Andrew Bartlett [Fri, 3 Mar 2023 04:52:13 +0000 (17:52 +1300)]
CVE-2023-0614 ldb: Release LDB 2.6.2
* CVE-2023-0614 Not-secret but access controlled LDAP attributes can be discovered (bug 15270)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
[abartlet@samba.org Adapted to LDB 2.6 series in Samba 4.17]
Andrew Bartlett [Thu, 2 Mar 2023 04:24:15 +0000 (17:24 +1300)]
CVE-2023-0614 lib/ldb-samba Ensure ACLs are evaluated on SAMBA_LDAP_MATCH_RULE_TRANSITIVE_EVAL / LDAP_MATCHING_RULE_IN_CHAIN
Setting the LDB_HANDLE_FLAG_UNTRUSTED tells the acl_read module to operate on this request.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Andrew Bartlett [Thu, 2 Mar 2023 03:51:25 +0000 (16:51 +1300)]
CVE-2023-0614 lib/ldb-samba: Add test for SAMBA_LDAP_MATCH_RULE_TRANSITIVE_EVAL / LDAP_MATCHING_RULE_IN_CHAIN with and ACL hidden attributes
The chain for transitive evaluation does consider ACLs, avoiding the disclosure of
confidential information.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Andrew Bartlett [Fri, 3 Mar 2023 03:49:00 +0000 (16:49 +1300)]
CVE-2023-0614 dsdb: Add pre-cleanup and self.addCleanup() of OU created in match_rules tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Andrew Bartlett [Thu, 2 Mar 2023 03:31:17 +0000 (16:31 +1300)]
CVE-2023-0614 dsdb: Add DSDB_MARK_REQ_UNTRUSTED
This will allow our dsdb helper search functions to mark the new
request as untrusted, forcing read ACL evaluation (per current behaviour).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Joseph Sutton [Thu, 23 Feb 2023 21:03:25 +0000 (10:03 +1300)]
CVE-2023-0614 s4-dsdb: Treat confidential attributes as unindexed
In the unlikely case that someone adds a confidential indexed attribute
to the schema, LDAP search expressions on that attribute could disclose
information via timing differences. Let's not use the index for searches
on confidential attributes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 3 Mar 2023 04:35:55 +0000 (17:35 +1300)]
CVE-2023-0614 ldb: Filter on search base before redacting message
Redaction may be expensive if we end up needing to fetch a security
descriptor to verify rights to an attribute. Checking the search scope
is probably cheaper, so do that first.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 14 Feb 2023 00:17:24 +0000 (13:17 +1300)]
CVE-2023-0614 ldb: Centralise checking for inaccessible matches
This makes it less likely that we forget to handle a case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 15 Feb 2023 23:35:34 +0000 (12:35 +1300)]
CVE-2023-0614 ldb: Use binary search to check whether attribute is secret
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 27 Feb 2023 00:31:44 +0000 (13:31 +1300)]
CVE-2023-0614 s4-acl: Avoid calling dsdb_module_am_system() if we can help it
If the AS_SYSTEM control is present, we know we have system privileges,
and have no need to call dsdb_module_am_system().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 3 Mar 2023 04:34:29 +0000 (17:34 +1300)]
CVE-2023-0614 ldb: Prevent disclosure of confidential attributes
Add a hook, acl_redact_msg_for_filter(), in the aclread module, that
marks inaccessible any message elements used by an LDAP search filter
that the user has no right to access. Make the various ldb_match_*()
functions check whether message elements are accessible, and refuse to
match any that are not. Remaining message elements, not mentioned in the
search filter, are checked in aclread_callback(), and any inaccessible
elements are removed at this point.
Certain attributes, namely objectClass, distinguishedName, name, and
objectGUID, are always present, and hence the presence of said
attributes is always allowed to be checked in a search filter. This
corresponds with the behaviour of Windows.
Further, we unconditionally allow the attributes isDeleted and
isRecycled in a check for presence or equality. Windows is not known to
make this special exception, but it seems mostly harmless, and should
mitigate the performance impact on searches made by the show_deleted
module.
As a result of all these changes, our behaviour regarding confidential
attributes happens to match Windows more closely. For the test in
confidential_attr.py, we can now model our attribute handling with
DC_MODE_RETURN_ALL, which corresponds to the behaviour exhibited by
Windows.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
[abartlet@samba.org adapted due to Samba 4.17 and lower
not having the patches for CVE-2020-25720]
Joseph Sutton [Mon, 27 Feb 2023 00:55:36 +0000 (13:55 +1300)]
CVE-2023-0614 s4-acl: Split out function to set up access checking variables
These variables are often used together, and it is useful to have the
setup code in one place.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
[abartlet@samba.org adapted to the use of
acl_check_access_on_attribute as
acl_check_access_on_attribute_implicit_owner is
only in Samba 4.18 and newer]
Joseph Sutton [Sun, 26 Feb 2023 23:19:08 +0000 (12:19 +1300)]
CVE-2023-0614 s4-dsdb: Add samdb_result_dom_sid_buf()
This function parses a SID from an ldb_message, similar to
samdb_result_dom_sid(), but does it without allocating anything.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 27 Feb 2023 00:40:33 +0000 (13:40 +1300)]
CVE-2023-0614 s4-acl: Split out logic to remove access checking attributes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 3 Mar 2023 04:31:54 +0000 (17:31 +1300)]
CVE-2023-0614 ldb: Add ldb_parse_tree_get_attr()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 26 Jan 2023 19:32:41 +0000 (08:32 +1300)]
CVE-2023-0614 tests/krb5: Add test for confidential attributes timing differences
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 6 Feb 2023 20:25:48 +0000 (09:25 +1300)]
CVE-2023-0614 schema_samba4.ldif: Allocate previously added OID
DSDB_CONTROL_CALCULATED_DEFAULT_SD_OID was added in commit
08187833fee57a8dba6c67546dfca516cd1f9d7a.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 25 Aug 2022 08:15:33 +0000 (20:15 +1200)]
schema_samba4.ldif: Allocate previously added OIDs
DSDB_CONTROL_FORCE_ALLOW_VALIDATED_DNS_HOSTNAME_SPN_WRITE_OID was added
to source4/dsdb/samdb/samdb.h in commit
c2ab1f4696fa3f52918a126d0b37993a07f68bcb.
DSDB_EXTENDED_SCHEMA_LOAD was added in commit
1fd4cdfafaa6a41c824d1b3d76635bf3e446de0f.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
672ec6135f9ae3d7b5439523a4f456c19fb03a88)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
[abartlet@samba.org This required as context for the above bug]
Joseph Sutton [Mon, 6 Feb 2023 20:48:37 +0000 (09:48 +1300)]
CVE-2023-0614 s4:dsdb:tests: Fix <GUID={}> search in confidential attributes test
The object returned by schema_format_value() is a bytes object.
Therefore the search expression would resemble:
(lastKnownParent=<GUID=b'
00000000-0000-0000-0000-
000000000000'>)
which, due to the extra characters, would fail to match anything.
Fix it to be:
(lastKnownParent=<GUID=
00000000-0000-0000-0000-
000000000000>)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 6 Feb 2023 20:35:24 +0000 (09:35 +1300)]
CVE-2023-0614 s4:dsdb/extended_dn_in: Don't modify a search tree we don't own
In extended_dn_fix_filter() we had:
req->op.search.tree = ldb_parse_tree_copy_shallow(req, req->op.search.tree);
which overwrote the parse tree on an existing ldb request with a fixed
up tree. This became a problem if a module performed another search with
that same request structure, as extended_dn_in would try to fix up the
already-modified tree for a second time. The fixed-up tree element now
having an extended DN, it would fall foul of the ldb_dn_match_allowed()
check in extended_dn_filter_callback(), and be replaced with an
ALWAYS_FALSE match rule. In practice this meant that <GUID={}> searches
would only work for one search in an ldb request, and fail for
subsequent ones.
Fix this by creating a new request with the modified tree, and leaving
the original request unmodified.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Sun, 26 Feb 2023 21:31:52 +0000 (10:31 +1300)]
CVE-2023-0614 ldb: Make use of ldb_filter_attrs_in_place()
Change all uses of ldb_kv_filter_attrs() to use
ldb_filter_attrs_in_place() instead. This function does less work than
its predecessor, and no longer requires the allocation of a second ldb
message. Some of the work is able to be split out into separate
functions that each accomplish a single task, with a purpose to make the
code clearer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 3 Mar 2023 04:30:19 +0000 (17:30 +1300)]
CVE-2023-0614 ldb: Make ldb_filter_attrs_in_place() work in place
ldb_filter_attrs() previously did too much. Now its replacement,
ldb_filter_attrs_in_place(), only does the actual filtering, while
taking ownership of each element's values is handled in a separate
function, ldb_msg_elements_take_ownership().
Also, ldb_filter_attrs_in_place() no longer adds the distinguishedName
to the message if it is missing. That is handled in another function,
ldb_msg_add_distinguished_name().
As we're now modifying the original message rather than copying it into
a new one, we no longer need the filtered_msg parameter.
We adapt a test, based on ldb_filter_attrs_test, to exercise the new
function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 3 Mar 2023 04:29:03 +0000 (17:29 +1300)]
CVE-2023-0614 ldb: Add function to filter message in place
At present this function is an exact duplicate of ldb_filter_attrs(),
but in the next commit we shall modify it to work in place, without the
need for the allocation of a second message.
The test is a near duplicate of the existing test for
ldb_filter_attrs().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 3 Mar 2023 04:27:38 +0000 (17:27 +1300)]
CVE-2023-0614 ldb: Add function to add distinguishedName to message
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
[abartlet@samba.org Adapted to conflict from lack of new
ldb_ascii_toupper() in ldb_private.h]
Joseph Sutton [Fri, 3 Mar 2023 04:26:04 +0000 (17:26 +1300)]
CVE-2023-0614 ldb: Add function to remove excess capacity from an ldb message
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
[abartlet@samba.org Adapted to conflict from lack of new
ldb_ascii_toupper() in ldb_private.h]
Joseph Sutton [Fri, 3 Mar 2023 04:23:42 +0000 (17:23 +1300)]
CVE-2023-0614 ldb: Add function to take ownership of an ldb message
Many places in Samba depend upon various components of an ldb message
being talloc allocated, and hence able to be used as talloc contexts.
The elements and values of an unpacked ldb message point to unowned data
inside the memory-mapped database, and this function ensures that such
messages have talloc ownership of said elements and values.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 15 Feb 2023 01:08:57 +0000 (14:08 +1300)]
CVE-2023-0614 ldb:tests: Ensure all tests are accounted for
Add ldb_filter_attrs_test to the list of tests so that it actually gets
run.
Remove a duplicate ldb_msg_test that was accidentally added in commit
5ca90e758ade97fb5e335029c7a1768094e70564.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 14 Feb 2023 23:34:51 +0000 (12:34 +1300)]
CVE-2023-0614 ldb:tests: Ensure ldb_val data is zero-terminated
If the value of an ldb message element is not zero-terminated, calling
ldb_msg_find_attr_as_string() will cause the function to read off the
end of the buffer in an attempt to verify that the value is
zero-terminated. This can cause unexpected behaviour and make the test
randomly fail.
To avoid this, we must have a terminating null byte that is *not*
counted as part of the length, and so we must calculate the length with
strlen() rather than sizeof.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 26 Jan 2023 19:29:33 +0000 (08:29 +1300)]
CVE-2023-0614 s4-acl: Use ldb functions for handling inaccessible message elements
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 26 Jan 2023 19:28:36 +0000 (08:28 +1300)]
CVE-2023-0614 ldb: Add functions for handling inaccessible message elements
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 26 Jan 2023 19:00:32 +0000 (08:00 +1300)]
CVE-2023-0614 s4-acl: Make some parameters const
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
[abartlet@samba.org Adapted to code without newer
acl_check_access_on_attribute_implicit_owner name]
Joseph Sutton [Mon, 6 Feb 2023 20:29:51 +0000 (09:29 +1300)]
CVE-2023-0614 s4:dsdb: Use talloc_get_type_abort() more consistently
It is better to explicitly abort than to dereference a NULL pointer or
try to read data cast to the wrong type.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 26 Jan 2023 18:57:27 +0000 (07:57 +1300)]
CVE-2023-0614 libcli/security: Make some parameters const
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
[abartlet@samba.org Updated to add const to sec_access_check_ds()
instead of the sec_access_check_ds_implicit_owner() wrapper
found in 4.18 and later]
Andrew Bartlett [Thu, 2 Mar 2023 21:31:40 +0000 (10:31 +1300)]
CVE-2023-0614 dsdb: Alter timeout test in large_ldap.py to be slower by matching on large objects
This changes the slow aspect to be the object matching not the filter parsing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Andrew Bartlett [Mon, 13 Mar 2023 04:20:00 +0000 (17:20 +1300)]
CVE-2023-0614 selftest: Use setUpClass() to reduce "make test TESTS=large_ldap" time
This reduces the elapsed time to 6m from 20m on my laptop.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15332
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Mar 14 07:16:04 UTC 2023 on atb-devel-224
(cherry picked from commit
b4a6c054ec6acefacd22cb7230a783d20cb07c05)
[abartlet@samba.org Included in the security release as this
makes working on the large_ldap test practical by reducing
the elapsed time taken]
Andrew Bartlett [Mon, 13 Mar 2023 01:25:56 +0000 (14:25 +1300)]
CVE-2023-0614 lib/ldb: Avoid allocation and memcpy() for every wildcard match candidate
The value can be quite large, the allocation will take much
longer than the actual match and is repeated per candidate
record.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15331
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
(cherry picked from commit
cad96f59a08192df927fb1df4e9787c7f70991a2)
[abartlet@samba.org Included in the security release as this
makes the new large_ldap.py timeout test more reliable]
Jule Anger [Thu, 9 Mar 2023 09:15:41 +0000 (10:15 +0100)]
VERSION: Bump version up to Samba 4.17.7...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Thu, 9 Mar 2023 09:15:09 +0000 (10:15 +0100)]
VERSION: Disable GIT_SNAPSHOT for the 4.17.6 release.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Thu, 9 Mar 2023 09:14:38 +0000 (10:14 +0100)]
WHATSNEW: Add release notes for Samba 4.17.6.
Signed-off-by: Jule Anger <janger@samba.org>
Jeremy Allison [Tue, 28 Feb 2023 19:20:12 +0000 (11:20 -0800)]
s3: smbd: Fix fsp/fd leak when looking up a non-existent stream name on a file.
When open_stream_pathref_fsp() returns
NT_STATUS_OBJECT_NAME_NOT_FOUND, smb_fname_rel->fsp
has been set to NULL, so we must free base_fsp separately
to prevent fd-leaks when opening a stream that doesn't
exist.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15314
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Mar 3 16:37:27 UTC 2023 on atb-devel-224
(cherry picked from commit
3f84a6df4546e0f1e62dfbcd0b823ea29499a787)
Autobuild-User(v4-17-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-17-test): Wed Mar 8 10:11:41 UTC 2023 on sn-devel-184
Jeremy Allison [Tue, 28 Feb 2023 19:18:10 +0000 (11:18 -0800)]
s3: tests: Add new test_stream_dir_rename.sh test.
Shows we are leaking an fsp/fd if we request a non-existent stream on a file.
This then causes rename of a directory containing the file to be denied, as
it thinks we have an existing open file below it.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15314
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
c54bec26ad23b0121b2ddfbf04bc81050f27e6e1)
Jeremy Allison [Tue, 28 Feb 2023 19:14:34 +0000 (11:14 -0800)]
s3: provision: Add new streams_xattr_nostrict share - needs "strict rename = no".
The bug we're testing for needs "strict rename = no" (the default),
but the existing streams_xattr share uses "strict rename = yes" from
the [global] section.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15314
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
5a3db5105bd8360b245cd35810002740ccff605c)
Volker Lendecke [Mon, 20 Feb 2023 17:46:50 +0000 (18:46 +0100)]
rpcd: With npa->need_idle_server we can have more than 256 servers
Before this patch the worker-status cut the worker index such that
samba-dcerpcd could not properly update status of the surplus rpc
daemons. This could lead to those daemons to stay around forever,
samba-dcerpcd will never notice they are idle and can exit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15310
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Mar 6 22:35:00 UTC 2023 on atb-devel-224
(cherry picked from commit
a1780ed8d1b46e4760319b27a4978e7ce7a1df80)
Autobuild-User(v4-17-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-17-test): Tue Mar 7 11:16:46 UTC 2023 on sn-devel-184
Volker Lendecke [Wed, 1 Mar 2023 13:42:00 +0000 (14:42 +0100)]
rpcd: Do blocking connects to local pipes
We don't have real async callers yet, and this is the simplest way to
fix our missing light-weight deterministic async fallback mechanism.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15310
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
0ab7b84ccbd383bb2f696ce258438d4af57fe6f0)
Volker Lendecke [Wed, 1 Mar 2023 13:40:37 +0000 (14:40 +0100)]
rpcd: Increase listening queue
Allow more waiters under load.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15310
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
f23eb1b3b728d7a13add8c6614d9992aad2c3653)
Volker Lendecke [Mon, 6 Mar 2023 09:05:41 +0000 (10:05 +0100)]
torture3: test rpc scalability
With
smbtorture3 //127.0.0.1/ipc\$ rpc-scale -N 50 -o 1000
I am able to immediately trigger bug 15130.
Not running by default, this is a pure load test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15310
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(back-ported from commit
86e95b57d6848482dc73c624c2e8d2bdb79c1d21)
Volker Lendecke [Mon, 6 Mar 2023 12:57:20 +0000 (13:57 +0100)]
librpc: Remove unused sync rpc_transport_np_init()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
f3ce9970002459a069344ca5519fb91feacb4a6e)
Volker Lendecke [Mon, 6 Mar 2023 12:55:43 +0000 (13:55 +0100)]
librpc: Make rpc_pipe_open_np() public and async
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
07ebf97a74fb5c0d0504e76c50f3aca8257dab1f)
baixiangcpp [Fri, 10 Feb 2023 03:01:47 +0000 (11:01 +0800)]
lib:util: File descriptor being closed repeatedly.
In file_load()/file_lines_load(), the file's fd is obtained using
open(), and in fd_load() the fd is converted to a FILE* using
fdopen(). However, after fclose(), the fd is closed again using
close().
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15311
Signed-off-by: baixiangcpp baixiangcpp@gmail.com
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Feb 16 12:13:05 UTC 2023 on atb-devel-224
(cherry picked from commit
206dcf7d426e9e85c896c54839008e194d9a2824)
Autobuild-User(v4-17-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-17-test): Thu Feb 23 13:37:27 UTC 2023 on sn-devel-184
John Mulligan [Fri, 3 Feb 2023 18:09:18 +0000 (13:09 -0500)]
vfs_ceph: use fsp_get_pathref_fd in ceph fstatat and close vfs calls
Replace fsp_get_io_fd with fsp_get_pathref_fd as these calls do use
pathref fsps. fsp_get_io_fd asserts that the fsp is not pathref and
asserts (on a debug build) or returns -1 (non debug build).
Prior to these changes running ls on the root of the share failed.
Logging from the failure case:
```
openat_pathref_fsp: smb_fname [.]
openat_pathref_fullname: smb_fname [.]
fsp_new: allocated files structure (1 used)
file_name_hash: //. hash 0x3dfcc1c2
check_reduced_name: check_reduced_name [.] [/]
cephwrap_realpath: [CEPH] realpath(0x55604da9a030, .) = //.
check_reduced_name realpath [.] -> [//.]
check_reduced_name: . reduced to //.
cephwrap_openat: [CEPH] openat(0x55604da9a030, ., 0x55604da81f00, 133120, 0)
cephwrap_openat: [CEPH] open(...) = 10
cephwrap_fstat: fsp_get_io_fd: fsp [.] is a path referencing fsp
[CEPH] fstat(0x55604da9a030, -1)
fsp_get_io_fd: fsp [.] is a path referencing fsp
cephwrap_fstat: [CEPH] fstat(...) = -9
fd_openat: name ., flags = 04000 mode = 00, fd = 10. NT_STATUS_INVALID_HANDLE
openat_pathref_fullname: Opening pathref for [.] failed: NT_STATUS_INVALID_HANDLE
```
This change also seems to match the recommendations in the `When to use
fsp_get_io_fd() or fsp_get_pathref_fd()` section of The_New_VFS.txt
document.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15307
Signed-off-by: John Mulligan <jmulligan@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Gunther Deschner <gdeschne@redhat.com>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Feb 13 20:04:38 UTC 2023 on atb-devel-224
(cherry picked from commit
54a8da864071e28eb6297b872dcb57fb9b171f33)
Autobuild-User(v4-17-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-17-test): Wed Feb 15 14:21:41 UTC 2023 on sn-devel-184
Ralph Boehme [Wed, 18 Jan 2023 15:21:16 +0000 (16:21 +0100)]
mdssvc: fix kMDScopeArray parsing
In macOS Ventura marshalling of kMDScopeArray in the "openQueryWithParams"
request has changed from
string: kMDScopeArray
sl_array_t(#1): {
string: /foo/bar
}
to:
string: kMDScopeArray
sl_array_t(#1): {
sl_array_t(#1): {
string: /foo/bar
}
}
With this patch we check both encodings. Bug fixed according to user feedback.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15299
RN: Spotlight doesn't work with latest macOS Ventura
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
1dd0cd2f4e644ad43b0e7ee2aaae19799e859585)
Autobuild-User(v4-17-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-17-test): Fri Feb 10 10:43:35 UTC 2023 on sn-devel-184
Andrew Bartlett [Wed, 25 Jan 2023 02:24:57 +0000 (15:24 +1300)]
s4-drsuapi: Give an error that matches windows on destination_dsa_guid lookup failure
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jan 31 13:43:54 UTC 2023 on atb-devel-224
(cherry picked from commit
0f2978bbc0ed5b65d75c20472650a749643312e7)
Autobuild-User(v4-17-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-17-test): Fri Feb 3 10:28:42 UTC 2023 on sn-devel-184
Andrew Bartlett [Wed, 25 Jan 2023 03:01:48 +0000 (16:01 +1300)]
s4-drsuapi: Clarify role of drs_security_access_check_nc_root()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
1838f349c94b878de1740af35351a2e8e0c8cffb)
Andrew Bartlett [Wed, 25 Jan 2023 01:18:11 +0000 (14:18 +1300)]
s4-rpc_server: Pre-check destination_dsa_guid in GetNCChanges for validity
This allows our new tests to pass as these need to be checked first.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
115a3a10440f44ba11029be5ae3a05534a7b98c0)
Andrew Bartlett [Wed, 25 Jan 2023 02:24:01 +0000 (15:24 +1300)]
s4-drsuapi: Use samdb_get_ntds_obj_by_guid() to find RODC in REPL_SECRET
We need to find the RODC per the destination_dsa_guid to mark the secrets as
having been replicated, and by using samdb_get_ntds_obj_by_guid() we are stricter
in the checks, as the RODC has to be the right objectClass (nTDSDSA) and under
the CN=Configuration partition.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
09ec6a1db2d3b831548bf7d66475c486be29b1d1)
Andrew Bartlett [Wed, 25 Jan 2023 02:18:47 +0000 (15:18 +1300)]
s4-dsdb: Require that the NTDS object is an nTDSDSA objectclass
This should avoid a user being able to specify the GUID of a different
type of object.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
adb776149e5ac0eb346992775610627106e1a986)
Andrew Bartlett [Wed, 25 Jan 2023 02:17:44 +0000 (15:17 +1300)]
s4-dsdb: Split samdb_get_ntds_obj_by_guid() out of samdb_is_rodc()
This will allow the logic here to be tighened up and shared
in the next few commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
d5a2af3feae98057ba29de444d308d499d633941)
Andrew Bartlett [Fri, 16 Dec 2022 01:22:20 +0000 (14:22 +1300)]
s4-rpc_server/drsuapi: Return correct error code for an invalid DN to EXOP_REPL_OBJ/EXOP_REPL_OBJ
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
cbe18353d8d7b2a35b965e4fc8c895ac497e67e8)
Andrew Bartlett [Tue, 31 Jan 2023 00:29:05 +0000 (13:29 +1300)]
s4-drs: Make drs_ObjectIdentifier_to_dn() safer and able to cope with DummyDN values
We want to totally ignore the string DN if there is a GUID,
as clients like "Microsoft Azure AD connect cloud sync" will
set a literal "DummyDN" string.
RN: Use of the Azure AD Connect cloud sync tool is now supported for
password hash synchronisation, allowing Samba AD Domains to synchronise
passwords with this popular cloud environment.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
73f3ece8b2b44ac4b3323a08fb969f29bf2b0380)
Andrew Bartlett [Sun, 11 Dec 2022 20:47:36 +0000 (09:47 +1300)]
s4-dsdb: rework drs_ObjectIdentifier_to_dn() into drs_ObjectIdentifier_to_dn_and_nc_root()
This make this funciton the gatekeeper between the wire format and the
internal struct ldb_dn, checking if the DN exists and which NC
it belongs to along the way, and presenting only a DB-returned
DN for internal processing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
aee2039e63ceeb5e69a0461fb77e0f18278e4dc4)
Andrew Bartlett [Mon, 12 Dec 2022 03:15:44 +0000 (16:15 +1300)]
s4-rpc_server/drsuapi: Use dsdb_normalise_dn_and_find_nc_root()
This reuses the search done for dsdb_find_nc_root() to normalise the DN.
This will allow a GUID-input DN to be compared safely with a RID Manager DN
or Naming Context.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
e96dfc74b3ece40fe64a33aa8b8d810b576982bd)
Andrew Bartlett [Mon, 12 Dec 2022 03:15:03 +0000 (16:15 +1300)]
s4-dsdb: Add dsdb_normalise_dn_and_find_nc_root() around dsdb_find_nc_root()
Reuse the search done for dsdb_find_nc_root() to normalise the DN.
This will allow a GUID-input DN to be compared safely with a RID Manager DN
or Naming Context.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
8e1122420efd11a91aa1c5d60c0cc8fd9ffaf157)
Andrew Bartlett [Thu, 15 Dec 2022 05:52:20 +0000 (18:52 +1300)]
s4-dsdb: Add better debugging to dsdb_objects_have_same_nc()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
0f501b2316af6568003e520848c1ec80c286fd36)
Andrew Bartlett [Mon, 5 Dec 2022 09:21:29 +0000 (22:21 +1300)]
s4-dsdb: Make dsdb_find_nc_root() first try and use DSDB_CONTROL_CURRENT_PARTITION_OID
This allows lookup of a DN with a GUID only or GUID and string,
possibly not yet in the database, yet still getting the correct result.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
d0444be4b74bdad6a731bc5fcf86da6142b03539)
Andrew Bartlett [Wed, 25 Jan 2023 20:44:01 +0000 (09:44 +1300)]
s4-dsdb: Schedule SD propegation only after successful rename
This avoids needing to anticipate errors that the rename might give
while allowing the dsdb_find_nc_root() routine to become stricter.
The problem is that dsdb_find_nc_root() will soon do a real search and
so fail more often, but these failures will give "wrong" error codes.
We do not need to do this work if the operation fails, so put this in
the callback.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
7032b86cd5c1456318558ed95f8890e353117ced)
Andrew Bartlett [Thu, 15 Dec 2022 03:02:55 +0000 (16:02 +1300)]
s4-selftest/drs: Confirm GetNCChanges REPL_SECRET works with a DummyDN and real GUID
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
7c43388576f768db564aaf15a47d3f9ce5796fb3)
Andrew Bartlett [Thu, 15 Dec 2022 03:02:27 +0000 (16:02 +1300)]
s4-selftest/drs: Confirm GetNCChanges full replication works with a DummyDN and real GUID
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
539221dda33f03a1abf5ee5f3153db0fe1a9bfe6)
Andrew Bartlett [Fri, 2 Dec 2022 02:30:05 +0000 (15:30 +1300)]
s4-selftest/drs: Confirm GetNCChanges REPL_OBJ works with a DummyDN and real GUID
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
70faccae6d595056174af8d63b3437c9fe3805aa)
Andrew Bartlett [Thu, 1 Dec 2022 22:56:38 +0000 (11:56 +1300)]
s4-selftest/drs Allow re-run of DRS tests after failed cleanup
Using a random base is a useful start, even if the better solution also includes a self.AddCleanup()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
3204d1350b21704474e577cb5f3f2439b673c421)
Andrew Bartlett [Thu, 1 Dec 2022 22:42:55 +0000 (11:42 +1300)]
s4-selftest/drs Allow some DRS tests to operate against an IP
This is not comprehensive, but makes some manual test runs easier by
avoiding the need for DNS names to resolve.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
a150a2dcb1fc7fc7f606838de17ad4d3e6072bda)
Andrew Bartlett [Thu, 1 Dec 2022 21:07:53 +0000 (10:07 +1300)]
s4-selftest/drs Add test of expected return code for invaid DNs in GetNCChanges
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
bee45e6b29b97e0cab19a9c3cf692d9a7585a717)
Andrew Bartlett [Wed, 14 Dec 2022 23:05:55 +0000 (12:05 +1300)]
s4-dsdb: Add tests of SamDB.get_nc_root()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
2c7bb58703c1fa26782ac6959ea7d81fccf3905c)
Noel Power [Wed, 25 Jan 2023 17:03:07 +0000 (17:03 +0000)]
s3/lib: Prevent use after free of messaging_ctdb_fde_ev structs
In a cluster setup samba-bgqd async callback
cups_pcap_load_async can access messaging_ctdb_fde_ev associated
with already destructed global_ctdb_ctx_destructor
==26053== Invalid read of size 8
==26053== at 0x71692E1: messaging_ctdb_fde_ev_destructor (messages_ctdb.c:181)
==26053== by 0x40B2309: _tc_free_internal (talloc.c:1158)
==26053== by 0x40B3539: _tc_free_children_internal (talloc.c:1669)
==26053== by 0x40B24C4: _tc_free_internal (talloc.c:1184)
==26053== by 0x40B3539: _tc_free_children_internal (talloc.c:1669)
==26053== by 0x40B24C4: _tc_free_internal (talloc.c:1184)
==26053== by 0x40B2685: _talloc_free_internal (talloc.c:1248)
==26053== by 0x40B3963: _talloc_free (talloc.c:1792)
==26053== by 0x4056BCA: tevent_req_received (tevent_req.c:301)
==26053== by 0x405673D: tevent_req_destructor (tevent_req.c:135)
==26053== by 0x40B2309: _tc_free_internal (talloc.c:1158)
==26053== by 0x40B3539: _tc_free_children_internal (talloc.c:1669)
==26053== by 0x40B24C4: _tc_free_internal (talloc.c:1184)
==26053== by 0x40B2685: _talloc_free_internal (talloc.c:1248)
==26053== by 0x40B3963: _talloc_free (talloc.c:1792)
==26053== by 0x1384EF: cups_pcap_load_async (print_cups.c:507)
==26053== by 0x13894B: cups_cache_reload (print_cups.c:602)
==26053== by 0x1373AE: pcap_cache_reload (pcap.c:140)
==26053== by 0x1369D2: register_printing_bq_handlers (queue_process.c:323)
==26053== by 0x122AD6: main (samba-bgqd.c:316)
==26053== Address 0xed64d48 is 120 bytes inside a block of size 128 free'd
==26053== at 0x4C370EB: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==26053== by 0x40B25E1: _tc_free_internal (talloc.c:1222)
==26053== by 0x40B2685: _talloc_free_internal (talloc.c:1248)
==26053== by 0x40B3963: _talloc_free (talloc.c:1792)
==26053== by 0x71691F6: messaging_ctdb_destroy (messages_ctdb.c:141)
==26053== by 0x7169C21: msg_ctdb_ref_destructor (messages_ctdb_ref.c:142)
==26053== by 0x40B2309: _tc_free_internal (talloc.c:1158)
==26053== by 0x40B3539: _tc_free_children_internal (talloc.c:1669)
==26053== by 0x40B24C4: _tc_free_internal (talloc.c:1184)
==26053== by 0x40B2685: _talloc_free_internal (talloc.c:1248)
==26053== by 0x40B3963: _talloc_free (talloc.c:1792)
==26053== by 0x4157380: messaging_reinit (messages.c:646)
==26053== by 0x416C01E: reinit_after_fork (util.c:488)
==26053== by 0x13844C: cups_pcap_load_async (print_cups.c:498)
==26053== by 0x13894B: cups_cache_reload (print_cups.c:602)
==26053== by 0x1373AE: pcap_cache_reload (pcap.c:140)
==26053== by 0x1369D2: register_printing_bq_handlers (queue_process.c:323)
==26053== by 0x122AD6: main (samba-bgqd.c:316)
==26053== Block was alloc'd at
==26053== at 0x4C346A4: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==26053== by 0x40B1989: __talloc_with_prefix (talloc.c:783)
==26053== by 0x40B1B23: __talloc (talloc.c:825)
==26053== by 0x40B1ECC: _talloc_named_const (talloc.c:982)
==26053== by 0x40B49C3: _talloc_zero (talloc.c:2421)
==26053== by 0x7168E68: messaging_ctdb_init (messages_ctdb.c:93)
==26053== by 0x716979D: messaging_ctdb_ref (messages_ctdb_ref.c:75)
==26053== by 0x415702A: messaging_init_internal (messages.c:563)
==26053== by 0x41572FD: messaging_init (messages.c:622)
==26053== by 0x4163ED3: global_messaging_context (global_contexts.c:62)
==26053== by 0x12273B: main (samba-bgqd.c:271)
==26053==
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15293
Signed-off-by: Noel Power <npower@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
7a880ef52dfc85ed2f674250b5baf5109f8d4691)
Autobuild-User(v4-17-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-17-test): Fri Jan 27 09:45:10 UTC 2023 on sn-devel-184
Jule Anger [Thu, 26 Jan 2023 10:12:30 +0000 (11:12 +0100)]
VERSION: Bump version up to Samba 4.17.6...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Thu, 26 Jan 2023 10:07:54 +0000 (11:07 +0100)]
VERSION: Disable GIT_SNAPSHOT for the 4.17.5 release.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Thu, 26 Jan 2023 10:07:21 +0000 (11:07 +0100)]
WHATSNEW: Add release notes for Samba 4.17.5.
Signed-off-by: Jule Anger <janger@samba.org>
Andrew Walker [Tue, 27 Dec 2022 15:59:14 +0000 (10:59 -0500)]
lib/replace - add extra check to bsd_attr_list
The FreeBSD extattr API may return success and truncated
namelist. We need to check for this in bsd_attr_list to
ensure that we don't accidentally read off the end of the
buffer. In the case of a truncated value, the pascal
strings for attr names will reflect the lengths as if
the value were not truncated. For example:
`58DosStrea`
In case of short read we now set error to ERANGE and
fail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15271
Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Jan 2 14:27:23 UTC 2023 on sn-devel-184
(cherry picked from commit
01cdc5e00be78a51f0766634cc7fe50de2088203)
Autobuild-User(v4-17-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-17-test): Mon Jan 23 10:27:59 UTC 2023 on sn-devel-184
Jeremy Allison [Thu, 10 Nov 2022 22:43:15 +0000 (14:43 -0800)]
s3: smbd: Always use metadata_fsp() when processing fsctls.
Currently all fsctls we implement need the base fsp, not
an alternate data stream fsp. We may revisit this later
if we implement fsctls that operate on an ADS.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15236
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Walker <awalker@ixsystems.com>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Nov 14 18:13:31 UTC 2022 on sn-devel-184
(cherry picked from commit
fa4eba131b882c3858b28f5fd9864998e19a4510)
Jeremy Allison [Thu, 10 Nov 2022 22:41:15 +0000 (14:41 -0800)]
s3: smbd: Add test to show smbd crashes when doing an FSCTL on a named stream handle.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15236
Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
abc4495e4591964bb4625c2669a1f84213faab77)
Stefan Metzmacher [Thu, 16 Dec 2021 17:24:16 +0000 (18:24 +0100)]
s3:auth: call wbcFreeMemory(info) in auth3_generate_session_info_pac()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15286
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
e27084f5d8c3a151c5d0b266118f0d71b641dc85)
Samuel Cabrero [Thu, 22 Dec 2022 15:32:40 +0000 (16:32 +0100)]
CVE-2022-38023 s3:rpc_server/netlogon: Avoid unnecessary loadparm_context allocations
After s3 and s4 rpc servers merge the loadparm_context is available in
the dcesrv_context structure.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jan 9 15:17:14 UTC 2023 on sn-devel-184
(cherry picked from commit
56837f3d3169a02d0d92bd085d9c8250415ce29b)
Samuel Cabrero [Mon, 9 Jan 2023 11:17:48 +0000 (12:17 +0100)]
CVE-2022-38023 docs-xml/smbdotconf: The "server schannel require seal[:COMPUTERACCOUNT]" options are also honoured by s3 netlogon server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
02fba22b8c9e9b33ab430555ef45500c45eaa9d1)
Samuel Cabrero [Thu, 22 Dec 2022 10:05:33 +0000 (11:05 +0100)]
CVE-2022-38023 s3:rpc_server/netlogon: Check for global "server schannel require seal"
By default we'll now require schannel connections with privacy/sealing/encryption.
But we allow exceptions for specific computer/trust accounts.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
a0b97e262318dc56fe663da89b0ee3172b2e7848)
Samuel Cabrero [Thu, 22 Dec 2022 08:29:04 +0000 (09:29 +0100)]
CVE-2022-38023 s3:rpc_server/netlogon: make sure all _netr_LogonSamLogon*() calls go through dcesrv_netr_check_schannel()
Some checks are also required for _netr_LogonSamLogonEx().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
ca07f4340ce58a7e940a1123888b7409176412f7)
Samuel Cabrero [Thu, 22 Dec 2022 15:30:26 +0000 (16:30 +0100)]
CVE-2022-38023 s3:rpc_server/netlogon: Use dcesrv_netr_creds_server_step_check()
After s3 and s4 rpc servers merge we can avoid duplicated code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
25300d354c80995997d552581cd91dddaf4bbf48)
Samuel Cabrero [Thu, 22 Dec 2022 13:03:23 +0000 (14:03 +0100)]
CVE-2022-38023 s4:rpc_server/netlogon: Move schannel and credentials check functions to librpc
Will be used later by s3 netlogon server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
121e7b0e39478c5291100652ac92c263f406076b)
Samuel Cabrero [Thu, 5 Jan 2023 17:13:09 +0000 (18:13 +0100)]
CVE-2022-38023 s4:rpc_server:wscript: Reformat following pycodestyle
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
d9e6b490db3ead7e79bb3ff0c1f9ef8ab8bdc65b)
Samuel Cabrero [Thu, 22 Dec 2022 15:46:15 +0000 (16:46 +0100)]
CVE-2022-38023 selftest:Samba3: avoid global 'server schannel = auto'
Instead of using the generic deprecated option use the specific
server require schannel:COMPUTERACCOUNT = no in order to allow
legacy tests for pass.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
3cd18690f83d2f85e847fc703ac127b4b04189fc)
Samuel Cabrero [Wed, 21 Dec 2022 14:53:04 +0000 (15:53 +0100)]
CVE-2022-38023 s3:rpc_server/netlogon: 'server schannel != yes' warning to dcesrv_interface_netlogon_bind
Follow s4 netlogon server changes and move the checks to the RPC bind
hook. Next commits will remove the s3 netr_creds_server_step_check()
function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
8141eae47aad849741beb138fae866c772e4ec4c)
Jeremy Allison [Thu, 12 Jan 2023 19:20:08 +0000 (11:20 -0800)]
s3: smbd: Tweak openat_pathref_dirfsp_nosymlink() to NULL out fsp->fsp_name after calling fd_close() on intermediate directories, rather than before.
vfs_virusfilter expects a non-NULL fsp->fsp_name to use for printing debugs
(it always indirects fsp->fsp_name). vfs_fruit also does the same, so would
also crash in fruit_close() with 'debug level = 10' and vfs_default:VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS = no
set (we don't test with that which is why we haven't noticed
this before).
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Jan 13 08:33:47 UTC 2023 on sn-devel-184
(cherry picked from commit
3d3d01cda8d3a6d0d18d1b808aa9414e71d56062)
Autobuild-User(v4-17-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-17-test): Mon Jan 16 10:49:14 UTC 2023 on sn-devel-184
Jeremy Allison [Thu, 12 Jan 2023 18:22:09 +0000 (10:22 -0800)]
selftest: Show vfs_virusscanner crashes when traversing a 2-level directory tree.
Modify check_infected_read() test to use a 2-level deep
directory.
We must have vfs_default:VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS = no
set on the virusscanner share as otherwise the openat flag
shortcut defeats the test.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
c844bff3eca336547c6cedfeeb03adda4eed57c6)
Jeremy Allison [Tue, 8 Nov 2022 18:13:18 +0000 (10:13 -0800)]
s4: libcli: Ignore errors when getting A records after fetching AAAA records.
The target may only be available over IPv6.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15226
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov 9 20:34:07 UTC 2022 on sn-devel-184
(cherry picked from commit
10537a89bb0b461ba31d614b7c9ed56a842422e7)
Jeremy Allison [Tue, 15 Nov 2022 21:29:46 +0000 (13:29 -0800)]
s3: smbd: In synthetic_pathref() change DBG_ERR -> DBG_NOTICE to avoid spamming the logs.
Can easily be seen by doing make test TESTS=fruit
and looking in st/nt4_dc/smbd_test.log.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15210
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Nov 16 06:00:56 UTC 2022 on sn-devel-184
(cherry picked from commit
f0ca9546102acf09f1834c03f8907ed26bfc80f8)
Jeremy Allison [Thu, 20 Oct 2022 22:19:05 +0000 (15:19 -0700)]
s3: smbd: Cause SMB2_OP_FLUSH to go synchronous in a compound anywhere but the last operation in the list.
Async read and write go synchronous in the same case,
so do the same here.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15172
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Nov 17 05:55:42 UTC 2022 on sn-devel-184
(cherry picked from commit
26adf3344337f4e8d5d2107e6ba42e5ea7656372)
Jeremy Allison [Thu, 20 Oct 2022 22:08:14 +0000 (15:08 -0700)]
s3: smbd: Add utility function smbd_smb2_is_last_in_compound().
Not yet used. Returns true if we're processing the last SMB2 request in a
compound.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15172
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
e668c3a82cd566b405c976d45659dd79786948de)
Jeremy Allison [Thu, 20 Oct 2022 21:22:25 +0000 (14:22 -0700)]
s4: torture: Add an async SMB2_OP_FLUSH + SMB2_OP_FLUSH test to smb2.compound_async.
Shows we fail sending an SMB2_OP_FLUSH + SMB2_OP_FLUSH
compound if we immediately close the file afterward.
Internally the flushes go async and we free the req, then
we process the close. When the flushes complete they try to access
already freed data.
Extra test which will allow me to test when the final
component (flush) of the compound goes async and returns
NT_STATUS_PENDING.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15172
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
6f149dfd9d8d2619a9e18975ebcf5e69df2b7766)
Jeremy Allison [Tue, 18 Oct 2022 23:22:33 +0000 (16:22 -0700)]
s4: torture: Add an async SMB2_OP_FLUSH + SMB2_OP_CLOSE test to smb2.compound_async.
Shows we fail sending an SMB2_OP_FLUSH + SMB2_OP_CLOSE
compound. Internally the flush goes async and
we free the req, then we process the close.
When the flush completes it tries to access
already freed data.
Found using the Apple MacOSX client at SNIA SDC 2022.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15172
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
17a110c1b58196eb8ecf3c76eb97e8508976c544)
Andrew Walker [Fri, 2 Sep 2022 20:31:32 +0000 (16:31 -0400)]
nsswitch:libwbclient - fix leak in wbcCtxPingDc2
Memory allocated for response is never freed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15164
Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Sep 6 20:10:17 UTC 2022 on sn-devel-184
(cherry picked from commit
aa9f3a2da97ae13cce3e50fe3d58f143200e9a17)
Jeremy Allison [Fri, 28 Oct 2022 22:31:39 +0000 (15:31 -0700)]
s3: libsmbclient: Fix smbc_getxattr() to return 0 on success.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14808
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Nov 1 18:31:22 UTC 2022 on sn-devel-184
(cherry picked from commit
bdbb38d16c8eaff33484bb747efa639c4d8e7f35)
Jeremy Allison [Fri, 28 Oct 2022 22:28:41 +0000 (15:28 -0700)]
s4: torture: Show return value for smbc_getxattr() is incorrect (returns >0 for success, should return zero).
Add torture test to show smbc_getxattr() should return -1 on
failure, 0 on success.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14808
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
(cherry picked from commit
74636dfe24c15677261fc40c0a4ec62404898cf4)