Karolin Seeger [Wed, 12 Aug 2020 07:47:58 +0000 (09:47 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.12.6 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Wed, 12 Aug 2020 07:47:28 +0000 (09:47 +0200)]
WHATSNEW: Add release notes for Samba 4.12.6.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Volker Lendecke [Tue, 21 Apr 2020 12:54:25 +0000 (14:54 +0200)]
srvsvc: Move brl_get_locks() out of enum_file_fn()
With share_infos.tdb this is a locking order violation:
share_infos.tdb is level 4, brlock.tdb is level 2. Avoid this by first
walking the share_infos.tdb and then fetching all the brlock entries.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14355
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu May 14 22:06:32 UTC 2020 on sn-devel-184
(cherry picked from commit
01db877c7766387984ef32914eca0b2e817c4c6a)
Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-12-test): Thu Aug 6 14:56:35 UTC 2020 on sn-devel-184
Volker Lendecke [Mon, 11 May 2020 09:08:54 +0000 (11:08 +0200)]
test: Show that netfileenum is broken
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14355
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
8e4583f730abd1a210ec52d5a060dddc4ad850bb)
Volker Lendecke [Mon, 11 May 2020 09:09:02 +0000 (11:09 +0200)]
rpcclient: Make netfileenum cmd print the path names
Needed for the next commit testing netfileenum
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14355
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
1d40cc01c2d7f14704c1d9b4b7c42c4cf3450da9)
Volker Lendecke [Wed, 22 Apr 2020 11:21:40 +0000 (13:21 +0200)]
rpcclient: Use struct initializers in cmd_srvsvc_net_file_enum()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14355
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
8c080f28c37a4ada4f3605123a357666881fa3a0)
Volker Lendecke [Tue, 21 Apr 2020 12:32:16 +0000 (14:32 +0200)]
srvsvc: Collect file ids in enum_file_fn()
Will be used a few patches down
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14355
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
46ab1d478d8c27bb4837bf277f8eae5d59613dd2)
Volker Lendecke [Tue, 21 Apr 2020 12:42:50 +0000 (14:42 +0200)]
srvsvc: Use a struct initializer in net_enum_files()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14355
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
bda0b3875d965c5cccd09dc09f593229e268ee9b)
Volker Lendecke [Tue, 21 Apr 2020 12:24:48 +0000 (14:24 +0200)]
srvsvc: Directly use "ctr3->count" instead of "i"
To me this was not very transparent, and now that we have "ctr3" a
single indirect looks okay
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14355
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
96d68bb9f26a0c99d00e92130a2f2c91c7b985e2)
Volker Lendecke [Tue, 21 Apr 2020 12:21:49 +0000 (14:21 +0200)]
srvsvc: Use a struct assignment in enum_file_fn()
Looks nicer than 5 complex array references...
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14355
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
ff80f68c3020be0a92eb41115a64518ece097ee7)
Volker Lendecke [Tue, 21 Apr 2020 12:16:41 +0000 (14:16 +0200)]
srvsvc: Introduce ctx3 helper var in enum_file_fn()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14355
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
a9397f87881b9a67407b557e09478cdd40f75b75)
Andrew Bartlett [Sun, 26 Jul 2020 23:37:29 +0000 (11:37 +1200)]
dbcheck: Allow a dangling forward link outside our known NCs
If we do not have the NC of the target object we can not be really sure
that the object is redundent and so we want to keep it for now
and not (as happened until now) break the dbcheck run made during the
replication stage of a "samba-tool domain backup rename".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14450
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit
05228c4e07013c0e6f78f1330b3b787271282ca8)
Martin Schwenke [Mon, 6 Jul 2020 04:02:49 +0000 (14:02 +1000)]
ctdb-tests: Stop cat command failure from causing test failure
In certain circumstance, which aren't obvious, cat(1) can fail when
attempting to write a lot of data. This is due to something (probably
write(2)) returning EAGAIN.
Given that the -v option should only really be used for test
debugging, ignore the failure instead of spending time debugging it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14446
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
3ff8765d04c0fb950b7be4f9a049999aeb08223b)
Martin Schwenke [Mon, 20 Jul 2020 02:02:45 +0000 (12:02 +1000)]
ctdb-scripts: Use nfsconf as a last resort get nfsd thread count
If nfsconf exists then use it as last resort to attempt to extract
[nfsd]:threads from /etc/nfs.conf.
Invocation of nfsconf requires "|| true" because this script uses "set
-e". Add a stub that always fails to at least test this much.
RN: Use nfsconf utility for variable values in CTDB NFS scripts
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14444
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon Jul 27 07:06:58 UTC 2020 on sn-devel-184
(cherry picked from commit
642dc6ded6426ba2fbf3ac1e5cd71aae11ca245b)
Martin Schwenke [Mon, 13 Jul 2020 00:16:33 +0000 (10:16 +1000)]
ctdb-scripts: Use nfsconf as a last resort to set NFS_HOSTNAME
If nfsconf exists then use it as last resort to attempt to extract
[statd]:name from /etc/nfs.conf.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14444
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
334dd8cedda6a341e3b89c9adc8102ea5480e452)
Stefan Metzmacher [Mon, 6 Jul 2020 06:58:22 +0000 (08:58 +0200)]
s3:smbd: check for stale pid in delay_for_oplock_fn() when leases_db_get() fails
If leases_db_get() failed the leases_db record might have been cleaned up for
stale processes. Check if the share-mode-entry owner is stale in this case and
return ignore the entry. In any other case, log a debug messages and panic.
Commit
05d4466a6d1ad048fa86aea09ec0a56a7b961369
"smbd: check for stale pid in get_lease_type()" fixed only one half of
this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 7 02:47:46 UTC 2020 on sn-devel-184
(cherry picked from commit
58adf349edfd3001ad071cc7ed8cfc551f67f8a2)
Stefan Metzmacher [Mon, 6 Jul 2020 12:03:39 +0000 (14:03 +0200)]
s3:leases: log errors with level 0 in leases_db_do_locked_fn()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
217693682d5bbd0f2d6b5331f47b2a6348840898)
Ralph Boehme [Thu, 2 Jul 2020 12:47:12 +0000 (14:47 +0200)]
smbd: check for stale pid in get_lease_type()
If leases_db_get() failed the leases_db record might have been cleaned up for
stale processes. Check if the share-mode-entry owner is stale in this case and
return a 0 lease state. In any other case, log a debug messages and panic.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jul 2 16:45:42 UTC 2020 on sn-devel-184
(cherry picked from commit
05d4466a6d1ad048fa86aea09ec0a56a7b961369)
Ralph Boehme [Thu, 2 Jul 2020 12:45:59 +0000 (14:45 +0200)]
smbd: let get_lease_type() take a non-const share_mode_entry
We're going to add a call to share_entry_stale_pid(share_mode_entry) which takes
a non-const pointer (in order to eventually set e->state = true).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
3f4a865821da27efbed4f7c38ad3efbcaae77a02)
Ralph Boehme [Thu, 2 Jul 2020 12:08:44 +0000 (14:08 +0200)]
smbd: inverse if/else logic in get_lease_type()
No change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
e4328db1c94837a8ea5652971cea20055d3d24ff)
Ralph Boehme [Thu, 2 Jul 2020 12:10:05 +0000 (14:10 +0200)]
s3/leases: log NDR decoding failure with level 0 in leases_db_get_fn()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
383a2457bd6cbe0acd571a8d601f8bdc5365f0b4)
Ralph Boehme [Thu, 2 Jul 2020 12:09:15 +0000 (14:09 +0200)]
smbd: increase loglevel when leases_db_del() with anything then NT_STATUS_NOT_FOUND
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
fbb8bbe1243eb2a0351dc2422929278f85a99e26)
Andreas Schneider [Fri, 17 Jul 2020 10:14:16 +0000 (12:14 +0200)]
docs: Fix documentation for require_membership_of of pam_winbind.conf
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14358
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
(cherry picked from commit
71b7140fd0a33e7e8c5bf37c2897cea8224b3f01)
Andreas Schneider [Thu, 9 Jul 2020 09:48:26 +0000 (11:48 +0200)]
docs: Fix documentation for require_membership_of of pam_winbind
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14358
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit
4c74db6978c682f8ba4e74a6ee8157cfcbb54971)
Stefan Metzmacher [Thu, 23 Apr 2020 09:56:54 +0000 (11:56 +0200)]
kdc:db-glue: ignore KRB5_PROG_ETYPE_NOSUPP also for Primary:Kerberos
Currently we only ignore KRB5_PROG_ETYPE_NOSUPP for
Primary:Kerberos-Newer-Keys, but not for Primary:Kerberos.
If a service account has msDS-SupportedEncryptionTypes: 31
and DES keys stored in Primary:Kerberos, we'll pass the
DES key to smb_krb5_keyblock_init_contents(), but may get
KRB5_PROG_ETYPE_NOSUPP.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14354
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jul 28 14:04:26 UTC 2020 on sn-devel-184
(cherry picked from commit
4baa7cc8e473f6b63316b4ae5db34796c0f864c3)
Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-12-test): Thu Aug 6 11:00:25 UTC 2020 on sn-devel-184
Isaac Boukris [Mon, 27 Apr 2020 12:00:38 +0000 (14:00 +0200)]
Add a test with old msDS-SupportedEncryptionTypes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14354
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
07399831794e28c7c2cf0140d0f1d1b5538b5f60)
Stefan Metzmacher [Wed, 1 Jul 2020 07:38:58 +0000 (09:38 +0200)]
s3:smbd: make sure vfs_ChDir() always sets conn->cwd_fsp->fh->fd = AT_FDCWD
This is what all consumers of conn->cwd_fsp->fh->fd expect!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14427
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
f3f330f61db983f6d213a097d9a4d91b1057ecb1)
Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-12-test): Thu Jul 9 13:04:14 UTC 2020 on sn-devel-184
Stefan Metzmacher [Thu, 2 Jul 2020 10:06:28 +0000 (12:06 +0200)]
s3:smbd: reformat if statement for caching in vfs_ChDir()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14427
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
b2b5ae090ee8796609eb0b5794bc4e62c24414ef)
Stefan Metzmacher [Thu, 2 Jul 2020 12:32:34 +0000 (14:32 +0200)]
s4:torture/smb2: add smb2.delete-on-close-perms.BUG14427
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14427
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
bcba4bb210d9482be4c2c8dadfb5cc185046cbaa)
Andrew [Tue, 30 Jun 2020 10:54:06 +0000 (06:54 -0400)]
s3:winbind:idmap_ad - make failure to get attrnames for schema mode fatal
Add check for failure to resolve the OID array for the schema mode into
names.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14425
Signed-off-by: Andrew <awalker@ixsystems.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
b5b801026edd3a8fd8d0ba1752e891453cf675c9)
Ralph Boehme [Tue, 30 Jun 2020 15:03:05 +0000 (17:03 +0200)]
lib/debug: set the correct default backend loglevel to MAX_DEBUG_LEVEL
This fixed a regression introduced by commit
c83ce5f4f99aef94530411ec82cc03e9935b352d for bug #14345.
The backend loglevel globally restricts logging of a particular backend. If this
value is smaller then any explicitly configured logging class, logging for this
class is skipped.
Eg, given the following logging config in smb.conf:
log level = 1 auth_json_audit:3@/var/log/samba/samba_auth_audit.log
the default class loglevel of 1 (dbgc_config[DBGC_ALL].loglevel) will be
assigned to the backend loglevel.
So even though the logging class auth_json_audit is configured at level 3, this
doesn't become effective as the file backend drops all log messages with a level
below 1.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14426
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jul 2 13:25:29 UTC 2020 on sn-devel-184
(cherry picked from commit
71488b812fe737df2d3439a6ff3f95bb69b4a5bd)
Ralph Boehme [Tue, 30 Jun 2020 15:02:07 +0000 (17:02 +0200)]
lib/debug: assert file backend
The debug file backend is a built-in default, if it's missing we're totally
screwed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14426
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
5aeaa6959da326095e98f0369b6d91dc5667415e)
Andrew Bartlett [Wed, 1 Jul 2020 02:31:54 +0000 (14:31 +1200)]
selftest: Run test of how userPassword / crypt() style passwords are stored in quicktest
This ensures that the crypt_r()/crypt_rn()/crypt() behaviour is tested in all
the samba-o3 builds and so is checked on RHEL7 in GitLab CI.
https://bugzilla.samba.org/show_bug.cgi?id=14424
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit
cabf873b75b1d4d456190358bc3ed051bca16978)
Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-12-test): Mon Jul 6 11:44:23 UTC 2020 on sn-devel-184
Andrew Bartlett [Wed, 1 Jul 2020 02:30:24 +0000 (14:30 +1200)]
selftest: Split samba.tests.samba_tool.user_virtualCryptSHA into GPG and not GPG parts
This allows the userPassword (not GPG) part of the test to run on hosts without
python3-gpg (eg RHEL7) while still testing the userPassword handling.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14424
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit
2c4ecf002a3fbbe8be061814468529c8bd6bb7aa)
Andrew Bartlett [Wed, 1 Jul 2020 02:35:39 +0000 (14:35 +1200)]
dsdb: Allow "password hash userPassword schemes = CryptSHA256" to work on RHEL7
On RHEL7 crypt_r() will set errno. This is a problem because the implementation of crypt_r()
in RHEL8 and elsewhere in libcrypt will return non-NULL but set errno on failure.
The workaround is to use crypt_rn(), provided only by libcrypt, which will return NULL
on failure, and so avoid checking errno in the non-failure case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14424
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit
91453f110fa72062291eb59ad9d95fab0f423557)
Bjoern Jacke [Mon, 29 Jun 2020 12:00:46 +0000 (12:00 +0000)]
util: fix build on AIX by fixing the order of replace.h include
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14422
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
d93a6d2663a25bca072cd5623aea16e21ed650b8)
Martin Schwenke [Fri, 5 Jun 2020 12:05:42 +0000 (22:05 +1000)]
util: Reallocate larger buffer if getpwuid_r() returns ERANGE
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Bjoern Jacke <bjacke@samba.org>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Jun 9 21:07:24 UTC 2020 on sn-devel-184
(cherry picked from commit
ddac6b2eb4adaec8fc5e25ca07387d2b9417764c)
Martin Schwenke [Fri, 5 Jun 2020 11:52:23 +0000 (21:52 +1000)]
util: Fix build on FreeBSD by avoiding NSS_BUFLEN_PASSWD
NSS_BUFLEN_PASSWD is not defined on FreeBSD. Use
sysconf(_SC_GETPW_R_SIZE_MAX) instead, as per POSIX.
Use a dynamically allocated buffer instead of trying to cram all of
the logic into the declarations. This will come in useful later
anyway.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Bjoern Jacke <bjacke@samba.org>
(cherry picked from commit
847208cd8ac68c4c7d1dae63767820db1c69292b)
Martin Schwenke [Tue, 9 Jun 2020 01:52:50 +0000 (11:52 +1000)]
util: Simplify input validation
It appears that snprintf(3) is being used for input validation.
However, this seems like overkill because it causes szPath to be
copied an extra time. The mostly likely protections being sought
here, according to https://cwe.mitre.org/data/definitions/20.html,
look to be DoS attacks involving CPU and memory usage. A simpler
check that uses strnlen(3) can mitigate against both of these and is
simpler.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Bjoern Jacke <bjacke@samba.org>
(cherry picked from commit
922bce2668994dd2a5988c17060f977e9bb0c229)
Jeremy Allison [Tue, 30 Jun 2020 21:00:41 +0000 (14:00 -0700)]
s3: libsmb: Fix SMB2 client rename bug to a Windows server.
Fix bug where renaming to a target name of one
UCS2 character (name length 2 bytes) fails to
a Windows 10 SMB2 server.
The Windows 10 SMB2 server has a minimum length
for a SMB2_FILE_RENAME_INFORMATION buffer of
24 bytes. It returns NT_STATUS_INFO_LENGTH_MISMATCH
if the length is less. This isn't an alignment
issue as Windows client happily 2-byte align
for larget target name sizes. Also the Windows 10
SMB1 server doesn't have this restriction.
If the name length is too short, pad out with
zeros to 24 bytes.
Hard to add a test for this as we don't want to
add this silly restriction to the Samba server
as it would break all non-Windows clients.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14403
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jul 1 18:59:53 UTC 2020 on sn-devel-184
(cherry picked from commit
f59490dc2d07107d32d6e888f2814011ab2845b7)
Karolin Seeger [Thu, 2 Jul 2020 11:08:52 +0000 (13:08 +0200)]
VERSION: Bump version up to 4.12.6...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 2 Jul 2020 11:08:04 +0000 (13:08 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.12.5 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 2 Jul 2020 11:07:29 +0000 (13:07 +0200)]
WHATSNEW: Add release notes for Samba 4.12.5.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 2 Jul 2020 09:05:41 +0000 (11:05 +0200)]
VERSION: Bump version up to 4.12.5.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 2 Jul 2020 09:05:20 +0000 (11:05 +0200)]
Merge tag 'samba-4.12.4' into v4-12-test
samba: tag release samba-4.12.4
Jeremy Allison [Mon, 1 Jun 2020 21:09:54 +0000 (14:09 -0700)]
s3: msdfs: Fix missing struct stat return on msdfs links by doing an LSTAT call.
This (unfortunately) re-exposes the fact the msdfs links are symlinks,
bit fixing this correctly requires a VFS ABI change which we can't
do for a released stream.
Remove the knownfail.d/msdfs-attr file.
Everything now passes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14391
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-12-test): Fri Jun 26 11:18:10 UTC 2020 on sn-devel-184
Jeremy Allison [Mon, 1 Jun 2020 20:45:28 +0000 (13:45 -0700)]
s3: torture: Add test for getting attibutes on an MSDFS link.
Mark as knownfail for now.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14391
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(back ported from commit
2a4705129d06b91023bc3fc435fccf91d3939553)
Jeremy Allison [Mon, 1 Jun 2020 19:08:17 +0000 (12:08 -0700)]
s3: torture: Add a MSDFS-ATTRIBUTE test.
Framework to drive comes next.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14391
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
84134812e3447317125ae08b2a98848a2e4bbd65)
Jeremy Allison [Mon, 1 Jun 2020 18:33:13 +0000 (11:33 -0700)]
s3: libsmb: Info level SMB_FIND_EA_SIZE encodes attibutes as a uint16, not a uint8.
We will need this to detect FILE_ATTRIBUTE_REPARSE_POINT in a later commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14391
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
6463f2612a662f217af18455206afde122323375)
Jeremy Allison [Mon, 1 Jun 2020 19:01:13 +0000 (12:01 -0700)]
s3: libsmb: Info level SMB_FIND_INFO_STANDARD encodes attibutes as a uint16, not a uint8.
We will need this to detect FILE_ATTRIBUTE_REPARSE_POINT in a later commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14391
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
be52f87c376a8f71b2de4aa52f25818cad2b160e)
Jeremy Allison [Mon, 1 Jun 2020 18:36:03 +0000 (11:36 -0700)]
s3: libsmb: Info level SMB_FIND_FILE_BOTH_DIRECTORY_INFO encodes attibutes as a uint32, not a uint8.
Cast to a uint16_t for now after pulling the information
as finfo->mode is currently only 16 bits.
We will need this to detect FILE_ATTRIBUTE_REPARSE_POINT in a later commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14391
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
5e3e6c4c0c70e171607f4b5351bd8ec146730f08)
Jeremy Allison [Mon, 1 Jun 2020 20:55:10 +0000 (13:55 -0700)]
s3: libsmb: Info level SMB2_FIND_ID_BOTH_DIRECTORY_INFO encodes attibutes as a uint32, not a uint8.
Fix the SMB2 parsing code.
Cast to a uint16_t for now after pulling the information
as finfo->mode is currently only 16 bits.
We will need this to detect FILE_ATTRIBUTE_REPARSE_POINT in a later commit.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
3063e1601ad9e2536651a75a47ebf4921ffddbdc)
Jeremy Allison [Tue, 16 Jun 2020 22:01:49 +0000 (15:01 -0700)]
s3: smbd: Allow a SHUTDOWN_CLOSE on a file with outstanding aio if there are no client connections alive.
The process is exiting now so pthreads will never complete to cause
problems.
Remove the knownfail.d/aio_outstanding entry.
Followup-bugfix for:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 24 20:14:15 UTC 2020 on sn-devel-184
(cherry picked from commit
205653732064ecf76d3198451240af468806ec14)
Jeremy Allison [Thu, 25 Jun 2020 21:56:03 +0000 (14:56 -0700)]
s3: smbd: Add smbXsrv_client_valid_connections().
Next commit will make use of this.
Followup-bugfix for:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301
Signed-off-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Mon, 22 Jun 2020 20:44:12 +0000 (13:44 -0700)]
s3: selftest: Add samba3.blackbox.aio-outstanding test.
Shows smbd panics if connection is terminated (torn down)
by killing the client with outstanding aio requests in the
queue. As we're closing smbd we should cope with this.
Followup-bugfix for:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
f206d37f6ec8143b2051a8fe15783c188344adbe)
Karolin Seeger [Thu, 25 Jun 2020 10:57:04 +0000 (12:57 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.12.4 release.
This is a security release in order to address the following CVEs:
o CVE-2020-10730: NULL pointer de-reference and use-after-free in Samba AD DC
LDAP Server with ASQ, VLV and paged_results.
o CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume
excessive CPU.
o CVE-2020-10760: LDAP Use-after-free in Samba AD DC Global Catalog with
paged_results and VLV.
o CVE-2020-14303: Empty UDP packet DoS in Samba AD DC nbtd.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 25 Jun 2020 10:56:15 +0000 (12:56 +0200)]
WHATSNEW: Add release notes for Samba 4.12.4.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Andrew Bartlett [Mon, 8 Jun 2020 04:32:14 +0000 (16:32 +1200)]
CVE-2020-10760 dsdb: Add tests for paged_results and VLV over the Global Catalog port
This should avoid a regression.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 5 Jun 2020 10:14:48 +0000 (22:14 +1200)]
CVE-2020-10760 dsdb: Ensure a proper talloc tree for saved controls
Otherwise a paged search on the GC port will fail as the ->data was
not kept around for the second page of searches.
An example command to produce this is
bin/ldbsearch --paged -H ldap://$SERVER:3268 -U$USERNAME%$PASSWORD
This shows up later in the partition module as:
ERROR: AddressSanitizer: heap-use-after-free on address 0x60b00151ef20 at pc 0x7fec3f801aac bp 0x7ffe8472c270 sp 0x7ffe8472c260
READ of size 4 at 0x60b00151ef20 thread T0 (ldap(0))
#0 0x7fec3f801aab in talloc_chunk_from_ptr ../../lib/talloc/talloc.c:526
#1 0x7fec3f801aab in __talloc_get_name ../../lib/talloc/talloc.c:1559
#2 0x7fec3f801aab in talloc_check_name ../../lib/talloc/talloc.c:1582
#3 0x7fec1b86b2e1 in partition_search ../../source4/dsdb/samdb/ldb_modules/partition.c:780
or
smb_panic_default: PANIC (pid 13287): Bad talloc magic value - unknown value
(from source4/dsdb/samdb/ldb_modules/partition.c:780)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14402
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Wed, 24 Jun 2020 02:27:08 +0000 (14:27 +1200)]
CVE-2020-14303: s4 nbt: fix busy loop on empty UDP packet
An empty UDP packet put the nbt server into a busy loop that consumes
100% of a cpu.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14417
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Wed, 24 Jun 2020 23:59:54 +0000 (11:59 +1200)]
CVE-2020-14303 Ensure an empty packet will not DoS the NBT server
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 14 May 2020 22:52:45 +0000 (10:52 +1200)]
CVE-2020-10745: ndr/dns-utils: prepare for NBT compatibility
NBT has a funny thing where it sometimes needs to send a trailing dot as
part of the last component, because the string representation is a user
name. In DNS, "example.com", and "example.com." are the same, both
having three components ("example", "com", ""); in NBT, we want to treat
them differently, with the second form having the three components
("example", "com.", "").
This retains the logic of
e6e2ec0001fe3c010445e26cc0efddbc1f73416b.
Also DNS compression cannot be turned off for NBT.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Douglas Bagnall [Thu, 14 May 2020 12:06:08 +0000 (00:06 +1200)]
CVE-2020-10745: dns_util/push: forbid names longer than 255 bytes
As per RFC 1035.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Douglas Bagnall [Fri, 24 Apr 2020 23:10:18 +0000 (11:10 +1200)]
CVE-2020-10745: ndr_dns: do not allow consecutive dots
The empty subdomain component is reserved for the root domain, which we
should only (and always) see at the end of the list. That is, we expect
"example.com.", but never "example..com".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Douglas Bagnall [Fri, 24 Apr 2020 23:03:30 +0000 (11:03 +1200)]
CVE-2020-10745: ndr/dns_utils: correct a comment
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Douglas Bagnall [Fri, 24 Apr 2020 23:02:08 +0000 (11:02 +1200)]
CVE-2020-10745: ndr_dns: move ndr_push_dns_string core into sharable function
This is because ndr_nbt.c does almost exactly the same thing with
almost exactly the same code, and they both do it wrong. Soon they
will both be using the better version that this will become. Though in
this patch we just move the code, not fix it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Douglas Bagnall [Fri, 12 Jun 2020 02:26:38 +0000 (14:26 +1200)]
CVE-2020-10745: librpc/tests: cmocka tests of dns and ndr strings
These time the push and pull function in isolation.
Timing should be under 0.0001 seconds on even quite old hardware; we
assert it must be under 0.2 seconds.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378
(backported from master commit)
[abartlet@samba.org: backported due to differences in pre-existing
tests - eg test_ndr - mentioned in wscript_build and tests.py]
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Douglas Bagnall [Thu, 11 Jun 2020 05:38:51 +0000 (17:38 +1200)]
CVE-2020-10745: pytests: hand-rolled invalid dns/nbt packet tests
The client libraries don't allow us to make packets that are broken in
certain ways, so we need to construct them as byte strings.
These tests all fail at present, proving the server is rendered
unresponsive, which is the crux of CVE-2020-10745.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Gary Lockyer [Thu, 21 May 2020 21:11:14 +0000 (09:11 +1200)]
ldb: Bump version to 2.1.4
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Tue, 12 May 2020 22:56:56 +0000 (10:56 +1200)]
CVE-2020-10730: lib ldb: Check if ldb_lock_backend_callback called twice
Prevent use after free issues if ldb_lock_backend_callback is called
twice, usually due to ldb_module_done being called twice. This can happen if a
module ignores the return value from function a function that calls
ldb_module_done as part of it's error handling.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Mon, 18 May 2020 00:37:39 +0000 (12:37 +1200)]
CVE-2020-10730: s4 dsdb vlv_pagination: Prevent repeat call of ldb_module_done
Check the return code from vlv_results, if it is not LDB_SUCCESS
ldb_module_done has already been called, and SHOULD NOT be called again.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Mon, 18 May 2020 00:36:57 +0000 (12:36 +1200)]
CVE-2020-10730: s4 dsdb paged_results: Prevent repeat call of ldb_module_done
Check the return code from paged_results, if it is not LDB_SUCCESS
ldb_module_done has already been called, and SHOULD NOT be called again.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Wed, 6 May 2020 04:18:19 +0000 (16:18 +1200)]
CVE-2020-10730: dsdb: Ban the combination of paged_results and VLV
This (two different paging controls) makes no sense and fails against
Windows Server 1709.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Wed, 6 May 2020 05:05:30 +0000 (17:05 +1200)]
CVE-2020-10730: dsdb: Fix crash when vlv and paged_results are combined
The GUID is not returned in the DN for some reason in this (to be banned)
combination.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Wed, 6 May 2020 04:19:01 +0000 (16:19 +1200)]
CVE-2020-10730: selftest: Add test to show that VLV and paged_results are incompatible
As tested against Windows Server 1709
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Tue, 5 May 2020 04:34:11 +0000 (16:34 +1200)]
CVE-2020-10730: vlv: Another workaround for mixing ASQ and VLV
This is essentially an alternative patch, but without the correct
behaviour. Instead this just avoids a segfault.
Included in case we have something simialr again in
another module.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Tue, 5 May 2020 01:16:48 +0000 (13:16 +1200)]
CVE-2020-10730: selftest: Add test to confirm VLV interaction with ASQ
Tested against Windows 1709.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Tue, 5 May 2020 00:55:57 +0000 (12:55 +1200)]
CVE-2020-10730: vlv: Do not re-ASQ search the results of an ASQ search with VLV
This is a silly combination, but at least try and keep the results sensible
and avoid a double-dereference.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Tue, 5 May 2020 00:54:59 +0000 (12:54 +1200)]
CVE-2020-10730: vlv: Use strcmp(), not strncmp() checking the NULL terminated control OIDs
The end result is the same, as sizeof() includes the trailing NUL, but this
avoids having to think about that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Karolin Seeger [Tue, 19 May 2020 10:06:12 +0000 (12:06 +0200)]
VERSION: Bump version up to 4.12.4...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
11abc955736af2e398cb0f208ab47bde9fadee60)
Alexander Bokovoy [Thu, 18 Jun 2020 07:45:41 +0000 (10:45 +0300)]
ldb_ldap: fix off-by-one increment in lldb_add_msg_attr
Fix regression introduced by commit
ce2bf5c72b6423fff680b3d6a9042103a6cdda55
lldb_add_msg_attr() calls ldb_msg_add_empty() which, in turn, calls
calls _ldb_msg_add_el() which already increments msg->num_elements by one.
As a result, msg->num_elements is bigger than the actual number of
elements and any iteration over elements would step over elements array
boundary.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14413
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jun 19 08:35:33 UTC 2020 on sn-devel-184
(cherry picked from commit
990a0fc4a0481aed817fad7575d8df453fbe7af9)
Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-12-test): Wed Jun 24 11:22:16 UTC 2020 on sn-devel-184
Alexander Bokovoy [Thu, 18 Jun 2020 08:49:08 +0000 (11:49 +0300)]
lib/ldb: add unit test for ldb_ldap internal code
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14413
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
36bd6edd8a603f3aa34aff81c43ef26efd3ad4cf)
Isaac Boukris [Sat, 20 Jun 2020 15:17:33 +0000 (17:17 +0200)]
Fix usage of ldap_get_values_len for msDS-AdditionalDnsHostName
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14406
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jun 22 09:59:04 UTC 2020 on sn-devel-184
Isaac Boukris [Thu, 11 Jun 2020 13:51:27 +0000 (16:51 +0300)]
Properly handle msDS-AdditionalDnsHostName returned from Windows DC
Windows DC adds short names for each specified msDS-AdditionalDnsHostName
attribute, but these have a suffix of "\0$" and thus fail with
ldap_get_values(), use ldap_get_values_len() instead.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14406
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Isaac Boukris [Tue, 16 Jun 2020 19:01:49 +0000 (22:01 +0300)]
selftest: add tests for binary msDS-AdditionalDnsHostName
Like the short names added implicitly by Windows DC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14406
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Isaac Boukris [Thu, 11 Jun 2020 18:05:07 +0000 (21:05 +0300)]
Fix a typo in recent net man page changes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14406
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Gary Lockyer [Mon, 22 Jun 2020 01:42:56 +0000 (13:42 +1200)]
libcli ldap tests: remove use of zero length array
libcli/ldap/tests/ldap_message_test.c defines a zero length array
(uint8_t buf[0]), which is a GCC extension and breaks the build with
some strict compilers like xlc.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14387
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jun 23 02:15:35 UTC 2020 on sn-devel-184
(cherry picked from commit
d701bc1518766f36b1c7a3a00a82485098a8ee3d)
Isaac Boukris [Wed, 27 May 2020 13:54:12 +0000 (15:54 +0200)]
Add net-ads-join dnshostname=fqdn option
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14396
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri May 29 13:33:28 UTC 2020 on sn-devel-184
Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-12-test): Thu Jun 4 13:12:27 UTC 2020 on sn-devel-184
Isaac Boukris [Wed, 27 May 2020 13:36:28 +0000 (15:36 +0200)]
Add msDS-AdditionalDnsHostName entries to the keytab
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14396
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Isaac Boukris [Wed, 27 May 2020 15:55:12 +0000 (17:55 +0200)]
Add a test for msDS-AdditionalDnsHostName entries in keytab
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14396
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Isaac Boukris [Wed, 27 May 2020 11:25:17 +0000 (13:25 +0200)]
Refactor ads_keytab_add_entry() to make it iterable
so we can more easily add msDS-AdditionalDnsHostName entries.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14396
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Isaac Boukris [Wed, 27 May 2020 13:52:46 +0000 (15:52 +0200)]
Fix accidental overwrite of dnsHostName by the last netbios alias
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14396
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Isaac Boukris [Wed, 27 May 2020 14:50:45 +0000 (16:50 +0200)]
Add a test to check dNSHostName with netbios aliases
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14396
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 29 Nov 2019 12:48:24 +0000 (13:48 +0100)]
s3:libads: prefer ENCTYPE_AES256_CTS_HMAC_SHA1_96 in ads_keytab_add_entry()
This is currently not critical as we only use keytabs
only as acceptor, but in future we'll also use them
for kinit() and there we should prefer the newest type.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Björn Jacke [Tue, 19 May 2020 10:42:31 +0000 (12:42 +0200)]
docs-xml: update list of posible VFS operations for vfs_full_audit
the list of valid operations can be generated by
grep "{ SMB_VFS_OP_" source3/modules/vfs_full_audit.c |sed 's/.*,[ \t]*"//;s/".*//'|grep -v NULL | sort
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14386
based on
14470e4e4c16cfc36384027c39c1685dea42ad26 in master
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 11 May 2020 22:58:27 +0000 (15:58 -0700)]
s3: libsmbclient: Finish unifing bad iconv behavior across CORE NT1 SMB2 protocols.
On bad name conversion, exit the directory listing with an error, but leave the
connection intact. We were already checking for finfo->name == NULL here,
but were ignoring it and not reporting an error.
Remove the knownfail.d/bad_iconv file as we now
behave the same across CORE/NT1/SMB2.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14374
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue May 12 21:32:44 UTC 2020 on sn-devel-184
(cherry picked from commit
393da520e43bd3a28feb231bcd9fd5308a3daa4a)
Jeremy Allison [Mon, 11 May 2020 19:23:49 +0000 (12:23 -0700)]
s3: libsmb: In SMB2 return NT_STATUS_INVALID_NETWORK_RESPONSE if name conversion ended up with a NULL filename.
Can happen if namelen == 0.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14374
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
753115a8d19f6ac8cd28305748fc6d888679dccc)
Jeremy Allison [Mon, 11 May 2020 19:34:10 +0000 (12:34 -0700)]
s3: libsmb: In SMB1 old protocol - return NT_STATUS_INVALID_NETWORK_RESPONSE if name conversion ended up with a NULL filename.
Can happen if namelen == 0.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14374
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
b10de0bb64fe022e6b066584013dfb0bdf2ade96)
Jeremy Allison [Mon, 11 May 2020 22:37:00 +0000 (15:37 -0700)]
s3: selftest: Add test_smbclient_iconv.sh to check client behavior on bad name conversion.
SMB2 and NT1 fail this, CORE already returns NT_STATUS_INVALID_NETWORK_RESPONSE
on bad conversion.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14374
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(back-ported from commit
e016671d34c24c4768df774425ec743b88e30015)
Jeremy Allison [Mon, 11 May 2020 21:10:54 +0000 (14:10 -0700)]
s3: selftest: Add share definition [bad_iconv] in fileserver.
Creates a utf8 valid filename within that is invalid in CP850.
Useful to test smbclient list directory character set conversions.
https://bugzilla.samba.org/show_bug.cgi?id=14374
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(back-ported from commit
a9651d6bc2b6dea8adc859ce21c2431253868887)