Karolin Seeger [Fri, 18 Sep 2020 10:58:56 +0000 (12:58 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.11.13 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Fri, 18 Sep 2020 10:56:10 +0000 (12:56 +0200)]
WHATSNEW: Add release notes for Samba 4.11.13.
CVE-2020-1472: Samba impact of "ZeroLogon".
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Gary Lockyer [Fri, 18 Sep 2020 03:57:34 +0000 (15:57 +1200)]
CVE-2020-1472(ZeroLogon): s4 torture rpc: repeated bytes in client challenge
Ensure that client challenges with the first 5 bytes identical are
rejected.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
[abartlet@samba.org: backported from master as test order was flipped]
Gary Lockyer [Fri, 18 Sep 2020 00:39:54 +0000 (12:39 +1200)]
CVE-2020-1472(ZeroLogon): s4 torture rpc: Test empty machine acct pwd
Ensure that an empty machine account password can't be set by
netr_ServerPasswordSet2
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Stefan Metzmacher [Thu, 17 Sep 2020 15:27:54 +0000 (17:27 +0200)]
CVE-2020-1472(ZeroLogon): docs-xml: document 'server require schannel:COMPUTERACCOUNT'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 17 Sep 2020 12:42:52 +0000 (14:42 +0200)]
CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: log warnings about unsecure configurations
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 17 Sep 2020 12:23:16 +0000 (14:23 +0200)]
CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: support "server require schannel:WORKSTATION$ = no"
This allows to add expections for individual workstations, when using "server schannel = yes".
"server schannel = auto" is very insecure and will be removed soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 17 Sep 2020 12:57:22 +0000 (14:57 +0200)]
CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: refactor dcesrv_netr_creds_server_step_check()
We should debug more details about the failing request.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 17 Sep 2020 11:37:26 +0000 (13:37 +0200)]
CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: log warnings about unsecure configurations
This should give admins wawrnings until they have a secure
configuration.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 16 Sep 2020 08:56:53 +0000 (10:56 +0200)]
CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: support "server require schannel:WORKSTATION$ = no"
This allows to add expections for individual workstations, when using "server schannel = yes".
"server schannel = auto" is very insecure and will be removed soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 16 Sep 2020 08:18:45 +0000 (10:18 +0200)]
CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: refactor dcesrv_netr_creds_server_step_check()
We should debug more details about the failing request.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Jeremy Allison [Wed, 16 Sep 2020 19:53:50 +0000 (12:53 -0700)]
CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: protect netr_ServerPasswordSet2 against unencrypted passwords
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Jeremy Allison [Wed, 16 Sep 2020 19:48:21 +0000 (12:48 -0700)]
CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Fix mem leak onto p->mem_ctx in error path of _netr_ServerPasswordSet2().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Jeremy Allison <jra@samba.org>
[dbagnall@samba.org, abartlet@samba.org: adapt for indentation
changes]
Stefan Metzmacher [Wed, 16 Sep 2020 17:20:25 +0000 (19:20 +0200)]
CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: protect netr_ServerPasswordSet2 against unencrypted passwords
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 16 Sep 2020 14:17:29 +0000 (16:17 +0200)]
CVE-2020-1472(ZeroLogon): libcli/auth: reject weak client challenges in netlogon_creds_server_init()
This implements the note from MS-NRPC 3.1.4.1 Session-Key Negotiation:
7. If none of the first 5 bytes of the client challenge is unique, the
server MUST fail session-key negotiation without further processing of
the following steps.
It lets ./zerologon_tester.py from
https://github.com/SecuraBV/CVE-2020-1472.git
report: "Attack failed. Target is probably patched."
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 16 Sep 2020 14:15:26 +0000 (16:15 +0200)]
CVE-2020-1472(ZeroLogon): libcli/auth: add netlogon_creds_is_random_challenge() to avoid weak values
This is the check Windows is using, so we won't generate challenges,
which are rejected by Windows DCs (and future Samba DCs).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 16 Sep 2020 14:10:53 +0000 (16:10 +0200)]
CVE-2020-1472(ZeroLogon): s4:rpc_server:netlogon: make use of netlogon_creds_random_challenge()
This is not strictly needed, but makes things more clear.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 16 Sep 2020 14:10:53 +0000 (16:10 +0200)]
CVE-2020-1472(ZeroLogon): s3:rpc_server:netlogon: make use of netlogon_creds_random_challenge()
This is not strictly needed, but makes things more clear.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 16 Sep 2020 14:08:38 +0000 (16:08 +0200)]
CVE-2020-1472(ZeroLogon): libcli/auth: make use of netlogon_creds_random_challenge() in netlogon_creds_cli.c
This will avoid getting rejected by the server if we generate
a weak challenge.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 16 Sep 2020 14:07:30 +0000 (16:07 +0200)]
CVE-2020-1472(ZeroLogon): s4:torture/rpc: make use of netlogon_creds_random_challenge()
This will avoid getting flakey tests once our server starts to
reject weak challenges.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 16 Sep 2020 14:04:57 +0000 (16:04 +0200)]
CVE-2020-1472(ZeroLogon): libcli/auth: add netlogon_creds_random_challenge()
It's good to have just a single isolated function that will generate
random challenges, in future we can add some logic in order to
avoid weak values, which are likely to be rejected by a server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Karolin Seeger [Tue, 25 Aug 2020 07:46:42 +0000 (09:46 +0200)]
VERSION: Bump version up to 4.11.13...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Tue, 25 Aug 2020 07:45:14 +0000 (09:45 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.11.12 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Tue, 25 Aug 2020 07:44:25 +0000 (09:44 +0200)]
WHATSNEW: Add release notes for Samba 4.11.12.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Christof Schmitt [Fri, 14 Aug 2020 19:18:51 +0000 (12:18 -0700)]
util: Add cmocka unit test for directory_create_or_exists
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14166
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sun Aug 16 07:06:59 UTC 2020 on sn-devel-184
(cherry picked from commit
e89ec78e9a262a6e7bb9082323083eb5f1609655)
Autobuild-User(v4-11-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-11-test): Mon Aug 17 14:27:37 UTC 2020 on sn-devel-184
Christof Schmitt [Fri, 14 Aug 2020 16:36:26 +0000 (09:36 -0700)]
util: Allow symlinks in directory_create_or_exist
Commit
9f60a77e0b updated the check to avoid having files or other
objects instead of a directory. This missed the valid case that there
might be a symlink to a directory. Updated the check accordingly to
allow symlinks to directories.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14166
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
672212cecdd7a7de40acdc81c56e2996ea82c090)
Andrew Bartlett [Sun, 26 Jul 2020 23:37:29 +0000 (11:37 +1200)]
dbcheck: Allow a dangling forward link outside our known NCs
If we do not have the NC of the target object we can not be really sure
that the object is redundent and so we want to keep it for now
and not (as happened until now) break the dbcheck run made during the
replication stage of a "samba-tool domain backup rename".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14450
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit
05228c4e07013c0e6f78f1330b3b787271282ca8)
Autobuild-User(v4-11-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-11-test): Thu Aug 6 13:32:29 UTC 2020 on sn-devel-184
Stefan Metzmacher [Mon, 6 Jul 2020 06:58:22 +0000 (08:58 +0200)]
s3:smbd: check for stale pid in delay_for_oplock_fn() when leases_db_get() fails
If leases_db_get() failed the leases_db record might have been cleaned up for
stale processes. Check if the share-mode-entry owner is stale in this case and
return ignore the entry. In any other case, log a debug messages and panic.
Commit
05d4466a6d1ad048fa86aea09ec0a56a7b961369
"smbd: check for stale pid in get_lease_type()" fixed only one half of
this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 7 02:47:46 UTC 2020 on sn-devel-184
(backported from commit
58adf349edfd3001ad071cc7ed8cfc551f67f8a2)
[metze@samba.org: use share_mode_stale_pid() instead of share_entry_stale_pid()]
[metze@samba.org: use file_id_string_tos() instead of file_id_str_buf()]
Stefan Metzmacher [Mon, 6 Jul 2020 12:03:39 +0000 (14:03 +0200)]
s3:leases: log errors with level 0 in leases_db_do_locked_fn()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
217693682d5bbd0f2d6b5331f47b2a6348840898)
Ralph Boehme [Thu, 2 Jul 2020 12:47:12 +0000 (14:47 +0200)]
smbd: check for stale pid in get_lease_type()
If leases_db_get() failed the leases_db record might have been cleaned up for
stale processes. Check if the share-mode-entry owner is stale in this case and
return a 0 lease state. In any other case, log a debug messages and panic.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jul 2 16:45:42 UTC 2020 on sn-devel-184
(backported from commit
05d4466a6d1ad048fa86aea09ec0a56a7b961369)
[slow@samba.org: use share_mode_stale_pid() instead of share_entry_stale_pid()]
[metze@samba.org: use file_id_string_tos() instead of file_id_str_buf()]
Ralph Boehme [Thu, 2 Jul 2020 12:45:59 +0000 (14:45 +0200)]
smbd: let get_lease_type() take a non-const share_mode_entry
We're going to add a call to share_entry_stale_pid(share_mode_entry) which takes
a non-const pointer (in order to eventually set e->state = true).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(backported from commit
3f4a865821da27efbed4f7c38ad3efbcaae77a02)
[slow@samba.org: get_lease_type() takes arg d in 4.11]
Ralph Boehme [Thu, 2 Jul 2020 12:08:44 +0000 (14:08 +0200)]
smbd: inverse if/else logic in get_lease_type()
No change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(backported from commit
e4328db1c94837a8ea5652971cea20055d3d24ff)
[slow@samba.org: take id from d as it's not passed as arg]
Ralph Boehme [Thu, 2 Jul 2020 12:10:05 +0000 (14:10 +0200)]
s3/leases: log NDR decoding failure with level 0 in leases_db_get_fn()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
383a2457bd6cbe0acd571a8d601f8bdc5365f0b4)
Ralph Boehme [Thu, 2 Jul 2020 12:09:15 +0000 (14:09 +0200)]
smbd: increase loglevel when leases_db_del() with anything then NT_STATUS_NOT_FOUND
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(backported from commit
fbb8bbe1243eb2a0351dc2422929278f85a99e26)
[slow@samba.org: remove_lease_if_stale() does not exist in 4.11]
Andreas Schneider [Fri, 17 Jul 2020 10:14:16 +0000 (12:14 +0200)]
docs: Fix documentation for require_membership_of of pam_winbind.conf
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14358
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
(cherry picked from commit
71b7140fd0a33e7e8c5bf37c2897cea8224b3f01)
Andreas Schneider [Thu, 9 Jul 2020 09:48:26 +0000 (11:48 +0200)]
docs: Fix documentation for require_membership_of of pam_winbind
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14358
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit
4c74db6978c682f8ba4e74a6ee8157cfcbb54971)
Ralph Boehme [Tue, 30 Jun 2020 15:03:05 +0000 (17:03 +0200)]
lib/debug: set the correct default backend loglevel to MAX_DEBUG_LEVEL
This fixed a regression introduced by commit
c83ce5f4f99aef94530411ec82cc03e9935b352d for bug #14345.
The backend loglevel globally restricts logging of a particular backend. If this
value is smaller then any explicitly configured logging class, logging for this
class is skipped.
Eg, given the following logging config in smb.conf:
log level = 1 auth_json_audit:3@/var/log/samba/samba_auth_audit.log
the default class loglevel of 1 (dbgc_config[DBGC_ALL].loglevel) will be
assigned to the backend loglevel.
So even though the logging class auth_json_audit is configured at level 3, this
doesn't become effective as the file backend drops all log messages with a level
below 1.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14426
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jul 2 13:25:29 UTC 2020 on sn-devel-184
(cherry picked from commit
71488b812fe737df2d3439a6ff3f95bb69b4a5bd)
Autobuild-User(v4-11-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-11-test): Thu Jul 9 11:40:15 UTC 2020 on sn-devel-184
Ralph Boehme [Tue, 30 Jun 2020 15:02:07 +0000 (17:02 +0200)]
lib/debug: assert file backend
The debug file backend is a built-in default, if it's missing we're totally
screwed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14426
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
5aeaa6959da326095e98f0369b6d91dc5667415e)
Amit Kumar [Wed, 22 Apr 2020 11:53:42 +0000 (06:53 -0500)]
lib:util: Fix smbclient -l basename dir
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14345
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Amit Kumar <amitkuma@redhat.com>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit
c83ce5f4f99aef94530411ec82cc03e9935b352d)
Amit Kumar [Wed, 22 Apr 2020 11:53:33 +0000 (06:53 -0500)]
Add a test for smbclient -l basename
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14345
Signed-off-by: Amit Kumar <amitkuma@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit
2a7fc40fb3f3ca994cecad3e2957433d7a411208)
Andrew [Tue, 30 Jun 2020 10:54:06 +0000 (06:54 -0400)]
s3:winbind:idmap_ad - make failure to get attrnames for schema mode fatal
Add check for failure to resolve the OID array for the schema mode into
names.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14425
Signed-off-by: Andrew <awalker@ixsystems.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
b5b801026edd3a8fd8d0ba1752e891453cf675c9)
Günther Deschner [Thu, 2 Jul 2020 16:56:20 +0000 (18:56 +0200)]
lib/util: do not install "test_util_paths"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14370
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Autobuild-User(v4-11-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-11-test): Tue Jul 7 08:16:40 UTC 2020 on sn-devel-184
Andrew Bartlett [Wed, 1 Jul 2020 02:31:54 +0000 (14:31 +1200)]
selftest: Run test of how userPassword / crypt() style passwords are stored in quicktest
This ensures that the crypt_r()/crypt_rn()/crypt() behaviour is tested in all
the samba-o3 builds and so is checked on RHEL7 in GitLab CI.
https://bugzilla.samba.org/show_bug.cgi?id=14424
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit
cabf873b75b1d4d456190358bc3ed051bca16978)
Autobuild-User(v4-11-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-11-test): Mon Jul 6 15:10:27 UTC 2020 on sn-devel-184
Andrew Bartlett [Wed, 1 Jul 2020 02:30:24 +0000 (14:30 +1200)]
selftest: Split samba.tests.samba_tool.user_virtualCryptSHA into GPG and not GPG parts
This allows the userPassword (not GPG) part of the test to run on hosts without
python3-gpg (eg RHEL7) while still testing the userPassword handling.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14424
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit
2c4ecf002a3fbbe8be061814468529c8bd6bb7aa)
Andrew Bartlett [Wed, 1 Jul 2020 02:35:39 +0000 (14:35 +1200)]
dsdb: Allow "password hash userPassword schemes = CryptSHA256" to work on RHEL7
On RHEL7 crypt_r() will set errno. This is a problem because the implementation of crypt_r()
in RHEL8 and elsewhere in libcrypt will return non-NULL but set errno on failure.
The workaround is to use crypt_rn(), provided only by libcrypt, which will return NULL
on failure, and so avoid checking errno in the non-failure case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14424
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit
91453f110fa72062291eb59ad9d95fab0f423557)
Bjoern Jacke [Mon, 29 Jun 2020 12:00:46 +0000 (12:00 +0000)]
util: fix build on AIX by fixing the order of replace.h include
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14422
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
d93a6d2663a25bca072cd5623aea16e21ed650b8)
Martin Schwenke [Fri, 5 Jun 2020 12:05:42 +0000 (22:05 +1000)]
util: Reallocate larger buffer if getpwuid_r() returns ERANGE
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Bjoern Jacke <bjacke@samba.org>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Jun 9 21:07:24 UTC 2020 on sn-devel-184
(cherry picked from commit
ddac6b2eb4adaec8fc5e25ca07387d2b9417764c)
Martin Schwenke [Fri, 5 Jun 2020 11:52:23 +0000 (21:52 +1000)]
util: Fix build on FreeBSD by avoiding NSS_BUFLEN_PASSWD
NSS_BUFLEN_PASSWD is not defined on FreeBSD. Use
sysconf(_SC_GETPW_R_SIZE_MAX) instead, as per POSIX.
Use a dynamically allocated buffer instead of trying to cram all of
the logic into the declarations. This will come in useful later
anyway.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Bjoern Jacke <bjacke@samba.org>
(cherry picked from commit
847208cd8ac68c4c7d1dae63767820db1c69292b)
Martin Schwenke [Tue, 9 Jun 2020 01:52:50 +0000 (11:52 +1000)]
util: Simplify input validation
It appears that snprintf(3) is being used for input validation.
However, this seems like overkill because it causes szPath to be
copied an extra time. The mostly likely protections being sought
here, according to https://cwe.mitre.org/data/definitions/20.html,
look to be DoS attacks involving CPU and memory usage. A simpler
check that uses strnlen(3) can mitigate against both of these and is
simpler.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Bjoern Jacke <bjacke@samba.org>
(cherry picked from commit
922bce2668994dd2a5988c17060f977e9bb0c229)
Jeremy Allison [Tue, 30 Jun 2020 21:00:41 +0000 (14:00 -0700)]
s3: libsmb: Fix SMB2 client rename bug to a Windows server.
Fix bug where renaming to a target name of one
UCS2 character (name length 2 bytes) fails to
a Windows 10 SMB2 server.
The Windows 10 SMB2 server has a minimum length
for a SMB2_FILE_RENAME_INFORMATION buffer of
24 bytes. It returns NT_STATUS_INFO_LENGTH_MISMATCH
if the length is less. This isn't an alignment
issue as Windows client happily 2-byte align
for larget target name sizes. Also the Windows 10
SMB1 server doesn't have this restriction.
If the name length is too short, pad out with
zeros to 24 bytes.
Hard to add a test for this as we don't want to
add this silly restriction to the Samba server
as it would break all non-Windows clients.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14403
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jul 1 18:59:53 UTC 2020 on sn-devel-184
(cherry picked from commit
f59490dc2d07107d32d6e888f2814011ab2845b7)
Karolin Seeger [Thu, 2 Jul 2020 09:04:19 +0000 (11:04 +0200)]
VERSION: Bump version up to 4.11.12.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 2 Jul 2020 09:03:55 +0000 (11:03 +0200)]
Merge tag 'samba-4.11.11' into v4-11-test
samba: tag release samba-4.11.11
Karolin Seeger [Wed, 1 Jul 2020 08:14:05 +0000 (10:14 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.11.11 release.
This is a security release in order to address the following CVEs:
o CVE-2020-10730: NULL pointer de-reference and use-after-free in Samba AD DC
LDAP Server with ASQ, VLV and paged_results.
o CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume
excessive CPU.
o CVE-2020-10760: LDAP Use-after-free in Samba AD DC Global Catalog with
paged_results and VLV.
o CVE-2020-14303: Empty UDP packet DoS in Samba AD DC nbtd.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Wed, 1 Jul 2020 08:13:42 +0000 (10:13 +0200)]
Add release notes for Samba 4.11.11.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Andrew Bartlett [Mon, 8 Jun 2020 04:32:14 +0000 (16:32 +1200)]
CVE-2020-10760 dsdb: Add tests for paged_results and VLV over the Global Catalog port
This should avoid a regression.
(backported from master patch)
[abartlet@samba.org: sort=True parameter on test_paged_delete_during_search
is not in 4.11]
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 5 Jun 2020 10:14:48 +0000 (22:14 +1200)]
CVE-2020-10760 dsdb: Ensure a proper talloc tree for saved controls
Otherwise a paged search on the GC port will fail as the ->data was
not kept around for the second page of searches.
An example command to produce this is
bin/ldbsearch --paged -H ldap://$SERVER:3268 -U$USERNAME%$PASSWORD
This shows up later in the partition module as:
ERROR: AddressSanitizer: heap-use-after-free on address 0x60b00151ef20 at pc 0x7fec3f801aac bp 0x7ffe8472c270 sp 0x7ffe8472c260
READ of size 4 at 0x60b00151ef20 thread T0 (ldap(0))
#0 0x7fec3f801aab in talloc_chunk_from_ptr ../../lib/talloc/talloc.c:526
#1 0x7fec3f801aab in __talloc_get_name ../../lib/talloc/talloc.c:1559
#2 0x7fec3f801aab in talloc_check_name ../../lib/talloc/talloc.c:1582
#3 0x7fec1b86b2e1 in partition_search ../../source4/dsdb/samdb/ldb_modules/partition.c:780
or
smb_panic_default: PANIC (pid 13287): Bad talloc magic value - unknown value
(from source4/dsdb/samdb/ldb_modules/partition.c:780)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14402
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Wed, 24 Jun 2020 02:27:08 +0000 (14:27 +1200)]
CVE-2020-14303: s4 nbt: fix busy loop on empty UDP packet
An empty UDP packet put the nbt server into a busy loop that consumes
100% of a cpu.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14417
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Wed, 24 Jun 2020 23:59:54 +0000 (11:59 +1200)]
CVE-2020-14303 Ensure an empty packet will not DoS the NBT server
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 14 May 2020 22:52:45 +0000 (10:52 +1200)]
CVE-2020-10745: ndr/dns-utils: prepare for NBT compatibility
NBT has a funny thing where it sometimes needs to send a trailing dot as
part of the last component, because the string representation is a user
name. In DNS, "example.com", and "example.com." are the same, both
having three components ("example", "com", ""); in NBT, we want to treat
them differently, with the second form having the three components
("example", "com.", "").
This retains the logic of
e6e2ec0001fe3c010445e26cc0efddbc1f73416b.
Also DNS compression cannot be turned off for NBT.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Douglas Bagnall [Thu, 14 May 2020 12:06:08 +0000 (00:06 +1200)]
CVE-2020-10745: dns_util/push: forbid names longer than 255 bytes
As per RFC 1035.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Douglas Bagnall [Fri, 24 Apr 2020 23:10:18 +0000 (11:10 +1200)]
CVE-2020-10745: ndr_dns: do not allow consecutive dots
The empty subdomain component is reserved for the root domain, which we
should only (and always) see at the end of the list. That is, we expect
"example.com.", but never "example..com".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Douglas Bagnall [Fri, 24 Apr 2020 23:03:30 +0000 (11:03 +1200)]
CVE-2020-10745: ndr/dns_utils: correct a comment
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Douglas Bagnall [Fri, 24 Apr 2020 23:02:08 +0000 (11:02 +1200)]
CVE-2020-10745: ndr_dns: move ndr_push_dns_string core into sharable function
This is because ndr_nbt.c does almost exactly the same thing with
almost exactly the same code, and they both do it wrong. Soon they
will both be using the better version that this will become. Though in
this patch we just move the code, not fix it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Douglas Bagnall [Fri, 12 Jun 2020 02:26:38 +0000 (14:26 +1200)]
CVE-2020-10745: librpc/tests: cmocka tests of dns and ndr strings
These time the push and pull function in isolation.
Timing should be under 0.0001 seconds on even quite old hardware; we
assert it must be under 0.2 seconds.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378
(backported from master commit)
[abartlet@samba.org: backported due to differences in pre-existing
tests - eg test_ndr - mentioned in wscript_build and tests.py]
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Douglas Bagnall [Thu, 11 Jun 2020 05:38:51 +0000 (17:38 +1200)]
CVE-2020-10745: pytests: hand-rolled invalid dns/nbt packet tests
The client libraries don't allow us to make packets that are broken in
certain ways, so we need to construct them as byte strings.
These tests all fail at present, proving the server is rendered
unresponsive, which is the crux of CVE-2020-10745.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Gary Lockyer [Thu, 21 May 2020 21:52:12 +0000 (09:52 +1200)]
ldb: Bump version to 2.0.12
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Tue, 12 May 2020 22:56:56 +0000 (10:56 +1200)]
CVE-2020-10730: lib ldb: Check if ldb_lock_backend_callback called twice
Prevent use after free issues if ldb_lock_backend_callback is called
twice, usually due to ldb_module_done being called twice. This can happen if a
module ignores the return value from function a function that calls
ldb_module_done as part of it's error handling.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Mon, 18 May 2020 00:37:39 +0000 (12:37 +1200)]
CVE-2020-10730: s4 dsdb vlv_pagination: Prevent repeat call of ldb_module_done
Check the return code from vlv_results, if it is not LDB_SUCCESS
ldb_module_done has already been called, and SHOULD NOT be called again.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Mon, 18 May 2020 00:36:57 +0000 (12:36 +1200)]
CVE-2020-10730: s4 dsdb paged_results: Prevent repeat call of ldb_module_done
Check the return code from paged_results, if it is not LDB_SUCCESS
ldb_module_done has already been called, and SHOULD NOT be called again.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Wed, 6 May 2020 04:18:19 +0000 (16:18 +1200)]
CVE-2020-10730: dsdb: Ban the combination of paged_results and VLV
This (two different paging controls) makes no sense and fails against
Windows Server 1709.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Wed, 6 May 2020 05:05:30 +0000 (17:05 +1200)]
CVE-2020-10730: dsdb: Fix crash when vlv and paged_results are combined
The GUID is not returned in the DN for some reason in this (to be banned)
combination.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Wed, 6 May 2020 04:19:01 +0000 (16:19 +1200)]
CVE-2020-10730: selftest: Add test to show that VLV and paged_results are incompatible
As tested against Windows Server 1709
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Tue, 5 May 2020 04:34:11 +0000 (16:34 +1200)]
CVE-2020-10730: vlv: Another workaround for mixing ASQ and VLV
This is essentially an alternative patch, but without the correct
behaviour. Instead this just avoids a segfault.
Included in case we have something simialr again in
another module.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Tue, 5 May 2020 01:16:48 +0000 (13:16 +1200)]
CVE-2020-10730: selftest: Add test to confirm VLV interaction with ASQ
Tested against Windows 1709.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Tue, 5 May 2020 00:55:57 +0000 (12:55 +1200)]
CVE-2020-10730: vlv: Do not re-ASQ search the results of an ASQ search with VLV
This is a silly combination, but at least try and keep the results sensible
and avoid a double-dereference.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Tue, 5 May 2020 00:54:59 +0000 (12:54 +1200)]
CVE-2020-10730: vlv: Use strcmp(), not strncmp() checking the NULL terminated control OIDs
The end result is the same, as sizeof() includes the trailing NUL, but this
avoids having to think about that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Karolin Seeger [Wed, 24 Jun 2020 10:35:39 +0000 (12:35 +0200)]
VERSION: Bump version up to 4.11.11...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
08a51254198537395e9a6ea7a98fd627a491bf15)
Karolin Seeger [Wed, 24 Jun 2020 10:35:39 +0000 (12:35 +0200)]
VERSION: Bump version up to 4.11.11...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Wed, 24 Jun 2020 10:34:59 +0000 (12:34 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.11.10 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Wed, 24 Jun 2020 10:34:26 +0000 (12:34 +0200)]
WHATSNEW: Add release notes for Samba 4.11.10.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Alexander Bokovoy [Thu, 18 Jun 2020 07:45:41 +0000 (10:45 +0300)]
ldb_ldap: fix off-by-one increment in lldb_add_msg_attr
Fix regression introduced by commit
ce2bf5c72b6423fff680b3d6a9042103a6cdda55
lldb_add_msg_attr() calls ldb_msg_add_empty() which, in turn, calls
calls _ldb_msg_add_el() which already increments msg->num_elements by one.
As a result, msg->num_elements is bigger than the actual number of
elements and any iteration over elements would step over elements array
boundary.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14413
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jun 19 08:35:33 UTC 2020 on sn-devel-184
(cherry picked from commit
990a0fc4a0481aed817fad7575d8df453fbe7af9)
Autobuild-User(v4-11-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-11-test): Wed Jun 24 12:39:28 UTC 2020 on sn-devel-184
Alexander Bokovoy [Thu, 18 Jun 2020 08:49:08 +0000 (11:49 +0300)]
lib/ldb: add unit test for ldb_ldap internal code
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14413
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
36bd6edd8a603f3aa34aff81c43ef26efd3ad4cf)
Jeremy Allison [Mon, 11 May 2020 22:58:27 +0000 (15:58 -0700)]
s3: libsmbclient: Finish unifing bad iconv behavior across CORE NT1 SMB2 protocols.
On bad name conversion, exit the directory listing with an error, but leave the
connection intact. We were already checking for finfo->name == NULL here,
but were ignoring it and not reporting an error.
Remove the knownfail.d/bad_iconv file as we now
behave the same across CORE/NT1/SMB2.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14374
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue May 12 21:32:44 UTC 2020 on sn-devel-184
(cherry picked from commit
393da520e43bd3a28feb231bcd9fd5308a3daa4a)
Autobuild-User(v4-11-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-11-test): Thu Jun 4 11:47:26 UTC 2020 on sn-devel-184
Jeremy Allison [Mon, 11 May 2020 19:23:49 +0000 (12:23 -0700)]
s3: libsmb: In SMB2 return NT_STATUS_INVALID_NETWORK_RESPONSE if name conversion ended up with a NULL filename.
Can happen if namelen == 0.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14374
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
753115a8d19f6ac8cd28305748fc6d888679dccc)
Jeremy Allison [Mon, 11 May 2020 19:34:10 +0000 (12:34 -0700)]
s3: libsmb: In SMB1 old protocol - return NT_STATUS_INVALID_NETWORK_RESPONSE if name conversion ended up with a NULL filename.
Can happen if namelen == 0.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14374
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
b10de0bb64fe022e6b066584013dfb0bdf2ade96)
Jeremy Allison [Mon, 11 May 2020 22:37:00 +0000 (15:37 -0700)]
s3: selftest: Add test_smbclient_iconv.sh to check client behavior on bad name conversion.
SMB2 and NT1 fail this, CORE already returns NT_STATUS_INVALID_NETWORK_RESPONSE
on bad conversion.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14374
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(back-ported from commit
e016671d34c24c4768df774425ec743b88e30015)
Jeremy Allison [Mon, 11 May 2020 21:10:54 +0000 (14:10 -0700)]
s3: selftest: Add share definition [bad_iconv] in fileserver.
Creates a utf8 valid filename within that is invalid in CP850.
Useful to test smbclient list directory character set conversions.
https://bugzilla.samba.org/show_bug.cgi?id=14374
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(back-ported from commit
a9651d6bc2b6dea8adc859ce21c2431253868887)
Volker Lendecke [Fri, 15 May 2020 13:19:45 +0000 (15:19 +0200)]
winbindd: Fix a use-after-free when winbind clients exit
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14382
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue May 19 10:45:06 UTC 2020 on sn-devel-184
(cherry picked from commit
68380ebaa60c64311cc1081f700d571abbf69f4f)
Autobuild-User(v4-11-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-11-test): Fri May 22 14:40:24 UTC 2020 on sn-devel-184
Jeremy Allison [Fri, 15 May 2020 19:18:02 +0000 (12:18 -0700)]
s3: lib: Paranoia around use of snprintf copying into a fixed-size buffer from a getenv() pointer.
Post checks for overflow/error.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon May 18 23:42:57 UTC 2020 on sn-devel-184
(cherry picked from commit
dd1f750293ef4361455a5d5b63fc7a89495715b7)
Andreas Schneider [Wed, 6 May 2020 15:10:51 +0000 (17:10 +0200)]
s3:gencache: Allow to open gencache as read-only
This allows client tools to access the cache for ready-only operations
as a normal user.
Example:
net ads status
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14370
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri May 15 14:40:32 UTC 2020 on sn-devel-184
(cherry picked from commit
04f0c45475de383a0be4ca355ab9aa7784e61c27)
Andreas Schneider [Mon, 11 May 2020 10:50:11 +0000 (12:50 +0200)]
lib:util: Add test for path_expand_tilde()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14370
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(backported from commit
a15bd5493b696c66c6803d8ca65bc13f1cfcdf0a)
Andreas Schneider [Thu, 7 May 2020 10:25:24 +0000 (12:25 +0200)]
lib:util: Add path_expand_tilde()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14370
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
15457254be0ab1235c327bd305dfeee19b2ea7a1)
Andreas Schneider [Tue, 28 Apr 2020 15:25:35 +0000 (17:25 +0200)]
docs-xml: Fix usernames in pam_winbind manpages
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14358
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Apr 29 09:44:55 UTC 2020 on sn-devel-184
(cherry picked from commit
3abd92d7824e803f1ff53425088ebee30b58894b)
Autobuild-User(v4-11-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-11-test): Thu May 14 15:42:16 UTC 2020 on sn-devel-184
Volker Lendecke [Sat, 2 May 2020 13:18:07 +0000 (15:18 +0200)]
libsmb: Protect cli_oem_change_password() from rprcnt<2
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14366
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue May 5 17:12:04 UTC 2020 on sn-devel-184
(cherry picked from commit
f80c97cb8da64f3cd9904e2e1fd43c29b691166d)
Volker Lendecke [Sat, 2 May 2020 13:10:14 +0000 (15:10 +0200)]
libsmb: Protect cli_RNetServerEnum against rprcnt<6
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14366
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
ce8b70df7bd63e96723b8e8dc864f1690f5fad7b)
Volker Lendecke [Sat, 2 May 2020 12:59:07 +0000 (14:59 +0200)]
libsmb: Protect cli_RNetShareEnum() against rprcnt<6
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14366
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
4a9fe4efefa67d6f24efcbe29722a43fc4859fdc)
Volker Lendecke [Sat, 2 May 2020 12:54:01 +0000 (14:54 +0200)]
libsmb: Fix indentation in cli_RNetShareEnum()
Also remove a level of indentation with a "goto done;"
Best review with "git show -b", almost no code change
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14366
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
ae91d67a247424d4ddc89230f52365558d6ff402)
Ralph Boehme [Thu, 23 Apr 2020 14:10:23 +0000 (16:10 +0200)]
vfs_shadow_copy2: implement case canonicalisation in shadow_copy2_get_real_filename()
unix_convert() can't do this for us in snapdirseverywhere mode, so we do it
ourselves.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14350
Signed-off-by: Ralph Boehme <slow@samba.org>
(Similar to commit
a3d1ac2a597e2441d6855db566306298ae5db99b)
Autobuild-User(v4-11-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-11-test): Wed May 13 14:44:57 UTC 2020 on sn-devel-184
Ralph Boehme [Mon, 27 Apr 2020 12:38:28 +0000 (14:38 +0200)]
s3/lib: add is_gmt_token()
This is not present in master as master has been converted to use struct
smb_filename.twrp instead of @GMT string tokens as part of the path.
Signed-off-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Thu, 23 Apr 2020 14:09:16 +0000 (16:09 +0200)]
smbd: make get_real_filename_full_scan() public
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14350
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit
aa5f19ddf1dec1ac4386441929bca94727f30ee6)
[Conflicts: source3/smbd/proto.h: more functions are missing in 4.12]