Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 590df382bea44eec2dbfd2a28c659b0a29188bca)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit a9eeea6ef78cc44c8423c7125fa1376921060018)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit a63e2a312c761093fedb09bd234b6736485a930a)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 01b8374e7942141e7f6cbdec7623c981a008e4c1)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 72ef8d3a52c1ab07c079a4c014ba8ac7bff528f7)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 85b168c6dac88f5065c0ec6e925937439f2c12ed)
For smbd we want an error and for smbclient we only want it in NOTICE
debug level.
The default log level of smbclient is log level 1 so we need notice to
not spam the user.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jan 30 16:54:33 UTC 2020 on sn-devel-184
Signed-off-by: Jeremy Allison <jra@samba.org>
Pair programmed with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jan 21 23:33:41 UTC 2020 on sn-devel-184
Signed-off-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Tue Jan 14 12:46:17 UTC 2020 on sn-devel-144
Karolin Seeger [Thu, 9 Jan 2020 11:51:27 +0000 (12:51 +0100)]
VERSION: Disable GIT_SNAPSHOT for the 4.10.12 release.
o CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD
Directory not automatic.
o CVE-2019-14907: Crash after failed character conversion at log level 3 or
above.
o CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC.
Karolin Seeger [Thu, 9 Jan 2020 11:48:31 +0000 (12:48 +0100)]
WHATSNEW: Add release notes for Samba 4.11.5.
o CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD
Directory not automatic.
o CVE-2019-14907: Crash after failed character conversion at log level 3 or
above.
o CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC.
Martin Schwenke [Fri, 13 Dec 2019 00:09:04 +0000 (11:09 +1100)]
ctdb-scripts: Strip square brackets when gathering connection info
ss added square brackets around IPv6 addresses in versions > 4.12.0
via commit aba9c23a6e1cb134840c998df14888dca469a485. CentOS 7 added
this feature somewhere mid-release. So, backward compatibility is
obviously needed.
As per the comment protocol/protocol_util.c should probably print and
parse such square brackets. However, for backward compatibility the
brackets would have to be stripped in both places in
update_tickles()... or added to the ss output when missing. Best to
leave this until we have a connection tracking daemon.
Gary Lockyer [Thu, 19 Dec 2019 03:31:46 +0000 (16:31 +1300)]
upgradedns: ensure lmdb lock files linked
Ensure that the '-lock' files for the dns partitions as well as the data
files are linked when running
samba_dnsupgrade --dns-backend=BIND9_DLZ
failure to create these links can cause corruption of the corresponding
data file.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 0bd479140c18ab79479ced4f25f366744c3afe18)
Gary Lockyer [Thu, 19 Dec 2019 03:31:24 +0000 (16:31 +1300)]
test upgradedns: ensure lmdb lock files linked
Add tests to check that the '-lock' files for the dns partitions as well as
the data files are linked when running
samba_dnsupgrade --dns-backend=BIND9_DLZ
failure to create these links can cause corruption of the corresponding
data file.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit f0cebbe4dd0317e2abfcbe252977383e6f37f3bd)
Björn Jacke [Tue, 7 Jan 2020 09:21:18 +0000 (10:21 +0100)]
docs-xml/winbindnssinfo: clarify interaction with idmap_ad etc.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14122
RN: docs: clarify interaction between winbind nss info and idmap backend
Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Jan 8 15:37:46 UTC 2020 on sn-devel-184
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Dec 19 15:44:25 UTC 2019 on sn-devel-184
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit b3e3cb3bbd86a53b48ee009adf811d48dd50dc8b)
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 0fe9dc5219beaf605da9c7922053f7324507b50e)
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit bf9a3a7aa1913238ae2c997ce00369d0dbae3a08)
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit ea51a426e506bd6456814ecddcb63441859f9d89)
Jeremy Allison [Fri, 18 Oct 2019 17:48:55 +0000 (10:48 -0700)]
s3: libsmb: Move setting all struct stat fields into setup_stat().
That way we only have one place where a struct stat is synthesised
for libsmbclient callers.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 1f0715c0e5e6ff371e3b393a0b35222c8b6f49bc)
Noel Power [Fri, 24 May 2019 13:37:00 +0000 (13:37 +0000)]
CVE-2019-14907 lib/util/charset: clang: Fix Value stored to 'reason' is never read warning
Fixes:
lib/util/charset/convert_string.c:301:5: warning: Value stored to 'reason' is never read <--[clang]
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Gary Lockyer gary@catalyst.net.nz
(cherry picked from commit add47e288bc80c1bf45765d1588a9fa5998ea677)
Andrew Bartlett [Thu, 12 Dec 2019 01:44:57 +0000 (14:44 +1300)]
CVE-2019-14902 dsdb: Change basis of descriptor module deferred processing to be GUIDs
We can not process on the basis of a DN, as the DN may have changed in a rename,
not only that this module can see, but also from repl_meta_data below.
Therefore remove all the complex tree-based change processing, leaving only
a tree-based sort of the possible objects to be changed, and a single
stopped_dn variable containing the DN to stop processing below (after
a no-op change).
Andrew Bartlett [Sun, 15 Dec 2019 22:29:27 +0000 (11:29 +1300)]
selftest: Add test to confirm ACL inheritence really happens
While we have a seperate test (sec_descriptor.py) that confirms inheritance in
general we want to lock in these specific patterns as this test covers
rename.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Anoop C S [Tue, 12 Nov 2019 14:28:43 +0000 (19:58 +0530)]
s3: VFS: glusterfs: Reset nlinks for symlink entries during readdir
On receiving an already initialized stat_ex buffer for readdir() call we
invoke readdirplus() GlusterFS API, an optimized variant of readdir(),
which then returns stat information along with dir entry result. But for
symlink entries we don't know if link or target info is needed. In that
case it is better to leave this decision back to caller by resetting
nlinks value inside stat information to make it invalid.
This was also preventing us from displaying msdfs link as directories
inside the share.
Signed-off-by: Anoop C S <anoopcs@redhat.com> Reviewed-by: Günther Deschner <gd@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Dec 17 21:53:07 UTC 2019 on sn-devel-184
Signed-off-by: Torsten Fohrer <torsten.fohrer@sbe.de> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Dec 18 14:33:58 UTC 2019 on sn-devel-184
Douglas Bagnall [Mon, 2 Dec 2019 22:17:26 +0000 (11:17 +1300)]
pygpo: use correct method flags
The METH_KEYWORDS argument must always be combined with METH_VARARGS.
In Python up to 3.7 this was checked at runtime, and as we had no callers to
get_unix_path() in Python we never noticed. In Python 3.8 it is checked at
import time, and everyone notices even if they aren't directly using GPOs.
Found and reported by Val Kulkov.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14209 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 12cccf3447333dfd4f5e437cd57ca5ec68724fdd)
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Dec 4 21:27:24 UTC 2019 on sn-devel-184
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 46899ecf836d350c0c29b615869851da7d0ad6fb)
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit eae1a45d09ef54dd6b59803eedca672ae9433902)
Uri Simchoni [Sun, 20 Oct 2019 18:36:11 +0000 (21:36 +0300)]
heimdal-build: avoid hard-coded /usr/include/heimdal in asn1_compile-generated code.
This fixes a cross-compilation issue, as cross-compilers (rightly)
complain if host include directories are in the include path.
The fix is taken from buildroot (https://github.com/buildroot/buildroot/blob/8b11b96f41a6ffa76556c9bf03a863955871ee57/package/samba4/0006-heimdal_build-wscript_build-do-not-add-host-include-.patch) where it was applied by Bernd Kuhls <bernd.kuhls@t-online.de>.
Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Dec 1 10:22:01 UTC 2019 on sn-devel-184
Karolin Seeger [Tue, 3 Dec 2019 11:54:00 +0000 (12:54 +0100)]
VERSION: Disable GIT_SNAPSHOT for the 4.10.11 release.
o CVE-2019-14861: Samba AD DC zone-named record Denial of Service in DNS
management server (dnsserver).
o CVE-2019-14870: DelegationNotAllowed not being enforced in protocol transition
on Samba AD DC.
Karolin Seeger [Tue, 3 Dec 2019 11:52:58 +0000 (12:52 +0100)]
WHATSNEW: Add release notes for Samba 4.10.11.
o CVE-2019-14861: Samba AD DC zone-named record Denial of Service in DNS
management server (dnsserver).
o CVE-2019-14870: DelegationNotAllowed not being enforced in protocol transition
on Samba AD DC.
Andrew Bartlett [Thu, 31 Oct 2019 17:53:56 +0000 (06:53 +1300)]
s4-torture: Reduce flapping in SambaToolDrsTests.test_samba_tool_replicate_local
This test often flaps in Samba 4.9 (where more tests and DCs run in the environment)
with obj_1 being 3. This is quite OK, we just need to see some changes get
replicated, not 0 changes.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 4ae0f9ce0f5ada99cf1d236377e5a1234c879ae3)
Andrew Bartlett [Tue, 29 Oct 2019 22:50:57 +0000 (11:50 +1300)]
CVE-2019-14861: Test to demonstrate the bug
This test does not fail every time, but when it does it casues a segfault which
takes out the rpc_server master process, as this hosts the dnsserver pipe.
Andrew Bartlett [Tue, 29 Oct 2019 01:15:36 +0000 (14:15 +1300)]
CVE-2019-14861: s4-rpc/dnsserver: Avoid crash in ldb_qsort() via dcesrv_DnssrvEnumRecords)
dns_name_compare() had logic to put @ and the top record in the tree being
enumerated first, but if a domain had both then this would break the
older qsort() implementation in ldb_qsort() and cause a read of memory
before the base pointer.
By removing this special case (not required as the base pointer
is already seperatly located, no matter were it is in the
returned records) the crash is avoided.
Volker Lendecke [Thu, 7 Nov 2019 14:26:01 +0000 (15:26 +0100)]
ctdb-tcp: Close inflight connecting TCP sockets after fork
Commit c68b6f96f26 changed the talloc hierarchy such that outgoing TCP sockets
while sitting in the async connect() syscall are not freed via
ctdb_tcp_shutdown() anymore, they are hanging off a longer-running structure.
Free this structure as well.
If an outgoing TCP socket leaks into a long-running child process (possibly the
recovery daemon), this connection will never be closed as seen by the
destination node. Because with recent changes incoming connections will not be
accepted as long as any incoming connection is alive, with that socket leak
into the recovery daemon we will never again be able to successfully connect to
the node that is affected by this leak. Further attempts to connect will be
discarded by the destination as long as the recovery daemon keeps this socket
alive.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14175
RN: Avoid communication breakdown on node reconnect
Signed-off-by: Martin Schwenke <martin@meltin.net> Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit a6d99d9e5c5bc58e6d56be7a6c1dbc7c8d1a882f)
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Mon Nov 25 14:56:53 UTC 2019 on sn-devel-144
Martin Schwenke [Tue, 29 Oct 2019 04:29:11 +0000 (15:29 +1100)]
ctdb-tcp: Avoid orphaning the TCP incoming queue
CTDB's incoming queue handling does not check whether an existing
queue exists, so can overwrite the pointer to the queue. This used to
be harmless until commit c68b6f96f26664459187ab2fbd56767fb31767e0
changed the read callback to use a parent structure as the callback
data. Instead of cleaning up an orphaned queue on disconnect, as
before, this will now free the new queue.
At first glance it doesn't seem possible that 2 incoming connections
from the same node could be processed before the intervening
disconnect. However, the incoming connections and disconnect occur on
different file descriptors. The queue can become orphaned on node A
when the following sequence occurs:
1. Node A comes up
2. Node A accepts an incoming connection from node B
3. Node B processes a timeout before noticing that outgoing the queue is writable
4. Node B tears down the outgoing connection to node A
5. Node B initiates a new connection to node A
6. Node A accepts an incoming connection from node B
Node A processes then the disconnect of the old incoming connection
from (2) but tears down the new incoming connection from (6). This
then occurs until the originally affected node is restarted.
However, due to the number of outgoing connection attempts and
associated teardowns, this induces the same behaviour on the
corresponding incoming queue on all nodes that node A attempts to
connect to. Therefore, other nodes become affected and need to be
restarted too.
As a result, the whole cluster probably needs to be restarted to
recover from this situation.
The problem can occur any time CTDB is started on a node.
The fix is to avoid accepting new incoming connections when a queue
for incoming connections is already present. The connecting node will
simply retry establishing its outgoing connection.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Nov 5 12:36:48 UTC 2019 on sn-devel-184
Ralph Boehme [Thu, 31 Oct 2019 11:46:38 +0000 (12:46 +0100)]
s3:printing: Fix %J substition
print_run_command() uses lp_print_command() which internally performs basic
substition by calling talloc_sub_basic(). As a result. any of the variables in
the "basic set", including "%J" are already substituted.
To prevent the unwanted subtitution, we declare all affected configuration
options as const, which disabled the basic substition.
As a result print_run_command() can run manual substitution on all characters,
including %J, in the variadic argument list *before* calling lp_string() to run
basic substition which we had disabled before with the const.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Nov 7 16:01:21 UTC 2019 on sn-devel-184
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit ede00779ab2d881e061adb9d861879e8c68e272b)
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 41ab92b62fbf029374b89f9d0ddf7578981f37cf)
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit a591de28659919d2afd7ed55106cded6a0d9ab35)
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 81ae199bb72886f2f1ed87b22b4c75b6b99c72f6)
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit dcb555c06a6341871b691dab3758e7de04110282)
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Oct 30 14:52:34 UTC 2019 on sn-devel-184
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit b63069db9fb6efb33b7b917cd5b0ee06b0da9cdc)
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Aug 6 15:40:18 UTC 2019 on sn-devel-184
Ralph Boehme [Sat, 4 May 2019 10:12:48 +0000 (12:12 +0200)]
s3: remove now unneeded call to cmdline_messaging_context()
This was only needed as dbwrap_open() had a bug where it asked for the ctdb
connection before initializing messaging. The previous commit fixed that so we
can now safely remove the calls to cmdline_messaging_context() from all tools
that don't use messaging.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 24 09:33:47 UTC 2019 on sn-devel-184
Signed-off-by: Isaac Boukris <iboukris@redhat.com> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Oct 25 10:43:08 UTC 2019 on sn-devel-184
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Tue Nov 5 14:31:48 UTC 2019 on sn-devel-144
projects / thirdparty / samba.git / log
