[Pkg-samba-maint] [Git][samba-team/samba][upstream_4.18] 155 commits: VERSION: Bump version up to Samba 4.18.8...
Michael Tokarev (@mjt)
gitlab at salsa.debian.org
Sat Feb 3 12:36:37 GMT 2024
Michael Tokarev pushed to branch upstream_4.18 at Debian Samba Team / samba
Commits:
ca1b7c18 by Jule Anger at 2023-09-27T10:09:45+02:00
VERSION: Bump version up to Samba 4.18.8...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
1688b6d3 by Jeremy Allison at 2023-10-08T22:05:40+02:00
CVE-2023-3961:s3:smbd: Catch any incoming pipe path that could exit socket_dir.
For now, SMB_ASSERT() to exit the server. We will remove
this once the test code is in place.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15422
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
fbb9cf8d by Jeremy Allison at 2023-10-08T22:05:41+02:00
CVE-2023-3961:s3:torture: Add test SMB2-INVALID-PIPENAME to show we allow bad pipenames with unix separators through to the UNIX domain socket code.
The raw SMB2-INVALID-PIPENAME test passes against Windows 2022,
as it just returns NT_STATUS_OBJECT_NAME_NOT_FOUND.
Add the knownfail.
BUG:https://bugzilla.samba.org/show_bug.cgi?id=15422
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
682a9a80 by Jeremy Allison at 2023-10-08T22:05:41+02:00
CVE-2023-3961:s3: smbd: Remove the SMB_ASSERT() that crashes on bad pipenames.
We correctly handle this and just return ENOENT (NT_STATUS_OBJECT_NAME_NOT_FOUND).
Remove knowfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15422
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
ae5c0e19 by Ralph Boehme at 2023-10-08T22:06:00+02:00
CVE-2023-4091: smbtorture: test overwrite dispositions on read-only file
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15439
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
53c9e1c9 by Ralph Boehme at 2023-10-08T22:06:00+02:00
CVE-2023-4091: smbd: use open_access_mask for access check in open_file()
If the client requested FILE_OVERWRITE[_IF], we're implicitly adding
FILE_WRITE_DATA to the open_access_mask in open_file_ntcreate(), but for the
access check we're using access_mask which doesn't contain the additional
right, which means we can end up truncating a file for which the user has
only read-only access via an SD.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15439
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
fbc27662 by Andrew Bartlett at 2023-10-08T22:06:17+02:00
CVE-2023-4154 dsdb: Remove remaining references to DC_MODE_RETURN_NONE and DC_MODE_RETURN_ALL
The confidential_attrs test no longer uses DC_MODE_RETURN_NONE we can now
remove the complexity.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
(cherry picked from commit 82d2ec786f7e75ff6f34eb3357964345b10de091)
- - - - -
d1e0ee0b by Joseph Sutton at 2023-10-08T22:06:17+02:00
CVE-2023-4154 s4:dsdb:tests: Refactor confidential attributes test
Use more specific unittest methods, and remove unused code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 2e5d08c908b3fa48b9b374279a331061cb77bce3)
- - - - -
13eac83b by Andreas Schneider at 2023-10-08T22:06:18+02:00
CVE-2023-4154 s4:dsdb:tests: Fix code spelling
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
(cherry picked from commit b29793ffdee5d9b9c1c05830622e80f7faec7670)
- - - - -
563b7a56 by Joseph Sutton at 2023-10-08T22:06:18+02:00
CVE-2023-4154 s4-dsdb: Remove DSDB_ACL_CHECKS_DIRSYNC_FLAG
It's no longer used anywhere.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 8b4e6f7b3fb8018cb64deef9b8e1cbc2e5ba12cf)
- - - - -
39707a06 by Stefan Metzmacher at 2023-10-08T22:06:18+02:00
CVE-2023-4154 python:sd_utils: introduce update_aces_in_dacl() helper
This is a more generic api that can be re-used in other places
as well in future. It operates on a security descriptor object instead of
SDDL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 8411e6d302e25d10f1035ebbdcbde7308566e930)
- - - - -
f29255af by Stefan Metzmacher at 2023-10-08T22:06:18+02:00
CVE-2023-4154 python:sd_utils: add dacl_{prepend,append,delete}_aces() helpers
They better represent what they are doing, we keep dacl_add_ace()
as wrapper of dacl_prepend_aces() in order to let existing callers
work as before.
In future it would be good to have a dacl_insert_aces() that
would canonicalize the ace order before storing, but that a task
for another day.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit a1109a9bf12e020636b8d66fc54984aac58bfe6b)
- - - - -
b56849aa by Stefan Metzmacher at 2023-10-08T22:06:18+02:00
CVE-2023-4154 py_security: allow idx argument to descriptor.[s|d]acl_add()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 9ea06aaf9f57e3c7094553d9ac40fb73057a9b74)
- - - - -
571d3bf4 by Stefan Metzmacher at 2023-10-08T22:06:18+02:00
CVE-2023-4154 python/samba/ndr: add ndr_deepcopy() helper
This uses ndr_pack/unpack in order to create a deep copy
of the given object.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 4627997ddae44265ad35b3234232eb74458c6c34)
- - - - -
c896afca by Stefan Metzmacher at 2023-10-08T22:06:18+02:00
CVE-2023-4154 replace: add ARRAY_INSERT_ELEMENT() helper
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 9d8ff0d1e0b2ba7c84af36e1931f5bc99902a44b)
- - - - -
939f2432 by Stefan Metzmacher at 2023-10-08T22:06:18+02:00
CVE-2023-4154 libcli/security: prepare security_descriptor_acl_add() to place the ace at a position
Often it is important to insert an ace at a specific position in the
ACL. As a default we still append by default by using -1, which is the
generic version of passing the number of existing aces.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit c3cb915a67aff6739b72b86d7d139609df309ada)
- - - - -
9dade2ab by Stefan Metzmacher at 2023-10-08T22:06:18+02:00
CVE-2023-4154 libcli/security: add security_descriptor_[s|d]acl_insert() helpers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 2c02378029fff6636b8f19e45af78b265f2210ed)
- - - - -
2cff332e by Andrew Bartlett at 2023-10-08T22:06:18+02:00
CVE-2023-4154 dsdb/tests: Do not run SimpleDirsyncTests twice
To re-use setup code, the super-class must have no test_*() methods
otherwise these will be run as well as the class-local tests.
We rename tests that would otherwise have duplicate names
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ee3ac4fb by Andrew Bartlett at 2023-10-08T22:06:18+02:00
CVE-2023-4154 dsdb/tests: Use self.addCleanup() and delete_force()
Thie helps ensure this test is reliable even in spite of errors while
running.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
029c47f2 by Andrew Bartlett at 2023-10-08T22:06:18+02:00
CVE-2023-4154 dsdb/tests: Force the test attribute to be not-confidential at the start
Rather than fail, if the last run failed to reset things, just force
the DC into the required state.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
5dc5062b by Andrew Bartlett at 2023-10-08T22:06:18+02:00
CVE-2023-4154 dsdb/tests: Check that secret attributes are not visible with DirSync ever.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9499526b by Andrew Bartlett at 2023-10-08T22:06:18+02:00
CVE-2023-4154 dsdb/tests: Speed up DirSync test by only checking positive matches once
When we (expect to) get back a result, do not waste time against a potentially
slow server confirming we also get back results for all the other attribute
combinations.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
84dcfc3b by Andrew Bartlett at 2023-10-08T22:06:18+02:00
CVE-2023-4154 dsdb/tests: Add test for SEARCH_FLAG_RODC_ATTRIBUTE behaviour
SEARCH_FLAG_RODC_ATTRIBUTE should be like SEARCH_FLAG_CONFIDENTIAL,
but for DirSync and DRS replication. Accounts with
GUID_DRS_GET_CHANGES rights should not be able to read this
attribute.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
6925e6b6 by Andrew Bartlett at 2023-10-08T22:06:18+02:00
CVE-2023-4154 dsdb/tests: Extend attribute read DirSync tests
The aim here is to document the expected (even if not implemented)
SEARCH_FLAG_RODC_ATTRIBUTE vs SEARCH_FLAG_CONFIDENTIAL, behaviour, so
that any change once CVE-2023-4154 is fixed can be noted.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
23c5300d by Andrew Bartlett at 2023-10-08T22:06:18+02:00
CVE-2023-4154: Unimplement the original DirSync behaviour without LDAP_DIRSYNC_OBJECT_SECURITY
This makes LDAP_DIRSYNC_OBJECT_SECURITY the only behaviour provided by
Samba.
Having a second access control system withing the LDAP stack is unsafe
and this layer is incomplete.
The current system gives all accounts that have been given the
GUID_DRS_GET_CHANGES extended right SYSTEM access. Currently in Samba
this equates to full access to passwords as well as "RODC Filtered
attributes" (often used with confidential attributes).
Rather than attempting to correctly filter for secrets (passwords) and
these filtered attributes, as well as preventing search expressions for
both, we leave this complexity to the acl_read module which has this
facility already well tested.
The implication is that callers will only see and filter by attribute
in DirSync that they could without DirSync.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
808a46b1 by Andrew Bartlett at 2023-10-08T22:06:40+02:00
CVE-2023-42669 s4-rpc_server: Disable rpcecho server by default
The rpcecho server is useful in development and testing, but should never
have been allowed into production, as it includes the facility to
do a blocking sleep() in the single-threaded rpc worker.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15474
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2e2a9fee by Andrew Bartlett at 2023-10-08T22:06:40+02:00
CVE-2023-42669 s3-rpc_server: Disable rpcecho for consistency with the AD DC
The rpcecho server in source3 does have samba the sleep() feature that
the s4 version has, but the task architecture is different, so there
is not the same impact. Hoever equally this is not something that
should be enabled on production builds of Samba, so restrict to
selftest builds.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15474
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
614d9c22 by Andrew Bartlett at 2023-10-08T22:07:05+02:00
CVE-2023-42670 s3-rpc_server: Strictly refuse to start RPC servers in conflict with AD DC
Just as we refuse to start NETLOGON except on the DC, we must refuse
to start all of the RPC services that are provided by the AD DC.
Most critically of course this applies to netlogon, lsa and samr.
This avoids the supression of these services being the result of a
runtime epmapper lookup, as if that fails these services can disrupt
service to end users by listening on the same socket as the AD DC
servers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15473
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
85475a0c by Andrew Bartlett at 2023-10-08T22:07:05+02:00
CVE-2023-42670 s3-rpc_server: Remove cross-check with "samba" EPM lookup
We now have ensured that no conflicting services attempt to start
so we do not need the runtime lookup and so avoid the risk that
the lookup may fail.
This means that any duplicates will be noticed early not just
in a race condition.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15473
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2576c027 by Jule Anger at 2023-10-09T22:15:18+02:00
VERSION: Bump version up to Samba 4.18.8...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
(cherry picked from commit ca1b7c185edf67b1ceb988a8015396351c5ac240)
- - - - -
84b5d364 by Jeremy Allison at 2023-10-09T22:15:18+02:00
CVE-2023-3961:s3:smbd: Catch any incoming pipe path that could exit socket_dir.
For now, SMB_ASSERT() to exit the server. We will remove
this once the test code is in place.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15422
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
d1a26b4f by Jeremy Allison at 2023-10-09T22:15:19+02:00
CVE-2023-3961:s3:torture: Add test SMB2-INVALID-PIPENAME to show we allow bad pipenames with unix separators through to the UNIX domain socket code.
The raw SMB2-INVALID-PIPENAME test passes against Windows 2022,
as it just returns NT_STATUS_OBJECT_NAME_NOT_FOUND.
Add the knownfail.
BUG:https://bugzilla.samba.org/show_bug.cgi?id=15422
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
3e64edae by Jeremy Allison at 2023-10-09T22:15:19+02:00
CVE-2023-3961:s3: smbd: Remove the SMB_ASSERT() that crashes on bad pipenames.
We correctly handle this and just return ENOENT (NT_STATUS_OBJECT_NAME_NOT_FOUND).
Remove knowfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15422
Signed-off-by: Jeremy Allison <jra at samba.org>
- - - - -
bfe8e10b by Ralph Boehme at 2023-10-09T22:15:19+02:00
CVE-2023-4091: smbtorture: test overwrite dispositions on read-only file
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15439
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
3c432b14 by Ralph Boehme at 2023-10-09T22:15:19+02:00
CVE-2023-4091: smbd: use open_access_mask for access check in open_file()
If the client requested FILE_OVERWRITE[_IF], we're implicitly adding
FILE_WRITE_DATA to the open_access_mask in open_file_ntcreate(), but for the
access check we're using access_mask which doesn't contain the additional
right, which means we can end up truncating a file for which the user has
only read-only access via an SD.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15439
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
582f4f2e by Andrew Bartlett at 2023-10-09T22:15:19+02:00
CVE-2023-4154 dsdb: Remove remaining references to DC_MODE_RETURN_NONE and DC_MODE_RETURN_ALL
The confidential_attrs test no longer uses DC_MODE_RETURN_NONE we can now
remove the complexity.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
(cherry picked from commit 82d2ec786f7e75ff6f34eb3357964345b10de091)
- - - - -
5ca0ee6f by Joseph Sutton at 2023-10-09T22:15:19+02:00
CVE-2023-4154 s4:dsdb:tests: Refactor confidential attributes test
Use more specific unittest methods, and remove unused code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 2e5d08c908b3fa48b9b374279a331061cb77bce3)
- - - - -
e8df1a60 by Andreas Schneider at 2023-10-09T22:15:19+02:00
CVE-2023-4154 s4:dsdb:tests: Fix code spelling
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
(cherry picked from commit b29793ffdee5d9b9c1c05830622e80f7faec7670)
- - - - -
704fadfb by Joseph Sutton at 2023-10-09T22:15:19+02:00
CVE-2023-4154 s4-dsdb: Remove DSDB_ACL_CHECKS_DIRSYNC_FLAG
It's no longer used anywhere.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 8b4e6f7b3fb8018cb64deef9b8e1cbc2e5ba12cf)
- - - - -
b65b141e by Stefan Metzmacher at 2023-10-09T22:15:19+02:00
CVE-2023-4154 python:sd_utils: introduce update_aces_in_dacl() helper
This is a more generic api that can be re-used in other places
as well in future. It operates on a security descriptor object instead of
SDDL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 8411e6d302e25d10f1035ebbdcbde7308566e930)
- - - - -
8ebcfe55 by Stefan Metzmacher at 2023-10-09T22:15:19+02:00
CVE-2023-4154 python:sd_utils: add dacl_{prepend,append,delete}_aces() helpers
They better represent what they are doing, we keep dacl_add_ace()
as wrapper of dacl_prepend_aces() in order to let existing callers
work as before.
In future it would be good to have a dacl_insert_aces() that
would canonicalize the ace order before storing, but that a task
for another day.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit a1109a9bf12e020636b8d66fc54984aac58bfe6b)
- - - - -
8a2b11fd by Stefan Metzmacher at 2023-10-09T22:15:19+02:00
CVE-2023-4154 py_security: allow idx argument to descriptor.[s|d]acl_add()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 9ea06aaf9f57e3c7094553d9ac40fb73057a9b74)
- - - - -
217b30b0 by Stefan Metzmacher at 2023-10-09T22:15:19+02:00
CVE-2023-4154 python/samba/ndr: add ndr_deepcopy() helper
This uses ndr_pack/unpack in order to create a deep copy
of the given object.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 4627997ddae44265ad35b3234232eb74458c6c34)
- - - - -
da9bdf36 by Stefan Metzmacher at 2023-10-09T22:15:19+02:00
CVE-2023-4154 replace: add ARRAY_INSERT_ELEMENT() helper
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 9d8ff0d1e0b2ba7c84af36e1931f5bc99902a44b)
- - - - -
7ebf51dd by Stefan Metzmacher at 2023-10-09T22:15:19+02:00
CVE-2023-4154 libcli/security: prepare security_descriptor_acl_add() to place the ace at a position
Often it is important to insert an ace at a specific position in the
ACL. As a default we still append by default by using -1, which is the
generic version of passing the number of existing aces.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit c3cb915a67aff6739b72b86d7d139609df309ada)
- - - - -
570e892a by Stefan Metzmacher at 2023-10-09T22:15:19+02:00
CVE-2023-4154 libcli/security: add security_descriptor_[s|d]acl_insert() helpers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 2c02378029fff6636b8f19e45af78b265f2210ed)
- - - - -
8ad21108 by Andrew Bartlett at 2023-10-09T22:15:19+02:00
CVE-2023-4154 dsdb/tests: Do not run SimpleDirsyncTests twice
To re-use setup code, the super-class must have no test_*() methods
otherwise these will be run as well as the class-local tests.
We rename tests that would otherwise have duplicate names
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
87ff4f57 by Andrew Bartlett at 2023-10-09T22:15:19+02:00
CVE-2023-4154 dsdb/tests: Use self.addCleanup() and delete_force()
Thie helps ensure this test is reliable even in spite of errors while
running.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
23031057 by Andrew Bartlett at 2023-10-09T22:15:19+02:00
CVE-2023-4154 dsdb/tests: Force the test attribute to be not-confidential at the start
Rather than fail, if the last run failed to reset things, just force
the DC into the required state.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
3e7bdcd0 by Andrew Bartlett at 2023-10-09T22:15:19+02:00
CVE-2023-4154 dsdb/tests: Check that secret attributes are not visible with DirSync ever.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
ebc2796a by Andrew Bartlett at 2023-10-09T22:15:19+02:00
CVE-2023-4154 dsdb/tests: Speed up DirSync test by only checking positive matches once
When we (expect to) get back a result, do not waste time against a potentially
slow server confirming we also get back results for all the other attribute
combinations.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
9d249db4 by Andrew Bartlett at 2023-10-09T22:15:19+02:00
CVE-2023-4154 dsdb/tests: Add test for SEARCH_FLAG_RODC_ATTRIBUTE behaviour
SEARCH_FLAG_RODC_ATTRIBUTE should be like SEARCH_FLAG_CONFIDENTIAL,
but for DirSync and DRS replication. Accounts with
GUID_DRS_GET_CHANGES rights should not be able to read this
attribute.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e691257c by Andrew Bartlett at 2023-10-09T22:15:19+02:00
CVE-2023-4154 dsdb/tests: Extend attribute read DirSync tests
The aim here is to document the expected (even if not implemented)
SEARCH_FLAG_RODC_ATTRIBUTE vs SEARCH_FLAG_CONFIDENTIAL, behaviour, so
that any change once CVE-2023-4154 is fixed can be noted.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4b3da3a9 by Andrew Bartlett at 2023-10-09T22:15:19+02:00
CVE-2023-4154: Unimplement the original DirSync behaviour without LDAP_DIRSYNC_OBJECT_SECURITY
This makes LDAP_DIRSYNC_OBJECT_SECURITY the only behaviour provided by
Samba.
Having a second access control system withing the LDAP stack is unsafe
and this layer is incomplete.
The current system gives all accounts that have been given the
GUID_DRS_GET_CHANGES extended right SYSTEM access. Currently in Samba
this equates to full access to passwords as well as "RODC Filtered
attributes" (often used with confidential attributes).
Rather than attempting to correctly filter for secrets (passwords) and
these filtered attributes, as well as preventing search expressions for
both, we leave this complexity to the acl_read module which has this
facility already well tested.
The implication is that callers will only see and filter by attribute
in DirSync that they could without DirSync.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e652fbe8 by Andrew Bartlett at 2023-10-09T22:15:19+02:00
CVE-2023-42669 s4-rpc_server: Disable rpcecho server by default
The rpcecho server is useful in development and testing, but should never
have been allowed into production, as it includes the facility to
do a blocking sleep() in the single-threaded rpc worker.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15474
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2ef55647 by Andrew Bartlett at 2023-10-09T22:15:19+02:00
CVE-2023-42669 s3-rpc_server: Disable rpcecho for consistency with the AD DC
The rpcecho server in source3 does have samba the sleep() feature that
the s4 version has, but the task architecture is different, so there
is not the same impact. Hoever equally this is not something that
should be enabled on production builds of Samba, so restrict to
selftest builds.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15474
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4eba269b by Andrew Bartlett at 2023-10-09T22:15:19+02:00
CVE-2023-42670 s3-rpc_server: Strictly refuse to start RPC servers in conflict with AD DC
Just as we refuse to start NETLOGON except on the DC, we must refuse
to start all of the RPC services that are provided by the AD DC.
Most critically of course this applies to netlogon, lsa and samr.
This avoids the supression of these services being the result of a
runtime epmapper lookup, as if that fails these services can disrupt
service to end users by listening on the same socket as the AD DC
servers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15473
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
eb6f2d92 by Andrew Bartlett at 2023-10-09T22:15:19+02:00
CVE-2023-42670 s3-rpc_server: Remove cross-check with "samba" EPM lookup
We now have ensured that no conflicting services attempt to start
so we do not need the runtime lookup and so avoid the risk that
the lookup may fail.
This means that any duplicates will be noticed early not just
in a race condition.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15473
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
0bf0250e by Jule Anger at 2023-10-10T10:58:08+02:00
WHATSNEW: Add release notes for Samba 4.18.8.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
f1c0d4f1 by Jule Anger at 2023-10-10T10:58:39+02:00
VERSION: Disable GIT_SNAPSHOT for the 4.18.8 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
3dc0412a by Jule Anger at 2023-10-10T17:04:24+02:00
Merge tag 'samba-4.18.8' into v4-18-stable
samba: tag release samba-4.18.8
- - - - -
d709251a by Jule Anger at 2023-10-10T17:23:50+02:00
Merge branch 'v4-18-stable' into v4-18-test
- - - - -
b9b0d8bc by Jule Anger at 2023-10-10T17:25:29+02:00
VERSION: Bump version up to Samba 4.18.9...
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
653984f4 by Martin Schwenke at 2023-10-11T10:57:21+00:00
ctdb-daemon: Call setproctitle_init()
Commit 19c82c19c009eefe975ae95c8b709fc93f5f4c39 changed the behaviour
of prctl_set_comment() so it now calls setproctitle(3bsd) by default.
In some Linux distributions (e.g. Rocky Linux 8.8), this results in
messages like this spamming the logs:
ctdbd: setproctitle not initialized, please either call setproctitle_init() or link against libbsd-ctor.
Most Samba daemons seem to call setproctitle_init(), so do it here.
In the longer term CTDB should also switch to using lib/util's
process_set_title(), like the rest of Samba, for more flexible process
names.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15479
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Thu Sep 21 00:46:50 UTC 2023 on atb-devel-224
(cherry picked from commit 8b9f464420b66cebaf00654cf8b19165b301b8b6)
Autobuild-User(v4-18-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-18-test): Wed Oct 11 10:57:21 UTC 2023 on atb-devel-224
- - - - -
acf4286f by Christof Schmitt at 2023-10-23T08:39:12+00:00
build: Add 'make printversion' to provide version string
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15497
Signed-off-by: Christof Schmitt <christof.schmitt at us.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit e2ace2d613701f3d4a7c7c202f68d2f193c0a64a)
- - - - -
8e335329 by Michael Adam at 2023-10-23T08:39:12+00:00
gitignore: add WAF lockfile
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15497
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Christof Schmitt <christof.schmitt at us.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Oct 17 04:16:29 UTC 2023 on atb-devel-224
(cherry picked from commit 310629508bfbedecfab9b653b7cba0282f5c0e8b)
- - - - -
e884fc79 by Stefan Metzmacher at 2023-10-23T08:39:12+00:00
CVE-2018-14628: python:descriptor: add get_deletedobjects_descriptor()
samba-tool drs clone-dc-database was quite useful to find
the true value of nTSecurityDescriptor of the CN=Delete Objects
containers.
Only the auto inherited SACL is available via a ldap search.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 3be190dcf7153e479383f7f3d29ddca43fe121b8)
- - - - -
46a168c9 by Stefan Metzmacher at 2023-10-23T08:39:12+00:00
CVE-2018-14628: python:provision: make DELETEDOBJECTS_DESCRIPTOR available in the ldif files
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 0c329a0fda37d87ed737e4b579b6d04ec907604c)
- - - - -
74a508b3 by Stefan Metzmacher at 2023-10-23T08:39:12+00:00
CVE-2018-14628: s4:setup: set the correct nTSecurityDescriptor on the CN=Deleted Objects container
This revealed a bug in our dirsync code, so we mark
test_search_with_dirsync_deleted_objects as knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 7f8b15faa76d05023c987fac2c4c31f9ac61bb47)
- - - - -
edac27f5 by Stefan Metzmacher at 2023-10-23T08:39:12+00:00
CVE-2018-14628: s4:dsdb: remove unused code in dirsync_filter_entry()
This makes the next change easier to understand.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 498542be0bbf4f26558573c1f87b77b8e3509371)
- - - - -
f967b91d by Stefan Metzmacher at 2023-10-23T08:39:12+00:00
CVE-2018-14628: dbchecker: use get_deletedobjects_descriptor for missing deleted objects container
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 70586061128f90afa33f25e104d4570a1cf778db)
- - - - -
cbbfc917 by Stefan Metzmacher at 2023-10-23T09:52:22+00:00
CVE-2018-14628: python:descriptor: let samba-tool dbcheck fix the nTSecurityDescriptor on CN=Deleted Objects containers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 97e4aab1a6e2feda7c6c6fdeaa7c3e1818c55566)
Autobuild-User(v4-18-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-18-test): Mon Oct 23 09:52:22 UTC 2023 on atb-devel-224
- - - - -
9a5b46d8 by Ralph Boehme at 2023-11-13T12:16:15+00:00
s3: smbd: Ignore fstat() error on deleted stream in fd_close().
In the fd_close() fsp->fsp_flags.fstat_before_close code path.
If this is a stream and delete-on-close was set, the
backing object (an xattr from streams_xattr) might
already be deleted so fstat() fails with
NT_STATUS_NOT_FOUND. So if fsp refers to a stream we
ignore the error and only bail for normal files where
an fstat() should still work. NB. We cannot use
fsp_is_alternate_stream(fsp) for this as the base_fsp
has already been closed at this point and so the value
fsp_is_alternate_stream() checks for is already NULL.
Remove knownfail.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15487
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue Oct 10 09:39:27 UTC 2023 on atb-devel-224
(cherry picked from commit 633a3ee6894cc1d05b44dbe47a278202803d9b21)
Autobuild-User(v4-18-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-18-test): Mon Nov 13 12:16:15 UTC 2023 on atb-devel-224
- - - - -
a2ad66e4 by Björn Jacke at 2023-11-20T09:55:39+00:00
system.c: fall back to become_root if CAP_DAC_OVERRIDE isn't usable
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15093
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
(cherry picked from commit a1738e8265dd256c5a1064482a6dfccbf9ca44f1)
Autobuild-User(v4-18-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-18-test): Mon Nov 20 09:55:39 UTC 2023 on atb-devel-224
- - - - -
d522d15c by Ralph Boehme at 2023-11-21T10:24:37+00:00
smbd: fix close order of base_fsp and stream_fsp in smb_fname_fsp_destructor()
VFS modules like streams_xattr use the function fsp_is_alternate_stream() on the
fsp to determine in an fsp is a stream, eg in streams_xattr_close(). If
fspo->base_fsp is arlready set to NULL, this won't work anymore.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15521
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Nov 16 18:31:17 UTC 2023 on atb-devel-224
(cherry picked from commit 4481a67c1b20549a71d6c5132b637798a09f966d)
Autobuild-User(v4-18-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-18-test): Tue Nov 21 10:24:37 UTC 2023 on atb-devel-224
- - - - -
71bf5969 by Christof Schmitt at 2023-11-25T18:28:13+00:00
vfs_gpfs: Use O_PATH for opening dirfd for stat with CAP_DAC_OVERRIDE
Use O_PATH when available; this avoids the need for READ/LIST access on
that directory. Keep using O_RDONLY if the system does not have O_PATH.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit b317622a8fed0ee195ffe40129eb5bcad28dd985)
- - - - -
ddef013d by Christof Schmitt at 2023-11-25T18:28:13+00:00
vfs_gpfs: Move fstatat with DAC_CAP_OVERRIDE to helper function
Allow reuse of this code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 95319351e37b8b968b798eee66c93852d9ad2d81)
- - - - -
fedb492e by Christof Schmitt at 2023-11-25T18:28:13+00:00
vfs_gpfs: Implement CAP_DAC_OVERRIDE for fstat
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit cbdc16a7cfa225d1cf9109fafe85e9d14729700e)
- - - - -
619eb761 by Christof Schmitt at 2023-11-25T18:28:13+00:00
vfs_gpfs: Implement CAP_DAC_OVERRIDE for fstatat
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Nov 8 18:42:13 UTC 2023 on atb-devel-224
(cherry picked from commit 963fc353e70b940f4009ca2764e966682400e2dc)
- - - - -
f00db2a1 by Christof Schmitt at 2023-11-25T18:28:13+00:00
nfs4_acls: Implement fstat with DAC_CAP_OVERRIDE
AT_EMTPY_PATH does not exist on AIX. Address this by implementing an
override for fstat. Implement the new override function in nfs4_acls.c
since all stat functions with DAC_CAP_OVERRIDE will be moved there to
allow reuse by other filesystems.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
(cherry picked from commit 05f1ee1ae2d8439af0ac9baf64ebba1a3374ea83)
- - - - -
53e4d90d by Christof Schmitt at 2023-11-25T18:28:13+00:00
vfs_gpfs: Move fstatat_with_cap_dac_override to nfs4_acls.c
All stat DAC_CAP_OVERRIDE code is being moved to nfs4_acls.c to allow
reuse by other filesystem modules.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
(cherry picked from commit 316c96ea83a7b70d35879e4743193bb1e9cb566c)
- - - - -
776091ad by Christof Schmitt at 2023-11-25T18:28:13+00:00
vfs_gpfs: Move stat_with_capability to nfs4_acls.c and rename function
All stat CAP_DAC_OVERRIDE code is moving to nfs4_acls.c to allow reuse
by other filesystem modules. Also rename the function to the slightly
more precise name stat_with_cap_dac_overide.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
(cherry picked from commit 6b1e066c4f354f297fbf99ad93acfaf44e3b89cb)
- - - - -
cf8f5bdf by Christof Schmitt at 2023-11-25T18:28:13+00:00
vfs_gpfs: Move vfs_gpfs_stat to nfs4_acls.c and rename function
All stat DAC_CAP_OVERRIDE code is moving to nfs4_acls.c to allow reuse
by other file system modules. Also rename the function to the more
generic name nfs4_acl_stat.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
(cherry picked from commit f8a23d960e02f783119c2aef38a6e293ee548df3)
- - - - -
8ca3c483 by Christof Schmitt at 2023-11-25T18:28:13+00:00
vfs_gpfs: Move vfs_gpfs_fstat to nfs4_acls.c and rename function
All stat DAC_CAP_OVERRIDE code is moving to nfs4_acls.c to allow reuse.
Move the vfs_gpfs_fstat function and rename to the more generic name
nfs4_acl_fstat.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
(cherry picked from commit f9301871c61b066c1ea464e6e9109bb2cde71598)
- - - - -
790363f0 by Christof Schmitt at 2023-11-25T18:28:13+00:00
vfs_gpfs: Move vfs_gpfs_lstat to nfs4_acls.c and rename function
All stat CAP_DAC_OVERRIDE code is being moved to nf4_acls.c to allow
reuse. Move the vfs_gpfs_lstat function and rename to the more generic
name nfs4_acl_lstat.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
(cherry picked from commit 2c1195678d34516744ba4f8b1c5582f4046cba35)
- - - - -
32411274 by Christof Schmitt at 2023-11-25T18:28:13+00:00
vfs_gpfs: Move vfs_gpfs_fstatat to nfs4_acls.c and rename function
All stat DAC_CAP_OVERRIDE code is being moved to nfs4_acls.c to allow
reuse. Move the vfs_gpfs_fstatat function and rename it to the more
generic name nfs4_acl_fstat.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
(cherry picked from commit 5fd73e93af9d015c9e65a6d4d16229476a541cfc)
- - - - -
6090ebfa by Christof Schmitt at 2023-11-25T18:28:13+00:00
nfs4_acls: Make fstatat_with_cap_dac_override static
No other module is calling this function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
(cherry picked from commit 8831eeca1d70c909e15c86c8af6a7b1d7b0d3b5b)
- - - - -
f9d4855b by Christof Schmitt at 2023-11-25T18:28:13+00:00
nfs4_acls: Make stat_with_cap_dac_override static
No other module is calling this function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
(cherry picked from commit 0f664f016207894e0a156b9e1f4db7677c264205)
- - - - -
11523b49 by Christof Schmitt at 2023-11-25T18:28:13+00:00
nfs4_acls: Make fstat_with_cap_dac_override static
No other module is calling this function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
(cherry picked from commit bffd8bd8c32fea738824b807eb9e5f97a609493e)
- - - - -
66259b50 by Christof Schmitt at 2023-11-25T18:28:13+00:00
vfs_aixacl2: Call stat DAC_CAP_OVERRIDE functions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
(cherry picked from commit 9cac91542128888bde79391ca99291a76752f334)
- - - - -
be0b6c4b by Christof Schmitt at 2023-11-25T19:34:32+00:00
vfs_zfsacl: Call stat CAP_DAC_OVERRIDE functions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
Autobuild-User(master): Björn Jacke <bjacke at samba.org>
Autobuild-Date(master): Wed Nov 15 19:55:07 UTC 2023 on atb-devel-224
(cherry picked from commit 12e5c15a97b45aa01fc3f4274f8ba9cf7d1ddbe9)
Autobuild-User(v4-18-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-18-test): Sat Nov 25 19:34:32 UTC 2023 on atb-devel-224
- - - - -
2e5bc965 by Jule Anger at 2023-11-29T15:26:25+01:00
WHATSNEW: Add release notes for Samba 4.18.9.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
2669b77d by Jule Anger at 2023-11-29T15:26:25+01:00
VERSION: Disable GIT_SNAPSHOT for the 4.18.9 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
6c06c9ed by Jule Anger at 2023-11-29T15:26:25+01:00
VERSION: Bump version up to Samba 4.18.10...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
4a8dcbad by Michael Tokarev at 2023-11-29T17:49:28+03:00
New upstream version 4.18.9+dfsg
- - - - -
f731d750 by Samuel Cabrero at 2023-11-29T14:51:11+00:00
s3:libnetapi: Return error from RequestOfflineJoin
The error code must be returned to caller even if the error string is not set.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit e4afb211fe32f2aa92cc903df948874046f60305)
- - - - -
f8021a24 by Samuel Cabrero at 2023-11-29T14:51:11+00:00
s3:libnetapi: Add some comments to document ODJ blob charset conversions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit bdab834dfad55776155915f7ec410b5a192406fa)
- - - - -
a8544124 by Samuel Cabrero at 2023-11-29T14:51:11+00:00
s3:libnetapi: Add NetComposeOfflineDomainJoin() to IDL
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 740e704bd68a6b618b62336ba1583c0edeb82d6f)
- - - - -
fddbff3d by Samuel Cabrero at 2023-11-29T14:51:11+00:00
s3:libnetapi: Add NetComposeOfflineDomainJoin() boilerplate
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 532701e3cce9d15e95166ee7c24cd1e4af51fcc4)
- - - - -
ad2196fd by Samuel Cabrero at 2023-11-29T14:51:11+00:00
s3:libnetapi: Add NetComposeOfflineDomainJoin() to API.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 7cabbec2eaf5aefd3751c635c12556eca590f506)
- - - - -
4e43af11 by Samuel Cabrero at 2023-11-29T14:51:11+00:00
s3:libnetapi: Implement NetComposeOfflineDomainJoin_l()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit a8bd8f22aac2c223e85e318dba7af8b64052b053)
- - - - -
ca6ba984 by Samuel Cabrero at 2023-11-29T14:51:11+00:00
s3:net: Add "net offlinejoin composeodj" command
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 4a1f2071a6028a761bbe7efee20e9654851b51f0)
- - - - -
1f066b59 by Samuel Cabrero at 2023-11-29T14:51:11+00:00
s3:net: Load ODJ blob from file only if "loadfile" parameter is present
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit b2399b6994c89404f245e1a97ba1c1cf13d7fc86)
- - - - -
69475590 by Samuel Cabrero at 2023-11-29T14:51:11+00:00
s3:net: Allow to load ODJ blob from stdin
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit c14a4f51443f67bc46a670a342eed8cb9e81f37d)
- - - - -
ce29bbfb by Samuel Cabrero at 2023-11-29T14:51:11+00:00
testprogs: Cleanup machine account in net offlinejoin tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit e92e4b9544231c15eaf0bdbba4505345cd0f6ab5)
- - - - -
0a8cf4f1 by Samuel Cabrero at 2023-11-29T15:55:45+00:00
testprogs: Add net offlinejoin composeodj tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Sep 5 22:11:46 UTC 2023 on atb-devel-224
(cherry picked from commit f3c632e74ba100b455eeac66e8914b11d1d9b0a0)
Autobuild-User(v4-18-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-18-test): Wed Nov 29 15:55:45 UTC 2023 on atb-devel-224
- - - - -
849c370d by Shachar Sharon at 2023-12-11T13:21:02+00:00
vfs_ceph: call 'ceph_fgetxattr' only if valid fd
Align getxattr logic with the rest of xattr hooks: call ceph_fgetxattr
with appropriate io-fd when 'is_pathref' is false; otherwise, call
ceph_getxattr.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15440
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Anoop C S <anoopcs at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Thu Nov 30 12:32:29 UTC 2023 on atb-devel-224
(cherry picked from commit 83edfcff5ccd8c4c710576b6d5612e0578d168c8)
Autobuild-User(v4-18-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-18-test): Mon Dec 11 13:21:02 UTC 2023 on atb-devel-224
- - - - -
30fddc01 by Stefan Metzmacher at 2023-12-16T14:29:10+00:00
ctdb: remove unused ctdb->client_ip_list and print debug on ctdb_tcp_list instead
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
(cherry picked from commit 92badd3bdd82d1fa79727efcf81b6f479016811f)
- - - - -
d7249b3c by Stefan Metzmacher at 2023-12-16T14:29:10+00:00
ctdb: add ctdb_canonicalize_ip_inplace() helper
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
(cherry picked from commit f2d9c012fc803b48564c3203ed640c02f99bcbaa)
- - - - -
9d8768ff by Stefan Metzmacher at 2023-12-16T14:29:10+00:00
ctdb: make use of ctdb_canonicalize_ip_inplace() in ctdb_control_tcp_client()
We could also remove the src_addr and dest_addr helper variables
completely, but that would be too much for this commit.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
(cherry picked from commit 5f52d140f7b676ed68b5ce49d4445357bcbcb1a6)
- - - - -
0de804ac by Stefan Metzmacher at 2023-12-16T14:29:10+00:00
ctdb: add ctdb_connection_same() helper
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
(cherry picked from commit 8395fd369d3c9d216817e922423727748581f133)
- - - - -
f7694157 by Stefan Metzmacher at 2023-12-16T14:29:10+00:00
ctdb: add/implement CTDB_CONTROL_TCP_CLIENT_DISCONNECTED
With multichannel a ctdb connection from smbd may hold multiple
tcp connections, which can be disconnected before the smbd
process terminates the whole ctdb connection, so we a
way to remove undo 'CTDB_CONTROL_TCP_CLIENT' again.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
(cherry picked from commit c6602b686b4e50d93272667ef86d3904181fb1ab)
- - - - -
813e7186 by Stefan Metzmacher at 2023-12-16T14:29:10+00:00
ctdb: add/implement CTDB_CONTROL_TCP_CLIENT_PASSED
With multichannel a tcp connection is registered first with
a temporary smbd process, that calls CTDB_CONTROL_TCP_CLIENT
first and then passes the tcp connection to the longterm smbd
that already handles all connections belonging to the specific
client_guid. That smbd process calls CTDB_CONTROL_TCP_CLIENT
again, but the 'tickle' information is already there.
When the temporary smbd process exists/disconnects from ctdb
or calls CTDB_CONTROL_TCP_CLIENT_DISCONNECTED, the 'tickle'
information is removed, while the longterm smbd process
still serves the tcp connection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
(cherry picked from commit 037e8e449deb136ad5ed5e4de05439411b545b6d)
- - - - -
24d960d0 by Stefan Metzmacher at 2023-12-16T14:29:10+00:00
ctdbd_conn: don't use uninitialized memory in ctdbd_register_ips()
We dump the structure into the socket, so we need to zero the content
including possible padding.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
(cherry picked from commit 240139370aa19f53dd3de0ff468afd994d3bd973)
- - - - -
562e360e by Stefan Metzmacher at 2023-12-16T14:29:10+00:00
ctdbd_conn: let register_with_ctdbd() call CTDB_CONTROL_REGISTER_SRVID just once
We do the dispatching to multiple handlers in ctdbd_msg_call_back()
and we don't need more than one message from ctdb.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
(cherry picked from commit 77a559432ffde2d435e29bed126d20a09d33f48e)
- - - - -
ecc0acbb by Volker Lendecke at 2023-12-16T14:29:10+00:00
ctdbd_conn: Add deregister_from_ctdbd()
This is to remove a callback during rundown of smbds.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Volker Lendecke <vl at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
(cherry picked from commit 75aa6693940201a928b46f6880b43820c0e1c555)
- - - - -
18d34cea by Stefan Metzmacher at 2023-12-16T14:29:10+00:00
ctdbd_conn: add ctdbd_unregister_ips()
This reverts the effect of ctdbd_register_ips().
We'll use this in order to disconnect individual
multichannel connections.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
(cherry picked from commit f3a03f3f774f0795fc1a163f12cccb9cedeebec1)
- - - - -
6ca3ce4d by Stefan Metzmacher at 2023-12-16T14:29:10+00:00
ctdbd_conn: add ctdbd_passed_ips()
This is similar to ctdbd_unregister_ips(), but with the
difference that ctdb keeps the 'tickle' information for
the tcp connection alive, because another smbd process
took care of that tcp connection in a multichannel scenario.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
(cherry picked from commit 2e784789d78d09dfbc599085e5eb1c70c5b866b8)
- - - - -
d9ed96c9 by Stefan Metzmacher at 2023-12-16T14:29:10+00:00
selftest: export/use CTDB related envvars in order to run the ctdb command
This makes it easier to test things...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
(cherry picked from commit 38b74d4ca9a59e7f12850c20c410f9df26cbad0a)
- - - - -
f8c02609 by Stefan Metzmacher at 2023-12-16T14:29:10+00:00
s3:selftest: add samba3.blackbox.smbXsrv_client_ctdb_registered_ips
This demonstrates the crash that happens if a client connects to a
non-public address first followed by a connect
to public address with the same client_guid and a connection to
the non-public address gets disconnected first, we hit by a
use-after-free talloc_get_type_abort() called from release_ip() as
"xconn" is already gone, taking smbd_release_ip_state with it.
Note that we also need to mark some subtests as flapping
as there's a 2nd problem that happens in the interaction
between smbd processes and ctdb when passing a multichannel
connection to an existing process, it means we sometimes
loose the 'tickle' information within ctdb to that tcp connection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
(cherry picked from commit 082c7df4d04c2a94c5413c1d6b7eae7be610f950)
- - - - -
27918796 by Volker Lendecke at 2023-12-16T14:29:10+00:00
smbd: Remove callback for release_ip when "state" is free'ed
If a client connects to a non-public address first followed by a connect
to public address with the same client_guid and a connection to
the non-public address gets disconnected first, we hit by a use-after-free
talloc_get_type_abort() called from release_ip() as
"xconn" is already gone, taking smbd_release_ip_state with it.
We need to decide between calling ctdbd_unregister_ips() by default, as
it means the tcp connection is really gone and ctdb needs to remove the
'tickle' information. But when a connection was passed to a different
smbd process, we need to use ctdbd_passed_ips() as the tcp connection is
still alive and the 'tickle' information should not be removed within
ctdb.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Volker Lendecke <vl at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
(cherry picked from commit ddf47e7fe314e0f5bf71ff53e35350e0ba530d08)
- - - - -
ff4ed4d7 by Martin Schwenke at 2023-12-16T14:29:10+00:00
ctdb-daemon: Use ctdb_connection_to_buf() to simplify
The one case that is no longer handled specially is when the
destination address is IPv4 loopback. This may previously have been
used to avoid flooding the logs when testing. However, that seems
unnecessary - if testing with 127.0.0.1 then make it a public address.
Modernise debug while touching the code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 8fc3872557f715dc38f9898754a785fd073ace96)
- - - - -
a149a96e by Martin Schwenke at 2023-12-16T15:26:50+00:00
ctdb-server: Drop unnecessary copy of destination address
Modernise debug while touching the code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Dec 15 12:09:21 UTC 2023 on atb-devel-224
(cherry picked from commit 4b7329f15820f1b4d9a7b7f0947719c4217b312a)
Autobuild-User(v4-18-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-18-test): Sat Dec 16 15:26:50 UTC 2023 on atb-devel-224
- - - - -
c2c11168 by Stefan Metzmacher at 2023-12-28T17:09:25+00:00
s3:ctdbd_conn: fix ctdbd_public_ip_foreach() for ipv6 addresses
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15534
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Dec 21 11:09:30 UTC 2023 on atb-devel-224
(cherry picked from commit 828f3c99122fb033ecb79e24ed24821b8510f0f8)
Autobuild-User(v4-18-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-18-test): Thu Dec 28 17:09:25 UTC 2023 on atb-devel-224
- - - - -
9f8a73d7 by Jones Syue at 2024-01-05T13:46:39+00:00
s3:smbd multichannel: always refresh the network information
To maintain SMB Multichannel, windows client might periodically query with
FSCTL_QUERY_NETWORK_INTERFACE_INFO to get SMB server's network information,
in my case windows server 2022 would do this every 10 minutes (600 seconds).
Consider a scenario: the network information might have changed between
these queries, some become link down, new interface is link up, network
speed is changed, and etc. So far smbd might not aware of these changes and
still report out-of-date network information to windows client, until we
manually send a SIGHUP to smbd in order to trigger load_interfaces():
smbd_sig_hup_handler() > reload_services () > load_interfaces()
This might be a bit inconvenient because it is hard to decide when should
we manually send a SIGHUP to smbd for refreshing network information.
This patch adds load_interfaces() at fsctl_network_iface_info(), while smbd
received FSCTL_QUERY_NETWORK_INTERFACE_INFO would go through this and refresh
local_interfaces, then respond to client with up-to-date network information;
also refresh num_ifaces to make sure interfaces count is consistent.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15547
Signed-off-by: Jones Syue <jonessyue at qnap.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
(cherry picked from commit 318fd95d5ea63724798592eb6b4eebaecfa0cbfb)
Autobuild-User(v4-18-test): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(v4-18-test): Fri Jan 5 13:46:39 UTC 2024 on atb-devel-224
- - - - -
7f4d5a37 by Volker Lendecke at 2024-01-08T12:49:09+00:00
shadow_copy: Add test for missing directory in "current" fileset
Right now we can't traverse a subdirectory in a snapshot which was
deleted in the current set of files.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15544
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit a0bfadb32b83ab1e58290f84c298d345e21866d9)
- - - - -
529fb888 by Volker Lendecke at 2024-01-08T12:49:09+00:00
smbd: Fix traversing snapshot dirs that vanished in current fileset
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15544
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Jan 2 20:37:01 UTC 2024 on atb-devel-224
- - - - -
49d9e55e by Björn Jacke at 2024-01-08T12:49:09+00:00
doc-xml: fix name of vfs_linux_xfs man page
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15542
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 2073bbf9dcab5fabe5e683c12e16c195239fcba1)
- - - - -
96897774 by Björn Jacke at 2024-01-08T12:49:09+00:00
winbind_nss_netbsd: fix missing semicolon
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15541
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit b41f95f891ab5b1d1878735a513be5d9a13f63c6)
- - - - -
a9862b23 by Björn Jacke at 2024-01-08T14:02:46+00:00
docs-xml: use XML_CATALOG_FILES env var if defined
Thanks to Thierry LARONDE for the fix.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15540
Signed-off-by: Björn Jacke <bjacke at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit b9f32b32e0e1463b8ca3e696d682ecf86503464b)
Autobuild-User(v4-18-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-18-test): Mon Jan 8 14:02:46 UTC 2024 on atb-devel-224
- - - - -
29f629a1 by Ralph Boehme at 2024-01-16T09:09:15+00:00
selftest: remove error_inject from shadow_write share
Frankly, I can't remember why I added this as part of bug 13688. The
goal of the corresponding test is to verify a write on a read-only
file handle fails. As the file is opened O_RDONLY, the write will fail
anyway and there's no need to inject the error.
To make things worse, having the error injected meant we didn't notice
when the underlying logic of forcing the open to be done with O_RDONLY
was done as O_RDWR, resulting in the write on the handle to succeed.
This happened when we introduced reopen_from_fsp(): the initial
pathref open of a path with a twrp value was correctly detected and
handled by shadow_copy2_openat(). However, when converting the pathref
open to a real one via reopen_from_fsp(), shadow_copy2_openat() only
sees the magic /proc/fd path and has no way of inferring that this was
originating from a prevous version open with a twrp value.
Tl;dr: we can just remove this error injection, it is not needed, the
correct fix is to implement this in the SMB layer which is done in the
subsequent commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 78119edba013583555069271bb61134c12c2c135)
- - - - -
469c91c4 by Ralph Boehme at 2024-01-16T09:09:15+00:00
s4/libcli/raw: implemement RAW_SFILEINFO_LINK_INFORMATION
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit c62484bc2c60ebac42635793d94cb8e62629acbf)
- - - - -
7080c5b4 by Ralph Boehme at 2024-01-16T09:09:15+00:00
smbtorture: expand smb2.twrp.write test
Test more modifying operations are blocked and access masks are correct.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 537eedfe2a79fba2e1f062f14ba7a0c5f8f70a88)
- - - - -
c8e1d26c by Ralph Boehme at 2024-01-16T09:09:15+00:00
smbd: return the correct error in can_rename()
This is what Windows returns for this case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 276c5bd851ab6ab818a49d9c47f6b96de8024778)
- - - - -
d8729472 by Ralph Boehme at 2024-01-16T09:09:15+00:00
smbd: set fsp_flags.is_fsa to true on printer file handles
Printer file handles went through SMB_VFS_CREATE_FILE() and are network
callable, so it makes sense to set this on them.
This ensures that check_access_fsp() doesn't take the codepath calling
smbd_check_access_rights_fsp(), but just checks the request rights from
fsp->access_mask.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 76c8fe16bff36a29fa326355256b50737d04bd85)
- - - - -
b775434b by Ralph Boehme at 2024-01-16T09:09:15+00:00
smbd: rename check_access_fsp() to check_any_access_fsp()
The semantics of the access check in check_access_fsp() itself is to
allow access if *at least* one or more rights of the rights in
access_mask are allowed. The name check_any_access_fsp() better
reflects this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 96b577c380fa914eb1ffa95849c82bdb88aa1ec6)
- - - - -
8c08511f by Ralph Boehme at 2024-01-16T09:09:15+00:00
smbd: fix check_any_access_fsp() for non-fsa fsps
smbd_check_access_rights_fsp() requires *all* rights in access_mask to
be granted by the underlying ACL, but the semantics of this function
is supposed to grant access if any one of the rights in
access_requested is allowed.
Fix this by looping over the requested access mask. If
smbd_check_access_rights_fsp() returns sucess, mask will be non-null
and when assigned to access_granted, the subsequent check will pass,
fail otherwise.
I'm not doing an early exit on purpose because a subsequent commit
adds additional security checks that are done in the subsequent code
path common for fsa and non-fsa fsps.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit bf497819e61131cfa6469971596af3aa9bd4bb49)
- - - - -
8ee0768d by Ralph Boehme at 2024-01-16T09:09:15+00:00
smbd: return correct error when trying to create a hardlink to a VSS file
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit a0ae45be770a13373c148a689b9761f14c4f942c)
- - - - -
15536403 by Ralph Boehme at 2024-01-16T09:09:15+00:00
smbd: set fsp->fsp_flags.can_write to false for access to previous-versions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit ee3035218df4cfd68b6aab6825c78f2b85234c6c)
- - - - -
77a71bc9 by Ralph Boehme at 2024-01-16T09:09:15+00:00
smbd: replace CHECK_WRITE() macro with calls to check_any_access_fsp()
The additional check if fd underlying fd is valid and not -1 should not be done
at this place. I actually would prefer an write to fail with EBADF if this
happens, as it's likely easier to debug why this happened. These days we should
always have a valid fd.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 995a31c8d4c1789c16bae6b8196f2565d4b1dfdb)
- - - - -
d3f062e2 by Ralph Boehme at 2024-01-16T09:09:15+00:00
smbd: use check_any_access_fsp() for all access checks
Replaces the direct access to fsp->access_mask with a call to
check_any_access_fsp() which allows doing additional checks if needed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(backported from commit 02ed99343d19fd0845531ad99a46b1dd5b8a7a4f)
[slow at samba.org: vfs_acl_common.c: different chown_needed check]
- - - - -
1e108b3a by Ralph Boehme at 2024-01-16T09:09:15+00:00
smbd: check for previous versions in check_any_access_fsp()
Now that check_any_access_fsp() is broadly used consistently to
restrict access for all modifying operations, we can add a check for
previous versions to check_any_access_fsp() and it gets enforced
consistently.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit fd4e41144a819b4403340e4a28664ac586722b41)
- - - - -
ee2df0bb by Ralph Boehme at 2024-01-16T10:05:29+00:00
smbd: move access override for previous versions to the SMB layer
Doing the previous version access checks and semantics at the SMB
layer means we can simplify the shadow_copy2 and remove the kludge.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Jan 8 16:58:26 UTC 2024 on atb-devel-224
(backported from commit f14a7065690b00e3c6af2c1f0b0aec51c1e0b372)
[slow at samba.org: vfs_shadow_copy2.c: no TALLOC_FREE() in context]
[slow at samba.org: open.c: assign result from calculate_open_access_flags()]
Autobuild-User(v4-18-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-18-test): Tue Jan 16 10:05:29 UTC 2024 on atb-devel-224
- - - - -
0d75a9ac by Björn Jacke at 2024-01-22T09:04:17+00:00
time.c: fix ctime which was feeded with the mtime seconds
This bug was introduced with 53a1d034f3e47ed3c in 2020.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15550
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 2df2e34c3c1ccf76bbcc78586cbbb6433b6d30d5)
- - - - -
161efeac by Bjoern Jacke at 2024-01-22T09:04:17+00:00
system.c: fix fake directory create times
This was broken by c9c3d4312d7281904fc back in 2009 already.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12421
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 56c3dbc2ff8531772bf79eb9da3497767a20ce6f)
- - - - -
e6745b15 by Jones Syue at 2024-01-22T10:09:52+00:00
s3:passdb: smbpasswd reset permissions only if not 0600
Browsing files or download files from samba server, smbd would check user's
id to decide whether this user could access these files, by lookup user's
information from the password file (e.g. /usr/local/samba/private/smbpasswd).
smbd might goes through startsmbfilepwent(), this api calls [f]chmod() to
make sure the password file has valid permissions 0600.
Consider a scenario: we are doing a read performance benchmark about
downloading a bunch of files (e.g. a thousand files) from a samba server,
monitoring file system i/o activities counters, and expecting that should
be only read operations on file system because this is just downloading, no
uploading is involved. But actually found that still write operations on file
system, because smbd lookup user and always reset 0600 permissions on password
file while access each file, it makes dirty pages (inode modification) in ram,
later triggered a kernel journal daemon to sync dirty pages into back storage
(e.g. ext3 kjournald, or ext4 jbd2).
This looks like not friendly for read performance benchmark if it happened on
an entry-level systems with much less memory and limited computation power,
because dirty pages syncing in the meantime slows down read performance.
This patch adds fstat() before [f]chmod(), it would check whether password
file has valid permissions 0600 or not. If 0600 smbd would bypass [f]chmod()
to avoid making dirty pages on file systems. If not 0600 smbd would warn and
go through [f]chmod() to set valid permissions 0600 to password file as
earlier days.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15555
Signed-off-by: Jones Syue <jonessyue at qnap.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Jan 18 10:28:19 UTC 2024 on atb-devel-224
(cherry picked from commit c82a267b2a1b7617e818548aa486b7cfbda74657)
Autobuild-User(v4-18-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-18-test): Mon Jan 22 10:09:52 UTC 2024 on atb-devel-224
- - - - -
4b1f0c6e by Ralph Boehme at 2024-01-29T10:45:17+00:00
vfs_default: allow disabling /proc/fds and RESOLVE_NO_SYMLINK at compile time
This will be used in CI to have a gitlab runner without all modern Linux
features we make use of as part of path processing:
- O_PATH
- openat2() with RESOLVE_NO_SYMLINKS
- somehow safely reopen an O_PATH file handle
That gives what a classix UNIX like AIX or Solaris offers feature wise.
Other OSes support other combinations of those features, but we leave the
exersize of possibly adding more runners supporting those combinations to the
reader.
The following list shows which features are available and used by Samba on a few
OSes:
| O_PATH | RESOLVE_NO_SYMLINKS | Safe reopen | CI covered
--------|----------------|---------------------|----------------------------
| Supported Used | Supported Used | Supported Used |
============================================================================
Linux | + + | + + | + + | +
FreeBSD | + + | + [1] - | + [2] - | -
AIX | - - | - - | - - | +
[1] via open() flag O_RESOLVE_BENEATH
[2] via open() flag O_EMPTY_PATH
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15549
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 5c2f96442a25a1725809a28b3719afbc0bd01830)
- - - - -
8bac9003 by Ralph Boehme at 2024-01-29T10:45:17+00:00
CI: disable /proc/fds and RESOLVE_NO_SYMLINK in samba-no-opath-build runner
This is a more sensible combination of missing Linux specific features:
- O_PATH
- openat2() with RESOLVE_NO_SYMLINKS
- somehow safely reopen an O_PATH file handle
Currently only O_PATH is disabled for these jobs, but that doesn't really match
and know OS.
The following list shows which features are available and used by Samba on a few
OSes:
| O_PATH | RESOLVE_NO_SYMLINKS | Safe reopen | CI covered
--------|----------------|---------------------|----------------------------
| Supported Used | Supported Used | Supported Used |
============================================================================
Linux | + + | + + | + + | +
FreeBSD | + + | + [1] - | + [2] - | -
AIX | - - | - - | - - | +
So by also disabling RESOLVE_NO_SYMLINKS and Safe Reopen, we cover classic UNIX
systems like AIX.
[1] via open() flag O_RESOLVE_BENEATH
[2] via open() flag O_EMPTY_PATH
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15549
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 62cbe145c7e500c4759ed2005c78bd5056c87f43)
- - - - -
f495f6d2 by Ralph Boehme at 2024-01-29T10:45:17+00:00
smbd: pass symlink target path to safe_symlink_target_path()
Moves processing the symlink error response to the caller
filename_convert_dirfsp(). Prepares for using this in
non_widelink_open(), where it will replace symlink_target_below_conn()
with the same functionality.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15549
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(back-ported from commit 0515dded4ddb49e5570ae7df51126af1a2d643de)
- - - - -
0086f3d4 by Ralph Boehme at 2024-01-29T10:45:17+00:00
smbd: add a directory argument to safe_symlink_target_path()
Existing caller passes NULL, no change in behaviour. Prepares for
replacing symlink_target_below_conn() in open.c.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15549
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit fc80c72d658a41fe4d93b24b793b52c91b350175)
- - - - -
ab7d6966 by Ralph Boehme at 2024-01-29T10:45:17+00:00
smbd: use safe_symlink_target_path() in symlink_target_below_conn()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15549
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 1965fc77b3852a0593e13897af08f5304a1ce3a2)
- - - - -
974a8908 by Ralph Boehme at 2024-01-29T11:53:56+00:00
smbd: use dirfsp and atname in open_directory()
On systems without /proc/fd support this avoid the expensive chdir()
logic in non_widelink_open(). open_file_ntcreate() already passes
dirfsp and atname to reopen_from_fsp(), it was just missed in the
conversion.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15549
Reviewed-by: Volker Lendecke <vl at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Mon Jan 22 12:00:56 UTC 2024 on atb-devel-224
(cherry picked from commit 2713023250f15cf9971d88620cab9dd4afd0dc73)
Autobuild-User(v4-18-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-18-test): Mon Jan 29 11:53:56 UTC 2024 on atb-devel-224
- - - - -
13709fd7 by Jule Anger at 2024-01-31T21:33:05+01:00
WHATSNEW: Add release notes for Samba 4.18.10.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
51a13a23 by Jule Anger at 2024-01-31T21:33:46+01:00
VERSION: Disable GIT_SNAPSHOT for the 4.18.10 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
1b2c9206 by Michael Tokarev at 2024-02-03T15:25:31+03:00
New upstream version 4.18.10+dfsg
- - - - -
30 changed files:
- Makefile
- VERSION
- WHATSNEW.txt
- buildtools/wafsamba/wafsamba.py
- ctdb/common/common.h
- ctdb/common/ctdb_util.c
- ctdb/include/ctdb_private.h
- ctdb/protocol/protocol.h
- ctdb/protocol/protocol_control.c
- ctdb/protocol/protocol_debug.c
- ctdb/protocol/protocol_util.c
- ctdb/protocol/protocol_util.h
- ctdb/server/ctdb_control.c
- ctdb/server/ctdb_takeover.c
- ctdb/server/ctdbd.c
- docs-xml/manpages/vfs_linux_xfs_sgid.8.xml
- lib/util/time.c
- nsswitch/winbind_nss_netbsd.c
- python/samba/dbchecker.py
- python/samba/descriptor.py
- python/samba/provision/__init__.py
- python/samba/provision/sambadns.py
- script/autobuild.py
- + selftest/knownfail.d/samba4.ldap.confidential_attr
- selftest/skip.opath-required
- selftest/target/Samba.pm
- selftest/target/Samba3.pm
- source3/include/ctdbd_conn.h
- source3/include/proto.h
- source3/include/smb_macros.h
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/b514ca81d59d43f9905ba4d94857a47b644f86dc...1b2c92062efe07e712a30bf63dcda8c614dc5f74
--
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/b514ca81d59d43f9905ba4d94857a47b644f86dc...1b2c92062efe07e712a30bf63dcda8c614dc5f74
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20240203/9e724697/attachment-0001.htm>
More information about the Pkg-samba-maint
mailing list