lib/replace: move lib/replace/closefrom.c from ROKEN_HOSTCC_SOURCE to REPLACE_HOSTCC_SOURCE
This is where it really belongs and we avoid the strange interaction
with source4/heimdal_build/config.h. This a follow up for commit f31333d40e6fa38daa32a3ebb32d5a317c06fc62.
This fixes a build problem if libbsd-dev is not installed.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Björn Jacke <bjacke@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Sep 8 13:59:58 UTC 2020 on sn-devel-184
Volker Lendecke [Tue, 11 Aug 2020 16:09:14 +0000 (18:09 +0200)]
tldap: Receiving "msgid == 0" means the connection is dead
We never use msgid=0, see tldap_next_msgid(). RFC4511 section 4.4.1
says that the unsolicited disconnect response uses msgid 0. We don't
parse this message, which supposedly is an extended response: Windows
up to 2019 sends an extended response in an ASN.1 encoding that does
not match RFC4511.
Volker Lendecke [Thu, 13 Aug 2020 12:59:58 +0000 (14:59 +0200)]
test: Test winbind idmap_ad ticket expiry behaviour
We need to make sure that winbind's idmap_ad deals fine with an
expired krb ticket used to connect to AD via LDAP. In a customer
situation we have seen the RFC4511 section 4.4.1 unsolicited ldap exop
response coming through, but the TCP disconnect that Windows seems to
do after that did not make it. Winbind deals fine with a TCP
disconnect, but right now it does not handle just the section 4.4.1
response properly: It completely hangs.
This test requests a ticket valid for 5 seconds and makes the LDAP
server postpone the TCP disconnect after the ticket expiry for 10
seconds. The tests that winbind reacts to the ticket expiry exop
response by making sure in this situation the wbinfo call running into
the issue takes less than 8 seconds. If it did not look at the expiry
exop response, it would take more than 10 seconds.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit a4ecd112e7754ab25bcae749594952a28c4c8905)
Volker Lendecke [Tue, 11 Aug 2020 14:54:34 +0000 (16:54 +0200)]
tldap: Fix tldap_msg_received()
The callback of "req" might have destroyed "ld", we can't reference
this anymore after calling tevent_req_done(req). Defer calling the
callbacks, which also means that the callbacks can't have added
anything to ld->pending.
for details: Windows terminates LDAP connections when the krb5 ticket
expires, Samba should do the same. This patch slightly deviates from
Windows behaviour by sending a LDAP exop response with msgid 0 that is
ASN1-encoded conforming to RFC4511.
Volker Lendecke [Wed, 12 Aug 2020 13:50:58 +0000 (15:50 +0200)]
torture: Test ldap session expiry
LDAP connections should time out when the kerberos ticket used to authenticate
expires. Windows does this with a RFC4511 section 4.4.1 message (that as of
August 2020 is encoded not according to the RFC) followed by a TCP disconnect.
ldb sees the section 4.4.1 as a protocol violation and returns
LDB_ERR_PROTOCOL_ERROR.
Martin Schwenke [Thu, 13 Jun 2019 14:23:22 +0000 (00:23 +1000)]
ctdb-recoverd: Do not fetch the nodemap from the recovery master
The nodemap has already been fetched from the local node and is
actually passed to this function. Care must be taken to avoid
referencing the "remote" nodemap for the recovery master. It also
isn't useful to do so, since it would be the same nodemap.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14466 Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit d50919b0cb28f299c9b6985271b29d4f27c5f619)
Martin Schwenke [Thu, 18 Jan 2018 09:02:42 +0000 (20:02 +1100)]
ctdb-recoverd: Change get_remote_nodemaps() to use connected nodes
The plan here is to use the nodemaps retrieved by get_remote_nodes()
in update_local_flags(). This will improve efficiency, since
get_remote_nodes() fetches flags from nodes in parallel. It also
means that get_remote_nodes() can be used exactly once early on in
main_loop() to retrieve remote nodemaps. Retrieving nodemaps multiple
times is unnecessary and racy - a single monitoring iteration should
not fetch flags multiple times and compare them.
This introduces a temporary behaviour change but it will be of no
consequence when the above changes are made.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14466 Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 762d1d8a9605f97973a2c1176de5d29fcc61d15a)
Martin Schwenke [Mon, 17 Aug 2020 10:27:18 +0000 (20:27 +1000)]
ctdb-recoverd: Fix a local memory leak
The memory is allocated off the memory context used by the current
iteration of main loop. It is freed when main loop completes the fix
doesn't require backporting to stable branches. However, it is sloppy
so it is worth fixing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14466 Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit d2d90f250214582d7124b8137aa2cf5032b2f285)
The logic currently in ctdb_ctrl_modflags() will be optimised so that
it no longer matches the pattern for a control function. So, remove
this function and squash its functionality into the only caller.
Although there are some superficial changes, the behaviour is
unchanged.
Flattening the 2 functions produces some seriously weird logic for
setting the new flags, to the point where using ctdb_ctrl_modflags()
for this purpose now looks very strange. The weirdness will be
cleaned up in a subsequent commit.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 0c6a7db3ba84b8355359b0a8c52690b234bb866d)
Christof Schmitt [Fri, 14 Aug 2020 16:36:26 +0000 (09:36 -0700)]
util: Allow symlinks in directory_create_or_exist
Commit 9f60a77e0b updated the check to avoid having files or other
objects instead of a directory. This missed the valid case that there
might be a symlink to a directory. Updated the check accordingly to
allow symlinks to directories.
Andrew Bartlett [Sun, 26 Jul 2020 23:37:29 +0000 (11:37 +1200)]
dbcheck: Allow a dangling forward link outside our known NCs
If we do not have the NC of the target object we can not be really sure
that the object is redundent and so we want to keep it for now
and not (as happened until now) break the dbcheck run made during the
replication stage of a "samba-tool domain backup rename".
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 05228c4e07013c0e6f78f1330b3b787271282ca8)
Autobuild-User(v4-11-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-11-test): Thu Aug 6 13:32:29 UTC 2020 on sn-devel-184
s3:smbd: check for stale pid in delay_for_oplock_fn() when leases_db_get() fails
If leases_db_get() failed the leases_db record might have been cleaned up for
stale processes. Check if the share-mode-entry owner is stale in this case and
return ignore the entry. In any other case, log a debug messages and panic.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 7 02:47:46 UTC 2020 on sn-devel-184
(backported from commit 58adf349edfd3001ad071cc7ed8cfc551f67f8a2)
[metze@samba.org: use share_mode_stale_pid() instead of share_entry_stale_pid()]
[metze@samba.org: use file_id_string_tos() instead of file_id_str_buf()]
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 217693682d5bbd0f2d6b5331f47b2a6348840898)
Ralph Boehme [Thu, 2 Jul 2020 12:47:12 +0000 (14:47 +0200)]
smbd: check for stale pid in get_lease_type()
If leases_db_get() failed the leases_db record might have been cleaned up for
stale processes. Check if the share-mode-entry owner is stale in this case and
return a 0 lease state. In any other case, log a debug messages and panic.
Signed-off-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jul 2 16:45:42 UTC 2020 on sn-devel-184
(backported from commit 05d4466a6d1ad048fa86aea09ec0a56a7b961369)
[slow@samba.org: use share_mode_stale_pid() instead of share_entry_stale_pid()]
[metze@samba.org: use file_id_string_tos() instead of file_id_str_buf()]
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
(backported from commit 3f4a865821da27efbed4f7c38ad3efbcaae77a02)
[slow@samba.org: get_lease_type() takes arg d in 4.11]
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
(backported from commit e4328db1c94837a8ea5652971cea20055d3d24ff)
[slow@samba.org: take id from d as it's not passed as arg]
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
(backported from commit fbb8bbe1243eb2a0351dc2422929278f85a99e26)
[slow@samba.org: remove_lease_if_stale() does not exist in 4.11]
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
(cherry picked from commit 71b7140fd0a33e7e8c5bf37c2897cea8224b3f01)
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 4c74db6978c682f8ba4e74a6ee8157cfcbb54971)
The backend loglevel globally restricts logging of a particular backend. If this
value is smaller then any explicitly configured logging class, logging for this
class is skipped.
Eg, given the following logging config in smb.conf:
the default class loglevel of 1 (dbgc_config[DBGC_ALL].loglevel) will be
assigned to the backend loglevel.
So even though the logging class auth_json_audit is configured at level 3, this
doesn't become effective as the file backend drops all log messages with a level
below 1.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jul 2 13:25:29 UTC 2020 on sn-devel-184
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 5aeaa6959da326095e98f0369b6d91dc5667415e)
Pair-Programmed-With: Andreas Schneider <asn@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Amit Kumar <amitkuma@redhat.com> Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit c83ce5f4f99aef94530411ec82cc03e9935b352d)
Signed-off-by: Amit Kumar <amitkuma@redhat.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 2a7fc40fb3f3ca994cecad3e2957433d7a411208)
Signed-off-by: Andrew <awalker@ixsystems.com> Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit b5b801026edd3a8fd8d0ba1752e891453cf675c9)
Andrew Bartlett [Wed, 1 Jul 2020 02:31:54 +0000 (14:31 +1200)]
selftest: Run test of how userPassword / crypt() style passwords are stored in quicktest
This ensures that the crypt_r()/crypt_rn()/crypt() behaviour is tested in all
the samba-o3 builds and so is checked on RHEL7 in GitLab CI.
https://bugzilla.samba.org/show_bug.cgi?id=14424
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit cabf873b75b1d4d456190358bc3ed051bca16978)
Autobuild-User(v4-11-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-11-test): Mon Jul 6 15:10:27 UTC 2020 on sn-devel-184
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 2c4ecf002a3fbbe8be061814468529c8bd6bb7aa)
Andrew Bartlett [Wed, 1 Jul 2020 02:35:39 +0000 (14:35 +1200)]
dsdb: Allow "password hash userPassword schemes = CryptSHA256" to work on RHEL7
On RHEL7 crypt_r() will set errno. This is a problem because the implementation of crypt_r()
in RHEL8 and elsewhere in libcrypt will return non-NULL but set errno on failure.
The workaround is to use crypt_rn(), provided only by libcrypt, which will return NULL
on failure, and so avoid checking errno in the non-failure case.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 91453f110fa72062291eb59ad9d95fab0f423557)
Martin Schwenke [Fri, 5 Jun 2020 12:05:42 +0000 (22:05 +1000)]
util: Reallocate larger buffer if getpwuid_r() returns ERANGE
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Bjoern Jacke <bjacke@samba.org>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Jun 9 21:07:24 UTC 2020 on sn-devel-184
Martin Schwenke [Tue, 9 Jun 2020 01:52:50 +0000 (11:52 +1000)]
util: Simplify input validation
It appears that snprintf(3) is being used for input validation.
However, this seems like overkill because it causes szPath to be
copied an extra time. The mostly likely protections being sought
here, according to https://cwe.mitre.org/data/definitions/20.html,
look to be DoS attacks involving CPU and memory usage. A simpler
check that uses strnlen(3) can mitigate against both of these and is
simpler.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Bjoern Jacke <bjacke@samba.org>
(cherry picked from commit 922bce2668994dd2a5988c17060f977e9bb0c229)
Jeremy Allison [Tue, 30 Jun 2020 21:00:41 +0000 (14:00 -0700)]
s3: libsmb: Fix SMB2 client rename bug to a Windows server.
Fix bug where renaming to a target name of one
UCS2 character (name length 2 bytes) fails to
a Windows 10 SMB2 server.
The Windows 10 SMB2 server has a minimum length
for a SMB2_FILE_RENAME_INFORMATION buffer of
24 bytes. It returns NT_STATUS_INFO_LENGTH_MISMATCH
if the length is less. This isn't an alignment
issue as Windows client happily 2-byte align
for larget target name sizes. Also the Windows 10
SMB1 server doesn't have this restriction.
If the name length is too short, pad out with
zeros to 24 bytes.
Hard to add a test for this as we don't want to
add this silly restriction to the Samba server
as it would break all non-Windows clients.
VERSION: Disable GIT_SNAPSHOT for the 4.11.11 release.
This is a security release in order to address the following CVEs:
o CVE-2020-10730: NULL pointer de-reference and use-after-free in Samba AD DC
LDAP Server with ASQ, VLV and paged_results.
o CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume
excessive CPU.
o CVE-2020-10760: LDAP Use-after-free in Samba AD DC Global Catalog with
paged_results and VLV.
o CVE-2020-14303: Empty UDP packet DoS in Samba AD DC nbtd.
Andrew Bartlett [Fri, 5 Jun 2020 10:14:48 +0000 (22:14 +1200)]
CVE-2020-10760 dsdb: Ensure a proper talloc tree for saved controls
Otherwise a paged search on the GC port will fail as the ->data was
not kept around for the second page of searches.
An example command to produce this is
bin/ldbsearch --paged -H ldap://$SERVER:3268 -U$USERNAME%$PASSWORD
This shows up later in the partition module as:
ERROR: AddressSanitizer: heap-use-after-free on address 0x60b00151ef20 at pc 0x7fec3f801aac bp 0x7ffe8472c270 sp 0x7ffe8472c260
READ of size 4 at 0x60b00151ef20 thread T0 (ldap(0))
#0 0x7fec3f801aab in talloc_chunk_from_ptr ../../lib/talloc/talloc.c:526
#1 0x7fec3f801aab in __talloc_get_name ../../lib/talloc/talloc.c:1559
#2 0x7fec3f801aab in talloc_check_name ../../lib/talloc/talloc.c:1582
#3 0x7fec1b86b2e1 in partition_search ../../source4/dsdb/samdb/ldb_modules/partition.c:780
or
smb_panic_default: PANIC (pid 13287): Bad talloc magic value - unknown value
(from source4/dsdb/samdb/ldb_modules/partition.c:780)
Douglas Bagnall [Thu, 14 May 2020 22:52:45 +0000 (10:52 +1200)]
CVE-2020-10745: ndr/dns-utils: prepare for NBT compatibility
NBT has a funny thing where it sometimes needs to send a trailing dot as
part of the last component, because the string representation is a user
name. In DNS, "example.com", and "example.com." are the same, both
having three components ("example", "com", ""); in NBT, we want to treat
them differently, with the second form having the three components
("example", "com.", "").
Douglas Bagnall [Fri, 24 Apr 2020 23:10:18 +0000 (11:10 +1200)]
CVE-2020-10745: ndr_dns: do not allow consecutive dots
The empty subdomain component is reserved for the root domain, which we
should only (and always) see at the end of the list. That is, we expect
"example.com.", but never "example..com".
Douglas Bagnall [Fri, 24 Apr 2020 23:02:08 +0000 (11:02 +1200)]
CVE-2020-10745: ndr_dns: move ndr_push_dns_string core into sharable function
This is because ndr_nbt.c does almost exactly the same thing with
almost exactly the same code, and they both do it wrong. Soon they
will both be using the better version that this will become. Though in
this patch we just move the code, not fix it.
(backported from master commit)
[abartlet@samba.org: backported due to differences in pre-existing
tests - eg test_ndr - mentioned in wscript_build and tests.py]
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Gary Lockyer [Tue, 12 May 2020 22:56:56 +0000 (10:56 +1200)]
CVE-2020-10730: lib ldb: Check if ldb_lock_backend_callback called twice
Prevent use after free issues if ldb_lock_backend_callback is called
twice, usually due to ldb_module_done being called twice. This can happen if a
module ignores the return value from function a function that calls
ldb_module_done as part of it's error handling.
lldb_add_msg_attr() calls ldb_msg_add_empty() which, in turn, calls
calls _ldb_msg_add_el() which already increments msg->num_elements by one.
As a result, msg->num_elements is bigger than the actual number of
elements and any iteration over elements would step over elements array
boundary.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14413 Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jun 19 08:35:33 UTC 2020 on sn-devel-184
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14413 Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 36bd6edd8a603f3aa34aff81c43ef26efd3ad4cf)
Jeremy Allison [Mon, 11 May 2020 22:58:27 +0000 (15:58 -0700)]
s3: libsmbclient: Finish unifing bad iconv behavior across CORE NT1 SMB2 protocols.
On bad name conversion, exit the directory listing with an error, but leave the
connection intact. We were already checking for finfo->name == NULL here,
but were ignoring it and not reporting an error.
Remove the knownfail.d/bad_iconv file as we now
behave the same across CORE/NT1/SMB2.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue May 12 21:32:44 UTC 2020 on sn-devel-184
projects / thirdparty / samba.git / log
