Karolin Seeger [Thu, 24 Oct 2019 08:52:52 +0000 (10:52 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.11.2 release.
* Bug 14071: CVE-2019-10218: Client code can return filenames containing path
separators.
* Bug 12438: CVE-2019-14833: Samba AD DC check password script does not receive
the full password.
* Bug 14040: CVE-2019-14847: User with "get changes" permission can crash AD DC LDAP
server via dirsync.
Karolin Seeger [Thu, 24 Oct 2019 08:42:16 +0000 (10:42 +0200)]
WHATSNEW: Add release notes for Samba 4.11.2.
* Bug 14071: CVE-2019-10218: Client code can return filenames containing path
separators.
* Bug 12438: CVE-2019-14833: Samba AD DC check password script does not receive
the full password.
* Bug 14040: CVE-2019-14847: User with "get changes" permission can crash AD DC
LDAP server via dirsync.
Björn Baumbach [Tue, 6 Aug 2019 14:32:32 +0000 (16:32 +0200)]
CVE-2019-14833 dsdb: send full password to check password script
utf8_len represents the number of characters (not bytes) of the
password. If the password includes multi-byte characters it is required
to write the total number of bytes to the check password script.
Otherwise the last bytes of the password string would be ignored.
Therefore we rename utf8_len to be clear what it does and does
not represent.
Signed-off-by: Isaac Boukris <iboukris@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 7259197bf716f8b81dea74beefe6ee3b1239f172)
Autobuild-User(v4-11-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-11-test): Wed Oct 16 20:39:04 UTC 2019 on sn-devel-184
Signed-off-by: Isaac Boukris <iboukris@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit d473f1e38c2822746030516269b4d70032cf9b2e)
Pair-Programmed-With: Isaac Boukris <iboukris@redhat.com>
Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Isaac Boukris <iboukris@redhat.com> Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 123584294cfd153acc2d9a5be9d71c395c847a25)
lib:krb5_wrap: Do not create a temporary file for MEMORY keytabs
The autobuild cleanup script fails with:
The tree has 3 new uncommitted files!!!
git clean -n
Would remove MEMORY:tmp_smb_creds_SK98Lv
Would remove MEMORY:tmp_smb_creds_kornU6
Would remove MEMORY:tmp_smb_creds_ljR828
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit d888655244b4d8ec7a69a042e0ff3c074585b0de)
Signed-off-by: Isaac Boukris <iboukris@redhat.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Sat Oct 12 15:51:42 UTC 2019 on sn-devel-184
Signed-off-by: Isaac Boukris <iboukris@redhat.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Isaac Boukris <iboukris@redhat.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Isaac Boukris <iboukris@redhat.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Pair-Programmed-With: Isaac Boukris <iboukris@redhat.com> Reviewed-by: Andreas Schneider <asn@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Isaac Boukris <iboukris@redhat.com> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Isaac Boukris [Thu, 3 Oct 2019 10:09:29 +0000 (13:09 +0300)]
spnego: ignore server mech_types list
We should not use the mech list sent by the server in the last
'negotiate' packet in CIFS protocol, as it is not protected and
may be subject to downgrade attacks.
Signed-off-by: Isaac Boukris <iboukris@redhat.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Mon, 23 Sep 2019 22:16:58 +0000 (15:16 -0700)]
s3:smbd: when storing DOS attribute call dos_mode() beforehand
This is required to ensure File-ID info is populated with the correct on-disk
value, before calling file_set_dosmode() which will update the on-disk value.
Ralph Boehme [Mon, 23 Sep 2019 22:15:31 +0000 (15:15 -0700)]
s3:smbd: change the place where we call dos_mode() when processing SMB2_CREATE
This is needed for ordinary file or directory opens so the QFID create context
response gets the correct File-ID value via dos_mode() from the DOS attributes
xattr.
testprogs: Add test for 'net ads join createcomputer='
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Oct 9 08:26:17 UTC 2019 on sn-devel-184
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 39b8c8b30a5d5bd70f8da3a02cf77f7592788b94)
s3:libads: Don't set supported encryption types during account creation
This is already handled by libnet_join_post_processing_ads_modify()
which calls libnet_join_set_etypes() if encrytion types should be set.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit b755a6438022579dab1a403c81d60b1ed7efca38)
s3:libads: Fix detection if acount already exists in ads_find_machine_count()
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 4f389c1f78cdc2424795e3b2a1ce43818c400c2d)
s3:libads: Use a talloc_asprintf in ads_find_machine_acct()
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 35f3e4aed1f1c2ba1c8dc50921f238937f343357)
s3:libads: Cleanup error code paths in ads_create_machine_acct()
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 8ed993789f93624b7b60dd5314fe5472e69e903a)
s3:libnet: Require sealed LDAP SASL connections for joining
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit b84abb3a46211dc84e52ef95750627e4dd081f2f)
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 456322a61319a10aaedda5244488ea4e5aa5cb64)
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 320b5be4dce95d8dac4b3c0847faf5b730754a37)
Jeremy Allison [Thu, 3 Oct 2019 21:02:13 +0000 (14:02 -0700)]
s3: smbclient: Stop an SMB2-connection from blundering into SMB1-specific calls.
Fix in the same way this was done in SMBC_opendir_ctx() for libsmbclient.
This fix means the admin no longer has to remember to set 'min client protocol ='
when connecting to an SMB2-only server (MacOSX for example) and trying to
list shares.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit ea82bca8cef0d736305a7a40b3198fc55ea66af8)
This functionality was undone as part of "winbind: Restructure get_pwsid"
https://git.samba.org/?p=samba.git;a=commitdiff;h=bce19a6efe11980933531f0349c8f5212419366a
I think that this semantic change was accidential.
This patch undoes the semantic change and re-establishes the
functionality.
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Fri Sep 27 17:25:29 UTC 2019 on sn-devel-184
ID_TYPE_BOTH means that each user and group has two mappings, a uid and
gid. In addition the calls to getpwent, getpwuid, getgrent and getgrgid
always return some information, so that uid and gid can be mapped to a
name. Establish a test to verify that the expected information is
returned.
waf:replace: Do not link against libpthread if not necessary
On Linux we should avoid linking everything against libpthread. Symbols
used my most application are provided by glibc and code which deals with
threads has to explicitly link against libpthread. This avoids setting
LDFLAGS=-pthread globally.
pthreadpool: Only link pthreadpool against librt if we have to
This calls clock_gettime() which is available in glibc on Linux. If the
wscript in libreplace detected that librt is needed for clock_gettime()
we have to link against it.
fdatasync() and clock_gettime() are provided by glibc on Linux, so there
is no need to link against librt. Checks have been added so if there are
platforms which require it are still functional.
s3:libads: ads_krb5_chg_password() should always use the canonicalized principal
We should always use krb5_get_init_creds_opt_set_canonicalize()
and krb5_get_init_creds_opt_set_win2k() for heimdal
and expect the client principal to be changed.
There's no reason to have a different logic between MIT and Heimdal.
s4:auth: kinit_to_ccache() should always use the canonicalized principal
We should always use krb5_get_init_creds_opt_set_canonicalize()
and krb5_get_init_creds_opt_set_win2k() for heimdal
and expect the client principal to be changed.
There's no reason to have a different logic between MIT and Heimdal.
krb5_wrap: smb_krb5_kinit_password_ccache() should always use the canonicalized principal
We should always use krb5_get_init_creds_opt_set_canonicalize()
and krb5_get_init_creds_opt_set_win2k() for heimdal
and expect the client principal to be changed.
There's no reason to have a different logic between MIT and Heimdal.
s3:libads/kerberos: always use the canonicalized principal after kinit
We should always use krb5_get_init_creds_opt_set_canonicalize()
and krb5_get_init_creds_opt_set_win2k() for heimdal
and expect the client principal to be changed.
There's no reason to have a different logic between MIT and Heimdal.
s4:auth: use the correct client realm in gensec_gssapi_update_internal()
The function gensec_gssapi_client_creds() may call kinit and gets
a TGT for the user. The principal provided by the user may not
be canonicalized. The user may use 'given.last@example.com'
but that may be mapped to glast@AD.EXAMPLE.PRIVATE in the background.
It means we should use client_realm = AD.EXAMPLE.PRIVATE
instead of client_realm = EXAMPLE.COM
Noel Power [Thu, 8 Aug 2019 14:06:28 +0000 (15:06 +0100)]
s3/libads: clang: Fix Value stored to 'canon_princ' is never read
Fixes:
source3/libads/kerberos.c:192:2: warning: Value stored to 'canon_princ' is never read <--[clang]
canon_princ = me;
^ ~~
1 warning generated.
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
(cherry picked from commit 52d20087f620704549f5a5cdcbec79cb08a36290)
Signed-off-by: Bryan Mason <bmason@redhat.com> Reviewed-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Sep 18 12:31:11 UTC 2019 on sn-devel-184
Jeremy Allison [Mon, 26 Aug 2019 18:22:35 +0000 (11:22 -0700)]
s3/4: libsmbclient test. Test using smbc_telldir/smbc_lseekdir with smbc_readdir/smbc_readdirplus/smbc_getdents.
Ensure that for file access you can mix any of these
three access methods for directory entries and the
returned names/structs stay in sync across telldir/seekdir
changes.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Sep 3 17:31:29 UTC 2019 on sn-devel-184
projects / thirdparty / samba.git / log
