logon_server);
- _pam_set_data_string(ctx, PAM_WINBIND_PROFILEPATH,
+ _pam_set_data_string(ctx, PAM_WINBIND_PROFILEPATH,
info->profile_path);
+ }
}
/**
diff --git a/source3/modules/vfs_ceph_snapshots.c b/source3/modules/vfs_ceph_snapshots.c
index 4183069a5c2..0012962ac97 100644
--- a/source3/modules/vfs_ceph_snapshots.c
+++ b/source3/modules/vfs_ceph_snapshots.c
@@ -500,9 +500,10 @@ static bool ceph_snap_gmt_strip_snapshot(struct vfs_handle_struct *handle,
memcpy(_stripped_buf + len_before_gmt, q, rest_len);
}
_stripped_buf[dst_len] = '\0';
+ DBG_DEBUG("GMT token in %s stripped to %s\n",
+ name, _stripped_buf);
}
*_timestamp = timestamp;
- DBG_DEBUG("GMT token in %s stripped to %s\n", name, _stripped_buf);
return 0;
no_snapshot:
*_timestamp = 0;
diff --git a/source3/modules/vfs_syncops.c b/source3/modules/vfs_syncops.c
index f94588c60ed..0a51fdf6e7a 100644
--- a/source3/modules/vfs_syncops.c
+++ b/source3/modules/vfs_syncops.c
@@ -113,11 +113,13 @@ static void syncops_two_names(const char *name1, const char *name2)
*/
static void syncops_smb_fname(const struct smb_filename *smb_fname)
{
- char *parent;
- parent = parent_dir(NULL, smb_fname->base_name);
- if (parent) {
- syncops_sync_directory(parent);
- talloc_free(parent);
+ char *parent = NULL;
+ if (smb_fname != NULL) {
+ parent = parent_dir(NULL, smb_fname->base_name);
+ if (parent != NULL) {
+ syncops_sync_directory(parent);
+ talloc_free(parent);
+ }
}
}
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
index a846a728f24..1bc5d62f979 100644
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -926,7 +926,7 @@ NTSTATUS _netr_ServerAuthenticate3(struct pipes_struct *p,
srv_flgs |= NETLOGON_NEG_SUPPORTS_AES;
}
- if (lp_server_schannel() != false) {
+ if (in_neg_flags & NETLOGON_NEG_SCHANNEL) {
srv_flgs |= NETLOGON_NEG_SCHANNEL;
}
@@ -967,17 +967,6 @@ NTSTATUS _netr_ServerAuthenticate3(struct pipes_struct *p,
goto out;
}
- if ( (lp_server_schannel() == true) &&
- ((in_neg_flags & NETLOGON_NEG_SCHANNEL) == 0) ) {
-
- /* schannel must be used, but client did not offer it. */
- DEBUG(0,("%s: schannel required but client failed "
- "to offer it. Client was %s\n",
- fn, r->in.account_name));
- status = NT_STATUS_ACCESS_DENIED;
- goto out;
- }
-
status = get_md4pw(&mach_pwd,
r->in.account_name,
r->in.secure_channel_type,
@@ -1071,36 +1060,6 @@ NTSTATUS _netr_ServerAuthenticate2(struct pipes_struct *p,
return _netr_ServerAuthenticate3(p, &a);
}
-/*************************************************************************
- * If schannel is required for this call test that it actually is available.
- *************************************************************************/
-static NTSTATUS schannel_check_required(struct pipe_auth_data *auth_info,
- const char *computer_name,
- bool integrity, bool privacy)
-{
- if (auth_info && auth_info->auth_type == DCERPC_AUTH_TYPE_SCHANNEL) {
- if (!privacy && !integrity) {
- return NT_STATUS_OK;
- }
-
- if ((!privacy && integrity) &&
- auth_info->auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) {
- return NT_STATUS_OK;
- }
-
- if ((privacy || integrity) &&
- auth_info->auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
- return NT_STATUS_OK;
- }
- }
-
- /* test didn't pass */
- DEBUG(0, ("schannel_check_required: [%s] is not using schannel\n",
- computer_name));
-
- return NT_STATUS_ACCESS_DENIED;
-}
-
--
Samba Shared Repository
More information about the samba-cvs
mailing list