Karolin Seeger [Wed, 8 Jan 2020 10:55:21 +0000 (11:55 +0100)]
VERSION: Disable GIT_SNAPSHOT for the 4.11.5 release.
o CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD
Directory not automatic.
o CVE-2019-14907: Crash after failed character conversion at log level 3 or
above.
o CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Wed, 8 Jan 2020 10:53:55 +0000 (11:53 +0100)]
WHATSNEW: Add release notes for Samba 4.11.5.
o CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD
Directory not automatic.
o CVE-2019-14907: Crash after failed character conversion at log level 3 or
above.
o CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Gary Lockyer [Mon, 16 Dec 2019 00:57:47 +0000 (13:57 +1300)]
CVE-2019-19344 kcc dns scavenging: Fix use after free in dns_tombstone_records_zone
ldb_msg_add_empty reallocates the underlying element array, leaving
old_el pointing to freed memory.
This patch takes two defensive copies of the ldb message, and performs
the updates on them rather than the ldb messages in the result.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14050
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Fri, 29 Nov 2019 07:58:47 +0000 (20:58 +1300)]
CVE-2019-14907 lib/util: Do not print the failed to convert string into the logs
The string may be in another charset, or may be sensitive and
certainly may not be terminated. It is not safe to just print.
Found by Robert Święcki using a fuzzer he wrote for smbd.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14208
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 12 Dec 2019 01:44:57 +0000 (14:44 +1300)]
CVE-2019-14902 dsdb: Change basis of descriptor module deferred processing to be GUIDs
We can not process on the basis of a DN, as the DN may have changed in a rename,
not only that this module can see, but also from repl_meta_data below.
Therefore remove all the complex tree-based change processing, leaving only
a tree-based sort of the possible objects to be changed, and a single
stopped_dn variable containing the DN to stop processing below (after
a no-op change).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 6 Dec 2019 05:26:42 +0000 (18:26 +1300)]
CVE-2019-14902 repl_meta_data: Set renamed = true (and so do SD inheritance) after any rename
Previously if there was a conflict, but the incoming object would still
win, this was not marked as a rename, and so inheritence was not done.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 26 Nov 2019 02:50:35 +0000 (15:50 +1300)]
CVE-2019-14902 repl_meta_data: Fix issue where inherited Security Descriptors were not replicated.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 6 Dec 2019 05:05:54 +0000 (18:05 +1300)]
CVE-2019-14902 repl_meta_data: schedule SD propagation to a renamed DN
We need to check the SD of the parent if we rename, it is not the same as an incoming SD change.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 6 Dec 2019 04:54:23 +0000 (17:54 +1300)]
CVE-2019-14902 dsdb: Ensure we honour both change->force_self and change->force_children
If we are renaming a DN we can be in a situation where we need to
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 26 Nov 2019 03:17:32 +0000 (16:17 +1300)]
CVE-2019-14902 dsdb: Add comments explaining why SD propagation needs to be done here
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 26 Nov 2019 02:44:32 +0000 (15:44 +1300)]
CVE-2019-14902 dsdb: Explain that descriptor_sd_propagation_recursive() is proctected by a transaction
This means we can trust the DB did not change between the two search
requests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Sun, 15 Dec 2019 22:29:27 +0000 (11:29 +1300)]
selftest: Add test to confirm ACL inheritence really happens
While we have a seperate test (sec_descriptor.py) that confirms inheritance in
general we want to lock in these specific patterns as this test covers
rename.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 10 Dec 2019 02:16:24 +0000 (15:16 +1300)]
CVE-2019-14902 selftest: Add test for a special case around replicated renames
It appears Samba is currently string-name based in the ACL inheritence code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 28 Nov 2019 04:16:16 +0000 (17:16 +1300)]
CVE-2019-14902 selftest: Add test for replication of inherited security descriptors
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Karolin Seeger [Mon, 16 Dec 2019 14:54:00 +0000 (15:54 +0100)]
VERSION: Bump version up to 4.11.5...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
5a75d9814091631001be8d7d8ccec66ea6380cfb)
Karolin Seeger [Mon, 16 Dec 2019 14:53:05 +0000 (15:53 +0100)]
VERSION: Disable GIT_SNAPSHOT for the 4.11.4 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Jeremy Allison [Tue, 26 Nov 2019 20:53:09 +0000 (12:53 -0800)]
s3: smbd: Only set xconn->smb1.negprot.done = true after supported_protocols[protocol].proto_reply_fn() succeeds.
Otherwise we can end up with negprot.done set, but
without smbXsrv_connection_init_tables() being called.
This can cause a client self-crash.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14205
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Dec 4 21:27:24 UTC 2019 on sn-devel-184
(cherry picked from commit
8db0c1bff6f42feabd2e4d9dfb13ae12cc29607b)
Autobuild-User(v4-11-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-11-test): Fri Dec 13 12:30:57 UTC 2019 on sn-devel-184
Jeremy Allison [Tue, 3 Dec 2019 01:23:21 +0000 (17:23 -0800)]
python: tests. Add test for fuzzing smbd crash bug.
Mark knownfail for now.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14205
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
46899ecf836d350c0c29b615869851da7d0ad6fb)
Jeremy Allison [Tue, 26 Nov 2019 20:46:16 +0000 (12:46 -0800)]
s3: smbd: Ensure we exit if supported_protocols[protocol].proto_reply_fn() fails.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14205
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
e84910d919e02feab2a297fccbbf95f333e32119)
Jeremy Allison [Tue, 26 Nov 2019 20:43:25 +0000 (12:43 -0800)]
s3: smbd: Change (*proto_reply_fn()) to return an NTSTATUS.
That way the caller can know if the negprot really
succeeded or not.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14205
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
f4caa4159bd3db5127e114718e606867348a4f47)
Jeremy Allison [Tue, 26 Nov 2019 20:21:06 +0000 (12:21 -0800)]
s3: smbd: Change reply_smb20xx() to return NTSTATUS.
Not yet used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14205
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
836219c479b047403d2b0839a6b92ad637dbaea0)
Jeremy Allison [Tue, 26 Nov 2019 20:17:29 +0000 (12:17 -0800)]
s3: smbd: Ensure we exit on smbd_smb2_process_negprot() fail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14205
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
a2d81d77c111379cbb6bd732c717307974eace0a)
Jeremy Allison [Tue, 26 Nov 2019 20:14:29 +0000 (12:14 -0800)]
s3: smbd: Allow smbd_smb2_process_negprot() to return NTSTATUS as it can fail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14205
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
868bc05cf5d575e20edcce241e3af1d0fa6d9824)
Jeremy Allison [Thu, 7 Nov 2019 20:02:13 +0000 (12:02 -0800)]
s3: smbd: SMB2 - Ensure we use the correct session_id if encrypting an interim response.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14189
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
eae1a45d09ef54dd6b59803eedca672ae9433902)
Karolin Seeger [Tue, 10 Dec 2019 09:26:08 +0000 (10:26 +0100)]
VERSION: Bump version up to 4.11.4.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Tue, 10 Dec 2019 09:25:47 +0000 (10:25 +0100)]
Merge tag 'samba-4.11.3' into v4-11-test
samba: tag release samba-4.11.3
Volker Lendecke [Tue, 9 Jul 2019 18:04:03 +0000 (20:04 +0200)]
smbd: Increase a debug level
This is not a real error, it happens when the share mode record is not
around.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14211
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit
4b05fe7ca73dae30807680f0e0401340bfb2c738)
Autobuild-User(v4-11-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-11-test): Wed Dec 4 10:15:19 UTC 2019 on sn-devel-184
Karolin Seeger [Wed, 4 Dec 2019 09:03:55 +0000 (10:03 +0100)]
VERSION: Disable GIT_SNAPSHOT for the 4.11.3 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Wed, 4 Dec 2019 09:02:16 +0000 (10:02 +0100)]
WHATSNEW: Add release notes for Samba 4.11.3.
o CVE-2019-14861: Samba AD DC zone-named record Denial of Service in DNS
management server (dnsserver).
o CVE-2019-14870: DelegationNotAllowed not being enforced in protocol transition
on Samba AD DC.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Uri Simchoni [Sun, 20 Oct 2019 18:36:11 +0000 (21:36 +0300)]
heimdal-build: avoid hard-coded /usr/include/heimdal in asn1_compile-generated code.
This fixes a cross-compilation issue, as cross-compilers (rightly)
complain if host include directories are in the include path.
The fix is taken from buildroot (https://github.com/buildroot/buildroot/blob/
8b11b96f41a6ffa76556c9bf03a863955871ee57/package/samba4/0006-heimdal_build-wscript_build-do-not-add-host-include-.patch) where it was applied by Bernd Kuhls <bernd.kuhls@t-online.de>.
This reverts some of
3fe2bfddda6149f6bf7402720226e9285f479fef, but
building Samba's bundled Heimdal with a system roken is not supported
anyway.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13856
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Dec 1 10:22:01 UTC 2019 on sn-devel-184
(cherry picked from commit
27fc062d7ea2207242d5a2c9933f3de5fa206488)
Uri Simchoni [Thu, 28 Nov 2019 19:19:51 +0000 (21:19 +0200)]
ldb: Release ldb 2.0.8
* Upgrade waf to version 2.0.18 to match the rest of Samba 4.11.x
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13846
Signed-off-by: Uri Simchoni <uri@samba.org>
Uri Simchoni [Wed, 9 Oct 2019 18:53:43 +0000 (21:53 +0300)]
autobuild: harden samba-xc test suite
Add more checks which directly test the behavior of
--cross-answers and --cross-execute.
Previous test tested things in a round-about way, checking
that running in all three modes (native, cross-execute,
cross-answers) yields the same result. It was vulnerable
to a degradation in which cross-compilation modes didn't
work at all and were running native tests, which is
what happened with the upgrade of waf.
The added tests check the following:
- That cross-excute with cross-answers sets the cross-answers file
- That the content of cross-answers file actually affects the build
configuration
- That a missing line in cross-answers fails the build
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13846
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Sun Oct 20 13:29:58 UTC 2019 on sn-devel-184
(cherry picked from commit
649d15bb969b6d27fd4554f49600366bb3df4712)
Uri Simchoni [Sun, 6 Oct 2019 21:37:41 +0000 (00:37 +0300)]
wafsamba: pass environment to cross-execute tests
This can come in handy for cross-execute scripts in general, and
is particularly required by the samba-xc test for cross-answers /
cross-execute, because Samba sets LD_LIBRARY_PATH during rpath
checks, and the test program needs that in order to successfully
run.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13846
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
fdfd69840902f4b13db2a204a0ca87a578b61b85)
Uri Simchoni [Sun, 6 Oct 2019 21:37:31 +0000 (00:37 +0300)]
wafsamba: avoid pre-forking if cross-compilation is enabled
Waf supports pre-forking to run configuration tests, but this
doesn't play well with Samba's cross-compilation support, because
Samba monkey-patches the actual fork+exec, which doesn't happen
in a pre-forked process pool.
This patch emulates the impact of WAF_NO_PREFORK env var when
cross-compilation is enabled.
The blueprint for the solution has been suggested by Thomas Nagy
in https://bugzilla.samba.org/show_bug.cgi?id=13846#c7 (item #2)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13846
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
5a4ade953420a4122c80d291ac53310abd6a279c)
Uri Simchoni [Sun, 6 Oct 2019 21:37:17 +0000 (00:37 +0300)]
wafsamba: use test_args instead of exec_args to support cross-compilation
exec_args seems to have been a custom addition to Samba's copy of waf.
Upstream Waf has an identically-purposed parameter called test_args.
This parameter is being used for addiing runtime args to test programs that
are being run during configuration phases.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13846
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
e00e93350288dc212fed3f1be2adf78dcb6e58e7)
Uri Simchoni [Sun, 6 Oct 2019 21:36:42 +0000 (00:36 +0300)]
waf: upgrade to 2.0.18
This is required to get the new test_args parameter to conf.check, which
facilitates passing arguments to configuration test programs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13846
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
09e282ec8173f2935bdb579e0396f269ce712e0d)
Isaac Boukris [Thu, 21 Nov 2019 10:12:48 +0000 (11:12 +0100)]
CVE-2019-14870: mit-kdc: enforce delegation_not_allowed flag
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Isaac Boukris [Mon, 28 Oct 2019 00:54:09 +0000 (02:54 +0200)]
CVE-2019-14870: heimdal: enforce delegation_not_allowed in S4U2Self
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Isaac Boukris [Wed, 30 Oct 2019 14:59:16 +0000 (15:59 +0100)]
CVE-2019-14870: heimdal: add S4U test for delegation_not_allowed
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Isaac Boukris [Sun, 27 Oct 2019 12:02:00 +0000 (14:02 +0200)]
samba-tool: add user-sensitive command to set not-delegated flag
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Andrew Bartlett [Thu, 31 Oct 2019 17:53:56 +0000 (06:53 +1300)]
s4-torture: Reduce flapping in SambaToolDrsTests.test_samba_tool_replicate_local
This test often flaps in Samba 4.9 (where more tests and DCs run in the environment)
with obj_1 being 3. This is quite OK, we just need to see some changes get
replicated, not 0 changes.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit
4ae0f9ce0f5ada99cf1d236377e5a1234c879ae3)
Andrew Bartlett [Tue, 29 Oct 2019 22:50:57 +0000 (11:50 +1300)]
CVE-2019-14861: Test to demonstrate the bug
This test does not fail every time, but when it does it casues a segfault which
takes out the rpc_server master process, as this hosts the dnsserver pipe.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14138
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 29 Oct 2019 01:15:36 +0000 (14:15 +1300)]
CVE-2019-14861: s4-rpc/dnsserver: Avoid crash in ldb_qsort() via dcesrv_DnssrvEnumRecords)
dns_name_compare() had logic to put @ and the top record in the tree being
enumerated first, but if a domain had both then this would break the
older qsort() implementation in ldb_qsort() and cause a read of memory
before the base pointer.
By removing this special case (not required as the base pointer
is already seperatly located, no matter were it is in the
returned records) the crash is avoided.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14138
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Sun, 20 Oct 2019 23:12:10 +0000 (12:12 +1300)]
CVE-2019-14861: s4-rpc_server: Remove special case for @ in dns_build_tree()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14138
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 29 Oct 2019 04:25:28 +0000 (17:25 +1300)]
CVE-2019-14861: s4-rpc/dnsserver: Confirm sort behaviour in dcesrv_DnssrvEnumRecords
The sort behaviour for child records is not correct in Samba so
we add a flapping entry.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14138
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Karolin Seeger [Tue, 3 Dec 2019 12:07:17 +0000 (13:07 +0100)]
VERSION: Re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Tue, 29 Oct 2019 10:10:52 +0000 (11:10 +0100)]
VERSION: Bump version up to 4.11.3.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
e704eee3083658f7dcdd4238295f8e0b229a1688)
Volker Lendecke [Thu, 7 Nov 2019 14:26:01 +0000 (15:26 +0100)]
ctdb-tcp: Close inflight connecting TCP sockets after fork
Commit
c68b6f96f26 changed the talloc hierarchy such that outgoing TCP sockets
while sitting in the async connect() syscall are not freed via
ctdb_tcp_shutdown() anymore, they are hanging off a longer-running structure.
Free this structure as well.
If an outgoing TCP socket leaks into a long-running child process (possibly the
recovery daemon), this connection will never be closed as seen by the
destination node. Because with recent changes incoming connections will not be
accepted as long as any incoming connection is alive, with that socket leak
into the recovery daemon we will never again be able to successfully connect to
the node that is affected by this leak. Further attempts to connect will be
discarded by the destination as long as the recovery daemon keeps this socket
alive.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14175
RN: Avoid communication breakdown on node reconnect
Signed-off-by: Martin Schwenke <martin@meltin.net>
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
a6d99d9e5c5bc58e6d56be7a6c1dbc7c8d1a882f)
Autobuild-User(v4-11-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-11-test): Tue Nov 19 13:21:18 UTC 2019 on sn-devel-184
Martin Schwenke [Tue, 29 Oct 2019 06:28:22 +0000 (17:28 +1100)]
ctdb-tcp: Drop tracking of file descriptor for incoming connections
This file descriptor is owned by the incoming queue. It will be
closed when the queue is torn down.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14175
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
bf47bc18bb8a94231870ef821c0352b7a15c2e28)
Martin Schwenke [Tue, 29 Oct 2019 04:29:11 +0000 (15:29 +1100)]
ctdb-tcp: Avoid orphaning the TCP incoming queue
CTDB's incoming queue handling does not check whether an existing
queue exists, so can overwrite the pointer to the queue. This used to
be harmless until commit
c68b6f96f26664459187ab2fbd56767fb31767e0
changed the read callback to use a parent structure as the callback
data. Instead of cleaning up an orphaned queue on disconnect, as
before, this will now free the new queue.
At first glance it doesn't seem possible that 2 incoming connections
from the same node could be processed before the intervening
disconnect. However, the incoming connections and disconnect occur on
different file descriptors. The queue can become orphaned on node A
when the following sequence occurs:
1. Node A comes up
2. Node A accepts an incoming connection from node B
3. Node B processes a timeout before noticing that outgoing the queue is writable
4. Node B tears down the outgoing connection to node A
5. Node B initiates a new connection to node A
6. Node A accepts an incoming connection from node B
Node A processes then the disconnect of the old incoming connection
from (2) but tears down the new incoming connection from (6). This
then occurs until the originally affected node is restarted.
However, due to the number of outgoing connection attempts and
associated teardowns, this induces the same behaviour on the
corresponding incoming queue on all nodes that node A attempts to
connect to. Therefore, other nodes become affected and need to be
restarted too.
As a result, the whole cluster probably needs to be restarted to
recover from this situation.
The problem can occur any time CTDB is started on a node.
The fix is to avoid accepting new incoming connections when a queue
for incoming connections is already present. The connecting node will
simply retry establishing its outgoing connection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14175
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
d0baad257e511280ff3e5c7372c38c43df841070)
Martin Schwenke [Tue, 29 Oct 2019 04:25:26 +0000 (15:25 +1100)]
ctdb-tcp: Check incoming queue to see if incoming connection is up
This makes it consistent with the reverse case. Also, in_fd will soon
be removed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14175
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
e62b3a05a874db13a848573d2e2fb1c157393b9c)
Christof Schmitt [Wed, 30 Oct 2019 21:24:58 +0000 (14:24 -0700)]
gitlab-ci: Run samba-fileserver-heimdalkrb5
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14179
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Wed Nov 13 19:14:25 UTC 2019 on sn-devel-184
(cherry picked from commit
5343cec5f0a5531af85d72021dba30c31a4a3f1b)
Christof Schmitt [Wed, 30 Oct 2019 20:49:55 +0000 (13:49 -0700)]
bootstrap: Add heimdal-multidev for Debian and Ubuntu
This is required for testing the build with the
configure option --with-system-heimdalkrb5.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14179
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
2efc243f1ad09eae46f6f99fb0646ecd4356c3f9)
Christof Schmitt [Wed, 30 Oct 2019 20:45:55 +0000 (13:45 -0700)]
autobuild: Add test for build with system heimdal library
The configure option --with-system-heimdalkrb5 requires --without-ad-dc.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14179
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
7965a204d68196acddf553959bb3407125baf31d)
Christof Schmitt [Mon, 11 Nov 2019 20:37:25 +0000 (13:37 -0700)]
krb5_plugin: Fix developer build with newer heimdal system library
Newer heimdal versions provide a different locator plugin interface. The
function pointer for the old method has been renamed. Use an ifdef to
initialize the correct pointer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14179
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
85d23236200dbe013c09a4f23d982ef1baac240d)
Christof Schmitt [Mon, 11 Nov 2019 20:08:28 +0000 (13:08 -0700)]
krb5_plugin: Use C99 initializer
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14179
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
1aef796e302058ad3327613964fa89abaf940c1c)
Isaac Boukris [Sat, 9 Nov 2019 15:36:32 +0000 (15:36 +0000)]
selftest: system-heimdal: workaround upstream "host" canon bug
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14179
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
15ddd95d94688ed742a2965c4b269d7c84e2d858)
Christof Schmitt [Wed, 30 Oct 2019 20:15:48 +0000 (13:15 -0700)]
wscript: Fix build with system heimdal
Ubuntu has heimdal include files in /usr/include/heimdal. As the
kerberos include files are pulled into many files through indirect
includes, add the discovered include paths to EXTRA_INCLUDES to
always have them available.
Also set USING_SYSTEM_KRB5 when enabling the system heimdal build,
to correctly handle the inclusion of the krb5-types.h file.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14179
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
be2d90b60d19eca408b60fe4e1b49f9b418f1b97)
Jeremy Allison [Thu, 31 Oct 2019 21:38:35 +0000 (14:38 -0700)]
s3: libsmb: Ensure return from net_share_enum_rpc() sets cli->raw_status on error.
Convert net_share_enum_rpc() to return an NTSTATUS and ensure the
status is set correctly on error so SMBC_errno() can return it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14176
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Nov 5 12:36:48 UTC 2019 on sn-devel-184
(cherry picked from commit
ff47cc661d432a9337ade9a232a4f49164652812)
Jeremy Allison [Tue, 29 Oct 2019 19:11:49 +0000 (12:11 -0700)]
s3: utils: smbtree. Ensure we don't call cli_RNetShareEnum() on an SMB1 connection.
Last unprotected call of cli_RNetShareEnum(). Not a libsmbclient
bug here but might as well fix the last caller as part of the
fix for the bug.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14174
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
f30b8b3aa1309e9daeb9a3601b537dead81e5dbb)
Autobuild-User(v4-11-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-11-test): Wed Nov 13 14:45:53 UTC 2019 on sn-devel-184
Jeremy Allison [Tue, 29 Oct 2019 19:11:01 +0000 (12:11 -0700)]
s3: libsmb: Ensure we don't call cli_RNetShareEnum() on an SMB1 connection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14174
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
1cfcad6283da855d3e97237a7a6fd6f4d2436ee2)
Ralph Boehme [Thu, 31 Oct 2019 11:46:38 +0000 (12:46 +0100)]
s3:printing: Fix %J substition
print_run_command() uses lp_print_command() which internally performs basic
substition by calling talloc_sub_basic(). As a result. any of the variables in
the "basic set", including "%J" are already substituted.
To prevent the unwanted subtitution, we declare all affected configuration
options as const, which disabled the basic substition.
As a result print_run_command() can run manual substitution on all characters,
including %J, in the variadic argument list *before* calling lp_string() to run
basic substition which we had disabled before with the const.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13745
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Nov 7 16:01:21 UTC 2019 on sn-devel-184
(cherry picked from commit
8846887a55b0c97a1639fc6ecb228941cf16b8f2)
Ralph Boehme [Thu, 31 Oct 2019 11:03:31 +0000 (12:03 +0100)]
s3:printing: add a DEBUG statement
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13745
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
ede00779ab2d881e061adb9d861879e8c68e272b)
Ralph Boehme [Thu, 31 Oct 2019 10:57:39 +0000 (11:57 +0100)]
s3:lib: factor out talloc_sub_advanced() from talloc_sub_full()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13745
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
41ab92b62fbf029374b89f9d0ddf7578981f37cf)
Ralph Boehme [Thu, 31 Oct 2019 11:45:44 +0000 (12:45 +0100)]
s3: rename talloc_sub_advanced() to talloc_sub_full()
We currently have the following substitution functions:
talloc_sub_basic()
talloc_sub_advanced()
talloc_sub_basic() currently substitutes a subset of talloc_sub_advanced().
We'll need a function X that only substitutes what talloc_sub_advanced()
substitutes *without* what talloc_sub_basic() does.
To get there rename talloc_sub_advanced() to talloc_sub_full(). A subsequent
commit will then bring back talloc_sub_advanced() as described above.
Examples with fictional replacement letters A and B. Currently:
talloc_sub_basic: A
talloc_sub_advanced: AB
New:
talloc_sub_basic: A
talloc_sub_advanced: B
talloc_sub_full: AB
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13745
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(backported from commit
4736623c24503b3ca09c76c9dbb134ef833b2f80)
Ralph Boehme [Thu, 31 Oct 2019 09:19:13 +0000 (10:19 +0100)]
s3: remove unused function standard_sub_advanced()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13745
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
a591de28659919d2afd7ed55106cded6a0d9ab35)
Ralph Boehme [Thu, 31 Oct 2019 11:44:45 +0000 (12:44 +0100)]
s3: replace standard_sub_advanced with talloc_sub_advanced in one place
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13745
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
81ae199bb72886f2f1ed87b22b4c75b6b99c72f6)
Ralph Boehme [Thu, 31 Oct 2019 11:43:25 +0000 (12:43 +0100)]
s3:printing: fix a long line
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13745
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
dcb555c06a6341871b691dab3758e7de04110282)
Ralph Boehme [Thu, 24 Oct 2019 15:15:18 +0000 (17:15 +0200)]
lib/adouble: pass filesize to ad_unpack()
ad_unpack() needs the filesize, not the capped IO size we're using in the caller
to read up to "size" bystem from the ._ AppleDouble file.
This fixes a regression introduced by
bdc257a1cbac7e8c73a084b618ba642476807483
for bug 13968.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14171
RN: vfs_fruit returns capped resource fork length
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Oct 30 14:52:34 UTC 2019 on sn-devel-184
(backported from commit
f3df83a2c346d945487a27a9d258ee6331ea7dbb)
Autobuild-User(v4-11-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-11-test): Fri Nov 8 13:52:49 UTC 2019 on sn-devel-184
Ralph Boehme [Fri, 25 Oct 2019 13:21:32 +0000 (15:21 +0200)]
lib/adouble: drop ad_data reallocate logic
Simply set the buffer size to AD_XATTR_MAX_HDR_SIZE. When reading the
AppleDouble file, read up to AD_XATTR_MAX_HDR_SIZE from the file.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14171
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(backported from commit
9a3da6bebcdb924ca2027337544d79ac2088677e)
Ralph Boehme [Thu, 24 Oct 2019 15:26:08 +0000 (17:26 +0200)]
vfs_fruit: README.Coding fix: multi-line if expression
Also remove a TAB.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14171
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(backported from commit
baaaf59e948df625b01fa8b6317ab5c3babb4e8f)
Ralph Boehme [Thu, 24 Oct 2019 15:17:28 +0000 (17:17 +0200)]
vfs_fruit: fix a long line
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14171
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(backported from commit
f0c8ac47a4608eabeae334d39885aab98198b753)
Ralph Boehme [Fri, 25 Oct 2019 13:41:40 +0000 (15:41 +0200)]
torture: expand test "vfs.fruit.resource fork IO" to check size
Reveals a bug where the resource fork size is capped at 65454 bytes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14171
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
b63069db9fb6efb33b7b917cd5b0ee06b0da9cdc)
Ralph Boehme [Mon, 5 Aug 2019 09:11:14 +0000 (11:11 +0200)]
s3:smbd: Fix sync dosmode fallback in async dosmode codepath
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14070
RN: Fix sync dosmode fallback in async dosmode codepath
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Aug 6 15:40:18 UTC 2019 on sn-devel-184
(cherry picked from commit
5d4aa6e867044e6b58b45acde32ac35e1d0a7765)
Ralph Boehme [Mon, 5 Aug 2019 08:59:22 +0000 (10:59 +0200)]
s3:smbd: Incomplete conversion of former parametric options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14069
RN: Incomplete conversion of former parametric options
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(backported from commit
ea17bd5539eb0be7a446b99c8b6baa4aa1ab273f)
Ralph Boehme [Sat, 4 May 2019 10:12:48 +0000 (12:12 +0200)]
s3: remove now unneeded call to cmdline_messaging_context()
This was only needed as dbwrap_open() had a bug where it asked for the ctdb
connection before initializing messaging. The previous commit fixed that so we
can now safely remove the calls to cmdline_messaging_context() from all tools
that don't use messaging.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13925
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 24 09:33:47 UTC 2019 on sn-devel-184
(cherry picked from commit
9471508391fd3bcf199b1e94f8d9ee2b956e8f8e)
Ralph Boehme [Sat, 4 May 2019 10:12:04 +0000 (12:12 +0200)]
s3:dbwrap: initialize messaging before getting the ctdb connection
This is a better fix for bug #13465.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13925
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
ca95d7f41b683b4d7ac59ed6ee709d44abfe2019)
Isaac Boukris [Fri, 13 Sep 2019 07:56:10 +0000 (10:56 +0300)]
libnet_join: add SPNs for additional-dns-hostnames entries
and set msDS-AdditionalDnsHostName to the specified list.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14116
Signed-off-by: Isaac Boukris <iboukris@redhat.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Oct 25 10:43:08 UTC 2019 on sn-devel-184
Autobuild-User(v4-11-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-11-test): Tue Nov 5 13:57:30 UTC 2019 on sn-devel-184
Isaac Boukris [Tue, 17 Sep 2019 18:38:07 +0000 (21:38 +0300)]
docs-xml: add "additional dns hostnames" smb.conf option
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14116
Signed-off-by: Isaac Boukris <iboukris@redhat.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Isaac Boukris [Wed, 18 Sep 2019 20:15:57 +0000 (23:15 +0300)]
libnet_join_set_machine_spn: simplify adding uniq spn to array
and do not skip adding a fully qualified spn to netbios-aliases
in case a short spn already existed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14116
Signed-off-by: Isaac Boukris <iboukris@redhat.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Isaac Boukris [Wed, 18 Sep 2019 18:29:47 +0000 (21:29 +0300)]
libnet_join_set_machine_spn: simplify memory handling
and avoid a possible memory leak when passing null to
add_string_to_array() as mem_ctx.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14116
Signed-off-by: Isaac Boukris <iboukris@redhat.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Isaac Boukris [Wed, 18 Sep 2019 17:00:34 +0000 (20:00 +0300)]
libnet_join_set_machine_spn: improve style and make a bit room for indentation
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14116
Signed-off-by: Isaac Boukris <iboukris@redhat.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Isaac Boukris [Thu, 29 Aug 2019 21:22:15 +0000 (00:22 +0300)]
libnet_join: build dnsHostName from netbios name and lp_dnsdomain()
This make the join process much more reliable, and avoids "Constraint
violation" error when the fqdn returned from getaddrinfo has already
got assigned an SPN.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14116
Signed-off-by: Isaac Boukris <iboukris@redhat.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Stefan Metzmacher [Fri, 4 Oct 2019 12:57:40 +0000 (14:57 +0200)]
s4:dirsync: fix interaction of dirsync and extended_dn controls
Azure AD connect reports discovery errors:
reference-value-not-ldap-conformant
for attributes member and manager.
The key is that it sends the LDAP_SERVER_EXTENDED_DN_OID without
an ExtendedDNRequestValue blob, which means the flag value should
be treated as 0 and the HEX string format should be used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14153
RN: Prevent azure ad connect from reporting discovery errors:
reference-value-not-ldap-conformant
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Oct 24 11:06:58 UTC 2019 on sn-devel-184
(cherry picked from commit
d0f566c4ad32d69a1cf896e2dde56fc2489bb7fc)
Stefan Metzmacher [Tue, 22 Oct 2019 10:12:32 +0000 (12:12 +0200)]
s4:tests/dirsync: add tests for dirsync with extended_dn
This demonstrates a problems that the extended_dn returned
by the dirsync module always uses the SDDL format for GUID/SID
components.
Azure AD connect reports discovery errors:
reference-value-not-ldap-conformant
for attributes member and manager.
The key is that it sends the LDAP_SERVER_EXTENDED_DN_OID without
an ExtendedDNRequestValue blob, which means the flag value should
be treated as 0 and the HEX string format should be used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14153
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
6d43d82b49c8cd47da2f1489fe8b52d5a873a19c)
Andreas Schneider [Mon, 21 Oct 2019 15:08:08 +0000 (17:08 +0200)]
replace: Only link libnsl and libsocket if requrired
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14168
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Oct 23 08:23:13 UTC 2019 on sn-devel-184
(cherry picked from commit
263bec1b8d0744da73dd92e4a361fb7430289ab3)
Autobuild-User(v4-11-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-11-test): Mon Nov 4 09:31:23 UTC 2019 on sn-devel-184
Jeremy Allison [Thu, 17 Oct 2019 19:41:08 +0000 (12:41 -0700)]
s3: torture: Ensure SMB1 cli_qpathinfo2() doesn't return an inode number.
Piggyback on existing tests, ensure we don't regress on:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14161
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
8e55a8562951924e4b1aad5a6d67fc8b309590c1)
Jeremy Allison [Thu, 17 Oct 2019 18:39:02 +0000 (11:39 -0700)]
s3: libsmb: Ensure SMB1 cli_qpathinfo2() doesn't return an inode number.
The info level it uses doesn't return that, previously we
were using the field that is returned as the EA size as
the inode number (which is usually zero, so the code in
libsmbclient would then synthesize an inode number from
a hash of the pathname, which is all it can do for SMB1).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14161
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
d495074ee27a5f528d5156a69800ee58d799b1eb)
Karolin Seeger [Tue, 29 Oct 2019 10:10:52 +0000 (11:10 +0100)]
VERSION: Bump version up to 4.11.3.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Tue, 29 Oct 2019 10:10:20 +0000 (11:10 +0100)]
Merge tag 'samba-4.11.2' into v4-11-test
samba: tag release samba-4.11.2
Karolin Seeger [Thu, 24 Oct 2019 08:52:52 +0000 (10:52 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.11.2 release.
* Bug 14071: CVE-2019-10218: Client code can return filenames containing path
separators.
* Bug 12438: CVE-2019-14833: Samba AD DC check password script does not receive
the full password.
* Bug 14040: CVE-2019-14847: User with "get changes" permission can crash AD DC LDAP
server via dirsync.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 24 Oct 2019 08:42:16 +0000 (10:42 +0200)]
WHATSNEW: Add release notes for Samba 4.11.2.
* Bug 14071: CVE-2019-10218: Client code can return filenames containing path
separators.
* Bug 12438: CVE-2019-14833: Samba AD DC check password script does not receive
the full password.
* Bug 14040: CVE-2019-14847: User with "get changes" permission can crash AD DC
LDAP server via dirsync.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Andrew Bartlett [Tue, 15 Oct 2019 02:44:34 +0000 (15:44 +1300)]
CVE-2019-14847 dsdb: Correct behaviour of ranged_results when combined with dirsync
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14040
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 15 Oct 2019 03:28:46 +0000 (16:28 +1300)]
CVE-2019-14847 dsdb: Demonstrate the correct interaction of ranged_results style attributes and dirsync
Incremental results are provided by a flag on the dirsync control, not
by changing the attribute name.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14040
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Björn Baumbach [Tue, 6 Aug 2019 14:32:32 +0000 (16:32 +0200)]
CVE-2019-14833 dsdb: send full password to check password script
utf8_len represents the number of characters (not bytes) of the
password. If the password includes multi-byte characters it is required
to write the total number of bytes to the check password script.
Otherwise the last bytes of the password string would be ignored.
Therefore we rename utf8_len to be clear what it does and does
not represent.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12438
Signed-off-by: Björn Baumbach <bb@sernet.de>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Wed, 18 Sep 2019 23:50:01 +0000 (11:50 +1200)]
CVE-2019-14833: Use utf8 characters in the unacceptable password
This shows that the "check password script" handling has a bug.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12438
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Jeremy Allison [Tue, 6 Aug 2019 19:08:09 +0000 (12:08 -0700)]
CVE-2019-10218 - s3: libsmb: Protect SMB2 client code from evil server returned names.
Disconnect with NT_STATUS_INVALID_NETWORK_RESPONSE if so.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14071
Signed-off-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Mon, 5 Aug 2019 20:39:53 +0000 (13:39 -0700)]
CVE-2019-10218 - s3: libsmb: Protect SMB1 client code from evil server returned names.
Disconnect with NT_STATUS_INVALID_NETWORK_RESPONSE if so.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14071
Signed-off-by: Jeremy Allison <jra@samba.org>
Karolin Seeger [Fri, 18 Oct 2019 09:03:16 +0000 (11:03 +0200)]
VERSION: Bump version up to 4.11.2...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
7b8309398beab679cd4068da497661ce33616edc)
Karolin Seeger [Fri, 18 Oct 2019 09:03:16 +0000 (11:03 +0200)]
VERSION: Bump version up to 4.11.2...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>