Andrew Bartlett [Mon, 2 Jul 2018 04:49:37 +0000 (16:49 +1200)]
dns_server: Be strict when constructing a LDB DN from an untrusted DNS name
This changes our DNS server to be much more careful when constructing DNS names
into LDB DN values.
This avoids a segfault deep in the LDB code if the ldb_dn_get_casefold() fails there.
A seperate patch will address that part of the issue, and a later patch
will re-work this code to use single API: ldb_dn_add_child_val(). This
is not squahed with this work because this patch does not rely on a new
LDB release, and so may be helpful for a backport.
Andrew Bartlett [Tue, 3 Jul 2018 03:21:07 +0000 (15:21 +1200)]
ldb: Release LDB 1.5.1
* New API ldb_dn_add_child_val() avoids passing untrusted input to
ldb_dn_add_child_fmt() (bug 13466)
* Free memory nearer to the allocation in calls made by ldbsearch
* Do not overwrite ldb_transaction_commit failure error messages
with a pointless del_transaction()
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 21 May 2018 03:25:33 +0000 (15:25 +1200)]
ldb_tdb: Remove pointless check of ldb_dn_is_valid()
If the DN is not valid the ltdb_search_dn1() will catch it with ldb_dn_validate() which
is the only safe way to check this. ldb_dn_is_valid() does not actually check, but instead
returns only the result of the previous checks, if there was one.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrej Gessel [Mon, 16 Jul 2018 09:43:22 +0000 (11:43 +0200)]
fix mem leak in ldbsearch
Signed-off-by: Andrej Gessel <Andrej.Gessel@janztec.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrej Gessel [Mon, 16 Jul 2018 09:39:05 +0000 (11:39 +0200)]
fix mem leak in ltdb_index_dn_base_dn and ltdb_search_indexed
Signed-off-by: Andrej Gessel <Andrej.Gessel@janztec.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joe Guo [Tue, 7 Aug 2018 04:45:16 +0000 (16:45 +1200)]
ldb: no need to call del_transaction in ldb_transaction_commit
No matter commit succeeded or failed, transation will be delete afterwards.
So there is no need to delete it here.
Aganst Samba this causes an `LDAP error 51 LDAP_BUSY` error when the transaction
fails, say while we try to add users to groups in large amount and
the original error is lost.
In Samba, the rootdse module fails early in the del part of the
start/end/del pattern, and in ldb_tdb and ldb_mdb a failed commit
always ends the transaction, even on failure.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 14 22:02:06 CEST 2018 on sn-devel-144
Timur I. Bakeyev [Mon, 13 Aug 2018 22:40:33 +0000 (10:40 +1200)]
ldb tests: fix assertion on wrong pointer
We are allocating msg02, but check in assertion msg01, which makes no
sense here.
Signed-off-by: Timur I. Bakeyev <timur@freebsd.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Tue Aug 14 17:02:38 CEST 2018 on sn-devel-144
Tim Beale [Wed, 1 Aug 2018 01:51:42 +0000 (13:51 +1200)]
CVE-2018-10919 tests: Add extra test for dirsync deleted object corner-case
The acl_read.c code contains a special case to allow dirsync to
work-around having insufficient access rights. We had a concern that
the dirsync module could leak sensitive information for deleted objects.
This patch adds a test-case to prove whether or not this is happening.
The new test case is similar to the existing dirsync test except:
- We make the confidential attribute also preserve-on-delete, so it
hangs around for deleted objcts. Because the attributes now persist
across test case runs, I've used a different attribute to normal.
(Technically, the dirsync search expressions are now specific enough
that the regular attribute could be used, but it would make things
quite fragile if someone tried to add a new test case).
- To handle searching for deleted objects, the search expressions are
now more complicated. Currently dirsync adds an extra-filter to the
'!' searches to exclude deleted objects, i.e. samaccountname matches
the test-objects AND the object is not deleted. We now extend this to
include deleted objects with lastKnownParent equal to the test OU.
The search expression matches either case so that we can use the same
expression throughout the test (regardless of whether the object is
deleted yet or not).
This test proves that the dirsync corner-case does not actually leak
sensitive information on Samba. This is due to a bug in the dirsync
code - when the buggy line is removed, this new test promptly fails.
Test also passes against Windows.
Tim Beale [Fri, 20 Jul 2018 03:42:36 +0000 (15:42 +1200)]
CVE-2018-10919 acl_read: Fix unauthorized attribute access via searches
A user that doesn't have access to view an attribute can still guess the
attribute's value via repeated LDAP searches. This affects confidential
attributes, as well as ACLs applied to an object/attribute to deny
access.
Currently the code will hide objects if the attribute filter contains an
attribute they are not authorized to see. However, the code still
returns objects as results if confidential attribute is in the search
expression itself, but not in the attribute filter.
To fix this problem we have to check the access rights on the attributes
in the search-tree, as well as the attributes returned in the message.
Points of note:
- I've preserved the existing dirsync logic (the dirsync module code
suppresses the result as long as the replPropertyMetaData attribute is
removed). However, there doesn't appear to be any test that highlights
that this functionality is required for dirsync.
- To avoid this fix breaking the acl.py tests, we need to still permit
searches like 'objectClass=*', even though we don't have Read Property
access rights for the objectClass attribute. The logic that Windows
uses does not appear to be clearly documented, so I've made a best
guess that seems to mirror Windows behaviour.
Tim Beale [Fri, 20 Jul 2018 01:01:00 +0000 (13:01 +1200)]
CVE-2018-10919 security: Fix checking of object-specific CONTROL_ACCESS rights
An 'Object Access Allowed' ACE that assigned 'Control Access' (CR)
rights to a specific attribute would not actually grant access.
What was happening was the remaining_access mask for the object_tree
nodes would be Read Property (RP) + Control Access (CR). The ACE mapped
to the schemaIDGUID for a given attribute, which would end up being a
child node in the tree. So the CR bit was cleared for a child node, but
not the rest of the tree. We would then check the user had the RP access
right, which it did. However, the RP right was cleared for another node
in the tree, which still had the CR bit set in its remaining_access
bitmap, so Samba would not grant access.
Generally, the remaining_access only ever has one bit set, which means
this isn't a problem normally. However, in the Control Access case there
are 2 separate bits being checked, i.e. RP + CR.
One option to fix this problem would be to clear the remaining_access
for the tree instead of just the node. However, the Windows spec is
actually pretty clear on this: if the ACE has a CR right present, then
you can stop any further access checks.
Tim Beale [Tue, 24 Jul 2018 22:08:34 +0000 (10:08 +1200)]
CVE-2018-10919 tests: Add test case for object visibility with limited rights
Currently Samba is a bit disclosive with LDB_OP_PRESENT (i.e.
attribute=*) searches compared to Windows.
All the acl.py tests are based on objectClass=* searches, where Windows
will happily tell a user about objects they have List Contents rights,
but not Read Property rights for. However, if you change the attribute
being searched for, suddenly the objects are no longer visible on
Windows (whereas they are on Samba).
This is a problem, because Samba can tell you about which objects have
confidential attributes, which in itself could be disclosive.
This patch adds a acl.py test-case that highlights this behaviour. The
test passes against Windows but fails against Samba.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Tim Beale [Mon, 9 Jul 2018 03:57:59 +0000 (15:57 +1200)]
CVE-2018-10919 tests: Add tests for guessing confidential attributes
Adds tests that assert that a confidential attribute cannot be guessed
by an unprivileged user through wildcard DB searches.
The tests basically consist of a set of DB searches/assertions that
get run for:
- basic searches against a confidential attribute
- confidential attributes that get overridden by giving access to the
user via an ACE (run against a variety of ACEs)
- protecting a non-confidential attribute via an ACL that denies read-
access (run against a variety of ACEs)
- querying confidential attributes via the dirsync controls
These tests all pass when run against a Windows Dc and all fail against
a Samba DC.
Tim Beale [Thu, 19 Jul 2018 04:03:36 +0000 (16:03 +1200)]
CVE-2018-10919 security: Move object-specific access checks into separate function
Object-specific access checks refer to a specific section of the
MS-ADTS, and the code closely matches the spec. We need to extend this
logic to properly handle the Control-Access Right (CR), so it makes
sense to split the logic out into its own function.
This patch just moves the code, and should not alter the logic (apart
from ading in the boolean grant_access return variable.
Andrew Bartlett [Mon, 21 May 2018 03:25:58 +0000 (15:25 +1200)]
CVE-2018-1140 ldb: Add tests for search add and rename with a bad dn= DN
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13374
Andrew Bartlett [Mon, 21 May 2018 03:23:53 +0000 (15:23 +1200)]
CVE-2018-1140 ldb_tdb: Check for DN validity in add, rename and search
This ensures we fail with a good error code before an eventual ldb_dn_get_casefold() which
would otherwise fail.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13374
Andrew Bartlett [Mon, 21 May 2018 03:20:26 +0000 (15:20 +1200)]
CVE-2018-1140 ldb_tdb: Ensure the dn in distinguishedName= is valid before use
ldb_dn_from_ldb_val() does not validate this untrusted input, so a later
call to ldb_dn_get_casefold() can fail if the input is not valid.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13374
Andrew Bartlett [Mon, 21 May 2018 02:50:50 +0000 (14:50 +1200)]
CVE-2018-1140 ldb: Check for ldb_dn_get_casefold() failure in ldb_sqlite
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13374
Andrej Gessel [Fri, 6 Apr 2018 16:18:33 +0000 (18:18 +0200)]
CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in ltdb_index_dn_attr()
Signed-off-by: Andrej Gessel <Andrej.Gessel@janztec.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13374
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Volker Lendecke [Mon, 13 Aug 2018 13:07:06 +0000 (15:07 +0200)]
g_lock: Simplify g_lock_trylock
While chasing a bug in g_lock (not in master) I saw some opportunity to
simplify g_lock_trylock a bit. This is array handling, and array
handling is just extremely error-prone. This *might* be a little less
efficient or large numbers of READ locks, but this remains to be
seen. For now, simplify the code.
First, we make two passes now: One to remove ourselves, and the other
one to search for conflicts. Mixing up both made it pretty hard for me
to follow the code.
Second, I've removed the _mylock and mylock pointer/struct logic and
replaced it with the "mylock.pid.pid != 0 ? &mylock : NULL" when calling
g_lock_store. To me, this focuses the logic whether to add ourselves in
one place instead of spreading it around in the whole routine.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Aug 14 11:42:10 CEST 2018 on sn-devel-144
Christof Schmitt [Fri, 10 Aug 2018 17:38:28 +0000 (10:38 -0700)]
selftest: Load time_audit and full_audit modules for all tests
Previously the only test was to load these modules to trigger the
smb_vfs_assert_all_fns check. As these modules just pass through the
calls, they can be loaded for all tests to ensure that the codepaths are
exercised. This would have found the problem in
smb_time_audit_offload_read_recv.
Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Aug 13 22:35:20 CEST 2018 on sn-devel-144
Pair-Programmed-With: Justin Stephenson <jstephen@redhat.com> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Justin Stephenson <jstephen@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Aug 11 04:43:15 CEST 2018 on sn-devel-144
s3:utils: Do not overflow the destination buffer in net_idmap_restore()
Found by covsan.
error[invalidScanfFormatWidth]: Width 128 given in format string (no. 2)
is larger than destination buffer 'sid_string[128]', use %127s to
prevent overflowing it.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 10 21:08:14 CEST 2018 on sn-devel-144
Anoop C S [Thu, 9 Aug 2018 06:58:41 +0000 (12:28 +0530)]
s3/libsmb: Explicitly set delete_on_close token for rmdir
The current implementation of `rmdir` hopes to get the directory deleted
on closing last open handle when FILE_DELETE_ON_CLOSE is set on it. But
for non-empty directories Windows doesn't error out during an open call.
Following that we internally refuse to set initial delete_on_close while
opening a non-empty directory. This prevents us from trying to delete
the directory when last open handle is closed.
Instead of relying on FILE_DELETE_ON_CLOSE during an open we explicitly
set delete_on_close token on directory handle once it is available. This
ensures that NT_STATUS_DIRECTORY_NOT_EMPTY is returned for `rmdir` on
non-empty directories while closing open directory handle.
Douglas Bagnall [Fri, 10 Aug 2018 04:11:58 +0000 (16:11 +1200)]
samba-tool drs showrepl tests: improve debugging for mystery error
Under some circumstances the samba-tool command is failing with no
stdout output at all, leaving few clues in the logs.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Fri Aug 10 09:27:03 CEST 2018 on sn-devel-144
Amitay Isaacs [Wed, 8 Aug 2018 09:44:38 +0000 (19:44 +1000)]
provision: Add support for BIND 9.12.x
Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Aug 10 05:36:19 CEST 2018 on sn-devel-144
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 10 02:43:33 CEST 2018 on sn-devel-144
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Aug 9 19:57:02 CEST 2018 on sn-devel-144
David Disseldorp [Fri, 20 Jul 2018 15:20:08 +0000 (17:20 +0200)]
ctdb: add expiry test for ctdb_mutex_ceph_rados_helper
Kill the ctdb_mutex_ceph_rados_helper with SIGKILL and then confirm
that the lock is automatically released following expiry.
Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Samuel Cabrero <scabrero@suse.de> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Thu Aug 9 16:26:36 CEST 2018 on sn-devel-144
David Disseldorp [Thu, 19 Jul 2018 09:55:23 +0000 (11:55 +0200)]
ctdb_mutex_ceph_rados_helper: fix deadlock via lock renewals
RADOS locks without expiry persist indefinitely. This results in CTDB
deadlock during failover if the recovery master dies unexpectedly, as
subsequently elected recovery master nodes can't obtain the recovery
lock.
Avoid deadlock by using a lock expiration time (10s by default), and
renewing it periodically.
this fixes a lexgrog parse error, the NAME subheader description
of the vfs_linux_xfs_sgid(8) manual was too long, this will shorten
the description and allow it to be correctly detected by mandb.
Signed-off-by: Justin Stephenson <jstephen@redhat.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 9 04:06:17 CEST 2018 on sn-devel-144
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Aug 8 23:10:22 CEST 2018 on sn-devel-144
Volker Lendecke [Wed, 8 Aug 2018 08:08:38 +0000 (10:08 +0200)]
libsmb: Fix CID 1438244 Unsigned compared against 0
ndr_size_dom_sid returns a size_t, so that can't be <0. Also, the only
case that ndr_size_dom_sid returns 0 is a NULL sid
pointer. ndr_size_dom_sid can reasonably be assumed to not overflow, the
number of sub-auths is a uint8. That times 4 plus 8 always fits into a
size_t.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
The eventlogadm binary needs write access to the registry which, by
default, is only possible as root.
https://bugzilla.samba.org/show_bug.cgi?id=13561
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 7 01:49:34 CEST 2018 on sn-devel-144
the destructor has no purpose anymore, therfore, remove it.
Signed-off-by: Swen Schillig <swen@vnet.ibm.com> Reviewed-by: Martin Schwenke <martin@meltin.net> Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon Aug 6 11:37:32 CEST 2018 on sn-devel-144
This is a selftest target built from a restored offline backup.
Other backup routines are modified to remove the assumption that every backup
requires server and credentials arguments, since offline backup doesn't
want them. Also, prepare_dc_testenv now returns the generated ctx so we can
run or re-run routines that require it later.
Signed-off-by: Aaron Haslett <aaron.haslett@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Mon Aug 6 08:45:19 CEST 2018 on sn-devel-144
netcmd: domain backup offline command - offline test with ldapcmp
This test checks that when you do an offline backup and restore or untar it,
the restored database is the same as the original. Test is repeated for
'mdb' and 'tdb' database backends.
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Tim Beale [Thu, 12 Jul 2018 02:34:56 +0000 (14:34 +1200)]
tests: New offline backup tests with tweaks to old online classes
Offline backups have a slightly different syntax, as they don't take the
server or user-creds parameters. In the untar case, the offline backup
will actually have the secrets present, so making asserting on this
more flexible.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Aaron Haslett [Tue, 26 Jun 2018 01:47:42 +0000 (13:47 +1200)]
netcmd: domain backup offline command
Unlike the existing 'domain backup online' command, this command allows an
admin to back up a local samba installation using the filesystem and the
tdbbackup tool instead of using remote protocols. It replaces samba_backup
as that tool does not handle sam.ldb and secrets.ldb correctly. Those two
databases need to have transactions started on them before their downstream
ldb and tdb files are backed up.
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Tim Beale [Thu, 12 Jul 2018 04:13:27 +0000 (16:13 +1200)]
netcmd: Improve domain backup targetdir checks
+ Added check that specified targetdir is actually a directory (if it
exists)
+ Deleted a redundant 'Creating targetdir' check that would never be hit
+ Move code into a separate function so we can reuse it for offline
backups (which take a different set of parameters, but still have a
targetdir)
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
tdb: test for readonly locks mode on tdbbackup command
Simple bash test for readonly locks on tdbbackup:
1. Running tdbbackup on a database with and without readonly locks enabled.
2. Dump both backups and original.
3. Check all three dumps match.
A binary sample_tdb.tdb file is included for the test because the existing
sample tdbs in lib/tdb/test are either corrupt or empty.
Signed-off-by: Aaron Haslett <aaron.haslett@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
The netcmd 'domain backup offline' command will use the tdbbackup tool but
require readonly locking of tdb databases, otherwise all database access would
be blocked during a backup. This patch adds the option. A backup script
should use this tool with the readonly locks option after taking a transaction
lock on the target database.
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Gary Lockyer [Thu, 2 Aug 2018 02:52:16 +0000 (14:52 +1200)]
dns scavenging: Add extra tests for custom filter
Add extra tests for the custom ldb filter used by the dns scavenging
code.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Aug 6 05:36:43 CEST 2018 on sn-devel-144
systemd: Only start smb when network interfaces are up
For smb, if the smb.conf contains explicit bindings to the network
interfaces, the service must wait till network interfaces are up,
otherwise the service won't be operational.
The 0e571054a61e commit and the BZ 13184 have fixed this for nmb and
samba, so do exactly the same here, for smb.
Signed-off-by: Oleksandr Natalenko <oleksandr@redhat.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Aug 3 17:28:52 CEST 2018 on sn-devel-144
Noel Power [Thu, 28 Jun 2018 15:04:24 +0000 (16:04 +0100)]
s3/utils: fix regression where specifying -Unetbios/root works
Usually you need to be root on a linux server to modify quotas. Even
with a linux server joined to a windows AD you could always log in as
local root with smbcquotas. However in recent builds this has changed.
This patch fixes this
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Tue Jul 31 19:45:59 CEST 2018 on sn-devel-144
Noel Power [Tue, 28 Feb 2017 11:36:47 +0000 (11:36 +0000)]
s3/smbd: Don't stat when doing a quota operation (as it's a fake file)
calling SMB_VFS_STAT on the quota fake file fails and caused
FS_INFO/FileFsControlInfo request to error out early, in turn stopped a
Win8.1 client from proceeding with quota queries.
Calling parse_user_quota_list with a NULL buffer can cause a panic, while
this shouldn't happen, I managed to trigger this with an early implementation
of SMB2 quota support in smbd which didn't pass back NT_STATUS_NO_MORE_ENTRIES
when handling a SMB2_0_INFO_QUOTA GETINFO message.
OTHOH the Windows client handled the same situation gracefully.
smb2_query_directory: make 'return true' explicit in smb2_query_directory_next_entry()
'return req' should do the same as 'return true' for a bool function,
it's implicitly expanded as 'return (req!=NULL)?true:false.
There's no point in that as 'req' is always a valid pointer.
This was most likely just a copy and paste bug.
So we make this explicit now and avoid that Coverity reports this:
CID 1438158: Null pointer dereferences (REVERSE_INULL)
Null-checking "req" suggests that it may be null, but it has already
been dereferenced on all paths leading to the check.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Jul 31 14:20:49 CEST 2018 on sn-devel-144
projects / thirdparty / samba.git / log
