[Pkg-samba-maint] [Git][samba-team/samba][experimental] 99 commits: VERSION: Bump version up to Samba 4.17.5...
Michael Tokarev (@mjt)
gitlab at salsa.debian.org
Wed Feb 1 20:20:02 GMT 2023
Michael Tokarev pushed to branch experimental at Debian Samba Team / samba
Commits:
72dcfb47 by Jule Anger at 2022-12-15T17:06:06+01:00
VERSION: Bump version up to Samba 4.17.5...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
0d89084e by Volker Lendecke at 2023-01-04T20:20:16+00:00
ctdb: Fix a use-after-free in run_proc
If you happen to talloc_free(run_ctx) before all the tevent_req's
hanging off it, you run into the following:
==495196== Invalid read of size 8
==495196== at 0x10D757: run_proc_state_destructor (run_proc.c:413)
==495196== by 0x488F736: _tc_free_internal (talloc.c:1158)
==495196== by 0x488FBDD: _talloc_free_internal (talloc.c:1248)
==495196== by 0x4890F41: _talloc_free (talloc.c:1792)
==495196== by 0x48538B1: tevent_req_received (tevent_req.c:293)
==495196== by 0x4853429: tevent_req_destructor (tevent_req.c:129)
==495196== by 0x488F736: _tc_free_internal (talloc.c:1158)
==495196== by 0x4890AF6: _tc_free_children_internal (talloc.c:1669)
==495196== by 0x488F967: _tc_free_internal (talloc.c:1184)
==495196== by 0x488FBDD: _talloc_free_internal (talloc.c:1248)
==495196== by 0x4890F41: _talloc_free (talloc.c:1792)
==495196== by 0x10DE62: main (run_proc_test.c:86)
==495196== Address 0x55b77f8 is 152 bytes inside a block of size 160 free'd
==495196== at 0x48399AB: free (vg_replace_malloc.c:538)
==495196== by 0x488FB25: _tc_free_internal (talloc.c:1222)
==495196== by 0x488FBDD: _talloc_free_internal (talloc.c:1248)
==495196== by 0x4890F41: _talloc_free (talloc.c:1792)
==495196== by 0x10D315: run_proc_context_destructor (run_proc.c:329)
==495196== by 0x488F736: _tc_free_internal (talloc.c:1158)
==495196== by 0x488FBDD: _talloc_free_internal (talloc.c:1248)
==495196== by 0x4890F41: _talloc_free (talloc.c:1792)
==495196== by 0x10DE62: main (run_proc_test.c:86)
==495196== Block was alloc'd at
==495196== at 0x483877F: malloc (vg_replace_malloc.c:307)
==495196== by 0x488EAD9: __talloc_with_prefix (talloc.c:783)
==495196== by 0x488EC73: __talloc (talloc.c:825)
==495196== by 0x488F0FC: _talloc_named_const (talloc.c:982)
==495196== by 0x48925B1: _talloc_zero (talloc.c:2421)
==495196== by 0x10C8F2: proc_new (run_proc.c:61)
==495196== by 0x10D4C9: run_proc_send (run_proc.c:381)
==495196== by 0x10DDF6: main (run_proc_test.c:79)
This happens because run_proc_context_destructor() directly does a
talloc_free() on the struct proc_context's and not the enclosing
tevent_req's. run_proc_kill() makes sure that we don't follow
proc->req, but it forgets the "state->proc", which is free()'ed, but
later dereferenced in run_proc_state_destructor().
This is an attempt at a quick fix, I believe we should convert
run_proc_context->plist into an array of tevent_req's, so that we can
properly TALLOC_FREE() according to the "natural" hierarchy and not
just pull an arbitrary thread out of that heap.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15269
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Oct 6 15:10:20 UTC 2022 on sn-devel-184
(cherry picked from commit 688be0177b04d04709813a02ae6da1e983ac25dd)
- - - - -
4f47415e by Andrew at 2023-01-04T20:20:16+00:00
rpc_server:srvsvc - retrieve share ACL via root context
share_info.tdb has permissions of 0o600 and so we need
to become_root() prior to retrieving the security info.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15265
Signed-off-by: Andrew Walker <awalker at ixsystems.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Dec 19 20:41:15 UTC 2022 on sn-devel-184
(cherry picked from commit 80c0b416892bfacc0d919fe032461748d7962f05)
- - - - -
72e6fff0 by Andrew Walker at 2023-01-04T20:20:16+00:00
s3:params:lp_do_section - protect against NULL deref
iServiceIndex may indicate an empty slot in the ServicePtrs
array. In this case, lpcfg_serivce_ok(ServicePtrs[iServiceIndex])
may trigger a NULL deref and crash. Skipping the check
here will cause a scan of the array in add_a_service() and the
NULL slot will be used safely.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15267
Signed-off-by: Andrew Walker <awalker at ixsystems.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Dec 20 18:49:54 UTC 2022 on sn-devel-184
(cherry picked from commit 5b19288949e97a5af742ff2719992d56f21e364a)
- - - - -
0d2acb2e by Andreas Schneider at 2023-01-04T20:20:16+00:00
s3:script: Improve test_chdir_cache.sh
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15268
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 0d1961267cd9e8f1158a407c5d135514c363f37e)
- - - - -
bc05daaf by Andreas Schneider at 2023-01-04T21:23:48+00:00
s3:client: Fix a use-after-free issue in smbclient
Detected by
make test TESTS="samba3.blackbox.chdir-cache"
with an optimized build or with AddressSanitizer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15268
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 9c707b4be27e2a6f79886d3ec8b5066c922b99bd)
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Wed Jan 4 21:23:48 UTC 2023 on sn-devel-184
- - - - -
33a5ca2f by Jeremy Allison at 2023-01-05T10:01:54+00:00
s3: smbd: Strip any leading '\\' characters if the SMB2 DFS flag is set.
MacOS clients send SMB2 DFS pathnames as \server\share\file\name.
Ensure smbd can cope with this by stipping any leading '\\'
characters from an SMB2 packet with the DFS flag set.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15277
NB. The test for this is not back-ported to
4.17 as there are too many changes in the
test infrastructure and supporting client
libraries between 4.17 and master.
Back-ported from c9a6e242d15ee707a2e30f973fd37e80b3225aca.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Thu Jan 5 10:01:54 UTC 2023 on sn-devel-184
- - - - -
658a590b by Volker Lendecke at 2023-01-13T10:54:14+00:00
testprogs: Add testit_grep_count() helper
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 55feb593012fc5b24e795a00081666fca740429c)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15243
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15266
- - - - -
a8934a92 by Stefan Metzmacher at 2023-01-13T10:54:14+00:00
selftest: add samba3.blackbox.registry_share
This demonstrates the regression introduced by
f03665bb7e8ea97699062630f2aa1bac4c5dfc7f, where
registry shares are no longer listed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15243
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15266
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Walker <awalker at ixsystems.com>
(cherry picked from commit a00c7395fbc7974a61a70ae54ea6ae6349933de2)
- - - - -
b1d5552f by Stefan Metzmacher at 2023-01-13T10:54:14+00:00
s3:rpc_server/srvsvc: make sure we (re-)load all shares as root.
This fixes a regression in commit f03665bb7e8ea97699062630f2aa1bac4c5dfc7f
The use of reload_services() has a lot of side effects, e.g. reopen of
log files and other things, which are only useful in smbd, but not in rpcd_classic.
It was also unloading the user and registry shares we loaded a few lines
above.
We need to do all (re-)loading as root, otherwise we won't be able
to read root only smb.conf files, access registry shares, ...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15243
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15266
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Walker <awalker at ixsystems.com>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Dec 29 21:14:02 UTC 2022 on sn-devel-184
(cherry picked from commit f28553105be7465026bcc0fcbbed6a1a8c2133dd)
- - - - -
cedb4ff4 by Stefan Metzmacher at 2023-01-13T10:54:14+00:00
s4:lib/messaging: fix interaction between imessaging_context_destructor and irpc_destructor
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15280
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 0d096931196524a2d1bf59470bc629dc9231131e)
- - - - -
409dd9b2 by Florian Weimer at 2023-01-13T10:54:14+00:00
buildtools/wafsamba: Avoid calling lib_func without a prototype
This is a backport of commit f4c0a750d4adebcf2342a44e85f04526c34
("WAF: Fix detection of linker features")
to buildtools/wafsamba/samba_conftests.py. It fixes the check for
rpath support with compilers in strict C99 mode.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15281
Signed-off-by: Florian Weimer <fweimer at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 75db84b1e59a42737343445c43c41494460c89f0)
- - - - -
fab96048 by Florian Weimer at 2023-01-13T10:54:14+00:00
source3/wscript: Fix detection of major/minor macros
These macros are only available via <sys/sysmacros.h> as of glibc
commit e16deca62e16f645213dffd4ecd1153c37765f17 ("[BZ #19239] Don't
include sys/sysmacros.h from sys/types.h."), which went into
glibc 2.28.
This is different from the usual C99 cleanups because it changes
the configure check result with existing compilers that usually
accept implicit function declarations.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15281
Signed-off-by: Florian Weimer <fweimer at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit d0ee9d5a43072ecbd37327f5dc936c546f97ba34)
- - - - -
69f6517f by Florian Weimer at 2023-01-13T10:54:14+00:00
source3/wscript: Remove implicit int and implicit function declarations
This should fix the remaining C89isms in these configure checks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15281
Signed-off-by: Florian Weimer <fweimer at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 7779050a6765a37cc0c6438309e512782220dcb3)
- - - - -
0bc115f7 by Jones Syue at 2023-01-13T11:56:59+00:00
s3:smbstatus: go to cmdline_messaging_context_free
If the locking.tdb is not found,
(for example, fresh new installed samba server is not running yet)
smbstatus utility would exit earlier,
and lock files are left behind in the directory 'msg.sock' and 'msg.lock'.
Consider that a script to run smbstatus utility in a loop,
this might result in used space slowly growing-up on the underlying filesystem.
Since the samba server is not running yet,
there is no cleanupd daemon could delete these files to reclaim space.
Supposed to use 'ret = 0; goto done;' instead of exit(0),
this would go through the cmdline_messaging_context_free() which deletes
the lock files in the directory msg.sock and msg.lock before smbstatus
utility is exiting.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15282
Signed-off-by: Jones Syue <jonessyue at qnap.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Jan 11 17:08:10 UTC 2023 on sn-devel-184
(cherry picked from commit de5d31f452b2445bd92b1746efb05aa096716af8)
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Fri Jan 13 11:56:59 UTC 2023 on sn-devel-184
- - - - -
a92a0043 by Jeremy Allison at 2023-01-16T09:41:10+00:00
s4: torture: Show return value for smbc_getxattr() is incorrect (returns >0 for success, should return zero).
Add torture test to show smbc_getxattr() should return -1 on
failure, 0 on success.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14808
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
(cherry picked from commit 74636dfe24c15677261fc40c0a4ec62404898cf4)
- - - - -
50330f69 by Jeremy Allison at 2023-01-16T09:41:10+00:00
s3: libsmbclient: Fix smbc_getxattr() to return 0 on success.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14808
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Nov 1 18:31:22 UTC 2022 on sn-devel-184
(cherry picked from commit bdbb38d16c8eaff33484bb747efa639c4d8e7f35)
- - - - -
7b29d407 by Andrew Walker at 2023-01-16T09:41:10+00:00
nsswitch:libwbclient - fix leak in wbcCtxPingDc2
Memory allocated for response is never freed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15164
Signed-off-by: Andrew Walker <awalker at ixsystems.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Sep 6 20:10:17 UTC 2022 on sn-devel-184
(cherry picked from commit aa9f3a2da97ae13cce3e50fe3d58f143200e9a17)
- - - - -
67d388c7 by Jeremy Allison at 2023-01-16T09:41:10+00:00
s4: torture: Add an async SMB2_OP_FLUSH + SMB2_OP_CLOSE test to smb2.compound_async.
Shows we fail sending an SMB2_OP_FLUSH + SMB2_OP_CLOSE
compound. Internally the flush goes async and
we free the req, then we process the close.
When the flush completes it tries to access
already freed data.
Found using the Apple MacOSX client at SNIA SDC 2022.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15172
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 17a110c1b58196eb8ecf3c76eb97e8508976c544)
- - - - -
7b4652b8 by Jeremy Allison at 2023-01-16T09:41:10+00:00
s4: torture: Add an async SMB2_OP_FLUSH + SMB2_OP_FLUSH test to smb2.compound_async.
Shows we fail sending an SMB2_OP_FLUSH + SMB2_OP_FLUSH
compound if we immediately close the file afterward.
Internally the flushes go async and we free the req, then
we process the close. When the flushes complete they try to access
already freed data.
Extra test which will allow me to test when the final
component (flush) of the compound goes async and returns
NT_STATUS_PENDING.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15172
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 6f149dfd9d8d2619a9e18975ebcf5e69df2b7766)
- - - - -
61babd9a by Jeremy Allison at 2023-01-16T09:41:10+00:00
s3: smbd: Add utility function smbd_smb2_is_last_in_compound().
Not yet used. Returns true if we're processing the last SMB2 request in a
compound.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15172
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit e668c3a82cd566b405c976d45659dd79786948de)
- - - - -
1e94c94a by Jeremy Allison at 2023-01-16T09:41:10+00:00
s3: smbd: Cause SMB2_OP_FLUSH to go synchronous in a compound anywhere but the last operation in the list.
Async read and write go synchronous in the same case,
so do the same here.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15172
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Nov 17 05:55:42 UTC 2022 on sn-devel-184
(cherry picked from commit 26adf3344337f4e8d5d2107e6ba42e5ea7656372)
- - - - -
580cfa72 by Jeremy Allison at 2023-01-16T09:41:10+00:00
s3: smbd: In synthetic_pathref() change DBG_ERR -> DBG_NOTICE to avoid spamming the logs.
Can easily be seen by doing make test TESTS=fruit
and looking in st/nt4_dc/smbd_test.log.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15210
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Nov 16 06:00:56 UTC 2022 on sn-devel-184
(cherry picked from commit f0ca9546102acf09f1834c03f8907ed26bfc80f8)
- - - - -
02e63b6d by Jeremy Allison at 2023-01-16T09:41:10+00:00
s4: libcli: Ignore errors when getting A records after fetching AAAA records.
The target may only be available over IPv6.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15226
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Nov 9 20:34:07 UTC 2022 on sn-devel-184
(cherry picked from commit 10537a89bb0b461ba31d614b7c9ed56a842422e7)
- - - - -
669da62d by Jeremy Allison at 2023-01-16T09:41:11+00:00
selftest: Show vfs_virusscanner crashes when traversing a 2-level directory tree.
Modify check_infected_read() test to use a 2-level deep
directory.
We must have vfs_default:VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS = no
set on the virusscanner share as otherwise the openat flag
shortcut defeats the test.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15283
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit c844bff3eca336547c6cedfeeb03adda4eed57c6)
- - - - -
34a90840 by Jeremy Allison at 2023-01-16T10:49:14+00:00
s3: smbd: Tweak openat_pathref_dirfsp_nosymlink() to NULL out fsp->fsp_name after calling fd_close() on intermediate directories, rather than before.
vfs_virusfilter expects a non-NULL fsp->fsp_name to use for printing debugs
(it always indirects fsp->fsp_name). vfs_fruit also does the same, so would
also crash in fruit_close() with 'debug level = 10' and vfs_default:VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS = no
set (we don't test with that which is why we haven't noticed
this before).
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15283
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Jan 13 08:33:47 UTC 2023 on sn-devel-184
(cherry picked from commit 3d3d01cda8d3a6d0d18d1b808aa9414e71d56062)
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Mon Jan 16 10:49:14 UTC 2023 on sn-devel-184
- - - - -
1886a72d by Stefan Metzmacher at 2023-01-19T14:33:06+00:00
VERSION: Bump version up to 4.18.0rc2...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(v4-18-test): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(v4-18-test): Thu Jan 19 14:33:06 UTC 2023 on atb-devel-224
- - - - -
8b97aca0 by Douglas Bagnall at 2023-01-20T12:00:40+00:00
WHATSNEW 4.18: mention samba-tool dsacl delete
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(v4-18-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-18-test): Fri Jan 20 12:00:40 UTC 2023 on atb-devel-224
- - - - -
5a49be37 by Samuel Cabrero at 2023-01-23T09:27:12+00:00
CVE-2022-38023 s3:rpc_server/netlogon: 'server schannel != yes' warning to dcesrv_interface_netlogon_bind
Follow s4 netlogon server changes and move the checks to the RPC bind
hook. Next commits will remove the s3 netr_creds_server_step_check()
function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 8141eae47aad849741beb138fae866c772e4ec4c)
- - - - -
6d31e359 by Samuel Cabrero at 2023-01-23T09:27:12+00:00
CVE-2022-38023 selftest:Samba3: avoid global 'server schannel = auto'
Instead of using the generic deprecated option use the specific
server require schannel:COMPUTERACCOUNT = no in order to allow
legacy tests for pass.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 3cd18690f83d2f85e847fc703ac127b4b04189fc)
- - - - -
71185d09 by Samuel Cabrero at 2023-01-23T09:27:12+00:00
CVE-2022-38023 s4:rpc_server:wscript: Reformat following pycodestyle
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit d9e6b490db3ead7e79bb3ff0c1f9ef8ab8bdc65b)
- - - - -
600a91f4 by Samuel Cabrero at 2023-01-23T09:27:12+00:00
CVE-2022-38023 s4:rpc_server/netlogon: Move schannel and credentials check functions to librpc
Will be used later by s3 netlogon server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 121e7b0e39478c5291100652ac92c263f406076b)
- - - - -
de2e2045 by Samuel Cabrero at 2023-01-23T09:27:12+00:00
CVE-2022-38023 s3:rpc_server/netlogon: Use dcesrv_netr_creds_server_step_check()
After s3 and s4 rpc servers merge we can avoid duplicated code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 25300d354c80995997d552581cd91dddaf4bbf48)
- - - - -
03a65b24 by Samuel Cabrero at 2023-01-23T09:27:12+00:00
CVE-2022-38023 s3:rpc_server/netlogon: make sure all _netr_LogonSamLogon*() calls go through dcesrv_netr_check_schannel()
Some checks are also required for _netr_LogonSamLogonEx().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit ca07f4340ce58a7e940a1123888b7409176412f7)
- - - - -
67cdc5de by Samuel Cabrero at 2023-01-23T09:27:12+00:00
CVE-2022-38023 s3:rpc_server/netlogon: Check for global "server schannel require seal"
By default we'll now require schannel connections with privacy/sealing/encryption.
But we allow exceptions for specific computer/trust accounts.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit a0b97e262318dc56fe663da89b0ee3172b2e7848)
- - - - -
d737d6b8 by Samuel Cabrero at 2023-01-23T09:27:12+00:00
CVE-2022-38023 docs-xml/smbdotconf: The "server schannel require seal[:COMPUTERACCOUNT]" options are also honoured by s3 netlogon server..
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 02fba22b8c9e9b33ab430555ef45500c45eaa9d1)
- - - - -
0b3fab18 by Samuel Cabrero at 2023-01-23T09:27:12+00:00
CVE-2022-38023 s3:rpc_server/netlogon: Avoid unnecessary loadparm_context allocations
After s3 and s4 rpc servers merge the loadparm_context is available in
the dcesrv_context structure.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Jan 9 15:17:14 UTC 2023 on sn-devel-184
(cherry picked from commit 56837f3d3169a02d0d92bd085d9c8250415ce29b)
- - - - -
961eda75 by Stefan Metzmacher at 2023-01-23T09:27:12+00:00
s3:auth: call wbcFreeMemory(info) in auth3_generate_session_info_pac()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit e27084f5d8c3a151c5d0b266118f0d71b641dc85)
- - - - -
cd3479c6 by Jeremy Allison at 2023-01-23T09:27:12+00:00
s3: smbd: Add test to show smbd crashes when doing an FSCTL on a named stream handle.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15236
Signed-off-by: Andrew Walker <awalker at ixsystems.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit abc4495e4591964bb4625c2669a1f84213faab77)
- - - - -
f0729d7a by Jeremy Allison at 2023-01-23T09:27:12+00:00
s3: smbd: Always use metadata_fsp() when processing fsctls.
Currently all fsctls we implement need the base fsp, not
an alternate data stream fsp. We may revisit this later
if we implement fsctls that operate on an ADS.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15236
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Walker <awalker at ixsystems.com>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Nov 14 18:13:31 UTC 2022 on sn-devel-184
(cherry picked from commit fa4eba131b882c3858b28f5fd9864998e19a4510)
- - - - -
85331e00 by Andrew Walker at 2023-01-23T10:27:59+00:00
lib/replace - add extra check to bsd_attr_list
The FreeBSD extattr API may return success and truncated
namelist. We need to check for this in bsd_attr_list to
ensure that we don't accidentally read off the end of the
buffer. In the case of a truncated value, the pascal
strings for attr names will reflect the lengths as if
the value were not truncated. For example:
`58DosStrea`
In case of short read we now set error to ERANGE and
fail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15271
Signed-off-by: Andrew Walker <awalker at ixsystems.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Jan 2 14:27:23 UTC 2023 on sn-devel-184
(cherry picked from commit 01cdc5e00be78a51f0766634cc7fe50de2088203)
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Mon Jan 23 10:27:59 UTC 2023 on sn-devel-184
- - - - -
49964c64 by Michael Tokarev at 2023-01-26T20:11:31+03:00
d/control: Standards-Version: 4.6.2 (no changes)
- - - - -
ba2e138d by Michael Tokarev at 2023-01-26T20:11:31+03:00
d/control: put all doc-generating build-deps into one line
- - - - -
c67be713 by Jule Anger at 2023-01-26T18:43:17+01:00
WHATSNEW: Add release notes for Samba 4.17.5.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
420b9e67 by Jule Anger at 2023-01-26T18:43:17+01:00
VERSION: Disable GIT_SNAPSHOT for the 4.17.5 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
373036bb by Michael Tokarev at 2023-01-26T23:06:20+03:00
little prep for cross-compilation
- build-depend on python3:any and python3-dev:any
- build-depend on libpython3-dev for actual module building,
and use arch-specific python3-config from there
- set and export _PYTHON_SYSCONFIGDATA_NAME to get foreign-arch values
provided by libpython3-dev (also helps when python itself is foreign)
- depend on perl:any not just perl
- export CC/CPP/LD/PKGCONFIG for ./configure (buildtools.mk)
- - - - -
e2db756d by Michael Tokarev at 2023-01-26T23:11:45+03:00
d/gbp.conf: unignore branch (gbp import-orig does fun stuff if it is set, too easy to forget)
- - - - -
f6c05ad0 by Michael Tokarev at 2023-01-26T23:20:43+03:00
d/control: samba, ctdb, winbind: do not depend on lsb-base (the script is in sysvinit-utils now)
- - - - -
f4ee30d1 by Michael Tokarev at 2023-01-26T23:21:05+03:00
d/control: drop unused build-dep on libncurses5-dev
- - - - -
b1b09d05 by Michael Tokarev at 2023-01-26T23:22:37+03:00
update changelog
- - - - -
2bf1e55d by Michael Tokarev at 2023-01-26T23:34:17+03:00
New upstream version 4.17.5+dfsg
- - - - -
4eb00597 by Michael Tokarev at 2023-01-26T23:34:49+03:00
Update upstream source from tag 'upstream/4.17.5+dfsg'
Update to upstream version '4.17.5+dfsg'
with Debian dir 952b077a7fc7de06ea6f1b687eed9d328cc20dd7
- - - - -
5d3833e6 by Michael Tokarev at 2023-01-26T23:41:02+03:00
remove patches applied upstream
reload-registry-shares-after-reloading-services.patch
rpc_server_srvsvc-retrieve_share_ACL_via_root_context.patch
- - - - -
76d7cbff by Michael Tokarev at 2023-01-27T00:20:46+03:00
update changelog
- - - - -
b162031e by Michael Tokarev at 2023-01-27T11:15:49+03:00
update changelog; upload version 4.17.5+dfsg-1 to unstable
- - - - -
e43f5ed7 by Michael Tokarev at 2023-01-27T23:46:51+03:00
d/control: samba: depends on exact version of python3-samba
Just to be explicit, it does not change anything as both
depends on the same version of samba-libs.
- - - - -
08bb41f9 by Michael Tokarev at 2023-01-27T23:47:14+03:00
d/control: fix typo
- - - - -
1b5efe5a by Michael Tokarev at 2023-01-27T23:47:14+03:00
more tweaks for foreign/cross build
- do not depend on python3:any (already included in python3-dev)
- set _PYTHON_SYSCONFIGDATA_NAME only on linux (it is different on hurd)
- export PYTHON and host PYTHON_CONFIG to ./configure
- use ${DEB_HOST_MULTIARCH}-python3-config (instead of DEB_HOST_GNU_TYPE),
this works on hurd too
- - - - -
909fc530 by Michael Tokarev at 2023-01-28T18:22:52+03:00
d/control: work around autodep8 #904999 again
- - - - -
6e6913bc by Björn Baumbach at 2023-01-31T11:45:17+00:00
WHATSNEW: add acl_xattr:security_acl_name option
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Ralph Boehme <slow at samba.org>
- - - - -
f21236ac by Stefan Metzmacher at 2023-01-31T11:45:17+00:00
s3:auth: call wbcFreeMemory(info) in auth3_generate_session_info_pac()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15286
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit e27084f5d8c3a151c5d0b266118f0d71b641dc85)
- - - - -
af00a0df by Noel Power at 2023-01-31T12:49:50+00:00
s3/lib: Prevent use after free of messaging_ctdb_fde_ev structs
In a cluster setup samba-bgqd async callback
cups_pcap_load_async can access messaging_ctdb_fde_ev associated
with already destructed global_ctdb_ctx_destructor
==26053== Invalid read of size 8
==26053== at 0x71692E1: messaging_ctdb_fde_ev_destructor (messages_ctdb.c:181)
==26053== by 0x40B2309: _tc_free_internal (talloc.c:1158)
==26053== by 0x40B3539: _tc_free_children_internal (talloc.c:1669)
==26053== by 0x40B24C4: _tc_free_internal (talloc.c:1184)
==26053== by 0x40B3539: _tc_free_children_internal (talloc.c:1669)
==26053== by 0x40B24C4: _tc_free_internal (talloc.c:1184)
==26053== by 0x40B2685: _talloc_free_internal (talloc.c:1248)
==26053== by 0x40B3963: _talloc_free (talloc.c:1792)
==26053== by 0x4056BCA: tevent_req_received (tevent_req.c:301)
==26053== by 0x405673D: tevent_req_destructor (tevent_req.c:135)
==26053== by 0x40B2309: _tc_free_internal (talloc.c:1158)
==26053== by 0x40B3539: _tc_free_children_internal (talloc.c:1669)
==26053== by 0x40B24C4: _tc_free_internal (talloc.c:1184)
==26053== by 0x40B2685: _talloc_free_internal (talloc.c:1248)
==26053== by 0x40B3963: _talloc_free (talloc.c:1792)
==26053== by 0x1384EF: cups_pcap_load_async (print_cups.c:507)
==26053== by 0x13894B: cups_cache_reload (print_cups.c:602)
==26053== by 0x1373AE: pcap_cache_reload (pcap.c:140)
==26053== by 0x1369D2: register_printing_bq_handlers (queue_process.c:323)
==26053== by 0x122AD6: main (samba-bgqd.c:316)
==26053== Address 0xed64d48 is 120 bytes inside a block of size 128 free'd
==26053== at 0x4C370EB: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==26053== by 0x40B25E1: _tc_free_internal (talloc.c:1222)
==26053== by 0x40B2685: _talloc_free_internal (talloc.c:1248)
==26053== by 0x40B3963: _talloc_free (talloc.c:1792)
==26053== by 0x71691F6: messaging_ctdb_destroy (messages_ctdb.c:141)
==26053== by 0x7169C21: msg_ctdb_ref_destructor (messages_ctdb_ref.c:142)
==26053== by 0x40B2309: _tc_free_internal (talloc.c:1158)
==26053== by 0x40B3539: _tc_free_children_internal (talloc.c:1669)
==26053== by 0x40B24C4: _tc_free_internal (talloc.c:1184)
==26053== by 0x40B2685: _talloc_free_internal (talloc.c:1248)
==26053== by 0x40B3963: _talloc_free (talloc.c:1792)
==26053== by 0x4157380: messaging_reinit (messages.c:646)
==26053== by 0x416C01E: reinit_after_fork (util.c:488)
==26053== by 0x13844C: cups_pcap_load_async (print_cups.c:498)
==26053== by 0x13894B: cups_cache_reload (print_cups.c:602)
==26053== by 0x1373AE: pcap_cache_reload (pcap.c:140)
==26053== by 0x1369D2: register_printing_bq_handlers (queue_process.c:323)
==26053== by 0x122AD6: main (samba-bgqd.c:316)
==26053== Block was alloc'd at
==26053== at 0x4C346A4: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==26053== by 0x40B1989: __talloc_with_prefix (talloc.c:783)
==26053== by 0x40B1B23: __talloc (talloc.c:825)
==26053== by 0x40B1ECC: _talloc_named_const (talloc.c:982)
==26053== by 0x40B49C3: _talloc_zero (talloc.c:2421)
==26053== by 0x7168E68: messaging_ctdb_init (messages_ctdb.c:93)
==26053== by 0x716979D: messaging_ctdb_ref (messages_ctdb_ref.c:75)
==26053== by 0x415702A: messaging_init_internal (messages.c:563)
==26053== by 0x41572FD: messaging_init (messages.c:622)
==26053== by 0x4163ED3: global_messaging_context (global_contexts.c:62)
==26053== by 0x12273B: main (samba-bgqd.c:271)
==26053==
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15293
Signed-off-by: Noel Power <npower at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 7a880ef52dfc85ed2f674250b5baf5109f8d4691)
Autobuild-User(v4-18-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-18-test): Tue Jan 31 12:49:50 UTC 2023 on atb-devel-224
- - - - -
d0c2305b by Andrew Bartlett at 2023-02-01T16:30:11+00:00
s4-dsdb: Add tests of SamDB.get_nc_root()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 2c7bb58703c1fa26782ac6959ea7d81fccf3905c)
- - - - -
501728cd by Andrew Bartlett at 2023-02-01T16:30:11+00:00
s4-selftest/drs Add test of expected return code for invaid DNs in GetNCChanges
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit bee45e6b29b97e0cab19a9c3cf692d9a7585a717)
- - - - -
11540d82 by Andrew Bartlett at 2023-02-01T16:30:11+00:00
s4-selftest/drs Allow some DRS tests to operate against an IP
This is not comprehensive, but makes some manual test runs easier by
avoiding the need for DNS names to resolve.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit a150a2dcb1fc7fc7f606838de17ad4d3e6072bda)
- - - - -
7712ef72 by Andrew Bartlett at 2023-02-01T16:30:11+00:00
s4-selftest/drs Allow re-run of DRS tests after failed cleanup
Using a random base is a useful start, even if the better solution also includes a self.AddCleanup()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 3204d1350b21704474e577cb5f3f2439b673c421)
- - - - -
a40d3697 by Andrew Bartlett at 2023-02-01T16:30:11+00:00
s4-selftest/drs: Confirm GetNCChanges REPL_OBJ works with a DummyDN and real GUID
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 70faccae6d595056174af8d63b3437c9fe3805aa)
- - - - -
87ed6e23 by Andrew Bartlett at 2023-02-01T16:30:11+00:00
s4-selftest/drs: Confirm GetNCChanges full replication works with a DummyDN and real GUID
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 539221dda33f03a1abf5ee5f3153db0fe1a9bfe6)
- - - - -
f70fd338 by Andrew Bartlett at 2023-02-01T16:30:11+00:00
s4-selftest/drs: Confirm GetNCChanges REPL_SECRET works with a DummyDN and real GUID
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 7c43388576f768db564aaf15a47d3f9ce5796fb3)
- - - - -
92f56081 by Andrew Bartlett at 2023-02-01T16:30:11+00:00
s4-dsdb: Schedule SD propegation only after successful rename
This avoids needing to anticipate errors that the rename might give
while allowing the dsdb_find_nc_root() routine to become stricter.
The problem is that dsdb_find_nc_root() will soon do a real search and
so fail more often, but these failures will give "wrong" error codes.
We do not need to do this work if the operation fails, so put this in
the callback.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 7032b86cd5c1456318558ed95f8890e353117ced)
- - - - -
855c11c4 by Andrew Bartlett at 2023-02-01T16:30:11+00:00
s4-dsdb: Make dsdb_find_nc_root() first try and use DSDB_CONTROL_CURRENT_PARTITION_OID
This allows lookup of a DN with a GUID only or GUID and string,
possibly not yet in the database, yet still getting the correct result.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit d0444be4b74bdad6a731bc5fcf86da6142b03539)
- - - - -
ab282dba by Andrew Bartlett at 2023-02-01T16:30:11+00:00
s4-dsdb: Add better debugging to dsdb_objects_have_same_nc()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 0f501b2316af6568003e520848c1ec80c286fd36)
- - - - -
feffb9ec by Andrew Bartlett at 2023-02-01T16:30:11+00:00
s4-dsdb: Add dsdb_normalise_dn_and_find_nc_root() around dsdb_find_nc_root()
Reuse the search done for dsdb_find_nc_root() to normalise the DN.
This will allow a GUID-input DN to be compared safely with a RID Manager DN
or Naming Context.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 8e1122420efd11a91aa1c5d60c0cc8fd9ffaf157)
- - - - -
1a97e897 by Andrew Bartlett at 2023-02-01T16:30:11+00:00
s4-rpc_server/drsuapi: Use dsdb_normalise_dn_and_find_nc_root()
This reuses the search done for dsdb_find_nc_root() to normalise the DN.
This will allow a GUID-input DN to be compared safely with a RID Manager DN
or Naming Context.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit e96dfc74b3ece40fe64a33aa8b8d810b576982bd)
- - - - -
84a952b0 by Andrew Bartlett at 2023-02-01T16:30:11+00:00
s4-dsdb: rework drs_ObjectIdentifier_to_dn() into drs_ObjectIdentifier_to_dn_and_nc_root()
This make this funciton the gatekeeper between the wire format and the
internal struct ldb_dn, checking if the DN exists and which NC
it belongs to along the way, and presenting only a DB-returned
DN for internal processing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit aee2039e63ceeb5e69a0461fb77e0f18278e4dc4)
- - - - -
64df0963 by Andrew Bartlett at 2023-02-01T16:30:11+00:00
s4-drs: Make drs_ObjectIdentifier_to_dn() safer and able to cope with DummyDN values
We want to totally ignore the string DN if there is a GUID,
as clients like "Microsoft Azure AD connect cloud sync" will
set a literal "DummyDN" string.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 73f3ece8b2b44ac4b3323a08fb969f29bf2b0380)
- - - - -
613d9b75 by Andrew Bartlett at 2023-02-01T16:30:11+00:00
s4-rpc_server/drsuapi: Return correct error code for an invalid DN to EXOP_REPL_OBJ/EXOP_REPL_OBJ
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit cbe18353d8d7b2a35b965e4fc8c895ac497e67e8)
- - - - -
29a89f07 by Andrew Bartlett at 2023-02-01T16:30:11+00:00
s4-dsdb: Split samdb_get_ntds_obj_by_guid() out of samdb_is_rodc()
This will allow the logic here to be tighened up and shared
in the next few commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit d5a2af3feae98057ba29de444d308d499d633941)
- - - - -
dc7497c3 by Andrew Bartlett at 2023-02-01T16:30:11+00:00
s4-dsdb: Require that the NTDS object is an nTDSDSA objectclass
This should avoid a user being able to specify the GUID of a different
type of object.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit adb776149e5ac0eb346992775610627106e1a986)
- - - - -
68edd5c1 by Andrew Bartlett at 2023-02-01T16:30:11+00:00
s4-drsuapi: Use samdb_get_ntds_obj_by_guid() to find RODC in REPL_SECRET
We need to find the RODC per the destination_dsa_guid to mark the secrets as
having been replicated, and by using samdb_get_ntds_obj_by_guid() we are stricter
in the checks, as the RODC has to be the right objectClass (nTDSDSA) and under
the CN=Configuration partition.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 09ec6a1db2d3b831548bf7d66475c486be29b1d1)
- - - - -
262fef5a by Andrew Bartlett at 2023-02-01T16:30:11+00:00
s4-rpc_server: Pre-check destination_dsa_guid in GetNCChanges for validity
This allows our new tests to pass as these need to be checked first.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 115a3a10440f44ba11029be5ae3a05534a7b98c0)
- - - - -
68fcea19 by Andrew Bartlett at 2023-02-01T16:30:11+00:00
s4-drsuapi: Clarify role of drs_security_access_check_nc_root()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 1838f349c94b878de1740af35351a2e8e0c8cffb)
- - - - -
c9b7fd17 by Andrew Bartlett at 2023-02-01T16:30:11+00:00
s4-drsuapi: Give an error that matches windows on destination_dsa_guid lookup failure
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Jan 31 13:43:54 UTC 2023 on atb-devel-224
(cherry picked from commit 0f2978bbc0ed5b65d75c20472650a749643312e7)
- - - - -
65077cd3 by Andrew Bartlett at 2023-02-01T17:26:50+00:00
WHATSNEW: Add note about Azure AD cloud connect sync support
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(v4-18-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-18-test): Wed Feb 1 17:26:50 UTC 2023 on atb-devel-224
- - - - -
46e05759 by Jule Anger at 2023-02-01T18:35:25+01:00
tmp
- - - - -
0679a07a by Jule Anger at 2023-02-01T18:35:29+01:00
WHATSNEW: Add release notes for Samba 4.18.0rc2.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
71fa86a3 by Jule Anger at 2023-02-01T18:35:29+01:00
VERSION: Disable GIT_SNAPSHOT for the 4.18.0rc2 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
2eeee80e by Michael Tokarev at 2023-02-01T23:07:24+03:00
prepare for 4.18
- - - - -
19ef6827 by Michael Tokarev at 2023-02-01T23:10:34+03:00
New upstream version 4.18.0~rc2+dfsg
- - - - -
688f7e56 by Michael Tokarev at 2023-02-01T23:11:09+03:00
Update upstream source from tag 'upstream/4.18.0_rc2+dfsg'
Update to upstream version '4.18.0~rc2+dfsg'
with Debian dir 8602d8d8a195c3ef8b16158d11c50a9f6d919c9e
- - - - -
ac3ff619 by Michael Tokarev at 2023-02-01T23:11:25+03:00
d/control: bump talloc/tdb/tevent build-deps
- - - - -
c0753ebd by Michael Tokarev at 2023-02-01T23:11:33+03:00
hurd-compat.patch: refresh
- - - - -
f72f152c by Michael Tokarev at 2023-02-01T23:15:04+03:00
spelling.patch: refresh, -old +new spelling fixes
- - - - -
c24ca0ae by Michael Tokarev at 2023-02-01T23:15:29+03:00
add heimdal-spelling.patch
- - - - -
e666158c by Michael Tokarev at 2023-02-01T23:15:29+03:00
unwrap-getresgid-typo.patch: remove, not needed
- - - - -
0d197faa by Michael Tokarev at 2023-02-01T23:15:29+03:00
d/libwbclient0.symbols: add wbcChangeTrustCredentialsAt wbcCtxChangeTrustCredentialsAt and the new version
- - - - -
a67e255f by Michael Tokarev at 2023-02-01T23:15:29+03:00
d/libldb2.symbols, python3-ldb.symbols.in: add the new version
- - - - -
7d5a1676 by Michael Tokarev at 2023-02-01T23:15:29+03:00
d/samba-libs.install: add new internal library libstable-sort-samba4.so.0
- - - - -
2c3b27cf by Michael Tokarev at 2023-02-01T23:18:57+03:00
update changelog
- - - - -
30 changed files:
- VERSION
- WHATSNEW.txt
- ctdb/doc/ctdb-etcd.7
- ctdb/doc/ctdb-script.options.5
- ctdb/doc/ctdb-statistics.7
- ctdb/doc/ctdb-tunables.7
- ctdb/doc/ctdb.1
- ctdb/doc/ctdb.7
- ctdb/doc/ctdb.conf.5
- ctdb/doc/ctdb.sysconfig.5
- ctdb/doc/ctdb_diagnostics.1
- ctdb/doc/ctdb_mutex_ceph_rados_helper.7
- ctdb/doc/ctdbd.1
- ctdb/doc/ltdbtool.1
- ctdb/doc/onnode.1
- ctdb/doc/ping_pong.1
- + debian/.gitignore
- + debian/README.Debian
- + debian/README.source
- + debian/README.source.md
- + debian/TODO
- + debian/addshare.py
- + debian/changelog
- + debian/clean
- + debian/control
- + debian/copyright
- + debian/ctdb.NEWS
- + debian/ctdb.README.hurd
- + debian/ctdb.README.kfreebsd
- + debian/ctdb.dirs
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/64889fe7073dd80bb700d7227a52224fd7bd6fb5...2c3b27cfb13c0ceeb57440230ef732b394a5e5e1
--
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/64889fe7073dd80bb700d7227a52224fd7bd6fb5...2c3b27cfb13c0ceeb57440230ef732b394a5e5e1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20230201/dc48d958/attachment-0001.htm>
More information about the Pkg-samba-maint
mailing list