Stefan Metzmacher [Wed, 24 Mar 2021 09:23:06 +0000 (10:23 +0100)]
ldb: version 2.3.0
o BUG #14595: CVE-2020-27840: Heap corruption via crafted DN strings.
o BUG #14655: CVE-2021-20277: Out of bounds read in AD DC LDAP server.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Tue, 23 Mar 2021 08:29:08 +0000 (09:29 +0100)]
VERSION: Disable GIT_SNAPSHOT for the 4.14.1 release.
o BUG #14595: CVE-2020-27840: Heap corruption via crafted DN strings.
o BUG #14655: CVE-2021-20277: Out of bounds read in AD DC LDAP server.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Tue, 23 Mar 2021 08:28:00 +0000 (09:28 +0100)]
WHATSNEW: Add release notes for Samba 4.14.1.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Douglas Bagnall [Thu, 11 Feb 2021 03:28:43 +0000 (16:28 +1300)]
CVE-2020-27840: pytests: move Dn.validate test to ldb
We had the test in the Samba Python segfault suite because
a) the signal catching infrastructure was there, and
b) the ldb tests lack Samba's knownfail mechanism, which allowed us to
assert the failure.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14595
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 11 Dec 2020 03:32:25 +0000 (16:32 +1300)]
CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode
A DN string with lots of trailing space can cause ldb_dn_explode() to
put a zero byte in the wrong place in the heap.
When a DN string has a value represented with trailing spaces,
like this
"CN=foo ,DC=bar"
the whitespace is supposed to be ignored. We keep track of this in the
`t` pointer, which is NULL when we are not walking through trailing
spaces, and points to the first space when we are. We are walking with
the `p` pointer, writing the value to `d`, and keeping the length in
`l`.
"CN=foo ,DC= " ==> "foo "
^ ^ ^
t p d
--l---
The value is finished when we encounter a comma or the end of the
string. If `t` is not NULL at that point, we assume there are trailing
spaces and wind `d and `l` back by the correct amount. Then we switch
to expecting an attribute name (e.g. "CN"), until we get to an "=",
which puts us back into looking for a value.
Unfortunately, we forget to immediately tell `t` that we'd finished
the last value, we can end up like this:
"CN=foo ,DC= " ==> ""
^ ^ ^
t p d
l=0
where `p` is pointing to a new value that contains only spaces, while
`t` is still referring to the old value. `p` notices the value ends,
and we subtract `p - t` from `d`:
"CN=foo ,DC= " ==> ? ""
^ ^ ^
t p d
l ~= SIZE_MAX - 8
At that point `d` wants to terminate its string with a '\0', but
instead it terminates someone else's byte. This does not crash if the
number of trailing spaces is small, as `d` will point into a previous
value (a copy of "foo" in this example). Corrupting that value will
ultimately not matter, as we will soon try to allocate a buffer `l`
long, which will be greater than the available memory and the whole
operation will fail properly.
However, with more spaces, `d` will point into memory before the
beginning of the allocated buffer, with the exact offset depending on
the length of the earlier attributes and the number of spaces.
What about a longer DN with more attributes? For example,
"CN=foo ,DC= ,DC=example,DC=com" -- since `d` has moved out of
bounds, won't we continue to use it and write more DN values into
mystery memory? Fortunately not, because the aforementioned allocation
of `l` bytes must happen first, and `l` is now huge. The allocation
happens in a talloc_memdup(), which is by default restricted to
allocating 256MB.
So this allows a person who controls a string parsed by ldb_dn_explode
to corrupt heap memory by placing a single zero byte at a chosen
offset before the allocated buffer.
An LDAP bind request can send a string DN as a username. This DN is
necessarily parsed before the password is checked, so an attacker does
not need proper credentials. The attacker can easily cause a denial of
service and we cannot rule out more subtle attacks.
The immediate solution is to reset `t` to NULL when a comma is
encountered, indicating that we are no longer looking at trailing
whitespace.
Found with the help of Honggfuzz.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14595
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 11 Feb 2021 04:05:14 +0000 (17:05 +1300)]
CVE-2020-27840: pytests:segfault: add ldb.Dn validate test
ldb.Dn.validate wraps ldb_dn_explode.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14595
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 8 Dec 2020 08:32:09 +0000 (21:32 +1300)]
CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds
For a string that had N spaces at the beginning, we would
try to move N bytes beyond the end of the string.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14655
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry-picked from commit for master)
Andrew Bartlett [Thu, 11 Mar 2021 22:51:56 +0000 (11:51 +1300)]
CVE-2021-20277 ldb: Remove tests from ldb_match_test that do not pass
This reverts some of the backport of
33a95a1e75b85e9795c4490b78ead2162e2a1f47
This is done here rather than squashed in the cherry-pick of the expanded testsuite
because it allows this commit to be simply reverted for the backport of bug 14044
if this lands first, or to be dropped if bug 14044 lands first.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14655
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Douglas Bagnall [Fri, 5 Mar 2021 07:13:01 +0000 (20:13 +1300)]
CVE-2021-20277 ldb tests: ldb_match tests with extra spaces
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14655
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry-picked from commit for master)
Douglas Bagnall [Fri, 5 Mar 2021 02:47:56 +0000 (15:47 +1300)]
ldb: add tests for ldb_wildcard_compare
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14044
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry-picked from commit
33a95a1e75b85e9795c4490b78ead2162e2a1f47)
Karolin Seeger [Tue, 9 Mar 2021 12:31:47 +0000 (13:31 +0100)]
VERSION: Bump version up to 4.14.1...
and-re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
3fa3608e8f00df81ae7504f26459b42da069d322)
Karolin Seeger [Tue, 9 Mar 2021 12:30:50 +0000 (13:30 +0100)]
VERSION: Bump version up to 4.14.0...
and disable GIT_SNAPSHOT for the release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Tue, 9 Mar 2021 12:27:49 +0000 (13:27 +0100)]
WHATSNEW: Add release notes for Samba 4.14.0.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Tue, 9 Mar 2021 08:18:16 +0000 (09:18 +0100)]
Revert "wscript: use --as-needed only if tested successfully"
This reverts commit
4d1ed9c319deac5cba1682611dcefdf002cb9d48.
Volker Lendecke [Wed, 3 Mar 2021 18:15:31 +0000 (19:15 +0100)]
g_lock: Fix uninitalized variable reads
If dbwrap_watched_watch_recv() returns IO_TIMEOUT, "blockerdead" might
be an uninitialized non-false, and further down we'll remove the wrong
exclusive locker.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14636
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Mar 5 11:22:07 UTC 2021 on sn-devel-184
(cherry picked from commit
654c18a244f060d81280493a324b98602a69dbbf)
Autobuild-User(v4-14-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-14-test): Mon Mar 8 10:58:06 UTC 2021 on sn-devel-184
Volker Lendecke [Wed, 3 Mar 2021 18:19:23 +0000 (19:19 +0100)]
locking: Fix an uninitialized variable read
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14636
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
84b634c613352fc1da8e1525d72597c526d534d2)
Trever L. Adams [Fri, 26 Feb 2021 22:52:03 +0000 (14:52 -0800)]
s3:modules:vfs_virusfilter: Recent talloc changes cause infinite start-up failure
Recent talloc changes cause the current check for failure to allocate to be incorrectly triggered.
This patch checks to see if the original parameter to be checked for NULL if the talloc returns NULL. This allows for rapid passing in the ca
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14634
RN: Fix failure of vfs_virusfilter starting due to talloc changes
Signed-off-by: Trever L. Adams" <trever.adams@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
(cherry picked from commit
5a92810082c9a9d2833946ae0d83ce05a6bde597)
Autobuild-User(v4-14-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-14-test): Fri Mar 5 14:25:49 UTC 2021 on sn-devel-184
Björn Jacke [Tue, 2 Mar 2021 21:47:35 +0000 (22:47 +0100)]
wscript: use --as-needed only if tested successfully
Some OSes like Solaris based OmiOS don't support this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14288
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
996560191ac6bd603901dcd6c0de5d239e019ef4)
Peter Eriksson [Tue, 23 Feb 2021 20:13:37 +0000 (12:13 -0800)]
s3: VFS: nfs4_acls. Add missing TALLOC_FREE(frame) in error path.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14648
Signed-off-by: Peter Eriksson <pen@lysator.liu.se>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Thu Feb 25 20:46:02 UTC 2021 on sn-devel-184
(cherry picked from commit
3d91fe071a29e2e0c54a10ba081a46cb5c324585)
Autobuild-User(v4-14-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-14-test): Wed Mar 3 10:12:36 UTC 2021 on sn-devel-184
Karolin Seeger [Mon, 1 Mar 2021 11:25:31 +0000 (12:25 +0100)]
WHATSNEW: Remove some old stuff.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(v4-14-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-14-test): Mon Mar 1 20:35:12 UTC 2021 on sn-devel-184
Karolin Seeger [Mon, 1 Mar 2021 09:27:24 +0000 (10:27 +0100)]
VERSION: Bump version up to 4.14.0rc5...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Mon, 1 Mar 2021 09:25:56 +0000 (10:25 +0100)]
VERSION: Disable GIT_SNAPSHOT for the 4.14.0rc4 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Mon, 1 Mar 2021 09:25:19 +0000 (10:25 +0100)]
WHATSNEW: Add release notes for Samba 4.14.0rc4.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Ralph Boehme [Mon, 1 Feb 2021 11:37:10 +0000 (12:37 +0100)]
smbd: don't overwrite _mode if neither a msdfs symlink nor get_dosmode is requested
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14629
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
d78964c40b5ca5ee0658c46d492b3dcd6f6b4b94)
Autobuild-User(v4-14-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-14-test): Fri Feb 26 10:00:59 UTC 2021 on sn-devel-184
Ralph Boehme [Mon, 1 Feb 2021 13:44:03 +0000 (14:44 +0100)]
CI: verify a symlink has FILE_ATTRIBUTE_NORMAL set
Not that it really makes sense to set FILE_ATTRIBUTE_NORMAL for symlinks in
POSIX client context, but that's what we had before 4.14.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14629
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
5572ae296e720a00ab438d7b50cfc458af631f69)
Ralph Boehme [Tue, 26 Jan 2021 09:55:42 +0000 (10:55 +0100)]
vfs_aixacl: fix regression from
f4c2f867f035fcbe3d547d5635d058b0aec7636a
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14620
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Jan 26 20:05:39 UTC 2021 on sn-devel-184
(cherry picked from commit
7114150f43751ab869323b91da83705b1e1ab465)
Ralph Boehme [Tue, 26 Jan 2021 14:50:00 +0000 (15:50 +0100)]
vfs: restore platform specific POSIX sys_acl_set_file() functions
92b149954237a445594c993b79a860c63113d54b removed SMB_VFS_SYS_ACL_SET_FILE() and
all the VFS module implementations. But sys_acl_set_file() in vfs_default calls
into sys_acl_set_file() in sysacls.c which calls back into platform specific
modules.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14619
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Jan 28 15:21:02 UTC 2021 on sn-devel-184
(cherry picked from commit
c8c2aef0ac613849d641e39193448f3e512caccf)
Jeremy Allison [Wed, 27 Jan 2021 05:29:58 +0000 (21:29 -0800)]
smbd: In conn_force_tdis_done() when forcing a connection closed force a full reload of services.
Prevents reload_services() caching the fact it might be
called multiple times in a row.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14604
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
e4c8cd0781aef2a29bb4db1314c9fcd4f6edcecd)
Andrew Bartlett [Thu, 10 Dec 2020 03:03:49 +0000 (16:03 +1300)]
dbcheck: Check Deleted Objects and reduce noise in reports about expired tombstones
These reports (about recently deleted objects)
create concern about a perfectly normal part of DB operation.
We must not operate on objects that are expired or we might reanimate them,
but we must fix "Deleted Objects" if it is wrong (mostly it is set as being
deleted in 9999, but in alpha19 we got this wrong).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14593
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Feb 3 05:29:11 UTC 2021 on sn-devel-184
(cherry picked from commit
da627106cdbf8d375b25fa3338a717447f3dbb6e)
Autobuild-User(v4-14-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-14-test): Mon Feb 22 12:00:43 UTC 2021 on sn-devel-184
Andrew Bartlett [Fri, 11 Dec 2020 02:37:04 +0000 (15:37 +1300)]
selftest: Confirm that we fix any errors on the Deleted Objects container itself
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14593
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit
1ec1c35a3ae422720df491f5555c9bc787c9944c)
Ralph Boehme [Tue, 16 Feb 2021 13:24:05 +0000 (14:24 +0100)]
printing: use correct error out in get_correct_cversion() when openat_pathref_fsp() fails
Fixes a regression introduced by
a74f0af1a91fe0bbc68e4d41d65f43ec383ae8bf: if
there's no existing file, openat_pathref_fsp() will fail with
NT_STATUS_OBJECT_NAME_NOT_FOUND which must be handled the same way it is done by
the SMB_VFS_CREATE_FILE() call below.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14635
RN: Printerdriver upload 4.14rc1 not working
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Feb 17 19:53:00 UTC 2021 on sn-devel-184
(cherry picked from commit
718f7b1a84f1c6eb35d52232a8573370f45add56)
Ralph Boehme [Tue, 16 Feb 2021 13:23:02 +0000 (14:23 +0100)]
printing: use correct error out in file_version_is_newer() when openat_pathref_fsp() fails
Fixes a regression introduced by
ef5e913bca584f0232d5bfff14df4ccba2dda35c: if
there's no existing file, openat_pathref_fsp() will fail with
NT_STATUS_OBJECT_NAME_NOT_FOUND which must be handled the same way it is done by
the SMB_VFS_CREATE_FILE() call below.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14635
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
70063c523bff5e471eac2b011b243c5aa0c4bee1)
Ralph Boehme [Tue, 16 Feb 2021 13:19:51 +0000 (14:19 +0100)]
printing: use correct error out in file_version_is_newer() when openat_pathref_fsp() fails
Fixes a regression introduced by
cbe25e1777d0c43c21e8acc2cea79fd03fdaf2ea: if
there's no existing file, openat_pathref_fsp() will fail with
NT_STATUS_OBJECT_NAME_NOT_FOUND which must be handled the same way it is done by
the SMB_VFS_CREATE_FILE() call below.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14635
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
8c1fd86db873f0326faf1cefa731a03709f8ac7f)
Karolin Seeger [Thu, 18 Feb 2021 08:57:15 +0000 (09:57 +0100)]
VERSION: Bump version up to 4.14.0rc4...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 18 Feb 2021 08:56:00 +0000 (09:56 +0100)]
VERSION: Bump version up to 4.14.0rc3.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 18 Feb 2021 08:55:28 +0000 (09:55 +0100)]
WHATSNEW: Add release notes for Samba 4.14.0rc3.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Björn Jacke [Fri, 5 Feb 2021 11:47:01 +0000 (12:47 +0100)]
classicupgrade: treat old never expires value right
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14624
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Feb 10 15:06:49 UTC 2021 on sn-devel-184
(cherry picked from commit
df75d82c9de6977c466ee9f01886cb012a9c5fef)
Autobuild-User(v4-14-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-14-test): Tue Feb 16 18:27:20 UTC 2021 on sn-devel-184
Stefan Metzmacher [Tue, 9 Feb 2021 12:48:36 +0000 (13:48 +0100)]
s3:pysmbd: fix fd leak in py_smbd_create_file()
Various 'samba-tool domain backup' commands use this and will
fail if there's over ~1000 files in the sysvol folder.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13898
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
d8fa464a2dfb11df4e1db4ebffe8bd28ff118c75)
Paul Wise [Mon, 29 Feb 2016 17:58:45 +0000 (11:58 -0600)]
HEIMDAL: krb5_storage_free(NULL) should work
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12505
Signed-off-by: Paul Wise <pabs3@bonedaddy.net>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Original-author: Nicolas Williams <nico@twosigma.com>
(cherry-picked from heimdal commit
b3db07d5f0e03f6a1a0a392e70f9675e19a6d6af)
(cherry picked from commit
f9ed4f7028a5ed29026ac8ef1b47b63755ba98f8)
Andreas Schneider [Tue, 2 Feb 2021 17:10:38 +0000 (18:10 +0100)]
lib:util: Avoid free'ing our own pointer
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14625
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
0bdbe50fac680be3fe21043246b8c75005611351)
Autobuild-User(v4-14-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-14-test): Tue Feb 9 13:31:03 UTC 2021 on sn-devel-184
Andreas Schneider [Wed, 3 Feb 2021 09:37:12 +0000 (10:37 +0100)]
lib:util: Add cache oversize test for memcache
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14625
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
00543ab3b29e3fbfe8314e51919629803e14ede6)
Andreas Schneider [Wed, 3 Feb 2021 09:30:08 +0000 (10:30 +0100)]
lib:util: Add basic memcache unit test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14625
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
bebbf621d6052f797c5cf19a2a9bbc13e699d3f0)
Karolin Seeger [Thu, 4 Feb 2021 08:22:53 +0000 (09:22 +0100)]
VERSION: Bump version up to Samba 4.14.0rc3...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 4 Feb 2021 08:22:08 +0000 (09:22 +0100)]
VERSION: Disable GIT_SNAPSHOT for the 4.14.0rc2 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 4 Feb 2021 08:21:27 +0000 (09:21 +0100)]
WHATSNEW: Add release notes for Samba 4.14.0rc2.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Jeremy Allison [Thu, 28 Jan 2021 19:08:48 +0000 (11:08 -0800)]
s3: libsmb: cli_state_save_tcon(). Don't deepcopy tcon struct when temporarily swapping out a connection on a cli_state.
This used to make a deep copy of either
cli->smb2.tcon or cli->smb1.tcon, but this leaves
the original tcon pointer in place which will then get
TALLOC_FREE()'d when the new tree connection is made on
this cli_state.
As there may be pipes open on the old tree connection with
talloc'ed state allocated using the original tcon pointer as a
talloc parent we can't deep copy and then free this pointer
as that will fire the destructors on the pipe memory and
mark them as not connected.
This call is used to temporarily swap out a tcon pointer
(whilst keeping existing pipes open) to allow a new tcon
on the same cli_state and all users correctly call
cli_state_restore_tcon() once they are finished with
the new tree connection.
Just return the existing pointer and set the old value to NULL.
We know we MUST be calling cli_state_restore_tcon() below
to restore the original tcon tree connection pointer before
closing the session.
Remove the knownfail.d entry.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13992
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Feb 2 21:05:25 UTC 2021 on sn-devel-184
(cherry picked from commit
4f80f5f9046b64a9e5e0503b1cb54f1492c4faec)
Autobuild-User(v4-14-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-14-test): Wed Feb 3 22:32:58 UTC 2021 on sn-devel-184
Jeremy Allison [Fri, 29 Jan 2021 01:35:55 +0000 (17:35 -0800)]
s3: torture: Change the SMB1-only UID-REGRESSION-TEST to do an explicit copy of the tcon struct in use.
For this test only, explicitly copy the SMB1 tcon struct,
don't use cli_state_save_tcon()//cli_state_restore_tcon()
as these calls will soon change to just manipulate the pointer
to avoid TALLOC_FREE() on the tcon struct which calls
destructors on child pipe data.
In SMB1 this test calls cli_tdis() twice with an invalid
vuid and expects the SMB1 tcon struct to be preserved
across the calls.
SMB1 cli_tdis() frees cli->smb1.tcon so we must put back
a deep copy into cli->smb1.tcon to be able to safely call
cli_tdis() again.
This is a test-only hack. Real client code
uses cli_state_save_tcon()/cli_state_restore_tcon()
if it needs to temporarily swap out the active
tcon on a client connection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13992
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
e93e6108837eff0cebad8dc26d055c0e1386093a)
Jeremy Allison [Thu, 28 Jan 2021 18:56:18 +0000 (10:56 -0800)]
s3: smbtorture3: Ensure run_tcon_test() always replaces any saved tcon and shuts down correctly even in error paths.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13992
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
f9ca91bd293e9f2710c4449c5d4f5d016a066049)
Jeremy Allison [Thu, 28 Jan 2021 18:46:33 +0000 (10:46 -0800)]
s3: smbtorture3: Ensure we *always* replace the saved saved_tcon even in an error condition.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13992
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
dc701959cad7bf15aa47cad6451212606520f67f)
Jeremy Allison [Thu, 28 Jan 2021 22:32:53 +0000 (14:32 -0800)]
s3: libsmb: Ensure we disconnect the temporary SMB1 tcon pointer on failure to set up encryption.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13992
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
faba89ad59eaa189f325be17377645862080a965)
Jeremy Allison [Thu, 28 Jan 2021 22:07:23 +0000 (14:07 -0800)]
s3: tests: Add regression test for bug 13992.
Subtle extra test. Mark as knownfail for now.
'^ user1$' must appear MORE THAN ONCE, as it can read more than one
share. The previous test found user1, but only once as the bug only
allows reading the security descriptor for one share, and we were
unlucky that the first share security descriptor returned allows
user1 to read from it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13992
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
068f4a977f0539f790809d580bf22d2362032e3d)
Andreas Schneider [Mon, 1 Feb 2021 11:03:17 +0000 (12:03 +0100)]
s3:smbd: Fix invalid memory access in posix_sys_acl_blob_get_fd()
We are handing down an out of scope buffer.
Found by AddressSanitizer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14627
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
0a93f5367bc55ee14f13da5bdb812333c9d9e9f3)
Stefan Metzmacher [Fri, 20 Nov 2020 09:20:14 +0000 (09:20 +0000)]
script/autobuild.py: let cleanup() ignore errors from rmdir_force() by default
It's not useful to generate a python backtrace from within the cleanup code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14628
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
9883ac45939f253a63f3ff312fc3912c5f02cdac)
Autobuild-User(v4-14-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-14-test): Tue Feb 2 10:29:44 UTC 2021 on sn-devel-184
Stefan Metzmacher [Fri, 20 Nov 2020 09:20:14 +0000 (09:20 +0000)]
script/autobuild.py: split out a rmdir_force() helper function
That also tries to re-add write permissions before removing.
In future we'll have jobs changing there directory to read-only.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14628
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
7a5df2deaaf62a7edd7c64251f75ab15abe94c07)
Stefan Metzmacher [Sun, 22 Nov 2020 22:28:31 +0000 (23:28 +0100)]
selftest: make/use a copy of GNUPGHOME
That makes it possible to run tests from a read only source tree.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14628
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
86343125a55d184c15aa94cd01f4c8893a5a0917)
Stefan Metzmacher [Sun, 22 Nov 2020 21:43:36 +0000 (22:43 +0100)]
s4:selftest: use plansmbtorture4testsuite() for 'rpc.echo'
This makes sure "--basedir=$SELFTEST_TMPDIR" is passed to smbtorture.
Tests should not create files in the build nor the source directory!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14628
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
d06f2c22d726a5ec7bd804d89154ee272ab1a679)
Stefan Metzmacher [Thu, 17 Dec 2020 05:38:14 +0000 (06:38 +0100)]
s3:selftest: run test_smbclient_tarmode.pl with a fixed subdirectory name
$PREFIX is the the value from --with-selftest-prefix.
The result of the test should not depend on --with-selftest-prefix,
the 'long_path' test in particular.
If the path is to long smbclient (via libarchive) will only
put the full path into a PAX HEADER as 'path' keyword,
that's fine in general, modern tools handle it just fine.
But Perl's Archive::Tar don't handle it and only seems
truncated file names.
I have a fix for Archive::Tar, see:
https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=
c75037d0a06a96cdaca3f3b20a6d237e768b075b
But finishing that is a task for another day, for now I just want to remove
the dependency to --with-selftest-prefix.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14628
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
e0d9b656452ba6277cdc7f0abb2a06d3d284ef3a)
Stefan Metzmacher [Mon, 23 Nov 2020 10:35:33 +0000 (11:35 +0100)]
selftest/Samba4: allow get_cmd_env_vars() to take an overwrite dictionary
This way we can use it on even in some special cases, where we combine
variables from multiple environments.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14628
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
568c7d38debaa5ccd90d6ea33c683de512de7005)
Stefan Metzmacher [Mon, 23 Nov 2020 10:35:33 +0000 (11:35 +0100)]
selftest/Samba4: correctly pass KRB5CCNAME to provision
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14628
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
dce0bdc39ebb01ef4f5e35af0552451cfc29fd1b)
Stefan Metzmacher [Mon, 23 Nov 2020 10:35:33 +0000 (11:35 +0100)]
selftest/Samba4: make more use of get_cmd_env_vars()
This simplifies the code a lot and makes it much easier to
add new environment variables in future.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14628
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
15b39160406c3ef49c5f074793d3a55b3bf12e0e)
Stefan Metzmacher [Thu, 17 Dec 2020 09:42:03 +0000 (10:42 +0100)]
selftest:Samba4: avoid File::Path 'make_path' in setup_dns_hub_internal()
While spliting the build and test stages I hit strange permission
problems, when a parent directory is missing,
which can be avoided by using plain mkdir() on each level.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14628
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
719eccd445e9cc56a1c2988c4deeb39d301bcbff)
Stefan Metzmacher [Thu, 19 Nov 2020 16:19:53 +0000 (16:19 +0000)]
selftest: allow a prefix under /m/username/
We only want to match/replace only a '.' pathname component
not any single character pathname compoment!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14628
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
02301222386f2f08631d48d6e88c03cd1439325d)
Stefan Metzmacher [Mon, 23 Nov 2020 09:38:49 +0000 (10:38 +0100)]
Makefile: add support for 'make testonly'
That skips any attempt to recompile before running the tests.
Some times that's useful for debugging and we'll
use it to split the build and test stages in autobuild and gitlab-ci
later.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14628
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
1e4714940211b10ae6574770f15b7c6ed95f5f59)
Stefan Metzmacher [Fri, 23 Oct 2020 10:21:57 +0000 (12:21 +0200)]
s3:idmap_hash: reliable return ID_TYPE_BOTH
idmap_hash used to bounce back the requested type,
which was ID_TYPE_UID, ID_TYPE_GID or ID_TYPE_NOT_SPECIFIED
before as the winbindd parent always used a lookupsids.
When the lookupsids failed because of an unknown domain,
the idmap child weren't requested at all and the caller
sees ID_TYPE_NOT_SPECIFIED.
This module should have supported ID_TYPE_BOTH since
samba-4.1.0, similar to idmap_rid and idmap_autorid.
Now that the winbindd parent will pass ID_TYPE_BOTH in order to
indicate that the domain exists, it's better to always return
ID_TYPE_BOTH instead of a random mix of ID_TYPE_UID, ID_TYPE_GID
or ID_TYPE_BOTH. In order to request a type_hint it will return
ID_REQUIRE_TYPE for ID_TYPE_NOT_SPECIFIED, which means that
the parent at least assures that the domain sid exists.
And the caller still gets ID_TYPE_NOT_SPECIFIED if the
domain doesn't exist.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jan 22 11:32:46 UTC 2021 on sn-devel-184
(cherry picked from commit
d8339056eef2845805f573bd8b0f3323370ecc8f)
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(v4-14-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-14-test): Wed Jan 27 17:06:51 UTC 2021 on sn-devel-184
Ralph Boehme [Sat, 23 Jan 2021 17:36:23 +0000 (18:36 +0100)]
smbd: use fsp->conn->session_info for the initial delete-on-close token
There's a correctly set up session_info at fsp->conn->session_info, we can just
use that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14617
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jan 26 04:04:14 UTC 2021 on sn-devel-184
(cherry picked from commit
e06f86bbd93d024c70016e1adcf833db85742aca)
Ralph Boehme [Mon, 25 Jan 2021 10:48:32 +0000 (11:48 +0100)]
selftest: add a test that verifies unlink works when "force user" is set
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14617
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
aa1f09cda0a097617e34dd0a8b1b0acc7a37bca8)
Ralph Boehme [Mon, 25 Jan 2021 10:47:45 +0000 (11:47 +0100)]
selftest: add force_user_error_inject share in maptoguest env
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14617
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
f3f8fdfbf10f690bc8d972a13d6f74f1fb0fb375)
Ralph Boehme [Mon, 25 Jan 2021 10:46:30 +0000 (11:46 +0100)]
vfs_error_inject: add unlinkat hook
Note that a failure is only injected if the owner of the parent directory is not
the same as the current user.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14617
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
c44dad3ac2eb36fc5eb5a9f80a9ef97183be26ef)
Ralph Boehme [Fri, 15 Jan 2021 11:56:25 +0000 (12:56 +0100)]
s3/auth: implement "winbind:ignore domains"
Under the following conditions a user from an ignored domain might be able to
authenticate:
- using Kerberos
- successfully previous authentication so the idmap and name caches are filled
- winbind not running (fwiw, winbindd is mandatory on a domain member)
- nscd running with a cached getpwnam for the ignored user (otherwise auth fails
because getpwnam fails)
- lookup_name() function being modified to look into the name cache before
contacting winbindd. Currently it talks directly to winbindd and that will
check the cache.
Currently, authentication will only fail because creating the local token for
the user fails because an LSA lookupname RPC call fails (because winbindd is not
running).
All of this makes a successfull authentication unlikelly, but that is more by
accident then by design.
To ensures that if winbindd is not running and as such winbindd itself can not
enforce the restriction, also implement the ignored domains check in the auth
system as a last line of defense.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
RN: "winbind:ignore domains" doesn't prevent user login from trusted domain
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
df5fe2d835169161d3930acf1e9c750dd2bc64b6)
Ralph Boehme [Thu, 14 Jan 2021 09:42:53 +0000 (10:42 +0100)]
winbind: check for allowed domains in winbindd_pam_auth_pac_verify()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
da474ddd13d84f07f5da81c843e651844f33a003)
Ralph Boehme [Mon, 11 Jan 2021 16:59:48 +0000 (17:59 +0100)]
winbind: check for allowed domains in winbindd_dual_pam_chauthtok()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
88e92faace7ec17810903166fa3433aa4842a4e3)
Ralph Boehme [Mon, 11 Jan 2021 16:19:05 +0000 (17:19 +0100)]
winbind: check for allowed domains in winbindd_dual_pam_chng_pswd_auth_crap()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
4bc17600bc50fbc0e54d9d019d8db67001fc3eef)
Ralph Boehme [Mon, 11 Jan 2021 16:10:19 +0000 (17:10 +0100)]
winbind: check for allowed domains in winbindd_dual_pam_auth_crap()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
c17bc9c6115e4e92132f3cb912547eac78227938)
Ralph Boehme [Mon, 11 Jan 2021 15:50:31 +0000 (16:50 +0100)]
winbind: check for allowed domains in winbindd_dual_pam_auth()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
4cefdf03fec91cdcf700922b1a5ceca02407e259)
Ralph Boehme [Mon, 11 Jan 2021 15:15:15 +0000 (16:15 +0100)]
winbind: move "winbind:ignore domain" logic to a seperate function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
894caca79476d25a0268d89b2ad8a5758b7e31f3)
Ralph Boehme [Wed, 13 Jan 2021 10:54:40 +0000 (11:54 +0100)]
selftest: add a test for "winbind:ignore domains"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
32197d21dabecaee9bc1d6cd557578892220fe4c)
Ralph Boehme [Wed, 20 Jan 2021 11:00:16 +0000 (12:00 +0100)]
winbind: handle MSG_SMB_CONF_UPDATED in the winbinds children
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
072ef48001710ed8326c83295f2d3cc301d27cfe)
Ralph Boehme [Wed, 20 Jan 2021 11:27:23 +0000 (12:27 +0100)]
winbind: set logfile after reloading config
lp_load_global() will overwrite whatever we've set with lp_set_logfile().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
0c4497f8c66d0ea7c68d42c19e859932ebc3e2ac)
Ralph Boehme [Wed, 20 Jan 2021 10:17:22 +0000 (11:17 +0100)]
winbind: move config-reloading code to winbindd_dual.c
In preperation of forwarding MSG_SMB_CONF_UPDATED to all childs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
81edc65e79aba121db800ec53aadd766e61a0001)
Ralph Boehme [Thu, 14 Jan 2021 07:14:46 +0000 (08:14 +0100)]
selftest: use correct DNS domain name for wrapper hosts file
For some reason the join fails to register the DNS records when provisioning the
member env:
Using short domain name -- SAMBA2008R2
Joined 'IDMAPADMEMBER' to dns domain 'samba2008r2.example.com'
DNS Update for idmapadmember.samba.example.com failed: ERROR_DNS_UPDATE_FAILED
At the same time the hosts file used by the wrappers contains the wrong fqdn. As
a result the test that the next commit is going do add fails due do the broken
DNS resolution:
...
UNEXPECTED(failure): samba3.blackbox.winbind_ignore_domain.test_winbind_ignore_domains_ok_krb5(ad_member_idmap_ad:local)
REASON: Exception: Exception: do_connect: Connection to idmapadmember.samba2008r2.example.com failed (Error NT_STATUS_UNSUCCESSFUL)
...
Checking DNS in the testenv, first the working record for the main DC:
testenv$ dig @10.53.57.64 dc7.samba2008r2.example.com +short
10.53.57.27
testenv$ bin/samba-tool dns query dc7 samba2008r2.example.com dc7 A -U Administrator%locDCpass7
Name=, Records=1, Children=0
A: 10.53.57.27 (flags=f0, serial=1, ttl=900)
Now the failing idmapadmember:
testenv$ dig @10.53.57.64 idmapadmember.samba2008r2.example.com +short
testenv$ bin/samba-tool dns query dc7 samba2008r2.example.com idmapadmember A -U Administrator%locDCpass7
ERROR: Record or zone does not exist.
Fixing the hosts file lets the tests work, fixing the broken DNS record
registration is a task for another day.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
e1fc84138ca118c4187d87b7be4a7e6dd771dc4f)
Stefan Metzmacher [Fri, 22 Jan 2021 12:31:58 +0000 (13:31 +0100)]
VERSION: Bump version up to 4.14.0rc2...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(v4-14-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-14-test): Fri Jan 22 16:23:55 UTC 2021 on sn-devel-184
Karolin Seeger [Thu, 21 Jan 2021 12:48:52 +0000 (13:48 +0100)]
VERSION: Disable GIT_SNAPSHOT for the 4.14.0rc1 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 21 Jan 2021 12:47:02 +0000 (13:47 +0100)]
WHATSNEW: Add release notes for Samba 4.14.0rc1.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 21 Jan 2021 12:02:26 +0000 (13:02 +0100)]
ReleaseKey: add GnuPG key transition statement for the Samba release key
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Karolin Seeger [Thu, 21 Jan 2021 12:03:44 +0000 (13:03 +0100)]
script/release.sh: always select the GPG key by it's ID
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Björn Baumbach [Mon, 18 Jan 2021 14:02:22 +0000 (15:02 +0100)]
WHATSNEW.txt: Miscellaneous samba-tool changes
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Karolin Seeger <kseeger@samba.org>
Andreas Schneider [Tue, 19 Jan 2021 14:50:24 +0000 (15:50 +0100)]
libcli:smb: Fix a typo in a debug message
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jan 19 16:15:21 UTC 2021 on sn-devel-184
Jeremy Allison [Fri, 15 Jan 2021 22:50:23 +0000 (14:50 -0800)]
vfs: update status of SMB_VFS_SYMLINKAT()
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Jan 17 05:48:14 UTC 2021 on sn-devel-184
Jeremy Allison [Fri, 15 Jan 2021 22:29:08 +0000 (14:29 -0800)]
s3: smbd: Change smb_set_file_unix_link() to use a real directory fsp for SMB_VFS_SYMLINKAT().
New VFS change.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 15 Jan 2021 22:35:58 +0000 (14:35 -0800)]
s3: VFS: glusterfs: Fix vfs_gluster_symlinkat() to cope with a real dirfsp.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 15 Jan 2021 22:33:17 +0000 (14:33 -0800)]
s3: VFS: ceph: Fix cephwrap_symlinkat() to cope with real directory fsps.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Fri, 15 Jan 2021 15:37:56 +0000 (16:37 +0100)]
vfs: directory enumeration is now handle based
Remove obsolete description. Also remove SMB_VFS_STATX() as I don't see a need
for that atm.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jan 15 22:01:55 UTC 2021 on sn-devel-184
Ralph Boehme [Fri, 15 Jan 2021 09:13:36 +0000 (10:13 +0100)]
vfs: update status of SMB_VFS_MKDIRAT()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 15 Jan 2021 09:12:29 +0000 (10:12 +0100)]
pysmbd: use real dirfsp for SMB_VFS_MKDIRAT()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 15 Jan 2021 08:54:15 +0000 (09:54 +0100)]
vfs: update status of SMB_VFS_MKNODAT()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Thu, 14 Jan 2021 20:18:50 +0000 (12:18 -0800)]
s3: smbd: Change smb_unix_mknod() to use a real directory fsp for SMB_VFS_MKNODAT().
New VFS change.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Thu, 14 Jan 2021 19:50:39 +0000 (11:50 -0800)]
s3: smbd: Move creation of parent_fname out of lp_inherit_permissions() clause in smb_unix_mknod().
We will need this for the upcoming openat_pathref_fsp() use.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Thu, 14 Jan 2021 20:25:24 +0000 (12:25 -0800)]
s3: VFS: glusterfs: Fix vfs_gluster_mknodat() to cope with a real dirfsp.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Thu, 14 Jan 2021 20:26:48 +0000 (12:26 -0800)]
s3: VFS: glusterfs: Fix missing END_PROFILE() in mkdirat() return.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Thu, 14 Jan 2021 20:35:29 +0000 (12:35 -0800)]
s3: VFS: ceph: Fix cephwrap_mknodat() to cope with real directory fsps.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>