Jule Anger [Thu, 6 Jul 2023 13:41:10 +0000 (15:41 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.17.9 release.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Thu, 6 Jul 2023 13:40:45 +0000 (15:40 +0200)]
WHATSNEW: Add release notes for Samba 4.17.9.
Signed-off-by: Jule Anger <janger@samba.org>
Stefan Metzmacher [Tue, 4 Jul 2023 12:12:03 +0000 (14:12 +0200)]
s3:winbindd: let winbind_samlogon_retry_loop() fallback to NT_STATUS_NO_LOGON_SERVERS
When we were not able to get a valid response from any DC we should
report NT_STATUS_NO_LOGON_SERVERS with authoritative = 1.
This matches what windows does. In a chain of transitive
trusts the ACCESS_DENIED/authoritative=0 is not propagated,
instead NT_STATUS_NO_LOGON_SERVERS/authoritative=1 is
passed along the chain if there's no other DC is available.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
50e771c12f84f9268c2e9ddeef0965f79f85de3d)
Autobuild-User(v4-17-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-17-test): Thu Jul 6 13:29:28 UTC 2023 on sn-devel-184
Stefan Metzmacher [Tue, 4 Jul 2023 11:01:24 +0000 (13:01 +0200)]
s3:winbindd: make use of reset_cm_connection_on_error() in winbind_samlogon_retry_loop()
Note this is more than a simple invalidate_cm_connection() as it may set
domain->conn.netlogon_force_reauth = true, which is important in order
to recover from NT_STATUS_RPC_SEC_PKG_ERROR errors.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
b317b10dffd99d1add3ff0b85b958edd9639abc8)
Stefan Metzmacher [Wed, 16 Feb 2022 13:19:16 +0000 (14:19 +0100)]
s3:winbindd: let winbind_samlogon_retry_loop() always start with authoritative = 1
Otherwise we could treat a local problem as non-authoritative.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
0cb6de4b1d5410f3699172952be81c6eb75c2c86)
Stefan Metzmacher [Tue, 4 Jul 2023 10:32:34 +0000 (12:32 +0200)]
s3:winbindd: make use of reset_cm_connection_on_error() for winbindd_lookup_{names,sids}()
Note this is more than a simple invalidate_cm_connection() as it may set
domain->conn.netlogon_force_reauth = true.
This is not strictly needed as the callers call
reset_cm_connection_on_error() via reconnect_need_retry().
But it might avoid one roundtrip.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
4ad5a35a3f67860aa7a1345efcfc92fe40578e31)
Stefan Metzmacher [Tue, 4 Jul 2023 10:32:34 +0000 (12:32 +0200)]
s3:winbindd: call reset_cm_connection_on_error() in wb_cache_query_user_list()
This is mostly for consistency, every remote call should call
reset_cm_connection_on_error(). Note this is more than
a simple invalidate_cm_connection() as it may set
domain->conn.netlogon_force_reauth = true.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
cb59fd43bbf758e4bad774cfc19ef87b157052c2)
Ralph Boehme [Wed, 5 Jul 2023 09:33:58 +0000 (11:33 +0200)]
smbd: call exit_server_cleanly() to avoid panicking
The parent smdb forwards SIGTERM to its process group in order to kill all
children like the scavenger. This happens from a function registered via
atexit() which means the signal forwarding is happening very briefly before the
main smbd process exits. When exiting the pipe between smbd and scavenger is
closed which triggers a file event in the scavenger.
However, due to kernel sheduling it is possible that the file descriptor event
is received before the signal, where we call exit_server() which call
smb_panic() at the end.
Change the exit to exit_server_cleanly() and just log this event at level 2
which we already do.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15275
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jul 5 13:14:08 UTC 2023 on atb-devel-224
(cherry picked from commit
083fe1c28c6ec69cbd15d8cc2f7f06b1b630f2bc)
Douglas Bagnall [Thu, 8 Dec 2022 21:36:30 +0000 (10:36 +1300)]
pidl: avoid py compile issues with --pidl-developer
We get these warnings-as-errors:
librpc/gen_ndr/py_netlogon.c:61903:53: error: stray ‘\’ in program
61903 | PyErr_Format(PyExc_TypeError, "Expected type %s",\ //<PIDL> Parse::Pidl::Samba4::Python::ConvertObjectFromPythonData lib/Parse/Pidl/Samba4/Python.pm:2005
but the '\' is unnecessary and unconventional anyway, since we're in a
function argument list.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15404
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Feb 3 03:27:54 UTC 2023 on atb-devel-224
(cherry picked from commit
e26a01a48c4a6ca6f9424ced72eda68e6eb1e7e3)
Autobuild-User(v4-17-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-17-test): Fri Jun 30 12:44:07 UTC 2023 on sn-devel-184
Jones Syue [Tue, 27 Jun 2023 09:19:59 +0000 (17:19 +0800)]
s3:utils: smbget fix a memory leak
Using smbget to download files recursively (-R).
If smbget found that a file is already existed in the destination,
smbget would said 'File exists', return early, and 'newname' allocated
memory is never freed, this is found by valgrind.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15403
Signed-off-by: Jones Syue <jonessyue@qnap.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jun 28 07:02:34 UTC 2023 on atb-devel-224
(cherry picked from commit
afbed653526b572f7309e67ed742a76ef7b2b8ec)
Autobuild-User(v4-17-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-17-test): Wed Jun 28 21:03:31 UTC 2023 on sn-devel-184
Volker Lendecke [Thu, 8 Jun 2023 08:14:18 +0000 (10:14 +0200)]
smbclient: Fix fd leak with "showacls;ls"
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15391
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun 8 16:55:14 UTC 2023 on atb-devel-224
(cherry picked from commit
5c52f71c0d0e162dcbf42378357313035efa860f)
Autobuild-User(v4-17-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-17-test): Fri Jun 9 14:43:33 UTC 2023 on sn-devel-184
Volker Lendecke [Thu, 1 Jun 2023 13:57:26 +0000 (15:57 +0200)]
libsmb: Fix directory listing against old servers
cli_list_trans_recv() can be called multiple times. When it's done, it
return NT_STATUS_OK and set *finfo to NULL. cli_list_old_recv() did
not do the NULL part, so smbclient would endlessly loop.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15382
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun 1 21:54:42 UTC 2023 on atb-devel-224
(cherry picked from commit
f30f5793ad592e193546586b765837c0ac9f5647)
Autobuild-User(v4-17-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-17-test): Fri Jun 2 13:52:29 UTC 2023 on sn-devel-184
Volker Lendecke [Thu, 1 Jun 2023 14:41:37 +0000 (16:41 +0200)]
tests: Show that we 100% loop in cli_list_old_recv()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15382
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
e86234f3d61c62e4365e1ea105bdd29feaf7ccbe)
Volker Lendecke [Thu, 1 Jun 2023 14:39:21 +0000 (16:39 +0200)]
tests: Make timelimit available to test scripts
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15382
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
4804d6b89a9146f1fc5270de158cd25254505f61)
Samuel Cabrero [Wed, 18 Jan 2023 16:25:29 +0000 (17:25 +0100)]
s4:dnsserver: Rename dns_name_equal() to samba_dns_name_equal()
This function already exists in bind9 but takes different arguments, so when
the DLZ is loaded and this function is called bind crashes:
named[1523]: samba_dlz: allowing update of signer=DESKTOP-8BUKMBK\$\@AFOREST.AD name=118.101.168.192.in-addr.arpa tcpaddr=192.168.101.118 type=PTR key=1264-ms-7.1-2ac9.
9ef238e1-9747-11ed-9f95-
525400dc6981/159/0
named[1523]: samba_dlz: allowing update of signer=DESKTOP-8BUKMBK\$\@AFOREST.AD name=118.101.168.192.in-addr.arpa tcpaddr=192.168.101.118 type=PTR key=1264-ms-7.1-2ac9.
9ef238e1-9747-11ed-9f95-
525400dc6981/159/0
named[1523]: client @0x7f26caa90f68 192.168.101.118#58223/key DESKTOP-8BUKMBK\$\@AFOREST.AD: updating zone '101.168.192.in-addr.arpa/NONE': deleting rrset at '118.101.168.192.in-addr.ar
named[1523]: name.c:664: REQUIRE(((name1) != ((void *)0) && ((const isc__magic_t *)(name1))->magic == ((('D') << 24 | ('N') << 16 | ('S') << 8 | ('n'))))) failed, back trace
Backtrace:
#0 0x00007f2716c957ec in __pthread_kill_implementation () from /lib64/libc.so.6
#1 0x00007f2716c42816 in raise () from /lib64/libc.so.6
#2 0x00007f2716c2b81c in abort () from /lib64/libc.so.6
#3 0x000055d4de847995 in assertion_failed (file=<optimized out>, line=<optimized out>,
type=<optimized out>, cond=<optimized out>) at /usr/src/debug/bind-9.18.10/bin/named/main.c:237
#4 0x00007f27176388fc in isc_assertion_failed (file=file@entry=0x7f27173b0df6 "name.c",
line=line@entry=664, type=type@entry=isc_assertiontype_require,
cond=cond@entry=0x7f27173b0268 "((name1) != ((void *)0) && ((const isc__magic_t *)(name1))->magic == ((('D') << 24 | ('N') << 16 | ('S') << 8 | ('n'))))")
at /usr/src/debug/bind-9.18.10/lib/isc/assertions.c:48
#5 0x00007f27172946f9 in dns_name_equal (name1=<optimized out>, name2=<optimized out>)
at /usr/src/debug/bind-9.18.10/lib/dns/name.c:664
**** Here bind's dns_name_equal() is called instead of samba's dns_name_equal() ****
#6 0x00007f27077ad6f2 in dns_record_match (rec1=0x7f26f8042d70, rec2=0x7f26f8044d10)
at ../../source4/dns_server/dnsserver_common.c:1346
#7 0x00007f271404732c in b9_record_match (rec1=0x7f26f8042d70, rec2=0x7f26f8044d10)
at ../../source4/dns_server/dlz_bind9.c:1830
#8 0x00007f2714047daa in dlz_subrdataset (name=0x7f2706ff82f0 "118.101.168.192.in-addr.arpa",
rdatastr=0x7f26c9c10000 "118.101.168.192.in-addr.arpa.\t1200\tIN\tPTR\tDESKTOP-8BUKMBK.aforest.ad.",
dbdata=0x7f271003d300, version=0x7f26f8044b20) at ../../source4/dns_server/dlz_bind9.c:2077
#9 0x000055d4de84afb4 in dlopen_dlz_subrdataset (name=0x7f2706ff82f0 "118.101.168.192.in-addr.arpa",
rdatastr=<optimized out>, driverarg=<optimized out>, dbdata=0x7f270430f680, version=<optimized out>)
at /usr/src/debug/bind-9.18.10/bin/named/dlz_dlopen_driver.c:483
#10 0x00007f271738e734 in modrdataset.constprop.0 (db=0x7f2704291740, node=0x7f26c9c006e0,
version=0x7f26f8044b20, rdataset=0x7f2706ff8830,
mod_function=0x55d4de84af80 <dlopen_dlz_subrdataset>, options=<optimized out>)
at /usr/src/debug/bind-9.18.10/lib/dns/sdlz.c:1107
#11 0x00007f2717251855 in diff_apply (diff=diff@entry=0x7f2706ff8df0, db=db@entry=0x7f2704291740,
ver=ver@entry=0x7f26f8044b20, warn=warn@entry=true) at /usr/src/debug/bind-9.18.10/lib/dns/diff.c:370
#12 0x00007f2717251c8a in dns_diff_apply (diff=diff@entry=0x7f2706ff8df0, db=db@entry=0x7f2704291740,
ver=ver@entry=0x7f26f8044b20) at /usr/src/debug/bind-9.18.10/lib/dns/diff.c:465
#13 0x00007f2717d105aa in do_one_tuple (tuple=tuple@entry=0x7f2706ff8e50, db=db@entry=0x7f2704291740,
ver=ver@entry=0x7f26f8044b20, diff=diff@entry=0x7f2706ff9400)
at /usr/src/debug/bind-9.18.10/lib/ns/update.c:454
#14 0x00007f2717d10fff in update_one_rr (rdata=0x7f2706ff8ee8, ttl=<optimized out>,
name=<optimized out>, op=DNS_DIFFOP_DEL, diff=0x7f2706ff9400, ver=0x7f26f8044b20, db=0x7f2704291740)
at /usr/src/debug/bind-9.18.10/lib/ns/update.c:505
#15 delete_if_action (data=<optimized out>, rr=0x7f2706ff8ee0)
at /usr/src/debug/bind-9.18.10/lib/ns/update.c:1427
#16 0x00007f2717d10ccd in foreach_rr (db=0x7f2704291740, ver=<optimized out>, name=0x7f26caa61d00,
type=<optimized out>, covers=<optimized out>,
rr_action=rr_action@entry=0x7f2717d10f60 <delete_if_action>, rr_action_data=0x7f2706ff9280)
at /usr/src/debug/bind-9.18.10/lib/ns/update.c:736
#17 0x00007f2717d10e76 in delete_if (predicate=predicate@entry=0x7f2717d0fb10 <true_p>,
db=<optimized out>, ver=<optimized out>, name=<optimized out>, type=<optimized out>,
covers=<optimized out>, update_rr=0x7f2706ff94b0, diff=0x7f2706ff9400)
at /usr/src/debug/bind-9.18.10/lib/ns/update.c:1454
#18 0x00007f2717d1bccd in update_action (task=<optimized out>, event=<optimized out>)
at /usr/src/debug/bind-9.18.10/lib/ns/update.c:3299
#19 0x00007f271765eb4c in task_run (task=0x7f27155ccf00)
at /usr/src/debug/bind-9.18.10/lib/isc/task.c:823
#20 isc_task_run (task=0x7f27155ccf00) at /usr/src/debug/bind-9.18.10/lib/isc/task.c:904
#21 0x00007f271762cb12 in isc__nm_async_task (worker=0x7f2716236560, ev0=0x7f26caa07000)
at netmgr/netmgr.c:840
#22 process_netievent (worker=worker@entry=0x7f2716236560, ievent=0x7f26caa07000) at netmgr/netmgr.c:918
#23 0x00007f271762d197 in process_queue (worker=worker@entry=0x7f2716236560,
type=type@entry=NETIEVENT_TASK) at netmgr/netmgr.c:1011
#24 0x00007f271762d3b3 in process_all_queues (worker=0x7f2716236560) at netmgr/netmgr.c:765
#25 async_cb (handle=0x7f27162368c0) at netmgr/netmgr.c:794
#26 0x00007f2717c4cb0d in uv__async_io (loop=0x7f2716236570, w=<optimized out>, events=<optimized out>)
at src/unix/async.c:163
#27 0x00007f2717c6825d in uv__io_poll (loop=0x7f2716236570, timeout=<optimized out>)
at src/unix/epoll.c:374
#28 0x00007f2717c5247a in uv__io_poll (timeout=<optimized out>, loop=0x7f2716236570)
at src/unix/udp.c:122
#29 uv_run (loop=loop@entry=0x7f2716236570, mode=mode@entry=UV_RUN_DEFAULT) at src/unix/core.c:406
#30 0x00007f271762d834 in nm_thread (worker0=0x7f2716236560) at netmgr/netmgr.c:696
#31 0x00007f27176627f5 in isc__trampoline_run (arg=0x55d4dfe3ad70)
at /usr/src/debug/bind-9.18.10/lib/isc/trampoline.c:189
#32 0x00007f2716c9398d in start_thread () from /lib64/libc.so.6
#33 0x00007f2716d19344 in clone () from /lib64/libc.so.6
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14030
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Samuel Cabrero <scabrero@samba.org>
Autobuild-Date(master): Thu Jan 19 10:20:27 UTC 2023 on atb-devel-224
(cherry picked from commit
fcecdfa8e5c651d4a27f8fcd5df6e9bce37ed8a7)
Ralph Boehme [Mon, 22 May 2023 10:32:00 +0000 (12:32 +0200)]
vfs_fruit: add fruit:convert_adouble parameter
https://bugzilla.samba.org/show_bug.cgi?id=15378
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri May 26 00:52:29 UTC 2023 on atb-devel-224
(cherry picked from commit
035f6d914d133cf3248f15b1be06a9e1837238da)
Autobuild-User(v4-17-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-17-test): Wed May 31 08:48:25 UTC 2023 on sn-devel-184
Ralph Boehme [Mon, 22 May 2023 10:25:04 +0000 (12:25 +0200)]
vfs_fruit: just log failing AppleDouble conversion
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15378
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
3bf97f19c36d26b4178f7cb6202bbdd44de0c1aa)
Ralph Boehme [Tue, 23 May 2023 15:28:33 +0000 (17:28 +0200)]
libadouble: allow FILE_SHARE_DELETE in ad_convert_xattr()
Not specifying FILE_SHARE_DELETE wasn't done intentionally. Not setting the flag
triggers the following problem:
* client sends a CREATE with delete access
* this triggers a call to open_streams_for_delete() where we check for
conflicting opens on any of the streams of the file or directory
* if the file (or directory) has a stream like ":com.apple.quarantine" the
stream is opened with DELETE_ACCESS and kept open when the next step might:
* if the file (or directory) has a Mac specific :AFP_AfpInfo stream, the
ad_convert() routine in fruit_create_file() is triggered
* ad_convert() checks if the file (or ...) has a sidecar ._ AppleDouble file, if
it has:
* in ad_convert_xattr() we unpack any set of xattrs encoded in the AppleDouble
file and recreate them as streams with the VFS. Now, if any of these xattrs
happens to be converted to a stream that we still have open in
open_streams_for_delete() (see above) we get a NT_STATUS_SHARING_VIOLATION
This error gets passed up the stack back to open_streams_for_delete() so the
client CREATE request fails and the client is unhappy.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15378
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
55bd10456486628cad2bd085618e873598401c3b)
Ralph Boehme [Mon, 22 May 2023 17:37:17 +0000 (19:37 +0200)]
vfs_fruit: never return AFP_Resource stream for directories
The macOS client creates ._ AppleDouble files for directories that do contain
an (empty) resource fork AppleDouble entry. So when going from a Samba server
config without streams module (or when migrating data from another server
without streams support), to a Samba config with a streams module and vfs_fruit,
fruit_streaminfo() will wrongly return the AFP_Resource from the AppleDouble
file as stream to the client.
To address this, just never return an AFP_Resource stream for directories when
listing streams in fruit_streaminfo(). ad_convert(), when configured with
fruit:delete_empty_adfiles = true
fruit:wipe_intentionally_left_blank_rfork = true
will happily discard the AFP_Resource from the AppleDouble file.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15378
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
06f0c070a0b18313f48362aa326e3e7e6a096492)
Ralph Boehme [Mon, 22 May 2023 17:35:33 +0000 (19:35 +0200)]
vfs_fruit: return ENOENT instead of EISDIR when trying to open AFP_Resource for a directory
Translates to NT_STATUS_OBJECT_NAME_NOT_FOUND which is the same error macOS
returns in this case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15378
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
9b91a8bad2ff8da9eb56f1f9d640bcea294a5a0a)
Ralph Boehme [Wed, 24 May 2023 19:28:48 +0000 (21:28 +0200)]
CI: add a test for fruit AppleDouble conversion when deletion triggers conversion
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15378
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
59eadfe21aca6d563f86ea656517216036421bca)
Volker Lendecke [Tue, 18 Apr 2023 10:47:04 +0000 (12:47 +0200)]
rpc_server3: Pass winbind_env_set() state through to rpcd_*
Winbind can ask rpcd_lsad for LookupNames etc. This can recurse back
into winbind for getpwnam. We have the "_NO_WINBINDD" environment
variable set in winbind itself for this case, but this is lost on the
way into rpcd_lsad. Use a flag in global_sid_Samba_NPA_Flags to pass
this information to dcerpc_core, where it sets the variable on every
call if requested.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue May 16 11:54:32 UTC 2023 on atb-devel-224
(cherry picked from commit
59694ad0a4cc489f1baa4c2c94c6322c0f22c1df)
Autobuild-User(v4-17-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-17-test): Tue May 23 08:09:23 UTC 2023 on sn-devel-184
Volker Lendecke [Tue, 18 Apr 2023 12:32:20 +0000 (14:32 +0200)]
lib: Add security_token_del_npa_flags() helper function
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
bb3ea36e10079ad9c73c68d7ed8fce51ecb40ebe)
Volker Lendecke [Tue, 18 Apr 2023 10:29:34 +0000 (12:29 +0200)]
rpc: Remove named_pipe_auth_req_info6->need_idle_server
Involves bumping up the version number
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
bdba027a33e35aab7bb322bc3167cdd7babfc059)
Volker Lendecke [Tue, 18 Apr 2023 10:28:28 +0000 (12:28 +0200)]
rpc_server3: Use global_sid_Samba_NPA_Flags to pass "need_idle"
More code, but will be more flexible in the future.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
31180e0e6d9e43d54e7656a56ed3af129f578105)
Joseph Sutton [Thu, 22 Dec 2022 04:48:26 +0000 (17:48 +1300)]
named_pipe_auth: Bump info5 to info6
In the next commit, we shall replace the 'authenticated' field of
named_pipe_auth_req_info.info5.session_info.session_info.info with a
more general 'user_flags' field.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
8aef16bbbc1e55f0a9f5a8ec87e5348688d93785)
Volker Lendecke [Tue, 18 Apr 2023 10:09:45 +0000 (12:09 +0200)]
rpc: Add global_sid_Samba_NPA_Flags SID
This will be used as a flexible way to pass per-RPC-connection flags
over ncalrpc to the RPC server without having to modify
named_pipe_auth_req_info6 every time something new needs to be
passed. It's modeled after global_sid_Samba_SMB3.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
ebbb93cc7a57a118b82b8f383d25f1eb022397d6)
Volker Lendecke [Tue, 18 Apr 2023 10:04:17 +0000 (12:04 +0200)]
librpc: Simplify dcerpc_is_transport_encrypted()
Simplify logic by using security_token_count_flag_sids()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
1d11e0489b2c91fc05c6befc0463695d7102abcc)
Volker Lendecke [Tue, 18 Apr 2023 10:01:02 +0000 (12:01 +0200)]
smbd: Use security_token_count_flag_sids() in open_np_file()
Simpler logic in the caller
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
244ee8ad75c2c968997dfdd5eeb9e9cb97a191fb)
Volker Lendecke [Tue, 18 Apr 2023 09:31:16 +0000 (11:31 +0200)]
libcli: Add security_token_count_flag_sids()
To be used in a few places when checking special-case Samba SIDs.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
5e8c7192ba5469547ba3101885dfbaba2f8181f4)
Stefan Metzmacher [Tue, 16 May 2023 11:09:23 +0000 (13:09 +0200)]
librpc/rpc: allow smb3_sid_parse() to accept modern encryption algorithms
We should not limit the possible encryption algorithms to the currently
known ones.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15374
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed May 17 07:34:28 UTC 2023 on atb-devel-224
(cherry picked from commit
e03e738dfc96b3c8ce54e2d280143965713f4778)
Jule Anger [Thu, 11 May 2023 07:05:04 +0000 (09:05 +0200)]
VERSION: Bump version up to Samba 4.17.9...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Thu, 11 May 2023 07:04:45 +0000 (09:04 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.17.8 release.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Thu, 11 May 2023 07:04:15 +0000 (09:04 +0200)]
WHATSNEW: Add release notes for Samba 4.17.8.
Signed-off-by: Jule Anger <janger@samba.org>
Volker Lendecke [Wed, 26 Apr 2023 15:19:29 +0000 (17:19 +0200)]
winbind: Fix "wbinfo -u" on a Samba AD DC with >1000 users
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15366
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue May 9 02:58:45 UTC 2023 on atb-devel-224
(cherry picked from commit
6206e15b4de0ba67d713124c2be353dabf3878c8)
Autobuild-User(v4-17-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-17-test): Tue May 9 15:38:51 UTC 2023 on sn-devel-184
Volker Lendecke [Thu, 27 Apr 2023 10:25:24 +0000 (12:25 +0200)]
winbind: Test wbinfo -u with more than 1000 users
winbind asks dcerpc_samr_LookupRids in one batch, where samr.idl has
NTSTATUS samr_LookupRids(
[in,ref] policy_handle *domain_handle,
[in,range(0,1000)] uint32 num_rids,
[in,size_is(1000),length_is(num_rids)] uint32 rids[],
[out,ref] lsa_Strings *names,
[out,ref] samr_Ids *types
);
limiting num_rids to 1000 entries. Test this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15366
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
f633389f36e79d3e772777ad7ca13012e3616273)
Nathaniel W. Turner [Fri, 23 Sep 2022 20:37:46 +0000 (16:37 -0400)]
dsgetdcname: do not assume local system uses IPv4
Return the first IPv4 and the first IPv6 address found for each DC.
This is slightly inelegant, but resolves an issue where IPv6-only
systems were unable to run "net ads join" against domain controllers
that have both A and AAAA records in DNS.
While this impacts performance due to the additional LDAP ping attempts,
in practice an attempt to connect to an IPv6 address on an IPv4-only
system (or vice versa) will fail immediately with
NT_STATUS_NETWORK_UNREACHABLE, and thus the performance impact should be
negligible.
The alternative approach, using an smb.conf setting to control whether
the logic prefers a single address of one family or the other ends up
being a bit awkward, as it pushes the problem onto admins and tools such
as "realm join" that want to dynamically synthesize an smb.conf on the
fly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15325
Signed-off-by: Nathaniel W. Turner <nturner@exagrid.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 9 19:12:15 UTC 2023 on atb-devel-224
(cherry picked from commit
f55a357c6b9387883a7628a1b1083263a10121a6)
Autobuild-User(v4-17-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-17-test): Fri May 5 14:01:37 UTC 2023 on sn-devel-184
Andreas Schneider [Wed, 19 Apr 2023 14:23:10 +0000 (16:23 +0200)]
s3:lib: Do not try to match '.' and '..' directories in is_in_path()
This fixes setting veto files to '.*' to not list hidden files and
directories starting with a dot.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15360
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
9eb44306623fc4897b373b04763e475f696ab92d)
Autobuild-User(v4-17-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-17-test): Fri Apr 28 15:57:35 UTC 2023 on sn-devel-184
Andreas Schneider [Wed, 19 Apr 2023 13:35:47 +0000 (15:35 +0200)]
s3:tests: Add test that veto files works for hidden files
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15360
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
a2acbd3f3cff8d1cac63acdead4b7be14a7092b2)
Andreas Schneider [Wed, 19 Apr 2023 18:45:52 +0000 (20:45 +0200)]
s3:tests: Create a temporary directory for test_veto_files.sh
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15360
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
b5a66840e3057cbff85fe6cd231310c4a9cfb34b)
Stefan Metzmacher [Sat, 18 Mar 2023 00:17:04 +0000 (01:17 +0100)]
libcli/security: rewrite calculate_inherited_from_parent()
This allows us to pass the new tests we just added.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15338
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
bb09c06d6d58a04e1d270a9f99d1179cfa9acbda)
Volker Lendecke [Fri, 14 Apr 2023 15:22:18 +0000 (17:22 +0200)]
shadow_copy2: Fix stream open for streams_depot paths
streams_depot hands us absolute paths with : filename components
instead of having set smb_fname_in->stream_name.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15358
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Apr 17 18:11:07 UTC 2023 on atb-devel-224
(cherry picked from commit
526f381f413d1cb5cde93b9542034f5ebfcfcc10)
Autobuild-User(v4-17-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-17-test): Tue Apr 18 16:22:04 UTC 2023 on sn-devel-184
Volker Lendecke [Fri, 14 Apr 2023 14:32:42 +0000 (16:32 +0200)]
streams_depot: Create files when requested
If you set "create mask = 0600" no streams will be created....
Tested manually. Not creating an automated test for this, there are so
many places where this can go wrong that testing this individual
glitch does not gain us much confidence.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15357
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
081e808ab4ac6e187b9791da322eb7173e1e133c)
Ralph Boehme [Thu, 6 Apr 2023 08:16:46 +0000 (10:16 +0200)]
rpcd_mdssvc: initialize POSIX locking
Otherwise the posix_pending_close_db is NULL and we crash when trying to close a
file descriptor:
#4 /usr/lib64/samba/libdbwrap-samba4.so(dbwrap_parse_record+0xe) [0x7fbc5d05c8ae]
#5 /usr/lib64/samba/libdbwrap-samba4.so(dbwrap_fetch_int32+0x38) [0x7fbc5d05d438]
#6 /usr/lib64/samba/libsmbd-base-samba4.so(fd_close_posix+0x7b) [0x7fbc5e276f8b]
#7 /usr/lib64/samba/libsmbd-base-samba4.so(+0x57900) [0x7fbc5e28a900]
#8 /usr/lib64/samba/libsmbd-base-samba4.so(fd_close+0x68) [0x7fbc5e2b7ea8]
#9 /usr/lib64/samba/libsmbd-base-samba4.so(+0x62608) [0x7fbc5e295608]
#10 /usr/lib64/samba/libtalloc-samba4.so(_talloc_free+0x51b) [0x7fbc5d9f439b]
#11 /usr/lib64/samba/vfs/fruit.so(+0xcac2) [0x7fbc45fcdac2]
#12 /usr/lib64/samba/vfs/fruit.so(+0xcbdd) [0x7fbc45fcdbdd]
#13 /usr/lib64/samba/vfs/fruit.so(+0xf603) [0x7fbc45fd0603]
#14 /usr/lib64/samba/libsmbd-base-samba4.so(+0x56375) [0x7fbc5e289375]
#15 /usr/lib64/samba/vfs/nothingtoseeherereally.so(+0x196c) [0x7fbc467f996c]
#16 /usr/lib64/samba/vfs/streams_xattr.so(+0x51fc) [0x7fbc461e71fc]
#17 /usr/lib64/samba/libsmbd-base-samba4.so(+0xade3a) [0x7fbc5e2e0e3a]
#18 /usr/lib64/samba/libsmbd-base-samba4.so(create_conn_struct_cwd+0x44) [0x7fbc5e2e1cf4]
#19 /usr/libexec/samba/rpcd_mdssvc(mds_init_ctx+0x2c3) [0x563fdac08f03]
#20 /usr/libexec/samba/rpcd_mdssvc(_mdssvc_open+0x141) [0x563fdac0b4d1]
The corresponding open is done as part of initializing a connection_struct
object, where we chdir() and stat() the root path of the share. The stat() in
vfs_fruit causes an expensive metadata request on the path which triggers an
internal open of a pathref handle. Note that this only affects servers that have
fruit:metadata = netatalk set, which is the default unfortunately.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15354
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Apr 7 21:12:21 UTC 2023 on atb-devel-224
(cherry picked from commit
3633027e49aec064e7d890a1f7ec4d81711a5de7)
Autobuild-User(v4-17-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-17-test): Fri Apr 14 13:30:54 UTC 2023 on sn-devel-184
Stefan Metzmacher [Wed, 5 Apr 2023 14:59:44 +0000 (16:59 +0200)]
smbXsrv_tcon: avoid storing temporary (invalid!) records.
We used to store smbXsrv_tcon_global.tdb records in two steps,
first we created a record in order to allocate the tcon id.
The temporary record had a NULL share_name, which translated
into 0 bytes for the string during ndr_push_smbXsrv_tcon_global0.
The problem is that ndr_pull_smbXsrv_tcon_global0 fails on
this with something like:
Invalid record in smbXsrv_tcon_global.tdb:key '
2CA0ED4A' ndr_pull_struct_blob(length=85) - Buffer Size Error
The blob looks like this:
[0000] 00 00 00 00 01 00 00 00 00 00 00 00 00 00 02 00 ........ ........
[0010] 00 00 00 00 4A ED A0 2C 4A ED A0 2C 00 00 00 00 ....J.., J..,....
[0020] F8 4B 00 00 00 00 00 00 00 00 00 00 FF FF FF FF .K...... ........
[0030] 4D 59 9B 9F 83 F4 35 20 36 D2 B0 82 62 68 D9 01 MY....5 6...bh..
[0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0050] 00 00 00 00 00 .....
The reason for having a temporary entry was just based on
the fact, that it was easier to keep the logic in
make_connection_snum() untouched.
But we have all information available in order to store
the final record directly. We only need to do the
"max connections" check first.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15353
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
e0e58ed0e2429f01265d544b444bf0e4075549e2)
Stefan Metzmacher [Thu, 2 Mar 2023 13:46:25 +0000 (14:46 +0100)]
net_ads: fill ads->auth.realm from c->creds
We get the realm we use for authentication needs to
the realm belonging to the username we use.
We derive the username from c->creds, so we need to
do the same for the realm.
Otherwise we try to authenticate as the wrong user.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15323
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
0ef53b948e13eb36b536228cccd89aa4c2adbb90)
Stefan Metzmacher [Wed, 5 Apr 2023 14:45:21 +0000 (16:45 +0200)]
testprogs/blackbox: add test_net_ads_search_server.sh
This reproduces a regression with
'net ads search -P --server server.of.trusted.domain'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15323
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
3b585f9e8cc320841fab4cd5c3be53788d0a87ac)
Volker Lendecke [Fri, 17 Feb 2023 09:02:37 +0000 (10:02 +0100)]
smbd: Fix case normalization in for directories
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15313
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Feb 24 08:46:14 UTC 2023 on atb-devel-224
(cherry picked from commit
bf9130d375b6c401bb79fc1a0911975814759e3b)
Autobuild-User(v4-17-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-17-test): Tue Apr 11 16:28:13 UTC 2023 on sn-devel-184
Jeremy Allison [Wed, 8 Feb 2023 01:51:10 +0000 (17:51 -0800)]
s3: smbd: Fix log spam. Change a normal error message from DBG_ERR (level 0) to DBG_INFO (level 5).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15302
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Feb 11 08:48:05 UTC 2023 on atb-devel-224
(cherry picked from commit
e8abe52df2d3ae533b3f874a885856f26ba5ec7e)
Ralph Boehme [Wed, 5 Apr 2023 09:03:52 +0000 (11:03 +0200)]
smbd: Prevent creation of vetoed files
The problem is when checking for vetoed names on the last path component in
openat_pathref_fsp_case_insensitive() we return
NT_STATUS_OBJECT_NAME_NOT_FOUND. The in the caller
filename_convert_dirfsp_nosymlink() this is treated as the "file creation case"
causing filename_convert_dirfsp_nosymlink() to return NT_STATUS_OK.
In order to correctly distinguish between the cases
1) file doesn't exist, we may be creating it, return
2) a vetoed a file
we need 2) to return a more specific error to
filename_convert_dirfsp_nosymlink(). I've chosen NT_STATUS_OBJECT_NAME_INVALID
which gets mapped to the appropriate errror NT_STATUS_OBJECT_PATH_NOT_FOUND or
NT_STATUS_OBJECT_NAME_NOT_FOUND depending on which path component was vetoed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15143
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr 6 23:03:50 UTC 2023 on atb-devel-224
(cherry picked from commit
8b23a4a7eca9b8f80cc4113bb8cf9bb7bd5b4807)
Ralph Boehme [Wed, 5 Apr 2023 09:32:09 +0000 (11:32 +0200)]
CI: add a test creating a vetoed file
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15143
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
2e8954d5be3336f1c4c2cf033209f632ad84e712)
Andrew Bartlett [Wed, 5 Apr 2023 20:59:17 +0000 (08:59 +1200)]
dsdb/tests: Double number of expressions in large_ldap.py ldap_timeout test
By slowing the filter down more this makes the test reliable on the
autobuild host.
This is not a long-term solution, but is a quick tweak that can be done
today to address current issues with getting commits past the host-based
(compared with cloud-based) autobuild.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15351
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
(cherry picked from commit
479634e4cd6543d489eb4700aebde1a479b94fe5)
Andrew Bartlett [Wed, 5 Apr 2023 20:54:02 +0000 (08:54 +1200)]
dsdb/tests: Move SD modification on class-created objects to classSetUp
These modifications persist, so should be done at the class level,
not in the test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15351
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
(cherry picked from commit
e1c0c2066c2f29bb614e3386b796eec3cb289aea)
Jeremy Allison [Tue, 21 Mar 2023 17:34:46 +0000 (10:34 -0700)]
s3: libcli: Refuse to connect to any server with zero values for max_trans_size, max_read_size, max_write_size.
There's nothing we can do to such a server (this
now matches the behavior for SMB1).
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15306
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Mar 29 18:58:33 UTC 2023 on atb-devel-224
(cherry picked from commit
76573d6d8f168d6e6107af26a434b8c71aaf93af)
Autobuild-User(v4-17-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-17-test): Wed Apr 5 14:08:23 UTC 2023 on sn-devel-184
Jeremy Allison [Tue, 21 Mar 2023 17:31:36 +0000 (10:31 -0700)]
tests: Add samba3.blackbox.zero_readsize test.
smbclient crashes when smbd has "smb2 max read = 0"
in the [global] section of smb.conf.
We should fail the protocol negotiation with
NT_STATUS_INVALID_NETWORK_RESPONSE in this case.
Adds knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15306
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(Back-ported from commit
006fe806782c42e860ed2cf2bc9f6b1b82c3a307)
Andrew Bartlett [Thu, 9 Mar 2023 07:25:06 +0000 (20:25 +1300)]
dsdb: Avoid ERROR(ldb): uncaught exception - Deleted target CN=NTDS Settings... in join
"samba-tool domain join" uses the replication API in a strange way, perhaps no longer
required, except that we often still have folks upgrading from very old Samba versions.
When deferring the writing out to the DB of link replication to the very end, there
is a greater opportunity for the deletion of an object to have been sent with the
other objects, and have the link applied later.
This tells the repl_meta_data code to behave as if GET_TGT had been sent at the
time the link was returned, allowing a link to a deleted object to be silently
discarded.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15329
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
(cherry picked from commit
bfc33b47bb428233e100f75e7a725ac52179f823)
Autobuild-User(v4-17-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-17-test): Thu Mar 30 16:10:35 UTC 2023 on sn-devel-184
Andrew Bartlett [Thu, 9 Mar 2023 04:02:35 +0000 (17:02 +1300)]
selftest/drs: Demonstrate ERROR(ldb): uncaught exception - Deleted target CN=NTDS Settings... in join
"samba-tool domain join" uses the replication API in a strange way, perhaps no longer
required, except that we often still have folks upgrading from very old Samba versions.
By deferring the writing out to the DB of link replication to the very end, we have a
better chance that all the objects required are present, however the situation may
have changed during the cycle, and a link could still be sent, pointing to a deleted
object.
We currently fail in this situation.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15329
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
(cherry picked from commit
2d41bcce83a976b85636c92d6fc38c63fdde5431)
Joseph Sutton [Wed, 14 Sep 2022 01:21:34 +0000 (13:21 +1200)]
CVE-2020-25720 pydsdb: Add AD schema GUID constants
This helps reduce the profusion of magic constant values in Python
tests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15329
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
2563f85237bd4260b7b527f3695f27da4cc61a74)
[abartlet@samba.org Required context for backport of bug 15329 to
Samba 4.17]
Andrew Bartlett [Wed, 8 Mar 2023 21:06:26 +0000 (10:06 +1300)]
tsocket: Increase tcp_user_timeout max_loops
Often, on rackspace GitLab CI runners, we get:
UNEXPECTED(failure): samba.unittests.tsocket_tstream.test_tstream_more_tcp_user_timeout_spin(none)
REASON: Exception: Exception: 0xf == 0xf
../../lib/tsocket/tests/test_tstream.c:405: error: Failure!
This allows us more spins before we fail the test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15328
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
(cherry picked from commit
5a7a28cc45870949fc11d30586a06c309aa517dc)
Stefan Metzmacher [Thu, 21 Mar 2019 15:54:31 +0000 (16:54 +0100)]
idmap_hash: remember new domain sids in idmap_hash_sid_to_id()
This change means that idmap_hash_id_to_sid() can return mappings
for new domains learned in idmap_hash_sid_to_id().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Mar 10 11:35:06 UTC 2023 on atb-devel-224
(cherry picked from commit
7ee725f2860d835e9619fa594a2ee6faedbc6d21)
Stefan Metzmacher [Thu, 21 Mar 2019 15:54:31 +0000 (16:54 +0100)]
idmap_hash: don't return ID_REQUIRE_TYPE if the domain is known in the netsamlogon cache
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
ee820553fd2c6ada966a0160cbb0240049f9d9f7)
Stefan Metzmacher [Thu, 21 Mar 2019 15:54:31 +0000 (16:54 +0100)]
idmap_hash: only return ID_REQUIRE_TYPE if we don't know about the domain yet
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
ede88d9f83fb77fa8eff226fb6a85ac71e415098)
Stefan Metzmacher [Thu, 21 Mar 2019 15:54:31 +0000 (16:54 +0100)]
idmap_hash: return ID_REQUIRE_TYPE only if there's a chance to get a mapping later
If we are going to return ID_UNMAPPED later anyway, there's no need to
defer that decision by returning ID_REQUIRE_TYPE first.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
42dcb3db05530179a991fe58e7b96b52bbbcc607)
Stefan Metzmacher [Thu, 21 Mar 2019 13:05:13 +0000 (14:05 +0100)]
idmap_hash: split out a idmap_hash_sid_to_id() helper function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
c158b075b0b5035615fa8848f1f3d8ef27696861)
Stefan Metzmacher [Thu, 21 Mar 2019 13:05:13 +0000 (14:05 +0100)]
idmap_hash: split out a idmap_hash_id_to_sid() helper function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
57150b463fb8e27c048670f7b4902bd091ee3ae9)
Stefan Metzmacher [Thu, 21 Mar 2019 13:00:16 +0000 (14:00 +0100)]
idmap_hash: mirror the NT_STATUS_NONE_MAPPED/STATUS_SOME_UNMAPPED logic from idmap_autorid
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
14102b05f3744c67178bd719d41e67fc3e049ee4)
Stefan Metzmacher [Thu, 21 Mar 2019 09:54:49 +0000 (10:54 +0100)]
idmap_hash: we don't need to call idmap_hash_initialize() over an over again
It's always the first function that's called from idmap_methods.
This also demonstrates that we currently always return NT_STATUS_OK,
even if we haven't mapped all map entries.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
0da13ab3ad7278eafdcd988f39e891242eb46d37)
Stefan Metzmacher [Thu, 21 Mar 2019 12:54:10 +0000 (13:54 +0100)]
idmap_hash: remove unused error checks
id_map_ptrs_init() is used in the callers in order to
set everything up as expected.
Other backends also just trust the caller.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
2cfcff3101fce94b365eccde114432dfa980bbd0)
Stefan Metzmacher [Thu, 21 Mar 2019 12:37:16 +0000 (13:37 +0100)]
idmap_hash: fix comments about the algorithm
Only support ~ 50k users per domain.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
0f96c4b419a59ea884e68a460910e5c8a45bfcec)
Stefan Metzmacher [Thu, 21 Mar 2019 15:38:35 +0000 (16:38 +0100)]
idmap_hash: provide ID_TYPE_BOTH mappings also for unixids_to_sids
While sids_to_unixids returns ID_TYPE_BOTH mappings,
unixids_to_sids() returns the callers asked for, which
fills gencache with the non ID_TYPE_BOTH mappings.
As a result also the sids_to_unixids fast path via
gencache won't return ID_TYPE_BOTH mappings.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15319
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
9a24570d3d69f51b6d50bb04b739815ec67c1a3d)
Stefan Metzmacher [Fri, 17 Feb 2023 15:51:42 +0000 (16:51 +0100)]
idmap_autorid: fix ID_REQUIRE_TYPE for more than one SID for an unknown domain
When we see a trusted domain SID for the first time,
idmap_autorid returns ID_REQUIRE_TYPE only for the first sid
and leaves the others with ID_TYPE_NOT_SPECIFIED.
It means the winbindd parent only retries the first sid.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15318
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
a9583b5f96fe3fbf9c1ee545fa868fd705aef3e0)
Stefan Metzmacher [Thu, 16 Feb 2023 15:31:34 +0000 (16:31 +0100)]
winbindd: don't call set_domain_online_request() in the idmap child
Most idmap backends don't need access to the domain controllers.
And the related code is not needed for the backends.
Commit
17c86a2c5a5a5e2b194362e5f36f0f99910222c5 changed
the logic of set_domain_online_request() completely!
Instead of triggering a dc probe in the background,
it is now doing a blocking connection.
And doing this in the idmap child is completely useless.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15317
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
ad242a20643c930eb00a8b700f7bd9638f8821a8)
Jule Anger [Wed, 29 Mar 2023 14:35:38 +0000 (16:35 +0200)]
VERSION: Bump version up to Samba 4.17.8...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Wed, 22 Mar 2023 09:17:18 +0000 (10:17 +0100)]
VERSION: Disable GIT_SNAPSHOT for the 4.17.7 release.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Wed, 22 Mar 2023 09:13:09 +0000 (10:13 +0100)]
WHATSNEW: Add release notes for Samba 4.17.7.
Signed-off-by: Jule Anger <janger@samba.org>
Rob van der Linde [Mon, 27 Feb 2023 01:06:23 +0000 (14:06 +1300)]
CVE-2023-0922 set default ldap client sasl wrapping to seal
This avoids sending new or reset passwords in the clear
(integrity protected only) from samba-tool in particular.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15315
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Joseph Sutton [Sun, 8 Jan 2023 22:22:34 +0000 (11:22 +1300)]
CVE-2023-0225 s4-acl: Don't return early if dNSHostName element has no values
This early return would mistakenly allow an unprivileged user to delete
the dNSHostName attribute by making an LDAP modify request with no
values. We should no longer allow this.
Add or replace operations with no values and no privileges are
disallowed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15276
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 4 Jan 2023 08:37:49 +0000 (21:37 +1300)]
CVE-2023-0225 pytest/acl: test deleting dNSHostName as unprivileged user
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15276
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
[abartlet@samba.org The self.set_heuristic(samba.dsdb.DS_HR_ATTR_AUTHZ_ON_LDAP_ADD, b'11')
in the test setUp() is unused in this test but is included as a
clean backport, so the fact that the server does not implement this
is unimportant]
Joseph Sutton [Tue, 6 Sep 2022 07:23:13 +0000 (19:23 +1200)]
CVE-2023-0225 CVE-2020-25720 pydsdb: Add dsHeuristics constant definitions
We want to be able to use these values in Python tests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15276
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
cc709077822a39227174b91ed2345c2bd603f61f)
[abartlet@samba.org This patch is needed for a clean backport of
CVE-2023-0225 as these constants are used in the acl_modify test
even when this behaviour is not itself used.]
Joseph Sutton [Thu, 28 Apr 2022 08:34:36 +0000 (20:34 +1200)]
CVE-2023-0225 CVE-2020-25720 s4/dsdb/util: Add functions for dsHeuristics 28, 29
These are the newly-added AttributeAuthorizationOnLDAPAdd and
BlockOwnerImplicitRights.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15276
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
0af5706b559e89c77123ed174b41fd3d01705aa5)
[abartlet@samba.org This patch is needed for a clean backport of
CVE-2023-0225 as these constants are used in the acl_modify test
even when this behaviour is not itself used.]
Andrew Bartlett [Fri, 3 Mar 2023 04:52:13 +0000 (17:52 +1300)]
CVE-2023-0614 ldb: Release LDB 2.6.2
* CVE-2023-0614 Not-secret but access controlled LDAP attributes can be discovered (bug 15270)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
[abartlet@samba.org Adapted to LDB 2.6 series in Samba 4.17]
Andrew Bartlett [Thu, 2 Mar 2023 04:24:15 +0000 (17:24 +1300)]
CVE-2023-0614 lib/ldb-samba Ensure ACLs are evaluated on SAMBA_LDAP_MATCH_RULE_TRANSITIVE_EVAL / LDAP_MATCHING_RULE_IN_CHAIN
Setting the LDB_HANDLE_FLAG_UNTRUSTED tells the acl_read module to operate on this request.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Andrew Bartlett [Thu, 2 Mar 2023 03:51:25 +0000 (16:51 +1300)]
CVE-2023-0614 lib/ldb-samba: Add test for SAMBA_LDAP_MATCH_RULE_TRANSITIVE_EVAL / LDAP_MATCHING_RULE_IN_CHAIN with and ACL hidden attributes
The chain for transitive evaluation does consider ACLs, avoiding the disclosure of
confidential information.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Andrew Bartlett [Fri, 3 Mar 2023 03:49:00 +0000 (16:49 +1300)]
CVE-2023-0614 dsdb: Add pre-cleanup and self.addCleanup() of OU created in match_rules tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Andrew Bartlett [Thu, 2 Mar 2023 03:31:17 +0000 (16:31 +1300)]
CVE-2023-0614 dsdb: Add DSDB_MARK_REQ_UNTRUSTED
This will allow our dsdb helper search functions to mark the new
request as untrusted, forcing read ACL evaluation (per current behaviour).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Joseph Sutton [Thu, 23 Feb 2023 21:03:25 +0000 (10:03 +1300)]
CVE-2023-0614 s4-dsdb: Treat confidential attributes as unindexed
In the unlikely case that someone adds a confidential indexed attribute
to the schema, LDAP search expressions on that attribute could disclose
information via timing differences. Let's not use the index for searches
on confidential attributes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 3 Mar 2023 04:35:55 +0000 (17:35 +1300)]
CVE-2023-0614 ldb: Filter on search base before redacting message
Redaction may be expensive if we end up needing to fetch a security
descriptor to verify rights to an attribute. Checking the search scope
is probably cheaper, so do that first.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 14 Feb 2023 00:17:24 +0000 (13:17 +1300)]
CVE-2023-0614 ldb: Centralise checking for inaccessible matches
This makes it less likely that we forget to handle a case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 15 Feb 2023 23:35:34 +0000 (12:35 +1300)]
CVE-2023-0614 ldb: Use binary search to check whether attribute is secret
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 27 Feb 2023 00:31:44 +0000 (13:31 +1300)]
CVE-2023-0614 s4-acl: Avoid calling dsdb_module_am_system() if we can help it
If the AS_SYSTEM control is present, we know we have system privileges,
and have no need to call dsdb_module_am_system().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 3 Mar 2023 04:34:29 +0000 (17:34 +1300)]
CVE-2023-0614 ldb: Prevent disclosure of confidential attributes
Add a hook, acl_redact_msg_for_filter(), in the aclread module, that
marks inaccessible any message elements used by an LDAP search filter
that the user has no right to access. Make the various ldb_match_*()
functions check whether message elements are accessible, and refuse to
match any that are not. Remaining message elements, not mentioned in the
search filter, are checked in aclread_callback(), and any inaccessible
elements are removed at this point.
Certain attributes, namely objectClass, distinguishedName, name, and
objectGUID, are always present, and hence the presence of said
attributes is always allowed to be checked in a search filter. This
corresponds with the behaviour of Windows.
Further, we unconditionally allow the attributes isDeleted and
isRecycled in a check for presence or equality. Windows is not known to
make this special exception, but it seems mostly harmless, and should
mitigate the performance impact on searches made by the show_deleted
module.
As a result of all these changes, our behaviour regarding confidential
attributes happens to match Windows more closely. For the test in
confidential_attr.py, we can now model our attribute handling with
DC_MODE_RETURN_ALL, which corresponds to the behaviour exhibited by
Windows.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
[abartlet@samba.org adapted due to Samba 4.17 and lower
not having the patches for CVE-2020-25720]
Joseph Sutton [Mon, 27 Feb 2023 00:55:36 +0000 (13:55 +1300)]
CVE-2023-0614 s4-acl: Split out function to set up access checking variables
These variables are often used together, and it is useful to have the
setup code in one place.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
[abartlet@samba.org adapted to the use of
acl_check_access_on_attribute as
acl_check_access_on_attribute_implicit_owner is
only in Samba 4.18 and newer]
Joseph Sutton [Sun, 26 Feb 2023 23:19:08 +0000 (12:19 +1300)]
CVE-2023-0614 s4-dsdb: Add samdb_result_dom_sid_buf()
This function parses a SID from an ldb_message, similar to
samdb_result_dom_sid(), but does it without allocating anything.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 27 Feb 2023 00:40:33 +0000 (13:40 +1300)]
CVE-2023-0614 s4-acl: Split out logic to remove access checking attributes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 3 Mar 2023 04:31:54 +0000 (17:31 +1300)]
CVE-2023-0614 ldb: Add ldb_parse_tree_get_attr()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 26 Jan 2023 19:32:41 +0000 (08:32 +1300)]
CVE-2023-0614 tests/krb5: Add test for confidential attributes timing differences
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 6 Feb 2023 20:25:48 +0000 (09:25 +1300)]
CVE-2023-0614 schema_samba4.ldif: Allocate previously added OID
DSDB_CONTROL_CALCULATED_DEFAULT_SD_OID was added in commit
08187833fee57a8dba6c67546dfca516cd1f9d7a.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 25 Aug 2022 08:15:33 +0000 (20:15 +1200)]
schema_samba4.ldif: Allocate previously added OIDs
DSDB_CONTROL_FORCE_ALLOW_VALIDATED_DNS_HOSTNAME_SPN_WRITE_OID was added
to source4/dsdb/samdb/samdb.h in commit
c2ab1f4696fa3f52918a126d0b37993a07f68bcb.
DSDB_EXTENDED_SCHEMA_LOAD was added in commit
1fd4cdfafaa6a41c824d1b3d76635bf3e446de0f.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
672ec6135f9ae3d7b5439523a4f456c19fb03a88)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
[abartlet@samba.org This required as context for the above bug]
Joseph Sutton [Mon, 6 Feb 2023 20:48:37 +0000 (09:48 +1300)]
CVE-2023-0614 s4:dsdb:tests: Fix <GUID={}> search in confidential attributes test
The object returned by schema_format_value() is a bytes object.
Therefore the search expression would resemble:
(lastKnownParent=<GUID=b'
00000000-0000-0000-0000-
000000000000'>)
which, due to the extra characters, would fail to match anything.
Fix it to be:
(lastKnownParent=<GUID=
00000000-0000-0000-0000-
000000000000>)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 6 Feb 2023 20:35:24 +0000 (09:35 +1300)]
CVE-2023-0614 s4:dsdb/extended_dn_in: Don't modify a search tree we don't own
In extended_dn_fix_filter() we had:
req->op.search.tree = ldb_parse_tree_copy_shallow(req, req->op.search.tree);
which overwrote the parse tree on an existing ldb request with a fixed
up tree. This became a problem if a module performed another search with
that same request structure, as extended_dn_in would try to fix up the
already-modified tree for a second time. The fixed-up tree element now
having an extended DN, it would fall foul of the ldb_dn_match_allowed()
check in extended_dn_filter_callback(), and be replaced with an
ALWAYS_FALSE match rule. In practice this meant that <GUID={}> searches
would only work for one search in an ldb request, and fail for
subsequent ones.
Fix this by creating a new request with the modified tree, and leaving
the original request unmodified.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>