Karolin Seeger [Thu, 26 Mar 2020 08:14:02 +0000 (09:14 +0100)]
VERSION: Disable GIT_SNAPSHOT for the 4.10.14 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 26 Mar 2020 08:13:27 +0000 (09:13 +0100)]
WHATSNEW: Add release notes for Samba 4.10.14.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Martin Schwenke [Fri, 6 Mar 2020 05:11:23 +0000 (16:11 +1100)]
ctdb-tcp: Do not stop outbound connection in ctdb_tcp_node_connect()
The only place the outgoing connection needs to be stopped is when
there is a timeout when waiting for the connection to become writable.
Add a new function ctdb_tcp_node_connect_timeout() to handle this
case.
All of the other cases are attempts to establish a new outgoing
connection (initial attempt, retry after an error or disconnect, ...)
so drop stopping the connection in those cases.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14295
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Signed-off-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Mar 12 05:29:20 UTC 2020 on sn-devel-184
(cherry picked from commit
319c93f0c6a949545229b616dfbd4f51baf11171)
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Tue Mar 24 10:48:31 UTC 2020 on sn-devel-144
Martin Schwenke [Fri, 6 Mar 2020 04:59:32 +0000 (15:59 +1100)]
ctdb-tcp: Factor out function ctdb_tcp_start_outgoing()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14295
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Signed-off-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
3c8747fe29486a4f95308b335a5e3ec1807f62cb)
Ralph Boehme [Sat, 29 Feb 2020 10:54:51 +0000 (11:54 +0100)]
ctdb-tcp: add ctdb_tcp_stop_incoming()
No change in behaviour. This makes the code self-documenting.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14295
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
2c73dbafba50b28e72a8ec7b4382fae42fca6d17)
Ralph Boehme [Fri, 28 Feb 2020 10:36:00 +0000 (11:36 +0100)]
ctdb-tcp: rename ctdb_tcp_stop_connection() to ctdb_tcp_stop_outgoing()
No change in behaviour. This makes the code self-documenting.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14295
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
1e2a967ff41cc29c3a0d7f61a46937c68fdb90ba)
Ralph Boehme [Sat, 29 Feb 2020 11:28:20 +0000 (12:28 +0100)]
ctdb-tcp: Remove redundant restart in ctdb_tcp_tnode_cb()
The node dead upcall has already restarted the outgoing connection.
There's no need to repeat it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14295
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
ea37ecdcd5960311f54a7a5510b88a654da23daa)
Ralph Boehme [Sat, 29 Feb 2020 11:13:12 +0000 (12:13 +0100)]
ctdb-tcp: always call node_dead() upcall in ctdb_tcp_tnode_cb()
ctdb_tcp_tnode_cb() is called when we receive data on the outgoing connection.
This can happen when we get an EOF on the connection because the other side as
closed. In this case data will be NULL.
It would also be called if we received data from the peer. In this case data
will not be NULL.
The latter case is a fatal error though and we already call
ctdb_tcp_stop_connection() for this case as well, which means even though the
node is not fully connected anymore, by not calling the node_dead() upcall
NODE_FLAGS_DISCONNECTED will not be set.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14295
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
b83ef98c7466b2a81968555de83fb977bb6ca9f0)
Noel Power [Sat, 29 Feb 2020 15:49:28 +0000 (15:49 +0000)]
ctdb-tcp: move free of inbound queue to TCP restart
Since commit
77deaadca8e8dbc3c92ea16893099c72f6dc874e, a nodeA which
had previously accepted a connection from nodeB (where nodeB dies
e.g. as as result of fencing) when nodeB attempts to connect again
after restarting is always rejected with
ctdb_listen_event: Incoming queue active, rejecting connection from w.x.y.z
messages.
Consolidate dead node handling in the TCP restart handling.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14295
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
0ff1b78fc2f0491f9e11131d0040bdaba8873770)
Martin Schwenke [Sun, 1 Mar 2020 05:40:41 +0000 (16:40 +1100)]
ctdb-daemon: more logical whitespace, debug modernisation
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14295
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
15762a34559599cf908e30651a2d4c11560068ed)
Ralph Boehme [Sat, 29 Feb 2020 11:26:19 +0000 (12:26 +0100)]
ctdb-daemon: ensure restart() callback is called in half-connected state
If NODE_FLAGS_DISCONNECTED is set the node can be in half-connected state. With
this change we ensure to restart the transport for this case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14295
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
6a4fa0785fc83561939fa41617d526eb96c1af89)
Martin Schwenke [Tue, 12 Nov 2019 01:12:46 +0000 (12:12 +1100)]
ctdb-daemon: Rename ctdb_context private_data to transport_data
This gives a casual reader a useful clue.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
750f3938e4fcd6743954db6b1132751a90ee6107)
Martin Schwenke [Tue, 12 Nov 2019 01:04:22 +0000 (12:04 +1100)]
ctdb-daemon: Rename ctdb_node private_data to transport_data
This gives a casual reader a useful clue.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
53f8492caafa8556d0c2d3f272d08ce5ce098c25)
Douglas Bagnall [Sun, 19 Jan 2020 02:08:58 +0000 (15:08 +1300)]
nmblib: avoid undefined behaviour in handle_name_ptrs()
If *offset is length - 1, we would read ubuf[(*offset)+1] as the lower
bits of the new *offset. This value is undefined, but because it is
checked against the valid range, there is no way to read further
beyond that one byte.
Credit to oss-fuzz.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14242
OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20193
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Feb 7 10:19:39 UTC 2020 on sn-devel-184
(cherry picked from commit
3bc7acc62646b105b03fd3c65e9170a373f95392)
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Wed Mar 18 16:19:59 UTC 2020 on sn-devel-144
Tim Beale [Mon, 11 Feb 2019 04:15:22 +0000 (17:15 +1300)]
selftest: Export DC conf path for special cases
In a few rare cases, a test needs to assert aspects both client-side and
server-side aspects. A typical example would be the audit logging, which
is exercising client-side behaviour, but also asserting the server-side
logging.
Usually this has involved a kludge in tests.py to either use
socket-wrapper explicitly, or hardcode in the server smb.conf path.
This patch exposes the existing SERVERCONFFILE env variable to the
tests. DC_SERVERCONFFILE has been added for 2 DC testenvs, where we need
the PDC's smb.conf.
The benefit of doing this way is the filepath/testenv-dependency logic
is all self-contained with the Perl code, and it doesn't bleed out into
tests.py as well.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
aeadf75c24a4af4143e389e2b27d3a90899fb638)
Fixes autobuild with the patches for
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14285
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Wed Mar 4 11:26:37 UTC 2020 on sn-devel-144
Andrew Bartlett [Thu, 30 Jan 2020 03:44:05 +0000 (16:44 +1300)]
selftest: Test behaviour of DNS scavenge with an existing dNSTombstoned value
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14258
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Feb 6 16:24:25 UTC 2020 on sn-devel-184
(cherry picked from commit
c8e3c78d4f2a6f3e122fe458aa6835772290a700)
Andrew Bartlett [Thu, 30 Jan 2020 03:41:39 +0000 (16:41 +1300)]
dsdb: Correctly handle memory in objectclass_attrs
el->values is caller-provided memory that should be thought of as constant,
it should not be assumed to be a talloc context.
Otherwise, if the caller gives constant memory or a stack
pointer we will get an abort() in talloc when it expects
a talloc magic in the memory preceeding the el->values.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14258
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
3657bbc21182d764ddfcd603025f24ec240fd263)
Andreas Schneider [Wed, 5 Feb 2020 15:58:26 +0000 (16:58 +0100)]
wafsamba: Do not use 'rU' as the 'U' is deprecated in Python 3.9
See https://docs.python.org/3.9/whatsnew/3.9.html#changes-in-the-python-api
"open(), io.open(), codecs.open() and fileinput.FileInput no longer accept 'U'
(“universal newline”) in the file mode. This flag was deprecated since Python
3.3. In Python 3, the “universal newline” is used by default when a file is
open in text mode. The newline parameter of open() controls how universal
newlines works."
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14266
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Feb 6 07:30:13 UTC 2020 on sn-devel-184
(cherry picked from commit
52722746a5eb40c309ba59f78bd8e3d897417bdc)
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Mon Feb 24 11:28:18 UTC 2020 on sn-devel-144
Jeremy Allison [Wed, 19 Feb 2020 21:20:14 +0000 (13:20 -0800)]
s3: VFS: full_audit. Use system session_info if called from a temporary share definition.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14283
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Thu Feb 20 15:31:20 UTC 2020 on sn-devel-144
Volker Lendecke [Wed, 12 Feb 2020 14:40:32 +0000 (15:40 +0100)]
auth: Fix CID
1458418 Null pointer dereferences (REVERSE_INULL)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
ef0350221e194a3dd3350eab02b38baeb32d8fd3)
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Wed Feb 19 13:01:32 UTC 2020 on sn-devel-144
Volker Lendecke [Wed, 12 Feb 2020 14:39:54 +0000 (15:39 +0100)]
auth: Fix CID
1458420 Null pointer dereferences (REVERSE_INULL)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
503fc8f2ba662ecbec0788bd1710440464dc5cfd)
Martin Schwenke [Tue, 28 Jan 2020 05:49:14 +0000 (16:49 +1100)]
ctdb-tcp: Make error handling for outbound connection consistent
If we can't bind the local end of an outgoing connection then
something has gone wrong. Retrying is better than failing into a
zombie state. The interface might come back up and/or the address my
be reconfigured.
While here, do the same thing for the other (potentially transient)
failures.
The unknown address family failure is special but just handle it via a
retry. Technically it can't happen because the node address parsing
can only return values with address family AF_INET or AF_INET6.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14274
RN: Retry inter-node TCP connections on more transient failures
Reported-by: 耿纪超 <gengjichao@jd.com>
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
a40fc709cc972dadb40efbf1394b10fae3cfcc07)
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Mon Feb 17 15:50:11 UTC 2020 on sn-devel-144
Stefan Metzmacher [Wed, 22 Jan 2020 17:00:07 +0000 (17:00 +0000)]
winbindd: handling missing idmap in getgrgid()
A similar hunk was added via commit
89f753c1fc824fef29aebb7d783ab7e09cd1f04e ("winbind: Use xids2sids in getpwuid"),
but it was missing in commit
e2dda192e7f8b65a5f02120be56cf0f07d03679f ("winbind: Use xids2sids in getgrgid")
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14265
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Feb 5 17:56:58 UTC 2020 on sn-devel-184
(cherry picked from commit
4d0bda9467ac3f45f85f48a281cdb173ce1064eb)
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Tue Feb 11 12:26:52 UTC 2020 on sn-devel-144
Stefan Metzmacher [Thu, 23 Jan 2020 15:21:43 +0000 (16:21 +0100)]
s3:auth_sam: map an empty domain or '.' to the local SAM name
When a domain member gets an empty domain name or '.', it should
not forward the authentication to domain controllers of
the primary domain.
But we need to keep passing UPN account names with
an empty domain to the DCs as a domain member.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
590df382bea44eec2dbfd2a28c659b0a29188bca)
Stefan Metzmacher [Tue, 4 Feb 2020 10:32:05 +0000 (11:32 +0100)]
s3:selftest: test authentication with an empty userdomain and upn names
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
a9eeea6ef78cc44c8423c7125fa1376921060018)
Stefan Metzmacher [Thu, 23 Jan 2020 15:21:43 +0000 (16:21 +0100)]
s3:auth_sam: introduce effective_domain helper variables
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
a63e2a312c761093fedb09bd234b6736485a930a)
Stefan Metzmacher [Thu, 23 Jan 2020 15:17:30 +0000 (16:17 +0100)]
s3:auth_sam: make sure we never handle empty usernames
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
01b8374e7942141e7f6cbdec7623c981a008e4c1)
Stefan Metzmacher [Thu, 23 Jan 2020 15:13:59 +0000 (16:13 +0100)]
s3:auth_sam: unify the debug messages of all auth_sam*_auth() functions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
72ef8d3a52c1ab07c079a4c014ba8ac7bff528f7)
Stefan Metzmacher [Thu, 23 Jan 2020 14:48:39 +0000 (15:48 +0100)]
s3:auth_sam: replace confusing FALL_THROUGH; with break;
There's no real logic change here, but is makes it easier to
understand.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
85b168c6dac88f5065c0ec6e925937439f2c12ed)
Karolin Seeger [Tue, 28 Jan 2020 10:48:53 +0000 (11:48 +0100)]
script/release.sh: Don't use quotations any longer.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Mon Feb 3 12:45:39 UTC 2020 on sn-devel-184
(cherry picked from commit
f699df32cdbae4fbc585c259828029c74163323b)
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Tue Feb 4 14:40:59 UTC 2020 on sn-devel-144
Andreas Schneider [Mon, 27 Jan 2020 13:58:10 +0000 (14:58 +0100)]
lib:util: Log mkdir error on correct debug levels
For smbd we want an error and for smbclient we only want it in NOTICE
debug level.
The default log level of smbclient is log level 1 so we need notice to
not spam the user.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14253
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Jan 27 15:55:24 UTC 2020 on sn-devel-184
(cherry picked from commit
0ad6a243b259d284064c0c5abcc7d430d55be7e1)
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Mon Feb 3 14:10:49 UTC 2020 on sn-devel-144
Andreas Schneider [Thu, 30 Jan 2020 15:18:25 +0000 (16:18 +0100)]
s4:torture: Skip the deltest20 as user root
The test is meant to be run as a user and not root.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14257
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jan 30 16:54:33 UTC 2020 on sn-devel-184
(cherry picked from commit
677bc1b18420e717154dc73f632044239ac3ff9e)
Jeremy Allison [Fri, 17 Jan 2020 21:49:48 +0000 (13:49 -0800)]
s3: lib: nmblib. Clean up and harden nmb packet processing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14239
OSS-FUZZ: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20156
OSS-FUZZ: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20157
Credit to oss-fuzz.
No security implications.
Signed-off-by: Jeremy Allison <jra@samba.org>
Pair programmed with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jan 21 23:33:41 UTC 2020 on sn-devel-184
(cherry picked from commit
ad236bb7590e423b4c69fe6028f2f3495977f48b)
Karolin Seeger [Thu, 23 Jan 2020 15:17:55 +0000 (16:17 +0100)]
VERSION: Bump version up to 4.10.14...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 23 Jan 2020 15:17:03 +0000 (16:17 +0100)]
VERSION: Disable GIT_SNAPSHOT for the 4.10.13 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 23 Jan 2020 15:15:55 +0000 (16:15 +0100)]
WHATSNEW: Add release notes for Samba 4.10.13.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Stefan Metzmacher [Tue, 21 Jan 2020 18:25:00 +0000 (19:25 +0100)]
script/release.sh: make it possible to run from a git worktree
.git is a regular file in that case.
Also check that script/release.sh is present as a relative path
to ensure we're called from the expected location.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
648f94d2031c6e758bdf54089d1e710c265ca732)
Karolin Seeger [Tue, 21 Jan 2020 10:05:28 +0000 (11:05 +0100)]
VERSION: Bump version up to 4.10.13.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Tue, 21 Jan 2020 10:05:05 +0000 (11:05 +0100)]
Merge tag 'samba-4.10.12' into v4-10-test
samba: tag release samba-4.10.12
Martin Schwenke [Thu, 28 Nov 2019 03:00:58 +0000 (14:00 +1100)]
ctdb-tests: Skip some tests that don't work with IPv6
See the comments added to the tests.
It may be possible to rewrite these so they do something sane for
IPv6... some other time.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14227
RN: Fix IPv6 issues (NFS connection tracking, tests)
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Fri Jan 3 00:00:55 UTC 2020 on sn-devel-184
(backported from commit
9edf15afc219a1a782ec1e4d29909361bbabc744)
Signed-off-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Tue Jan 14 12:46:17 UTC 2020 on sn-devel-144
Karolin Seeger [Thu, 9 Jan 2020 11:51:27 +0000 (12:51 +0100)]
VERSION: Disable GIT_SNAPSHOT for the 4.10.12 release.
o CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD
Directory not automatic.
o CVE-2019-14907: Crash after failed character conversion at log level 3 or
above.
o CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 9 Jan 2020 11:48:31 +0000 (12:48 +0100)]
WHATSNEW: Add release notes for Samba 4.11.5.
o CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD
Directory not automatic.
o CVE-2019-14907: Crash after failed character conversion at log level 3 or
above.
o CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Martin Schwenke [Fri, 13 Dec 2019 00:09:04 +0000 (11:09 +1100)]
ctdb-scripts: Strip square brackets when gathering connection info
ss added square brackets around IPv6 addresses in versions > 4.12.0
via commit
aba9c23a6e1cb134840c998df14888dca469a485. CentOS 7 added
this feature somewhere mid-release. So, backward compatibility is
obviously needed.
As per the comment protocol/protocol_util.c should probably print and
parse such square brackets. However, for backward compatibility the
brackets would have to be stripped in both places in
update_tickles()... or added to the ss output when missing. Best to
leave this until we have a connection tracking daemon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14227
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
693080abe4d8bec96280af5a6aa668251a98ec5d)
Andreas Schneider [Mon, 16 Dec 2019 14:50:17 +0000 (15:50 +0100)]
librpc: Fix string length checking in ndr_pull_charset_to_null()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14219
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
f11e207e01c52566c47e350ff240fe95392de0c3)
Gary Lockyer [Thu, 19 Dec 2019 03:31:46 +0000 (16:31 +1300)]
upgradedns: ensure lmdb lock files linked
Ensure that the '-lock' files for the dns partitions as well as the data
files are linked when running
samba_dnsupgrade --dns-backend=BIND9_DLZ
failure to create these links can cause corruption of the corresponding
data file.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14199
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
0bd479140c18ab79479ced4f25f366744c3afe18)
Gary Lockyer [Thu, 19 Dec 2019 03:31:24 +0000 (16:31 +1300)]
test upgradedns: ensure lmdb lock files linked
Add tests to check that the '-lock' files for the dns partitions as well as
the data files are linked when running
samba_dnsupgrade --dns-backend=BIND9_DLZ
failure to create these links can cause corruption of the corresponding
data file.
Changes to python/samba/tests/__init__.py adding run_command manually
copied from commit
b27817d491794a292278832e3f59f955f418a6cb
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14199
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
f0cebbe4dd0317e2abfcbe252977383e6f37f3bd)
Björn Jacke [Tue, 7 Jan 2020 09:21:18 +0000 (10:21 +0100)]
docs-xml/winbindnssinfo: clarify interaction with idmap_ad etc.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14122
RN: docs: clarify interaction between winbind nss info and idmap backend
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Jan 8 15:37:46 UTC 2020 on sn-devel-184
(cherry picked from commit
55fbd4c05b477e95920b53b94eda2572e075e6e1)
Andreas Schneider [Mon, 25 Nov 2019 10:11:13 +0000 (11:11 +0100)]
libsmbclient: If over SMB1 first try to do a posix stat on the file.
Disable in future, if server doesn't support this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14101
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Dec 19 15:44:25 UTC 2019 on sn-devel-184
(cherry picked from commit
8b04590e4d8f817ad6d194bb9d622c18734e3011)
Andreas Schneider [Mon, 25 Nov 2019 10:10:49 +0000 (11:10 +0100)]
s3:libsmb: Add a setup_stat_from_stat_ex() function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14101
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
b3e3cb3bbd86a53b48ee009adf811d48dd50dc8b)
Andreas Schneider [Mon, 25 Nov 2019 10:09:52 +0000 (11:09 +0100)]
s3:libsmb: Return a 'struct stat' buffer for SMBC_getatr()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14101
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
0fe9dc5219beaf605da9c7922053f7324507b50e)
Andreas Schneider [Mon, 25 Nov 2019 10:06:57 +0000 (11:06 +0100)]
s3:libsmb: Add try_posixinfo to SMBSRV struct. Only enable for SMB1 with UNIX for now.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14101
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
bf9a3a7aa1913238ae2c997ce00369d0dbae3a08)
Andreas Schneider [Wed, 18 Dec 2019 12:27:26 +0000 (13:27 +0100)]
s3:libsmb: Generate the inode only based on the path component
Currently we use the full smb url which includes also username and
password.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14101
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
ea51a426e506bd6456814ecddcb63441859f9d89)
Jeremy Allison [Fri, 18 Oct 2019 17:48:55 +0000 (10:48 -0700)]
s3: libsmb: Move setting all struct stat fields into setup_stat().
That way we only have one place where a struct stat is synthesised
for libsmbclient callers.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
1f0715c0e5e6ff371e3b393a0b35222c8b6f49bc)
Jeremy Allison [Fri, 18 Oct 2019 16:34:02 +0000 (09:34 -0700)]
s3: libsmb: Move setting st->st_ino into setup_stat.
Signed-off-by: Puran Chand <pchand@vmware.com>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
7d3b4f47be0359b496087fc40f89b815c7958dd6)
Jeremy Allison [Fri, 18 Oct 2019 16:24:38 +0000 (09:24 -0700)]
s3: libsmb: Change generate_inode()/setup_stat() to modern coding standards.
Change setup_stat() to be void. It doesn't return anything. Export
so it can be used by upcoming smbc_readdirplus2() call.
Remove unused SMBCCTX *context parameters.
Remove unused talloc_stackframe().
Signed-off-by: Puran Chand <pchand@vmware.com>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
d44a84295b46cc6c540a9730a615a59c1f22a277)
Gary Lockyer [Mon, 16 Dec 2019 00:57:47 +0000 (13:57 +1300)]
CVE-2019-19344 kcc dns scavenging: Fix use after free in dns_tombstone_records_zone
ldb_msg_add_empty reallocates the underlying element array, leaving
old_el pointing to freed memory.
This patch takes two defensive copies of the ldb message, and performs
the updates on them rather than the ldb messages in the result.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14050
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Fri, 29 Nov 2019 07:58:47 +0000 (20:58 +1300)]
CVE-2019-14907 lib/util: Do not print the failed to convert string into the logs
The string may be in another charset, or may be sensitive and
certainly may not be terminated. It is not safe to just print.
Found by Robert Święcki using a fuzzer he wrote for smbd.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14208
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
(adapted from master commit)
Noel Power [Fri, 24 May 2019 13:37:00 +0000 (13:37 +0000)]
CVE-2019-14907 lib/util/charset: clang: Fix Value stored to 'reason' is never read warning
Fixes:
lib/util/charset/convert_string.c:301:5: warning: Value stored to 'reason' is never read <--[clang]
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Gary Lockyer gary@catalyst.net.nz
(cherry picked from commit
add47e288bc80c1bf45765d1588a9fa5998ea677)
Andrew Bartlett [Thu, 12 Dec 2019 01:44:57 +0000 (14:44 +1300)]
CVE-2019-14902 dsdb: Change basis of descriptor module deferred processing to be GUIDs
We can not process on the basis of a DN, as the DN may have changed in a rename,
not only that this module can see, but also from repl_meta_data below.
Therefore remove all the complex tree-based change processing, leaving only
a tree-based sort of the possible objects to be changed, and a single
stopped_dn variable containing the DN to stop processing below (after
a no-op change).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 6 Dec 2019 05:26:42 +0000 (18:26 +1300)]
CVE-2019-14902 repl_meta_data: Set renamed = true (and so do SD inheritance) after any rename
Previously if there was a conflict, but the incoming object would still
win, this was not marked as a rename, and so inheritence was not done.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 26 Nov 2019 02:50:35 +0000 (15:50 +1300)]
CVE-2019-14902 repl_meta_data: Fix issue where inherited Security Descriptors were not replicated.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 6 Dec 2019 05:05:54 +0000 (18:05 +1300)]
CVE-2019-14902 repl_meta_data: schedule SD propagation to a renamed DN
We need to check the SD of the parent if we rename, it is not the same as an incoming SD change.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 6 Dec 2019 04:54:23 +0000 (17:54 +1300)]
CVE-2019-14902 dsdb: Ensure we honour both change->force_self and change->force_children
If we are renaming a DN we can be in a situation where we need to
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 26 Nov 2019 03:17:32 +0000 (16:17 +1300)]
CVE-2019-14902 dsdb: Add comments explaining why SD propagation needs to be done here
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 26 Nov 2019 02:44:32 +0000 (15:44 +1300)]
CVE-2019-14902 dsdb: Explain that descriptor_sd_propagation_recursive() is proctected by a transaction
This means we can trust the DB did not change between the two search
requests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Sun, 15 Dec 2019 22:29:27 +0000 (11:29 +1300)]
selftest: Add test to confirm ACL inheritence really happens
While we have a seperate test (sec_descriptor.py) that confirms inheritance in
general we want to lock in these specific patterns as this test covers
rename.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 10 Dec 2019 02:16:24 +0000 (15:16 +1300)]
CVE-2019-14902 selftest: Add test for a special case around replicated renames
It appears Samba is currently string-name based in the ACL inheritence code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 28 Nov 2019 04:16:16 +0000 (17:16 +1300)]
CVE-2019-14902 selftest: Add test for replication of inherited security descriptors
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Karolin Seeger [Thu, 9 Jan 2020 11:49:43 +0000 (12:49 +0100)]
VERSION: Re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Mon, 16 Dec 2019 08:03:42 +0000 (09:03 +0100)]
VERSION: Bump version up to 4.10.12.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Mon Dec 16 11:27:12 UTC 2019 on sn-devel-144
(cherry picked from commit
bbeb73b40b885364a9ccf9108d4a930eaba0686c)
Anoop C S [Tue, 12 Nov 2019 14:28:43 +0000 (19:58 +0530)]
s3: VFS: glusterfs: Reset nlinks for symlink entries during readdir
On receiving an already initialized stat_ex buffer for readdir() call we
invoke readdirplus() GlusterFS API, an optimized variant of readdir(),
which then returns stat information along with dir entry result. But for
symlink entries we don't know if link or target info is needed. In that
case it is better to leave this decision back to caller by resetting
nlinks value inside stat information to make it invalid.
This was also preventing us from displaying msdfs link as directories
inside the share.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14182
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Dec 17 21:53:07 UTC 2019 on sn-devel-184
(cherry picked from commit
fca2d3e0d1fa5af59e7b729f7c1d126f7b81e149)
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Thu Dec 19 13:46:00 UTC 2019 on sn-devel-144
Torsten Fohrer [Sun, 15 Dec 2019 15:58:40 +0000 (16:58 +0100)]
Avoiding bad call flags with python 3.8, using METH_NOARGS instead of zero.
(C) SBE network solutions GmbH
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14209
Signed-off-by: Torsten Fohrer <torsten.fohrer@sbe.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Dec 18 14:33:58 UTC 2019 on sn-devel-184
(cherry picked from commit
f0eb1e623f76d3dbd0c22f96cabebd1041c147df)
Douglas Bagnall [Mon, 2 Dec 2019 22:17:26 +0000 (11:17 +1300)]
pygpo: use correct method flags
The METH_KEYWORDS argument must always be combined with METH_VARARGS.
In Python up to 3.7 this was checked at runtime, and as we had no callers to
get_unix_path() in Python we never noticed. In Python 3.8 it is checked at
import time, and everyone notices even if they aren't directly using GPOs.
Found and reported by Val Kulkov.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14209
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
12cccf3447333dfd4f5e437cd57ca5ec68724fdd)
Karolin Seeger [Mon, 16 Dec 2019 08:03:42 +0000 (09:03 +0100)]
VERSION: Bump version up to 4.10.12.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Mon Dec 16 11:27:12 UTC 2019 on sn-devel-144
Jeremy Allison [Tue, 26 Nov 2019 20:53:09 +0000 (12:53 -0800)]
s3: smbd: Only set xconn->smb1.negprot.done = true after supported_protocols[protocol].proto_reply_fn() succeeds.
Otherwise we can end up with negprot.done set, but
without smbXsrv_connection_init_tables() being called.
This can cause a client self-crash.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14205
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Dec 4 21:27:24 UTC 2019 on sn-devel-184
(cherry picked from commit
8db0c1bff6f42feabd2e4d9dfb13ae12cc29607b)
Jeremy Allison [Tue, 3 Dec 2019 01:23:21 +0000 (17:23 -0800)]
python: tests. Add test for fuzzing smbd crash bug.
Mark knownfail for now.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14205
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
46899ecf836d350c0c29b615869851da7d0ad6fb)
Jeremy Allison [Tue, 26 Nov 2019 20:46:16 +0000 (12:46 -0800)]
s3: smbd: Ensure we exit if supported_protocols[protocol].proto_reply_fn() fails.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14205
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
e84910d919e02feab2a297fccbbf95f333e32119)
Jeremy Allison [Tue, 26 Nov 2019 20:43:25 +0000 (12:43 -0800)]
s3: smbd: Change (*proto_reply_fn()) to return an NTSTATUS.
That way the caller can know if the negprot really
succeeded or not.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14205
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
f4caa4159bd3db5127e114718e606867348a4f47)
Jeremy Allison [Tue, 26 Nov 2019 20:21:06 +0000 (12:21 -0800)]
s3: smbd: Change reply_smb20xx() to return NTSTATUS.
Not yet used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14205
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
836219c479b047403d2b0839a6b92ad637dbaea0)
Jeremy Allison [Tue, 26 Nov 2019 20:17:29 +0000 (12:17 -0800)]
s3: smbd: Ensure we exit on smbd_smb2_process_negprot() fail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14205
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
a2d81d77c111379cbb6bd732c717307974eace0a)
Jeremy Allison [Tue, 26 Nov 2019 20:14:29 +0000 (12:14 -0800)]
s3: smbd: Allow smbd_smb2_process_negprot() to return NTSTATUS as it can fail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14205
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
868bc05cf5d575e20edcce241e3af1d0fa6d9824)
Jeremy Allison [Thu, 7 Nov 2019 20:02:13 +0000 (12:02 -0800)]
s3: smbd: SMB2 - Ensure we use the correct session_id if encrypting an interim response.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14189
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
eae1a45d09ef54dd6b59803eedca672ae9433902)
Karolin Seeger [Tue, 10 Dec 2019 09:24:44 +0000 (10:24 +0100)]
Merge tag 'samba-4.10.11' into v4-10-test
samba: tag release samba-4.10.11
Uri Simchoni [Sun, 20 Oct 2019 18:36:11 +0000 (21:36 +0300)]
heimdal-build: avoid hard-coded /usr/include/heimdal in asn1_compile-generated code.
This fixes a cross-compilation issue, as cross-compilers (rightly)
complain if host include directories are in the include path.
The fix is taken from buildroot (https://github.com/buildroot/buildroot/blob/
8b11b96f41a6ffa76556c9bf03a863955871ee57/package/samba4/0006-heimdal_build-wscript_build-do-not-add-host-include-.patch) where it was applied by Bernd Kuhls <bernd.kuhls@t-online.de>.
This reverts some of
3fe2bfddda6149f6bf7402720226e9285f479fef, but
building Samba's bundled Heimdal with a system roken is not supported
anyway.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13856
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Dec 1 10:22:01 UTC 2019 on sn-devel-184
(cherry picked from commit
27fc062d7ea2207242d5a2c9933f3de5fa206488)
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Tue Dec 3 15:06:08 UTC 2019 on sn-devel-144
Karolin Seeger [Tue, 3 Dec 2019 11:54:00 +0000 (12:54 +0100)]
VERSION: Disable GIT_SNAPSHOT for the 4.10.11 release.
o CVE-2019-14861: Samba AD DC zone-named record Denial of Service in DNS
management server (dnsserver).
o CVE-2019-14870: DelegationNotAllowed not being enforced in protocol transition
on Samba AD DC.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Tue, 3 Dec 2019 11:52:58 +0000 (12:52 +0100)]
WHATSNEW: Add release notes for Samba 4.10.11.
o CVE-2019-14861: Samba AD DC zone-named record Denial of Service in DNS
management server (dnsserver).
o CVE-2019-14870: DelegationNotAllowed not being enforced in protocol transition
on Samba AD DC.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Isaac Boukris [Thu, 21 Nov 2019 10:12:48 +0000 (11:12 +0100)]
CVE-2019-14870: mit-kdc: enforce delegation_not_allowed flag
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Isaac Boukris [Mon, 28 Oct 2019 00:54:09 +0000 (02:54 +0200)]
CVE-2019-14870: heimdal: enforce delegation_not_allowed in S4U2Self
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Isaac Boukris [Wed, 30 Oct 2019 14:59:16 +0000 (15:59 +0100)]
CVE-2019-14870: heimdal: add S4U test for delegation_not_allowed
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Isaac Boukris [Sun, 27 Oct 2019 12:02:00 +0000 (14:02 +0200)]
samba-tool: add user-sensitive command to set not-delegated flag
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Andrew Bartlett [Thu, 31 Oct 2019 17:53:56 +0000 (06:53 +1300)]
s4-torture: Reduce flapping in SambaToolDrsTests.test_samba_tool_replicate_local
This test often flaps in Samba 4.9 (where more tests and DCs run in the environment)
with obj_1 being 3. This is quite OK, we just need to see some changes get
replicated, not 0 changes.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit
4ae0f9ce0f5ada99cf1d236377e5a1234c879ae3)
Andrew Bartlett [Tue, 29 Oct 2019 22:50:57 +0000 (11:50 +1300)]
CVE-2019-14861: Test to demonstrate the bug
This test does not fail every time, but when it does it casues a segfault which
takes out the rpc_server master process, as this hosts the dnsserver pipe.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14138
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 29 Oct 2019 01:15:36 +0000 (14:15 +1300)]
CVE-2019-14861: s4-rpc/dnsserver: Avoid crash in ldb_qsort() via dcesrv_DnssrvEnumRecords)
dns_name_compare() had logic to put @ and the top record in the tree being
enumerated first, but if a domain had both then this would break the
older qsort() implementation in ldb_qsort() and cause a read of memory
before the base pointer.
By removing this special case (not required as the base pointer
is already seperatly located, no matter were it is in the
returned records) the crash is avoided.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14138
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Sun, 20 Oct 2019 23:12:10 +0000 (12:12 +1300)]
CVE-2019-14861: s4-rpc_server: Remove special case for @ in dns_build_tree()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14138
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 29 Oct 2019 04:25:28 +0000 (17:25 +1300)]
CVE-2019-14861: s4-rpc/dnsserver: Confirm sort behaviour in dcesrv_DnssrvEnumRecords
The sort behaviour for child records is not correct in Samba so
we add a flapping entry.
(patch differs from master patch due to addtional flapping entry
for python2)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14138
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Karolin Seeger [Tue, 3 Dec 2019 11:49:48 +0000 (12:49 +0100)]
VERSION: Re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Tue, 29 Oct 2019 10:12:31 +0000 (11:12 +0100)]
VERSION: Bump version up to 4.10.11.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
f86e09dcd48fa837e15439fcc10eac1b8dec862b)
Volker Lendecke [Thu, 7 Nov 2019 14:26:01 +0000 (15:26 +0100)]
ctdb-tcp: Close inflight connecting TCP sockets after fork
Commit
c68b6f96f26 changed the talloc hierarchy such that outgoing TCP sockets
while sitting in the async connect() syscall are not freed via
ctdb_tcp_shutdown() anymore, they are hanging off a longer-running structure.
Free this structure as well.
If an outgoing TCP socket leaks into a long-running child process (possibly the
recovery daemon), this connection will never be closed as seen by the
destination node. Because with recent changes incoming connections will not be
accepted as long as any incoming connection is alive, with that socket leak
into the recovery daemon we will never again be able to successfully connect to
the node that is affected by this leak. Further attempts to connect will be
discarded by the destination as long as the recovery daemon keeps this socket
alive.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14175
RN: Avoid communication breakdown on node reconnect
Signed-off-by: Martin Schwenke <martin@meltin.net>
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
a6d99d9e5c5bc58e6d56be7a6c1dbc7c8d1a882f)
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Mon Nov 25 14:56:53 UTC 2019 on sn-devel-144
Martin Schwenke [Tue, 29 Oct 2019 06:28:22 +0000 (17:28 +1100)]
ctdb-tcp: Drop tracking of file descriptor for incoming connections
This file descriptor is owned by the incoming queue. It will be
closed when the queue is torn down.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14175
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
bf47bc18bb8a94231870ef821c0352b7a15c2e28)
Martin Schwenke [Tue, 29 Oct 2019 04:29:11 +0000 (15:29 +1100)]
ctdb-tcp: Avoid orphaning the TCP incoming queue
CTDB's incoming queue handling does not check whether an existing
queue exists, so can overwrite the pointer to the queue. This used to
be harmless until commit
c68b6f96f26664459187ab2fbd56767fb31767e0
changed the read callback to use a parent structure as the callback
data. Instead of cleaning up an orphaned queue on disconnect, as
before, this will now free the new queue.
At first glance it doesn't seem possible that 2 incoming connections
from the same node could be processed before the intervening
disconnect. However, the incoming connections and disconnect occur on
different file descriptors. The queue can become orphaned on node A
when the following sequence occurs:
1. Node A comes up
2. Node A accepts an incoming connection from node B
3. Node B processes a timeout before noticing that outgoing the queue is writable
4. Node B tears down the outgoing connection to node A
5. Node B initiates a new connection to node A
6. Node A accepts an incoming connection from node B
Node A processes then the disconnect of the old incoming connection
from (2) but tears down the new incoming connection from (6). This
then occurs until the originally affected node is restarted.
However, due to the number of outgoing connection attempts and
associated teardowns, this induces the same behaviour on the
corresponding incoming queue on all nodes that node A attempts to
connect to. Therefore, other nodes become affected and need to be
restarted too.
As a result, the whole cluster probably needs to be restarted to
recover from this situation.
The problem can occur any time CTDB is started on a node.
The fix is to avoid accepting new incoming connections when a queue
for incoming connections is already present. The connecting node will
simply retry establishing its outgoing connection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14175
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
d0baad257e511280ff3e5c7372c38c43df841070)