Jamie McClymont [Tue, 19 Dec 2017 00:14:41 +0000 (13:14 +1300)]
autobuild: fix quoting of --restrict-tests
Currently, passing multiple tests causes those other than the first to be
passed to make, causing failures.
Signed-off-by: Jamie McClymont <jamiemcclymont@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Fri Jan 5 02:51:09 CET 2018 on sn-devel-144
Björn Jacke [Thu, 4 Jan 2018 11:55:26 +0000 (12:55 +0100)]
docs-xml: plain file URIs need three slashes
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Thu Jan 4 20:32:21 CET 2018 on sn-devel-144
Jeremy Allison [Wed, 3 Jan 2018 17:52:33 +0000 (09:52 -0800)]
s3: smbd: Use identical logic to test for kernel oplocks on a share.
Due to inconsistent use of lp_kernel_oplocks() we could miss kernel
oplocks being on/off in some of our oplock handling code, and thus
use the wrong logic.
Ensure all logic around koplocks and lp_kernel_oplocks() is consistent.
Volker Lendecke [Sun, 31 Dec 2017 10:02:45 +0000 (11:02 +0100)]
dns_server: Remove "max_payload" from dns_server
This would have to be retrieved from the interface type we have I guess.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jan 4 05:08:02 CET 2018 on sn-devel-144
Volker Lendecke [Fri, 29 Dec 2017 12:09:15 +0000 (13:09 +0100)]
ndr_dns: fix pushing unknown resource records
When pulling for example an RRSIG record, we end up with length!=0 *and*
unexpected.length != 0, but with an unknown rrec. We should be able to
marshall what we retrieved from the wire.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 28 Dec 2017 21:35:46 +0000 (22:35 +0100)]
libdns: dns/tcp client
Same signature as the UDP client in the same file. This opens and closes
the socket per request. In the future, we might want to create a
persistent TCP connection for our internal DNS server's forwarder. That
will require proper handling of in-flight requests. Something for
another day.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Jan 1 19:19:22 CET 2018 on sn-devel-144
Douglas Bagnall [Wed, 27 Dec 2017 22:45:49 +0000 (11:45 +1300)]
selftest: allow more time for tests
Maybe make test *should* run in under 4 hours, but it currently
doesn't.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Dec 29 02:48:59 CET 2017 on sn-devel-144
Douglas Bagnall [Mon, 18 Dec 2017 04:06:07 +0000 (17:06 +1300)]
samba-tool test: ensure `samba-tool help` works
We make sure the output is identical to `samba-tool --help` for the same
subcommands.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Dec 22 07:50:21 CET 2017 on sn-devel-144
Douglas Bagnall [Mon, 18 Dec 2017 03:54:07 +0000 (16:54 +1300)]
samba-tool: --help test, ensuring help tree coverage
`samba-tool [COMMAND] --help` will list sub-commands of COMMAND
(or top-level commands if COMMAND is omitted). This ensures that
`samba-tool COMMAND SUBCOMMAND --help` works for all the commands
found in the help tree.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Uri Simchoni [Thu, 21 Dec 2017 17:49:39 +0000 (19:49 +0200)]
selftest: pass location of perl executable from waf to test-envs
Many perl scripts in the codebase are executables with a
"/usr/bin/perl" shebang. Running them as executables is not
portable as some OS's have a different location for the perl
interpreter.
During the configuration process, waf finds the location of the perl
interpreter. Some or all invocations of perl scripts from within
test environment setup code are actually "$PERL <script>",
but since PERL env var is typically not set, this amounts to the
unportable "<script>", which invokes /usr/bin/perl.
This patch exports the location of perl as found by the configuration
process to the test environment, causing "$PERL <script>" to be
"<correct place of perl interpreter> <script>".
Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
s3:smb2_server: allow logoff, close, unlock, cancel and echo on expired sessions
Windows client at least doesn't have code to replay
a SMB2 Close after getting NETWORK_SESSION_EXPIRED,
which locks out a the client and generates an endless
loop around NT_STATUS_SHARING_VIOLATION.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Dec 21 23:28:42 CET 2017 on sn-devel-144
Uri Simchoni [Tue, 5 Dec 2017 18:56:49 +0000 (20:56 +0200)]
sysacls: change datatypes to 32 bits
The SMB_ACL_PERMSET_T and SMB_ACL_PERM_T were defined as
mode_t, which is 16-bits on some (non-Linux) systems. However,
pidl *always* encodes mode_t as uint32_t. That created a bug on
big-endian systems as sys_acl_get_permset() returns a SMB_ACL_PERMSET_T
pointer to an internal a_perm structure member defined in IDL as a mode_t,
which pidl turns into a uin32_t in the emitted header file.
Uri Simchoni [Tue, 5 Dec 2017 18:49:03 +0000 (20:49 +0200)]
pysmbd: fix use of sysacl API
Fix pysmbd to use the sysacl (POSIX ACL support) as intended, and
not assume too much about the inner structure and implementation
of the permissions in the sysacl API.
This will allow the inner structure to change in a following commit.
Andrew Bartlett [Wed, 20 Dec 2017 23:07:46 +0000 (12:07 +1300)]
samba-tool domain schemaupgrade: Avoid reindex after every hunk
This takes advantage of the fact that a single LDB operation is atomic
even inside our transaction and so we can retry it after updating the
schema.
This makes the smaba-tool domain schemaupgrade take 1m30s compared with 4m4s.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Thu Dec 21 08:28:51 CET 2017 on sn-devel-144
Garming Sam [Sun, 17 Dec 2017 23:45:02 +0000 (12:45 +1300)]
ldapcmp: Improve the difference checker of ldapcmp for 2012 R2
There are a number of new attributes which may be considered DNs.
Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Thu Dec 21 03:41:19 CET 2017 on sn-devel-144
Garming Sam [Tue, 12 Dec 2017 23:09:02 +0000 (12:09 +1300)]
forest_update: Allow the script to add the missing forest containers
Before we set the prep level higher in default provisions, we should add
these objects to the initial ldif (so that our initial ldif represents a
full 2008R2 domain which we build consistently on).
Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Fri, 24 Nov 2017 03:26:52 +0000 (16:26 +1300)]
Forest-Wide-Updates.md: Include the description of forest wide updates
This is sourced from the WindowsServerDocs repository on Github under an
MIT/CC 4.0 attribution license. A huge thanks is required for these
being provided and the work done in the process, as they mean a lot less
work for us to repeat.
Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
g_lock: fix cleanup of stale entries in g_lock_trylock()
g_lock_trylock() always incremented the counter 'i', even after cleaning a stale
entry at position 'i', which means it skipped checking for a conflict against
the new entry at position 'i'.
As result a process could get a write lock, while there're still
some read lock holders. Once we get into that problem, also more than
one write lock are possible.
Jamie McClymont [Fri, 8 Dec 2017 02:20:36 +0000 (15:20 +1300)]
selftest: replace global with explicit environment variables
This patch removes setting of NSS_WRAPPER and RESOLV_WRAPPER variables globally
in Samba3.pm (because setting them persistently/globally can create hidden
ordering dependencies). Instead, they are set on subprocesses as required, which
appears to be the following two places (aside from those places where they are
already set explicitly):
* calls to createuser in provision
* calls to wbinfo --ping-dc in wait_for_start
Signed-off-by: Jamie McClymont <jamiemcclymont@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Dec 20 08:50:26 CET 2017 on sn-devel-144
Jamie McClymont [Fri, 8 Dec 2017 01:47:09 +0000 (14:47 +1300)]
selftest: apply NSS_WRAPPER_HOSTNAME to child processes
Currently, Samba3.pm returns a value for NSS_WRAPPER_HOSTNAME in provision, but
selftest.pl does not apply it, so Samba3.pm /also/ sets it in its own
environment. This breaks a command like this:
make test TESTS="samba3.blackbox.smbclient_ntlm.plain samba3.rpc.samba3.netlogon"
... since samba3.blackbox.smbclient_ntlm.plain runs in an nt4_member env,
thereby setting ENV{NSS_WRAPPER_HOSTNAME} to the value for a member, and
samba3.rpc.samba3.netlogon depended on NSS_WRAPPER_HOSTNAME as a username (until
previous commit).
Signed-off-by: Jamie McClymont <jamiemcclymont@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jamie McClymont [Tue, 5 Dec 2017 23:49:48 +0000 (12:49 +1300)]
selftest: fix samba3.rpc.samba3.netlogon running after an nt4_member test
samba3.rpc.samba3.netlogon is using get_myname to find a username with which to
perform a join. This means that the test tries to join with the existing
localnt4dc2 user, which happens to work if get_myname is working
correctly (which it isn't -- see next commit about NSS_WRAPPER_HOSTNAME!)
This commit fixes a test run with, for example:
TESTS="samba3.blackbox.smbclient_ntlm.plain samba3.rpc.samba3.netlogon"
(given samba3.blackbox.smbclient_ntlm.plain is in the nt4_member env)
...which previously failed due to the combination of this and the
NSS_WRAPPER_HOSTNAME bug.
Signed-off-by: Jamie McClymont <jamiemcclymont@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Mon, 18 Dec 2017 03:22:01 +0000 (16:22 +1300)]
ldb: Intersect the index from SCOPE_ONELEVEL with the index for the search expression
This helps ensure we do not have to scan all objects at this level
which could be very many (one per DNS zone entry).
However, due to the O(n*m) behaviour in list_intersect() for older
databases, we only do this in the GUID index mode, leaving the behaviour
unchanged for existing callers that do not specify the GUID index mode.
NOTE WELL: the behaviour of disallowDNFilter is enforced
in the index code, so this fixes SCOPE_ONELEVEL to also
honour disallowDNFilter, hence the additional tests.
The change to select the SUBTREE index in the absense of
the ONELEVEL index enforces this.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Dec 20 04:21:51 CET 2017 on sn-devel-144
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Dec 19 11:24:29 CET 2017 on sn-devel-144
Andrew Bartlett [Thu, 14 Dec 2017 23:30:50 +0000 (12:30 +1300)]
dns_server: Do the exact match query first, then do the wildcard lookup
The wildcard lookup is SCOPE_ONELEVEL combined with an index on the name
attribute. This is not as efficient as a base DN lookup, so we try for
that first.
A not-found and wildcard response will still fall back to the ONELEVEL
index.
Christof Schmitt [Mon, 18 Dec 2017 19:54:40 +0000 (12:54 -0700)]
winbind: Fix backslash in format string
Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Dec 19 07:18:58 CET 2017 on sn-devel-144
The comparison result has been ignored, which is not good. Also remove
the "ldbsearch" command in the error branch which has not much sense.
The scripts needs to be run through test-tdb.sh, test-ldap.sh or
test-sqlite3.sh which I didn't realise before. Hence less changes are needed
and this is a reduced version of the patch published on the mailing list.
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date(master): Tue Dec 19 03:09:12 CET 2017 on sn-devel-144
Christof Schmitt [Fri, 15 Dec 2017 22:32:12 +0000 (15:32 -0700)]
vfs: Use static_decl_vfs in all VFS modules
Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Dec 18 13:32:00 CET 2017 on sn-devel-144
Gary Lockyer [Sun, 10 Dec 2017 21:03:45 +0000 (10:03 +1300)]
source4/lib/socket/socket_ip.c set socket close on exec
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Dec 18 08:49:57 CET 2017 on sn-devel-144
Gary Lockyer [Sun, 10 Dec 2017 20:58:59 +0000 (09:58 +1300)]
source3/winbindd/winbindd.c set socket close on exec
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Sun, 10 Dec 2017 20:57:04 +0000 (09:57 +1300)]
source3/utils/smbfilter.c set socket close on exec
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Sun, 10 Dec 2017 20:54:34 +0000 (09:54 +1300)]
source3/libsmb/unexpected.c set socket close on exec
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Sun, 10 Dec 2017 20:51:35 +0000 (09:51 +1300)]
source3/smbd/server.c set socket close on exec
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Sun, 10 Dec 2017 20:46:07 +0000 (09:46 +1300)]
source3/lib/server_prefork.c set socket close on exec
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Sun, 10 Dec 2017 20:39:43 +0000 (09:39 +1300)]
source3/rpc_server/rpc_server.c set socket close on exec
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Sun, 10 Dec 2017 20:37:28 +0000 (09:37 +1300)]
ctdb/tcp/tcp_connect.c set socket close on exec
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Sun, 10 Dec 2017 20:36:08 +0000 (09:36 +1300)]
ctdb/server/ctdb_daemon.c set socket close on exec
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Sun, 10 Dec 2017 20:31:33 +0000 (09:31 +1300)]
lib/async_req/async_sock.c set socket close on exec
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Sun, 10 Dec 2017 20:17:49 +0000 (09:17 +1300)]
lib/tevent/echo_server.c set socket close on exec
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Mon, 11 Dec 2017 21:49:05 +0000 (10:49 +1300)]
WHATSNEW: Encrypted secrets
Document the encrypted secrets feature in WHATSNEW.txt
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Dec 18 04:36:19 CET 2017 on sn-devel-144
Gary Lockyer [Thu, 14 Dec 2017 18:21:10 +0000 (07:21 +1300)]
dsdb encrypted secrets module
Encrypt the samba secret attributes on disk. This is intended to
mitigate the inadvertent disclosure of the sam.ldb file, and to mitigate
memory read attacks.
Currently the key file is stored in the same directory as sam.ldb but
this could be changed at a later date to use an HSM or similar mechanism
to protect the key.
Data is encrypted with AES 128 GCM. The encryption uses gnutls where
available and if it supports AES 128 GCM AEAD modes, otherwise nettle is
used.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Christof Schmitt [Wed, 13 Dec 2017 18:34:23 +0000 (11:34 -0700)]
smbd: Fix coredump on failing chdir during logoff
server_exit does an internal tree disconnect which requires a chdir to
the share directory. In case the file system encountered a problem and
the chdir call returns an error, this triggers a SERVER_EXIT_ABNORMAL
which in turn results in a panic and a coredump. As the log already
indicates the problem (chdir returned an error), avoid the
SERVER_EXIT_ABNORMAL in this case and not trigger a coredump.
Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Dec 16 01:56:06 CET 2017 on sn-devel-144
This module allow injecting errors in vfs calls. It only implements one
case (return ESTALE from chdir), but the idea is to extend this to more
vfs functions and more errors when needed.
projects / thirdparty / samba.git / log
