Jule Anger [Mon, 20 Sep 2021 07:32:11 +0000 (09:32 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.15.0 release.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Mon, 20 Sep 2021 07:31:42 +0000 (09:31 +0200)]
WHATSNEW: Add release notes for Samba 4.15.0.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Mon, 13 Sep 2021 13:37:43 +0000 (15:37 +0200)]
VERSION: Bump version up to Samba 4.15.0rc8...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Mon, 13 Sep 2021 13:36:56 +0000 (15:36 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.15.0rc7 release.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Mon, 13 Sep 2021 13:35:52 +0000 (15:35 +0200)]
WHATSNEW: Add release notes for Samba 4.15.0rc7.
Signed-off-by: Jule Anger <janger@samba.org>
Martin Schwenke [Fri, 9 Jul 2021 07:25:32 +0000 (17:25 +1000)]
ctdb-daemon: Don't mark a node as unhealthy when connecting to it
Remote nodes are already initialised as UNHEALTHY when the node list
is initialised at startup (ctdb_load_nodes_file() calls
convert_node_map_to_list()) and when disconnected (ctdb_node_dead()).
So, drop this code.
RN: Fix CTDB flag/status update race conditions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Thu Sep 9 02:38:34 UTC 2021 on sn-devel-184
(cherry picked from commit
9e7d2d9794af7251c42cb22f23ee9f86c6ea05c1)
Autobuild-User(v4-15-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-15-test): Mon Sep 13 12:33:53 UTC 2021 on sn-devel-184
Martin Schwenke [Tue, 27 Jul 2021 05:50:54 +0000 (15:50 +1000)]
ctdb-daemon: Ignore flag changes for disconnected nodes
If this node is not connected to a node then we shouldn't know
anything about it. The state will be pushed later by the recovery
master.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784
Signed-off-by: Martin Schwenke <martin@meltin.net>
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
7f697b1938efb3972f03f25546bf807d5af9a26c)
Martin Schwenke [Thu, 8 Jul 2021 01:11:11 +0000 (11:11 +1000)]
ctdb-daemon: Simplify ctdb_control_modflags()
Now that there are separate disable/enable controls used by the ctdb
tool this control can ignore any flag updates for the current nodes.
These only come from the recovery master, which depends on being able
to fetch flags for all nodes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
ae10a8a4b70e53ea3be6257d1f86f2d9a56aa62a)
Martin Schwenke [Wed, 17 Jan 2018 08:04:34 +0000 (19:04 +1100)]
ctdb-recoverd: Mark CTDB_SRVID_SET_NODE_FLAGS obsolete
CTDB_SRVID_SET_NODE_FLAGS is no longer sent so drop monitor_handler()
and replace with srvid_not_implemented(). Mark the SRVID obsolete in
its comment.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
916c5ee131dc5c7f1d9c3540147d1f915c8302ad)
Martin Schwenke [Thu, 8 Jul 2021 01:32:20 +0000 (11:32 +1000)]
ctdb-daemon: Don't bother sending CTDB_SRVID_SET_NODE_FLAGS
The code that handles this message is
ctdb_recoverd.c:monitor_handler(). Although it appears to do
something potentially useful, it only logs the flags changes. All
changes made are to local structures - there are no actual
side-effects.
It used to trigger a takeover run when the DISABLED flag changed.
This was dropped back in commit
662f06de9fdce7b1bc1772a4fbe43de271564917.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
e75256767fffc6a7ac0b97e58737a39c63c8b187)
Martin Schwenke [Thu, 8 Jul 2021 01:34:49 +0000 (11:34 +1000)]
ctdb-daemon: Modernise remaining debug macro in this function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
0132bd5a2233193256af434a37506f86ed62c075)
Martin Schwenke [Thu, 8 Jul 2021 01:29:38 +0000 (11:29 +1000)]
ctdb-daemon: Update logging for flag changes
When flags change, promote the message to NOTICE level and switch the
message to the style that is currently generated by
ctdb-recoverd.c:monitor_handler(). This will allow monitor_handler()
to go away in future.
Drop logging when flags do not change. The recovery master now logs
when it pushes flags for a node, so the lack of a corresponding
"changed flags" message here indicates that no update was required.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
b6d25d079e30919457cacbfbbfd670bf88295a9c)
Martin Schwenke [Fri, 9 Jul 2021 05:13:49 +0000 (15:13 +1000)]
ctdb-daemon: Correct the condition for logging unchanged flags
Don't trust the old flags from the recovery master.
Surrounding code will change in future comments, including the use of
old-style debug macros, so just make this change clear.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
eec44e286250a6ee7b5c42d85d632bdc300a409f)
Martin Schwenke [Fri, 9 Jul 2021 04:37:19 +0000 (14:37 +1000)]
ctdb-tools: Use disable and enable controls in tool
Note that there a change from broadcast to a directed control here.
This is OK because the recovery master will push flags if any nodes
disagree with the canonical flags fetched from a node.
Static function ctdb_ctrl_modflags() is no longer used to drop it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
5914054698dab934fd4db5efb9d211b2fdc40bb9)
Martin Schwenke [Fri, 9 Jul 2021 04:32:12 +0000 (14:32 +1000)]
ctdb-client: Add client code for disable/enable controls
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
6fe6a54e7f32e650be6ab36041159081dbde5165)
Martin Schwenke [Fri, 9 Jul 2021 04:12:59 +0000 (14:12 +1000)]
ctdb_daemon: Implement controls DISABLE_NODE/ENABLE_NODE
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
15a6489c288b3adb635a728cb2049621ab1a07f7)
Martin Schwenke [Fri, 9 Jul 2021 04:02:28 +0000 (14:02 +1000)]
ctdb-daemon: Start as disabled means PERMANENTLY_DISABLED
DISABLED is UNHEALTHY | PERMANENTLY_DISABLED, which is not what is
intended here. Luckily, it doesn't do any harm because nodes are
marked unhealthy at startup anyway.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
60c1ef146538d90f97b7823459f7548ca5fa6dd3)
Martin Schwenke [Fri, 9 Jul 2021 04:01:33 +0000 (14:01 +1000)]
ctdb-daemon: Factor out a function to get node structure from PNN
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
1ac7bc7532b2fad791d0e53effa7c64cdc73c4eb)
Martin Schwenke [Wed, 28 Jul 2021 00:27:42 +0000 (10:27 +1000)]
ctdb-daemon: Add a helper variable
Simplifies a subsequent change.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
e0a7b5a9e866452b1faaed86a105492fe7b237e2)
Martin Schwenke [Fri, 9 Jul 2021 02:10:12 +0000 (12:10 +1000)]
ctdb-protocol: Add marshalling for controls DISABLE_NODE/ENABLE_NODE
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
6845dca87e6ffc5e449fb78d23eb9c7a22698b80)
Martin Schwenke [Thu, 8 Jul 2021 07:28:20 +0000 (17:28 +1000)]
ctdb-protocol: Add new controls to disable and enable nodes
These are CTDB_CONTROL_DISABLE_NODE and CTDB_CONTROL_ENABLE_NODE.
For consistency these match CTDB_CONTROL_STOP_NODE and
CTDB_CONTROL_CONTINUE_NODE. It would be possible to add a single
control but it would need to take data.
The aim is to finally fix races in flag handling. Previous fixes have
improved the situation but they have only narrowed the race window.
The problem is that the recovery daemon on the master node pushes
flags to nodes the same way that disable and enable are implemented.
So the following sequence is still racy:
1. Node A is disabled
2. Recovery master pulls flags from all nodes including A
3. Node A is enabled
4. Recovery master notices A is disabled and pushes a flag update to
all nodes including node A
5. Node A is erroneously marked disabled
Node A can not tell if the MODIFY_FLAGS control is from a "ctdb
disable" command or a flag update from the recovery master.
The solution is to use a different mechanism for disable/enable and
for a node to ignore MODIFY_FLAGS controls for their own flags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
49dc5d8cd2d3767044ac69cbd25c8210d11cadf7)
Martin Schwenke [Sun, 11 Jul 2021 12:17:08 +0000 (22:17 +1000)]
ctdb-recoverd: Push flags for a node if any remote node disagrees
This will usually happen if flags on the node in question change, so
keeping the code simple and pushing to all nodes won't hurt. When all
nodes come up there might be differences in connected nodes, causing
such "fix ups". Receiving nodes will ignore no-op pushes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
8305f6a7f132f03b0bbdb26692b7491fd3f6c24f)
Martin Schwenke [Sun, 11 Jul 2021 11:28:43 +0000 (21:28 +1000)]
ctdb-recoverd: Update the local node map before pushing out flags
The resulting code structure looks a little weird. However, there is
another condition that requires the flags to be pushed that will be
inserted before the continue statement in a subsequent commit..
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
620d07871420cdbfa055c1ace75ec1ac4c32721d)
Martin Schwenke [Sun, 11 Jul 2021 10:40:10 +0000 (20:40 +1000)]
ctdb-recoverd: Add a helper variable
Improves readability and simplifies subsequent changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14784
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
82a075d4d734588a42fca7ebaf529892d1eba853)
Ralph Boehme [Mon, 13 Sep 2021 05:51:41 +0000 (07:51 +0200)]
WHATSNEW: The New VFS
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(v4-15-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-15-test): Mon Sep 13 08:51:05 UTC 2021 on sn-devel-184
Alex Richardson [Fri, 5 Oct 2018 08:35:40 +0000 (09:35 +0100)]
Don't use sysconf(_SC_NGROUPS_MAX) on macOS for getgroups()
On MacOS sysconf(_SC_NGROUPS_MAX) always returns 16. However, this is not
the value used by getgroups(2). MacOS uses nested groups but getgroups(2)
will return the flattened list which can easily exceed 16 groups. In my
testing getgroups() already returns 16 groups on a freshly installed
system. And on a 10.14 system the root user is in more than 16 groups by
default which makes it impossible to run smbd without this change.
Setting _DARWIN_UNLIMITED_GETGROUPS allows getgroups() to return more than
16 groups. This also changes set_unix_security_ctx() to only set up to
16 groups since that is the limit for initgroups() according to the manpage.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8773
Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Sep 9 17:43:19 UTC 2021 on sn-devel-184
(cherry picked from commit
2c18a982537ea1a62e4d802c9ae0ef06b36158dc)
Ralph Boehme [Sat, 11 Sep 2021 10:33:37 +0000 (12:33 +0200)]
smbd: fix "ea support = no"
Introduced by
de83946311d8c1f007c236751280e9f101cc3a29.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14829
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Sep 11 21:48:01 UTC 2021 on sn-devel-184
(cherry picked from commit
926db374a615e88003c99a476f45981beb30f8cf)
Ralph Boehme [Fri, 10 Sep 2021 16:15:25 +0000 (18:15 +0200)]
WHATSNEW: unknown options now trigger an error in all tools
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 9 Sep 2021 09:13:21 +0000 (11:13 +0200)]
WHATSNEW: clarify the -e and -s handling for ldb tools
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Fri, 10 Sep 2021 05:27:51 +0000 (07:27 +0200)]
s4/torture/masktest: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Sep 10 16:02:10 UTC 2021 on sn-devel-184
(cherry picked from commit
b053bea0af2b2f059d7ed2c920f283d82339022f)
Ralph Boehme [Fri, 10 Sep 2021 05:27:13 +0000 (07:27 +0200)]
s4/torture/locktest: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
0c47f244312f193c299d5b5b7b00db90364f8c8e)
Ralph Boehme [Fri, 10 Sep 2021 05:26:01 +0000 (07:26 +0200)]
s4/torture/gentest: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
f6be1c18bf78db9e45be953d95ef8581daed5b4b)
Ralph Boehme [Fri, 10 Sep 2021 05:25:30 +0000 (07:25 +0200)]
s4/regtree: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
ecb27e02e113c597f952457e8a7803325c4c620e)
Ralph Boehme [Fri, 10 Sep 2021 05:23:59 +0000 (07:23 +0200)]
s4/regshell: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
ac86779fe490318a943ab90e5d117537e839b55f)
Ralph Boehme [Fri, 10 Sep 2021 05:22:12 +0000 (07:22 +0200)]
s4/regpatch: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
604ce3d85a879aa50c045b1f36c0580748b72eb7)
Ralph Boehme [Fri, 10 Sep 2021 05:21:31 +0000 (07:21 +0200)]
s4/regdiff: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
5c75b5bdeb9b39843f115fe07f1a44689af3fcc5)
Ralph Boehme [Fri, 10 Sep 2021 05:16:30 +0000 (07:16 +0200)]
s4/cifsdd: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
08532b3d2e0f66ee524401b8b939b3af31b6b7cd)
Ralph Boehme [Fri, 10 Sep 2021 05:15:49 +0000 (07:15 +0200)]
testparm: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
ac292ec428ea8ef6702e028c15077818000dfa87)
Ralph Boehme [Fri, 10 Sep 2021 05:14:40 +0000 (07:14 +0200)]
split_tokens: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
b851d48277f226ff825b4aaf17483e2d91c54451)
Ralph Boehme [Fri, 10 Sep 2021 05:13:48 +0000 (07:13 +0200)]
smbtree: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
5562674a2188d4e11fbdfcbed7bf1fba02af9e90)
Ralph Boehme [Fri, 10 Sep 2021 05:12:57 +0000 (07:12 +0200)]
smbget: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
d841457aedd8715ceacb20af8f1ae42cbf8ebf49)
Ralph Boehme [Fri, 10 Sep 2021 05:12:21 +0000 (07:12 +0200)]
smbcquotas: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
46a0da16710f99f33780d030557562e1a52a8cba)
Ralph Boehme [Fri, 10 Sep 2021 05:11:43 +0000 (07:11 +0200)]
smbcacls: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
3755304b6efb98739aca3aa121c095302b09e631)
Ralph Boehme [Fri, 10 Sep 2021 05:11:07 +0000 (07:11 +0200)]
sharesec: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
5a2b4ba059809a1e16124bf448a9398822fe5c80)
Ralph Boehme [Fri, 10 Sep 2021 05:10:39 +0000 (07:10 +0200)]
regedit: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
246d4f7b934fbfa75d967aee1ff6bd64866995d1)
Ralph Boehme [Fri, 10 Sep 2021 05:09:34 +0000 (07:09 +0200)]
profiles: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
372adfda9f0aa8f91db6b5dc4357d848baa9fab3)
Ralph Boehme [Fri, 10 Sep 2021 05:08:59 +0000 (07:08 +0200)]
pdbedit: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
bcc4756d8293e452d09a6a73005302eddb6c1f28)
Ralph Boehme [Fri, 10 Sep 2021 05:08:37 +0000 (07:08 +0200)]
ntlm_auth: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
5536e7981c3902014e91cdfa5bd9a17276e41be7)
Ralph Boehme [Fri, 10 Sep 2021 05:07:48 +0000 (07:07 +0200)]
nmblookup: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
ff6a16806f6a030a36179b1e9db699ae72670db4)
Ralph Boehme [Fri, 10 Sep 2021 05:06:54 +0000 (07:06 +0200)]
mvxattr: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
c84916fef5520795d54a29e8e8e2817dd8322f30)
Ralph Boehme [Fri, 10 Sep 2021 05:05:58 +0000 (07:05 +0200)]
log2pcaphex: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
72a6cf1a8a2903518488cff1bdadd001c5b0b281)
Ralph Boehme [Fri, 10 Sep 2021 05:05:02 +0000 (07:05 +0200)]
s3/async-tracker: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
4056bebf05f4d1e0bfcbc5fe53d63b3bab9e031f)
Ralph Boehme [Fri, 10 Sep 2021 05:04:21 +0000 (07:04 +0200)]
vfstest: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
96ab7909bd9eea14ba3aad535c28d53c184341a2)
Ralph Boehme [Fri, 10 Sep 2021 05:03:21 +0000 (07:03 +0200)]
pdbtest: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
e3c5516dc578aee25aaaac1ab7a66ede9d313be0)
Ralph Boehme [Fri, 10 Sep 2021 05:01:56 +0000 (07:01 +0200)]
rpcclient: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
6afa1b3485cef59676dbccf0276bdfa289e009b4)
Ralph Boehme [Fri, 10 Sep 2021 04:56:36 +0000 (06:56 +0200)]
s3/param: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
d5f360723349c26a50472188e4f299def5b82742)
Ralph Boehme [Fri, 10 Sep 2021 04:30:45 +0000 (06:30 +0200)]
source3/lib/smbconf: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
08512e3a54180253445a16e976dd4f6ef4f2a799)
Ralph Boehme [Thu, 9 Sep 2021 16:15:51 +0000 (18:15 +0200)]
nmblookup: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
98c977f44b6086e2c5cec52451078a6ade81d4a8)
Ralph Boehme [Fri, 10 Sep 2021 03:50:07 +0000 (05:50 +0200)]
s4/smbclient: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
6845051266a785bc26356e296bd716162e8a133e)
Ralph Boehme [Fri, 10 Sep 2021 03:46:27 +0000 (05:46 +0200)]
smbstatus: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
4053a59d8dc95ff4de2f6f5c50f7007b6456141f)
Ralph Boehme [Thu, 9 Sep 2021 16:14:36 +0000 (18:14 +0200)]
texpect: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
c87cc09315a169300e57a58b88587e54fcf29d8f)
Stefan Metzmacher [Thu, 9 Sep 2021 14:45:37 +0000 (16:45 +0200)]
smbclient: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
d179c4f49b37dbcd04197b8cc31933e19dd8ac9a)
Ralph Boehme [Fri, 10 Sep 2021 09:29:35 +0000 (11:29 +0200)]
selftest: remove unsupported smbcacls option --get
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
09fd46aa1cb6c1e24948b7d370a4851191b205b2)
Ralph Boehme [Fri, 10 Sep 2021 09:22:07 +0000 (11:22 +0200)]
lib/cmdline: restore s3 option name --max-protocol for MAXPROTOCOL from 4.14
s4 used --maxprotocol, s3 used --max-protocol. We should continue supporting
--max-protocol.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
29910da882d75b20d63714a1365a7b0dba6904a7)
Ralph Boehme [Fri, 10 Sep 2021 09:21:19 +0000 (11:21 +0200)]
manpages: remove duplicate options from smbclient
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
9a3b7f1338e2947aa1cbf1ae34d0e1e7cb692ee9)
Ralph Boehme [Fri, 10 Sep 2021 09:09:25 +0000 (11:09 +0200)]
selftest: fix ---configfile option
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
fdfc475000f606cc9e4ac160350f7ced64749589)
Stefan Metzmacher [Thu, 9 Sep 2021 09:11:03 +0000 (11:11 +0200)]
lib/cmdline: fix --configfile handling of POPT_COMMON_CONFIG_ONLY used by ntlm_auth
ntlm_auth only every knew about '--configfile' without the '-s' alias,
keep it that way and make sure we actually process the argument via
the OPT_CONFIGFILE handling.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
8f3ef4e6c5a440c6582f7af268c6c27c8a2273d4)
Ralph Boehme [Mon, 9 Aug 2021 17:30:21 +0000 (19:30 +0200)]
vfs_btrfs: fix btrfs_fget_compression()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14790
RB: vfs_btrfs compression support broken
Reported-by: noel.kuntze@thermi.consulting
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
ed35fce4fe48b1fa26854a7b4bb151b5c5fb6fc6)
Andrew Bartlett [Mon, 9 Aug 2021 21:20:45 +0000 (09:20 +1200)]
docs: Avoid duplicate information on USER and PASSWD, reference the common section
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14791
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Sep 9 00:52:09 UTC 2021 on sn-devel-184
(cherry picked from commit
18e08c709002506fe217ca6a7a098fcdc00f8c29)
Autobuild-User(v4-15-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-15-test): Fri Sep 10 14:54:25 UTC 2021 on sn-devel-184
Andrew Bartlett [Mon, 9 Aug 2021 21:14:08 +0000 (09:14 +1200)]
docs: Document all the other ways to send a password to smbclient et al
This was previously hidden knowlege not easily available to
administrators and end users.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14791
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
9b50d2e52e6c85bc3ab991cd8a4b870aff397bda)
Andrew Bartlett [Mon, 9 Aug 2021 21:13:15 +0000 (09:13 +1200)]
docs: Ensure to rebuild manpages if samba.entities or samba.version changes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14791
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
a363742635c54a6cb19363f4be9d2be2b731a5e6)
Stefan Metzmacher [Wed, 8 Sep 2021 13:10:14 +0000 (15:10 +0200)]
docs-xml: use upper case for "{client,server} smb3 {signing,encryption} algorithms" values
This matches what smbstatus prints out. Note there's also the removal of
an '-' in "hmac-sha-256" => HMAC-SHA256".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14825
RN: "{client,server} smb3 {signing,encryption} algorithms" should use the same strings as smbstatus output
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Sep 8 16:37:07 UTC 2021 on sn-devel-184
(cherry picked from commit
867c6ff9f3f28ab4bfa0cb1660889f3f5be0d111)
Jule Anger [Thu, 9 Sep 2021 06:27:18 +0000 (08:27 +0200)]
VERSION: Bump version up to Samba 4.15.0rc7...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Thu, 9 Sep 2021 06:25:57 +0000 (08:25 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.15.0rc6 release.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Thu, 9 Sep 2021 06:24:41 +0000 (08:24 +0200)]
WHATSNEW: Add release notes for Samba 4.15.0rc6.
Signed-off-by: Jule Anger <janger@samba.org>
Andrew Bartlett [Sun, 5 Sep 2021 20:52:21 +0000 (08:52 +1200)]
selftest: Add prefix to new schema attributes to avoid flapping dsdb_schema_attributes
If two of these unit tests run in the same second they could
select the same name, as the name was only based on the time
and a common prefix.
As observed by Jeremy Allison. Thanks for the report!
RN: Address flapping dsdb_schema_attributes test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14819
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Sep 6 02:32:51 UTC 2021 on sn-devel-184
(cherry picked from commit
6590bb0b77c641f0d4686b39c713c1405ffb64f5)
Autobuild-User(v4-15-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-15-test): Wed Sep 8 13:31:05 UTC 2021 on sn-devel-184
Andrew Bartlett [Wed, 25 Aug 2021 00:03:08 +0000 (12:03 +1200)]
s4-lsa: Cache sam.ldb handle in lsa_LookupSids3/LookupNames4
Since
5c0345ea9bb34695dcd7be6c913748323bebe937 this
would not have been implicitly cached via the ldb_wrap
cache, due to the recording of the remote IP address
(which is a good thing).
This creates a more explicit and direct correct
cache on the connection.
The common code, including the SCHANNEL check is
placed into a helper function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14807
RN: Fix performance regression in lsa_LookupSids3/LookupNames4 since Samba 4.9 by using an explicit database handle cache
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Sep 5 03:19:26 UTC 2021 on sn-devel-184
(cherry picked from commit
ae57d22e45b33537e9fca5969e9b68abd1ad633f)
Andrew Bartlett [Wed, 25 Aug 2021 09:54:04 +0000 (09:54 +0000)]
selftest: Add a test for LookupSids3 and LookupNames4 in python
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14807
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
b40761b42e889369599c5eb355028ba377c43b49)
Andrew Bartlett [Tue, 24 Aug 2021 21:41:11 +0000 (09:41 +1200)]
dsdb: Be careful to avoid use of the expensive talloc_is_parent()
The wrong talloc API was selected while addressing a memory leak.
commit
ee2fe56ba0ef6626b634376e8dc2185aa89f8c99
Author: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Date: Tue Nov 27 11:07:44 2018 +1300
drepl: memory leak fix
Fixes a memory leak where schema reference attached to ldb
instance is lost before it can be freed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14042
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Wed Jul 17 06:17:10 UTC 2019 on sn-devel-184
By using talloc_get_parent() walking the entire talloc tree is
avoided.
RN: Address a signifcant performance regression in database access in the AD DC since Samba 4.12
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14806
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
8affe4a1e625104de4ca024fdc3e9cd96498aff3)
Andrew Bartlett [Sat, 4 Sep 2021 01:11:08 +0000 (13:11 +1200)]
selftest: Only run samba_tool_drs_showrepl test once
This test is not slow, but there is no value running it twice.
Running this test twice just increases the chances we might
loose a race as it shows and validates live replication data.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
75a5ed66731e947fa16af81aab7649d1fddec45f)
Andrew Bartlett [Sat, 4 Sep 2021 00:28:20 +0000 (12:28 +1200)]
selftest: Split up targets for samba_tool_drs from samba_tool_drs_showrepl
These now run in the disconnected sets schema_dc/schema_pair_dc and
ad_dc/vampire_dc/promoted_dc. By aiming at different sets ofservers
we can't cause cross-contamination in terms of which servers are
listed as outbound connections.
Also, by running the tests only once we reduce the chaces of trouble
by half.
RN: Address flapping samba_tool_drs_showrepl test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14818
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
e8b4599e0935290c5e59df9fd4f695ad8d6f361c)
Andrew Bartlett [Wed, 8 Sep 2021 07:24:29 +0000 (19:24 +1200)]
WHATSNEW: Update with samba-tool domain backup offline fix
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Wed, 8 Sep 2021 07:20:55 +0000 (19:20 +1200)]
WHATSNEW: Update for KDC crash fixes
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 31 Aug 2021 10:38:01 +0000 (22:38 +1200)]
tests/krb5: Allow KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN for a missing sname
This allows our code to still pass with the error code that
MIT and Heimdal have chosen
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Sep 2 14:28:31 UTC 2021 on sn-devel-184
(cherry picked from commit
10baaf08523200e47451aa1862430977b0365b59)
Luke Howard [Tue, 31 Aug 2021 05:38:16 +0000 (17:38 +1200)]
kdc: KRB5KDC_ERR_{C,S}_PRINCIPAL_UNKNOWN if missing field
If missing cname or sname in AS-REQ, return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN and
KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN. This matches MIT behaviour.
[abartlet@samba.org Backported from Heimdal commit
892a1ffcaad98157e945c540b81f65edb14d29bd
and knownfail added]
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
b0f4455e524cbbfb13202220e7095f466b083a2f)
Joseph Sutton [Tue, 31 Aug 2021 07:42:33 +0000 (19:42 +1200)]
tests/krb5: Allow expected_error_mode to be a container type
This allows a range of possible error codes to be checked against, for
cases when the particular error code returned is not so important.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
ebd673e976aea5dd481a75f180fd526995c4fda0)
Joseph Sutton [Fri, 27 Aug 2021 01:37:16 +0000 (13:37 +1200)]
tests/krb5: Add tests for omitting sname in inner request
Note: the test 'test_fast_tgs_inner_no_sname' crashes the MIT KDC.
This is fixed in MIT Krb5 commit
d775c95af7606a51bf79547a94fa52ddd1cb7f49
and was given CVE-2021-37750
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
24914ae17d49f634fafc1bdeb88859293da05f79)
Joseph Sutton [Fri, 27 Aug 2021 01:26:45 +0000 (13:26 +1200)]
tests/krb5: Allow specifying parameters specific to the inner FAST request body
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
c6d7e19ecfb264c6f79df5a20e830e4ea6fdb340)
Joseph Sutton [Fri, 27 Aug 2021 01:02:04 +0000 (13:02 +1200)]
tests/krb5: Add tests for omitting sname in request
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
bbbb13caf7bd2440c80f4f4775725b7863d16a5b)
Joseph Sutton [Fri, 27 Aug 2021 01:00:37 +0000 (13:00 +1200)]
tests/krb5: Check PADATA-PW-SALT element in e-data
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
1e4d757394a0bbda587d5ff91801f88539b712b1)
Joseph Sutton [Fri, 27 Aug 2021 01:00:21 +0000 (13:00 +1200)]
tests/krb5: Check e-data element for TGS-REP errors without FAST
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
e373c6461a88c44303ea8cdbebc2d78dd15dec4a)
Andrew Bartlett [Tue, 31 Aug 2021 22:43:06 +0000 (10:43 +1200)]
tests/krb5: Remove harmful and a-typical return in as_req testcase
A test in a TestCase class should not return a value, the
test is determined by the assertions raised.
Other changes will shortly cause kdc_exchange_dict[preauth_etype_info2]
to not always be filled, so we need to remove this
rudundent code.
This also fixes a *lot* of tests against the MIT KDC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
3330eaf39c6174f2d90fe4d8e016efb97005d1e5)
Joseph Sutton [Thu, 29 Jul 2021 00:25:06 +0000 (12:25 +1200)]
CVE-2021-3671 tests/krb5: Add tests for omitting sname in outer request
Note: Without the previous patch, 'test_fast_tgs_outer_no_sname' would
crash the Heimdal KDC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
b8e2515552ffa158fab1e86a39004de4cc419da5)
Luke Howard [Fri, 27 Aug 2021 01:42:48 +0000 (11:42 +1000)]
CVE-2021-3671 HEIMDAL kdc: validate sname in TGS-REQ
In tgs_build_reply(), validate the server name in the TGS-REQ is present before
dereferencing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817
[abartlet@samba.org backported from from Heimdal
commit
04171147948d0a3636bc6374181926f0fb2ec83a via reference
to an earlier patch by Joseph Sutton]
RN: An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
0cb4b939f192376bf5e33637863a91a20f74c5a5)
Joseph Sutton [Thu, 29 Jul 2021 04:52:29 +0000 (16:52 +1200)]
tests/krb5: Add test for sending PA-ENCRYPTED-CHALLENGE without FAST
Note: This test crashed the MIT KDC prior to MIT commit
fc98f520caefff2e5ee9a0026fdf5109944b3562 which was given
CVE-2021-36222.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
15f9f040fe537ebd30419a4751aa0f13b20f242b)
Joseph Sutton [Wed, 1 Sep 2021 02:43:53 +0000 (14:43 +1200)]
tests/krb5: Make cname checking less strict
Without this additional 'self.strict_checking' check, the tests in the
following patches do not get far enough to trigger a crash with the MIT
KDC.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817
(cherry picked from commit
36798f5b651a02b74b6844c024101f7a026f1f68)
Joseph Sutton [Fri, 27 Aug 2021 01:35:59 +0000 (13:35 +1200)]
tests/krb5: Make e-data checking less strict
Without this additional 'self.strict_checking' check, the tests in the
following patches do not get far enough to trigger a crash with the MIT
KDC, instead failing when obtaining a TGT for the user or machine.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
79dda329f2a8382f1e46b50f4b9692e78d687826)
Andrew Bartlett [Wed, 1 Sep 2021 08:53:45 +0000 (20:53 +1200)]
Update common on currently supported Fedora versions
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817
(cherry picked from commit
d9edad89f3b268c6da8f988a42f8cf2a3b697fe7)
Andrew Bartlett [Wed, 1 Sep 2021 08:55:40 +0000 (20:55 +1200)]
bootstrap: SAMBA_CI_CONTAINER_TAG is now in .gitlab-ci-main.yml
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817
(cherry picked from commit
5805a7c49aa13b578a717cbbc46460741d325c65)
Andrew Bartlett [Wed, 1 Sep 2021 08:45:03 +0000 (20:45 +1200)]
bootstrap: Update to get newer krb5 on Fedora 34
We need the update FEDORA-2021-
20b495cb94 (krb5) to
get a fix for CVE-2021-37750 (explicit NULL deref on KDC)
so our CI will pass as we have a test for this.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817
(cherry picked from commit
e9c8ac4adbca2f8cb45470ccb45a45039188a285)