Karolin Seeger [Wed, 24 Feb 2016 11:22:26 +0000 (12:22 +0100)]
WHATSNEW: Add release notes for Samba 4.2.9.
CVE-2015-7560 Getting and setting Windows ACLs on symlinks can change
permissions on link target.
CVE-2016-0771: Read of uninitialized memory DNS TXT handling
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Garming Sam [Fri, 29 Jan 2016 04:28:54 +0000 (17:28 +1300)]
CVE-2016-0771: tests/dns: Remove dependencies on env variables
Now that it is invoked as a normal script, there should be less of them.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Fri, 29 Jan 2016 04:03:56 +0000 (17:03 +1300)]
CVE-2016-0771: tests/dns: change samba.tests.dns from being a unittest
This makes it easier to invoke, particularly against Windows.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Thu, 21 Jan 2016 22:35:03 +0000 (11:35 +1300)]
CVE-2016-0771: tests: rename test getopt to get_opt
This avoids any conflicts in this directory with the original toplevel
getopt.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 27 Jan 2016 23:54:58 +0000 (12:54 +1300)]
CVE-2016-0771: tests/dns: RPC => DNS roundtrip test
Make sure that TXT entries stored via RPC come out the same in DNS.
This has one caveat in that adding over RPC in Windows eats slashes,
and so fails there.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 27 Jan 2016 23:36:43 +0000 (12:36 +1300)]
CVE-2016-0771: dnsserver: don't force UTF-8 for TXT
While using a charset is not entirely logical, it allows testing of non
UTF-8 data (like inserting 0xFF into the TXT string).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 27 Jan 2016 04:41:44 +0000 (17:41 +1300)]
CVE-2016-0771: tests/dns: modify tests to check via RPC
This checks that TXT records added over DNS, look the same over RPC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Sun, 17 Jan 2016 23:39:46 +0000 (12:39 +1300)]
CVE-2016-0771: tests/dns: Add some more test cases for TXT records
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 20 Jan 2016 21:25:44 +0000 (10:25 +1300)]
CVE-2016-0771: tests/dns: Correct error code for formerly unrun test
Both Samba and Windows returned NXRRSET
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Tue, 15 Dec 2015 04:22:32 +0000 (17:22 +1300)]
CVE-2016-0771: tests/dns: restore formerly segfaulting test
This was on the client side, due the a strlen(NULL) on the previously
DOS-encoded TXT field. With a new IDL structure, this segfault no longer exists.
Note that both Samba and Windows return NXRRSET instead of FORMERR.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Thu, 21 Jan 2016 04:08:18 +0000 (17:08 +1300)]
CVE-2016-0771: tests/dns: Add a comment regarding odd Windows behaviour
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Thu, 21 Jan 2016 02:43:55 +0000 (15:43 +1300)]
CVE-2016-0771: tests/dns: FORMERR can simply timeout against Windows
Two requests with identical parameters which are poorly formatted, can
non-deterministically return FORMERR or simply fail to give a response.
Setting the timeout to a number allows Windows to succeed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Thu, 21 Jan 2016 03:58:40 +0000 (16:58 +1300)]
CVE-2016-0771: tests/dns: prepare script for further testing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 6 Jan 2016 01:12:35 +0000 (14:12 +1300)]
CVE-2016-0771: tests/dns: Modify dns tests to match new IDL
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 7 Aug 2015 09:36:47 +0000 (11:36 +0200)]
CVE-2016-0771: dns.idl: make use of dnsp_hinfo
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 7 Aug 2015 09:36:47 +0000 (11:36 +0200)]
CVE-2016-0771: s4:dns_server: fix idl for dns_txt_record
From RFC 1035:
3.3.14. TXT RDATA format
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
/ TXT-DATA /
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
where:
TXT-DATA One or more <character-string>s.
TXT RRs are used to hold descriptive text. The semantics of the text
depends on the domain where it is found.
Each record contains an array of strings instead of just one string.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 7 Aug 2015 09:36:47 +0000 (11:36 +0200)]
CVE-2016-0771: librpc: add ndr_dnsp_string_list_copy() helper function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 7 Aug 2015 09:36:47 +0000 (11:36 +0200)]
CVE-2016-0771: librpc: add RPC_NDR_DNSSERVER to dcerpc-samba library
RPC_NDR_DNSSERVER is the client interface NDR_DNSP contains just
marshalling helpers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 7 Aug 2015 09:36:47 +0000 (11:36 +0200)]
CVE-2016-0771: s4:librpc: python_dns and python_dcerpc_dnsp doesn't require client bindings
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jeremy Allison [Thu, 7 Jan 2016 22:26:35 +0000 (14:26 -0800)]
CVE-2015-7560: s3: torture3: Add new POSIX-SYMLINK-EA test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Thu, 7 Jan 2016 20:58:34 +0000 (12:58 -0800)]
CVE-2015-7560: s3: torture3: Add new POSIX-SYMLINK-ACL test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Thu, 7 Jan 2016 01:02:52 +0000 (17:02 -0800)]
CVE-2015-7560: s3: libsmb: Add SMB1-only POSIX cli_posix_setacl() functions. Needed for tests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Thu, 7 Jan 2016 01:17:24 +0000 (17:17 -0800)]
CVE-2015-7560: s3: libsmb: Rename cli_posix_getfaclXX() functions to cli_posix_getacl() as they operate on pathnames.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Tue, 5 Jan 2016 19:33:48 +0000 (11:33 -0800)]
CVE-2015-7560: s3: smbd: Refuse to set EA's on a symlink.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Tue, 5 Jan 2016 19:29:38 +0000 (11:29 -0800)]
CVE-2015-7560: s3: smbd: Silently return no EA's available on a symlink.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Tue, 5 Jan 2016 19:05:48 +0000 (11:05 -0800)]
CVE-2015-7560: s3: smbd: Set return values early, allows removal of code duplication.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Tue, 5 Jan 2016 19:24:36 +0000 (11:24 -0800)]
CVE-2015-7560: s3: smbd: Refuse to get a POSIX ACL on a symlink.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Tue, 5 Jan 2016 19:22:12 +0000 (11:22 -0800)]
CVE-2015-7560: s3: smbd: Refuse to set a POSIX ACL on a symlink.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Tue, 5 Jan 2016 18:52:50 +0000 (10:52 -0800)]
CVE-2015-7560: s3: smbd: Refuse to set an ACL from a POSIX file handle on a symlink.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Tue, 5 Jan 2016 18:38:28 +0000 (10:38 -0800)]
CVE-2015-7560: s3: smbd: Refuse to get an ACL from a POSIX file handle on a symlink.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Tue, 5 Jan 2016 19:18:12 +0000 (11:18 -0800)]
CVE-2015-7560: s3: smbd: Add refuse_symlink() function that can be used to prevent operations on a symlink.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Karolin Seeger [Mon, 1 Feb 2016 11:13:45 +0000 (12:13 +0100)]
VERSION: Bump version up to 4.2.9...
and re-enable git snapshots.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
de7ad5d66a757e5b2c1e05ba0d0fe94990430dc2)
Karolin Seeger [Mon, 1 Feb 2016 11:13:06 +0000 (12:13 +0100)]
VERSION: Disable git snapshots for the 4.2.8 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Mon, 1 Feb 2016 11:12:13 +0000 (12:12 +0100)]
WHATSNEW: Add release notes for Samba 4.2.8.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Ralph Boehme [Wed, 20 Jan 2016 16:46:38 +0000 (17:46 +0100)]
s4:torture: add SMB2 test for directory creation initial allocation size
Test that directory creation with an initial allocation size > 0
succeeds.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11684
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sun Jan 24 01:20:52 CET 2016 on sn-devel-144
(cherry picked from commit
cd86f20e245cc1b0cb3be5d6cb1b45c45e2a45a8)
Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Tue Jan 26 23:51:46 CET 2016 on sn-devel-104
Ralph Boehme [Wed, 25 Nov 2015 14:23:26 +0000 (15:23 +0100)]
s3:smbd: Ignore initial allocation size for directory creation
We reject directory creation with an initial allocation size > 0 with
NT_STATUS_ACCESS_DENIED. Windows servers ignore the initial allocation
size on directories.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11684
Pair-Programmed-With: Volker Lendecke <vl@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
78ccbb07170c3e49a084d31434310f973e3d6158)
Uri Simchoni [Wed, 20 Jan 2016 07:34:26 +0000 (09:34 +0200)]
smbcacls: fix uninitialized variable
An uninitialized variable causes "numeric" mode to be
used without the -n option.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11682
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Jan 20 12:12:12 CET 2016 on sn-devel-144
(cherry picked from commit
6cff00954763a7b266db5bab229b989e89abcee0)
Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Thu Jan 21 13:27:02 CET 2016 on sn-devel-104
Christian Ambach [Mon, 4 Jan 2016 22:12:25 +0000 (23:12 +0100)]
s3:smbd/oplock obey kernel oplock setting when releasing oplocks
otherwise smbd asks the kernel to release an oplock that was never requested
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11400
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan 6 08:58:56 CET 2016 on sn-devel-144
(cherry picked from commit
eda6aaf1533b69d093ba67ff5e22fcda0073dd3f)
Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Fri Jan 15 12:43:32 CET 2016 on sn-devel-104
Michael Adam [Wed, 23 Dec 2015 17:01:23 +0000 (18:01 +0100)]
s3:smbd: fix a corner case of the symlink verification
Commit
7606c0db257b3f9d84da5b2bf5fbb4034cc8d77d fixes the
path checks in check_reduced_name[_with_privilege]() to
prevent unintended access via wide links.
The fix fails to correctly treat a corner case where the share
path is "/". This case is important for some real world
scenarios, notably the use of the glusterfs VFS module:
For the share path "/", the newly introduced checks deny all
operations in the share.
This change fixes the checks for the corner case.
The point is that the assumptions on which the original
checks are based are not true for the rootdir "/" case.
This is the case where the rootdir starts _and ends_ with
a slash. Hence a subdirectory does not continue with a
slash after the rootdir, since the candidate path has
been normalized.
This fix just omits the string comparison and the
next character checks in the case of rootdir "/",
which is correct because we know that the candidate
path is normalized and hence starts with a '/'.
The patch is fairly minimal, but changes indentation,
hence best viewed with 'git show -w'.
A side effect is that the rootdir="/" case needs
one strncmp less.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11647
Pair-Programmed-With: Jose A. Rivera <jarrpa@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Jose A. Rivera <jarrpa@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Dec 24 00:57:31 CET 2015 on sn-devel-144
(cherry picked from commit
ada59ec7b3a5ed0478d11da2fe0c90991d137288)
Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Wed Jan 6 12:37:19 CET 2016 on sn-devel-104
Jeremy Allison [Wed, 16 Dec 2015 19:04:20 +0000 (11:04 -0800)]
s3: libsmb: Correctly initialize the list head when keeping a list of primary followed by DFS connections.
Greatly helped by <shargagan@novell.com> to
track down this issue.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11624
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Dec 18 01:02:55 CET 2015 on sn-devel-144
(cherry picked from commit
d7feb1879ee711598540049c2c5eccc80fd6f1e5)
Ralph Boehme [Mon, 24 Aug 2015 15:45:14 +0000 (17:45 +0200)]
vfs_streams_xattr: fix and simplify streams_xattr_get_name()
streams_xattr_get_name() fails to chop off the stream type in case
config->store_stream_type is false and the passed stream name contains a
stream type.
Eg when the passed in stream name is ":mystream:$DATA", but
config->store_stream_type is false, we must generate a xattr name of
"mystream" or "user.mystream".
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11466
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct 16 23:27:01 CEST 2015 on sn-devel-104
(cherry picked from commit
2881679e3ecbaf07cdd82ba65af8d55e5e3be800)
Ralph Boehme [Mon, 24 Aug 2015 15:43:40 +0000 (17:43 +0200)]
vfs_fruit: hide the Netatalk metadata xattr in streaminfo
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11466
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
fedd09662c889fb796135d86836c160171fac68d)
Ralph Boehme [Mon, 24 Aug 2015 15:42:35 +0000 (17:42 +0200)]
vfs_fruit: add and use define for the Netatalk metadata xattr
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11466
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
c8ee1a059b4484575b03ac76b469df85cdabdd9a)
Ralph Boehme [Fri, 18 Dec 2015 16:14:41 +0000 (17:14 +0100)]
s4:torture:vfs_fruit: add test test_read_afpinfo
This works against any SMB server and test basic IO on the AFP_AfpInfo
stream.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
b165d520374cc2ae77acfd813b528e55acfc2f7e)
Ralph Boehme [Sat, 19 Dec 2015 17:44:18 +0000 (18:44 +0100)]
s4:torture:vfs_fruit: add tests for AFP_Resource delete-on-close and eof
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
21d4b5cea8e4dec729912915d60922edaea0f418)
Ralph Boehme [Sat, 19 Dec 2015 17:27:06 +0000 (18:27 +0100)]
vfs_fruit: ignore delete on the AFP_Resource stream
OS X ignores deletes on the AFP_Resource stream. This was discovered by
torture tests against OS X SMB server.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
ee431fc5254dc735662d152dd19a81d439ca5e44)
Ralph Boehme [Sat, 19 Dec 2015 10:10:54 +0000 (11:10 +0100)]
s4:torture:vfs_fruit: update AFP_AfpInfo IO tests
When reading from the AFP_AfpInfo stream, OS X ignores the offset from
the request and always reads from offset=0.
The offset bounds check has a off-by-1 bug in OS X, so a request
offset=60 (AFP_AfpInfo stream has a ficed size of 60 bytes), len=1
returns 1 byte from offset 0 insteaf of returning 0.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
decde0b4812eba5f80b717fd2ae868558a022753)
Ralph Boehme [Sat, 19 Dec 2015 10:06:19 +0000 (11:06 +0100)]
vfs_fruit: fix offset and len handling for AFP_AfpInfo stream
When reading from the AFP_AfpInfo stream, OS X ignores the offset from
the request and always reads from offset=0.
The offset bounds check has a off-by-1 bug in OS X, so a request
offset=60 (AFP_AfpInfo stream has a ficed size of 60 bytes), len=1
returns 1 byte from offset 0 insteaf of returning 0.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
f569fd5e44300ab41aa7298b3efdcac99cd330f2)
Ralph Boehme [Sun, 20 Dec 2015 18:55:06 +0000 (19:55 +0100)]
s4:torture:vfs_fruit: test nulling out AFP_AfpInfo stream
This must delete the stream.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
666a55b7060542ef78ff5f22d368f2ebc4c3318f)
Ralph Boehme [Thu, 17 Dec 2015 19:08:35 +0000 (20:08 +0100)]
vfs_fruit: writing all 0 to AFP_AfpInfo stream
When writing all 0 to AFP_AfpInfo stream we can remove the underlying
storage object. This beaviour of OS X SMB server was found with a
torture test.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
e94b17715ea8049df8819b472178170b8e987946)
Ralph Boehme [Thu, 17 Dec 2015 18:47:18 +0000 (19:47 +0100)]
s4:torture:vfs_fruit: add tests for AFP_AfpInfo delete-on-close and eof
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
e5588b463ee77aac3b396774e68c10b13a9f6f04)
Ralph Boehme [Mon, 14 Dec 2015 15:09:54 +0000 (16:09 +0100)]
vfs_fruit: handling of ftruncate() on AFP_AfpInfo stream
With help of some torture tests I verified the following behaviour of OS
X SMB server:
* ftruncate AFP_AfpInfo stream > 60 bytes results in an error
NT_STATUS_ALLOTTED_SPACE_EXCEEDED
* ftruncate AFP_AfpInfo stream <=60 returns success but has no effect
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
4024153894a07b7b1115dbe1699cba94fee13f23)
Ralph Boehme [Sun, 20 Dec 2015 17:42:23 +0000 (18:42 +0100)]
s4:torture:vfs_fruit: file without AFP_AfpInfo
Opening the AFP_AfpInfo on a file that doesn't have that stream must
return ENOENT.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
6f8c188dfc81a6d22bd54f248327b787e0b48f09)
Ralph Boehme [Thu, 17 Dec 2015 19:05:04 +0000 (20:05 +0100)]
vfs_fruit: stat AFP_AfpInfo must fail when it doesn't exist
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
0af7bf4249419ff7c88c5beece915db0a3697b72)
Ralph Boehme [Fri, 11 Dec 2015 16:27:50 +0000 (17:27 +0100)]
vfs_fruit: fix some debug messages
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
748adea77f95d7d6114f96b7850f384b77d6f7d2)
Ralph Boehme [Thu, 17 Dec 2015 18:16:43 +0000 (19:16 +0100)]
s3:lib/errmap_unix: map EOVERFLOW to NT_STATUS_ALLOTTED_SPACE_EXCEEDED
vfs_fruit returns the correct error NT_STATUS_ALLOTTED_SPACE_EXCEEDED
when an attempt is made to extend the AFP_AfpInfo stream beyond 60
bytes.
This will be used in a subsequent commit in vfs_fruit.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
1650e793edb42b07501d7467aa64c80eacf33eb6)
Ralph Boehme [Sat, 19 Dec 2015 17:56:24 +0000 (18:56 +0100)]
s4:torture:vfs_fruit: fix flakey test_write_atalk_rfork_io with OS X
Adjust desired_access to prevent flaky test with OS X SMB server.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
ba00884e8a67420cf8d6c2530a778b9cee6e86b8)
Ralph Boehme [Fri, 18 Dec 2015 16:25:07 +0000 (17:25 +0100)]
s4:torture:vfs_fruit: fix test_rename_dir_openfile() to work with OS X
OS X allows renaming of directories with open files regardless of AAPL
negotiation. Samba will only allow this after negotiating AAPL.
The first check in this test is that renaming fails without AAPL, so
skip this test if the server is OS X.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
363260983f7ec85ecd3a2b35e6b07eeb5416bdc5)
Ralph Boehme [Fri, 18 Dec 2015 16:23:40 +0000 (17:23 +0100)]
s4:torture:vfs_fruit: fix test_aapl() to work with OS X
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
0fc2ed8f01f2e510ee58ad2ea9209d2fec10fd3f)
Ralph Boehme [Fri, 18 Dec 2015 16:24:12 +0000 (17:24 +0100)]
s4:torture:vfs_fruit: skip test_stream_names() without "localdir"
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
56bf27667cc8f2fad0cad96d796bdd2f172326a8)
Ralph Boehme [Fri, 18 Dec 2015 16:22:32 +0000 (17:22 +0100)]
s4:torture:vfs_fruit: skip test_adouble_conversion() without "localdir"
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
987e12b7a7518e498c47dd8dfee32aed148f8cd7)
Ralph Boehme [Fri, 18 Dec 2015 16:10:18 +0000 (17:10 +0100)]
s4:torture:vfs_fruit: skip test test_read_atalk_metadata() without "localdir" and rename it
The test is Netatalk specific. Skip the test if "localdir" is not
specified.
Use torture_assert() to check the result from check_stream().
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
0a9a7c21073227c539fc1ced331e837c1c1f4bc4)
Ralph Boehme [Fri, 18 Dec 2015 16:18:41 +0000 (17:18 +0100)]
s4:torture:vfs_fruit: add explicit cleanup of testfiles
smb2_deltree() doesn't work with OS X (looks like OS X doesn't handle
FILE_NON_DIRECTORY_FILE correctly). As a workaround, use explicit
cleanup of all testfiles and directories.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
155397e83173e13baebfc507ad9659d0ed213b5b)
Ralph Boehme [Fri, 18 Dec 2015 16:08:32 +0000 (17:08 +0100)]
s4:torture:vfs_fruit: add --option=torture:osx for enable_aapl()
Check if the server is OS X and don't check the AAPL context size if it
is.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
3c0ac9b3899aa06315e592253c858f31d4bd2ae3)
Ralph Boehme [Thu, 17 Dec 2015 18:22:12 +0000 (19:22 +0100)]
s4:torture:vfs_fruit: enhance check_stream
Don't sleep when create fails and use torture_ macros.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
fdf937e77da29ec47002855db69d9e3f95005479)
Ralph Boehme [Thu, 17 Dec 2015 15:51:10 +0000 (16:51 +0100)]
s4:torture:vfs_fruit: use AFPINFO_STREAM_NAME
I got erratic results from OS X SMB server with AFPINFO_STREAM
(":AFP_AfpInfo:$DATA") in some tests. Using AFPINFO_STREAM_NAME
(just the ":AFP_AfpInfo" part) instead fixed this.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
8694da43442abe3ae6ac3b6a16c524e455ae1a65)
Ralph Boehme [Thu, 17 Dec 2015 12:31:12 +0000 (13:31 +0100)]
s4:torture:vfs_fruit: tweak check_stream_list()
Modify check_stream_list() to open the basefile (or directory) itself
insteaf of having the callers pass in a filehandle. Removes some code
duplication in the callers.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
8e0cf77ee230c0eaef01a2dc2316fc65aabd5a59)
Ralph Boehme [Sun, 20 Dec 2015 09:18:31 +0000 (10:18 +0100)]
s4:torture:vfs_fruit: rename tree1 -> tree
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
1d13744547474592285eacab84d1217af46e0086)
Ralph Boehme [Sun, 20 Dec 2015 09:16:25 +0000 (10:16 +0100)]
s4:torture:vfs_fruit: remove unused tree2
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
9d28f82484e8b34c8d8f35f596fdb63614b103d2)
Karolin Seeger [Fri, 11 Dec 2015 09:23:28 +0000 (10:23 +0100)]
docs: Fix typos in man vfs_gpfs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11641
Duplicate "acl map full control" entry in man vfs_gpfs
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
79df4caed3b819cc1cd67c4033f3ac700086ab99)
Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Fri Dec 18 12:54:37 CET 2015 on sn-devel-104
Ralph Boehme [Wed, 16 Dec 2015 12:13:55 +0000 (13:13 +0100)]
smbd: make "hide dot files" option work with "store dos attributes = yes"
When using "store dos attributes = yes", the function that reads the
attributes from the xattr get_ea_dos_attribute() will overwrite the
attribute previously set for "hide dot files".
According to smb.conf, "store dos attributes = yes" should only
overwrite the "map XXX" options, but not "hide dot files".
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11645
Signed-off-by: Ralph Boehme <slow@samba.org>
Günther Deschner [Tue, 1 Dec 2015 13:39:37 +0000 (14:39 +0100)]
lib/async_req: do not install async_connect_send_test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11639
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
632114584d3be0d4660e97a6c9e69e577a7bc1e2)
Jeremy Allison [Tue, 8 Dec 2015 00:32:57 +0000 (16:32 -0800)]
lib/param: add a fixed unified lpcfg_string_{free,set,set_upper}() infrastructure
This reduces the memory footprint of empty string options.
smbd -d1 -i with 1400 shares in smb.conf under x64 valgrind massif before this
patch has 7,703,392 bytes peak memory consumption and after this patch
3,321,200 bytes.
This fixes a regression introduced by commit
2dd7c890792cf12049ec13b88aa4e9de23035f9d.
BUG:
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11625
Back-port of commit
a84eed532549c1dbad43f963838bc5f13c4fe68d
from master.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Sat, 28 Nov 2015 18:26:47 +0000 (19:26 +0100)]
s4:torture:vfs_fruit: add a test for POSIX rename
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11065
Signed-off-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
0f0693d0fa5fa991bb573525f332eba5ceb6ece6)
Ralph Boehme [Thu, 22 Jan 2015 09:07:56 +0000 (10:07 +0100)]
vfs_fruit: enable POSIX directory rename semantics
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11065
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
1d7bef5a75403f5baec13aa6264dfe763a4b278a)
Ralph Boehme [Wed, 25 Nov 2015 08:12:55 +0000 (09:12 +0100)]
vfs_fruit: add a flag that tracks whether use of AAPL was negotiated
Add a flag that tracks whether use of AAPL was negotiated, ensuring we
don't enable AAPL features for clients that didn't negotiate it.
Torture test that need AAPL must call the new function enable_aapl().
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11065
Signed-off-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
89a7394d679b383920d73fef0d178b8f84bc393f)
Ralph Boehme [Thu, 22 Jan 2015 09:00:15 +0000 (10:00 +0100)]
s3:smbd: file_struct: seperate POSIX directory rename cap from POSIX open
We need more fine grained control over which POSIX semantics we'd like
to enable per file handle. Currently POSIX_FLAGS_OPEN is a kitchensink
for all kinds of stuff like:
- POSIX unlink
- POSIX byte-range locks
- POSIX rename
- delayed writetime update
- more...
For CIFS UNIX extensions we use POSIX_FLAGS_ALL so semantics are
preserved. OS X clients will enable POSIX rename via AAPL.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11065
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
bf1957584e341473edcd5025b7f77766440d408b)
Ralph Boehme [Fri, 27 Nov 2015 17:29:55 +0000 (18:29 +0100)]
s3:smbd: convert file_struct.posix_open to a bitmap with flags
This is in preperation of a more fine grained control of POSIX behaviour
in the SMB and VFS layers.
Inititally we use an uint8_t for the flags bitmap and add a define
posix_flags as posix_open in order to avoid breaking the VFS ABI.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11065
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
d698cec1c7e700e57cab46d33df0dde13303b318)
Karolin Seeger [Wed, 16 Dec 2015 11:32:20 +0000 (12:32 +0100)]
VERSION: Bump version up to 4.2.8...
and re-enable git snapshots.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Wed, 16 Dec 2015 11:31:26 +0000 (12:31 +0100)]
Merge tag 'samba-4.2.7' into v4-2-test
samba: tag release samba-4.2.7
Karolin Seeger [Fri, 11 Dec 2015 11:00:51 +0000 (12:00 +0100)]
Fix bug #11394 - Crash: Bad talloc magic value - access after free
Karolin Seeger [Thu, 10 Dec 2015 11:49:10 +0000 (12:49 +0100)]
VERSION: Disable git snapshots for the 4.2.7 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 10 Dec 2015 11:24:44 +0000 (12:24 +0100)]
WHATSNEW: Add release notes for Samba 4.2.7.
This is a security to address CVE-2015-3223, CVE-2015-5252,
CVE-2015-5299, CVE-2015-5296, CVE-2015-8467, CVE-2015-5330.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Andrew Bartlett [Wed, 18 Nov 2015 04:36:21 +0000 (17:36 +1300)]
CVE-2015-8467: samdb: Match MS15-096 behaviour for userAccountControl
Swapping between account types is now restricted
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11552
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Wed, 30 Sep 2015 19:23:25 +0000 (21:23 +0200)]
CVE-2015-5296: libcli/smb: make sure we require signing when we demand encryption on a session
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 30 Sep 2015 19:17:02 +0000 (21:17 +0200)]
CVE-2015-5296: s3:libsmb: force signing when requiring encryption in SMBC_server_internal()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 30 Sep 2015 19:17:02 +0000 (21:17 +0200)]
CVE-2015-5296: s3:libsmb: force signing when requiring encryption in do_connect()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Fri, 23 Oct 2015 21:54:31 +0000 (14:54 -0700)]
CVE-2015-5299: s3-shadow-copy2: fix missing access check on snapdir
Fix originally from <partha@exablox.com>
https://bugzilla.samba.org/show_bug.cgi?id=11529
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Jeremy Allison [Thu, 9 Jul 2015 17:58:11 +0000 (10:58 -0700)]
CVE-2015-5252: s3: smbd: Fix symlink verification (file access outside the share).
Ensure matching component ends in '/' or '\0'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11395
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Tue, 8 Dec 2015 09:55:42 +0000 (10:55 +0100)]
ldb: bump version of the required system ldb to 1.1.24
This is needed to ensure we build against a system ldb library that
contains the fixes for CVE-2015-5330 and CVE-2015-3223.
autobuild must still be able to build against the older version
1.1.20 including the patches.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11325
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11636
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Douglas Bagnall [Wed, 25 Nov 2015 22:17:11 +0000 (11:17 +1300)]
CVE-2015-5330: ldb_dn_explode: copy strings by length, not terminators
That is, memdup(), not strdup(). The terminators might not be there.
But, we have to make sure we put the terminator on, because we tend to
assume the terminator is there in other places.
Use talloc_set_name_const() on the resulting chunk so talloc_report()
remains unchanged.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Pair-programmed-with: Stefan Metzmacher <metze@samba.org>
Pair-programmed-with: Ralph Boehme <slow@samba.org>
Douglas Bagnall [Tue, 24 Nov 2015 00:54:09 +0000 (13:54 +1300)]
CVE-2015-5330: next_codepoint_handle_ext: don't short-circuit UTF16 low bytes
UTF16 contains zero bytes when it is encoding ASCII (for example), so we
can't assume the absense of the 0x80 bit means a one byte encoding. No
current callers use UTF16.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Douglas Bagnall [Tue, 24 Nov 2015 00:49:09 +0000 (13:49 +1300)]
CVE-2015-5330: strupper_talloc_n_handle(): properly count characters
When a codepoint eats more than one byte we really want to know,
especially if the string is not NUL terminated.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Douglas Bagnall [Tue, 24 Nov 2015 00:47:16 +0000 (13:47 +1300)]
CVE-2015-5330: Fix handling of unicode near string endings
Until now next_codepoint_ext() and next_codepoint_handle_ext() were
using strnlen(str, 5) to determine how much string they should try to
decode. This ended up looking past the end of the string when it was not
null terminated and the final character looked like a multi-byte encoding.
The fix is to let the caller say how long the string can be.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Douglas Bagnall [Tue, 24 Nov 2015 00:09:36 +0000 (13:09 +1300)]
CVE-2015-5330: ldb_dn_escape_value: use known string length, not strlen()
ldb_dn_escape_internal() reports the number of bytes it copied, so
lets use that number, rather than using strlen() and hoping a zero got
in the right place.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Douglas Bagnall [Tue, 24 Nov 2015 00:07:23 +0000 (13:07 +1300)]
CVE-2015-5330: ldb_dn: simplify and fix ldb_dn_escape_internal()
Previously we relied on NUL terminated strings and jumped back and
forth between copying escaped bytes and memcpy()ing un-escaped chunks.
This simple version is easier to reason about and works with
unterminated strings. It may also be faster as it avoids reading the
string twice (first with strcspn, then with memcpy).
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 9 Jun 2015 21:00:01 +0000 (14:00 -0700)]
CVE-2015-3223: lib: ldb: Use memmem binary search, not strstr text search.
Values might have embedded zeros.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11325
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 9 Jun 2015 19:42:10 +0000 (12:42 -0700)]
CVE-2015-3223: lib: ldb: Cope with canonicalise_fn returning string "", length 0.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11325
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Karolin Seeger [Mon, 7 Dec 2015 10:17:23 +0000 (11:17 +0100)]
VERSION: Bump version up to 4.2.7...
and re-enable git snapshots.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Mon, 7 Dec 2015 10:16:44 +0000 (11:16 +0100)]
VERSION: Disable git snapshots for the 4.2.6 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>