[Pkg-samba-maint] [Git][samba-team/samba][test] 270 commits: VERSION: Bump version up to Samba 4.17.7...
Michael Tokarev (@mjt)
gitlab at salsa.debian.org
Sun Sep 10 12:55:48 BST 2023
Michael Tokarev pushed to branch test at Debian Samba Team / samba
Commits:
1b775335 by Jule Anger at 2023-03-09T10:15:41+01:00
VERSION: Bump version up to Samba 4.17.7...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
eb20778b by Andrew Bartlett at 2023-03-20T10:03:44+01:00
CVE-2023-0614 lib/ldb: Avoid allocation and memcpy() for every wildcard match candidate
The value can be quite large, the allocation will take much
longer than the actual match and is repeated per candidate
record.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15331
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
(cherry picked from commit cad96f59a08192df927fb1df4e9787c7f70991a2)
[abartlet at samba.org Included in the security release as this
makes the new large_ldap.py timeout test more reliable]
- - - - -
a91fc6e9 by Andrew Bartlett at 2023-03-20T10:03:44+01:00
CVE-2023-0614 selftest: Use setUpClass() to reduce "make test TESTS=large_ldap" time
This reduces the elapsed time to 6m from 20m on my laptop.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15332
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Mar 14 07:16:04 UTC 2023 on atb-devel-224
(cherry picked from commit b4a6c054ec6acefacd22cb7230a783d20cb07c05)
[abartlet at samba.org Included in the security release as this
makes working on the large_ldap test practical by reducing
the elapsed time taken]
- - - - -
a8c57301 by Andrew Bartlett at 2023-03-20T10:03:44+01:00
CVE-2023-0614 dsdb: Alter timeout test in large_ldap.py to be slower by matching on large objects
This changes the slow aspect to be the object matching not the filter parsing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
50a678be by Joseph Sutton at 2023-03-20T10:03:44+01:00
CVE-2023-0614 libcli/security: Make some parameters const
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
[abartlet at samba.org Updated to add const to sec_access_check_ds()
instead of the sec_access_check_ds_implicit_owner() wrapper
found in 4.18 and later]
- - - - -
9c8bbbf3 by Joseph Sutton at 2023-03-20T10:03:44+01:00
CVE-2023-0614 s4:dsdb: Use talloc_get_type_abort() more consistently
It is better to explicitly abort than to dereference a NULL pointer or
try to read data cast to the wrong type.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
7f98e3ab by Joseph Sutton at 2023-03-20T10:03:44+01:00
CVE-2023-0614 s4-acl: Make some parameters const
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
[abartlet at samba.org Adapted to code without newer
acl_check_access_on_attribute_implicit_owner name]
- - - - -
cbf8f1c2 by Joseph Sutton at 2023-03-20T10:03:44+01:00
CVE-2023-0614 ldb: Add functions for handling inaccessible message elements
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
188e9887 by Joseph Sutton at 2023-03-20T10:03:44+01:00
CVE-2023-0614 s4-acl: Use ldb functions for handling inaccessible message elements
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
13202869 by Joseph Sutton at 2023-03-20T10:03:44+01:00
CVE-2023-0614 ldb:tests: Ensure ldb_val data is zero-terminated
If the value of an ldb message element is not zero-terminated, calling
ldb_msg_find_attr_as_string() will cause the function to read off the
end of the buffer in an attempt to verify that the value is
zero-terminated. This can cause unexpected behaviour and make the test
randomly fail.
To avoid this, we must have a terminating null byte that is *not*
counted as part of the length, and so we must calculate the length with
strlen() rather than sizeof.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b4f3aa03 by Joseph Sutton at 2023-03-20T10:03:44+01:00
CVE-2023-0614 ldb:tests: Ensure all tests are accounted for
Add ldb_filter_attrs_test to the list of tests so that it actually gets
run.
Remove a duplicate ldb_msg_test that was accidentally added in commit
5ca90e758ade97fb5e335029c7a1768094e70564.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
43746e79 by Joseph Sutton at 2023-03-20T10:03:44+01:00
CVE-2023-0614 ldb: Add function to take ownership of an ldb message
Many places in Samba depend upon various components of an ldb message
being talloc allocated, and hence able to be used as talloc contexts.
The elements and values of an unpacked ldb message point to unowned data
inside the memory-mapped database, and this function ensures that such
messages have talloc ownership of said elements and values.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d97e92ef by Joseph Sutton at 2023-03-20T10:03:44+01:00
CVE-2023-0614 ldb: Add function to remove excess capacity from an ldb message
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
[abartlet at samba.org Adapted to conflict from lack of new
ldb_ascii_toupper() in ldb_private.h]
- - - - -
ddf1ed69 by Joseph Sutton at 2023-03-20T10:03:44+01:00
CVE-2023-0614 ldb: Add function to add distinguishedName to message
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
[abartlet at samba.org Adapted to conflict from lack of new
ldb_ascii_toupper() in ldb_private.h]
- - - - -
ec373740 by Joseph Sutton at 2023-03-20T10:03:44+01:00
CVE-2023-0614 ldb: Add function to filter message in place
At present this function is an exact duplicate of ldb_filter_attrs(),
but in the next commit we shall modify it to work in place, without the
need for the allocation of a second message.
The test is a near duplicate of the existing test for
ldb_filter_attrs().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4ed84d8f by Joseph Sutton at 2023-03-20T10:03:44+01:00
CVE-2023-0614 ldb: Make ldb_filter_attrs_in_place() work in place
ldb_filter_attrs() previously did too much. Now its replacement,
ldb_filter_attrs_in_place(), only does the actual filtering, while
taking ownership of each element's values is handled in a separate
function, ldb_msg_elements_take_ownership().
Also, ldb_filter_attrs_in_place() no longer adds the distinguishedName
to the message if it is missing. That is handled in another function,
ldb_msg_add_distinguished_name().
As we're now modifying the original message rather than copying it into
a new one, we no longer need the filtered_msg parameter.
We adapt a test, based on ldb_filter_attrs_test, to exercise the new
function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
78a7f247 by Joseph Sutton at 2023-03-20T10:03:44+01:00
CVE-2023-0614 ldb: Make use of ldb_filter_attrs_in_place()
Change all uses of ldb_kv_filter_attrs() to use
ldb_filter_attrs_in_place() instead. This function does less work than
its predecessor, and no longer requires the allocation of a second ldb
message. Some of the work is able to be split out into separate
functions that each accomplish a single task, with a purpose to make the
code clearer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2ea5bbc2 by Joseph Sutton at 2023-03-20T10:03:44+01:00
CVE-2023-0614 s4:dsdb/extended_dn_in: Don't modify a search tree we don't own
In extended_dn_fix_filter() we had:
req->op.search.tree = ldb_parse_tree_copy_shallow(req, req->op.search.tree);
which overwrote the parse tree on an existing ldb request with a fixed
up tree. This became a problem if a module performed another search with
that same request structure, as extended_dn_in would try to fix up the
already-modified tree for a second time. The fixed-up tree element now
having an extended DN, it would fall foul of the ldb_dn_match_allowed()
check in extended_dn_filter_callback(), and be replaced with an
ALWAYS_FALSE match rule. In practice this meant that <GUID={}> searches
would only work for one search in an ldb request, and fail for
subsequent ones.
Fix this by creating a new request with the modified tree, and leaving
the original request unmodified.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d9a20068 by Joseph Sutton at 2023-03-20T10:03:44+01:00
CVE-2023-0614 s4:dsdb:tests: Fix <GUID={}> search in confidential attributes test
The object returned by schema_format_value() is a bytes object.
Therefore the search expression would resemble:
(lastKnownParent=<GUID=b'00000000-0000-0000-0000-000000000000'>)
which, due to the extra characters, would fail to match anything.
Fix it to be:
(lastKnownParent=<GUID=00000000-0000-0000-0000-000000000000>)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
65249df5 by Joseph Sutton at 2023-03-20T10:03:44+01:00
schema_samba4.ldif: Allocate previously added OIDs
DSDB_CONTROL_FORCE_ALLOW_VALIDATED_DNS_HOSTNAME_SPN_WRITE_OID was added
to source4/dsdb/samdb/samdb.h in commit
c2ab1f4696fa3f52918a126d0b37993a07f68bcb.
DSDB_EXTENDED_SCHEMA_LOAD was added in commit
1fd4cdfafaa6a41c824d1b3d76635bf3e446de0f.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 672ec6135f9ae3d7b5439523a4f456c19fb03a88)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
[abartlet at samba.org This required as context for the above bug]
- - - - -
a45fc44c by Joseph Sutton at 2023-03-20T10:03:44+01:00
CVE-2023-0614 schema_samba4.ldif: Allocate previously added OID
DSDB_CONTROL_CALCULATED_DEFAULT_SD_OID was added in commit
08187833fee57a8dba6c67546dfca516cd1f9d7a.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
efd1cfab by Joseph Sutton at 2023-03-20T10:03:44+01:00
CVE-2023-0614 tests/krb5: Add test for confidential attributes timing differences
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
64604c41 by Joseph Sutton at 2023-03-20T10:03:44+01:00
CVE-2023-0614 ldb: Add ldb_parse_tree_get_attr()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bfab55eb by Joseph Sutton at 2023-03-20T10:03:44+01:00
CVE-2023-0614 s4-acl: Split out logic to remove access checking attributes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
1ef01830 by Joseph Sutton at 2023-03-20T10:03:45+01:00
CVE-2023-0614 s4-dsdb: Add samdb_result_dom_sid_buf()
This function parses a SID from an ldb_message, similar to
samdb_result_dom_sid(), but does it without allocating anything.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
2e3ed6cf by Joseph Sutton at 2023-03-20T10:03:45+01:00
CVE-2023-0614 s4-acl: Split out function to set up access checking variables
These variables are often used together, and it is useful to have the
setup code in one place.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
[abartlet at samba.org adapted to the use of
acl_check_access_on_attribute as
acl_check_access_on_attribute_implicit_owner is
only in Samba 4.18 and newer]
- - - - -
c1921f5a by Joseph Sutton at 2023-03-20T10:03:45+01:00
CVE-2023-0614 ldb: Prevent disclosure of confidential attributes
Add a hook, acl_redact_msg_for_filter(), in the aclread module, that
marks inaccessible any message elements used by an LDAP search filter
that the user has no right to access. Make the various ldb_match_*()
functions check whether message elements are accessible, and refuse to
match any that are not. Remaining message elements, not mentioned in the
search filter, are checked in aclread_callback(), and any inaccessible
elements are removed at this point.
Certain attributes, namely objectClass, distinguishedName, name, and
objectGUID, are always present, and hence the presence of said
attributes is always allowed to be checked in a search filter. This
corresponds with the behaviour of Windows.
Further, we unconditionally allow the attributes isDeleted and
isRecycled in a check for presence or equality. Windows is not known to
make this special exception, but it seems mostly harmless, and should
mitigate the performance impact on searches made by the show_deleted
module.
As a result of all these changes, our behaviour regarding confidential
attributes happens to match Windows more closely. For the test in
confidential_attr.py, we can now model our attribute handling with
DC_MODE_RETURN_ALL, which corresponds to the behaviour exhibited by
Windows.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
[abartlet at samba.org adapted due to Samba 4.17 and lower
not having the patches for CVE-2020-25720]
- - - - -
8811e67c by Joseph Sutton at 2023-03-20T10:03:45+01:00
CVE-2023-0614 s4-acl: Avoid calling dsdb_module_am_system() if we can help it
If the AS_SYSTEM control is present, we know we have system privileges,
and have no need to call dsdb_module_am_system().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bd69d5e9 by Joseph Sutton at 2023-03-20T10:03:45+01:00
CVE-2023-0614 ldb: Use binary search to check whether attribute is secret
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
b98f8c1a by Joseph Sutton at 2023-03-20T10:03:45+01:00
CVE-2023-0614 ldb: Centralise checking for inaccessible matches
This makes it less likely that we forget to handle a case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
e08188bb by Joseph Sutton at 2023-03-20T10:03:45+01:00
CVE-2023-0614 ldb: Filter on search base before redacting message
Redaction may be expensive if we end up needing to fetch a security
descriptor to verify rights to an attribute. Checking the search scope
is probably cheaper, so do that first.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d148a7dd by Joseph Sutton at 2023-03-20T10:03:45+01:00
CVE-2023-0614 s4-dsdb: Treat confidential attributes as unindexed
In the unlikely case that someone adds a confidential indexed attribute
to the schema, LDAP search expressions on that attribute could disclose
information via timing differences. Let's not use the index for searches
on confidential attributes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
07fffb3e by Andrew Bartlett at 2023-03-20T10:03:45+01:00
CVE-2023-0614 dsdb: Add DSDB_MARK_REQ_UNTRUSTED
This will allow our dsdb helper search functions to mark the new
request as untrusted, forcing read ACL evaluation (per current behaviour).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
eaeb3dc4 by Andrew Bartlett at 2023-03-20T10:03:45+01:00
CVE-2023-0614 dsdb: Add pre-cleanup and self.addCleanup() of OU created in match_rules tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
f1717918 by Andrew Bartlett at 2023-03-20T10:03:45+01:00
CVE-2023-0614 lib/ldb-samba: Add test for SAMBA_LDAP_MATCH_RULE_TRANSITIVE_EVAL / LDAP_MATCHING_RULE_IN_CHAIN with and ACL hidden attributes
The chain for transitive evaluation does consider ACLs, avoiding the disclosure of
confidential information.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
0313aa74 by Andrew Bartlett at 2023-03-20T10:03:45+01:00
CVE-2023-0614 lib/ldb-samba Ensure ACLs are evaluated on SAMBA_LDAP_MATCH_RULE_TRANSITIVE_EVAL / LDAP_MATCHING_RULE_IN_CHAIN
Setting the LDB_HANDLE_FLAG_UNTRUSTED tells the acl_read module to operate on this request.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
6b92716e by Andrew Bartlett at 2023-03-20T10:03:45+01:00
CVE-2023-0614 ldb: Release LDB 2.6.2
* CVE-2023-0614 Not-secret but access controlled LDAP attributes can be discovered (bug 15270)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
[abartlet at samba.org Adapted to LDB 2.6 series in Samba 4.17]
- - - - -
b7af8aa2 by Joseph Sutton at 2023-03-20T10:04:29+01:00
CVE-2023-0225 CVE-2020-25720 s4/dsdb/util: Add functions for dsHeuristics 28, 29
These are the newly-added AttributeAuthorizationOnLDAPAdd and
BlockOwnerImplicitRights.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15276
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 0af5706b559e89c77123ed174b41fd3d01705aa5)
[abartlet at samba.org This patch is needed for a clean backport of
CVE-2023-0225 as these constants are used in the acl_modify test
even when this behaviour is not itself used.]
- - - - -
307b2e65 by Joseph Sutton at 2023-03-20T10:04:29+01:00
CVE-2023-0225 CVE-2020-25720 pydsdb: Add dsHeuristics constant definitions
We want to be able to use these values in Python tests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15276
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit cc709077822a39227174b91ed2345c2bd603f61f)
[abartlet at samba.org This patch is needed for a clean backport of
CVE-2023-0225 as these constants are used in the acl_modify test
even when this behaviour is not itself used.]
- - - - -
54691236 by Douglas Bagnall at 2023-03-20T10:04:29+01:00
CVE-2023-0225 pytest/acl: test deleting dNSHostName as unprivileged user
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15276
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
[abartlet at samba.org The self.set_heuristic(samba.dsdb.DS_HR_ATTR_AUTHZ_ON_LDAP_ADD, b'11')
in the test setUp() is unused in this test but is included as a
clean backport, so the fact that the server does not implement this
is unimportant]
- - - - -
888c6ae8 by Joseph Sutton at 2023-03-20T10:04:29+01:00
CVE-2023-0225 s4-acl: Don't return early if dNSHostName element has no values
This early return would mistakenly allow an unprivileged user to delete
the dNSHostName attribute by making an LDAP modify request with no
values. We should no longer allow this.
Add or replace operations with no values and no privileges are
disallowed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15276
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
04e5a7eb by Rob van der Linde at 2023-03-20T10:05:01+01:00
CVE-2023-0922 set default ldap client sasl wrapping to seal
This avoids sending new or reset passwords in the clear
(integrity protected only) from samba-tool in particular.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15315
Signed-off-by: Rob van der Linde <rob at catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
- - - - -
68bdc867 by Jule Anger at 2023-03-29T15:22:38+02:00
WHATSNEW: Add release notes for Samba 4.17.7.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
2761e60b by Jule Anger at 2023-03-29T15:22:38+02:00
VERSION: Disable GIT_SNAPSHOT for the 4.17.7 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
cb204cfc by Jule Anger at 2023-03-29T16:35:38+02:00
VERSION: Bump version up to Samba 4.17.8...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
7b03990e by Michael Tokarev at 2023-03-29T17:56:06+03:00
New upstream version 4.17.7+dfsg
- - - - -
d5f92012 by Michael Tokarev at 2023-03-29T17:56:41+03:00
Update upstream source from tag 'upstream/4.17.7+dfsg'
Update to upstream version '4.17.7+dfsg'
with Debian dir 33918c664eccbb7f9c2c6c74683ce64f035382c0
- - - - -
515d24d9 by Michael Tokarev at 2023-03-29T18:23:43+03:00
update libldb symbols to 2.6.2
- - - - -
e437c928 by Michael Tokarev at 2023-03-29T18:25:10+03:00
update changelog; upload version 4.17.7+dfsg-1 to unstable
- - - - -
148d5ad7 by Stefan Metzmacher at 2023-03-30T15:10:10+00:00
winbindd: don't call set_domain_online_request() in the idmap child
Most idmap backends don't need access to the domain controllers.
And the related code is not needed for the backends.
Commit 17c86a2c5a5a5e2b194362e5f36f0f99910222c5 changed
the logic of set_domain_online_request() completely!
Instead of triggering a dc probe in the background,
it is now doing a blocking connection.
And doing this in the idmap child is completely useless.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15317
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit ad242a20643c930eb00a8b700f7bd9638f8821a8)
- - - - -
edc8659b by Stefan Metzmacher at 2023-03-30T15:10:10+00:00
idmap_autorid: fix ID_REQUIRE_TYPE for more than one SID for an unknown domain
When we see a trusted domain SID for the first time,
idmap_autorid returns ID_REQUIRE_TYPE only for the first sid
and leaves the others with ID_TYPE_NOT_SPECIFIED.
It means the winbindd parent only retries the first sid.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15318
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit a9583b5f96fe3fbf9c1ee545fa868fd705aef3e0)
- - - - -
bac09f85 by Stefan Metzmacher at 2023-03-30T15:10:10+00:00
idmap_hash: provide ID_TYPE_BOTH mappings also for unixids_to_sids
While sids_to_unixids returns ID_TYPE_BOTH mappings,
unixids_to_sids() returns the callers asked for, which
fills gencache with the non ID_TYPE_BOTH mappings.
As a result also the sids_to_unixids fast path via
gencache won't return ID_TYPE_BOTH mappings.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 9a24570d3d69f51b6d50bb04b739815ec67c1a3d)
- - - - -
1e6eeb8e by Stefan Metzmacher at 2023-03-30T15:10:10+00:00
idmap_hash: fix comments about the algorithm
Only support ~ 50k users per domain.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 0f96c4b419a59ea884e68a460910e5c8a45bfcec)
- - - - -
5a754810 by Stefan Metzmacher at 2023-03-30T15:10:10+00:00
idmap_hash: remove unused error checks
id_map_ptrs_init() is used in the callers in order to
set everything up as expected.
Other backends also just trust the caller.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 2cfcff3101fce94b365eccde114432dfa980bbd0)
- - - - -
a19fe930 by Stefan Metzmacher at 2023-03-30T15:10:10+00:00
idmap_hash: we don't need to call idmap_hash_initialize() over an over again
It's always the first function that's called from idmap_methods.
This also demonstrates that we currently always return NT_STATUS_OK,
even if we haven't mapped all map entries.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 0da13ab3ad7278eafdcd988f39e891242eb46d37)
- - - - -
61f3e674 by Stefan Metzmacher at 2023-03-30T15:10:10+00:00
idmap_hash: mirror the NT_STATUS_NONE_MAPPED/STATUS_SOME_UNMAPPED logic from idmap_autorid
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 14102b05f3744c67178bd719d41e67fc3e049ee4)
- - - - -
da270642 by Stefan Metzmacher at 2023-03-30T15:10:10+00:00
idmap_hash: split out a idmap_hash_id_to_sid() helper function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 57150b463fb8e27c048670f7b4902bd091ee3ae9)
- - - - -
e5c9a359 by Stefan Metzmacher at 2023-03-30T15:10:10+00:00
idmap_hash: split out a idmap_hash_sid_to_id() helper function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit c158b075b0b5035615fa8848f1f3d8ef27696861)
- - - - -
13a59325 by Stefan Metzmacher at 2023-03-30T15:10:10+00:00
idmap_hash: return ID_REQUIRE_TYPE only if there's a chance to get a mapping later
If we are going to return ID_UNMAPPED later anyway, there's no need to
defer that decision by returning ID_REQUIRE_TYPE first.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 42dcb3db05530179a991fe58e7b96b52bbbcc607)
- - - - -
182410af by Stefan Metzmacher at 2023-03-30T15:10:10+00:00
idmap_hash: only return ID_REQUIRE_TYPE if we don't know about the domain yet
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit ede88d9f83fb77fa8eff226fb6a85ac71e415098)
- - - - -
f27cff23 by Stefan Metzmacher at 2023-03-30T15:10:10+00:00
idmap_hash: don't return ID_REQUIRE_TYPE if the domain is known in the netsamlogon cache
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit ee820553fd2c6ada966a0160cbb0240049f9d9f7)
- - - - -
bf5ccd5a by Stefan Metzmacher at 2023-03-30T15:10:10+00:00
idmap_hash: remember new domain sids in idmap_hash_sid_to_id()
This change means that idmap_hash_id_to_sid() can return mappings
for new domains learned in idmap_hash_sid_to_id().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Mar 10 11:35:06 UTC 2023 on atb-devel-224
(cherry picked from commit 7ee725f2860d835e9619fa594a2ee6faedbc6d21)
- - - - -
b1c7df20 by Andrew Bartlett at 2023-03-30T15:10:10+00:00
tsocket: Increase tcp_user_timeout max_loops
Often, on rackspace GitLab CI runners, we get:
UNEXPECTED(failure): samba.unittests.tsocket_tstream.test_tstream_more_tcp_user_timeout_spin(none)
REASON: Exception: Exception: 0xf == 0xf
../../lib/tsocket/tests/test_tstream.c:405: error: Failure!
This allows us more spins before we fail the test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15328
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
(cherry picked from commit 5a7a28cc45870949fc11d30586a06c309aa517dc)
- - - - -
3ecdec68 by Joseph Sutton at 2023-03-30T15:10:10+00:00
CVE-2020-25720 pydsdb: Add AD schema GUID constants
This helps reduce the profusion of magic constant values in Python
tests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15329
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 2563f85237bd4260b7b527f3695f27da4cc61a74)
[abartlet at samba.org Required context for backport of bug 15329 to
Samba 4.17]
- - - - -
eaff4ef6 by Andrew Bartlett at 2023-03-30T15:10:10+00:00
selftest/drs: Demonstrate ERROR(ldb): uncaught exception - Deleted target CN=NTDS Settings... in join
"samba-tool domain join" uses the replication API in a strange way, perhaps no longer
required, except that we often still have folks upgrading from very old Samba versions.
By deferring the writing out to the DB of link replication to the very end, we have a
better chance that all the objects required are present, however the situation may
have changed during the cycle, and a link could still be sent, pointing to a deleted
object.
We currently fail in this situation.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15329
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
(cherry picked from commit 2d41bcce83a976b85636c92d6fc38c63fdde5431)
- - - - -
e2df4593 by Andrew Bartlett at 2023-03-30T16:10:35+00:00
dsdb: Avoid ERROR(ldb): uncaught exception - Deleted target CN=NTDS Settings... in join
"samba-tool domain join" uses the replication API in a strange way, perhaps no longer
required, except that we often still have folks upgrading from very old Samba versions.
When deferring the writing out to the DB of link replication to the very end, there
is a greater opportunity for the deletion of an object to have been sent with the
other objects, and have the link applied later.
This tells the repl_meta_data code to behave as if GET_TGT had been sent at the
time the link was returned, allowing a link to a deleted object to be silently
discarded.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15329
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
(cherry picked from commit bfc33b47bb428233e100f75e7a725ac52179f823)
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Thu Mar 30 16:10:35 UTC 2023 on sn-devel-184
- - - - -
f7e888f7 by Jeremy Allison at 2023-04-05T13:10:11+00:00
tests: Add samba3.blackbox.zero_readsize test.
smbclient crashes when smbd has "smb2 max read = 0"
in the [global] section of smb.conf.
We should fail the protocol negotiation with
NT_STATUS_INVALID_NETWORK_RESPONSE in this case.
Adds knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15306
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(Back-ported from commit 006fe806782c42e860ed2cf2bc9f6b1b82c3a307)
- - - - -
7fe8a7d7 by Jeremy Allison at 2023-04-05T14:08:23+00:00
s3: libcli: Refuse to connect to any server with zero values for max_trans_size, max_read_size, max_write_size.
There's nothing we can do to such a server (this
now matches the behavior for SMB1).
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15306
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Mar 29 18:58:33 UTC 2023 on atb-devel-224
(cherry picked from commit 76573d6d8f168d6e6107af26a434b8c71aaf93af)
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Wed Apr 5 14:08:23 UTC 2023 on sn-devel-184
- - - - -
e9e902f7 by Andrew Bartlett at 2023-04-11T15:09:10+00:00
dsdb/tests: Move SD modification on class-created objects to classSetUp
These modifications persist, so should be done at the class level,
not in the test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15351
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
(cherry picked from commit e1c0c2066c2f29bb614e3386b796eec3cb289aea)
- - - - -
0fba21c1 by Andrew Bartlett at 2023-04-11T15:09:10+00:00
dsdb/tests: Double number of expressions in large_ldap.py ldap_timeout test
By slowing the filter down more this makes the test reliable on the
autobuild host.
This is not a long-term solution, but is a quick tweak that can be done
today to address current issues with getting commits past the host-based
(compared with cloud-based) autobuild.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15351
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
(cherry picked from commit 479634e4cd6543d489eb4700aebde1a479b94fe5)
- - - - -
ad602603 by Ralph Boehme at 2023-04-11T15:09:10+00:00
CI: add a test creating a vetoed file
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15143
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 2e8954d5be3336f1c4c2cf033209f632ad84e712)
- - - - -
72d3c4f6 by Ralph Boehme at 2023-04-11T15:09:10+00:00
smbd: Prevent creation of vetoed files
The problem is when checking for vetoed names on the last path component in
openat_pathref_fsp_case_insensitive() we return
NT_STATUS_OBJECT_NAME_NOT_FOUND. The in the caller
filename_convert_dirfsp_nosymlink() this is treated as the "file creation case"
causing filename_convert_dirfsp_nosymlink() to return NT_STATUS_OK.
In order to correctly distinguish between the cases
1) file doesn't exist, we may be creating it, return
2) a vetoed a file
we need 2) to return a more specific error to
filename_convert_dirfsp_nosymlink(). I've chosen NT_STATUS_OBJECT_NAME_INVALID
which gets mapped to the appropriate errror NT_STATUS_OBJECT_PATH_NOT_FOUND or
NT_STATUS_OBJECT_NAME_NOT_FOUND depending on which path component was vetoed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15143
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Apr 6 23:03:50 UTC 2023 on atb-devel-224
(cherry picked from commit 8b23a4a7eca9b8f80cc4113bb8cf9bb7bd5b4807)
- - - - -
d7d81510 by Jeremy Allison at 2023-04-11T15:09:10+00:00
s3: smbd: Fix log spam. Change a normal error message from DBG_ERR (level 0) to DBG_INFO (level 5).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15302
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Sat Feb 11 08:48:05 UTC 2023 on atb-devel-224
(cherry picked from commit e8abe52df2d3ae533b3f874a885856f26ba5ec7e)
- - - - -
d8fa74a1 by Volker Lendecke at 2023-04-11T16:28:13+00:00
smbd: Fix case normalization in for directories
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15313
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Feb 24 08:46:14 UTC 2023 on atb-devel-224
(cherry picked from commit bf9130d375b6c401bb79fc1a0911975814759e3b)
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Tue Apr 11 16:28:13 UTC 2023 on sn-devel-184
- - - - -
45a264bf by Stefan Metzmacher at 2023-04-14T12:27:15+00:00
testprogs/blackbox: add test_net_ads_search_server.sh
This reproduces a regression with
'net ads search -P --server server.of.trusted.domain'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15323
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 3b585f9e8cc320841fab4cd5c3be53788d0a87ac)
- - - - -
fd477e4f by Stefan Metzmacher at 2023-04-14T12:27:15+00:00
net_ads: fill ads->auth.realm from c->creds
We get the realm we use for authentication needs to
the realm belonging to the username we use.
We derive the username from c->creds, so we need to
do the same for the realm.
Otherwise we try to authenticate as the wrong user.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15323
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 0ef53b948e13eb36b536228cccd89aa4c2adbb90)
- - - - -
0c633912 by Stefan Metzmacher at 2023-04-14T12:27:15+00:00
smbXsrv_tcon: avoid storing temporary (invalid!) records.
We used to store smbXsrv_tcon_global.tdb records in two steps,
first we created a record in order to allocate the tcon id.
The temporary record had a NULL share_name, which translated
into 0 bytes for the string during ndr_push_smbXsrv_tcon_global0.
The problem is that ndr_pull_smbXsrv_tcon_global0 fails on
this with something like:
Invalid record in smbXsrv_tcon_global.tdb:key '2CA0ED4A' ndr_pull_struct_blob(length=85) - Buffer Size Error
The blob looks like this:
[0000] 00 00 00 00 01 00 00 00 00 00 00 00 00 00 02 00 ........ ........
[0010] 00 00 00 00 4A ED A0 2C 4A ED A0 2C 00 00 00 00 ....J.., J..,....
[0020] F8 4B 00 00 00 00 00 00 00 00 00 00 FF FF FF FF .K...... ........
[0030] 4D 59 9B 9F 83 F4 35 20 36 D2 B0 82 62 68 D9 01 MY....5 6...bh..
[0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0050] 00 00 00 00 00 .....
The reason for having a temporary entry was just based on
the fact, that it was easier to keep the logic in
make_connection_snum() untouched.
But we have all information available in order to store
the final record directly. We only need to do the
"max connections" check first.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15353
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit e0e58ed0e2429f01265d544b444bf0e4075549e2)
- - - - -
8011cea5 by Ralph Boehme at 2023-04-14T13:30:54+00:00
rpcd_mdssvc: initialize POSIX locking
Otherwise the posix_pending_close_db is NULL and we crash when trying to close a
file descriptor:
#4 /usr/lib64/samba/libdbwrap-samba4.so(dbwrap_parse_record+0xe) [0x7fbc5d05c8ae]
#5 /usr/lib64/samba/libdbwrap-samba4.so(dbwrap_fetch_int32+0x38) [0x7fbc5d05d438]
#6 /usr/lib64/samba/libsmbd-base-samba4.so(fd_close_posix+0x7b) [0x7fbc5e276f8b]
#7 /usr/lib64/samba/libsmbd-base-samba4.so(+0x57900) [0x7fbc5e28a900]
#8 /usr/lib64/samba/libsmbd-base-samba4.so(fd_close+0x68) [0x7fbc5e2b7ea8]
#9 /usr/lib64/samba/libsmbd-base-samba4.so(+0x62608) [0x7fbc5e295608]
#10 /usr/lib64/samba/libtalloc-samba4.so(_talloc_free+0x51b) [0x7fbc5d9f439b]
#11 /usr/lib64/samba/vfs/fruit.so(+0xcac2) [0x7fbc45fcdac2]
#12 /usr/lib64/samba/vfs/fruit.so(+0xcbdd) [0x7fbc45fcdbdd]
#13 /usr/lib64/samba/vfs/fruit.so(+0xf603) [0x7fbc45fd0603]
#14 /usr/lib64/samba/libsmbd-base-samba4.so(+0x56375) [0x7fbc5e289375]
#15 /usr/lib64/samba/vfs/nothingtoseeherereally.so(+0x196c) [0x7fbc467f996c]
#16 /usr/lib64/samba/vfs/streams_xattr.so(+0x51fc) [0x7fbc461e71fc]
#17 /usr/lib64/samba/libsmbd-base-samba4.so(+0xade3a) [0x7fbc5e2e0e3a]
#18 /usr/lib64/samba/libsmbd-base-samba4.so(create_conn_struct_cwd+0x44) [0x7fbc5e2e1cf4]
#19 /usr/libexec/samba/rpcd_mdssvc(mds_init_ctx+0x2c3) [0x563fdac08f03]
#20 /usr/libexec/samba/rpcd_mdssvc(_mdssvc_open+0x141) [0x563fdac0b4d1]
The corresponding open is done as part of initializing a connection_struct
object, where we chdir() and stat() the root path of the share. The stat() in
vfs_fruit causes an expensive metadata request on the path which triggers an
internal open of a pathref handle. Note that this only affects servers that have
fruit:metadata = netatalk set, which is the default unfortunately.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15354
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Apr 7 21:12:21 UTC 2023 on atb-devel-224
(cherry picked from commit 3633027e49aec064e7d890a1f7ec4d81711a5de7)
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Fri Apr 14 13:30:54 UTC 2023 on sn-devel-184
- - - - -
8c9945e2 by Volker Lendecke at 2023-04-18T15:21:16+00:00
streams_depot: Create files when requested
If you set "create mask = 0600" no streams will be created....
Tested manually. Not creating an automated test for this, there are so
many places where this can go wrong that testing this individual
glitch does not gain us much confidence.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15357
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 081e808ab4ac6e187b9791da322eb7173e1e133c)
- - - - -
f53ef993 by Volker Lendecke at 2023-04-18T16:22:04+00:00
shadow_copy2: Fix stream open for streams_depot paths
streams_depot hands us absolute paths with : filename components
instead of having set smb_fname_in->stream_name.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15358
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Apr 17 18:11:07 UTC 2023 on atb-devel-224
(cherry picked from commit 526f381f413d1cb5cde93b9542034f5ebfcfcc10)
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Tue Apr 18 16:22:04 UTC 2023 on sn-devel-184
- - - - -
65168f33 by Stefan Metzmacher at 2023-04-28T14:56:13+00:00
libcli/security: rewrite calculate_inherited_from_parent()
This allows us to pass the new tests we just added.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15338
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit bb09c06d6d58a04e1d270a9f99d1179cfa9acbda)
- - - - -
647c7c75 by Andreas Schneider at 2023-04-28T14:56:13+00:00
s3:tests: Create a temporary directory for test_veto_files.sh
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15360
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit b5a66840e3057cbff85fe6cd231310c4a9cfb34b)
- - - - -
c13b5b7d by Andreas Schneider at 2023-04-28T14:56:13+00:00
s3:tests: Add test that veto files works for hidden files
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15360
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit a2acbd3f3cff8d1cac63acdead4b7be14a7092b2)
- - - - -
b026bbe2 by Andreas Schneider at 2023-04-28T15:57:35+00:00
s3:lib: Do not try to match '.' and '..' directories in is_in_path()
This fixes setting veto files to '.*' to not list hidden files and
directories starting with a dot.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15360
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 9eb44306623fc4897b373b04763e475f696ab92d)
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Fri Apr 28 15:57:35 UTC 2023 on sn-devel-184
- - - - -
2d5ac37d by Nathaniel W. Turner at 2023-05-05T14:01:37+00:00
dsgetdcname: do not assume local system uses IPv4
Return the first IPv4 and the first IPv6 address found for each DC.
This is slightly inelegant, but resolves an issue where IPv6-only
systems were unable to run "net ads join" against domain controllers
that have both A and AAAA records in DNS.
While this impacts performance due to the additional LDAP ping attempts,
in practice an attempt to connect to an IPv6 address on an IPv4-only
system (or vice versa) will fail immediately with
NT_STATUS_NETWORK_UNREACHABLE, and thus the performance impact should be
negligible.
The alternative approach, using an smb.conf setting to control whether
the logic prefers a single address of one family or the other ends up
being a bit awkward, as it pushes the problem onto admins and tools such
as "realm join" that want to dynamically synthesize an smb.conf on the
fly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15325
Signed-off-by: Nathaniel W. Turner <nturner at exagrid.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Mar 9 19:12:15 UTC 2023 on atb-devel-224
(cherry picked from commit f55a357c6b9387883a7628a1b1083263a10121a6)
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Fri May 5 14:01:37 UTC 2023 on sn-devel-184
- - - - -
8cf02414 by Volker Lendecke at 2023-05-09T14:36:17+00:00
winbind: Test wbinfo -u with more than 1000 users
winbind asks dcerpc_samr_LookupRids in one batch, where samr.idl has
NTSTATUS samr_LookupRids(
[in,ref] policy_handle *domain_handle,
[in,range(0,1000)] uint32 num_rids,
[in,size_is(1000),length_is(num_rids)] uint32 rids[],
[out,ref] lsa_Strings *names,
[out,ref] samr_Ids *types
);
limiting num_rids to 1000 entries. Test this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15366
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit f633389f36e79d3e772777ad7ca13012e3616273)
- - - - -
05f30cea by Volker Lendecke at 2023-05-09T15:38:51+00:00
winbind: Fix "wbinfo -u" on a Samba AD DC with >1000 users
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15366
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue May 9 02:58:45 UTC 2023 on atb-devel-224
(cherry picked from commit 6206e15b4de0ba67d713124c2be353dabf3878c8)
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Tue May 9 15:38:51 UTC 2023 on sn-devel-184
- - - - -
5f8ce640 by Jule Anger at 2023-05-11T09:04:15+02:00
WHATSNEW: Add release notes for Samba 4.17.8.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
bdd1a7c5 by Jule Anger at 2023-05-11T09:04:45+02:00
VERSION: Disable GIT_SNAPSHOT for the 4.17.8 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
01d3f583 by Jule Anger at 2023-05-11T09:05:04+02:00
VERSION: Bump version up to Samba 4.17.9...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
6d939109 by Michael Tokarev at 2023-05-11T10:36:45+03:00
d/gbp.conf: switch to "bookworm" debian branch
- - - - -
6a7beeaf by Michael Tokarev at 2023-05-11T10:37:09+03:00
New upstream version 4.17.8+dfsg
- - - - -
9aa384ac by Michael Tokarev at 2023-05-11T10:37:36+03:00
Update upstream source from tag 'upstream/4.17.8+dfsg'
Update to upstream version '4.17.8+dfsg'
with Debian dir 60d7c7980950f27cb633fc68aece7adcdb7cca29
- - - - -
008720bd by Michael Tokarev at 2023-05-11T10:48:02+03:00
d/patches: remove s3-smbd-open.c-smbd_calculate_access_mask_fsp-lower-.patch, now included upstream
- - - - -
b1f8a40d by Michael Tokarev at 2023-05-11T11:03:52+03:00
update changelog; upload version 4.17.8+dfsg-1 to unstable
- - - - -
98b8ffdb by Stefan Metzmacher at 2023-05-23T07:13:09+00:00
librpc/rpc: allow smb3_sid_parse() to accept modern encryption algorithms
We should not limit the possible encryption algorithms to the currently
known ones.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15374
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed May 17 07:34:28 UTC 2023 on atb-devel-224
(cherry picked from commit e03e738dfc96b3c8ce54e2d280143965713f4778)
- - - - -
e8094b79 by Volker Lendecke at 2023-05-23T07:13:09+00:00
libcli: Add security_token_count_flag_sids()
To be used in a few places when checking special-case Samba SIDs.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 5e8c7192ba5469547ba3101885dfbaba2f8181f4)
- - - - -
2d1e69dc by Volker Lendecke at 2023-05-23T07:13:09+00:00
smbd: Use security_token_count_flag_sids() in open_np_file()
Simpler logic in the caller
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 244ee8ad75c2c968997dfdd5eeb9e9cb97a191fb)
- - - - -
9a3ae1d0 by Volker Lendecke at 2023-05-23T07:13:09+00:00
librpc: Simplify dcerpc_is_transport_encrypted()
Simplify logic by using security_token_count_flag_sids()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 1d11e0489b2c91fc05c6befc0463695d7102abcc)
- - - - -
61a71886 by Volker Lendecke at 2023-05-23T07:13:09+00:00
rpc: Add global_sid_Samba_NPA_Flags SID
This will be used as a flexible way to pass per-RPC-connection flags
over ncalrpc to the RPC server without having to modify
named_pipe_auth_req_info6 every time something new needs to be
passed. It's modeled after global_sid_Samba_SMB3.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit ebbb93cc7a57a118b82b8f383d25f1eb022397d6)
- - - - -
270855cf by Joseph Sutton at 2023-05-23T07:13:09+00:00
named_pipe_auth: Bump info5 to info6
In the next commit, we shall replace the 'authenticated' field of
named_pipe_auth_req_info.info5.session_info.session_info.info with a
more general 'user_flags' field.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 8aef16bbbc1e55f0a9f5a8ec87e5348688d93785)
- - - - -
f5323412 by Volker Lendecke at 2023-05-23T07:13:09+00:00
rpc_server3: Use global_sid_Samba_NPA_Flags to pass "need_idle"
More code, but will be more flexible in the future.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 31180e0e6d9e43d54e7656a56ed3af129f578105)
- - - - -
c21560a0 by Volker Lendecke at 2023-05-23T07:13:09+00:00
rpc: Remove named_pipe_auth_req_info6->need_idle_server
Involves bumping up the version number
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit bdba027a33e35aab7bb322bc3167cdd7babfc059)
- - - - -
99f28fec by Volker Lendecke at 2023-05-23T07:13:09+00:00
lib: Add security_token_del_npa_flags() helper function
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit bb3ea36e10079ad9c73c68d7ed8fce51ecb40ebe)
- - - - -
e1c3f832 by Volker Lendecke at 2023-05-23T08:09:23+00:00
rpc_server3: Pass winbind_env_set() state through to rpcd_*
Winbind can ask rpcd_lsad for LookupNames etc. This can recurse back
into winbind for getpwnam. We have the "_NO_WINBINDD" environment
variable set in winbind itself for this case, but this is lost on the
way into rpcd_lsad. Use a flag in global_sid_Samba_NPA_Flags to pass
this information to dcerpc_core, where it sets the variable on every
call if requested.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue May 16 11:54:32 UTC 2023 on atb-devel-224
(cherry picked from commit 59694ad0a4cc489f1baa4c2c94c6322c0f22c1df)
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Tue May 23 08:09:23 UTC 2023 on sn-devel-184
- - - - -
335a2480 by Michael Tokarev at 2023-05-24T22:59:54+03:00
dnsserver-rename-dns_name_equal.patch (#1036587, #927747)
(forgotten) patch from upstream targetting next stable
- - - - -
5e0afb3f by Michael Tokarev at 2023-05-24T23:00:01+03:00
update changelog; upload version 4.17.8+dfsg-2 to unstable
- - - - -
f544dc9c by Ralph Boehme at 2023-05-31T07:49:14+00:00
CI: add a test for fruit AppleDouble conversion when deletion triggers conversion
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15378
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 59eadfe21aca6d563f86ea656517216036421bca)
- - - - -
ed1979c7 by Ralph Boehme at 2023-05-31T07:49:14+00:00
vfs_fruit: return ENOENT instead of EISDIR when trying to open AFP_Resource for a directory
Translates to NT_STATUS_OBJECT_NAME_NOT_FOUND which is the same error macOS
returns in this case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15378
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 9b91a8bad2ff8da9eb56f1f9d640bcea294a5a0a)
- - - - -
b0e8932b by Ralph Boehme at 2023-05-31T07:49:14+00:00
vfs_fruit: never return AFP_Resource stream for directories
The macOS client creates ._ AppleDouble files for directories that do contain
an (empty) resource fork AppleDouble entry. So when going from a Samba server
config without streams module (or when migrating data from another server
without streams support), to a Samba config with a streams module and vfs_fruit,
fruit_streaminfo() will wrongly return the AFP_Resource from the AppleDouble
file as stream to the client.
To address this, just never return an AFP_Resource stream for directories when
listing streams in fruit_streaminfo(). ad_convert(), when configured with
fruit:delete_empty_adfiles = true
fruit:wipe_intentionally_left_blank_rfork = true
will happily discard the AFP_Resource from the AppleDouble file.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15378
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 06f0c070a0b18313f48362aa326e3e7e6a096492)
- - - - -
4e0850b7 by Ralph Boehme at 2023-05-31T07:49:14+00:00
libadouble: allow FILE_SHARE_DELETE in ad_convert_xattr()
Not specifying FILE_SHARE_DELETE wasn't done intentionally. Not setting the flag
triggers the following problem:
* client sends a CREATE with delete access
* this triggers a call to open_streams_for_delete() where we check for
conflicting opens on any of the streams of the file or directory
* if the file (or directory) has a stream like ":com.apple.quarantine" the
stream is opened with DELETE_ACCESS and kept open when the next step might:
* if the file (or directory) has a Mac specific :AFP_AfpInfo stream, the
ad_convert() routine in fruit_create_file() is triggered
* ad_convert() checks if the file (or ...) has a sidecar ._ AppleDouble file, if
it has:
* in ad_convert_xattr() we unpack any set of xattrs encoded in the AppleDouble
file and recreate them as streams with the VFS. Now, if any of these xattrs
happens to be converted to a stream that we still have open in
open_streams_for_delete() (see above) we get a NT_STATUS_SHARING_VIOLATION
This error gets passed up the stack back to open_streams_for_delete() so the
client CREATE request fails and the client is unhappy.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15378
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 55bd10456486628cad2bd085618e873598401c3b)
- - - - -
a2567c17 by Ralph Boehme at 2023-05-31T07:49:14+00:00
vfs_fruit: just log failing AppleDouble conversion
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15378
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 3bf97f19c36d26b4178f7cb6202bbdd44de0c1aa)
- - - - -
dff3946d by Ralph Boehme at 2023-05-31T08:48:25+00:00
vfs_fruit: add fruit:convert_adouble parameter
https://bugzilla.samba.org/show_bug.cgi?id=15378
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri May 26 00:52:29 UTC 2023 on atb-devel-224
(cherry picked from commit 035f6d914d133cf3248f15b1be06a9e1837238da)
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Wed May 31 08:48:25 UTC 2023 on sn-devel-184
- - - - -
25b75ecc by Samuel Cabrero at 2023-06-02T12:51:11+00:00
s4:dnsserver: Rename dns_name_equal() to samba_dns_name_equal()
This function already exists in bind9 but takes different arguments, so when
the DLZ is loaded and this function is called bind crashes:
named[1523]: samba_dlz: allowing update of signer=DESKTOP-8BUKMBK\$\@AFOREST.AD name=118.101.168.192.in-addr.arpa tcpaddr=192.168.101.118 type=PTR key=1264-ms-7.1-2ac9.9ef238e1-9747-11ed-9f95-525400dc6981/159/0
named[1523]: samba_dlz: allowing update of signer=DESKTOP-8BUKMBK\$\@AFOREST.AD name=118.101.168.192.in-addr.arpa tcpaddr=192.168.101.118 type=PTR key=1264-ms-7.1-2ac9.9ef238e1-9747-11ed-9f95-525400dc6981/159/0
named[1523]: client @0x7f26caa90f68 192.168.101.118#58223/key DESKTOP-8BUKMBK\$\@AFOREST.AD: updating zone '101.168.192.in-addr.arpa/NONE': deleting rrset at '118.101.168.192.in-addr.ar
named[1523]: name.c:664: REQUIRE(((name1) != ((void *)0) && ((const isc__magic_t *)(name1))->magic == ((('D') << 24 | ('N') << 16 | ('S') << 8 | ('n'))))) failed, back trace
Backtrace:
#0 0x00007f2716c957ec in __pthread_kill_implementation () from /lib64/libc.so.6
#1 0x00007f2716c42816 in raise () from /lib64/libc.so.6
#2 0x00007f2716c2b81c in abort () from /lib64/libc.so.6
#3 0x000055d4de847995 in assertion_failed (file=<optimized out>, line=<optimized out>,
type=<optimized out>, cond=<optimized out>) at /usr/src/debug/bind-9.18.10/bin/named/main.c:237
#4 0x00007f27176388fc in isc_assertion_failed (file=file at entry=0x7f27173b0df6 "name.c",
line=line at entry=664, type=type at entry=isc_assertiontype_require,
cond=cond at entry=0x7f27173b0268 "((name1) != ((void *)0) && ((const isc__magic_t *)(name1))->magic == ((('D') << 24 | ('N') << 16 | ('S') << 8 | ('n'))))")
at /usr/src/debug/bind-9.18.10/lib/isc/assertions.c:48
#5 0x00007f27172946f9 in dns_name_equal (name1=<optimized out>, name2=<optimized out>)
at /usr/src/debug/bind-9.18.10/lib/dns/name.c:664
**** Here bind's dns_name_equal() is called instead of samba's dns_name_equal() ****
#6 0x00007f27077ad6f2 in dns_record_match (rec1=0x7f26f8042d70, rec2=0x7f26f8044d10)
at ../../source4/dns_server/dnsserver_common.c:1346
#7 0x00007f271404732c in b9_record_match (rec1=0x7f26f8042d70, rec2=0x7f26f8044d10)
at ../../source4/dns_server/dlz_bind9.c:1830
#8 0x00007f2714047daa in dlz_subrdataset (name=0x7f2706ff82f0 "118.101.168.192.in-addr.arpa",
rdatastr=0x7f26c9c10000 "118.101.168.192.in-addr.arpa.\t1200\tIN\tPTR\tDESKTOP-8BUKMBK.aforest.ad.",
dbdata=0x7f271003d300, version=0x7f26f8044b20) at ../../source4/dns_server/dlz_bind9.c:2077
#9 0x000055d4de84afb4 in dlopen_dlz_subrdataset (name=0x7f2706ff82f0 "118.101.168.192.in-addr.arpa",
rdatastr=<optimized out>, driverarg=<optimized out>, dbdata=0x7f270430f680, version=<optimized out>)
at /usr/src/debug/bind-9.18.10/bin/named/dlz_dlopen_driver.c:483
#10 0x00007f271738e734 in modrdataset.constprop.0 (db=0x7f2704291740, node=0x7f26c9c006e0,
version=0x7f26f8044b20, rdataset=0x7f2706ff8830,
mod_function=0x55d4de84af80 <dlopen_dlz_subrdataset>, options=<optimized out>)
at /usr/src/debug/bind-9.18.10/lib/dns/sdlz.c:1107
#11 0x00007f2717251855 in diff_apply (diff=diff at entry=0x7f2706ff8df0, db=db at entry=0x7f2704291740,
ver=ver at entry=0x7f26f8044b20, warn=warn at entry=true) at /usr/src/debug/bind-9.18.10/lib/dns/diff.c:370
#12 0x00007f2717251c8a in dns_diff_apply (diff=diff at entry=0x7f2706ff8df0, db=db at entry=0x7f2704291740,
ver=ver at entry=0x7f26f8044b20) at /usr/src/debug/bind-9.18.10/lib/dns/diff.c:465
#13 0x00007f2717d105aa in do_one_tuple (tuple=tuple at entry=0x7f2706ff8e50, db=db at entry=0x7f2704291740,
ver=ver at entry=0x7f26f8044b20, diff=diff at entry=0x7f2706ff9400)
at /usr/src/debug/bind-9.18.10/lib/ns/update.c:454
#14 0x00007f2717d10fff in update_one_rr (rdata=0x7f2706ff8ee8, ttl=<optimized out>,
name=<optimized out>, op=DNS_DIFFOP_DEL, diff=0x7f2706ff9400, ver=0x7f26f8044b20, db=0x7f2704291740)
at /usr/src/debug/bind-9.18.10/lib/ns/update.c:505
#15 delete_if_action (data=<optimized out>, rr=0x7f2706ff8ee0)
at /usr/src/debug/bind-9.18.10/lib/ns/update.c:1427
#16 0x00007f2717d10ccd in foreach_rr (db=0x7f2704291740, ver=<optimized out>, name=0x7f26caa61d00,
type=<optimized out>, covers=<optimized out>,
rr_action=rr_action at entry=0x7f2717d10f60 <delete_if_action>, rr_action_data=0x7f2706ff9280)
at /usr/src/debug/bind-9.18.10/lib/ns/update.c:736
#17 0x00007f2717d10e76 in delete_if (predicate=predicate at entry=0x7f2717d0fb10 <true_p>,
db=<optimized out>, ver=<optimized out>, name=<optimized out>, type=<optimized out>,
covers=<optimized out>, update_rr=0x7f2706ff94b0, diff=0x7f2706ff9400)
at /usr/src/debug/bind-9.18.10/lib/ns/update.c:1454
#18 0x00007f2717d1bccd in update_action (task=<optimized out>, event=<optimized out>)
at /usr/src/debug/bind-9.18.10/lib/ns/update.c:3299
#19 0x00007f271765eb4c in task_run (task=0x7f27155ccf00)
at /usr/src/debug/bind-9.18.10/lib/isc/task.c:823
#20 isc_task_run (task=0x7f27155ccf00) at /usr/src/debug/bind-9.18.10/lib/isc/task.c:904
#21 0x00007f271762cb12 in isc__nm_async_task (worker=0x7f2716236560, ev0=0x7f26caa07000)
at netmgr/netmgr.c:840
#22 process_netievent (worker=worker at entry=0x7f2716236560, ievent=0x7f26caa07000) at netmgr/netmgr.c:918
#23 0x00007f271762d197 in process_queue (worker=worker at entry=0x7f2716236560,
type=type at entry=NETIEVENT_TASK) at netmgr/netmgr.c:1011
#24 0x00007f271762d3b3 in process_all_queues (worker=0x7f2716236560) at netmgr/netmgr.c:765
#25 async_cb (handle=0x7f27162368c0) at netmgr/netmgr.c:794
#26 0x00007f2717c4cb0d in uv__async_io (loop=0x7f2716236570, w=<optimized out>, events=<optimized out>)
at src/unix/async.c:163
#27 0x00007f2717c6825d in uv__io_poll (loop=0x7f2716236570, timeout=<optimized out>)
at src/unix/epoll.c:374
#28 0x00007f2717c5247a in uv__io_poll (timeout=<optimized out>, loop=0x7f2716236570)
at src/unix/udp.c:122
#29 uv_run (loop=loop at entry=0x7f2716236570, mode=mode at entry=UV_RUN_DEFAULT) at src/unix/core.c:406
#30 0x00007f271762d834 in nm_thread (worker0=0x7f2716236560) at netmgr/netmgr.c:696
#31 0x00007f27176627f5 in isc__trampoline_run (arg=0x55d4dfe3ad70)
at /usr/src/debug/bind-9.18.10/lib/isc/trampoline.c:189
#32 0x00007f2716c9398d in start_thread () from /lib64/libc.so.6
#33 0x00007f2716d19344 in clone () from /lib64/libc.so.6
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14030
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Samuel Cabrero <scabrero at samba.org>
Autobuild-Date(master): Thu Jan 19 10:20:27 UTC 2023 on atb-devel-224
(cherry picked from commit fcecdfa8e5c651d4a27f8fcd5df6e9bce37ed8a7)
- - - - -
0a27a04e by Volker Lendecke at 2023-06-02T12:51:11+00:00
tests: Make timelimit available to test scripts
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15382
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 4804d6b89a9146f1fc5270de158cd25254505f61)
- - - - -
72149cd8 by Volker Lendecke at 2023-06-02T12:51:11+00:00
tests: Show that we 100% loop in cli_list_old_recv()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15382
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit e86234f3d61c62e4365e1ea105bdd29feaf7ccbe)
- - - - -
af55bfe4 by Volker Lendecke at 2023-06-02T13:52:29+00:00
libsmb: Fix directory listing against old servers
cli_list_trans_recv() can be called multiple times. When it's done, it
return NT_STATUS_OK and set *finfo to NULL. cli_list_old_recv() did
not do the NULL part, so smbclient would endlessly loop.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15382
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Jun 1 21:54:42 UTC 2023 on atb-devel-224
(cherry picked from commit f30f5793ad592e193546586b765837c0ac9f5647)
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Fri Jun 2 13:52:29 UTC 2023 on sn-devel-184
- - - - -
f26b2057 by Volker Lendecke at 2023-06-09T14:43:33+00:00
smbclient: Fix fd leak with "showacls;ls"
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15391
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Jun 8 16:55:14 UTC 2023 on atb-devel-224
(cherry picked from commit 5c52f71c0d0e162dcbf42378357313035efa860f)
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Fri Jun 9 14:43:33 UTC 2023 on sn-devel-184
- - - - -
88c24655 by Jones Syue at 2023-06-28T21:03:31+00:00
s3:utils: smbget fix a memory leak
Using smbget to download files recursively (-R).
If smbget found that a file is already existed in the destination,
smbget would said 'File exists', return early, and 'newname' allocated
memory is never freed, this is found by valgrind.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15403
Signed-off-by: Jones Syue <jonessyue at qnap.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Jun 28 07:02:34 UTC 2023 on atb-devel-224
(cherry picked from commit afbed653526b572f7309e67ed742a76ef7b2b8ec)
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Wed Jun 28 21:03:31 UTC 2023 on sn-devel-184
- - - - -
c366a064 by Douglas Bagnall at 2023-06-30T12:44:07+00:00
pidl: avoid py compile issues with --pidl-developer
We get these warnings-as-errors:
librpc/gen_ndr/py_netlogon.c:61903:53: error: stray ‘\’ in program
61903 | PyErr_Format(PyExc_TypeError, "Expected type %s",\ //<PIDL> Parse::Pidl::Samba4::Python::ConvertObjectFromPythonData lib/Parse/Pidl/Samba4/Python.pm:2005
but the '\' is unnecessary and unconventional anyway, since we're in a
function argument list.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15404
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Feb 3 03:27:54 UTC 2023 on atb-devel-224
(cherry picked from commit e26a01a48c4a6ca6f9424ced72eda68e6eb1e7e3)
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Fri Jun 30 12:44:07 UTC 2023 on sn-devel-184
- - - - -
426b6ecc by Ralph Boehme at 2023-07-06T12:31:16+00:00
smbd: call exit_server_cleanly() to avoid panicking
The parent smdb forwards SIGTERM to its process group in order to kill all
children like the scavenger. This happens from a function registered via
atexit() which means the signal forwarding is happening very briefly before the
main smbd process exits. When exiting the pipe between smbd and scavenger is
closed which triggers a file event in the scavenger.
However, due to kernel sheduling it is possible that the file descriptor event
is received before the signal, where we call exit_server() which call
smb_panic() at the end.
Change the exit to exit_server_cleanly() and just log this event at level 2
which we already do.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15275
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Jul 5 13:14:08 UTC 2023 on atb-devel-224
(cherry picked from commit 083fe1c28c6ec69cbd15d8cc2f7f06b1b630f2bc)
- - - - -
62507b11 by Stefan Metzmacher at 2023-07-06T12:31:16+00:00
s3:winbindd: call reset_cm_connection_on_error() in wb_cache_query_user_list()
This is mostly for consistency, every remote call should call
reset_cm_connection_on_error(). Note this is more than
a simple invalidate_cm_connection() as it may set
domain->conn.netlogon_force_reauth = true.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit cb59fd43bbf758e4bad774cfc19ef87b157052c2)
- - - - -
0afed23b by Stefan Metzmacher at 2023-07-06T12:31:16+00:00
s3:winbindd: make use of reset_cm_connection_on_error() for winbindd_lookup_{names,sids}()
Note this is more than a simple invalidate_cm_connection() as it may set
domain->conn.netlogon_force_reauth = true.
This is not strictly needed as the callers call
reset_cm_connection_on_error() via reconnect_need_retry().
But it might avoid one roundtrip.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 4ad5a35a3f67860aa7a1345efcfc92fe40578e31)
- - - - -
38a9e17d by Stefan Metzmacher at 2023-07-06T12:31:16+00:00
s3:winbindd: let winbind_samlogon_retry_loop() always start with authoritative = 1
Otherwise we could treat a local problem as non-authoritative.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 0cb6de4b1d5410f3699172952be81c6eb75c2c86)
- - - - -
b5b4fd3e by Stefan Metzmacher at 2023-07-06T12:31:16+00:00
s3:winbindd: make use of reset_cm_connection_on_error() in winbind_samlogon_retry_loop()
Note this is more than a simple invalidate_cm_connection() as it may set
domain->conn.netlogon_force_reauth = true, which is important in order
to recover from NT_STATUS_RPC_SEC_PKG_ERROR errors.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit b317b10dffd99d1add3ff0b85b958edd9639abc8)
- - - - -
65f35a5b by Stefan Metzmacher at 2023-07-06T13:29:28+00:00
s3:winbindd: let winbind_samlogon_retry_loop() fallback to NT_STATUS_NO_LOGON_SERVERS
When we were not able to get a valid response from any DC we should
report NT_STATUS_NO_LOGON_SERVERS with authoritative = 1.
This matches what windows does. In a chain of transitive
trusts the ACCESS_DENIED/authoritative=0 is not propagated,
instead NT_STATUS_NO_LOGON_SERVERS/authoritative=1 is
passed along the chain if there's no other DC is available.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 50e771c12f84f9268c2e9ddeef0965f79f85de3d)
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Thu Jul 6 13:29:28 UTC 2023 on sn-devel-184
- - - - -
95fd96db by Jule Anger at 2023-07-06T15:40:45+02:00
WHATSNEW: Add release notes for Samba 4.17.9.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
b8598d4b by Jule Anger at 2023-07-06T15:41:10+02:00
VERSION: Disable GIT_SNAPSHOT for the 4.17.9 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
d48c42c7 by Jule Anger at 2023-07-06T15:41:31+02:00
VERSION: Bump version up to Samba 4.17.10...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
888e3e5b by Michael Tokarev at 2023-07-07T11:22:38+03:00
d/copyright: strip manpages in ctdb/doc/ and docs/manpages/
- - - - -
b979ef85 by Michael Tokarev at 2023-07-07T11:22:48+03:00
d/copyright: exclude ctdb/docs/*.?.html manpages too
- - - - -
a845b169 by Michael Tokarev at 2023-07-07T11:38:52+03:00
New upstream version 4.17.9+dfsg
- - - - -
2204f62c by Michael Tokarev at 2023-07-07T11:39:23+03:00
Update upstream source from tag 'upstream/4.17.9+dfsg'
Update to upstream version '4.17.9+dfsg'
with Debian dir f1c012172d420d168faba31ab52cf1336826c9df
- - - - -
0bd71b98 by Michael Tokarev at 2023-07-07T11:40:07+03:00
remove dnsserver-rename-dns_name_equal.patch (finally included upstream)
- - - - -
6be616e7 by Michael Tokarev at 2023-07-07T11:40:07+03:00
heimdal-to-support-KEYRING-ccache.patch: enable KEYRING in heimdal (#1023609)
- - - - -
ad2a08c6 by Michael Tokarev at 2023-07-07T11:40:07+03:00
d/control: build-depend on libkeyutils-dev (it is pulled by some other dep, but better to be safe)
- - - - -
1af3882e by Michael Tokarev at 2023-07-07T11:40:33+03:00
update changelog; upload version 4.17.9+dfsg-0+deb12u1 to bookworm-proposed-updates
- - - - -
1caa4f46 by Michael Tokarev at 2023-07-09T09:54:59+03:00
d/rules: include -latomic gcc issue workaround for select arches
- - - - -
82da757b by Michael Tokarev at 2023-07-09T09:55:22+03:00
d/rules: query for DEB_HOST_ARCH, not DEB_HOST_ARCH_CPU, for -latomic workaround
- - - - -
9159665a by Michael Tokarev at 2023-07-09T09:56:08+03:00
d/rules: add comment about -latomic gcc issue and drop --as-needed there since it is already in use
- - - - -
728732b6 by Michael Tokarev at 2023-07-09T14:26:59+03:00
update changelog; upload version 4.17.9+dfsg-0+deb12u2 to bookworm
- - - - -
2571b885 by Michael Tokarev at 2023-07-14T12:33:32+03:00
fix-unsupported-netr_LogonGetCapabilities-l2.patch
- - - - -
dec07df1 by Michael Tokarev at 2023-07-14T12:34:33+03:00
update changelog; upload version 4.17.9+dfsg-0+deb12u3 to bookworm
- - - - -
a3944de6 by Volker Lendecke at 2023-07-14T15:14:46+02:00
CVE-2022-2127: winbindd: Fix WINBINDD_PAM_AUTH_CRAP length checks
With WBFLAG_BIG_NTLMV2_BLOB being set plus lm_resp_len too large you
can crash winbind. We don't independently check lm_resp_len
sufficiently.
Discovered via Coverity ID 1504444 Out-of-bounds access
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15072
Signed-off-by: Volker Lendecke <vl at samba.org>
- - - - -
53838682 by Ralph Boehme at 2023-07-14T15:14:46+02:00
CVE-2022-2127: ntlm_auth: cap lanman response length value
We already copy at most sizeof(request.data.auth_crap.lm_resp) bytes to the
lm_resp buffer, but we don't cap the length indicator.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15072
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
6e5e5c7f by Ralph Boehme at 2023-07-14T15:14:54+02:00
CVE-2023-34966: CI: test for sl_unpack_loop()
Send a maliciously crafted packet where a nil type has a subcount of 0. This
triggers an endless loop in mdssvc sl_unpack_loop().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15340
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
c77b31f1 by Ralph Boehme at 2023-07-14T15:14:54+02:00
CVE-2023-34966: mdssvc: harden sl_unpack_loop()
A malicious client could send a packet where subcount is zero, leading to a busy
loop because
count -= subcount
=> count -= 0
=> while (count > 0)
loops forever.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15340
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
7812c56d by Ralph Boehme at 2023-07-14T15:14:57+02:00
CVE-2023-34967: CI: add a test for type checking of dalloc_value_for_key()
Sends a maliciously crafted packet where the value in a key/value style
dictionary for the "scope" key is a simple string object whereas the server
expects an array. As the server doesn't perform type validation on the value, it
crashes when trying to use the "simple" object as a "complex" one.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15341
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
049c1324 by Ralph Boehme at 2023-07-14T15:14:57+02:00
CVE-2023-34967: mdssvc: add type checking to dalloc_value_for_key()
Change the dalloc_value_for_key() function to require an additional final
argument which denotes the expected type of the value associated with a key. If
the types don't match, return NULL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15341
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
98b2a013 by Ralph Boehme at 2023-07-14T15:15:00+02:00
CVE-2023-34968: mdssvc: cache and reuse stat info in struct sl_inode_path_map
Prepare for the "path" being a fake path and not the real server-side
path where we won't be able to vfs_stat_fsp() this fake path. Luckily we already
got stat info for the object in mds_add_result() so we can just pass stat info
from there.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
47a0c168 by Ralph Boehme at 2023-07-14T15:15:00+02:00
CVE-2023-34968: mdssvc: add missing "kMDSStoreMetaScopes" dict key in slrpc_fetch_properties()
We were adding the value, but not the key.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
56a21b3b by Ralph Boehme at 2023-07-14T15:15:00+02:00
CVE-2023-34968: mdscli: use correct TALLOC memory context when allocating spotlight_blob
d is talloc_free()d at the end of the functions and the buffer was later used
after beeing freed in the DCERPC layer when sending the packet.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
0ae6084d by Ralph Boehme at 2023-07-14T15:15:00+02:00
CVE-2023-34968: mdscli: remove response blob allocation
This is handled by the NDR code transparently.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
353a9cce by Ralph Boehme at 2023-07-14T15:15:00+02:00
CVE-2023-34968: smbtorture: remove response blob allocation in mdssvc.c
This is alreay done by NDR for us.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
449f1280 by Ralph Boehme at 2023-07-14T15:15:00+02:00
CVE-2023-34968: rpcclient: remove response blob allocation
This is alreay done by NDR for us.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
cc593a6a by Ralph Boehme at 2023-07-14T15:15:00+02:00
CVE-2023-34968: mdssvc: remove response blob allocation
This is alreay done by NDR for us.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
ee428be9 by Ralph Boehme at 2023-07-14T15:15:01+02:00
CVE-2023-34968: mdssvc: switch to doing an early return
Just reduce indentation of the code handling the success case. No change in
behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
cb8313e7 by Ralph Boehme at 2023-07-14T15:15:01+02:00
CVE-2023-34968: mdssvc: introduce an allocating wrapper to sl_pack()
sl_pack_alloc() does the buffer allocation that previously all callers of
sl_pack() did themselves.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
a5c570e2 by Ralph Boehme at 2023-07-14T15:15:01+02:00
CVE-2023-34968: mdscli: return share relative paths
The next commit will change the Samba Spotlight server to return absolute paths
that start with the sharename as "/SHARENAME/..." followed by the share path
relative appended.
So given a share
[spotlight]
path = /foo/bar
spotlight = yes
and a file inside this share with a full path of
/foo/bar/dir/file
previously a search that matched this file would returns the absolute
server-side pato of the file, ie
/foo/bar/dir/file
This will be change to
/spotlight/dir/file
As currently the mdscli library and hence the mdsearch tool print out these
paths returned from the server, we have to change the output to accomodate these
fake paths. The only way to do this sensibly is by makeing the paths relative to
the containing share, so just
dir/file
in the example above.
The client learns about the share root path prefix – real server-side of fake in
the future – in an initial handshake in the "share_path" out argument of the
mdssvc_open() RPC call, so the client can use this path to convert the absolute
path to relative.
There is however an additional twist: the macOS Spotlight server prefixes this
absolute path with another prefix, typically "/System/Volumes/Data", so in the
example above the full path for the same search would be
/System/Volumes/Data/foo/bar/dir/file
So macOS does return the full server-side path too, just prefixed with an
additional path. This path prefixed can be queried by the client in the
mdssvc_cmd() RPC call with an Spotlight command of "fetchPropertiesForContext:"
and the path is returned in a dictionary with key "kMDSStorePathScopes". Samba
just returns "/" for this.
Currently the mdscli library doesn't issue this Spotlight RPC
request (fetchPropertiesForContext), so this is added in this commit. In the
end, all search result paths are stripped of the combined prefix
kMDSStorePathScopes + share_path (from mdssvc_open).
eg
kMDSStorePathScopes = /System/Volumes/Data
share_path = /foo/bar
search result = /System/Volumes/Data/foo/bar/dir/file
relative path returned by mdscli = dir/file
Makes sense? :)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
091b0265 by Ralph Boehme at 2023-07-14T15:15:01+02:00
CVE-2023-34968: mdssvc: return a fake share path
Instead of returning the real server-side absolute path of shares and search
results, return a fake absolute path replacing the path of the share with the
share name, iow for a share "test" with a server-side path of "/foo/bar", we
previously returned
/foo/bar and
/foo/bar/search/result
and now return
/test and
/test/search/result
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
e67b7e5f by Ralph Boehme at 2023-07-14T15:15:04+02:00
CVE-2023-3347: CI: add a test for server-side mandatory signing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15397
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
e96d5002 by Ralph Boehme at 2023-07-14T15:15:04+02:00
CVE-2023-3347: smbd: pass lp_ctx to smb[1|2]_srv_init_signing()
No change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15397
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
95cec0df by Ralph Boehme at 2023-07-14T15:15:04+02:00
CVE-2023-3347: smbd: inline smb2_srv_init_signing() code in srv_init_signing()
It's now a one-line function, imho the overall code is simpler if that code is
just inlined.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15397
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
a22fcb68 by Ralph Boehme at 2023-07-14T15:15:04+02:00
CVE-2023-3347: smbd: remove comment in smbd_smb2_request_process_negprot()
This is just going to bitrot. Anyone who's interested can just grep for
"signing_mandatory" and look up what it does.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15397
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
6c1128b1 by Ralph Boehme at 2023-07-14T15:15:04+02:00
CVE-2023-3347: smbd: fix "server signing = mandatory"
This was broken by commit 1f3f6e20dc086a36de52bffd0bc36e15fb19e1c6 because when
calling srv_init_signing() very early after accepting the connection in
smbd_add_connection(), conn->protocol is still PROTOCOL_NONE.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15397
Signed-off-by: Ralph Boehme <slow at samba.org>
- - - - -
492a52b1 by Stefan Metzmacher at 2023-07-17T10:28:30+02:00
netlogon.idl: add support for netr_LogonGetCapabilities response level 2
We don't have any documentation about this yet, but tests against
a Windows Server 2022 patched with KB5028166 revealed that
the response for query_level=2 is exactly the same as
for querey_level=1.
Until we know the reason for query_level=2 we won't
use it as client nor support it in the server, but
we want ndrdump to work.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15418
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 5f87888ed53320538cf773d64868390d8641a40e)
- - - - -
e14a5c36 by Stefan Metzmacher at 2023-07-17T10:28:30+02:00
s4:torture/rpc: let rpc.schannel also check netr_LogonGetCapabilities with different levels
The important change it that we expect DCERPC_NCA_S_FAULT_INVALID_TAG
for unsupported query_levels, we allow it to work with servers
with or without support for query_level=2.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15418
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 404ce08e9088968311c714e756f5d58ce2cef715)
- - - - -
55d0a386 by Stefan Metzmacher at 2023-07-17T10:28:30+02:00
s4:rpc_server:netlogon: generate FAULT_INVALID_TAG for invalid netr_LogonGetCapabilities levels
This is important as Windows clients with KB5028166 seem to
call netr_LogonGetCapabilities with query_level=2 after
a call with query_level=1.
An unpatched Windows Server returns DCERPC_NCA_S_FAULT_INVALID_TAG
for query_level values other than 1.
While Samba tries to return NT_STATUS_NOT_SUPPORTED, but
later fails to marshall the response, which results
in DCERPC_FAULT_BAD_STUB_DATA instead.
Because we don't have any documentation for level 2 yet,
we just try to behave like an unpatched server and
generate DCERPC_NCA_S_FAULT_INVALID_TAG instead of
DCERPC_FAULT_BAD_STUB_DATA.
Which allows patched Windows clients to keep working
against a Samba DC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15418
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit d5f1097b6220676d56ed5fc6707acf667b704518)
- - - - -
56fad90e by Stefan Metzmacher at 2023-07-17T10:28:30+02:00
s3:rpc_server:netlogon: generate FAULT_INVALID_TAG for invalid netr_LogonGetCapabilities levels
This is important as Windows clients with KB5028166 seem to
call netr_LogonGetCapabilities with query_level=2 after
a call with query_level=1.
An unpatched Windows Server returns DCERPC_NCA_S_FAULT_INVALID_TAG
for query_level values other than 1.
While Samba tries to return NT_STATUS_NOT_SUPPORTED, but
later fails to marshall the response, which results
in DCERPC_FAULT_BAD_STUB_DATA instead.
Because we don't have any documentation for level 2 yet,
we just try to behave like an unpatched server and
generate DCERPC_NCA_S_FAULT_INVALID_TAG instead of
DCERPC_FAULT_BAD_STUB_DATA.
Which allows patched Windows clients to keep working
against a Samba DC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15418
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Mon Jul 17 07:35:09 UTC 2023 on atb-devel-224
(cherry picked from commit dfeabce44fbb78083fbbb2aa634fc4172cf83db9)
- - - - -
1448e347 by Jule Anger at 2023-07-17T22:19:16+02:00
WHATSNEW: Add release notes for Samba 4.17.10.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
5eceb0df by Jule Anger at 2023-07-17T22:19:16+02:00
VERSION: Disable GIT_SNAPSHOT for the 4.17.10 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
8a602310 by Jule Anger at 2023-07-19T16:57:43+02:00
VERSION: Bump version up to Samba 4.17.11...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
c6a6a72b by Michael Tokarev at 2023-07-19T17:59:33+03:00
New upstream version 4.17.10+dfsg
- - - - -
f3a1e02c by Michael Tokarev at 2023-07-19T18:00:44+03:00
Update upstream source from tag 'upstream/4.17.10+dfsg'
Update to upstream version '4.17.10+dfsg'
with Debian dir 87b52a2bb0da173cef9cf7687a9b07b0a90649b7
- - - - -
842fb86a by Michael Tokarev at 2023-07-19T18:01:10+03:00
remove fix-unsupported-netr_LogonGetCapabilities-l2.patch (fix is included now)
- - - - -
ff0a13b2 by Michael Tokarev at 2023-07-19T18:15:37+03:00
update changelog; upload version 4.17.10+dfsg-0+deb12u1 to bookworm-security
- - - - -
cdce89e4 by Ralph Boehme at 2023-07-19T16:27:39+00:00
smbd: don't leak the fsp if close_file_smb() fails
This can happen if DELETE-ON-CLOSE is set, but the deletion fails for some
reason.
The bug was introduced by 1808e5c133474eabc9d3cf91c2a92ec4d92d9fdd.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15417
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Jul 10 21:32:32 UTC 2023 on atb-devel-224
(cherry picked from commit 4da50463e1b75c06d5f8c066e8b4eff48186afb0)
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Wed Jul 19 16:27:39 UTC 2023 on sn-devel-184
- - - - -
9d97cd01 by Ralph Boehme at 2023-07-31T08:08:13+00:00
mdssvc: set query state for continued queries to SLQ_STATE_RUNNING
SLQ_STATE_RESULTS implies that there are already results attached to the slq
which is not the case. Instead the backend will start processing from where it
left off when it hits the maximum result limit and had set the state to
SLQ_STATE_FULL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15342
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 4149ef97e5906604be1587622f390f121db183e2)
- - - - -
19f10cb9 by Ralph Boehme at 2023-07-31T08:08:13+00:00
mdssvc: fix long running backend queries
If a query is still running in the backend and we have no results yet, returning
0 triggers a search termination by the client in latest macOS releases. macOS
returns 0x23 in this case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15342
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 925fefae20e52a3c89a56bdd0cd5b98cc951db5f)
- - - - -
506e9a2d by Ralph Boehme at 2023-07-31T08:08:13+00:00
mdssvc: add and use SL_PAGESIZE
SL_PAGESIZE is the number of entries we want to process per paged search result
set. This is different from MAX_SL_RESULTS which ought to be a default maximum
value for total number of results returned for a search query.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15342
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 086c2602d074d4dc0d44f5534857e5f59a8690b2)
- - - - -
57d8d007 by Ralph Boehme at 2023-07-31T08:08:13+00:00
mdssvc: fix enforcement of "elasticsearch:max results"
This wasn't enforced at all thus a query would return all available matches
without limit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15342
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit d8fa5c8e2a1794ea8dc663485315ebd9401b2628)
- - - - -
31a6264f by Ralph Boehme at 2023-07-31T08:08:13+00:00
tests/mdssvc: match hits:total:value to be the actual amount of entries in hits
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15342
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 7f5e4edf64f7e4175f652bf8762d4edc110ad6b1)
- - - - -
e7eb2286 by Ralph Boehme at 2023-07-31T08:08:13+00:00
mdssvc: reduce pagesize to 50
Lastest macOS queries additional file metadata per search result, which causes
the mashalled paged result set including metadata to exceed the 64 KB result
fragment buffer.
Lacking fragementation support in mdssvc (it's supported by the protocol), for
now just reduce the maximum number of results per search page.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15342
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 724a0518c901589fe1171d94648391832e056f4d)
- - - - -
a6fba558 by Ralph Boehme at 2023-07-31T08:08:13+00:00
mdssvc: prepare for returning timestamps with sub-seconds granularity
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15427
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 9dc66fecf7c1743d264c5c4f8978b77bab75ed86)
- - - - -
c7ee8854 by Ralph Boehme at 2023-07-31T08:08:13+00:00
mdssvc: fix date marshalling
Did this ever work? Possible just copied over from Netatalk and was always
broken... The Mac client expects the timevalue as seconds relative to
2001-01-01 00:00:00 UTC, packed as IEEE float.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15427
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 620ca1e68d02be45a94aa41217a141d211fceb1f)
- - - - -
947790f8 by Ralph Boehme at 2023-07-31T09:11:27+00:00
mdssvc: fix returning file modification date for older Mac releases
Mac 10.10 uses kMDItemContentModificationDate instead of
kMDItemFSContentChangeDate.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15427
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Jul 26 23:42:44 UTC 2023 on atb-devel-224
(cherry picked from commit c2e83ebe726b7bc42b329198214c784936f19888)
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Mon Jul 31 09:11:27 UTC 2023 on sn-devel-184
- - - - -
517339b1 by Arvid Requate at 2023-08-01T09:53:12+00:00
For Bug #9959: local talloc frame for next commit
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Arvid Requate <requate at univention.de>
[abartlet at samba.org Added additional talloc_free() in failure paths]
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit b6e80733c3a589f9d784eec86fc713f1ec9c1049)
- - - - -
7112efed by Arvid Requate at 2023-08-01T09:53:12+00:00
Bug #9959: Don't search for CN=System
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Arvid Requate <requate at univention.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 2d461844a201fbca55ebc9a46a15e1d16048055b)
- - - - -
bac861ed by Andrew Bartlett at 2023-08-01T09:53:12+00:00
dsdb: Add new function samdb_system_container_dn()
This will replace many calls crafting or searching for this DN
elsewhere in the code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 25b0e1102e1a502152d2695aeddf7c65555b16fb)
- - - - -
d3c4dd68 by Andrew Bartlett at 2023-08-01T09:53:12+00:00
dsdb: Use samdb_system_container_dn() in samldb.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 97b682e0eb0450513dcecb74be672e18e84fe7a2)
- - - - -
30c14e87 by Andrew Bartlett at 2023-08-01T09:53:12+00:00
dsdb: Use samdb_get_system_container_dn() to get Password Settings Container
By doing this we use the common samdb_get_system_container_dn() routine and we
avoid doing a linerize and parse step on the main DN, instead using the
already stored parse of the DN. This is more hygenic.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 3669caa97f76d3e893ac6a1ab88341057929ee6a)
- - - - -
cabc2292 by Andrew Bartlett at 2023-08-01T09:53:12+00:00
s4-rpc_server/lsa: Use samdb_system_container_dn() in dcesrv_lsa_get_policy_state()
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 4e18066fa243da1c505f782ba87187c3bb1078ee)
- - - - -
0d6bc07a by Andrew Bartlett at 2023-08-01T09:53:12+00:00
s4-rpc_server/netlogon: Use samdb_system_container_dn() in fill_trusted_domains_array()
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit a900f6aa5d909d912ee3ca529baa4047c9c4da87)
- - - - -
558834c3 by Andrew Bartlett at 2023-08-01T09:53:12+00:00
s4-rpc_server/backupkey: Use samdb_system_container_dn() in set_lsa_secret()
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 13eed1e0e7d0bdef6b5cdb6b858f124b812adbea)
- - - - -
ecbba6ae by Andrew Bartlett at 2023-08-01T09:53:12+00:00
s4-rpc_server/backupkey: Use samdb_system_container_dn() in get_lsa_secret()
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 9b4f3f3cb4ed17bb233d3b5ccd191be63f01f3f4)
- - - - -
dc74e3e9 by Andrew Bartlett at 2023-08-01T09:53:12+00:00
dsdb: Use samdb_system_container_dn() in dsdb_trust_*()
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 4250d07e4dcd43bf7450b1ae603ff46fdc892d02)
- - - - -
9313ebba by Andrew Bartlett at 2023-08-01T10:57:31+00:00
dsdb: Use samdb_system_container_dn() in pdb_samba_dsdb_*()
This makes more calls to add children, but avoids the cn=system string in the
codebase which makes it easier to audit that this is always being built
correctly.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Mon Jul 31 07:20:21 UTC 2023 on atb-devel-224
(cherry picked from commit 5571ce9619d856d3c9545099366f4e0259aee8ef)
RN: A second container with name CN=System would disable the operation
of the Samba AD DC. Samba now finds the CN=System container by exact
DN and not a search.
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Tue Aug 1 10:57:31 UTC 2023 on sn-devel-184
- - - - -
d94cbb10 by Noel Power at 2023-08-02T11:45:00+00:00
s3/utils: avoid erronous NO MEMORY detection
since 5cc3c1b5f6b0289f91c01b20989558badc28fd61 if we don't have
a realm specified either on cmdline or in conf file we try to
copy (talloc_strdup) a NULL variable which triggers a NO_MEMORY
error when we check the result of the copy
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15384
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Sun Jun 4 12:42:16 UTC 2023 on atb-devel-224
(cherry picked from commit 22ab42c1007775abca0b578744d4c18a85cda627)
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Wed Aug 2 11:45:00 UTC 2023 on sn-devel-184
- - - - -
9ace5309 by Noel Power at 2023-08-03T11:39:14+00:00
selftest: Add new dfs share (with widelinks enabled)
Adds share (to be used in later test) that has dfs node
but additionally has widelinks set to yes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit b57cdfd7efb161cf96b3a39dc7a1652db817e602)
- - - - -
98a53e95 by Noel Power at 2023-08-03T11:39:14+00:00
sefltest: Add new regression test dfs with widelinks = yes
Adds a new test trying to cd into dfs path on share with
widelinks enabled, should generate an error (see BUG:)
Add a knownfail so CI continues
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 3d2e9db8b95f9f45d486f8272e53584975f177fa)
- - - - -
b63c917c by Noel Power at 2023-08-03T11:39:14+00:00
s3/modules: Add flag indicating if connected share is a dfs share
Not used yet, will be used in the next commit to avoid testing
if the connected share is a dfs one.
Pair-Programmed-With: Jeremy Alison <jra at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 2668dcd0968133cca4f8410bf8c41ed0483f5d87)
- - - - -
10f3fafc by Noel Power at 2023-08-03T12:46:29+00:00
s3/modules: Fix DFS links when widelinks = yes
In openat(), even if we fail to open the file,
propagate stat if and only if the object is a link in
a DFS share. This allows calling code to further process
the link.
Also remove knownfail
Pair-Programmed-With: Jeremy Alison <jra at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Jul 29 00:43:52 UTC 2023 on atb-devel-224
(cherry picked from commit 0bf8b25aacdf2f5c746922320b32e3f0886c81f5)
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Thu Aug 3 12:46:29 UTC 2023 on sn-devel-184
- - - - -
3a6964d0 by Stefan Metzmacher at 2023-08-08T12:40:12+00:00
vfs_aio_pthread: don't crash without a pthreadpool
During 'samba-tool ntacl sysvolreset' and similar.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15441
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 3694f2ce6205a647eb5dab2115785fb45decaf0b)
- - - - -
f99fec49 by Jones Syue at 2023-08-08T12:40:12+00:00
vfs_aio_pthread: fix segfault if samba-tool ntacl get
If configured as AD DC and aio_pthread appended into 'vfs objects'[1],
run these commands would get segfault:
1. sudo samba-tool ntacl get .
2. sudo net vfs getntacl sysvol .
gdb said it goes through aio_pthread_openat_fn() @ vfs_aio_pthread.c[2],
and the fsp->conn->sconn->client is null (0x0).
'sconn->client' memory is allocated when a new connection is accpeted:
smbd_accept_connection > smbd_process > smbXsrv_client_create
While running local commands looks like it would not go through
smbXsrv_client_create so the 'client' is null, segfault might happen.
We should not dereference 'client->server_multi_channel_enabled',
if 'client' is null.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15441
[1] smb.conf example, samba-4.18.5, ubuntu 22.04.2
[global]
dns forwarder = 127.0.0.53
netbios name = U22-JONES-88X1
realm = U22-JONES-88X1.X88X1.JONES
server role = active directory domain controller
workgroup = X88X1
idmap_ldb:use rfc2307 = yes
vfs objects = dfs_samba4 acl_xattr aio_pthread
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[netlogon]
path = /var/lib/samba/sysvol/u22-jones-88x1.x88x1.jones/scripts
read only = No
[2] gdb
(gdb) run /usr/local/samba/bin/samba-tool ntacl get .
Starting program: /usr/local/Python3/bin/python3 /usr/local/samba/bin/samba-tool ntacl get .
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
0x00007fffd0eb809e in aio_pthread_openat_fn (handle=0x8d5cc0, dirfsp=0x8c3070, smb_fname=0x18ab4f0, fsp=0x1af3550, flags=196608, mode=0)
at ../../source3/modules/vfs_aio_pthread.c:467
warning: Source file is more recent than executable.
467 if (fsp->conn->sconn->client->server_multi_channel_enabled) {
(gdb) bt
at ../../source3/modules/vfs_aio_pthread.c:467
at ../../source3/smbd/pysmbd.c:320
---Type <return> to continue, or q <return> to quit---
(gdb) f
at ../../source3/modules/vfs_aio_pthread.c:467
467 if (fsp->conn->sconn->client->server_multi_channel_enabled) {
(gdb) p fsp->conn->sconn->client
$1 = (struct smbXsrv_client *) 0x0
(gdb)
Signed-off-by: Jones Syue <jonessyue at qnap.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 8f4c1c67b4f118a9a47b09ac7908cd3d969b19c2)
- - - - -
95bb8115 by Stefan Metzmacher at 2023-08-08T12:40:12+00:00
s4:torture/ndr: add tests for DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED
The PDUs were generated by Windows clients.
And we fail to parse them currently.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15446
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit c37adb762640b7df9731d6a60edce808aa8787f8)
- - - - -
4233de9b by Stefan Metzmacher at 2023-08-08T12:40:12+00:00
librpc/rpc: let dcerpc_read_ncacn_packet_next_vector() handle fragments without any payload
DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED don't have any payload by
default. In order to receive them via dcerpc_read_ncacn_packet_send/recv
we need to allow fragments with frag_len == DCERPC_NCACN_PAYLOAD_OFFSET.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15446
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 5c724a3e156ae734e4d187bf9639d895bb011834)
- - - - -
3a0ae0c6 by Stefan Metzmacher at 2023-08-08T13:39:40+00:00
dcerpc.idl: fix definitions for DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED payload
It seems commit 259129e8f4bc8cacd1850eba3f6551134835d079 was partly just
fantasy...
Windows clients just use 16 bytes for DCERPC_PKT_CO_CANCEL and
DCERPC_PKT_ORPHANED pdus.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15446
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue Aug 8 08:57:46 UTC 2023 on atb-devel-224
(cherry picked from commit 9ec22e680249cfde06fb1a0a34fcc94d1f47002d)
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Tue Aug 8 13:39:40 UTC 2023 on sn-devel-184
- - - - -
fec91383 by Jeremy Allison at 2023-08-14T09:27:37+00:00
s3: smbd: Sanitize any "server" and "share" components of SMB1 DFS paths to remove UNIX separators.
(Back-ported from commit 20df26b908182f0455f301a51aeb54b6044af580)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15419
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Mon Aug 14 09:27:37 UTC 2023 on sn-devel-184
- - - - -
d167b80d by Volker Lendecke at 2023-08-15T08:00:08+00:00
smbXcli: Pass negotiate contexts through smbXcli_negprot_send/recv
We already don't allow setting max_credits in the sync wrapper, so
omit the contexts there as well.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Aug 26 19:54:03 UTC 2022 on sn-devel-184
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346
(cherry picked from commit 4ddd277c0b77c502ed6b11e07c92c91f24ac9c15)
- - - - -
65b05090 by Stefan Metzmacher at 2023-08-15T08:00:08+00:00
s4:torture/smb2: let torture_smb2_con_sopt() use smb2_connect()
There's no need for smb2_connect_ext().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit ade663ee6ca1a2813b203ea667d933f4dab9e7b7)
- - - - -
8c727eef by Stefan Metzmacher at 2023-08-15T08:00:08+00:00
s4:torture/smb2: let us have a common torture_smb2_con_share()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit dc5a500f0a76720b2a5cb5b1142cf4c35cb6bdea)
- - - - -
3c23c7f3 by Stefan Metzmacher at 2023-08-15T08:00:08+00:00
s4:torture/smb2: make it possible to pass existing_conn to smb2_connect_ext()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 2b93058be3f6e5eaee239ad3b0e707c62089d18e)
- - - - -
534f1363 by Stefan Metzmacher at 2023-08-15T08:00:08+00:00
s4:torture/smb2: add smb2.multichannel.bugs.bug_15346
This demonstrates the race quite easily against
Samba and works fine against Windows Server 2022.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 4028d6582907cf582730ceec56872d8584ad02e6)
- - - - -
f3d5e3ad by Stefan Metzmacher at 2023-08-15T08:00:08+00:00
s3:smbd: always clear filter_subreq in smb2srv_client_mc_negprot_next()
Commit 5d66d5b84f87267243dcd5223210906ce589af91 introduced a
'verify_again:' target, if we ever hit that, we would leak
the existing filter_subreq.
Moving it just above a possible messaging_filtered_read_send()
will allow us to only clear it if we actually create a new
request. That will help us in the next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 50d61e5300250922bf36bb699306f82dff6a00b9)
- - - - -
8738efc4 by Stefan Metzmacher at 2023-08-15T09:00:14+00:00
s3:smbd: fix multichannel connection passing race
If a client opens multiple connection with the same
client guid in parallel, our connection passing is likely
to hit a race.
Assume we have 3 processes:
smbdA: This process already handles all connections for
a given client guid
smbdB: This just received a new connection with an
SMB2 neprot for the same client guid
smbdC: This also received a new connection with an
SMB2 neprot for the same client guid
Now both smbdB and smbdC send a MSG_SMBXSRV_CONNECTION_PASS
message to smbdA. These messages contain the socket fd
for each connection.
While waiting for a MSG_SMBXSRV_CONNECTION_PASSED message
from smbdA, both smbdB and smbdC watch the smbXcli_client.tdb
record for changes (that also verifies smbdA stays alive).
Once one of them say smbdB received the MSG_SMBXSRV_CONNECTION_PASSED
message, the dbwrap_watch logic will wakeup smbdC in order to
let it recheck the smbXcli_client.tdb record in order to
handle the case where smbdA died or deleted its record.
Now smbdC rechecks the smbXcli_client.tdb record, but it
was not woken because of a problem with smbdA. It meant
that smbdC sends a MSG_SMBXSRV_CONNECTION_PASS message
including the socket fd again.
As a result smbdA got the socket fd from smbdC twice (or even more),
and creates two (or more) smbXsrv_connection structures for the
same low level tcp connection. And it also sends more than one
SMB2 negprot response. Depending on the tevent logic, it will
use different smbXsrv_connection structures to process incoming
requests. And this will almost immediately result in errors.
The typicall error is:
smb2_validate_sequence_number: smb2_validate_sequence_number: bad message_id 2 (sequence id 2) (granted = 1, low = 1, range = 1)
But other errors would also be possible.
The detail that leads to the long delays on the client side is
that our smbd_server_connection_terminate_ex() code will close
only the fd of a single smbXsrv_connection, but the refcount
on the socket fd in the kernel is still not 0, so the tcp
connection is still alive...
Now we remember the server_id of the process that we send
the MSG_SMBXSRV_CONNECTION_PASS message to. And just keep
watching the smbXcli_client.tdb record if the server_id
don't change. As we just need more patience to wait for
the MSG_SMBXSRV_CONNECTION_PASSED message.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Aug 8 13:59:58 UTC 2023 on atb-devel-224
(cherry picked from commit f348b84fbcf203ab1ba92840cf7aecd55dbf9aa0)
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Tue Aug 15 09:00:14 UTC 2023 on sn-devel-184
- - - - -
741cc348 by Jones Syue at 2023-08-16T08:47:14+00:00
mdssvc: Do an early talloc_free() in _mdssvc_open()
Environment setup:
When macOS Finder connect to a samba server with 'spotlight = yes',
macOS would issue mdssvc open (mdssvc.opnum == 0) to samba and it goes
through api _mdssvc_open().
After applied 578e434a94147dc2d7dbfc006d2ab84807859c1d,
(this is reported by jaywei at qnap.com)
this line 'talloc_free(path);' is deleted if _mdssvc_open() normal exit,
so memory is lazy de-allocate: delayed to
smbd_tevent_trace_callback() @ smb2_process.c. [1]
Supposed to explicitly free 'path' in _mdssvc_open() @ srv_mdssvc_nt.c[2]
just like abnormal exit, do not wait for main loop to free 'path' which is
no longer used, this is more consistent while reading source code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15449
[1] gdb tracing 'path' address 0x56204ccc67e0 to know how it is freed.
Breakpoint 2, _tc_free_children_internal (tc=0x56204ccc6780, ptr=0x56204ccc67e0, location=0x7ff430d96410 "../../lib/talloc/talloc.c:1714") at ../../lib/talloc/talloc.c:1656
1656 while (tc->child) {
(gdb) bt
0 _tc_free_children_internal (tc=0x56204ccc6780, ptr=0x56204ccc67e0, location=0x7ff430d96410 "../../lib/talloc/talloc.c:1714") at ../../lib/talloc/talloc.c:1656
1 0x00007ff430d92b14 in _tc_free_internal (tc=0x56204ccc6780, location=0x7ff430d96410 "../../lib/talloc/talloc.c:1714") at ../../lib/talloc/talloc.c:1183
2 0x00007ff430d93b71 in _tc_free_children_internal (tc=0x56204ccc6720, ptr=0x56204ccc6780, location=0x7ff430d96410 "../../lib/talloc/talloc.c:1714") at ../../lib/talloc/talloc.c:1668
3 0x00007ff430d93d66 in talloc_free_children (ptr=0x56204ccc6780) at ../../lib/talloc/talloc.c:1714
4 0x00007ff432235aca in talloc_pop (frame=0x56204ccc6780) at ../../lib/util/talloc_stack.c:125
5 0x00007ff430d92959 in _tc_free_internal (tc=0x56204ccc6720, location=0x7ff431f358d0 "../../source3/smbd/process.c:3726") at ../../lib/talloc/talloc.c:1157
6 0x00007ff430d92cd5 in _talloc_free_internal (ptr=0x56204ccc6780, location=0x7ff431f358d0 "../../source3/smbd/process.c:3726") at ../../lib/talloc/talloc.c:1247
7 0x00007ff430d93f96 in _talloc_free (ptr=0x56204ccc6780, location=0x7ff431f358d0 "../../source3/smbd/process.c:3726") at ../../lib/talloc/talloc.c:1791
8 0x00007ff431d81292 in smbd_tevent_trace_callback (point=TEVENT_TRACE_AFTER_LOOP_ONCE, private_data=0x7ffe46591e30) at ../../source3/smbd/process.c:3726
<...cut...>
[2] gdb tracing 'path' address 0x55a6d66deed0 to know how it is freed.
Breakpoint 2, _tc_free_children_internal (tc=0x55a6d66deed0, ptr=0x55a6d66def30, location=0x7fc4cca84040 "../../source3/rpc_server/mdssvc/srv_mdssvc_nt.c:189") at ../../lib/talloc/talloc.c:1656
1656 while (tc->child) {
(gdb) bt
0 _tc_free_children_internal (tc=0x55a6d66deed0, ptr=0x55a6d66def30, location=0x7fc4cca84040 "../../source3/rpc_server/mdssvc/srv_mdssvc_nt.c:189") at ../../lib/talloc/talloc.c:1656
1 0x00007fc4cb892b14 in _tc_free_internal (tc=0x55a6d66deed0, location=0x7fc4cca84040 "../../source3/rpc_server/mdssvc/srv_mdssvc_nt.c:189") at ../../lib/talloc/talloc.c:1183
2 0x00007fc4cb892cd5 in _talloc_free_internal (ptr=0x55a6d66def30, location=0x7fc4cca84040 "../../source3/rpc_server/mdssvc/srv_mdssvc_nt.c:189") at ../../lib/talloc/talloc.c:1247
3 0x00007fc4cb893f96 in _talloc_free (ptr=0x55a6d66def30, location=0x7fc4cca84040 "../../source3/rpc_server/mdssvc/srv_mdssvc_nt.c:189") at ../../lib/talloc/talloc.c:1791
4 0x00007fc4cc9396e4 in _mdssvc_open (p=0x55a6d66d5600, r=0x55a6d66edc60) at ../../source3/rpc_server/mdssvc/srv_mdssvc_nt.c:189
<...cut...>
Signed-off-by: Jones Syue <jonessyue at qnap.com>
Reviewed-by: Noel Power <npower at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Mon Aug 14 18:11:37 UTC 2023 on atb-devel-224
(cherry picked from commit 044cb8f9d558bfcd7658cae0f05ff36330538748)
- - - - -
bce87c64 by Jeremy Allison at 2023-08-16T08:47:14+00:00
s3: smbd: Deliberately currupt an uninitialized pointer.
We will need this to show smbd crashing in the test code.
This will be removed once we're passing the test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15420
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit e7bf94b4e3a7f994aa6f0b859089c5add2ad380f)
- - - - -
ec8887be by Jeremy Allison at 2023-08-16T08:47:14+00:00
s3: torture: Add SMB1-TRUNCATED-SESSSETUP test.
Shows that we indirect through an uninitialized pointer and the client crashes
it's own smbd.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15420
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(back-ported from commit 963fd8aa9b76361ab9aeb63307773f2498b17879)
- - - - -
3a123fbb by Jeremy Allison at 2023-08-16T08:47:14+00:00
s3: smbd: Ensure srvstr_pull_req_talloc() always NULLs out *dest.
Robert Morris <rtm at lcs.mit.edu> noticed that in the case
where srvstr_pull_req_talloc() is being called with
buffer remaining == 0, we don't NULL out the destination
pointed which is *always* done in the codepaths inside
pull_string_talloc(). This prevents a crash in the caller.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15420
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 9220c45cc191b34e293190f6a923ba463edd5db9)
- - - - -
b958e82d by Jeremy Allison at 2023-08-16T08:47:14+00:00
s3: smbd: Uncorrupt the pointer we were using to prove a crash.
Rather than restore to uninitialized, set to NULL as per
modern coding practices.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15420
Reviewed-by: Volker Lendecke <vl at samba.org>
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 5bc50d2ea4444244721e72b4264311c7005d2f3c)
- - - - -
0dbba5f6 by Jeremy Allison at 2023-08-16T08:47:14+00:00
s3: smbd: Ensure all callers to srvstr_pull_req_talloc() pass a zeroed-out dest pointer.
Now we've fixed srvstr_pull_req_talloc() this isn't
strictly needed, but ensuring pointers are initialized
is best practice to avoid future bugs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15420
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Mon Aug 14 15:55:43 UTC 2023 on atb-devel-224
(cherry picked from commit 5379b8d557a9a16b81eafb87b60b81debc4bfccb)
- - - - -
7da254ff by Jeremy Allison at 2023-08-16T08:47:14+00:00
s3: torture: Add a test doing an SMB1 negotiate+exit.
Robert Morris <rtm at lcs.mit.edu> noticed a missing
return in reply_exit_done().
Adds knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15430
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
(Back-ported from commit 63895e03c4e8ed79a3b2cda928f58ec278cd6608)
- - - - -
eb95b15b by Jeremy Allison at 2023-08-16T09:47:59+00:00
s3: smbd: Add missing 'return;'s in exit paths in reply_exit_done().
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15430
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Mon Aug 14 19:52:49 UTC 2023 on atb-devel-224
(cherry picked from commit d79d0508a4b8bdc4582a350d109181ecae0bf1e2)
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Wed Aug 16 09:48:00 UTC 2023 on sn-devel-184
- - - - -
098e5f24 by Jeremy Allison at 2023-08-17T11:26:11+00:00
s3: smbd: init_smb1_request() isn't being passed zero'ed memory from any codepath.
If a client does a SMB1 NEGPROT followed by SMB1 TCON
then req->session is left uninitialized.
Show this causes a crash by deliberately initializing
req->session to an invalid pointer. This will be removed
once the test shows the crash, and the fix is added to
cause init_smb1_request() to zero the memory passed in.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15432
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
(Back-ported from commit f02f74e931f5821c7b7c1be2b8f0fb60c9a69b19)
- - - - -
4f3d61dc by Jeremy Allison at 2023-08-17T11:26:11+00:00
s3: torture: Add SMB1-NEGOTIATE-TCON that shows the SMB1 server crashes on the uninitialized req->session.
Found by Robert Morris <rtm at lcs.mit.edu>.
Adds knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15432
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <nopower at samba.org>
(Back-ported from commit c32df3bb31ce6275cfb91107e34e2d6b3c2fba1b)
- - - - -
fca63c10 by Jeremy Allison at 2023-08-17T12:23:05+00:00
s3: smbd: Ensure init_smb1_request() zeros out what the incoming pointer points to.
Remove the now unneeded req->xxx = NULL assignments (and the
deliberately bogus req->session = (void *)0xDEADBEEF one
used to demonstrate the bug).
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15432
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Tue Aug 15 12:06:36 UTC 2023 on atb-devel-224
(Back-ported from commit 4145bfb1b5a3639caf26a310d612aec29fc00117)
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Thu Aug 17 12:23:05 UTC 2023 on sn-devel-184
- - - - -
133ff9c2 by Andrew Bartlett at 2023-08-21T07:40:16+00:00
s4-rpc_server/drsuapi: Add tmp_highest_usn tracking to replication log
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 0d9ea6c559317e19642662220c089e2d59ef3ecd)
- - - - -
89dfbd8c by Andrew Bartlett at 2023-08-21T07:40:16+00:00
s4-rpc_server/drsuapi: Improve debugging of invalid DNs
This is still unreachable, so but improve the logging
to give more detail in this area anyway.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit d0c1ce53add2fd3b3a4186581f4e214029cbcf1a)
- - - - -
f7b1325b by Andrew Bartlett at 2023-08-21T07:40:16+00:00
s4-rpc_server/drsuapi: Improve debug message for drs_ObjectIdentifier_to_dn_and_nc_root() failure
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit a12bcce89d26ae05bbaeed560cf8fcc7b5bcfdab)
- - - - -
957c7948 by Andrew Bartlett at 2023-08-21T07:40:16+00:00
s4-dsdb: Improve logging for drs_ObjectIdentifier_to_dn_and_nc_root()
At this layer we can make a reasonable assumption about being able
to read ldb_errstring() to print that for extra useful debugging.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 63843a22c8db73d459bee61e73bb1f0d31e3d427)
- - - - -
5bddbe2c by Andrew Bartlett at 2023-08-21T07:40:16+00:00
s4-rpc_server/drsuapi: Remove rudundant check for valid and non-NULL ncRoot_dn
This check was valuable before aee2039e63ceeb5e69a0461fb77e0f18278e4dc4
but now only checks things we know to be true, as the value has come
from Samba via drs_ObjectIdentifier_to_dn_and_nc_root() either on this
or a previous call.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 0550e469eda4022659718ae9a56f5deaa9f9a307)
- - - - -
aa155ccb by Andrew Bartlett at 2023-08-21T07:40:16+00:00
s4-torture/drs: Save the server dnsname on the DcConnection object
This object is used to hold one of many possible connections and
it is helpful for debugging and uniqueness to know which DC is being
connected to.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit c30bb8769ff2c4eba2d8f8a2bd3a56946b7d9d5e)
- - - - -
6442c8c3 by Andrew Bartlett at 2023-08-21T07:40:16+00:00
s4-torture/drs: Create temp OU with a unique name per test
It is always better to keep the testing OUs unique if possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 628eab11b3c2e82875bf602e363b781d3e5eb96d)
- - - - -
fc282cbd by Andrew Bartlett at 2023-08-21T07:40:16+00:00
s4-torture/drs: Use addCleanup() in getchanges.py for OU handling
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 40f831e67e1f312b1db52c74c119899245d03e32)
- - - - -
1f5b6ef9 by Andrew Bartlett at 2023-08-21T07:40:16+00:00
s4-torture/drs: Add a test matching Azure AD Connect REPL_OBJ behaviour
Azure AD Connect will send a GUID but no DummyDN.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit db16366b0bbefcdb91a0b36c903ed63456a081b8)
- - - - -
6452398e by Andrew Bartlett at 2023-08-21T07:40:16+00:00
s4-torture/drs: Add test demonstrating that a GetNCChanges REPL_OBJ will not reset the replication cookie
This demonstrates the behaviour used by the "Azure AD Connect" cloud sync tool.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit b323169d6ff8357f7c999ae346137166c98218ac)
- - - - -
d4927a5d by Andrew Bartlett at 2023-08-21T07:40:16+00:00
s4-torture/drs: Add test showing that if present in the set the NC root leads and tmp_highest_usn moves
The NC root, on any replication when it appears, is the first object to be
replicated, including for all subsequent chunks in the replication.
However the tmp_highest_usn is not updated by that USN, it must
only be updated for the non-NC changes (to match Windows exactly),
or at least only updated with the non-NC changes until it would
naturally appear.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 87414955212143b8502b4c02aca150bc72cb8de5)
- - - - -
35cdcef4 by Andrew Bartlett at 2023-08-21T07:40:16+00:00
s4-rpc_server/drsuapi: Only keep and invalidate replication cycle state for normal replication
This changes the GetNCChanges server to use a per-call state for
extended operations like RID_ALLOC or REPL_OBJ and only maintain
and (more importantly) invalidate the state during normal replication.
This allows REPL_OBJ to be called during a normal replication cycle
that continues using after that call, continuing with the same
highwatermark cookie.
Azure AD will do a sequence of (roughly)
* Normal replication (objects 1..100)
* REPL_OBJ (of 1 object)
* Normal replication (objects 101..200)
However, if there are more than 100 (in this example) objects in the
domain, and the second replication is required, the objects 1..100
are sent, as the replication state was invalidated by the REPL_OBJ call.
RN: Improve GetNChanges to address some (but not all "Azure AD Connect")
syncronisation tool looping during the initial user sync phase.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 99579e706312192f46df33d55949db7f1475d0d0)
- - - - -
c72b5f25 by Andrew Bartlett at 2023-08-21T07:40:16+00:00
s4-rpc_server/drsuapi: Fix indentation in GetNCChanges()
This avoids the indentation correction being in the previous patch.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit fe7418e1765b79f60945b787536b4d84a548fe02)
- - - - -
7c63aa69 by Andrew Bartlett at 2023-08-21T07:40:16+00:00
s4-rpc_server/drsuapi: Avoid modification to ncRoot input variable in GetNCChanges
This tries to avoid it appearing that ncRoot is a value that can
be trusted and used internally by not updating it and instead leaving
it just as an input/echo-back value.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 548f141f11e89d335d8f9d74ab6925fa6b90fb84)
- - - - -
0a269490 by Andrew Bartlett at 2023-08-21T07:40:17+00:00
s4-rpc_server/drsuapi: Rename ncRoot -> untrusted_ncRoot to avoid misuse
Because of the requirement to echo back the original string, we can
not force this to be a trustworthy value.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 2ed9815eeacfcf3a58871bafe0212398cc34c39e)
- - - - -
ee8dafa1 by Andrew Bartlett at 2023-08-21T07:40:17+00:00
s4-rpc_server/drsuapi: Update getnc_state to be != NULL
This is closer to our READDME.Coding style
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 2aba9e230ea62efcbd829f6f073894dfa3180c91)
- - - - -
4ae4d2ac by Andrew Bartlett at 2023-08-21T07:40:17+00:00
s4-rpc_server/drsuapi: Ensure logs show DN for replicated objects, not (null)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15407
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 17359afa627a3086ec8d6862f007a3479574a8b4)
- - - - -
89231620 by Andrew Bartlett at 2023-08-21T08:42:32+00:00
s4-rpc_server/drsupai: Avoid looping with Azure AD Connect by not incrementing temp_highest_usn for the NC root
We send the NC root first, as a special case for every chunk
that we send until the natural point where it belongs.
We do not bump the tmp_highest_usn in the highwatermark that
the client and server use (it is meant to be an opauqe cookie)
until the 'natural' point where the object appears, similar
to the cache for GET_ANC.
The issue is that without this, because the NC root was sorted
first in whatever chunk it appeared in but could have a 'high'
highwatermark, Azure AD Connect will send back the same
new_highwatermark->tmp_highest_usn, and due to a bug,
a zero reserved_usn, which makes Samba discard it.
The reserved_usn is now much less likely to ever be set because
the tmp_higest_usn is now always advancing.
RN: Avoid infinite loop in initial user sync with Azure AD Connect
when synchronising a large Samba AD domain.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 79ca6ef28a6f94965cb030c4a7da8c1b9db7150b)
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Mon Aug 21 08:42:32 UTC 2023 on sn-devel-184
- - - - -
f25b506a by Martin Schwenke at 2023-08-29T09:35:11+00:00
ctdb-build: Use pcap-config when available
The build currently fails on AIX, which can't find the pcap headers
because they're installed in a non-standard place. However, there is
a pcap-config script available.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit a83e9ca696a37b00231ce40cca5a043beb9b5590)
- - - - -
188e949f by Martin Schwenke at 2023-08-29T09:35:11+00:00
ctdb-build: Add --enable-pcap configure option
This forces the use pcap for packet capture on Linux.
It appears that using a raw socket for capture does not work with
infiniband - pcap support for that to come.
Don't (yet?) change the default capture method to pcap. On some
platforms (e.g. my personal Intel NUC, running Debian testing), pcap
is much less reliable than the raw socket. However, pcap seems fine
on most other platforms.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit d1543d5c7889f3ac42f80fc5d1eddf54f9c5d0d6)
- - - - -
027c9ef1 by Martin Schwenke at 2023-08-29T09:35:11+00:00
ctdb-common: Move a misplaced comment
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit c522f4f6045b48bffe47a12a246f356e71fbeec0)
- - - - -
197f86f9 by Martin Schwenke at 2023-08-29T09:35:11+00:00
ctdb-common: Do not use raw socket when ENABLE_PCAP is defined
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit ad445abebdea55f71b0c79eb31c0e6b0aee06763)
- - - - -
98ee0c12 by Martin Schwenke at 2023-08-29T09:35:11+00:00
ctdb-common: Fix a warning in the pcap code
[173/416] Compiling ctdb/common/system_socket.c
../../common/system_socket.c: In function ‘ctdb_sys_read_tcp_packet’:
../../common/system_socket.c:1016:15: error: cast discards ‘const’ qualifier from pointer target type [-Werror=cast-qual]
1016 | eth = (struct ether_header *)buffer;
| ^
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit 8b54587b1aed28aa2f3af7161a077aa9dd83894c)
- - - - -
8c1314aa by Martin Schwenke at 2023-08-29T09:35:11+00:00
ctdb-common: Stop a pcap-related crash on error
errbuf can't be NULL. Might as well use it.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit 40380a8042dfc2efa6f8f06ed7ac86c3c20a343f)
- - - - -
0adfd0cc by Martin Schwenke at 2023-08-29T09:35:11+00:00
ctdb-common: Use pcap_get_selectable_fd()
This is preferred because it will fail for devices that do not support
epoll_wait() and similar.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit 075414dc05455a5cd33a244efd51be60fc294e95)
- - - - -
d37c3d14 by Martin Schwenke at 2023-08-29T09:35:11+00:00
ctdb-common: Improve/add debug
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit 33a80c1d63fd2e6163ef6c704b2e714e71b01384)
- - - - -
f01d53d8 by Martin Schwenke at 2023-08-29T09:35:11+00:00
ctdb-tools: Improve/add debug
In particular, knowing the reason fetching the packet fails can help
with debugging unsupported protocols in the pcap code.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit 5dd964aa0297b6e9ab8e1d0ff9fa0565c97ea43e)
- - - - -
0f3864d7 by Martin Schwenke at 2023-08-29T09:35:11+00:00
ctdb-common: Add packet type detection to pcap-based capture
The current code will almost certainly generate ENOMSG for
non-ethernet packets, even for ethernet packets when the "any"
interface is used.
pcap_datalink(3PCAP) says:
Do NOT assume that the packets for a given capture or ``savefile``
will have any given link-layer header type, such as DLT_EN10MB for
Ethernet. For example, the "any" device on Linux will have a
link-layer header type of DLT_LINUX_SLL or DLT_LINUX_SLL2 even if
all devices on the sys‐ tem at the time the "any" device is opened
have some other data link type, such as DLT_EN10MB for Ethernet.
So, pcap_datalink() must be used.
Detect pcap packet types that are supported (currently only ethernet)
in the open code. There is no use continuing if the read code can't
parse packets. The pattern of using switch statements supports future
addition of other packet types.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit 3bf20300ac5962e71069be3998ef7f0502045d24)
- - - - -
6417651b by Martin Schwenke at 2023-08-29T09:35:11+00:00
ctdb-common: Support "any" interface for pcap-based capture
This uses Linux cooked capture link-layer headers. See:
https://www.tcpdump.org/linktypes/LINKTYPE_LINUX_SLL.html
https://www.tcpdump.org/linktypes/LINKTYPE_LINUX_SLL2.html
The header type needs to be checked to ensure the protocol
type (i.e. ether type, for the protocols we might be interested in) is
meaningful. The size of the header needs to be known so it can be
skipped, allowing the IP header to be found and parsed.
It would be possible to define support for DLT_LINUX_SLL2 if it is
missing. However, if a platform is missing support in the header file
then it is almost certainly missing in the run-time library too.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit e5541a7e0220a88d59d574d501626b0598050c52)
- - - - -
c5bd0b20 by Martin Schwenke at 2023-08-29T09:35:11+00:00
ctdb-common: Support IB in pcap-based capture
Add simple support for IPoIB via DLT_LINUX_SLL and DLT_LINUX_SLL2.
This seems to work, even when an IB interface is specified.
If this is later found to be insufficient, support for DLT_IPOIB can
be implemented. See https://www.tcpdump.org/linktypes.html for a
starting point.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit 9f7d69a05b6114efe18bf4c86ca8de7789e9a96d)
- - - - -
ef212b02 by Martin Schwenke at 2023-08-29T09:35:11+00:00
ctdb-scripts: Add debugging variable CTDB_KILLTCP_DEBUGLEVEL
To debug ctdb_killtcp failures, add
CTDB_KILLTCP_DEBUGLEVEL=DEBUG
to script.options.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Tue Sep 20 11:42:16 UTC 2022 on sn-devel-184
(cherry picked from commit d9dda4b7af284ecbee4d04a89bd16fc0098e2931)
- - - - -
74d43dd3 by Martin Schwenke at 2023-08-29T09:35:11+00:00
ctdb-common: Improve error handling
Factor out a failure label, which will get more use in subsequent
commits, and only set private_data when success is certain.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15451
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit d87041d8968e91db9d257445321b85693303f95e)
- - - - -
bb905f04 by Martin Schwenke at 2023-08-29T09:35:11+00:00
ctdb-common: Replace pcap_open_live() by lower level calls
A subsequent commit will insert an additional call before
pcap_activate().
This sequence of calls is taken from the source for pcap_open_live(),
so there should be no change in behaviour.
Given the defaults set by pcap_create_common(), it would be possible
to omit the calls to pcap_set_promisc() and pcap_set_timeout().
However, those defaults don't seem to be well documented, so continue
to explicitly set everything that was set before.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15451
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit ffc2ae616d8fab7528fbdfd8c6b94c5b9a0e3a7c)
- - - - -
8d1e4f1d by Martin Schwenke at 2023-08-29T10:29:56+00:00
ctdb-common: Set immediate mode for pcap capture
Fix a problem where ctdb_killtcp (almost always) fails to capture
packets with --enable-pcap and libpcap ≥ 1.9.1. The problem is due to
a gradual change in libpcap semantics when using
pcap_get_selectable_fd(3PCAP) to get a file descriptor and then using
that file descriptor in non-blocking mode.
pcap_set_immediate_mode(3PCAP) says:
pcap_set_immediate_mode() sets whether immediate mode should be set
on a capture handle when the handle is activated. In immediate
mode, packets are always delivered as soon as they arrive, with no
buffering.
and
On Linux, with previous releases of libpcap, capture devices are
always in immediate mode; however, in 1.5.0 and later, they are, by
default, not in immediate mode, so if pcap_set_immediate_mode() is
available, it should be used.
However, it wasn't until libpcap commit
2ade7676101366983bd4f86bc039ffd25da8c126 (before libpcap 1.9.1) that
it became a requirement to use pcap_set_immediate_mode(), even with a
timeout of 0.
More explanation in this libpcap issue comment:
https://github.com/the-tcpdump-group/libpcap/issues/860#issuecomment-541204548
Do a configure check for pcap_set_immediate_mode() even though it has
existed for 10 years. It is easy enough.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15451
Signed-off-by: Martin Schwenke <mschwenke at ddn.com>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Tue Aug 15 10:53:52 UTC 2023 on atb-devel-224
(cherry picked from commit dc7b48c404337891b5105df4d6751cf549a533eb)
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Tue Aug 29 10:29:56 UTC 2023 on sn-devel-184
- - - - -
1361e545 by MikeLiu at 2023-09-04T09:35:04+00:00
vfs_aio_pthread: use SMB_VFS_NEXT_OPENAT() in aio_pthread_openat_fn()
1. Set 'aio_allow_open' to false if fsp->fsp_flags.is_pathref
2. Move !(how->flags & O_CREAT) and !(how->flags & O_EXCL) up and set 'aio_allow_open' to false
3. Use SMB_VFS_NEXT_OPENAT() instead of openat() for disable async opens case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15453
Signed-off-by: MikeLiu <mikeliu at qnap.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Aug 22 17:44:00 UTC 2023 on atb-devel-224
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Mon Sep 4 09:35:04 UTC 2023 on sn-devel-184
- - - - -
f8197d65 by Ralph Boehme at 2023-09-05T10:01:13+00:00
mdssvc: better support for search with mdfind from Macs
When searching Samba via Spotlight from a Mac with mdfind, only 50 results are
returned.
It seems the changes for bug #15342 where one step in the right
direction. There, a status indicator meaning "search is still being processed"
was implemented, returning a special status indicator (0x23) in a response, when
the query was still running in the backend, eg Elasticsearch, and we haven't got
any result when when the Mac already comes along asking for results of a query.
Turns out, we should also return 0x23, ie "search is still being processed" when
we have some initial search results from the backend. Otherwise mdfind will stop
querying for more results. It works in Finder, as the Finder by default employs
a "live" search where it just keeps polling for more results even after the
server returned an empty result set. The Finder just keeps on querying in some
interval, typically 4 seconds, and a Mac server Spotlight server might return
new results if new files where created that match the query, hence "live"
search.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15463
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Aug 30 10:51:40 UTC 2023 on atb-devel-224
(cherry picked from commit 3afa27a01ca0b81b0044d5d543a999936582e67a)
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Tue Sep 5 10:01:13 UTC 2023 on sn-devel-184
- - - - -
5046314c by Jule Anger at 2023-09-07T10:59:15+02:00
WHATSNEW: Add release notes for Samba 4.17.11.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
f3e7be14 by Jule Anger at 2023-09-07T10:59:15+02:00
VERSION: Disable GIT_SNAPSHOT for the 4.17.11 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
fb6e5ddd by Michael Tokarev at 2023-09-07T13:47:40+03:00
New upstream version 4.17.11+dfsg
- - - - -
59b0c915 by Michael Tokarev at 2023-09-07T13:48:14+03:00
Update upstream source from tag 'upstream/4.17.11+dfsg'
Update to upstream version '4.17.11+dfsg'
with Debian dir 922115dd38b42989baf004a4e132f7c691f63f41
- - - - -
aabdbd38 by Michael Tokarev at 2023-09-07T13:48:17+03:00
d/control: add -b bookworm to Vcs-Git url
- - - - -
dbfe8fe5 by Michael Tokarev at 2023-09-07T13:49:08+03:00
d/control: fix description of samba-common-bin (samba-client)
- - - - -
06ea94da by Michael Tokarev at 2023-09-10T12:51:08+03:00
update changelog; upload version 4.17.11+dfsg-0+deb12u1 to bookworm
- - - - -
774e0abf by Michael Tokarev at 2023-09-10T14:53:00+03:00
d/salsa-ci.yml: set RELEASE to bookworm
- - - - -
12 changed files:
- VERSION
- WHATSNEW.txt
- ctdb/common/system_socket.c
- ctdb/config/functions
- − ctdb/doc/ctdb-etcd.7
- − ctdb/doc/ctdb-etcd.7.html
- − ctdb/doc/ctdb-script.options.5
- − ctdb/doc/ctdb-script.options.5.html
- − ctdb/doc/ctdb-statistics.7
- − ctdb/doc/ctdb-statistics.7.html
- − ctdb/doc/ctdb-tunables.7
- − ctdb/doc/ctdb-tunables.7.html
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/f0acad66dbebb1060fef7048afc580a11316a4af...774e0abf70e8b82556edb359a0268b4083a4ee2f
--
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/f0acad66dbebb1060fef7048afc580a11316a4af...774e0abf70e8b82556edb359a0268b4083a4ee2f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20230910/9e33f78f/attachment-0001.htm>
More information about the Pkg-samba-maint
mailing list