Stefan Metzmacher [Wed, 8 Jul 2020 08:15:56 +0000 (10:15 +0200)]
s3:smbd: avoid dereferencing client->connections
There're typically better ways to get the same information.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 8 Jul 2020 11:59:26 +0000 (13:59 +0200)]
s3:smbd: setup client->global->client_guid even without multichannel support
It's too confusing if client->global->client_guid and
client->connections->smb2.client.guid don't have the same value.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 2 Jun 2020 14:50:22 +0000 (16:50 +0200)]
s3:smbd: pass down smbXsrv_client to smbd_smb2_send_{oplock,lease}_break()
Which connection is actually used should not matter to the main logic.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 2 Jun 2020 14:33:23 +0000 (16:33 +0200)]
s3:smbd: pass smbXsrv_client to downgrade_lease()
This prepares for multichannel support, where breaks are not bound
to a single connection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 2 Jun 2020 14:43:43 +0000 (16:43 +0200)]
s3:smbd: add smbd_server_disconnect_client[_ex]()
With multichannel things may not happen only on one connection.
We may need to disconnect all connections of a client, when something
bad happens.
The first users of this will be the lease/oplock break code,
if they are not able allocate memory or something similar
we need to bail out.
Having a special smbXsrv_client based function is better than
calling exit_server*() directly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 19 May 2020 12:10:21 +0000 (14:10 +0200)]
s3:smbd: remove unused session,tcon parameters from smbd_smb2_send_oplock_break()
They are no longer used. However we'll make use of
op->compat->vuid in the next commits, as the session id should be part
of oplock breaks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 5 Jun 2020 18:12:57 +0000 (20:12 +0200)]
s3:smbd: pass down session_id to smbd_smb2_send_break()
Oplock break should contain a valid session id of the open file handle,
as file handles are relative to a session.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 19 May 2020 11:33:27 +0000 (13:33 +0200)]
s3:smbd: remove dead code from smbd_smb2_send_break()
Starting with commit
0a924d13cf4bb570cce3955cf0de9d8678b37dbe
("smbd: Send SMB2 oplock breaks unencrypted") we always passed in
session=NULL and tcon=NULL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 8 Jun 2020 13:03:30 +0000 (15:03 +0200)]
s4:torture/smb2: add smb2.multichannel.oplocks.test3{_windows,specification}
This is similar to the smb2.multichannel.leases.test5,
but it tests the oplock case instead of leases.
With Oplocks Windows only sends a single break on the latest channel,
this is not what the spec says...
Maybe we should have a similar test that would expect the
behavior from the [MS-SMB2] (3/4/2020 rev 60.0)
"3.3.4.6 Object Store Indicates an Oplock Break":
...
If the server implements the SMB 3.x dialect family, SMB2 Oplock Break
Notification MUST be sent to the client using the first available
connection in Open.Session.ChannelList where Channel.Connection is not
NULL. If the server fails to send the notification to the client, the
server MUST retry the send using an alternate connection, if available,
in Open.Session.ChannelList.
...
Here I add one test that demonstrates the Windows behavior:
smb2.multichannel.oplocks.test3_windows
and a 2nd test that demonstrates the behavior from MS-SMB2.
smb2.multichannel.oplocks.test3_specification
Note that Windows 10 seems to behave differently and it's not
possible to open all 32 channel used by this test.
Against remote servers it's required to run iptables as root:
#> smbtorture //server/torture -Uu%p \
--option="torture:use_iptables=yes" \
--option="torture:iptables_command=sudo /sbin/iptables" \
smb2.multichannel.oplocks.test3_windows
#> smbtorture //server/torture -Uu%p \
--option="torture:use_iptables=yes" \
--option="torture:iptables_command=sudo /sbin/iptables" \
smb2.multichannel.oplocks.test3_specification
The test will also work against a Samba server
with 'smbd:FSCTL_SMBTORTURE = yes', and won't require iptables
in that case.
Samba will get a "smb2 disable oplock break retry" configuration
option to switch between both behaviors, as it's much more common with Samba
that leases are not supported and clients will fallback to
oplocks together with multichannel.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 8 Jun 2020 13:03:30 +0000 (15:03 +0200)]
s4:torture/smb2: (re-)add smb2.multichannel.leases.test4
This tests 32 channels, which is the maximum Windows Server
versions support. (Note that Windows 10 (a Client OS as SMB server,
seems to support only 20 channels and may differ in other aspects,
so we ignore that for now).
This works at least against Windows Server 2019
and we see lease break notification retries every ~ 1.3 seconds
with ~ 5 TCP retransmissions. At that rate we see the remaining
5 retries after the conflicting SMB2 Create already returned.
Older Windows Server versions use much longer timeouts in the TCP-stack,
they send lease break notification retries less often and only 4 in
total, all other channels get TCP-RST packets because of missing
TCP keepalive packets before they're used.
The intervals between lease break notification retries are
~19 seconds for 2012[_R2] and ~25 seconds for 2016.
It means that only ~2 lease break notifications arrive before
the open returns after ~35 seconds.
Note that Windows 10 seems to behave differently and it's not
possible to open all 32 channel used by this test.
Against remote servers it's required to run iptables as root:
#> smbtorture //server/torture -Uu%p \
--option="torture:use_iptables=yes" \
--option="torture:iptables_command=sudo /sbin/iptables" \
smb2.multichannel.leases.test4
The test will also work against a Samba server
with 'smbd:FSCTL_SMBTORTURE = yes', and won't require iptables
in that case.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 23 Jun 2020 14:01:54 +0000 (16:01 +0200)]
s4:torture/smb2: remove useless 'smb2.multichannel.leases.test4'
Having a test that would only pass against Samba makes things way
to complex, they're already complex and we should try to behave
like windows as much as possible.
The next commit will add a better test that will work against Windows
Servers and the future Samba servers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 23 Jun 2020 10:38:49 +0000 (12:38 +0200)]
s4:torture/smb2: fix smb2.multichannel.leases.test2 against windows
We still receive the break on the blocked channel,
it's only the response ACKs, which we are blocking (or simulate to
block).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 22 Jun 2020 22:09:38 +0000 (00:09 +0200)]
s4:torture/smb2: split smb2.oplock.batch22 into a and b
batch22a tests the timeout on a valid connection
and batch22b tests the timeout on a broken/blocked connection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 22 Jun 2020 15:30:28 +0000 (17:30 +0200)]
s4:torture/smb2: move smb2_transport blocking to the generic block.[ch]
We may want to use this in other places too, not only multichannel.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 8 Jun 2020 14:33:45 +0000 (16:33 +0200)]
s4:torture/smb2: make use of FSCTL_SMBTORTURE_FORCE_UNACKED_TIMEOUT
This is a way to test without being able to use iptables.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 29 May 2020 16:18:12 +0000 (09:18 -0700)]
s4:torture/smb2: refactor block.c to block the OUTPUT path
In order to create useful tests, we should block the outgoing
tcp packets only. That means we're able to see incoming
break notifications, but prevent outgoing TCP ACKs to be delivered
to the server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 2 Jun 2020 12:52:07 +0000 (14:52 +0200)]
s4:torture/smb2: add break_info.oplock_skip_ack
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Günther Deschner [Thu, 26 Sep 2019 08:18:04 +0000 (10:18 +0200)]
s4:torture/smb2: move interface_info test to smb2.multichannel.generic
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 1 Jul 2020 16:37:44 +0000 (18:37 +0200)]
s4:torture/smb2: make use of transport_options.only_negprot for multichannel connections
This avoid useless session setups and tree connects on the wire.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Günther Deschner [Thu, 26 Sep 2019 08:18:33 +0000 (10:18 +0200)]
s4:torture/smb2: simplify code to generate list of smb2 channels
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 3 Jul 2020 09:56:19 +0000 (11:56 +0200)]
s4:torture/smb2: add const to options for test_multichannel_create_channel()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 3 Jul 2020 09:54:42 +0000 (11:54 +0200)]
s4:libcli/smb2: add const to struct smbcli_options *options for smb2_connect()
It will just be passed to smb2_connect_ext(), which already takes a
const pointer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 1 Jul 2020 16:27:40 +0000 (18:27 +0200)]
s4:libcli/smb2: allow smb2_connect*() to fake session and tcon
For multichannel connection we want a way to have just a connection
with a negprot finished.
For now we just fake a tcon and session in order to avoid changes in the
caller. We can clean that up later if needed.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Thu, 2 Jul 2020 11:25:43 +0000 (13:25 +0200)]
s4:param: use struct initializer in lpcfg_smbcli_session_options()
We should zero all fields not initialiazed explicitly.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Thu, 2 Jul 2020 11:25:43 +0000 (13:25 +0200)]
s4:param: use struct initializer in lpcfg_smbcli_options()
We should zero all fields not initialiazed explicitly.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 8 Jun 2020 14:33:45 +0000 (16:33 +0200)]
libcli/smb: define FSCTL_SMBTORTURE_FORCE_UNACKED_TIMEOUT
This will be used by smbtorture in order to simulate channel failures
without relying on iptables.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 3 Jun 2020 12:41:12 +0000 (14:41 +0200)]
s3:includes: change OPLOCK_BREAK_TIMEOUT from 30 to 35 seconds
This is what windows is using for normal oplock and lease breaks.
Note that windows uses higher values for persistent handles,
they use 60 seconds for oplocks and 180 seconds for leases.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Günther Deschner [Wed, 20 Sep 2017 18:21:49 +0000 (20:21 +0200)]
lib/util: allow to set TCP_USER_TIMEOUT socket option
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 14 May 2020 11:32:47 +0000 (13:32 +0200)]
s3:dbwrap_watch: avoid recursion into dbwrap_do_locked() from dbwrap_watched_do_locked_{storev,delete}()
This avoids a lot of overhead!
Using smbtorture3 //foo/bar -U% local-g-lock-ping-pong -o 500000
under valgrind --tool=callgrind...
This change replaces this:
6,877,542,529 PROGRAM TOTALS
590,000,773 lib/tdb/common/lock.c:tdb_lock_list
479,000,608 lib/tdb/common/lock.c:tdb_unlock
446,500,532 lib/tdb/common/io.c:tdb_read
364,000,824 lib/tdb/common/hash.c:tdb_jenkins_hash
285,000,532 lib/tdb/common/io.c:tdb_write
262,054,669 /x86_64/multiarch/memmove-vec-unaligned-erms.S:__memcpy_avx_unaligned_erms
206,500,496 lib/tdb/common/mutex.c:tdb_mutex_lock
193,000,176 lib/tdb/common/tdb.c:tdb_find
160,000,256 lib/talloc/talloc.c:_talloc_get_type_abort
148,500,297 lib/tdb/common/tdb.c:tdb_storev
140,000,196 lib/tdb/common/lock.c:tdb_lock
130,000,858 lib/util/debug.c:debuglevel_get_class
128,003,722 lib/talloc/talloc.c:_talloc_free
128,000,118 lib/tdb/common/tdb.c:tdb_parse_record
126,000,576 lib/tdb/common/lock.c:tdb_brlock.part.3
121,000,272 lib/tdb/common/mutex.c:tdb_mutex_unlock
118,000,225 /nptl/pthread_mutex_lock.c:__pthread_mutex_lock_full
112,750,222 lib/tdb/common/freelist.c:tdb_allocate_from_freelist
108,500,168 lib/tdb/common/io.c:tdb_ofs_read
102,500,000 lib/tdb/common/io.c:tdb_parse_data
by this:
5,706,522,398 PROGRAM TOTALS
434,000,617 lib/tdb/common/lock.c:tdb_lock_list
389,500,494 lib/tdb/common/io.c:tdb_read
359,000,488 lib/tdb/common/lock.c:tdb_unlock
285,000,532 lib/tdb/common/io.c:tdb_write
237,554,655 /x86_64/multiarch/memmove-vec-unaligned-erms.S:__memcpy_avx_unaligned_erms
208,000,668 lib/tdb/common/hash.c:tdb_jenkins_hash
206,500,496 lib/tdb/common/mutex.c:tdb_mutex_lock
160,000,256 lib/talloc/talloc.c:_talloc_get_type_abort
148,500,297 lib/tdb/common/tdb.c:tdb_storev
136,000,132 lib/tdb/common/tdb.c:tdb_find
130,000,858 lib/util/debug.c:debuglevel_get_class
126,000,576 lib/tdb/common/lock.c:tdb_brlock.part.3
121,000,272 lib/tdb/common/mutex.c:tdb_mutex_unlock
118,000,225 /nptl/pthread_mutex_lock.c:__pthread_mutex_lock_full
112,750,222 lib/tdb/common/freelist.c:tdb_allocate_from_freelist
112,000,168 lib/tdb/common/lock.c:tdb_lock
94,500,154 lib/tdb/common/io.c:tdb_ofs_read
94,000,188 /nptl/pthread_mutex_unlock.c:__pthread_mutex_unlock_full
86,000,086 lib/dbwrap/dbwrap.c:dbwrap_lock_order_lock
83,000,083 lib/dbwrap/dbwrap_tdb.c:db_tdb_do_locked
time smbtorture3 //foo/bar -U% local-g-lock-ping-pong -o
5000000
gives:
902834 locks/sec
real 0m11,103s
user 0m8,233s
sys 0m2,868s
vs.
1037262 locks/sec
real 0m9,685s
user 0m6,788s
sys 0m2,896s
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jul 8 11:02:39 UTC 2020 on sn-devel-184
Stefan Metzmacher [Tue, 7 Jul 2020 09:49:27 +0000 (11:49 +0200)]
s3:locking: convert share_mode_lock.c to generate_unique_u64()
Instead of a sequence number that gets incremented we just
need a value that's not reused.
The is a similar change like the commit before at the g_lock.c
layer.
I expect a similar performance improvement here, but
I don't know a specific benchmark test to check.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Tue, 19 May 2020 00:58:23 +0000 (02:58 +0200)]
s3:g_lock: avoid very expensive generate_random_buffer() in g_lock_parse()
We don't require a sequence number that is incremented,
we just need a value that's not reused.
We use the new generate_unique_u64(), which is much cheaper!
Using smbtorture3 //foo/bar -U% local-g-lock-ping-pong -o 500000
under valgrind --tool=callgrind...
This change replaces this:
13,129,925,659 PROGRAM TOTALS
4,125,752,958 ???:_nettle_sha256_compress [/usr/lib/x86_64-linux-gnu/libnettle.so.6.4]
1,257,005,866 ???:_nettle_aes_encrypt [/usr/lib/x86_64-linux-gnu/libnettle.so.6.4]
590,000,773 bin/default/../../lib/tdb/common/lock.c:tdb_lock_list
571,503,429 ???:_nettle_aes_set_key [/usr/lib/x86_64-linux-gnu/libnettle.so.6.4]
479,000,608 bin/default/../../lib/tdb/common/lock.c:tdb_unlock
...
by this:
6,877,826,377 PROGRAM TOTALS
590,000,773 bin/default/../../lib/tdb/common/lock.c:tdb_lock_list
479,000,608 bin/default/../../lib/tdb/common/lock.c:tdb_unlock
...
12,500,033 bin/default/../../lib/util/genrand_util.c:generate_unique_u64
...
8,996,970 ???:_nettle_sha256_compress [/usr/lib/x86_64-linux-gnu/libnettle.so.6.4]
time smbtorture3 //foo/bar -U% local-g-lock-ping-pong -o
5000000
gives:
537426 locks/sec
real 0m19,071s
user 0m15,061s
sys 0m3,999s
vs.
900956 locks/sec
real 0m11,155s
user 0m8,293s
sys 0m2,860s
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Tue, 9 Jun 2020 14:19:50 +0000 (16:19 +0200)]
lib/util: add generate_unique_u64() helper function
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Anubhav Rakshit [Sun, 7 Jun 2020 19:09:59 +0000 (00:39 +0530)]
s3:smbcacls: Add support for DFS path
smbcacls does not handle DFS paths correctly. This is beacuse once the
command encounters a path which returns STATUS_PATH_NOT_COVERED, it does
not attempt a GET REFERRAL.
We use cli_resolve_path API to perform a DFS path resolution to solve
the above problem.
Additionally this removes the known fail against smbcacls tests
Signed-off-by: Anubhav Rakshit <anubhav.rakshit@gmail.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 7 23:03:00 UTC 2020 on sn-devel-184
Noel Power [Thu, 2 Jul 2020 10:44:36 +0000 (11:44 +0100)]
selftest: run smbcacls test against a share with a DFS link
The commit creates a dfs link in existing 'fileserver' env
share msdfs_share. Additionally we create a new dfs target in
a new share (with associated directory)
Additionally add a known fail as smbcacls doesn't not yet navigate DFS links.
A subsequent commit will fix smcacls to handle DFS (and remove the
knownfail)
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Tue, 30 Jun 2020 17:03:42 +0000 (18:03 +0100)]
selftest: Add basic smbcacls test(s)
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Mon, 29 Jun 2020 10:49:33 +0000 (12:49 +0200)]
s4:rpc_server: Implement epmapper LookupHandleFree
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Samuel Cabrero <scabrero@samba.org>
Autobuild-Date(master): Tue Jul 7 13:43:14 UTC 2020 on sn-devel-184
Samuel Cabrero [Mon, 29 Jun 2020 10:46:50 +0000 (12:46 +0200)]
s4:torture: Do not skip epmapper lookup terminate test in samba4
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Samuel Cabrero [Mon, 29 Jun 2020 10:45:33 +0000 (12:45 +0200)]
selftest: Split samba4 epmapper expected failures into individual tests
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Sachin Prabhu [Fri, 26 Jun 2020 16:35:38 +0000 (16:35 +0000)]
s4:selftest: test for smbtorture subunit names with and without --fullname
We check the output with both --fullname and with the default shortname
to ensure it works as expected.
We also do tests for each level and test relative names are used.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Sachin Prabhu <sprabhu@redhat.com>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User((no branch)): Stefan Metzmacher <metze@samba.org>
Autobuild-Date((no branch)): Tue Jul 7 12:16:34 UTC 2020 on sn-devel-184
Sachin Prabhu [Thu, 25 Jun 2020 17:02:28 +0000 (18:02 +0100)]
s4:torture/local: Add new test to check smbtorture --fullname
Add new always pass test to test smbtorture --fullname.
Since we test the printing of the fullname of the test, the test is
placed at the bottom of several levels of test suites.
test : local.smbtorture.level1.level2.level3.always_pass
Signed-off-by: Sachin Prabhu <sprabhu@redhat.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Sachin Prabhu [Fri, 3 Jul 2020 12:17:43 +0000 (14:17 +0200)]
s4:torture: Add command line parameter --fullname
This argument is used to print out the the full name which includes the
name of the test suite.
For example, the name in the output for the test smb2.read.dir is "dir".
By using the --fullname parameter, the name used will be
"smb2.read.dir".
The default continues to be to use the shortname.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Sachin Prabhu <sprabhu@redhat.com>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 3 Jul 2020 13:58:38 +0000 (15:58 +0200)]
s4:torture: avoid multiple recursions into the test lists
torture_run_suite_restricted() and torture_run_tcase_restricted()
already handle recursion. If we call them from smbtorture
we should avoid our own recursion.
Without this passing 'smb2.multichannel.*' results in running
tests more than once.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 3 Jul 2020 13:53:18 +0000 (15:53 +0200)]
s4:torture: use prefix_name() for all names in run_matching()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 3 Jul 2020 13:40:31 +0000 (15:40 +0200)]
lib/torture: fix subunit names of nested suites
E.g. passing 'smb2.multichannel.generic' to smbtorture results in
- interface_info
- num_channels
While passing 'smb2.multichannel' to smbtorture results in:
- generic.interface_info
- genetic.num_channels
- oplocks.test1
...
- leases.test1
...
Before we got this:
- interface_info
- num_channels
- test1
...
- test1
That made it impossible to add knownfail entries for
leases.test1 vs. oplocks.test1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 3 Jul 2020 13:37:25 +0000 (15:37 +0200)]
lib/torture: add back links to the parent objects
This makes would allow the full name of a test to be constructed
if needed in future.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 3 Jul 2020 12:41:16 +0000 (14:41 +0200)]
lib/torture: make torture_subunit_test_name() public
This makes it easier to modify.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 3 Jul 2020 20:23:20 +0000 (22:23 +0200)]
selftest/Samba4: split out _setup_ad_dc()
setup_ad_dc() was used for more than 'ad_dc'.
Setting up 'ad_dc' means not all missing arguments are
passed as undef.
The following had no effect
if (!defined($conf_opts)) {
$conf_opts = "";
}
and $conf_opts results in a string of 'HASH(....)'
So we better pass explicit undef arguments from setup_ad_dc() to
_setup_ad_dc() now.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 29 May 2020 08:39:00 +0000 (01:39 -0700)]
s3:wscript: vfs_gpfs needs kernel oplock support
It uses symbols, which are only available if we have
HAVE_KERNEL_OPLOCKS_LINUX defined.
This is not the case when building withing the
Windows Subsystem for Liux (WSL). So we better don't try to
build the vfs_gpfs module there.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jul 7 09:37:37 UTC 2020 on sn-devel-184
Stefan Metzmacher [Mon, 6 Jul 2020 06:58:22 +0000 (08:58 +0200)]
s3:smbd: check for stale pid in delay_for_oplock_fn() when leases_db_get() fails
If leases_db_get() failed the leases_db record might have been cleaned up for
stale processes. Check if the share-mode-entry owner is stale in this case and
return ignore the entry. In any other case, log a debug messages and panic.
Commit
05d4466a6d1ad048fa86aea09ec0a56a7b961369
"smbd: check for stale pid in get_lease_type()" fixed only one half of
this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 7 02:47:46 UTC 2020 on sn-devel-184
Stefan Metzmacher [Mon, 6 Jul 2020 12:03:39 +0000 (14:03 +0200)]
s3:leases: log errors with level 0 in leases_db_do_locked_fn()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Douglas Bagnall [Wed, 22 May 2019 21:59:51 +0000 (09:59 +1200)]
dsdb/password_hash: don't double assign variables (CID
1363048,
1034720)
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jul 6 13:56:17 UTC 2020 on sn-devel-184
Douglas Bagnall [Tue, 14 May 2019 23:53:07 +0000 (11:53 +1200)]
pypidl: check the result of py_dcerpc_ndr_pointer_deref()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Douglas Bagnall [Tue, 14 May 2019 22:54:33 +0000 (10:54 +1200)]
policy/gp: always close a file (CID
1445119)
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Douglas Bagnall [Thu, 9 May 2019 22:26:54 +0000 (10:26 +1200)]
s4/winbind/idmap: check the right variable (CID
1272950)
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Thu, 2 Jul 2020 12:47:12 +0000 (14:47 +0200)]
smbd: check for stale pid in get_lease_type()
If leases_db_get() failed the leases_db record might have been cleaned up for
stale processes. Check if the share-mode-entry owner is stale in this case and
return a 0 lease state. In any other case, log a debug messages and panic.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jul 2 16:45:42 UTC 2020 on sn-devel-184
Ralph Boehme [Thu, 2 Jul 2020 12:45:59 +0000 (14:45 +0200)]
smbd: let get_lease_type() take a non-const share_mode_entry
We're going to add a call to share_entry_stale_pid(share_mode_entry) which takes
a non-const pointer (in order to eventually set e->state = true).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Thu, 2 Jul 2020 12:08:44 +0000 (14:08 +0200)]
smbd: inverse if/else logic in get_lease_type()
No change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Thu, 2 Jul 2020 12:10:05 +0000 (14:10 +0200)]
s3/leases: log NDR decoding failure with level 0 in leases_db_get_fn()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Thu, 2 Jul 2020 12:09:15 +0000 (14:09 +0200)]
smbd: increase loglevel when leases_db_del() with anything then NT_STATUS_NOT_FOUND
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 1 Jul 2020 07:38:58 +0000 (09:38 +0200)]
s3:smbd: make sure vfs_ChDir() always sets conn->cwd_fsp->fh->fd = AT_FDCWD
This is what all consumers of conn->cwd_fsp->fh->fd expect!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14427
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 2 Jul 2020 10:06:28 +0000 (12:06 +0200)]
s3:smbd: reformat if statement for caching in vfs_ChDir()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14427
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 2 Jul 2020 12:32:34 +0000 (14:32 +0200)]
s4:torture/smb2: add smb2.delete-on-close-perms.BUG14427
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14427
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andrew [Tue, 30 Jun 2020 10:54:06 +0000 (06:54 -0400)]
s3:winbind:idmap_ad - make failure to get attrnames for schema mode fatal
Add check for failure to resolve the OID array for the schema mode into
names.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14425
Signed-off-by: Andrew <awalker@ixsystems.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 30 Jun 2020 15:03:05 +0000 (17:03 +0200)]
lib/debug: set the correct default backend loglevel to MAX_DEBUG_LEVEL
This fixed a regression introduced by commit
c83ce5f4f99aef94530411ec82cc03e9935b352d for bug #14345.
The backend loglevel globally restricts logging of a particular backend. If this
value is smaller then any explicitly configured logging class, logging for this
class is skipped.
Eg, given the following logging config in smb.conf:
log level = 1 auth_json_audit:3@/var/log/samba/samba_auth_audit.log
the default class loglevel of 1 (dbgc_config[DBGC_ALL].loglevel) will be
assigned to the backend loglevel.
So even though the logging class auth_json_audit is configured at level 3, this
doesn't become effective as the file backend drops all log messages with a level
below 1.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14426
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jul 2 13:25:29 UTC 2020 on sn-devel-184
Ralph Boehme [Tue, 30 Jun 2020 15:02:07 +0000 (17:02 +0200)]
lib/debug: assert file backend
The debug file backend is a built-in default, if it's missing we're totally
screwed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14426
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Wed, 1 Jul 2020 14:10:17 +0000 (16:10 +0200)]
ldap_client: Make ldap_parse_basic_url() IPv6-address aware
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Jul 2 12:01:06 UTC 2020 on sn-devel-184
Volker Lendecke [Fri, 26 Jun 2020 06:31:30 +0000 (08:31 +0200)]
ldap_client: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Volker Lendecke [Thu, 25 Jun 2020 19:20:04 +0000 (21:20 +0200)]
ldap_client: Make ldap_parse_basic_url take care of ldapi as well
SUSV4's sscanf has the %m modifier, which allocates the right
amount. Remove those SMB_ASSERTS for string buffers.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Volker Lendecke [Thu, 25 Jun 2020 13:59:48 +0000 (15:59 +0200)]
pdb_dsdb: Fix typos
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Volker Lendecke [Wed, 24 Jun 2020 14:50:34 +0000 (16:50 +0200)]
ldb_ldap: Fix a memleak
Don't allocate a temporary value on a long-term context
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Gary Lockyer [Wed, 24 Jun 2020 02:27:08 +0000 (14:27 +1200)]
CVE-2020-14303: s4 nbt: fix busy loop on empty UDP packet
An empty UDP packet put the nbt server into a busy loop that consumes
100% of a cpu.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14417
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Thu Jul 2 10:26:24 UTC 2020 on sn-devel-184
Andrew Bartlett [Wed, 24 Jun 2020 23:59:54 +0000 (11:59 +1200)]
CVE-2020-14303 Ensure an empty packet will not DoS the NBT server
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Mon, 8 Jun 2020 04:32:14 +0000 (16:32 +1200)]
CVE-2020-10760 dsdb: Add tests for paged_results and VLV over the Global Catalog port
This should avoid a regression.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 5 Jun 2020 10:14:48 +0000 (22:14 +1200)]
CVE-2020-10760 dsdb: Ensure a proper talloc tree for saved controls
Otherwise a paged search on the GC port will fail as the ->data was
not kept around for the second page of searches.
An example command to produce this is
bin/ldbsearch --paged -H ldap://$SERVER:3268 -U$USERNAME%$PASSWORD
This shows up later in the partition module as:
ERROR: AddressSanitizer: heap-use-after-free on address 0x60b00151ef20 at pc 0x7fec3f801aac bp 0x7ffe8472c270 sp 0x7ffe8472c260
READ of size 4 at 0x60b00151ef20 thread T0 (ldap(0))
#0 0x7fec3f801aab in talloc_chunk_from_ptr ../../lib/talloc/talloc.c:526
#1 0x7fec3f801aab in __talloc_get_name ../../lib/talloc/talloc.c:1559
#2 0x7fec3f801aab in talloc_check_name ../../lib/talloc/talloc.c:1582
#3 0x7fec1b86b2e1 in partition_search ../../source4/dsdb/samdb/ldb_modules/partition.c:780
or
smb_panic_default: PANIC (pid 13287): Bad talloc magic value - unknown value
(from source4/dsdb/samdb/ldb_modules/partition.c:780)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14402
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 14 May 2020 22:52:45 +0000 (10:52 +1200)]
CVE-2020-10745: ndr/dns-utils: prepare for NBT compatibility
NBT has a funny thing where it sometimes needs to send a trailing dot as
part of the last component, because the string representation is a user
name. In DNS, "example.com", and "example.com." are the same, both
having three components ("example", "com", ""); in NBT, we want to treat
them differently, with the second form having the three components
("example", "com.", "").
This retains the logic of
e6e2ec0001fe3c010445e26cc0efddbc1f73416b.
Also DNS compression cannot be turned off for NBT.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Douglas Bagnall [Thu, 14 May 2020 12:06:08 +0000 (00:06 +1200)]
CVE-2020-10745: dns_util/push: forbid names longer than 255 bytes
As per RFC 1035.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Douglas Bagnall [Fri, 24 Apr 2020 23:10:18 +0000 (11:10 +1200)]
CVE-2020-10745: ndr_dns: do not allow consecutive dots
The empty subdomain component is reserved for the root domain, which we
should only (and always) see at the end of the list. That is, we expect
"example.com.", but never "example..com".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Douglas Bagnall [Fri, 24 Apr 2020 23:03:30 +0000 (11:03 +1200)]
CVE-2020-10745: ndr/dns_utils: correct a comment
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Douglas Bagnall [Fri, 24 Apr 2020 23:02:08 +0000 (11:02 +1200)]
CVE-2020-10745: ndr_dns: move ndr_push_dns_string core into sharable function
This is because ndr_nbt.c does almost exactly the same thing with
almost exactly the same code, and they both do it wrong. Soon they
will both be using the better version that this will become. Though in
this patch we just move the code, not fix it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Douglas Bagnall [Fri, 12 Jun 2020 02:26:38 +0000 (14:26 +1200)]
CVE-2020-10745: librpc/tests: cmocka tests of dns and ndr strings
These time the push and pull function in isolation.
Timing should be under 0.0001 seconds on even quite old hardware; we
assert it must be under 0.2 seconds.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Douglas Bagnall [Thu, 11 Jun 2020 05:38:51 +0000 (17:38 +1200)]
CVE-2020-10745: pytests: hand-rolled invalid dns/nbt packet tests
The client libraries don't allow us to make packets that are broken in
certain ways, so we need to construct them as byte strings.
These tests all fail at present, proving the server is rendered
unresponsive, which is the crux of CVE-2020-10745.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Gary Lockyer [Tue, 12 May 2020 22:56:56 +0000 (10:56 +1200)]
CVE-2020-10730: lib ldb: Check if ldb_lock_backend_callback called twice
Prevent use after free issues if ldb_lock_backend_callback is called
twice, usually due to ldb_module_done being called twice. This can happen if a
module ignores the return value from function a function that calls
ldb_module_done as part of it's error handling.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Mon, 18 May 2020 00:37:39 +0000 (12:37 +1200)]
CVE-2020-10730: s4 dsdb vlv_pagination: Prevent repeat call of ldb_module_done
Check the return code from vlv_results, if it is not LDB_SUCCESS
ldb_module_done has already been called, and SHOULD NOT be called again.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Mon, 18 May 2020 00:36:57 +0000 (12:36 +1200)]
CVE-2020-10730: s4 dsdb paged_results: Prevent repeat call of ldb_module_done
Check the return code from paged_results, if it is not LDB_SUCCESS
ldb_module_done has already been called, and SHOULD NOT be called again.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Wed, 6 May 2020 04:18:19 +0000 (16:18 +1200)]
CVE-2020-10730: dsdb: Ban the combination of paged_results and VLV
This (two different paging controls) makes no sense and fails against
Windows Server 1709.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Wed, 6 May 2020 05:05:30 +0000 (17:05 +1200)]
CVE-2020-10730: dsdb: Fix crash when vlv and paged_results are combined
The GUID is not returned in the DN for some reason in this (to be banned)
combination.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Wed, 6 May 2020 04:19:01 +0000 (16:19 +1200)]
CVE-2020-10730: selftest: Add test to show that VLV and paged_results are incompatible
As tested against Windows Server 1709
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Tue, 5 May 2020 04:34:11 +0000 (16:34 +1200)]
CVE-2020-10730: vlv: Another workaround for mixing ASQ and VLV
This is essentially an alternative patch, but without the correct
behaviour. Instead this just avoids a segfault.
Included in case we have something simialr again in
another module.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Tue, 5 May 2020 01:16:48 +0000 (13:16 +1200)]
CVE-2020-10730: selftest: Add test to confirm VLV interaction with ASQ
Tested against Windows 1709.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Tue, 5 May 2020 00:55:57 +0000 (12:55 +1200)]
CVE-2020-10730: vlv: Do not re-ASQ search the results of an ASQ search with VLV
This is a silly combination, but at least try and keep the results sensible
and avoid a double-dereference.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Tue, 5 May 2020 00:54:59 +0000 (12:54 +1200)]
CVE-2020-10730: vlv: Use strcmp(), not strncmp() checking the NULL terminated control OIDs
The end result is the same, as sizeof() includes the trailing NUL, but this
avoids having to think about that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Jeremy Allison [Tue, 30 Jun 2020 21:00:41 +0000 (14:00 -0700)]
s3: libsmb: Fix SMB2 client rename bug to a Windows server.
Fix bug where renaming to a target name of one
UCS2 character (name length 2 bytes) fails to
a Windows 10 SMB2 server.
The Windows 10 SMB2 server has a minimum length
for a SMB2_FILE_RENAME_INFORMATION buffer of
24 bytes. It returns NT_STATUS_INFO_LENGTH_MISMATCH
if the length is less. This isn't an alignment
issue as Windows client happily 2-byte align
for larget target name sizes. Also the Windows 10
SMB1 server doesn't have this restriction.
If the name length is too short, pad out with
zeros to 24 bytes.
Hard to add a test for this as we don't want to
add this silly restriction to the Samba server
as it would break all non-Windows clients.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14403
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jul 1 18:59:53 UTC 2020 on sn-devel-184
Andreas Schneider [Tue, 30 Jun 2020 15:12:17 +0000 (17:12 +0200)]
tls: Use NORMAL:-VERS-SSL3.0 as the default configuration
This seems to be really broken in GnuTLS and the documentation is also
not correct.
This partially reverts
53e3a959b958a3b099df6ecc5f6e294e96bd948e
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14408
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jul 1 14:56:33 UTC 2020 on sn-devel-184
Andrew Bartlett [Wed, 1 Jul 2020 02:31:54 +0000 (14:31 +1200)]
selftest: Run test of how userPassword / crypt() style passwords are stored in quicktest
This ensures that the crypt_r()/crypt_rn()/crypt() behaviour is tested in all
the samba-o3 builds and so is checked on RHEL7 in GitLab CI.
https://bugzilla.samba.org/show_bug.cgi?id=14424
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Andrew Bartlett [Wed, 1 Jul 2020 02:30:24 +0000 (14:30 +1200)]
selftest: Split samba.tests.samba_tool.user_virtualCryptSHA into GPG and not GPG parts
This allows the userPassword (not GPG) part of the test to run on hosts without
python3-gpg (eg RHEL7) while still testing the userPassword handling.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14424
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Andrew Bartlett [Wed, 1 Jul 2020 02:35:39 +0000 (14:35 +1200)]
dsdb: Allow "password hash userPassword schemes = CryptSHA256" to work on RHEL7
On RHEL7 crypt_r() will set errno. This is a problem because the implementation of crypt_r()
in RHEL8 and elsewhere in libcrypt will return non-NULL but set errno on failure.
The workaround is to use crypt_rn(), provided only by libcrypt, which will return NULL
on failure, and so avoid checking errno in the non-failure case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14424
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Isaac Boukris [Mon, 29 Jun 2020 08:42:09 +0000 (10:42 +0200)]
share_mode_lock.c: initialize out param
detected by covscan:
source3/locking/share_mode_lock.c:1563:6: warning: Branch condition evaluates to a garbage value
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Autobuild-User(master): Isaac Boukris <iboukris@samba.org>
Autobuild-Date(master): Tue Jun 30 09:42:33 UTC 2020 on sn-devel-184
Günther Deschner [Fri, 26 Jun 2020 08:35:13 +0000 (10:35 +0200)]
libgpo: only install group policy admx files when building as DC
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Tue Jun 30 07:51:48 UTC 2020 on sn-devel-184
Bjoern Jacke [Mon, 29 Jun 2020 12:00:46 +0000 (12:00 +0000)]
util: fix build on AIX by fixing the order of replace.h include
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14422
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Björn Jacke <bjacke@samba.org>
Autobuild-Date(master): Mon Jun 29 18:19:04 UTC 2020 on sn-devel-184
Stefan Metzmacher [Wed, 24 Jun 2020 16:01:46 +0000 (18:01 +0200)]
s3:smbd: fix the handling of the durable_v2_timeout
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jun 27 05:42:05 UTC 2020 on sn-devel-184