Noel Power [Tue, 14 Apr 2020 10:21:22 +0000 (11:21 +0100)]
s3/librpc/crypto: Fix double free with unresolved credential cache
We free gse_ctx->k5ctx but then free it again in the
talloc dtor. This patch just lets the talloc dtor handle
things and removes the extra krb5_free_context
Failed to resolve credential cache 'DIR:/run/user/1000/krb5cc'! (No credentials cache found)
==30762== Invalid read of size 8
==30762== at 0x108100F4: k5_os_free_context (in /usr/lib64/libkrb5.so.3.3)
==30762== by 0x107EA661: krb5_free_context (in /usr/lib64/libkrb5.so.3.3)
==30762== by 0x7945D2E: gse_context_destructor (gse.c:84)
==30762== by 0x645FB49: _tc_free_internal (talloc.c:1157)
==30762== by 0x645FEC5: _talloc_free_internal (talloc.c:1247)
==30762== by 0x646118D: _talloc_free (talloc.c:1789)
==30762== by 0x79462E4: gse_context_init (gse.c:241)
==30762== by 0x794636E: gse_init_client (gse.c:268)
==30762== by 0x7947602: gensec_gse_client_start (gse.c:786)
==30762== by 0xBC87A3A: gensec_start_mech (gensec_start.c:743)
==30762== by 0xBC87BC6: gensec_start_mech_by_ops (gensec_start.c:774)
==30762== by 0xBC8167F: gensec_spnego_client_negTokenInit_step (spnego.c:633)
==30762== Address 0x17259928 is 40 bytes inside a block of size 496 free'd
==30762== at 0x4C2F50B: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==30762== by 0x79462CA: gse_context_init (gse.c:238)
==30762== by 0x794636E: gse_init_client (gse.c:268)
==30762== by 0x7947602: gensec_gse_client_start (gse.c:786)
==30762== by 0xBC87A3A: gensec_start_mech (gensec_start.c:743)
==30762== by 0xBC87BC6: gensec_start_mech_by_ops (gensec_start.c:774)
==30762== by 0xBC8167F: gensec_spnego_client_negTokenInit_step (spnego.c:633)
==30762== by 0xBC813E2: gensec_spnego_client_negTokenInit_start (spnego.c:537)
==30762== by 0xBC84084: gensec_spnego_update_pre (spnego.c:1943)
==30762== by 0xBC83AE5: gensec_spnego_update_send (spnego.c:1741)
==30762== by 0xBC85622: gensec_update_send (gensec.c:449)
==30762== by 0x551BFD0: cli_session_setup_gensec_local_next (cliconnect.c:997)
==30762== Block was alloc'd at
==30762== at 0x4C306B5: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==30762== by 0x107EA7AE: krb5_init_context_profile (in /usr/lib64/libkrb5.so.3.3)
==30762== by 0xB853215: smb_krb5_init_context_common (krb5_samba.c:3597)
==30762== by 0x794615B: gse_context_init (gse.c:209)
==30762== by 0x794636E: gse_init_client (gse.c:268)
==30762== by 0x7947602: gensec_gse_client_start (gse.c:786)
==30762== by 0xBC87A3A: gensec_start_mech (gensec_start.c:743)
==30762== by 0xBC87BC6: gensec_start_mech_by_ops (gensec_start.c:774)
==30762== by 0xBC8167F: gensec_spnego_client_negTokenInit_step (spnego.c:633)
==30762== by 0xBC813E2: gensec_spnego_client_negTokenInit_start (spnego.c:537)
==30762== by 0xBC84084: gensec_spnego_update_pre (spnego.c:1943)
==30762== by 0xBC83AE5: gensec_spnego_update_send (spnego.c:1741)
==30762==
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14344 Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Tue Apr 14 22:55:51 UTC 2020 on sn-devel-184
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Apr 11 12:24:00 UTC 2020 on sn-devel-184
Jeremy Allison [Tue, 7 Apr 2020 16:58:08 +0000 (09:58 -0700)]
Update WHATSNEW.txt to explain the vfs_widelinks module addition.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Apr 9 21:21:46 UTC 2020 on sn-devel-184
Jeremy Allison [Tue, 7 Apr 2020 00:41:42 +0000 (17:41 -0700)]
s3: smbd: Reformatting - fix indentation in check_reduced_name().
Now we removed the lp_widelinks() clause we
left an extra {..} level of indirection. Just
reformat to remove it and update to modern
DBG_ macros. No logic changes
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 7 Apr 2020 00:24:10 +0000 (17:24 -0700)]
s3: smbd: VFS: Add custom initialization for vfs_widelinks.
As the widelinks logic is now moving into a
vfs_widelinks module, we need to custom load
it after the default module is initialized.
That way no changes to smb.conf files are
needed.
We may revisit this for Samba 5.0 and force
people to change their smb.conf files and
explicitly load this as a vfs module if they
want the insecure widelinks behavior.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Samuel Cabrero [Mon, 18 Nov 2019 13:01:52 +0000 (14:01 +0100)]
s3:rpc_server: Improve local dispatching
Craft core structures to dispatch local calls in the same way as remote
ones, removing the special handling in the autogenerated code.
This is also necessary to drop s3 rpc handles implementation.
Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Apr 8 22:23:05 UTC 2020 on sn-devel-184
Volker Lendecke [Thu, 26 Mar 2020 11:29:13 +0000 (12:29 +0100)]
libsmb: Pass "struct timespec" to SMBC_setatr()
Prepare to set higher-precision timestamps. No change in behaviour so
far: The {.tv_nsec=SAMBA_UTIME_OMIT} implicitly sets .tv_sec=0, and
SMBC_setatr() only looks at .tv_sec
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Gary Lockyer [Tue, 31 Mar 2020 19:22:08 +0000 (08:22 +1300)]
lib ldb: lmdb init var before calling mdb_reader_check
Initilalise "stale" to zero before passing a pointer to it to
mdb_reader_check.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Apr 7 12:29:00 UTC 2020 on sn-devel-184
Martin Schwenke [Thu, 2 Apr 2020 03:42:21 +0000 (14:42 +1100)]
ctdb-vacuum: Reschedule vacuum event if VacuumInterval has increased
The vacuuming integration tests set VacuumInterval to a very high
number to avoid vacuuming collisions. This is done after the cluster
is healthy, so Samba will have already been started and vacuuming will
already be scheduled *at the default interval* for databases attached
by Samba. This means that vacuuming controls used by vacuuming tests
can still collide with the scheduled vacuuming events.
Add some logic to reschedule a vacuuming event that has fired but
where VacuumInterval has increased since it was originally scheduled.
The increase in VacuumInterval is used as the time offset for
rescheduling the event.
Although this changes production behaviour for the convenience of
testing, the new behaviour is completely reasonable and obeys the
principle of least surprise.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Tue Apr 7 03:04:57 UTC 2020 on sn-devel-184
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Apr 6 19:09:53 UTC 2020 on sn-devel-184
This fixes strict aliasing which leads to segfaults on certain
architectures, e.g. armv7hl.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Autobuild-User(master): Samuel Cabrero <scabrero@samba.org>
Autobuild-Date(master): Mon Apr 6 17:34:53 UTC 2020 on sn-devel-184
Ralph Boehme [Mon, 6 Apr 2020 09:03:13 +0000 (11:03 +0200)]
selftest: add two more nbt.dgram flapping tests
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Apr 6 10:43:18 UTC 2020 on sn-devel-184
Noel Power [Fri, 3 Apr 2020 15:05:37 +0000 (16:05 +0100)]
selftest/flapping: mark samba3.nbt.dgram.netlogon.* as flapping
Post SMB1/SMB2 test env split to help in removing smb1
samba3.nbt.dgram.netlogon* fails randomly. It is unrelated as far
as we can see to the changes but must be a side affect of runtime
order or some such.
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Sat Apr 4 01:12:05 UTC 2020 on sn-devel-184
Ralph Boehme [Fri, 3 Apr 2020 07:48:58 +0000 (09:48 +0200)]
smbd: move files_struct.lock_failure_seen to a bitfield
Updated comment in vfs.h explaining ABI change.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Apr 3 20:41:34 UTC 2020 on sn-devel-184
Noel Power [Thu, 5 Mar 2020 11:46:37 +0000 (11:46 +0000)]
selftest: Add list of tests to be ported
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Apr 3 16:45:48 UTC 2020 on sn-devel-184
Noel Power [Fri, 6 Dec 2019 07:50:24 +0000 (07:50 +0000)]
selftest: Create instructions for generating skip file entries
create_smb1_fail_skipfile.txt provides both
+ instructions
+ patch to perform the pre-requisite steps to be able to
modify the environment and parse test output
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Ralph Boehme <slow@samba.org>
Add known fail for samba3.blackbox.smbclient_basic.NT1.smbclient
which fails against nt4_schannel (because it doesn't support
SMB1)
Additionally since we don't have plans to create a nt4_schannel_smb1
test env provide additional coverage by running this test against
nt4_dc_smb1 (which still support SMB1)
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Ralph Boehme <slow@samba.org>
This test fails for admember & chgdcpass test envs because they
don't support SMB1
Note: There is some coverage for this test with other test envs e.g.
s4member, ad_dc_ntvfs & others
Additionally IIUC this test seems to be for testing smbclient4
(if this assumption is incorrect then we could substitute with
smbclient(s3)) However, for the moment it seems best to disable this
test as smbclient4 doesn't support SMB1 and we have sufficient coverage
with other SMB1 supporting envs
Also remove associated entries from skip_smb1_fail
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Ralph Boehme <slow@samba.org>
Noel Power [Thu, 19 Dec 2019 18:10:02 +0000 (18:10 +0000)]
selftest/knownfail.d: Add entries for samba3.unix.whoami
samba3.unix.whoami depends of posix extensions which
currently only work with SMB1. These tests fail with
environments nt4_member & ad_member. We currently don't
have plans to provide '_smb1' variants of these environments.
So in addition to adding the knownfail we add some
coverage by running this test with test env ad_dc_smb1.
Also we remove the associated entries from skip_smb1_fail
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Ralph Boehme <slow@samba.org>
samba3.blackbox.smbclient_s3.NT1.plain &
samba3.blackbox.smbclient_s3.NT1.sign tests will fail running against
test envs ad_member & nt4_member (because those envs don't support SMB1)
However we do have some coverage with nt4_dc_smb1_done
We could maybe just delete these tests for those environments for
the moment just create specific knownfail entries and remove associated
entries from skip_smb1_fail
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Ralph Boehme <slow@samba.org>
samba3.blackbox.smbclient_auth.plain will fail against
ad_member & nt4_member (because these envs don't
support SMB1) so we don't run these tests where either
'LANMAN2' or 'NT1' are in the options, in these cases
to get coverage so we use nt4_dc_smb1
Creating new envs for such a small amount of strictly SMB1 tests anyway
seems overkill. For the moment just create specific knownfail entries
and remove the associated entries from skip_smb1_fail
Signed-off-by: Noel Power <npower@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
projects / thirdparty / samba.git / log
