Karolin Seeger [Tue, 19 May 2020 10:05:25 +0000 (12:05 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.12.3 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Tue, 19 May 2020 10:04:50 +0000 (12:04 +0200)]
WHATSNEW: Add release notes for Samba 4.12.3.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Andreas Schneider [Tue, 28 Apr 2020 15:25:35 +0000 (17:25 +0200)]
docs-xml: Fix usernames in pam_winbind manpages
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14358
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Apr 29 09:44:55 UTC 2020 on sn-devel-184
(cherry picked from commit
3abd92d7824e803f1ff53425088ebee30b58894b)
Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-12-test): Thu May 14 09:33:57 UTC 2020 on sn-devel-184
Volker Lendecke [Sat, 2 May 2020 13:18:07 +0000 (15:18 +0200)]
libsmb: Protect cli_oem_change_password() from rprcnt<2
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14366
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue May 5 17:12:04 UTC 2020 on sn-devel-184
(cherry picked from commit
f80c97cb8da64f3cd9904e2e1fd43c29b691166d)
Volker Lendecke [Sat, 2 May 2020 13:10:14 +0000 (15:10 +0200)]
libsmb: Protect cli_RNetServerEnum against rprcnt<6
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14366
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
ce8b70df7bd63e96723b8e8dc864f1690f5fad7b)
Volker Lendecke [Sat, 2 May 2020 12:59:07 +0000 (14:59 +0200)]
libsmb: Protect cli_RNetShareEnum() against rprcnt<6
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14366
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
4a9fe4efefa67d6f24efcbe29722a43fc4859fdc)
Volker Lendecke [Sat, 2 May 2020 12:54:01 +0000 (14:54 +0200)]
libsmb: Fix indentation in cli_RNetShareEnum()
Also remove a level of indentation with a "goto done;"
Best review with "git show -b", almost no code change
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14366
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
ae91d67a247424d4ddc89230f52365558d6ff402)
Ralph Boehme [Mon, 11 May 2020 09:35:04 +0000 (11:35 +0200)]
s3/locking: prime flags in a fresh sharemode data object
This is needed to prime the logic in share_mode_flags_restrict() for the
following scenario:
* (First) CREATE on a file with FILE_SHARE_NONE and
access_mask=FILE_READ_ATTRIBUTES (a stat-open).
* share_mode_flags_restrict() gets called with
share_mode_flags_restrict(flags=0,
access_mask=0x80,
share_mode=0,
lease_type=UINT32_MAX)
and returns a value where none of the FILE_SHARE_* flags is set.
As a result share_mode_data.flags doesn't reflect the share-modes in effect.
This doesn't change any current visible behaviour outside of open_mode_check(),
but it avoids calling share_mode_forall_entries() in open_mode_check_fn().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14375
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue May 12 19:52:48 UTC 2020 on sn-devel-184
(cherry picked from commit
bf04ca5658dcf7d7cdf5f718eec0e5e21f9a0d64)
Ralph Boehme [Sat, 9 May 2020 13:13:54 +0000 (15:13 +0200)]
smbd: fix for bug 14375
... with many thanks to an enthusiastic Samba user from Poland for helping to
track this down.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14375
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
59f55aa083ce2d87ad6f43dc941f725c79c8ec59)
Ralph Boehme [Mon, 11 May 2020 11:42:39 +0000 (13:42 +0200)]
smbd: make conflicting_access available to other functions
The next commit adds more users of conflicting_access.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14375
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
3f37008edaa31c3bc8c9b291dc1af00550ce4f9a)
Ralph Boehme [Sat, 9 May 2020 13:29:15 +0000 (15:29 +0200)]
s4/torture: reproducer for bug 14375
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14375
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
2ace545a6378970ca3d8a1a30d4c7da66aaa9721)
Ralph Boehme [Mon, 11 May 2020 13:56:58 +0000 (15:56 +0200)]
selftest: split a knownfail entry
Lists the two existing subtests indidivually in preparation of adding a third
that is going to pass against ad_dc_ntvfs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14375
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
c83ef1d90573fdc9db3d0acbc1335a5b2325f5c5)
Jeremy Allison [Wed, 6 May 2020 19:36:00 +0000 (12:36 -0700)]
s3: RPC: Don't crash on trying to talloc_free(-1) if smb_iconv_open_ex() fails.
Assign output from smb_iconv_open_ex() to a temporary
handle. Only assign to mds_ctx->[handles] if correctly
opened otherwise we end up trying to call smb_iconv_close(-1).
MacOSX Catalina triggers this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14372
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu May 7 18:03:16 UTC 2020 on sn-devel-184
(cherry picked from commit
14df5d20a8ec00bf8627732284f427f6463177e3)
Stefan Metzmacher [Fri, 8 May 2020 11:30:17 +0000 (13:30 +0200)]
vfs_io_uring: retry after a short writes in vfs_io_uring_pwrite_completion()
We need to be prepared for short writes from the kernel depending on
the state of the page cache.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14361
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
0f01b10679c06dbd28da72ca6c6280ddf81672ba)
Stefan Metzmacher [Fri, 8 May 2020 11:30:17 +0000 (13:30 +0200)]
vfs_io_uring: retry after a short read in vfs_io_uring_pread_completion()
We need to be prepared for short reads from the kernel depending on
the state of the page cache. Windows and Mac clients don't
expect short reads for files, so we need to retry ourself.
For the future we may be able to play with some io_uring flags
in order to avoid the retries in userspace, but for now we just fix
the data corruption bug...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14361
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
42e77c4cf245d8420641d216d1abefe81f7a3b79)
Stefan Metzmacher [Fri, 8 May 2020 09:38:56 +0000 (11:38 +0200)]
vfs_io_uring: protect vfs_io_uring_fsync_completion() against invalid results
We should never get back a value > 0.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14361
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
c57a731c4ce395fd710f0b066cd6f1b72223ae07)
Stefan Metzmacher [Fri, 8 May 2020 09:38:56 +0000 (11:38 +0200)]
vfs_io_uring: protect vfs_io_uring_pwrite_completion() against invalid results
We should never get more acked than we asked for.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14361
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
283f96872237517f0b3bc4e63e8d3c482ecd5fa4)
Stefan Metzmacher [Fri, 8 May 2020 09:38:56 +0000 (11:38 +0200)]
vfs_io_uring: protect vfs_io_uring_pread_completion() against invalid results
We should never get back more than we asked for.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14361
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
f085dbf8b2bed2695e0065a5bf4523232cb532c7)
Stefan Metzmacher [Fri, 8 May 2020 09:17:51 +0000 (11:17 +0200)]
vfs_io_uring: split out a vfs_io_uring_pwrite_submit() function
This can be reused when we add handling for short writes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14361
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
2f6abb00b0daeb4de9ad0aea1b5c56559391aef9)
Stefan Metzmacher [Fri, 8 May 2020 09:17:51 +0000 (11:17 +0200)]
vfs_io_uring: split out a vfs_io_uring_pread_submit() function
This can be reused when we add handling for short reads.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14361
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
9de4f8be1dc8b4274891016191a5ca1f724e08b3)
Stefan Metzmacher [Fri, 8 May 2020 09:17:51 +0000 (11:17 +0200)]
vfs_io_uring: split out a vfs_io_uring_request_submit() function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14361
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
ab89b8e75354c5fd571985e924e1ccbec99de990)
Stefan Metzmacher [Fri, 8 May 2020 19:29:53 +0000 (21:29 +0200)]
vfs_io_uring: avoid stack recursion of vfs_io_uring_queue_run()
Instead we remember if recursion was triggered and jump to
the start of the function again from the end.
This should make it safe to be called from the completion_fn().
This is hideously complex stuff, so document the hell
out of it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14361
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
f96f45c9ba8d4c8fa4026c22ac4201d66335e5c4)
Stefan Metzmacher [Fri, 8 May 2020 11:17:05 +0000 (13:17 +0200)]
vfs_io_uring: make use of sys_valid_io_range() in vfs_io_uring_pwrite_send()
This makes the follow up commits easier as we don't have to care
about overflows.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14361
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
388bc2e6e44470ea4043ecb22750e241145355d2)
Stefan Metzmacher [Fri, 8 May 2020 11:17:05 +0000 (13:17 +0200)]
vfs_io_uring: make use of sys_valid_io_range() in vfs_io_uring_pread_send()
This makes the follow up commits easier as we don't have to care
about overflows.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14361
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
5005ae3fb24018e370ae60cc23c5e9cfe8357bc9)
Stefan Metzmacher [Fri, 8 May 2020 08:52:52 +0000 (10:52 +0200)]
vfs_io_uring: move error handling out of vfs_io_uring_fsync_recv()
We should do that as early as possible and that's in
vfs_io_uring_fsync_completion().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14361
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
40be2232a44a86cb5dfdda330801e615826408ba)
Stefan Metzmacher [Fri, 8 May 2020 08:52:52 +0000 (10:52 +0200)]
vfs_io_uring: move error handling out of vfs_io_uring_pwrite_recv()
We should do that as early as possible and that's in
vfs_io_uring_pwrite_completion().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14361
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
a51969b8c7e6e49c0d3b776d897aea4f309f8678)
Stefan Metzmacher [Fri, 8 May 2020 08:52:52 +0000 (10:52 +0200)]
vfs_io_uring: move error handling out of vfs_io_uring_pread_recv()
We should do that as early as possible and that's in
vfs_io_uring_pread_completion().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14361
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
a1487067a6c9df3136fd5d4d16dda4c0f63cb662)
Stefan Metzmacher [Fri, 8 May 2020 08:42:59 +0000 (10:42 +0200)]
vfs_io_uring: introduce vfs_io_uring_request->completion_fn()
We'll need to add more logic than a simple _tevent_req_done()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14361
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
456533c9cfc332d3a83ea03a6f969b0d64ccbeb6)
Stefan Metzmacher [Fri, 8 May 2020 08:39:52 +0000 (10:39 +0200)]
vfs_io_uring: replace vfs_io_uring_request->state with _tevent_req_data()
We don't need a direct pointer to the state...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14361
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
f78e98e0226fe70899b613e0aa5c804d8458bdb0)
Stefan Metzmacher [Wed, 6 May 2020 10:05:47 +0000 (03:05 -0700)]
vfs_io_uring: fix the prefix for parametric options from 'vfs_io_uring' to 'io_uring'
This is what the manpage describes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14361
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
fadc7043a71b409ad60a1a4076a7f88f379d2056)
Jeremy Allison [Thu, 7 May 2020 19:48:49 +0000 (12:48 -0700)]
s3: VFS: default. Change pwrite() -> sys_pwrite_full() in SMB_VFS_PWRITE_SEND() to protect against short writes.
Note that as sys_pwrite_full() deals with the EINTR case
we can remove the do {} while loop here.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14361
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
801c06f4c9400343b72cad998086288931f7c6b3)
Jeremy Allison [Thu, 7 May 2020 19:45:10 +0000 (12:45 -0700)]
s3: VFS: default. Change pread() -> sys_pread_full() in SMB_VFS_PREAD_SEND() to protect against short reads.
Note that as sys_pread_full() deals with the EINTR case
we can remove the do {} while loop here.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14361
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
bf2e546be38abfc77cf40e0b0fef42937696dcde)
Jeremy Allison [Thu, 7 May 2020 19:44:26 +0000 (12:44 -0700)]
s3: VFS: default. Change sys_pwrite() -> sys_pwrite_full() in SMB_VFS_PWRITE() to protect against short writes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14361
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
ca8c3619f657dc38db7cb248f1a657f5bfe20757)
Jeremy Allison [Thu, 7 May 2020 19:43:34 +0000 (12:43 -0700)]
s3: VFS: default. Change sys_pread() -> sys_pread_full() in SMB_VFS_PREAD() to protect against short reads.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14361
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
7daa79908b6a0362db30276b3b6f0db176b6ae3c)
Jeremy Allison [Thu, 7 May 2020 19:42:53 +0000 (12:42 -0700)]
s3: VFS: aio_fork: Change sys_pwrite() -> sys_pwrite_full() to protect against short writes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14361
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
20ee8b03bbe5bef4ea968170808e3c4c9d22318e)
Jeremy Allison [Thu, 7 May 2020 19:42:10 +0000 (12:42 -0700)]
s3: VFS: aio_fork: Change sys_pread() -> sys_pread_full() to protect against short reads.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14361
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
60f590000d545292760018694deb34a7cc4ded6d)
Stefan Metzmacher [Mon, 11 May 2020 16:18:24 +0000 (18:18 +0200)]
smbd: add vfs_valid_{pread,pwrite}_range() checks where needed
I checked all callers of SMB_VFS_PWRITE[_SEND](),
all callers of SMB_VFS_PREAD[_SEND]() and also
places where we append to the file and allocate
more space.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14361
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
6fa753a1a67d563cd22d0cad73ae15ee267512fc)
Stefan Metzmacher [Mon, 11 May 2020 20:00:37 +0000 (22:00 +0200)]
s3:smbd: add vfs_valid_{pread,pwrite}_range() helper functions
These implement the SMB2 visible behavior of the [MS-FSA]
2.1.5.2 Server Requests a Read and 2.1.5.3 Server Requests a Write
constraints. Note that offset < 0 is not allowed over SMB.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14361
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
70fa4b884d2c22669984c25fe757c2fc528f7331)
Stefan Metzmacher [Mon, 11 May 2020 16:18:24 +0000 (18:18 +0200)]
s3:smbd: handle 0 length writes as no-op.
They should never touch the SMB_VFS layer
and they never trigger an DISK_FULL error.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14361
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
ba68f21286c2c2f1fef8bf8c9cd500a622077887)
Stefan Metzmacher [Mon, 11 May 2020 16:18:24 +0000 (18:18 +0200)]
smb2_server: fix smbd_smb2_request_verify_sizes() for SMB2_OP_WRITE
Writes with a length of 0 are allowed.
The readfile related check we had before was not really useful
as min_dyn_len can only every be 0 or 1 (and for SMB2_OP_WRITE it's
always 1). So we checked
if (unread_bytes > 0) {
if (unread_bytes < 1) {
return error;
}
}
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14361
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
a6eee38ba2f89280676f0a32d26745afd95b551c)
Jeremy Allison [Thu, 7 May 2020 19:34:32 +0000 (12:34 -0700)]
lib: util: Add sys_pwrite_full().
A pwrite wrapper that will deal with EINTR and never return a short
write unless the file system returns an error. Copes with the
unspecified edge condition of pwrite returning zero by changing
the return to -1, errno = ENOSPC.
Thread-safe so may be used as a replacement for pwrite
inside pwrite_do() thread functions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14361
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
3ba7a89cea85d134eacf1e624e011fe6f66146fc)
Jeremy Allison [Thu, 7 May 2020 19:32:48 +0000 (12:32 -0700)]
lib: util: Add sys_pread_full().
A pread wrapper that will deal with EINTR and never return a short
read unless pread returns zero meaning EOF.
Thread-safe so may be used as a replacement for pread
inside pread_do() thread functions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14361
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
36af33bf9fcdf93fce5ef1520fcb7ddbb07b355e)
Stefan Metzmacher [Fri, 8 May 2020 11:06:54 +0000 (13:06 +0200)]
lib: util: Add sys_valid_io_range()
This implements the contraints of
[MS-FSA] 2.1.5.2 Server Requests a Read.
The special handling of [MS-FSA] 2.1.5.3 Server Requests a Write
with offset < 0, should be handled by higher layers!
Which means the check can also be used for writes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14361
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
e02cbd5c3ea6903d2b7b43c3193b8662d029ecdd)
Stefan Metzmacher [Mon, 11 May 2020 10:37:41 +0000 (12:37 +0200)]
s4:torture: add tests to test the SMB2 read/write offset/length boundaries
[MS-FSA] 2.1.5.2 Server Requests a Read and
2.1.5.3 Server Requests a Write define some contraints.
These tests demonstrate that ((int64_t)offset) < 0) is
not allowed for both reads and writes for SMB.
Also the special case for writes at offset -2 is not possible
nor the append mode with offset < 0.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14361
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
54de0e4a3e46a53db5262963e64b109c567554a1)
Ralph Boehme [Thu, 23 Apr 2020 14:10:23 +0000 (16:10 +0200)]
vfs_shadow_copy2: implement case canonicalisation in shadow_copy2_get_real_filename()
unix_convert() can't do this for us in snapdirseverywhere mode, so we do it
ourselves.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14350
Signed-off-by: Ralph Boehme <slow@samba.org>
(Similar to commit
a3d1ac2a597e2441d6855db566306298ae5db99b)
Ralph Boehme [Mon, 27 Apr 2020 12:38:28 +0000 (14:38 +0200)]
s3/lib: add is_gmt_token()
This is not present in master as master has been converted to use struct
smb_filename.twrp instead of @GMT string tokens as part of the path.
Signed-off-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Thu, 23 Apr 2020 14:09:16 +0000 (16:09 +0200)]
smbd: make get_real_filename_full_scan() public
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14350
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit
aa5f19ddf1dec1ac4386441929bca94727f30ee6)
[Conflicts: source3/smbd/proto.h: more functions are missing in 4.12]
Ralph Boehme [Tue, 21 Apr 2020 11:06:03 +0000 (13:06 +0200)]
CI: add two tests for shadow_copy2 VFS module
Note that the test "fetch a previous version of a regular file via non-canonical
basepath" doesn't fail by "luck" because it runs into the "creating file"
optimisation in unix_convert().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14350
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
6557777c86d72a185b3fe4061a8b5791fd748924)
Gary Lockyer [Thu, 30 Apr 2020 20:57:30 +0000 (08:57 +1200)]
ldb: Bump version to 2.1.3
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14330
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Gary Lockyer [Tue, 31 Mar 2020 19:22:08 +0000 (08:22 +1300)]
lib ldb: lmdb init var before calling mdb_reader_check
Initilalise "stale" to zero before passing a pointer to it to
mdb_reader_check.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Apr 7 12:29:00 UTC 2020 on sn-devel-184
(cherry picked from commit
d1f4002b914efb31aa34a59e7c93d80f3174727c)
Gary Lockyer [Sun, 29 Mar 2020 23:08:30 +0000 (12:08 +1300)]
lib ldb: lmdb clear stale readers on write txn start
In use process failures and Bind9 shut downs leave stale entries in the
lmdb reader table. This can result in lmdb filling it's database file, as
the free list can not be reclaimed due to the stale reader.
In this fix we call mdb_reader_check at the start of each transaction,
to free any stale readers. As the default maximum number of readers is
127, this should not impact on performance to any great extent.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14330
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Mar 31 01:26:07 UTC 2020 on sn-devel-184
(cherry picked from commit
89041a6d18a1d091ea713e6986cac5ca66c2b481)
Gary Lockyer [Mon, 16 Mar 2020 02:18:12 +0000 (15:18 +1300)]
ldb tests: Confirm lmdb free list handling
Add cmocka tests to confirm lmdb's handling of the free list.
As a result of lmdb's MVCC (Multiversion Concurrency Control) long
running read transactions or stale readers (read transactions where the
process exited without ending the transaction) can cause the database to
run out of space.
Items in the free list are only reused when they would not be visible in
a read transaction. So long running read transactions prevent entries
in the free list being reused, and the database can run out of space.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
fc13304d1575ad6bc6e04cdb3eedf46d3c3678c7)
Amit Kumar [Wed, 22 Apr 2020 11:53:42 +0000 (06:53 -0500)]
lib:util: Fix smbclient -l basename dir
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14345
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Amit Kumar <amitkuma@redhat.com>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit
c83ce5f4f99aef94530411ec82cc03e9935b352d)
Amit Kumar [Wed, 22 Apr 2020 11:53:33 +0000 (06:53 -0500)]
Add a test for smbclient -l basename
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14345
Signed-off-by: Amit Kumar <amitkuma@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit
2a7fc40fb3f3ca994cecad3e2957433d7a411208)
Alexander Bokovoy [Tue, 28 Apr 2020 18:59:46 +0000 (21:59 +0300)]
s3: pass DCE RPC handle type to create_policy_hnd
Various RPC services expect policy handles of a specific type.
s3 RPC server did not allow to create policy handles with a specific
type while actually requiring that policy handle type itself in some
places.
Make sure we are able to specify the policy on-wire handle type when
creating the policy handle. The changes follow s4 DCE RPC server
implementation.
The original logic to always set on-wire handle type to 0 can be tracked
down to commit
fdeea341ed1bae670382e45eb731db1b5838ad21 when we didn't
really know about differences in on-wire handle types.
All but LSA trusted domain RPC calls do not check the on-wire handle
type in s3 RPC server.
Fixes trusted domain operations when Samba RPC client attempts to call
s3 RPC server to perform lsa_lsaRSetForestTrustInformation in FreeIPA.
This fix is a pre-requisite for FreeIPA-FreeIPA forest trust.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14359
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 28 22:55:29 UTC 2020 on sn-devel-184
(cherry picked from commit
c7a4578d06427a82ead287f0c5248c1a54cc9336)
Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-12-test): Mon May 4 13:06:07 UTC 2020 on sn-devel-184
Anoop C S [Mon, 20 Apr 2020 09:11:18 +0000 (14:41 +0530)]
dbwrap_watch: Set rec->value_valid while returning nested share_mode_do_locked()
As reported on samba-technical by Rouven WEILER <Rouven_Weiler@gmx.net>:
https://lists.samba.org/archive/samba-technical/2020-April/135116.html
Following backtrace was observed with vfs_fruit for time machine backup:
[2020/04/10 08:00:38.107917, 0] ../../lib/dbwrap/dbwrap.c:82(dbwrap_record_get_value)
PANIC: assert failed at ../../lib/dbwrap/dbwrap.c(82): rec->value_valid
[2020/04/10 08:00:38.108499, 0] ../../source3/lib/util.c:830(smb_panic_s3)
PANIC (pid 3427): assert failed: rec->value_valid
[2020/04/10 08:00:38.109541, 0] ../../lib/util/fault.c:265(log_stack_trace)
BACKTRACE: 37 stack frames:
#0 /usr/lib/samba/amd64/libsamba-util.so.0.0.1'log_stack_trace+0x26 [0xfffffd7fee51de66]
#1 /usr/lib/samba/amd64/libsmbconf.so.0'smb_panic_s3+0x26 [0xfffffd7fedf5a596]
#2 /usr/lib/samba/amd64/libsamba-util.so.0.0.1'smb_panic+0x1f [0xfffffd7fee51df3f]
#3 /usr/lib/samba/private/amd64/libdbwrap-samba4.so'dbwrap_record_get_value+0x2a [0xfffffd7feccb627a]
#4 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'get_share_mode_lock+0x109 [0xfffffd7fee7195c9]
#5 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'smbd_contend_level2_oplocks_begin+0xa1 [0xfffffd7fee7f7761]
#6 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'brl_lock+0x635 [0xfffffd7fee710f45]
#7 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'do_lock_fn+0xa4 [0xfffffd7fee70d534]
#8 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'share_mode_do_locked_fn+0x86 [0xfffffd7fee7174b6]
#9 /usr/lib/samba/amd64/libsmbconf.so.0'dbwrap_watched_do_locked_fn+0xfa [0xfffffd7fedf622ca]
#10 /usr/lib/samba/private/amd64/libdbwrap-samba4.so'db_tdb_do_locked+0x12f [0xfffffd7feccb95cf]
#11 /usr/lib/samba/private/amd64/libdbwrap-samba4.so'dbwrap_do_locked+0x48 [0xfffffd7feccb69a8]
#12 /usr/lib/samba/amd64/libsmbconf.so.0'dbwrap_watched_do_locked+0x6f [0xfffffd7fedf60d7f]
#13 /usr/lib/samba/private/amd64/libdbwrap-samba4.so'dbwrap_do_locked+0x48 [0xfffffd7feccb69a8]
#14 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'share_mode_do_locked+0xd2 [0xfffffd7fee719b82]
#15 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'do_lock+0xf0 [0xfffffd7fee70dfe0]
#16 /usr/lib/samba/amd64/vfs/fruit.so'fruit_create_file+0x7ba [0xfffffd7fe88855aa]
#17 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'smbd_smb2_request_process_create+0xa07 [0xfffffd7fee7d3237]
#18 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'smbd_smb2_request_dispatch+0xc8f [0xfffffd7fee7c985f]
#19 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'smbd_smb2_connection_handler+0x621 [0xfffffd7fee7ca7e1]
#20 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'tevent_common_invoke_fd_handler+0x80 [0xfffffd7fecd3a580]
#21 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'epoll_event_loop_once+0x22c [0xfffffd7fecd4180c]
#22 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'std_event_loop_once+0x40 [0xfffffd7fecd3f8f0]
#23 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'_tevent_loop_once+0x95 [0xfffffd7fecd39bd5]
#24 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'tevent_common_loop_wait+0x23 [0xfffffd7fecd39e43]
#25 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'std_event_loop_wait+0x40 [0xfffffd7fecd3f870]
#26 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'smbd_process+0x777 [0xfffffd7fee7b8677]
#27 /usr/lib/samba/sbin/amd64/smbd'smbd_accept_connection+0x189 [0x40d5b9]
#28 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'tevent_common_invoke_fd_handler+0x80 [0xfffffd7fecd3a580]
#29 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'epoll_event_loop_once+0x22c [0xfffffd7fecd4180c]
#30 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'std_event_loop_once+0x40 [0xfffffd7fecd3f8f0]
#31 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'_tevent_loop_once+0x95 [0xfffffd7fecd39bd5]
#32 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'tevent_common_loop_wait+0x23 [0xfffffd7fecd39e43]
#33 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'std_event_loop_wait+0x40 [0xfffffd7fecd3f870]
#34 /usr/lib/samba/sbin/amd64/smbd'main+0x1a0f [0x40f9ff]
#35 /usr/lib/samba/sbin/amd64/smbd'_start_crt+0x83 [0x408e73]
#36 /usr/lib/samba/sbin/amd64/smbd'_start+0x18 [0x408dd8]
In this particular nested share_mode_do_locked() invocation, callback
comes through dbwrap_watched_do_locked_fn() where it fails to update
rec->value_valid which further gets assigned to static_share_mode_record
within share_mode_do_locked_fn().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14352
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Apr 21 17:37:43 UTC 2020 on sn-devel-184
(cherry picked from commit
5651fafe9856e69c93dba3efa6253780cf3c10a1)
Volker Lendecke [Thu, 19 Mar 2020 10:01:41 +0000 (11:01 +0100)]
libsmb: Don't try to find posix stat info in SMBC_getatr()
This wrongly used "frame" instead of "fname", which can never have
worked. A first attempt to fix in
51551e0d53fa6 caused a few followup
patches in an attempt to clean up the test failures
51551e0d53fa6
introduced. They were reverted after a few discussions. So rather than
changing behaviour, just remove the code that introduced the valgrind
error again.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar 20 05:06:07 UTC 2020 on sn-devel-184
(cherry picked from commit
39c910fd9cba3caf7414274b678b9eee33d7e20b)
Karolin Seeger [Tue, 28 Apr 2020 11:48:51 +0000 (13:48 +0200)]
VERSION: Bump version up to 4.12.3.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Tue, 28 Apr 2020 11:48:23 +0000 (13:48 +0200)]
Merge tag 'samba-4.12.2' into v4-12-test
samba: tag release samba-4.12.2
Karolin Seeger [Wed, 22 Apr 2020 10:55:18 +0000 (12:55 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.12.2 release.
o CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ
o CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Wed, 22 Apr 2020 10:53:26 +0000 (12:53 +0200)]
WHATSNEW: Add release notes for Samba 4.12.2.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Gary Lockyer [Tue, 7 Apr 2020 22:46:44 +0000 (10:46 +1200)]
CVE-2020-10704 libcli ldap: Check search request lengths.
Check the search request lengths against the limits passed to
ldap_decode.
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Tue, 7 Apr 2020 20:49:23 +0000 (08:49 +1200)]
CVE-2020-10704: libcli ldap_message: Add search size limits to ldap_decode
Add search request size limits to ldap_decode calls.
The ldap server uses the smb.conf variable
"ldap max search request size" which defaults to 250Kb.
For cldap the limit is hard coded as 4096.
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Wed, 8 Apr 2020 03:32:22 +0000 (15:32 +1200)]
CVE-2020-10704: S4 ldap server: Limit request sizes
Check the size of authenticated and anonymous ldap requests and reject
them if they exceed the limits in smb.conf
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Mon, 6 Apr 2020 21:09:01 +0000 (09:09 +1200)]
CVE-2020-10704: smb.conf: Add max ldap request sizes
Add two new smb.conf parameters to control the maximum permitted ldap
request size.
Adds:
ldap max anonymous request size default 250Kb
ldap max authenticated request size default 16Mb
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Tue, 14 Apr 2020 01:32:32 +0000 (13:32 +1200)]
CVE-2020-10704: ldapserver tests: Limit search request sizes
Add tests to ensure that overly long (> 256000 bytes) LDAP search
requests are rejected.
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Wed, 8 Apr 2020 03:30:52 +0000 (15:30 +1200)]
CVE-2020-10704: lib util asn1: Check parse tree depth
Check the current depth of the parse tree and reject the input if the
depth exceeds that passed to asn1_init
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Thu, 2 Apr 2020 02:25:53 +0000 (15:25 +1300)]
CVE-2020-10704: libcli ldap: test recursion depth in ldap_decode_filter_tree
Add tests to check that ASN.1 ldap requests with deeply nested elements
are rejected. Previously there was no check on the on the depth of
nesting and excessive nesting could cause a stack overflow.
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Thu, 2 Apr 2020 23:18:03 +0000 (12:18 +1300)]
CVE-2020-10704: lib util asn1: Add ASN.1 max tree depth
Add maximum parse tree depth to the call to asn1_init, which will be
used to limit the depth of the ASN.1 parse tree.
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Karolin Seeger [Fri, 17 Apr 2020 10:06:08 +0000 (12:06 +0200)]
CVE-2020-10700: ldb: Bump version up to 2.1.2.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14331
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 11 Mar 2020 03:43:31 +0000 (16:43 +1300)]
CVE-2020-10700: dsdb: Do not permit the ASQ control for the GUID search in paged_results
ASQ is a very strange control and a BASE search can return multiple results
that are NOT the requested DN, but the DNs pointed to by it!
Thanks to Andrei Popa <andrei.popa@next-gen.ro> for finding,
reporting and working with us to diagnose this issue!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14331
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Wed, 11 Mar 2020 03:41:34 +0000 (16:41 +1300)]
CVE-2020-10700: ldb: Always use ldb_next_request() in ASQ module
We want to keep going down the module stack, and not start from the top again.
ASQ is above the ACL modules, but below paged_results and we do not wish to
re-trigger that work.
Thanks to Andrei Popa <andrei.popa@next-gen.ro> for finding,
reporting and working with us to diagnose this issue!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14331
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Mon, 30 Mar 2020 09:44:20 +0000 (09:44 +0000)]
CVE-2020-10700: dsdb: Add test for ASQ and ASQ in combination with paged_results
Thanks to Andrei Popa <andrei.popa@next-gen.ro> for finding,
reporting and working with us to diagnose this issue!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14331
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Karolin Seeger [Tue, 7 Apr 2020 06:38:40 +0000 (08:38 +0200)]
VERSION: Bump version up to 4.12.2...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
a3157b958bfd9f1f77014fcfc6ca5ad1f38b0fbf)
Volker Lendecke [Thu, 16 Apr 2020 12:38:34 +0000 (14:38 +0200)]
ctdb: Fix a memleak
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14348
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Apr 17 08:32:35 UTC 2020 on sn-devel-184
(cherry picked from commit
ad4b53f2d95de3d3609f3a23d96602f3dd516705)
Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-12-test): Tue Apr 21 12:44:16 UTC 2020 on sn-devel-184
Jeremy Allison [Fri, 10 Apr 2020 21:14:25 +0000 (14:14 -0700)]
s3: VFS: Add cmocka test for vfs_full_audit to make sure all arrays are correct.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14343
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(Back-ported from commit
5e987e2f40e7698de489696d795ebe26b7e75c9b)
Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-12-test): Fri Apr 17 10:19:13 UTC 2020 on sn-devel-184
Jeremy Allison [Fri, 10 Apr 2020 20:27:18 +0000 (13:27 -0700)]
s3: VFS: full_audit. Add missing fcntl entry in vfs_op_names[] array.
Found by yannick@in2ip.nl.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14343
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
977d3c7bab3319725abc418839d581489fd9bbe9)
Noel Power [Tue, 14 Apr 2020 10:21:22 +0000 (11:21 +0100)]
s3/librpc/crypto: Fix double free with unresolved credential cache
We free gse_ctx->k5ctx but then free it again in the
talloc dtor. This patch just lets the talloc dtor handle
things and removes the extra krb5_free_context
Failed to resolve credential cache 'DIR:/run/user/1000/krb5cc'! (No credentials cache found)
==30762== Invalid read of size 8
==30762== at 0x108100F4: k5_os_free_context (in /usr/lib64/libkrb5.so.3.3)
==30762== by 0x107EA661: krb5_free_context (in /usr/lib64/libkrb5.so.3.3)
==30762== by 0x7945D2E: gse_context_destructor (gse.c:84)
==30762== by 0x645FB49: _tc_free_internal (talloc.c:1157)
==30762== by 0x645FEC5: _talloc_free_internal (talloc.c:1247)
==30762== by 0x646118D: _talloc_free (talloc.c:1789)
==30762== by 0x79462E4: gse_context_init (gse.c:241)
==30762== by 0x794636E: gse_init_client (gse.c:268)
==30762== by 0x7947602: gensec_gse_client_start (gse.c:786)
==30762== by 0xBC87A3A: gensec_start_mech (gensec_start.c:743)
==30762== by 0xBC87BC6: gensec_start_mech_by_ops (gensec_start.c:774)
==30762== by 0xBC8167F: gensec_spnego_client_negTokenInit_step (spnego.c:633)
==30762== Address 0x17259928 is 40 bytes inside a block of size 496 free'd
==30762== at 0x4C2F50B: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==30762== by 0x79462CA: gse_context_init (gse.c:238)
==30762== by 0x794636E: gse_init_client (gse.c:268)
==30762== by 0x7947602: gensec_gse_client_start (gse.c:786)
==30762== by 0xBC87A3A: gensec_start_mech (gensec_start.c:743)
==30762== by 0xBC87BC6: gensec_start_mech_by_ops (gensec_start.c:774)
==30762== by 0xBC8167F: gensec_spnego_client_negTokenInit_step (spnego.c:633)
==30762== by 0xBC813E2: gensec_spnego_client_negTokenInit_start (spnego.c:537)
==30762== by 0xBC84084: gensec_spnego_update_pre (spnego.c:1943)
==30762== by 0xBC83AE5: gensec_spnego_update_send (spnego.c:1741)
==30762== by 0xBC85622: gensec_update_send (gensec.c:449)
==30762== by 0x551BFD0: cli_session_setup_gensec_local_next (cliconnect.c:997)
==30762== Block was alloc'd at
==30762== at 0x4C306B5: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==30762== by 0x107EA7AE: krb5_init_context_profile (in /usr/lib64/libkrb5.so.3.3)
==30762== by 0xB853215: smb_krb5_init_context_common (krb5_samba.c:3597)
==30762== by 0x794615B: gse_context_init (gse.c:209)
==30762== by 0x794636E: gse_init_client (gse.c:268)
==30762== by 0x7947602: gensec_gse_client_start (gse.c:786)
==30762== by 0xBC87A3A: gensec_start_mech (gensec_start.c:743)
==30762== by 0xBC87BC6: gensec_start_mech_by_ops (gensec_start.c:774)
==30762== by 0xBC8167F: gensec_spnego_client_negTokenInit_step (spnego.c:633)
==30762== by 0xBC813E2: gensec_spnego_client_negTokenInit_start (spnego.c:537)
==30762== by 0xBC84084: gensec_spnego_update_pre (spnego.c:1943)
==30762== by 0xBC83AE5: gensec_spnego_update_send (spnego.c:1741)
==30762==
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14344
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Tue Apr 14 22:55:51 UTC 2020 on sn-devel-184
(cherry picked from commit
34f8ab774d1484b0e60dbdec8ad2a1607ad92122)
Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-12-test): Wed Apr 15 13:20:28 UTC 2020 on sn-devel-184
Isaac Boukris [Fri, 31 Jan 2020 21:34:21 +0000 (22:34 +0100)]
mit-kdc: Explicitly reject S4U requests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14342
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Isaac Boukris <iboukris@samba.org>
Autobuild-Date(master): Tue Mar 10 14:46:04 UTC 2020 on sn-devel-184
Andreas Schneider [Fri, 6 Mar 2020 16:15:45 +0000 (17:15 +0100)]
selftest: Set KRB5RCACHETYPE to none for selftest
This is required that out tests work with MIT KRB5 1.18.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14342
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Isaac Boukris [Thu, 16 Jan 2020 21:00:21 +0000 (22:00 +0100)]
Sign and verify PAC with ticket principal instead of canon principal
With MIT library 1.18 the KDC no longer set
KRB5_KDB_FLAG_CANONICALIZE for enterprise principals which allows
us to not canonicalize them (like in Windows / Heimdal).
However, it now breaks the PAC signature verification as it was
wrongly done using canonical client rather than ticket client name.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14342
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Isaac Boukris [Thu, 16 Jan 2020 20:36:24 +0000 (21:36 +0100)]
Fix uxsuccess test with new MIT krb5 library 1.18
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14155
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14342
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Isaac Boukris [Mon, 16 Sep 2019 13:40:12 +0000 (16:40 +0300)]
Adapt sign_authdata in our KDB module for krb5 v1.18
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14342
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Fri, 3 Apr 2020 13:40:48 +0000 (15:40 +0200)]
testprogs: Add 'net ads join createupn' test also verifying the keytab
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14336
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Apr 6 19:09:53 UTC 2020 on sn-devel-184
(cherry picked from commit
c4be195da2845be4f64e47883e3c911dedd90e48)
Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-12-test): Tue Apr 7 09:36:45 UTC 2020 on sn-devel-184
Andreas Schneider [Fri, 3 Apr 2020 13:58:28 +0000 (15:58 +0200)]
s3:libads: Fix ads_get_upn()
This adds the userPrincipalName to ads_find_machine_acct() which
fetches the data for us.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14336
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit
ec69752cb963ae850568d3f4905d2941e485627e)
Ralph Boehme [Sun, 15 Mar 2020 07:30:21 +0000 (08:30 +0100)]
smbd: let delayed update handler also update on-disk timestamps
Let delayed update handler also update on-disk timestamps by calling
trigger_write_time_update_immediate().
trigger_write_time_update_immediate() sets fsp->update_write_time_on_close to
false which prevents updating the write-time on close if there was ever only one
write to the file.
Besides resetting fsp->update_write_time_on_close and setting the on-disk timestamps
trigger_write_time_update_immediate() takes the same steps as the removed code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14320
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 19 03:05:40 UTC 2020 on sn-devel-184
(cherry picked from commit
81c1a14e3271aeed7ed4fe6311171b19ba963555)
Ralph Boehme [Sun, 15 Mar 2020 07:30:21 +0000 (08:30 +0100)]
smbd: let mark_file_modified() always call trigger_write_time_update()
Preperatory change: the next commit will reset fsp->update_write_time_on_close
in the event handler, so this change ensures it gets set again for any
subsequent write.
This will NOT always result in a write-time update because
trigger_write_time_update() has its own only-once logic using the internal
variable fsp->update_write_time_triggered.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14320
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
53de2da7acfc24513082190502d93306c12b7434)
Ralph Boehme [Sun, 15 Mar 2020 15:46:16 +0000 (16:46 +0100)]
torture/smb2: delayed timestamp updates test: more then one write
Verify a close updates the write-time for subsequent writes after an initial
write started the delayed update logic.
This covers a scenario that will become relevant with the two subsequent
commits. The next commit:
smbd: let mark_file_modified() always call trigger_write_time_update()
ensures that trigger_write_time_update() is not only called for the first write
on a file. Without that preaparatory change, the second commit:
smbd: let delayed update handler also update on-disk timestamps
alone would cause this test to fail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14320
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
60aecca9a727555847aa1412415c5bbd927df4ff)
Ralph Boehme [Sat, 14 Mar 2020 15:43:48 +0000 (16:43 +0100)]
torture/smb2: delayed timestamp update test: single write
Verify close only updates write-time when a delayed update is actually pending.
This scenario is not covered by basic.delaywrite.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14320
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
58fa7b4fd7b53d3100459a0c9c7ef4ca7481b58a)
Ralph Boehme [Sun, 15 Mar 2020 14:51:18 +0000 (15:51 +0100)]
smbd: remove stat call from mark_file_modified()
This stat dates back to
d03453864ab1bc5fd3b4a3abaf96176a006c102b where the call
to trigger_write_time_update() had been to the file IO codepath. It was present
there for other reasons: to setup the write-cache based on the file's size.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14320
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
2c19d27113036d607850f370bb9afd62856d671e)
Jeremy Allison [Tue, 3 Mar 2020 21:31:18 +0000 (13:31 -0800)]
s3: tests: Add samba3.blackbox.force-close-share
Checks server stays up whilst writing to a force closed share.
Uses existing aio_delay_inject share to delay writes while
we force close the share.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Mar 8 19:34:14 UTC 2020 on sn-devel-184
(cherry picked from commit
bb22be08b077b7d5911ccdeb1012f4dea85647e5)
(cherry picked from commit
566658d914176c41942e3c6aba404ae369aeb123)
Jeremy Allison [Mon, 2 Mar 2020 21:11:06 +0000 (13:11 -0800)]
smbd: enforce AIO requests draining
Assert we have no aio on a close.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Combined squash of commits:
(cherry picked from commit
410e7599bd2ae9b35429f60a529bb7c4aa88df25)
(cherry picked from commit
acb0b01761330864a23932f643f7ad4e3d374634)
(cherry picked from commit
f94cd10a211e2eae966ba4bd26921556bbe513fc)
(cherry picked from commit
0ae4f368c6c8d2c8c7aa34069007a984055df0da)
(cherry picked from commit
86dd5a080969e14ab0d131d8cb1054ec624a41ba)
Jeremy Allison [Thu, 12 Mar 2020 18:02:19 +0000 (11:02 -0700)]
s3: smbd: Remove file_close_pid().
The old synchronous reply_exit() was the only user.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
584933439c70af3d2fd047e62a3456c1c2eca45e)
Jeremy Allison [Thu, 12 Mar 2020 18:01:05 +0000 (11:01 -0700)]
s3: smbd: Remove old synchronous SMB1 reply_exit().
SMB1 exit is now fully async.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
1de0daa715f3324e3620ae8152b7fbaeb40ee9d9)
Jeremy Allison [Thu, 12 Mar 2020 17:59:16 +0000 (10:59 -0700)]
s3: smbd: Add async internals of reply_exit().
Waits until all aio requests on all fsp's owned by this
vuid are finished before returning to the client.
Charges the profile time in the done function. Not strictly
correct but better than the other SMB1 async code that
double-charges profiling in both send and done at the
moment.
Done this way (commented out) so it is a clean
diff and it's clear what is being added.
A later commit will remove the old synchronous version.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
8f58feab58afbc7aa214fac2a1728dda68303c6b)
Jeremy Allison [Thu, 12 Mar 2020 17:19:31 +0000 (10:19 -0700)]
s3: smbd: Remove old synchronous SMB1 reply_ulogoffX().
SMB1 user logoff is now fully async.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
446b64ca66591d8ae5b4bf1aabdd46a1e8cb1c1c)
Jeremy Allison [Thu, 12 Mar 2020 17:16:42 +0000 (10:16 -0700)]
s3: smbd: reply_ulogoffX() Update to modern coding standards.
Minimizes the diff in the later commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
9cda76ad29db0cfbffa3dbb0764ec5dda24490f9)
Jeremy Allison [Thu, 12 Mar 2020 17:15:10 +0000 (10:15 -0700)]
s3: smbd: In reply_ulogoffX(), replace req -> smb1req.
Minimises the diff in later commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
5c073aa01b304f54a0039d9cd9dc74123191eb4b)
Jeremy Allison [Thu, 12 Mar 2020 17:11:14 +0000 (10:11 -0700)]
s3: smbd: Add async internals of reply_ulogoffX.
Waits until all aio requests on all fsp's owned by this
vuid are finished before returning to the client.
Charges the profile time in the done function. Not strictly
correct but better than the other SMB1 async code that
double-charges profiling in both send and done at the
moment.
Done this way (commented out) so it is a clean
diff and it's clear what is being added.
A later commit will remove the old synchronous version.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
4dd3012cb1b5e000ccf68d2601dbdbcb7ff538b5)
Jeremy Allison [Thu, 12 Mar 2020 17:03:27 +0000 (10:03 -0700)]
s3: smbd: Remove old synchronous SMB1 reply_tdis().
SMB1 tree disconnect is now fully async.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
7613998e10c5f13c896667257fdef33824a45d2a)