git.samba.org - samba.git/log

WHATSNEW: Add release notes for Samba 4.2.9.

CVE-2015-7560 Getting and setting Windows ACLs on symlinks can change
permissions on link target.
CVE-2016-0771: Read of uninitialized memory DNS TXT handling

Signed-off-by: Karolin Seeger <kseeger@samba.org>

CVE-2016-0771: tests/dns: Remove dependencies on env variables

Now that it is invoked as a normal script, there should be less of them.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2016-0771: tests/dns: change samba.tests.dns from being a unittest

This makes it easier to invoke, particularly against Windows.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2016-0771: tests: rename test getopt to get_opt

This avoids any conflicts in this directory with the original toplevel
getopt.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2016-0771: tests/dns: RPC => DNS roundtrip test

Make sure that TXT entries stored via RPC come out the same in DNS.

This has one caveat in that adding over RPC in Windows eats slashes,
and so fails there.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2016-0771: dnsserver: don't force UTF-8 for TXT

While using a charset is not entirely logical, it allows testing of non
UTF-8 data (like inserting 0xFF into the TXT string).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2016-0771: tests/dns: modify tests to check via RPC

This checks that TXT records added over DNS, look the same over RPC.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2016-0771: tests/dns: Add some more test cases for TXT records

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2016-0771: tests/dns: Correct error code for formerly unrun test

Both Samba and Windows returned NXRRSET

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2016-0771: tests/dns: restore formerly segfaulting test

This was on the client side, due the a strlen(NULL) on the previously
DOS-encoded TXT field. With a new IDL structure, this segfault no longer exists.
Note that both Samba and Windows return NXRRSET instead of FORMERR.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2016-0771: tests/dns: Add a comment regarding odd Windows behaviour

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2016-0771: tests/dns: FORMERR can simply timeout against Windows

Two requests with identical parameters which are poorly formatted, can
non-deterministically return FORMERR or simply fail to give a response.

Setting the timeout to a number allows Windows to succeed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2016-0771: tests/dns: prepare script for further testing

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2016-0771: tests/dns: Modify dns tests to match new IDL

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2016-0771: dns.idl: make use of dnsp_hinfo

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2016-0771: s4:dns_server: fix idl for dns_txt_record

From RFC 1035:

    3.3.14. TXT RDATA format

        +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
        /                   TXT-DATA                    /
        +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

    where:

    TXT-DATA        One or more <character-string>s.

    TXT RRs are used to hold descriptive text.  The semantics of the text
    depends on the domain where it is found.

Each record contains an array of strings instead of just one string.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2016-0771: librpc: add ndr_dnsp_string_list_copy() helper function

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2016-0771: librpc: add RPC_NDR_DNSSERVER to dcerpc-samba library

RPC_NDR_DNSSERVER is the client interface NDR_DNSP contains just
marshalling helpers.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2016-0771: s4:librpc: python_dns and python_dcerpc_dnsp doesn't require client bindings

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2015-7560: s3: torture3: Add new POSIX-SYMLINK-EA test.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

CVE-2015-7560: s3: torture3: Add new POSIX-SYMLINK-ACL test.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

CVE-2015-7560: s3: libsmb: Add SMB1-only POSIX cli_posix_setacl() functions. Needed for tests.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

CVE-2015-7560: s3: libsmb: Rename cli_posix_getfaclXX() functions to cli_posix_getacl() as they operate on pathnames.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

CVE-2015-7560: s3: smbd: Refuse to set EA's on a symlink.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

CVE-2015-7560: s3: smbd: Silently return no EA's available on a symlink.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

CVE-2015-7560: s3: smbd: Set return values early, allows removal of code duplication.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

CVE-2015-7560: s3: smbd: Refuse to get a POSIX ACL on a symlink.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

CVE-2015-7560: s3: smbd: Refuse to set a POSIX ACL on a symlink.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

CVE-2015-7560: s3: smbd: Refuse to set an ACL from a POSIX file handle on a symlink.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

CVE-2015-7560: s3: smbd: Refuse to get an ACL from a POSIX file handle on a symlink.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

CVE-2015-7560: s3: smbd: Add refuse_symlink() function that can be used to prevent operations on a symlink.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

VERSION: Bump version up to 4.2.9...

and re-enable git snapshots.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit de7ad5d66a757e5b2c1e05ba0d0fe94990430dc2)

VERSION: Disable git snapshots for the 4.2.8 release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

WHATSNEW: Add release notes for Samba 4.2.8.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

s4:torture: add SMB2 test for directory creation initial allocation size

Test that directory creation with an initial allocation size > 0
succeeds.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11684

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sun Jan 24 01:20:52 CET 2016 on sn-devel-144

(cherry picked from commit cd86f20e245cc1b0cb3be5d6cb1b45c45e2a45a8)

Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Tue Jan 26 23:51:46 CET 2016 on sn-devel-104

s3:smbd: Ignore initial allocation size for directory creation

We reject directory creation with an initial allocation size > 0 with
NT_STATUS_ACCESS_DENIED. Windows servers ignore the initial allocation
size on directories.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11684

Pair-Programmed-With: Volker Lendecke <vl@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 78ccbb07170c3e49a084d31434310f973e3d6158)

smbcacls: fix uninitialized variable

An uninitialized variable causes "numeric" mode to be
used without the -n option.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11682

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Jan 20 12:12:12 CET 2016 on sn-devel-144

(cherry picked from commit 6cff00954763a7b266db5bab229b989e89abcee0)

Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Thu Jan 21 13:27:02 CET 2016 on sn-devel-104

s3:smbd/oplock obey kernel oplock setting when releasing oplocks

otherwise smbd asks the kernel to release an oplock that was never requested

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11400

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan 6 08:58:56 CET 2016 on sn-devel-144

(cherry picked from commit eda6aaf1533b69d093ba67ff5e22fcda0073dd3f)

Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Fri Jan 15 12:43:32 CET 2016 on sn-devel-104

s3:smbd: fix a corner case of the symlink verification

Commit 7606c0db257b3f9d84da5b2bf5fbb4034cc8d77d fixes the
path checks in check_reduced_name[_with_privilege]() to
prevent unintended access via wide links.

The fix fails to correctly treat a corner case where the share
path is "/". This case is important for some real world
scenarios, notably the use of the glusterfs VFS module:

For the share path "/", the newly introduced checks deny all
operations in the share.

This change fixes the checks for the corner case.
The point is that the assumptions on which the original
checks are based are not true for the rootdir "/" case.
This is the case where the rootdir starts _and ends_ with
a slash. Hence a subdirectory does not continue with a
slash after the rootdir, since the candidate path has
been normalized.

This fix just omits the string comparison and the
next character checks in the case of rootdir "/",
which is correct because we know that the candidate
path is normalized and hence starts with a '/'.

The patch is fairly minimal, but changes indentation,
hence best viewed with 'git show -w'.

A side effect is that the rootdir="/" case needs
one strncmp less.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11647

Pair-Programmed-With: Jose A. Rivera <jarrpa@samba.org>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Jose A. Rivera <jarrpa@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Dec 24 00:57:31 CET 2015 on sn-devel-144

(cherry picked from commit ada59ec7b3a5ed0478d11da2fe0c90991d137288)

Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Wed Jan 6 12:37:19 CET 2016 on sn-devel-104

s3: libsmb: Correctly initialize the list head when keeping a list of primary followed by DFS connections.

Greatly helped by <shargagan@novell.com> to
track down this issue.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11624

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Dec 18 01:02:55 CET 2015 on sn-devel-144

(cherry picked from commit d7feb1879ee711598540049c2c5eccc80fd6f1e5)

vfs_streams_xattr: fix and simplify streams_xattr_get_name()

streams_xattr_get_name() fails to chop off the stream type in case
config->store_stream_type is false and the passed stream name contains a
stream type.

Eg when the passed in stream name is ":mystream:$DATA", but
config->store_stream_type is false, we must generate a xattr name of
"mystream" or "user.mystream".

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11466

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct 16 23:27:01 CEST 2015 on sn-devel-104

(cherry picked from commit 2881679e3ecbaf07cdd82ba65af8d55e5e3be800)

vfs_fruit: hide the Netatalk metadata xattr in streaminfo

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11466

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit fedd09662c889fb796135d86836c160171fac68d)

vfs_fruit: add and use define for the Netatalk metadata xattr

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11466

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit c8ee1a059b4484575b03ac76b469df85cdabdd9a)

s4:torture:vfs_fruit: add test test_read_afpinfo

This works against any SMB server and test basic IO on the AFP_AfpInfo
stream.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit b165d520374cc2ae77acfd813b528e55acfc2f7e)

s4:torture:vfs_fruit: add tests for AFP_Resource delete-on-close and eof

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 21d4b5cea8e4dec729912915d60922edaea0f418)

vfs_fruit: ignore delete on the AFP_Resource stream

OS X ignores deletes on the AFP_Resource stream. This was discovered by
torture tests against OS X SMB server.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit ee431fc5254dc735662d152dd19a81d439ca5e44)

s4:torture:vfs_fruit: update AFP_AfpInfo IO tests

When reading from the AFP_AfpInfo stream, OS X ignores the offset from
the request and always reads from offset=0.

The offset bounds check has a off-by-1 bug in OS X, so a request
offset=60 (AFP_AfpInfo stream has a ficed size of 60 bytes), len=1
returns 1 byte from offset 0 insteaf of returning 0.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit decde0b4812eba5f80b717fd2ae868558a022753)

vfs_fruit: fix offset and len handling for AFP_AfpInfo stream

When reading from the AFP_AfpInfo stream, OS X ignores the offset from
the request and always reads from offset=0.

The offset bounds check has a off-by-1 bug in OS X, so a request
offset=60 (AFP_AfpInfo stream has a ficed size of 60 bytes), len=1
returns 1 byte from offset 0 insteaf of returning 0.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit f569fd5e44300ab41aa7298b3efdcac99cd330f2)

s4:torture:vfs_fruit: test nulling out AFP_AfpInfo stream

This must delete the stream.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 666a55b7060542ef78ff5f22d368f2ebc4c3318f)

vfs_fruit: writing all 0 to AFP_AfpInfo stream

When writing all 0 to AFP_AfpInfo stream we can remove the underlying
storage object. This beaviour of OS X SMB server was found with a
torture test.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit e94b17715ea8049df8819b472178170b8e987946)

s4:torture:vfs_fruit: add tests for AFP_AfpInfo delete-on-close and eof

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit e5588b463ee77aac3b396774e68c10b13a9f6f04)

vfs_fruit: handling of ftruncate() on AFP_AfpInfo stream

With help of some torture tests I verified the following behaviour of OS
X SMB server:

* ftruncate AFP_AfpInfo stream > 60 bytes results in an error
NT_STATUS_ALLOTTED_SPACE_EXCEEDED

* ftruncate AFP_AfpInfo stream <=60 returns success but has no effect

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 4024153894a07b7b1115dbe1699cba94fee13f23)

s4:torture:vfs_fruit: file without AFP_AfpInfo

Opening the AFP_AfpInfo on a file that doesn't have that stream must
return ENOENT.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 6f8c188dfc81a6d22bd54f248327b787e0b48f09)

vfs_fruit: stat AFP_AfpInfo must fail when it doesn't exist

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 0af7bf4249419ff7c88c5beece915db0a3697b72)

vfs_fruit: fix some debug messages

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 748adea77f95d7d6114f96b7850f384b77d6f7d2)

s3:lib/errmap_unix: map EOVERFLOW to NT_STATUS_ALLOTTED_SPACE_EXCEEDED

vfs_fruit returns the correct error NT_STATUS_ALLOTTED_SPACE_EXCEEDED
when an attempt is made to extend the AFP_AfpInfo stream beyond 60
bytes.

This will be used in a subsequent commit in vfs_fruit.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 1650e793edb42b07501d7467aa64c80eacf33eb6)

s4:torture:vfs_fruit: fix flakey test_write_atalk_rfork_io with OS X

Adjust desired_access to prevent flaky test with OS X SMB server.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit ba00884e8a67420cf8d6c2530a778b9cee6e86b8)

s4:torture:vfs_fruit: fix test_rename_dir_openfile() to work with OS X

OS X allows renaming of directories with open files regardless of AAPL
negotiation. Samba will only allow this after negotiating AAPL.

The first check in this test is that renaming fails without AAPL, so
skip this test if the server is OS X.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 363260983f7ec85ecd3a2b35e6b07eeb5416bdc5)

s4:torture:vfs_fruit: fix test_aapl() to work with OS X

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 0fc2ed8f01f2e510ee58ad2ea9209d2fec10fd3f)

s4:torture:vfs_fruit: skip test_stream_names() without "localdir"

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 56bf27667cc8f2fad0cad96d796bdd2f172326a8)

s4:torture:vfs_fruit: skip test_adouble_conversion() without "localdir"

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 987e12b7a7518e498c47dd8dfee32aed148f8cd7)

s4:torture:vfs_fruit: skip test test_read_atalk_metadata() without "localdir" and rename it

The test is Netatalk specific. Skip the test if "localdir" is not
specified.

Use torture_assert() to check the result from check_stream().

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 0a9a7c21073227c539fc1ced331e837c1c1f4bc4)

s4:torture:vfs_fruit: add explicit cleanup of testfiles

smb2_deltree() doesn't work with OS X (looks like OS X doesn't handle
FILE_NON_DIRECTORY_FILE correctly). As a workaround, use explicit
cleanup of all testfiles and directories.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 155397e83173e13baebfc507ad9659d0ed213b5b)

s4:torture:vfs_fruit: add --option=torture:osx for enable_aapl()

Check if the server is OS X and don't check the AAPL context size if it
is.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 3c0ac9b3899aa06315e592253c858f31d4bd2ae3)

s4:torture:vfs_fruit: enhance check_stream

Don't sleep when create fails and use torture_ macros.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit fdf937e77da29ec47002855db69d9e3f95005479)

s4:torture:vfs_fruit: use AFPINFO_STREAM_NAME

I got erratic results from OS X SMB server with AFPINFO_STREAM
(":AFP_AfpInfo:$DATA") in some tests. Using AFPINFO_STREAM_NAME
(just the ":AFP_AfpInfo" part) instead fixed this.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 8694da43442abe3ae6ac3b6a16c524e455ae1a65)

s4:torture:vfs_fruit: tweak check_stream_list()

Modify check_stream_list() to open the basefile (or directory) itself
insteaf of having the callers pass in a filehandle. Removes some code
duplication in the callers.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 8e0cf77ee230c0eaef01a2dc2316fc65aabd5a59)

s4:torture:vfs_fruit: rename tree1 -> tree

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 1d13744547474592285eacab84d1217af46e0086)

s4:torture:vfs_fruit: remove unused tree2

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 9d28f82484e8b34c8d8f35f596fdb63614b103d2)

docs: Fix typos in man vfs_gpfs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11641
Duplicate "acl map full control" entry in man vfs_gpfs

Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 79df4caed3b819cc1cd67c4033f3ac700086ab99)

Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Fri Dec 18 12:54:37 CET 2015 on sn-devel-104

smbd: make "hide dot files" option work with "store dos attributes = yes"

When using "store dos attributes = yes", the function that reads the
attributes from the xattr get_ea_dos_attribute() will overwrite the
attribute previously set for "hide dot files".

According to smb.conf, "store dos attributes = yes" should only
overwrite the "map XXX" options, but not "hide dot files".

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11645

Signed-off-by: Ralph Boehme <slow@samba.org>

lib/async_req: do not install async_connect_send_test.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11639

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 632114584d3be0d4660e97a6c9e69e577a7bc1e2)

lib/param: add a fixed unified lpcfg_string_{free,set,set_upper}() infrastructure

This reduces the memory footprint of empty string options.

smbd -d1 -i with 1400 shares in smb.conf under x64 valgrind massif before this
patch has 7,703,392 bytes peak memory consumption and after this patch
3,321,200 bytes.

This fixes a regression introduced by commit
2dd7c890792cf12049ec13b88aa4e9de23035f9d.

BUG:

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11625

Back-port of commit a84eed532549c1dbad43f963838bc5f13c4fe68d
from master.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s4:torture:vfs_fruit: add a test for POSIX rename

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11065

Signed-off-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 0f0693d0fa5fa991bb573525f332eba5ceb6ece6)

vfs_fruit: enable POSIX directory rename semantics

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11065

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 1d7bef5a75403f5baec13aa6264dfe763a4b278a)

vfs_fruit: add a flag that tracks whether use of AAPL was negotiated

Add a flag that tracks whether use of AAPL was negotiated, ensuring we
don't enable AAPL features for clients that didn't negotiate it.

Torture test that need AAPL must call the new function enable_aapl().

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11065

Signed-off-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 89a7394d679b383920d73fef0d178b8f84bc393f)

s3:smbd: file_struct: seperate POSIX directory rename cap from POSIX open

We need more fine grained control over which POSIX semantics we'd like
to enable per file handle. Currently POSIX_FLAGS_OPEN is a kitchensink
for all kinds of stuff like:

- POSIX unlink
- POSIX byte-range locks
- POSIX rename
- delayed writetime update
- more...

For CIFS UNIX extensions we use POSIX_FLAGS_ALL so semantics are
preserved. OS X clients will enable POSIX rename via AAPL.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11065

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit bf1957584e341473edcd5025b7f77766440d408b)

s3:smbd: convert file_struct.posix_open to a bitmap with flags

This is in preperation of a more fine grained control of POSIX behaviour
in the SMB and VFS layers.

Inititally we use an uint8_t for the flags bitmap and add a define
posix_flags as posix_open in order to avoid breaking the VFS ABI.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11065

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit d698cec1c7e700e57cab46d33df0dde13303b318)

VERSION: Bump version up to 4.2.8...

and re-enable git snapshots.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

Merge tag 'samba-4.2.7' into v4-2-test

samba: tag release samba-4.2.7

Fix bug #11394 - Crash: Bad talloc magic value - access after free

VERSION: Disable git snapshots for the 4.2.7 release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

WHATSNEW: Add release notes for Samba 4.2.7.

This is a security to address CVE-2015-3223, CVE-2015-5252,
CVE-2015-5299, CVE-2015-5296, CVE-2015-8467, CVE-2015-5330.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

CVE-2015-8467: samdb: Match MS15-096 behaviour for userAccountControl

Swapping between account types is now restricted

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11552

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

CVE-2015-5296: libcli/smb: make sure we require signing when we demand encryption on a session

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

CVE-2015-5296: s3:libsmb: force signing when requiring encryption in SMBC_server_internal()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

CVE-2015-5296: s3:libsmb: force signing when requiring encryption in do_connect()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

CVE-2015-5299: s3-shadow-copy2: fix missing access check on snapdir

Fix originally from <partha@exablox.com>

https://bugzilla.samba.org/show_bug.cgi?id=11529

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

CVE-2015-5252: s3: smbd: Fix symlink verification (file access outside the share).

Ensure matching component ends in '/' or '\0'.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11395

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

ldb: bump version of the required system ldb to 1.1.24

This is needed to ensure we build against a system ldb library that
contains the fixes for CVE-2015-5330 and CVE-2015-3223.

autobuild must still be able to build against the older version
1.1.20 including the patches.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11325
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11636

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

CVE-2015-5330: ldb_dn_explode: copy strings by length, not terminators

That is, memdup(), not strdup(). The terminators might not be there.

But, we have to make sure we put the terminator on, because we tend to
assume the terminator is there in other places.

Use talloc_set_name_const() on the resulting chunk so talloc_report()
remains unchanged.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Pair-programmed-with: Stefan Metzmacher <metze@samba.org>
Pair-programmed-with: Ralph Boehme <slow@samba.org>

CVE-2015-5330: next_codepoint_handle_ext: don't short-circuit UTF16 low bytes

UTF16 contains zero bytes when it is encoding ASCII (for example), so we
can't assume the absense of the 0x80 bit means a one byte encoding. No
current callers use UTF16.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

CVE-2015-5330: strupper_talloc_n_handle(): properly count characters

When a codepoint eats more than one byte we really want to know,
especially if the string is not NUL terminated.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

CVE-2015-5330: Fix handling of unicode near string endings

Until now next_codepoint_ext() and next_codepoint_handle_ext() were
using strnlen(str, 5) to determine how much string they should try to
decode. This ended up looking past the end of the string when it was not
null terminated and the final character looked like a multi-byte encoding.
The fix is to let the caller say how long the string can be.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

CVE-2015-5330: ldb_dn_escape_value: use known string length, not strlen()

ldb_dn_escape_internal() reports the number of bytes it copied, so
lets use that number, rather than using strlen() and hoping a zero got
in the right place.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

CVE-2015-5330: ldb_dn: simplify and fix ldb_dn_escape_internal()

Previously we relied on NUL terminated strings and jumped back and
forth between copying escaped bytes and memcpy()ing un-escaped chunks.
This simple version is easier to reason about and works with
unterminated strings. It may also be faster as it avoids reading the
string twice (first with strcspn, then with memcpy).

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

CVE-2015-3223: lib: ldb: Use memmem binary search, not strstr text search.

Values might have embedded zeros.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11325

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

CVE-2015-3223: lib: ldb: Cope with canonicalise_fn returning string "", length 0.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11325

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

VERSION: Bump version up to 4.2.7...

and re-enable git snapshots.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

VERSION: Disable git snapshots for the 4.2.6 release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>