Ralph Boehme [Mon, 7 Jun 2021 17:02:56 +0000 (19:02 +0200)]
smbd: return correct timestamps for quota fake file
Prior to
572d4e3a56eef00e29f93482daa21647af7310d0 it was sufficient to
initialize struct timespec to zero to return NTTIME 0 (ie not set) over
SMB.
This fixes the same problem from bug 14714 where the timestamps in an SMB2 CLOSE
response.
Windows of course does return *some* timestamps, but as it's neither documented
nor was I able to figure out where they would be coming from, as well as the
Windows client apparently doesn't care, I didn't bother with implementing some
sophisticated heuristic to return some timestamps.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14731
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 9 20:38:02 UTC 2021 on sn-devel-184
(cherry picked from commit
52a421111218d94d2e5cb131648bcdf5411d910b)
Ralph Boehme [Fri, 4 Jun 2021 14:58:20 +0000 (16:58 +0200)]
smbd: handle fake file handles in dos_mode()
This ensures SMB requests on the quote fake file "$Extend/$Quota" don't hit the
VFS, where specifically in vfs_gpfs we log an error message if we fail to read
the DOS attributes for a file with
vfs_gpfs_get_dos_attributes: Getting winattrs failed for $Extend/$Quota
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14731
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 7 Jun 2021 17:03:05 +0000 (19:03 +0200)]
smbtorture: verify attributes on fake quota file handle
The expected DOS attributes are taken from a Windows 2016 server. The expected
timestamps are what Samba has returned before commit
572d4e3a56eef00e29f9348:
NTTIME(0), ie no value.
The upcoming fix will restore this behaviour. Windows of course does
return *some* timestamps, but as it's neither documented nor was I able to
figure out where they would be coming from, as well as the Windows client apparently
doesn't care, I didn't bother with implementing some sophisticated heuristic to
return some timestamps.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14731
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
1e338d51602a7dca6108e5e8704f5cdde4740713)
Stefan Metzmacher [Tue, 29 Jun 2021 13:42:56 +0000 (15:42 +0200)]
libcli/smb: allow unexpected padding in SMB2 READ responses
Make use of smb2cli_parse_dyn_buffer() in smb2cli_read_done()
as it was exactly introduced for a similar problem see:
commit
4c6c71e1378401d66bf2ed230544a75f7b04376f
Author: Stefan Metzmacher <metze@samba.org>
AuthorDate: Thu Jan 14 17:32:15 2021 +0100
Commit: Volker Lendecke <vl@samba.org>
CommitDate: Fri Jan 15 08:36:34 2021 +0000
libcli/smb: allow unexpected padding in SMB2 IOCTL responses
A NetApp Ontap 7.3.7 SMB server add 8 padding bytes to an
offset that's already 8 byte aligned.
RN: Work around special SMB2 IOCTL response behavior of NetApp Ontap 7.3.7
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607
Pair-Programmed-With: Volker Lendecke <vl@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Jan 15 08:36:34 UTC 2021 on sn-devel-184
RN: Work around special SMB2 READ response behavior of NetApp Ontap 7.3.7
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jul 15 23:53:55 UTC 2021 on sn-devel-184
(cherry picked from commit
155348cda65b441a6c4db1ed84dbf1682d02973c)
Stefan Metzmacher [Tue, 29 Jun 2021 13:24:13 +0000 (15:24 +0200)]
libcli/smb: make smb2cli_ioctl_parse_buffer() available as smb2cli_parse_dyn_buffer()
It will be used in smb2cli_read.c soon...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
1faf15b3d0f41fa8a94b76d1616a4460ce0c6fa4)
Stefan Metzmacher [Mon, 5 Jul 2021 15:49:00 +0000 (17:49 +0200)]
s3:smbd: implement FSCTL_SMBTORTURE_GLOBAL_READ_RESPONSE_BODY_PADDING8
This turns the 'smb2.read.bug14607' test from 'skip' into 'xfailure',
as the 2nd smb2cli_read() function will now return
NT_STATUS_INVALID_NETWORK_RESPONSE.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
ef57fba5dbf359b204ba952451e1e33ed68f1c91)
Stefan Metzmacher [Mon, 5 Jul 2021 15:49:00 +0000 (17:49 +0200)]
s3:smbd: introduce a body_size variable in smbd_smb2_request_read_done
This will simplify the following changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
5ecac656fde4e81aa6e51e7b3134ea3fb75f564a)
Stefan Metzmacher [Tue, 6 Jul 2021 14:24:59 +0000 (16:24 +0200)]
s4:torture/smb2: add smb2.read.bug14607 test
This test will use a FSCTL_SMBTORTURE_GLOBAL_READ_RESPONSE_BODY_PADDING8
in order to change the server behavior of READ responses regarding
the data offset.
It will demonstrate the problem in smb2cli_read*() triggered
by NetApp Ontap servers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
b3c9823d907b91632679e6f0ffce1b7192e4b9b6)
Karolin Seeger [Wed, 14 Jul 2021 06:31:55 +0000 (08:31 +0200)]
VERSION: Bump version up to Samba 4.13.11...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Wed, 14 Jul 2021 06:31:24 +0000 (08:31 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.13.10 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Wed, 14 Jul 2021 06:30:52 +0000 (08:30 +0200)]
WHATSNEW: Add release notes for Samba 4.13.10.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Stefan Metzmacher [Mon, 5 Jul 2021 15:17:30 +0000 (17:17 +0200)]
smbXsrv_{open,session,tcon}: protect smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records
I saw systems with locking.tdb records being part of:
ctdb catdb smbXsrv_tcon_global.tdb
It's yet unknown how that happened, but we should not panic in srvsvc_*
calls because the info0 pointer was NULL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14752
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jul 6 11:08:43 UTC 2021 on sn-devel-184
(cherry picked from commit
00bab5b3c821f272153a25ded9743460887a7907)
Autobuild-User(v4-13-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-13-test): Tue Jul 13 13:18:20 UTC 2021 on sn-devel-184
Stefan Metzmacher [Fri, 2 Jul 2021 07:37:25 +0000 (09:37 +0200)]
gensec_krb5: restore ipv6 support for kpasswd
We need to offer as much space we have in order to
get the address out of tsocket_address_bsd_sockaddr().
This fixes a regression in commit
43c808f2ff907497dfff0988ff90a48fdcfc16ef.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14750
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
0388a8f33bdde49f1cc805a0291859203c1a52b4)
Joseph Sutton [Thu, 27 May 2021 03:35:35 +0000 (15:35 +1200)]
netcmd: Use next_free_rid() function to calculate a SID for restoring a backup
This means we won't get errors if the DC doesn't have a rIDNextRID
attribute, but we will still error if there is no RID Set or if all its
pools are exhausted.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14669
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit
59d293b60608172ae61551c642d13d3b215924e4)
Joseph Sutton [Mon, 24 May 2021 04:46:28 +0000 (16:46 +1200)]
python/tests/dsdb: Add tests for RID allocation functions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14669
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit
7c7cad81844950c3efe9a540a47b9d4e1ce1b2a1)
Joseph Sutton [Mon, 24 May 2021 00:59:59 +0000 (12:59 +1200)]
dsdb: Add next_free_rid() function to allocate a RID without modifying the database
If used to generate SIDs for objects, care should be taken, as the
possibility for having duplicate objectSIDs can arise.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14669
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit
cc98e03e7a0f2bf7a1ace2950fe6500f53640c1b)
Joseph Sutton [Mon, 24 May 2021 02:58:40 +0000 (14:58 +1200)]
netcmd: Add tests for performing an offline backup immediately after joining a domain
This currently fails due to the DC not having a rIDNextRID attribute,
which is required for the restore process.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14669
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit
b7e6a1c5da7283c49586dc29f85ab19e0e57b0f6)
Joseph Sutton [Wed, 26 May 2021 01:40:30 +0000 (13:40 +1200)]
netcmd: Ignore rIDUsedPool attribute in offline domain backup test
The RID Set of the newly created DC account has all its values
initialised to zero. If the rIDUsedPool attribute was previously
non-zero, then the restore process will cause its value to change.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14669
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit
658e5a6cc20b57f48477affd370fe25458178b92)
Joseph Sutton [Mon, 24 May 2021 04:40:55 +0000 (16:40 +1200)]
netcmd: Fix error-checking condition
This condition probably meant to check the argument of the most recently
thrown exception, rather than the previous one again.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14669
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit
e8c242bed19432d96e78dc345ab5f06422c5b104)
Joseph Sutton [Tue, 16 Mar 2021 09:20:21 +0000 (22:20 +1300)]
netcmd: Avoid database corruption by opting not to create database files during an offline domain backup
If backup dirs contain hardlinks, the backup process could previously
attempt to open an LMDB database already opened during the backup,
causing it to be recreated as a new TDB database. This commit ensures
that new database files are not created during this operation, and that
the main SamDB database is not modified.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14027
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
(cherry picked from commit
4cf773591d49166b8c7ef8d637d7edfe755d48aa)
Joseph Sutton [Tue, 16 Mar 2021 03:22:40 +0000 (16:22 +1300)]
netcmd: Determine which files are to be copied for an offline domain backup
The old behaviour attempted to check for and remove files with duplicate
names, but did not do so due to a bug, and would have left undetermined
which files were given priority when duplicate filenames were present.
Now when hardlinks are present, only one instance of each file is
chosen, with files in the private directory having priority. If one
backup dir is nested inside another, the files contained in the nested
directory are only added once. Additionally, the BIND DNS database is
omitted from the backup.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14027
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
(cherry picked from commit
3723148e7aa7e6d4a48a1a38112f121f52b6ee6f)
Joseph Sutton [Wed, 17 Mar 2021 21:52:52 +0000 (10:52 +1300)]
netcmd: Add test for an offline backup of nested directories
This test verifies that when performing an offline backup of a domain
where one of the directories to be backed up is nested inside another,
the contained files are only included once in the backup.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14027
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
(cherry picked from commit
f994783f4279884ec4d2ee3e7db80fb7af267d1c)
Joseph Sutton [Tue, 16 Mar 2021 03:13:05 +0000 (16:13 +1300)]
netcmd: Add test for an offline backup of a directory containing hardlinks
This test verifies that when performing an offline backup of a domain
where the directories to be backed up contain hardlinks, only one
instance of each file is backed up, and that files in the private
directory take precedence.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14027
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
(cherry picked from commit
0e5738887524b467bfebcf657bcb00ed71827784)
Andrew Bartlett [Fri, 13 Nov 2020 02:26:07 +0000 (15:26 +1300)]
samba-tool: Give better error information when the 'domain backup restore' fails with a duplicate SID
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14575
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Thu Nov 26 21:15:40 UTC 2020 on sn-devel-184
(cherry picked from commit
8ad82ae66157c893a2b84d353ec4d9feb4815ede)
Andrew Bartlett [Tue, 17 Nov 2020 23:11:10 +0000 (12:11 +1300)]
samba-tool domain backup: Confirm the sidForRestore we will put into the backup is free
Otherwise the administrator might only find there is a problem once they
attempt to restore the domain!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14575
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
(cherry picked from commit
15609cb91986b3e29c5b1a3b6c69c04829f43eb4)
Jeremy Allison [Thu, 27 May 2021 05:41:53 +0000 (22:41 -0700)]
s3: smbd: Fix uninitialized memory read in process_symlink_open() when used with vfs_shadow_copy2().
Valgrind trace follows.
==
3627798== Invalid read of size 1
==
3627798== at 0x483FF46: strlen (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==
3627798== by 0x55DE412: strdup (strdup.c:41)
==
3627798== by 0x4F4657E: smb_xstrdup (util.c:660)
==
3627798== by 0x4C62C2E: vfs_ChDir (vfs.c:988)
==
3627798== by 0x4C4A51C: process_symlink_open (open.c:656)
==
3627798== by 0x4C4ADE7: non_widelink_open (open.c:862)
==
3627798== by 0x4C4AFB7: fd_openat (open.c:918)
==
3627798== by 0x4BBE895: openat_pathref_fsp (files.c:506)
==
3627798== by 0x4C48A00: filename_convert_internal (filename.c:2027)
==
3627798== by 0x4C48B77: filename_convert (filename.c:2067)
==
3627798== by 0x4C32408: call_trans2qfilepathinfo (trans2.c:6173)
==
3627798== by 0x4C3C5DA: handle_trans2 (trans2.c:10143)
==
3627798== Address 0xda8bc90 is 96 bytes inside a block of size 217 free'd
==
3627798== at 0x483DA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==
3627798== by 0x4FCA3C9: _tc_free_internal (talloc.c:1222)
==
3627798== by 0x4FCA481: _talloc_free_internal (talloc.c:1248)
==
3627798== by 0x4FCB825: _talloc_free (talloc.c:1792)
==
3627798== by 0xDB248DD: store_cwd_data (vfs_shadow_copy2.c:1473)
==
3627798== by 0xDB24BEF: shadow_copy2_chdir (vfs_shadow_copy2.c:1542)
==
3627798== by 0x4C662A4: smb_vfs_call_chdir (vfs.c:2257)
==
3627798== by 0x4C62B48: vfs_ChDir (vfs.c:940)
==
3627798== by 0x4C4A51C: process_symlink_open (open.c:656)
==
3627798== by 0x4C4ADE7: non_widelink_open (open.c:862)
==
3627798== by 0x4C4AFB7: fd_openat (open.c:918)
==
3627798== by 0x4BBE895: openat_pathref_fsp (files.c:506)
==
3627798== Block was alloc'd at
==
3627798== at 0x483C7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==
3627798== by 0x4FC9365: __talloc_with_prefix (talloc.c:783)
==
3627798== by 0x4FC94FF: __talloc (talloc.c:825)
==
3627798== by 0x4FCCFDC: __talloc_strlendup (talloc.c:2454)
==
3627798== by 0x4FCD096: talloc_strdup (talloc.c:2470)
==
3627798== by 0xDB24977: store_cwd_data (vfs_shadow_copy2.c:1476)
==
3627798== by 0xDB24BEF: shadow_copy2_chdir (vfs_shadow_copy2.c:1542)
==
3627798== by 0x4C662A4: smb_vfs_call_chdir (vfs.c:2257)
==
3627798== by 0x4C62B48: vfs_ChDir (vfs.c:940)
==
3627798== by 0x4C4A92D: non_widelink_open (open.c:755)
==
3627798== by 0x4C4AFB7: fd_openat (open.c:918)
==
3627798== by 0x4BBE895: openat_pathref_fsp (files.c:506)
==
3627798==
Even though SMB_VFS_CONNECTPATH() returns a const char,
vfs_shadow_copy2() can free and reallocate this whilst
in use inside process_symlink_open().
Take a copy to make sure we don't reference free'd memory.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14721
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May 27 17:25:43 UTC 2021 on sn-devel-184
(cherry picked from commit
2f0cfe82907516ecf23cc385d41b8d29ed6b8c96)
Autobuild-User(v4-13-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-13-test): Mon Jul 12 11:03:04 UTC 2021 on sn-devel-184
Ralph Boehme [Mon, 10 May 2021 10:34:32 +0000 (12:34 +0200)]
mdssvc: avoid direct filesystem access, use the VFS
This ensures mdssvc uses the same FileIDs as the fileserver as well as Spotlight
can be used working on a virtual filesystem like GlusterFS.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740
RN: Spotlight RPC service doesn't work with vfs_glusterfs
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Jun 16 05:59:13 UTC 2021 on sn-devel-184
(backported from commit
620b99144359f45aa69c13731db8d793cfbba197)
[slow@samba.org: use path based VFS functions, not the handle based ones]
Ralph Boehme [Tue, 15 Jun 2021 12:14:52 +0000 (14:14 +0200)]
mdssvc: chdir() to the conn of the RPC request
In preperation of calling VFS functions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
6de3a88494b5932d0fd10f5c8c8ec57916aeefc5)
Ralph Boehme [Mon, 10 May 2021 10:10:08 +0000 (12:10 +0200)]
mdssvc: maintain a connection struct in the mds_ctx
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
8b681cfb5d9b1ece03f7e7b9d3a08ae6c461d679)
Ralph Boehme [Fri, 28 May 2021 07:25:22 +0000 (09:25 +0200)]
smbd: add create_conn_struct_cwd()
Compared to create_conn_struct_tos_cwd() this takes a TALLOC_CTX and
tevent_context as additional arguments and the resulting connection_struct is
stable across the lifetime of mem_ctx and ev.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
9a2d6bcfd5797dd4db764921548c8dca6dd0eb21)
Ralph Boehme [Tue, 15 Jun 2021 09:17:57 +0000 (11:17 +0200)]
smbd: pass tevent context to create_conn_struct_as_root()
The next commit will add another caller of create_conn_struct_as_root() that is
going to pass a long-lived tevent context.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
16c39b81d6f2c7d75cfe72bbbe2f6a5bde42c7b0)
Ralph Boehme [Mon, 10 May 2021 10:08:17 +0000 (12:08 +0200)]
mdssvc: pass messaging context to mds_init_ctx()
This is needed in a subsequent commit. Note that I prefer to do the event
context unwrapping in the caller and pass both the event and messaging context
explicitly to mds_init_ctx().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
1ef2828e1025e4c89292df1dfa6161c4453b3afe)
Ralph Boehme [Mon, 10 May 2021 09:07:27 +0000 (11:07 +0200)]
mdssvc: don't fail mds_add_result() if result is not found in CNID set
Just skip adding the result to the pending results set, don't return an
error. Returning an error triggers an error at the MDSSVC RPC error which is NOT
what we want here.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
8847f46f75ac5c1a753a0e7da88c522be25ef681)
Ralph Boehme [Mon, 10 May 2021 09:04:38 +0000 (11:04 +0200)]
mdssvc: use a helper variable in mds_add_result()
No change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14740
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
e2486d76b611f07b85b26c54fe14da7b76bd01c2)
Jeremy Allison [Wed, 9 Jun 2021 19:22:26 +0000 (12:22 -0700)]
s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in change_file_owner_to_parent() error path.
Caller is still using this !
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14736
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power<npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Fri Jun 11 10:17:46 UTC 2021 on sn-devel-184
(cherry picked from commit
4f20d310af2bb1f96dea4810a7130492cc4cfc55)
Jeremy Allison [Tue, 1 Jun 2021 20:27:47 +0000 (13:27 -0700)]
s3: lib: Fix talloc heirarcy error in parent_smb_fname().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14722
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
c500d99e2f5aaec102bf952b7941a2596b3e35a1)
Ralph Boehme [Mon, 24 May 2021 10:03:28 +0000 (12:03 +0200)]
smbd: correctly initialize close timestamp fields
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14714
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon May 24 16:56:22 UTC 2021 on sn-devel-184
(cherry picked from commit
f96cc29711181b5237a5b92c4bfb5e75fe2a73b9)
Autobuild-User(v4-13-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-13-test): Wed May 26 11:43:14 UTC 2021 on sn-devel-184
Ralph Boehme [Mon, 24 May 2021 10:21:38 +0000 (12:21 +0200)]
torture: add a test that verifies SMB2 close fields without postqueryattrib
The server must set all fields to 0 if postqueryattrib is not set.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14714
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
ac9042ff4dc6c892764abd23a9445116ad40e62a)
Volker Lendecke [Tue, 18 May 2021 06:32:45 +0000 (08:32 +0200)]
ctdb: Fix a crash in run_proc_signal_handler()
If a script times out the caller can talloc_free() the script_list
output of run_event_recv, which talloc_free's proc->output from
run_proc.c as well. If the script generates further output after the
timeout and then exits after a while, the SIGCHLD handler in the
eventd tries to read into proc->output, which was already free'ed.
Fix this by not doing just a talloc_steal but a talloc_move. This way
proc_read_handler() called from run_proc_signal_handler() does not try
to realloc the stale reference to proc->output but gets a NULL
reference.
I don't really know how to do a knownfail in ctdb, so this commit
actually activates catching the signal by waiting long enough for
22.bar to exit and generate the SIGCHLD.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14475
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
adef87a621b17baf746d12f991c60a8a3ffcfcd3)
Autobuild-User(v4-13-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-13-test): Tue May 25 08:55:59 UTC 2021 on sn-devel-184
Volker Lendecke [Tue, 18 May 2021 06:28:16 +0000 (08:28 +0200)]
ctdb: Introduce output before and after the 10-second timeout
This will lead to a crash in run_event_test.c soon
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14475
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
f320d1a7ab0f81eefdb28b36bfe346eacb8980de)
Volker Lendecke [Tue, 18 May 2021 06:23:05 +0000 (08:23 +0200)]
ctdb: Wait for SIGCHLD if script timed out
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14475
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
19290f10c7d39e055847eb45affd9e229a116b18)
Volker Lendecke [Tue, 18 May 2021 06:18:25 +0000 (08:18 +0200)]
ctdb: Introduce a helper variable in run_event_test.c
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14475
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
07ab9b7a71d59f3ff2b9dee662632315062213ab)
Volker Lendecke [Tue, 18 May 2021 06:01:06 +0000 (08:01 +0200)]
ctdb: Call run_event_recv() in a callback function
Triggers a different code path in run_event_* and aligns it more what
the ctdb eventd really does.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14475
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
9398d4b912387be8cde0c2ca30734eca7d547d19)
Volker Lendecke [Fri, 7 May 2021 15:36:58 +0000 (17:36 +0200)]
ctdb: fix typos
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14475
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
f188c9d732e4b9b3d37c4cb09608aba747845997)
Jeremy Allison [Mon, 17 May 2021 22:34:55 +0000 (15:34 -0700)]
s3: smbd: Ensure POSIX default ACL is mapped into returned Windows ACL for directory handles.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14708
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Wed May 19 09:22:56 UTC 2021 on sn-devel-184
(cherry picked from commit
b7f62e13933da14c381f70cd46ad13849b108e68)
Autobuild-User(v4-13-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-13-test): Fri May 21 08:50:20 UTC 2021 on sn-devel-184
Karolin Seeger [Tue, 11 May 2021 07:52:03 +0000 (09:52 +0200)]
VERSION: Bump version up to 4.13.10...
and re-enable GIT_SNAPSHOT
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
ca362d33d752459e9f799d49a944247f50e124a2)
Stefan Metzmacher [Tue, 11 May 2021 08:24:06 +0000 (10:24 +0200)]
Merge branch 'v4-13-stable' into 'v4-13-test' again for the 4.13.9 release
Somehow the samba-4.13.8 was not done in v4-13-stable...
This merge has no changes, but it allows us to sync the
history between v4-13-test and v4-13-stable again.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 11 May 2021 08:23:07 +0000 (10:23 +0200)]
Revert "VERSION: Bump version up to 4.13.10..." for now
This reverts commit
ca362d33d752459e9f799d49a944247f50e124a2.
Karolin Seeger [Tue, 11 May 2021 07:52:03 +0000 (09:52 +0200)]
VERSION: Bump version up to 4.13.10...
and re-enable GIT_SNAPSHOT
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Tue, 11 May 2021 07:51:07 +0000 (09:51 +0200)]
VERSION: Disable GIT_SNAPSHOT for the Samba 4.13.9 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Tue, 11 May 2021 07:50:16 +0000 (09:50 +0200)]
WHATSNEW: Add release notes for Samba 4.13.9.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Jeremy Allison [Thu, 29 Apr 2021 16:50:30 +0000 (09:50 -0700)]
s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success.
Missing call to set up req->outbuf means no reply is sent.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14696
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr 29 21:27:58 UTC 2021 on sn-devel-184
(cherry picked from commit
47d79d7e7e406f7dd204ded7c72cfed3e0761ad5)
Autobuild-User(v4-13-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-13-test): Mon May 3 09:06:36 UTC 2021 on sn-devel-184
Andrew Bartlett [Thu, 15 Apr 2021 22:43:07 +0000 (10:43 +1200)]
docs: Expand the "log level" docs on audit logging
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14689
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
38fe888f95f8d22736080ed521939be932e7bca0)
Andrew Bartlett [Thu, 15 Apr 2021 02:40:30 +0000 (14:40 +1200)]
docs: underline special words in the audit logging part of "log level" in man smb.conf
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14689
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
d03e7ffcff32452bb92f2ced9f06cbeab9843e04)
Andrew Bartlett [Thu, 15 Apr 2021 02:45:07 +0000 (14:45 +1200)]
docs: Further discourage the use of the "event notification" options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14689
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
364b8be9816b34b2a1b07c6259345c406d68c9f2)
Andrew Bartlett [Thu, 15 Apr 2021 02:44:22 +0000 (14:44 +1200)]
docs: Add proper explination on why transactions need to be audited.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14689
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
a778a3a6420f094a953563b87f84457fdebd20a3)
Andrew Bartlett [Thu, 15 Apr 2021 02:39:49 +0000 (14:39 +1200)]
docs: Add missing documentation on dsdb_group_audit and dsdb_group_audit_json
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14689
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
2e533664e756ccde8fc1b3e41e70437c9e7bafcd)
Andrew Bartlett [Thu, 15 Apr 2021 01:52:38 +0000 (13:52 +1200)]
debug: Synchronise "log level" in smb.conf with the code
This is done by pasting in the contents of default_classname_table[]
in lib/util/debug.c into
cut -f 2 -d \"| xargs -i sh -c 'echo "\t<listitem><para><parameter moreinfo=\"none\">{}</parameter></para></listitem>"'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14689
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
0d30d74e89829cc7b4faa6ba835e3d90c1c410aa)
Karolin Seeger [Thu, 29 Apr 2021 09:11:31 +0000 (11:11 +0200)]
VERSION: Bump version up to 4.13.9.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 29 Apr 2021 09:11:10 +0000 (11:11 +0200)]
Merge tag 'samba-4.13.8' into v4-13-test
samba: tag release samba-4.13.8
Karolin Seeger [Mon, 26 Apr 2021 11:09:58 +0000 (13:09 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.13.8 release.
BUG 14571: CVE-2021-20254: Buffer overrun in sids_to_unixids().
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Mon, 26 Apr 2021 10:45:26 +0000 (12:45 +0200)]
WHATSNEW: Add release notes for Samba 4.13.8.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Volker Lendecke [Sat, 20 Feb 2021 14:50:12 +0000 (15:50 +0100)]
CVE-2021-20254 passdb: Simplify sids_to_unixids()
Best reviewed with "git show -b", there's a "continue" statement that
changes subsequent indentation.
Decouple lookup status of ids from ID_TYPE_NOT_SPECIFIED
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14571
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from patch from master)
[backport by npower@samba.org as master commit
493f5d6b078e0b0f80d1ef25043e2834cb4fcb87 and
58e9b62222ad62c81cdf11d704859a227cb2902b creates conflicts
due to rename of WBC_ID_TYPE_* -> ID_TYPE_*]
Karolin Seeger [Mon, 26 Apr 2021 11:08:23 +0000 (13:08 +0200)]
VERSION: Enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Mon, 26 Apr 2021 10:45:26 +0000 (12:45 +0200)]
WHATSNEW: Add release notes for Samba 4.13.8.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Volker Lendecke [Sat, 20 Feb 2021 14:50:12 +0000 (15:50 +0100)]
CVE-2021-20254 passdb: Simplify sids_to_unixids()
Best reviewed with "git show -b", there's a "continue" statement that
changes subsequent indentation.
Decouple lookup status of ids from ID_TYPE_NOT_SPECIFIED
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14571
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from patch from master)
[backport by npower@samba.org as master commit
493f5d6b078e0b0f80d1ef25043e2834cb4fcb87 and
58e9b62222ad62c81cdf11d704859a227cb2902b creates conflicts
due to rename of WBC_ID_TYPE_* -> ID_TYPE_*]
Stefan Metzmacher [Wed, 24 Mar 2021 10:52:22 +0000 (11:52 +0100)]
VERSION: Bump version up to 4.13.8...
GIT_SNAPSHOT is already 'yes'.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
5677103fe7b49ed7738d5df5e5231473c673e08c)
Samuel Cabrero [Thu, 8 Apr 2021 16:45:38 +0000 (18:45 +0200)]
s3-iremotewinspool: set the per-request memory context
The iremotewinspool service is not using the pidl autogenerated code.
Set the per-request memory context following the changes made is commit
5a7e9ade9a4cdfa68900c6a64b639f53c0da47ad.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14675
CI: https://gitlab.com/samba-team/samba/-/merge_requests/1890
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Apr 9 15:20:02 UTC 2021 on sn-devel-184
(cherry picked from commit
1efa9ffd7ae77ebf22b28c12dd642a89991b75d2)
Autobuild-User(v4-13-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-13-test): Mon Apr 19 07:53:48 UTC 2021 on sn-devel-184
Martin Schwenke [Mon, 29 Mar 2021 05:30:37 +0000 (16:30 +1100)]
build: Only add -Wl,--as-needed when supported
If -Wl,--as-needed is added to EXTRA_LDFLAGS (via ADD_LDFLAGS, as per
commit
996560191ac6bd603901dcd6c0de5d239e019ef4) then on some
platforms (at least CentOS 8 and Fedora 33), any indirect/recursive
dependencies (i.e. private libraries) are added to both the
binary (reqid_test in the CTDB case) and to samba-util.so. However,
only samba-util.so has rpath set to find private libraries.
When ld.so tries to resolve these dependencies for the binary it
fails. This may be a bug on those platforms, but it occurs reliably
and our users will also hit the bug. For binaries that have other
private library dependencies (e.g. bundled talloc) rpath will contain
the private library directory so the duplicate private library
dependencies are then found... that is, when it works, it works by
accident!
For some reason (deep in waf or wafsamba) if -Wl,--as-needed is added to
LINKFLAGS (as is done in conf.add_as_needed()) then it works: the direct
dependencies are only added to samba-util.so and the same depenencies
(indirect dependencies for binaries) are not added incorrectly to the
binaries.
So, without changing 1/2 of waf/wafsamba the simplest fix is to revert
to adding -Wl,--as-needed to LINKFLAGS, which was the case before
commit
996560191ac6bd603901dcd6c0de5d239e019ef4.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14288
RN: Fix the build on OmniOS
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(backported from commit
ff1c3af603b47a7e8f9faad8d1c2e4a489559155)
Autobuild-User(v4-13-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-13-test): Tue Apr 13 13:16:05 UTC 2021 on sn-devel-184
Ralph Boehme [Mon, 29 Mar 2021 10:24:39 +0000 (12:24 +0200)]
s3: smbd: fix deferred renames
This was broken by
c7a9e0e4cdfb22e66533b5c8e20af3cfdb8ae78c.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14679
CI: https://gitlab.com/samba-team/samba/-/merge_requests/1875
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@amba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Mar 31 06:13:39 UTC 2021 on sn-devel-184
(cherry picked from commit
10d753868e810604d8f60673bbd48f55aaff0797)
Autobuild-User(v4-13-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-13-test): Thu Apr 1 12:19:23 UTC 2021 on sn-devel-184
Jeremy Allison [Tue, 30 Mar 2021 22:05:47 +0000 (15:05 -0700)]
s4: torture. Add smb2.lease.rename_wait test to reproduce regression in delay rename for lease break code.
Passes against Windows 10. Add to knownfail, the
next commit will fix this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14679
CI: https://gitlab.com/samba-team/samba/-/merge_requests/1875
Back-ported from
8d9a0b8d57713781c72440c7e91746b5d89e6f6a.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Tue, 23 Mar 2021 16:06:15 +0000 (17:06 +0100)]
rpc_server3: Fix a memleak for internal pipes
state->call should not be talloc'ed off a long-lived context
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14675
CI: https://gitlab.com/samba-team/samba/-/merge_requests/1861
RN: Memory leak in the RPC server
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Mar 31 12:14:01 UTC 2021 on sn-devel-184
(cherry picked from commit
12f516e4680753460e7fe8811e6c6ff70057580c)
Ralph Boehme [Mon, 22 Mar 2021 11:06:39 +0000 (12:06 +0100)]
spools: avoid leaking memory into the callers mem_ctx
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14675
CI: https://gitlab.com/samba-team/samba/-/merge_requests/1861
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
481176ec745c14b78fca68e01a61c83405a4b97b)
Ralph Boehme [Tue, 23 Mar 2021 10:40:21 +0000 (11:40 +0100)]
pidl: set the per-request memory context in the pidl generator
The talloc memory context referenced by the pipe_struct mem_ctx member is used
as talloc parent for RPC response data by the RPC service implementations.
In Samba versions up to 4.10 all talloc children of p->mem_ctx were freed after
a RPC response was delivered by calling talloc_free_children(p->mem_ctx). Commit
60fa8e255254d38e9443bf96f2c0f31430be6ab8 removed this call which resulted in all
memory allocations on this context not getting released, which can consume
significant memory in long running RPC connections.
Instead of putting the talloc_free_children(p->mem_ctx) back, just use the
mem_ctx argument of the ${pipename}_op_dispatch_internal() function which is a
dcesrv_call_state object created by dcesrv_process_ncacn_packet() and released
by the RPC server when the RPC request processing is finished.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14675
CI: https://gitlab.com/samba-team/samba/-/merge_requests/1861
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
4c3fb2a5912966a61e7ebdb05eb3231a0e1d6033)
Ralph Boehme [Tue, 16 Mar 2021 17:18:46 +0000 (18:18 +0100)]
smbd: free open_rec state in remove_deferred_open_message_smb2_internal()
The lifetime of open_rec (struct deferred_open_record) ojects is the time
processing the SMB open request every time the request is scheduled, ie once we
reschedule we must wipe the slate clean. In case the request gets deferred
again, a new open_rec will be created by the schedule functions.
This ensures any timer-event tied to the open_rec gets cancelled and doesn't
fire unexpectedly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14672
CI: https://gitlab.com/samba-team/samba/-/merge_requests/1843
RN: smbd panic when two clients open same file
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 18 18:04:09 UTC 2021 on sn-devel-184
(cherry picked from commit
591c9196962b695b01c0d86918b8f8a263e9665c)
Autobuild-User(v4-13-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-13-test): Wed Mar 31 10:13:40 UTC 2021 on sn-devel-184
Ralph Boehme [Wed, 17 Mar 2021 15:24:28 +0000 (16:24 +0100)]
smbd: cancel pending poll open timer in poll_open_done()
The retry of the open is scheduled below, avoid rescheduling it a second time in
the open retry timeout function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14672
CI: https://gitlab.com/samba-team/samba/-/merge_requests/1843
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
171a58ff3e8ee07cf5d7af08eabcb4a7379e7ce5)
Ralph Boehme [Wed, 17 Mar 2021 15:22:37 +0000 (16:22 +0100)]
smbd: reset dangling watch_req pointer in poll_open_done
We just freed subreq and a pointer to subreq is stored in open_rec->watch_req,
so we must invalidate the pointer.
Otherwise if the poll open timer fires it will do a
TALLOC_FREE(open_rec->watch_req);
on the dangling pointer which may crash or do something worse like freeing some
other random talloc memory.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14672
CI: https://gitlab.com/samba-team/samba/-/merge_requests/1843
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
065ed088b3d5710c288e46a5bf1e063f9a29c8cc)
Christof Schmitt [Fri, 5 Mar 2021 23:07:54 +0000 (16:07 -0700)]
idmap_nss: Do not return SID from unixids_to_sids on type mismatch
The call to winbind_lookup_name already wrote the result in the id_map
array. The later check for the type detected a mismatch, but that did
not remove the SID from the result struct.
Change this by first assigning the SID to a temporary variable and only
write it to the id_map array after the type checks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14663
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Mar 11 08:38:41 UTC 2021 on sn-devel-184
(cherry picked from commit
0e789ba1802ca22e5a01abd6e93ef66cd45566a7)
Christof Schmitt [Fri, 5 Mar 2021 23:01:13 +0000 (16:01 -0700)]
idmap_rfc2307: Do not return SID from unixids_to_sids on type mismatch
The call to winbind_lookup_name already wrote the result in the id_map
array. The later check for the type detected a mismatch, but that did
not remove the SID from the result struct.
Change this by first assigning the SID to a temporary variable and only
write it to the id_map array after the type checks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14663
Signed-off-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit
79dd4b133c37451c98fe7f7c45da881e89e91ffc)
Christof Schmitt [Fri, 5 Mar 2021 22:48:29 +0000 (15:48 -0700)]
winbind: Only use unixid2sid mapping when module reports ID_MAPPED
Only consider a mapping to be valid when the idmap module reports
ID_MAPPED. Otherwise return the null SID.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14663
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
db2afa57e4aa926b478db1be4d693edbdf4d2a23)
Stefan Metzmacher [Wed, 17 Feb 2021 11:57:01 +0000 (12:57 +0100)]
third_party: Update socket_wrapper to version 1.3.3
This fixes a deadlock abort() when SOCKET_WRAPPER_KEEP_PCAP=1
is used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14640
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Mar 17 23:53:04 UTC 2021 on sn-devel-184
(cherry picked from commit
10c198827d977e07b411897556578d3aedce2184)
Stefan Metzmacher [Tue, 9 Feb 2021 07:56:42 +0000 (08:56 +0100)]
third_party: Update socket_wrapper to version 1.3.2
This brings support for fd-passing of INET sockets.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11899
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
ab943babc3eb454186558f6e863996dfcf7a20ea)
Stefan Metzmacher [Wed, 24 Mar 2021 10:52:22 +0000 (11:52 +0100)]
VERSION: Bump version up to 4.13.8...
GIT_SNAPSHOT is already 'yes'.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 24 Mar 2021 10:51:33 +0000 (11:51 +0100)]
Merge tag 'samba-4.13.7' into HEAD
samba: tag release samba-4.13.7
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Karolin Seeger [Wed, 24 Mar 2021 09:59:29 +0000 (10:59 +0100)]
WHATSNEW: Add release notes for Samba 4.13.7.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Stefan Metzmacher [Wed, 24 Mar 2021 09:24:47 +0000 (10:24 +0100)]
VERSION: Bump version for Samba 4.13.7 release.
o BUG #14595: CVE-2020-27840: Heap corruption via crafted DN strings.
o BUG #14655: CVE-2021-20277: Out of bounds read in AD DC LDAP server.
Note this is exactly the same as 4.13.6, except that it
has a dependency on ldb version 2.2.1, which is needed if
someone builds against a system libldb.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Stefan Metzmacher [Wed, 24 Mar 2021 09:21:56 +0000 (10:21 +0100)]
ldb: version 2.2.1
o BUG #14595: CVE-2020-27840: Heap corruption via crafted DN strings.
o BUG #14655: CVE-2021-20277: Out of bounds read in AD DC LDAP server.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Fri, 19 Mar 2021 09:12:15 +0000 (10:12 +0100)]
VERSION: Disable GIT_SNAPSHOT for the 4.13.6 release.
o BUG #14595: CVE-2020-27840: Heap corruption via crafted DN strings.
o BUG #14655: CVE-2021-20277: Out of bounds read in AD DC LDAP server.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Fri, 19 Mar 2021 09:11:37 +0000 (10:11 +0100)]
WHATSNEW: Add release notes for Samba 4.13.6.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Douglas Bagnall [Thu, 11 Feb 2021 03:28:43 +0000 (16:28 +1300)]
CVE-2020-27840: pytests: move Dn.validate test to ldb
We had the test in the Samba Python segfault suite because
a) the signal catching infrastructure was there, and
b) the ldb tests lack Samba's knownfail mechanism, which allowed us to
assert the failure.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14595
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 11 Dec 2020 03:32:25 +0000 (16:32 +1300)]
CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode
A DN string with lots of trailing space can cause ldb_dn_explode() to
put a zero byte in the wrong place in the heap.
When a DN string has a value represented with trailing spaces,
like this
"CN=foo ,DC=bar"
the whitespace is supposed to be ignored. We keep track of this in the
`t` pointer, which is NULL when we are not walking through trailing
spaces, and points to the first space when we are. We are walking with
the `p` pointer, writing the value to `d`, and keeping the length in
`l`.
"CN=foo ,DC= " ==> "foo "
^ ^ ^
t p d
--l---
The value is finished when we encounter a comma or the end of the
string. If `t` is not NULL at that point, we assume there are trailing
spaces and wind `d and `l` back by the correct amount. Then we switch
to expecting an attribute name (e.g. "CN"), until we get to an "=",
which puts us back into looking for a value.
Unfortunately, we forget to immediately tell `t` that we'd finished
the last value, we can end up like this:
"CN=foo ,DC= " ==> ""
^ ^ ^
t p d
l=0
where `p` is pointing to a new value that contains only spaces, while
`t` is still referring to the old value. `p` notices the value ends,
and we subtract `p - t` from `d`:
"CN=foo ,DC= " ==> ? ""
^ ^ ^
t p d
l ~= SIZE_MAX - 8
At that point `d` wants to terminate its string with a '\0', but
instead it terminates someone else's byte. This does not crash if the
number of trailing spaces is small, as `d` will point into a previous
value (a copy of "foo" in this example). Corrupting that value will
ultimately not matter, as we will soon try to allocate a buffer `l`
long, which will be greater than the available memory and the whole
operation will fail properly.
However, with more spaces, `d` will point into memory before the
beginning of the allocated buffer, with the exact offset depending on
the length of the earlier attributes and the number of spaces.
What about a longer DN with more attributes? For example,
"CN=foo ,DC= ,DC=example,DC=com" -- since `d` has moved out of
bounds, won't we continue to use it and write more DN values into
mystery memory? Fortunately not, because the aforementioned allocation
of `l` bytes must happen first, and `l` is now huge. The allocation
happens in a talloc_memdup(), which is by default restricted to
allocating 256MB.
So this allows a person who controls a string parsed by ldb_dn_explode
to corrupt heap memory by placing a single zero byte at a chosen
offset before the allocated buffer.
An LDAP bind request can send a string DN as a username. This DN is
necessarily parsed before the password is checked, so an attacker does
not need proper credentials. The attacker can easily cause a denial of
service and we cannot rule out more subtle attacks.
The immediate solution is to reset `t` to NULL when a comma is
encountered, indicating that we are no longer looking at trailing
whitespace.
Found with the help of Honggfuzz.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14595
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 11 Feb 2021 04:05:14 +0000 (17:05 +1300)]
CVE-2020-27840: pytests:segfault: add ldb.Dn validate test
ldb.Dn.validate wraps ldb_dn_explode.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14595
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 8 Dec 2020 08:32:09 +0000 (21:32 +1300)]
CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds
For a string that had N spaces at the beginning, we would
try to move N bytes beyond the end of the string.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14655
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry-picked from commit for master)
Andrew Bartlett [Thu, 11 Mar 2021 22:51:56 +0000 (11:51 +1300)]
CVE-2021-20277 ldb: Remove tests from ldb_match_test that do not pass
This reverts some of the backport of
33a95a1e75b85e9795c4490b78ead2162e2a1f47
This is done here rather than squashed in the cherry-pick of the expanded testsuite
because it allows this commit to be simply reverted for the backport of bug 14044
if this lands first, or to be dropped if bug 14044 lands first.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14655
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Douglas Bagnall [Fri, 5 Mar 2021 07:13:01 +0000 (20:13 +1300)]
CVE-2021-20277 ldb tests: ldb_match tests with extra spaces
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14655
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry-picked from commit for master)
Douglas Bagnall [Fri, 5 Mar 2021 02:47:56 +0000 (15:47 +1300)]
ldb: add tests for ldb_wildcard_compare
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14044
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry-picked from commit
33a95a1e75b85e9795c4490b78ead2162e2a1f47)
Karolin Seeger [Tue, 9 Mar 2021 08:16:21 +0000 (09:16 +0100)]
VERSION: Bump version up to 4.13.6...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
b30c0416390ce4151a6bf97ea44e18e9d668e596)
Karolin Seeger [Tue, 9 Mar 2021 08:16:21 +0000 (09:16 +0100)]
VERSION: Bump version up to 4.13.6...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Tue, 9 Mar 2021 08:15:02 +0000 (09:15 +0100)]
VERSION: Disable GIT_SNAPSHOT for the 4.13.5 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Tue, 9 Mar 2021 08:10:12 +0000 (09:10 +0100)]
Revert "wscript: use --as-needed only if tested successfully"
This reverts commit
eebf510fbd8847077c7bec72a1cda674b5a02714.