[Pkg-samba-maint] [Git][samba-team/samba][upstream_4.16] 197 commits: third_party: Update socket_wrapper to version 1.3.4

Thu Dec 15 17:33:48 GMT 2022

Michael Tokarev pushed to branch upstream_4.16 at Debian Samba Team / samba

Commits:
d41566d1 by Andreas Schneider at 2022-09-18T16:46:09+00:00
third_party: Update socket_wrapper to version 1.3.4

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 5dcb49bbd80abf6f3f082ef9c1d5452991c74c87)

- - - - -
f0c44d9e by Joseph Sutton at 2022-09-18T16:46:09+00:00
CVE-2021-20251 tests/krb5: Add PasswordKey_from_creds()

This is needed for generating a key when we don't have ETYPE-INFO2.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>

- - - - -
3542483d by Joseph Sutton at 2022-09-18T16:46:09+00:00
CVE-2021-20251 lib:crypto: Add des_crypt_blob_16() for encrypting data with DES

This lets us access single-DES from Python. This function is used in a
following commit for encrypting an NT hash to obtain the verifier for a
SAMR password change.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit b27a67af0216811d330d8a4c52390cf4fc04b5fd)

[jsutton at samba.org Fixed wscript conflict introduced by commit
 61aeb7740764b202db0ddba559e83c3b2953ae36]

- - - - -
b7351888 by Joseph Sutton at 2022-09-18T16:46:09+00:00
CVE-2021-20251 lib:crypto: Add md4_hash_blob() for hashing data with MD4

This lets us access MD4, which might not be available in hashlib, from
Python. This function is used in a following commit for hashing a
password to obtain the verifier for a SAMR password change.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 17b8d164f69a5ed79d9b7b7fc2f3f84f8ea534c8)

- - - - -
63020bf1 by Joseph Sutton at 2022-09-18T16:46:09+00:00
CVE-2021-20251 tests/krb5: Add tests for password lockout race

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 91e2e5616ccd507fcaf097533c5fc25974119c1e)

[jsutton at samba.org Fixed conflicts in usage.py, knownfails, and tests.py
 due to not having claims tests]

[jsutton at samba.org Removed tests for unsupported SAMR AES password
 change, removed related GNUTLS_PBKDF2_SUPPORT environment variable, and
 fixed knownfail conflicts; marked all password lockout tests as
 flapping due to sporadic failures seen with Fedora 35]

- - - - -
0e3ac110 by Joseph Sutton at 2022-09-18T16:46:09+00:00
CVE-2021-20251 tests/krb5: Convert password lockout tests to use os.fork() and os.pipe()

Running the password lockout tests on Fedora 35 occasionally results in
errors similar to the following:

    [1(0)/1 at 0s] samba.tests.krb5.lockout_tests(ad_dc:local)
    EPOLL_CTL_DEL EBADF for fde[0x5569dc76c670] mpx_fde[(nil)] fd[14] - disabling

    EPOLL_CTL_DEL EBADF for fde[0x5569dc6089c0] mpx_fde[(nil)] fd[14] - disabling

    EPOLL_CTL_DEL EBADF for fde[0x5569dbbe58e0] mpx_fde[(nil)] fd[14] - disabling

    UNEXPECTED(error): samba.tests.krb5.lockout_tests.samba.tests.krb5.lockout_tests.LockoutTests.test_lockout_race_kdc(ad_dc:local)
    REASON: Exception: Exception: concurrent.futures.process._RemoteTraceback:
    """
    Traceback (most recent call last):
      File "/usr/lib64/python3.10/concurrent/futures/process.py", line 243, in _process_worker
        r = call_item.fn(*call_item.args, **call_item.kwargs)
      File "/home/samba/src/bin/python/samba/tests/krb5/lockout_tests.py", line 141, in connect_kdc
        pipe.send_bytes(b'0')
      File "/usr/lib64/python3.10/multiprocessing/connection.py", line 205, in send_bytes
        self._send_bytes(m[offset:offset + size])
      File "/usr/lib64/python3.10/multiprocessing/connection.py", line 416, in _send_bytes
        self._send(header + buf)
      File "/usr/lib64/python3.10/multiprocessing/connection.py", line 373, in _send
        n = write(self._handle, buf)
    OSError: [Errno 9] Bad file descriptor
    """

    The above exception was the direct cause of the following exception:

    Traceback (most recent call last):
      File "/home/samba/src/bin/python/samba/tests/krb5/lockout_tests.py", line 537, in test_lockout_race_kdc
        self.do_lockout_race(connect_kdc)
      File "/home/samba/src/bin/python/samba/tests/krb5/lockout_tests.py", line 863, in do_lockout_race
        self.wait_for_ready(our_pipe, connect_future)
      File "/home/samba/src/bin/python/samba/tests/krb5/lockout_tests.py", line 471, in wait_for_ready
        raise exception
    OSError: [Errno 9] Bad file descriptor

Such messages can be seen to come from epoll_del_event(). By resorting
to lower-level facilites such as fork() and OS pipes, we lose helpful
features such as timeouts and propagation of exceptions from child
processes, but we may avoid interactions with the event system that lead
to failures.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>

- - - - -
bc30ca21 by Andrew Bartlett at 2022-09-18T16:46:09+00:00
CVE-2021-20251 s4-rpc_server: Use authsam_search_account() to find the user

This helps the bad password and audit log handling code as it
allows assumptions to be made about the attributes found in
the variable "msg", such as that DSDB_SEARCH_SHOW_EXTENDED_DN
was used.

This ensures we can re-search on the DN via the embedded GUID,
which in in turn rename-proof.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 439f96a2cfe77f6cbf331d965a387512c2db91c6)

[jsutton at samba.org Adapted to LM hash still being present]

- - - - -
740c4c2b by Gary Lockyer at 2022-09-18T16:46:09+00:00
CVE-2021-20251 auth4: split samdb_result_msds_LockoutObservationWindow() out

samdb_result_msds_LockoutObservationWindow() is split out of
samdb_result_effective_badPwdCount()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 2087b0cd986b8959b2a402b9a1891472e47ca0b0)

- - - - -
831335aa by Gary Lockyer at 2022-09-18T16:46:09+00:00
CVE-2021-20251 s4 auth: Prepare to make bad password count increment atomic

To ensure that the bad password count is incremented atomically,
and that the successful logon accounting data is updated atomically,
without always opening a transaction, we will need to make a note
of all bad and successful passwords in a side-DB outside the
transaction lock.

This provides the functions needed for that and hooks them in
(future commits will handle errors and use the results).

Based on patches by Gary Lockyer <gary at catalyst.net.nz>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 408717242aad8adf4551f2394eee2d80a06c7e63)

- - - - -
9dcf447d by Andrew Bartlett at 2022-09-18T16:46:09+00:00
CVE-2021-20251 auth4: Reread the user record if a bad password is noticed..

As is, this is pointless, as we need a transaction to make this
any less of a race, but this provides the steps towards that goal.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 7b8e32efc336fb728e0c7e3dd6fbe2ed54122124)

- - - - -
8580b90a by Gary Lockyer at 2022-09-18T16:46:09+00:00
CVE-2021-20251 s4 auth test: Unit tests for source4/auth/sam.c

cmocka unit tests for the authsam_reread_user_logon_data in
source4/auth/sam.c

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit d6cf245b96fb02edb3bcc52733d040d5f03fb918)

- - - - -
a1a440c1 by Joseph Sutton at 2022-09-18T16:46:09+00:00
CVE-2021-20251 auth4: Detect ACCOUNT_LOCKED_OUT error for password change

This is more specific than NT_STATUS_UNSUCCESSFUL, and for the SAMR
password change, matches the result the call to samdb_result_passwords()
would give.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 336e303cf1962b56b64c0d9d2b05ac15d00e8692)

- - - - -
79f791ff by Andrew Bartlett at 2022-09-18T16:46:09+00:00
CVE-2021-20251 s4 auth: make bad password count increment atomic

Ensure that the bad password count is incremented atomically,
and that the successful logon accounting data is updated atomically.

Use bad password indicator (in a distinct TDB) to determine if to open a transaction

We open a transaction when we have seen the hint that this user
has recorded a bad password.  This allows us to avoid always
needing one, while not missing a possible lockout.

We also go back and get a transation if we did not take out
one out but we chose to do a write (eg for lastLogonTimestamp)

Based on patches by Gary Lockyer <gary at catalyst.net.nz>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit de4cc0a3dae89f3e51a099282615cf80c8539e11)

- - - - -
a9aae34d by Andrew Bartlett at 2022-09-18T16:46:09+00:00
CVE-2021-20251 auth4: Add missing newline to debug message on PSO read failure

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 4a9e0fdccfa218fbb2c3eb87e1a955ade0364b98)

- - - - -
6b826a37 by Gary Lockyer at 2022-09-18T16:46:09+00:00
CVE-2021-20251 auth4: Return only the result message and free the surrounding result

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit b954acfde258a1909ed60c1c3e1015701582719f)

- - - - -
0d6da525 by Andrew Bartlett at 2022-09-18T16:46:09+00:00
CVE-2021-20251 auth4: Split authsam_calculate_lastlogon_sync_interval() out

authsam_calculate_lastlogon_sync_interval() is split out of authsam_update_lastlogon_timestamp()

Based on work by Gary Lockyer <gary at catalyst.net.nz>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 55147335aec8194b6439169b040556a96db22e95)

- - - - -
dd38fae8 by Andrew Bartlett at 2022-09-18T16:46:09+00:00
CVE-2021-20251 auth4: Inline samdb_result_effective_badPwdCount() in authsam_logon_success_accounting()

By bringing this function inline it can then be split out in a
subsequent commit.

Based on work by Gary Lockyer <gary at catalyst.net.nz>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 712181032a47318576ef35f6a6cf0f958aa538fb)

- - - - -
6a70d006 by Andrew Bartlett at 2022-09-18T16:46:09+00:00
CVE-2021-20251 auth4: Avoid reading the database twice by precaculating some variables

These variables are not important to protect against a race with
and a double-read can easily be avoided by moving them up the file
a little.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit b5f78b7b895a6b92cfdc9221b18d67ab18bc2a24)

- - - - -
2fe2485b by Joseph Sutton at 2022-09-18T16:46:09+00:00
CVE-2021-20251 s4-auth: Pass through error code from badPwdCount update

The error code may be NT_STATUS_ACCOUNT_LOCKED_OUT, which we use in
preference to NT_STATUS_WRONG_PASSWORD.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit d8a862cb811489abb67d4cf3a7fbd83d05c7e5cb)

- - - - -
f725f2f2 by Joseph Sutton at 2022-09-18T16:46:09+00:00
CVE-2021-20251 s4:dsdb: Update bad password count inside transaction

Previously, there was a gap between calling dsdb_update_bad_pwd_count()
and dsdb_module_modify() where no transaction was in effect. Another
process could slip in and modify badPwdCount, only for our update to
immediately overwrite it. Doing the update inside the transaction will
help for the following commit when we make it atomic.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit a65147a9e98ead70869cdfa20ffcc9c167dbf535)

[jsutton at samba.org Fixed conflicts due to lack of dbg_ret variable]

- - - - -
f58d7e42 by Joseph Sutton at 2022-09-18T16:46:09+00:00
CVE-2021-20251 s4:dsdb: Make badPwdCount update atomic

We reread the account details inside the transaction in case the account
has been locked out in the meantime. If it has, we return the
appropriate error code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 96479747bdb5bc5f33d903085f5f69793f369e3a)

[jsutton at samba.org Fixed conflict due to lack of dbg_ret variable]

- - - - -
29b31129 by Joseph Sutton at 2022-09-18T16:46:09+00:00
CVE-2021-20251 s4:kdc: Move logon success accounting code into existing branch

This simplifies the code for the following commit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 2b593c34c4f5cb82440b940766e53626c1cbec5b)

- - - - -
5eb5daaa by Joseph Sutton at 2022-09-18T16:46:09+00:00
CVE-2021-20251 s4:kdc: Check return status of authsam_logon_success_accounting()

If we find that the user has been locked out sometime during the request
(due to a race), we will now return an error code.

Note that we cannot avoid the MIT KDC aspect of the issue by checking
the return status of mit_samba_zero_bad_password_count(), because
kdb_vftabl::audit_as_req() returning void means we cannot pass on the
result.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit b1e740896ebae14ba64250da2f718e1d707e9eed)

- - - - -
74d8c3d5 by Joseph Sutton at 2022-09-18T16:46:09+00:00
CVE-2021-20251 s4:kdc: Check badPwdCount update return status

If the account has been locked out in the meantime (indicated by
NT_STATUS_ACCOUNT_LOCKED_OUT), we should return the appropriate error
code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit bdfc9d96f8fe5070ab8a189bbf42ccb7e77afb73)

[jsutton at samba.org Fixed knownfail conflicts due to not having claims
 tests]

[jsutton at samba.org Fixed knownfail conflicts]

- - - - -
96c24b58 by Joseph Sutton at 2022-09-18T16:46:09+00:00
CVE-2021-20251 s4-rpc_server: Check badPwdCount update return status

If the account has been locked out in the meantime (indicated by
NT_STATUS_ACCOUNT_LOCKED_OUT), we should return the appropriate error
code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit a268a1a0e304d0702469e4ac146d8af5e7384c39)

- - - - -
05447dfb by Joseph Sutton at 2022-09-18T16:46:09+00:00
CVE-2021-20251 s4:auth_winbind: Check return status of authsam_logon_success_accounting()

This may return an error if we find the account is locked out.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 268ea7bef5af4b9c8a02f4f5856113ff0664d9e8)

- - - - -
69abe0c2 by Jeremy Allison at 2022-09-18T16:46:09+00:00
CVE-2021-20251 s3: ensure bad password count atomic updates

The bad password count is supposed to limit the number of failed login
attempt a user can make before being temporarily locked out, but race
conditions between processes have allowed determined attackers to make
many more than the specified number of attempts.  This is especially
bad on constrained or overcommitted hardware.

To fix this, once a bad password is detected, we reload the sam account
information under a user-specific mutex, ensuring we have an up to
date bad password count.

Discovered by Nathaniel W. Turner.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 8587734bf989aeaafa9d09d78d0f381caf52d285)

- - - - -
ae3b6152 by Joseph Sutton at 2022-09-18T16:46:09+00:00
CVE-2021-20251 s3: Ensure bad password count atomic updates for SAMR password change

The bad password count is supposed to limit the number of failed login
attempt a user can make before being temporarily locked out, but race
conditions between processes have allowed determined attackers to make
many more than the specified number of attempts.  This is especially
bad on constrained or overcommitted hardware.

To fix this, once a bad password is detected, we reload the sam account
information under a user-specific mutex, ensuring we have an up to
date bad password count.

Derived from a similar patch to source3/auth/check_samsec.c by
Jeremy Allison <jra at samba.org>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 65c473d4a53fc8a22a0d531aff45203ea3a4d99b)

- - - - -
a3aebea4 by Joseph Sutton at 2022-09-18T16:46:09+00:00
lib:util: Check memset_s() error code in talloc_keep_secret_destructor()

Panic if memset_s() fails.

Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 03a50d8f7d872b6ef701d1207061c88b73d171bb)

- - - - -
3cab9f6a by Joseph Sutton at 2022-09-18T16:46:09+00:00
libcli:auth: Keep passwords from convert_string_talloc() secret

Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 6edf88f5c40421b9881666a2e78038ea9c547c24)

[jsutton at samba.org Removed change to decode_pwd_string_from_buffer514()
 that is not present in 4.16]

- - - - -
d9a144e8 by Pavel Filipenský at 2022-09-18T16:46:09+00:00
lib:replace: Add macro BURN_STR() to zero memory of a string

Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 8564380346ace981b957bb8464f2ecf007032062)

[jsutton at samba.org Fixed conflict]

- - - - -
317d3671 by Joseph Sutton at 2022-09-18T16:46:09+00:00
s3:rpc_server: Use BURN_STR() to zero password

This ensures these calls are not optimised away.

Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 1258746ba85b8702628f95a19aba9afea96eab8b)

- - - - -
f78ff75c by Joseph Sutton at 2022-09-18T16:46:09+00:00
CVE-2021-20251 s4-rpc_server: Extend scope of transaction for ChangePasswordUser3

Now the initial account search is performed under the transaction,
ensuring the overall password change is atomic. We set DSDB_SESSION_INFO
to drop our privileges to those of the user before we perform the actual
password change, and restore them afterwards if we need to update the
bad password count.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit fcabcb326d385c1e1daaa8dae9820e33a3868f56)

[jsutton at samba.org Included dsdb/common/util.h header for
 DSDB_SESSION_INFO define]

- - - - -
c56e2e2e by Andreas Schneider at 2022-09-18T16:46:09+00:00
s3:rpc_server: Use a done goto label for dcesrv_samr_SetUserInfo()

This will be used in the following commits.

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit a246ae993fd8553bf66aa8ee1700eb68b85f2857)

- - - - -
f7f1106b by Andreas Schneider at 2022-09-18T16:46:09+00:00
s4:rpc_server: Use sam_ctx consistently in dcesrv_samr_SetUserInfo()

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 1b3d7f811680f9ac66ca5822950b3eee081a06b0)

- - - - -
d0cd367d by Andreas Schneider at 2022-09-18T16:46:09+00:00
s4:rpc_server: Add transaction for dcesrv_samr_SetUserInfo()

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 1aa403517ffc0d43df72ddc9fa2ce86ab5c33873)

- - - - -
6a0280d9 by Joseph Sutton at 2022-09-18T17:46:29+00:00
CVE-2021-20251 dsdb/common: Remove transaction logic from samdb_set_password()

All of its callers, where necessary, take out a transaction covering the
entire password set or change operation, so a transaction is no longer
needed here.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 7981cba87e3a7256b12bfc5fdd89b136c12979ff)

Autobuild-User(v4-16-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-16-test): Sun Sep 18 17:46:29 UTC 2022 on sn-devel-184

- - - - -
729bbca5 by Volker Lendecke at 2022-09-28T19:13:18+00:00
vfs_gpfs: Prevent mangling of GPFS timestamps after 2106

gpfs_set_times as of August 2020 stores 32-bit unsigned tv_sec. We
should not silently garble time stamps but reject the attempt to set
an out-of-range timestamp.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15151
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
(cherry picked from commit b954d181cd25d9029d3c222e8d97fe7a3b0b2400)

- - - - -
08383bed by Volker Lendecke at 2022-09-28T19:13:18+00:00
lib: Map ERANGE to NT_STATUS_INTEGER_OVERFLOW

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15151
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Aug 19 12:43:06 UTC 2022 on sn-devel-184

(cherry picked from commit 06f35edaf129ce3195960905d38af73ec12fc716)
(cherry picked from commit e56c18d356bd3419abebd36e1fae39019cabbfaf)

- - - - -
04e54799 by Volker Lendecke at 2022-09-28T19:13:18+00:00
vfs_gpfs: Protect against timestamps before the Unix epoch

In addition to b954d181cd2 we should also protect against timestamps
before the epoch.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15151
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Sep 23 06:50:17 UTC 2022 on sn-devel-184

(cherry picked from commit f6b391e04a4d5974b908f4f375bd2876083aa7b2)

- - - - -
2f71273a by Jeremy Allison at 2022-09-28T20:10:04+00:00
s3: smbd: Fix memory leak in smbd_server_connection_terminate_done().

The function smbd_server_connection_terminate_done() does not free subreq
which is allocated in smbXsrv_connection_shutdown_send, this can be a
memory leakage if multi-channel is enabled.

Suggested fix by haihua yang <hhyangdev at gmail.com>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15174

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>

Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Fri Sep 23 09:51:20 UTC 2022 on sn-devel-184

(cherry picked from commit b600b0c8d9690cb5eeded1e5925c8e667c11af04)

Autobuild-User(v4-16-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-16-test): Wed Sep 28 20:10:04 UTC 2022 on sn-devel-184

- - - - -
7c2697e9 by Andreas Schneider at 2022-10-07T08:45:15+00:00
s3:auth: Flush the GETPWSID in memory cache for NTLM auth

Example valgrind output:

==22502== 22,747,002 bytes in 21,049 blocks are possibly lost in loss record 1,075 of 1,075
==22502==    at 0x4C29F73: malloc (vg_replace_malloc.c:309)
==22502==    by 0x11D7089C: _talloc_pooled_object (in /usr/lib64/libtalloc.so.2.1.16)
==22502==    by 0x9027834: tcopy_passwd (in /usr/lib64/libsmbconf.so.0)
==22502==    by 0x6A1E1A3: pdb_copy_sam_account (in /usr/lib64/libsamba-passdb.so.0.27.2)
==22502==    by 0x6A28AB7: pdb_getsampwnam (in /usr/lib64/libsamba-passdb.so.0.27.2)
==22502==    by 0x65D0BC4: check_sam_security (in /usr/lib64/samba/libauth-samba4.so)
==22502==    by 0x65C70F0: ??? (in /usr/lib64/samba/libauth-samba4.so)
==22502==    by 0x65C781A: auth_check_ntlm_password (in /usr/lib64/samba/libauth-samba4.so)
==22502==    by 0x14E464: ??? (in /usr/sbin/winbindd)
==22502==    by 0x151CED: winbind_dual_SamLogon (in /usr/sbin/winbindd)
==22502==    by 0x152072: winbindd_dual_pam_auth_crap (in /usr/sbin/winbindd)
==22502==    by 0x167DE0: ??? (in /usr/sbin/winbindd)
==22502==    by 0x12F29B12: tevent_common_invoke_fd_handler (in /usr/lib64/libtevent.so.0.9.39)
==22502==    by 0x12F30086: ??? (in /usr/lib64/libtevent.so.0.9.39)
==22502==    by 0x12F2E056: ??? (in /usr/lib64/libtevent.so.0.9.39)
==22502==    by 0x12F2925C: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.39)
==22502==    by 0x16A243: ??? (in /usr/sbin/winbindd)
==22502==    by 0x16AA04: ??? (in /usr/sbin/winbindd)
==22502==    by 0x12F29F68: tevent_common_invoke_immediate_handler (in /usr/lib64/libtevent.so.0.9.39)
==22502==    by 0x12F29F8F: tevent_common_loop_immediate (in /usr/lib64/libtevent.so.0.9.39)
==22502==    by 0x12F2FE3C: ??? (in /usr/lib64/libtevent.so.0.9.39)
==22502==    by 0x12F2E056: ??? (in /usr/lib64/libtevent.so.0.9.39)
==22502==    by 0x12F2925C: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.39)
==22502==    by 0x12F4C7: main (in /usr/sbin/winbindd)

You can find one for each string in pdb_copy_sam_account(), in total
this already has 67 MB in total for this valgrind run.

pdb_getsampwnam() -> memcache_add_talloc(NULL, PDB_GETPWSID_CACHE, ...)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15169

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Sep 16 20:30:31 UTC 2022 on sn-devel-184

(cherry picked from commit 9ef2f7345f0d387567fca598cc7008af95598903)

- - - - -
2003f7cf by Douglas Bagnall at 2022-10-07T08:45:15+00:00
pytest: add file removal helpers for TestCaseInTempDir

In several places we end a test by deleting a number of files and
directories, but we do it rather haphazardly with unintentionally
differing error handling. For example, in some tests we currently have
something like:

        try:
            shutil.rmtree(os.path.join(self.tempdir, "a"))
            os.remove(os.path.join(self.tempdir, "b"))
            shutil.rmtree(os.path.join(self.tempdir, "c"))
        except Exception:
            pass

where if, for example, the removal of "b" fails, the removal of "c" will
not be attempted. That will result in the tearDown method raising an
exception, and we're no better off. If the above code is replaced with

        self.rm_files('b')
        self.rm_dirs('a', 'c')

the failure to remove 'b' will cause a test error, *unless* the failure
was due to a FileNotFoundError (a.k.a. an OSError with errno ENOENT),
in which case we ignore it, as was probably the original intention.

If on the other hand, we have

        self.rm_files('b', must_exist=True)
        self.rm_dirs('a', 'c')

then the FileNotFoundError causes a failure (not an error).

We take a little bit of care to stay within self.tempdir, to protect
test authors who accidentally write something like `self.rm_dirs('/')`.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15191
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
(cherry picked from commit 2359741b2854a8de9d151fe189be80a4bd087ff9)

- - - - -
70de6108 by Douglas Bagnall at 2022-10-07T08:45:15+00:00
pytest/downgradedatabase: use TestCaseInTempDir.rm_files

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15191
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
(cherry picked from commit 85bc1552e3919d049d39a065824172a24933d38b)

- - - - -
6e217c04 by Douglas Bagnall at 2022-10-07T08:45:15+00:00
pytest/samdb_api: use TestCaseInTempDir.rm_files

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15191
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
(cherry picked from commit 4e3dabad0be0900a203896c2c2acb270d31b0a42)

- - - - -
fba1864d by Douglas Bagnall at 2022-10-07T08:45:15+00:00
pytest/join: use TestCaseInTempDir.rm_files/dirs

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15191
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
(cherry picked from commit 7455c53fa4f7871b3980f820d22b0fd411195704)

- - - - -
6a6db200 by Douglas Bagnall at 2022-10-07T08:45:15+00:00
pytest/samdb: use TestCaseInTempDir.rm_files/.rm_dirs

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15191

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
(cherry picked from commit 251360d6e58986dd53f0317319544e930dc61444)

- - - - -
42b5bfa6 by Douglas Bagnall at 2022-10-07T08:45:15+00:00
pytest/samba_tool_drs: use TestCaseInTempDir.rm_files/.rm_dirs

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15191
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
(cherry picked from commit 3f0aab45c81c9f9b6b87eb68bc785902619dc10d)

- - - - -
dd2c5f96 by Douglas Bagnall at 2022-10-07T08:45:15+00:00
pytest/samba_tool_drs_no_dns: use TestCaseInTempDir.rm_files/.rm_dirs

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15191
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
(cherry picked from commit 24f7d71416753b792d6fe029da6f366adb10383e)

- - - - -
2d2156b0 by Andrew Bartlett at 2022-10-07T08:45:15+00:00
selftest: Prepare for "old Samba" mode regarding getncchanges GET_ANC/GET_TGT

The chgdcpass environment will emulate older verions of Samba
that fail to implement DRSUAPI_DRS_GET_ANC correctly and
totally fails to support DRSUAPI_DRS_GET_TGT.

This will allow testing of a client-side fallback, allowing migration
from sites that run very old Samba versions over DRSUAPI (currently
the only option is to attempt an in-place upgrade).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 62b426243f4eaa4978c249b6e6ce90d35aeaefe4)

- - - - -
997b8f83 by Andrew Bartlett at 2022-10-07T08:45:15+00:00
selftest: Add tests for GetNCChanges GET_ANC using samba-tool drs clone-dc-database

This test, compared with the direct to RPC tests, will succeed, then fail once the
server is changed to emulate Samba 4.5 and and again succeed once the python code
changes to allow skipping the DRSUAPI_DRS_CRITICAL_ONLY step

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 7ff743d65dcf27ffe0c6861720e8ce531bfa378d)

- - - - -
a0e0c7e9 by Andrew Bartlett at 2022-10-07T08:45:15+00:00
s4-rpc_server:getncchanges Add "old Samba" mode regarding GET_ANC/GET_TGT

This emulates older verions of Samba that fail to implement
DRSUAPI_DRS_GET_ANC correctly and totally fails to support
DRSUAPI_DRS_GET_TGT.

This will allow testing of a client-side fallback, allowing migration
from sites that run very old Samba versions over DRSUAPI (currently
the only option is to attempt an in-place upgrade).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 314bc44fa9b8fc99c80bfcfff71f2cec67bbda36)

- - - - -
584a4c00 by Andrew Bartlett at 2022-10-07T08:45:15+00:00
selftest: Enable "old Samba" mode regarding GET_ANC/GET_TGT

The chgdcpass server now emulates older verions of Samba that
fail to implement DRSUAPI_DRS_GET_ANC correctly and totally fails to support
DRSUAPI_DRS_GET_TGT.

We now show this is in effect by the fact that tests now fail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit b0bbc94d4124d63b1d5a35ccbc88ffd51d520ba0)

- - - - -
0a8330ab by Andrew Bartlett at 2022-10-07T08:45:15+00:00
s4-libnet: Add messages to object count mismatch failures

This helps explain these better than WERR_GEN_FAILURE.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 483c48f52d6ff5e8149ed12bfeb2b6608c946f01)

- - - - -
1a4d3a2d by Andrew Bartlett at 2022-10-07T09:56:12+00:00
python-drs: Add client-side debug and fallback for GET_ANC

Samba 4.5 and earlier will fail to do GET_ANC correctly and will not
replicate non-critical parents of objects with isCriticalSystemObject=TRUE
when DRSUAPI_DRS_CRITICAL_ONLY is set.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit bff2bc9c7d69ec2fbe9339c2353a0a846182f1ea)

Autobuild-User(v4-16-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-16-test): Fri Oct  7 09:56:12 UTC 2022 on sn-devel-184

- - - - -
ada5ef9d by Stefan Metzmacher at 2022-10-18T08:34:17+00:00
smbXsrv_client: correctly check in negotiate_request.length smbXsrv_client_connection_pass[ed]_*

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15159

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 21ef01e7b8368caa050ed82b9d787d1679220b2b)

- - - - -
52dd57d4 by Stefan Metzmacher at 2022-10-18T08:34:17+00:00
smbXsrv_client: notify a different node to drop a connection by client guid.

If a client disconnected all its interfaces and reconnects when
the come back, it will likely start from any ip address returned
dns, which means it can try to connect to a different ctdb node.
The old node may not have noticed the disconnect and still holds
the client_guid based smbd.

Up unil now the new node returned NT_STATUS_NOT_SUPPORTED to
the SMB2 Negotiate request, as messaging_send_iov[_from]() will
return -1/ENOSYS if a file descriptor os passed to a process on
a different node.

Now we tell the other node to teardown all client connections
belonging to the client-guid.

Note that this is not authenticated, but if an attacker can
capture the client-guid, he can also inject TCP resets anyway,
to get the same effect.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15159

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Sep  2 20:59:15 UTC 2022 on sn-devel-184

(cherry picked from commit 8591d9424371e173b079d5c8a267ea4c2cb266ad)

- - - - -
f806366d by Stefan Metzmacher at 2022-10-18T08:34:17+00:00
smbXsrv_client: ignore NAME_NOT_FOUND from smb2srv_client_connection_passed

If we hit a race, when a client disconnects the connection after the initial
SMB2 Negotiate request, before the connection is completely passed to
process serving the given client guid, the temporary smbd which accepted the
new connection may already detected the disconnect and exitted before
the long term smbd servicing the client guid was able to send the
MSG_SMBXSRV_CONNECTION_PASSED message.

The result was a log message like this:

  smbXsrv_client_connection_pass_loop: smb2srv_client_connection_passed() failed => NT_STATUS_OBJECT_NAME_NOT_FOUND

and all connections belonging to the client guid were dropped,
because we called exit_server_cleanly().

Now we ignore NT_STATUS_OBJECT_NAME_NOT_FOUND from
smb2srv_client_connection_passed() and let the normal
event loop detect the broken connection, so that only
that connection is terminated (not the whole smbd process).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15200

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 636ec45c93ad040ba70296aa543884c145b3e789)

- - - - -
68a23332 by Stefan Metzmacher at 2022-10-18T08:34:17+00:00
smbXsrv_client: fix a debug message in smbXsrv_client_global_verify_record()

DBG_WARNING() already adds the function name as prefix.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15200

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit acb3d821deaf06faa16f6428682ecdb02babeb98)

- - - - -
935f1ec4 by Stefan Metzmacher at 2022-10-18T08:34:17+00:00
smbXsrv_client: call smb2srv_client_connection_{pass,drop}() before dbwrap_watched_watch_send()

dbwrap_watched_watch_send() should typically be the last thing to call
before the db record is unlocked, as it's not that easy to undo.

In future we want to recover from smb2srv_client_connection_{pass,drop}()
returning NT_STATUS_OBJECT_NAME_NOT_FOUND and it would add complexity if
would need to undo dbwrap_watched_watch_send() at that point.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15200

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 56c597bc2b29dc3e555f737ba189f521d0e31e8c)

- - - - -
0fa03f11 by Stefan Metzmacher at 2022-10-18T08:34:18+00:00
smbXsrv_client: make sure we only wait for smb2srv_client_mc_negprot_filter once and only when needed

This will simplify the following changes...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15200

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 8c8d8cf01e01c2726d03fa1c81e0ce9992ee736c)

- - - - -
b3e8e818 by Stefan Metzmacher at 2022-10-18T08:34:18+00:00
smbXsrv_client: handle NAME_NOT_FOUND from smb2srv_client_connection_{pass,drop}()

If we get NT_STATUS_OBJECT_NOT_FOUND from smb2srv_client_connection_{pass,drop}()
we should just keep the connection and overwrite the stale record in
smbXsrv_client_global.tdb. It's basically a race with serverid_exists()
and a process that doesn't cleanly teardown.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15200

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 5d66d5b84f87267243dcd5223210906ce589af91)

- - - - -
24bc377a by Jeremy Allison at 2022-10-18T08:34:18+00:00
s4: smbtorture: Add fsync_resource_fork test to fruit tests.

This shows we currently hang when sending an SMB2_OP_FLUSH on
an AFP_Resource fork.

Adds knownfail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15182

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
(cherry picked from commit 1b8a8732848169c632af12b7c2b4cd3ee73be244)

- - - - -
6c7af405 by Jeremy Allison at 2022-10-18T08:34:18+00:00
s3: VFS: fruit. Implement fsync_send()/fsync_recv().

For type == ADOUBLE_META, fio->fake_fd is true so
writes are already synchronous, just call tevent_req_post().

For type == ADOUBLE_RSRC we know we are configured
with FRUIT_RSRC_ADFILE (because fruit_must_handle_aio_stream()
returned true), so we can just call SMB_VFS_NEXT_FSYNC_SEND()
after replacing fsp with fio->ad_fsp.

Remove knownfail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15182

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
(cherry picked from commit 35c637f2e6c671acf8fb9c2a67774bd5e74dd7d0)

- - - - -
3e0ce451 by Ralph Boehme at 2022-10-18T09:41:37+00:00
vfs_fruit: add missing calls to tevent_req_received()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15182

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>
(cherry picked from commit a7fba3ff5996330158d3cc6bc24746a59492b690)

Autobuild-User(v4-16-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-16-test): Tue Oct 18 09:41:37 UTC 2022 on sn-devel-184

- - - - -
0503e0df by Noel Power at 2022-10-19T08:39:17+00:00
s3/rpcclient: Duplicate string returned from poptGetArg