Karolin Seeger [Thu, 11 Mar 2021 10:23:24 +0000 (11:23 +0100)]
VERSION: Disable GIT_SNAPSHOT for the 4.12.12 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 11 Mar 2021 10:19:51 +0000 (11:19 +0100)]
WHATSNEW: Add release notes for Samba 4.12.12.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 11 Mar 2021 09:47:14 +0000 (10:47 +0100)]
Revert "wscript: use --as-needed only if tested successfully"
This reverts commit
c63f00801cae16a855aa5283fa0cc449e84577ce.
Volker Lendecke [Wed, 3 Mar 2021 18:15:31 +0000 (19:15 +0100)]
g_lock: Fix uninitalized variable reads
If dbwrap_watched_watch_recv() returns IO_TIMEOUT, "blockerdead" might
be an uninitialized non-false, and further down we'll remove the wrong
exclusive locker.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14636
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Mar 5 11:22:07 UTC 2021 on sn-devel-184
(cherry picked from commit
654c18a244f060d81280493a324b98602a69dbbf)
Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-12-test): Mon Mar 8 08:51:39 UTC 2021 on sn-devel-184
Volker Lendecke [Wed, 3 Mar 2021 18:19:23 +0000 (19:19 +0100)]
locking: Fix an uninitialized variable read
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14636
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
84b634c613352fc1da8e1525d72597c526d534d2)
Trever L. Adams [Fri, 26 Feb 2021 22:52:03 +0000 (14:52 -0800)]
s3:modules:vfs_virusfilter: Recent talloc changes cause infinite start-up failure
Recent talloc changes cause the current check for failure to allocate to be incorrectly triggered.
This patch checks to see if the original parameter to be checked for NULL if the talloc returns NULL. This allows for rapid passing in the ca
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14634
RN: Fix failure of vfs_virusfilter starting due to talloc changes
Signed-off-by: Trever L. Adams" <trever.adams@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
(cherry picked from commit
5a92810082c9a9d2833946ae0d83ce05a6bde597)
Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-12-test): Fri Mar 5 13:17:14 UTC 2021 on sn-devel-184
Björn Jacke [Tue, 2 Mar 2021 21:47:35 +0000 (22:47 +0100)]
wscript: use --as-needed only if tested successfully
Some OSes like Solaris based OmiOS don't support this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14288
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
996560191ac6bd603901dcd6c0de5d239e019ef4)
Peter Eriksson [Tue, 23 Feb 2021 20:13:37 +0000 (12:13 -0800)]
s3: VFS: nfs4_acls. Add missing TALLOC_FREE(frame) in error path.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14648
Signed-off-by: Peter Eriksson <pen@lysator.liu.se>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Thu Feb 25 20:46:02 UTC 2021 on sn-devel-184
(cherry picked from commit
3d91fe071a29e2e0c54a10ba081a46cb5c324585)
Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-12-test): Wed Mar 3 11:11:28 UTC 2021 on sn-devel-184
Stefan Metzmacher [Fri, 20 Nov 2020 09:20:14 +0000 (09:20 +0000)]
script/autobuild.py: let cleanup() ignore errors from rmdir_force() by default
It's not useful to generate a python backtrace from within the cleanup code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14628
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
9883ac45939f253a63f3ff312fc3912c5f02cdac)
Autobuild-User(v4-14-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-14-test): Tue Feb 2 10:29:44 UTC 2021 on sn-devel-184
(cherry picked from commit
cc1568be4d4250390a9ad03c84f5e260fc7acffd)
Stefan Metzmacher [Fri, 20 Nov 2020 09:20:14 +0000 (09:20 +0000)]
script/autobuild.py: split out a rmdir_force() helper function
That also tries to re-add write permissions before removing.
In future we'll have jobs changing there directory to read-only.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14628
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
7a5df2deaaf62a7edd7c64251f75ab15abe94c07)
(cherry picked from commit
c933135969be29072971f96481b05f499fd48b57)
Stefan Metzmacher [Thu, 27 Feb 2020 23:00:08 +0000 (00:00 +0100)]
script/autobuild.py: allow write_system_info commands to fail
These commands are just there as hints to debug possible problems.
In order to support autobuild.py on non-linux platforms we should
just ignore errors here.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Apr 2 07:36:07 UTC 2020 on sn-devel-184
(cherry picked from commit
9b1e96197e0983a16e73ce351eac7775801736d8)
Stefan Metzmacher [Thu, 27 Feb 2020 22:59:00 +0000 (23:59 +0100)]
script/autobuild.py: use more portable 'cp -R -a -l'
On platforms like FreeBSD 12 cp doesn't accept the long options,
using the one letter options works there and keeps working on Linux
as well.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
0312a10e09d8dc1295a4a80493761e91031e88e7)
Stefan Metzmacher [Thu, 27 Feb 2020 22:58:42 +0000 (23:58 +0100)]
script/autobuild.py: add support git worktree
.git is not always a directory, with 'git worktree' it's a file.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
f9374d0a4ecc11acc46884feec28d138accc6dab)
Björn Jacke [Fri, 5 Feb 2021 11:47:01 +0000 (12:47 +0100)]
classicupgrade: treat old never expires value right
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14624
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Feb 10 15:06:49 UTC 2021 on sn-devel-184
(cherry picked from commit
df75d82c9de6977c466ee9f01886cb012a9c5fef)
Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-12-test): Tue Feb 16 22:33:52 UTC 2021 on sn-devel-184
Stefan Metzmacher [Tue, 9 Feb 2021 12:48:36 +0000 (13:48 +0100)]
s3:pysmbd: fix fd leak in py_smbd_create_file()
Various 'samba-tool domain backup' commands use this and will
fail if there's over ~1000 files in the sysvol folder.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13898
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
d8fa464a2dfb11df4e1db4ebffe8bd28ff118c75)
Paul Wise [Mon, 29 Feb 2016 17:58:45 +0000 (11:58 -0600)]
HEIMDAL: krb5_storage_free(NULL) should work
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12505
Signed-off-by: Paul Wise <pabs3@bonedaddy.net>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Original-author: Nicolas Williams <nico@twosigma.com>
(cherry-picked from heimdal commit
b3db07d5f0e03f6a1a0a392e70f9675e19a6d6af)
(cherry picked from commit
f9ed4f7028a5ed29026ac8ef1b47b63755ba98f8)
Andreas Schneider [Tue, 2 Feb 2021 17:10:38 +0000 (18:10 +0100)]
lib:util: Avoid free'ing our own pointer
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14625
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
0bdbe50fac680be3fe21043246b8c75005611351)
Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-12-test): Fri Feb 5 12:14:09 UTC 2021 on sn-devel-184
Andreas Schneider [Wed, 3 Feb 2021 09:37:12 +0000 (10:37 +0100)]
lib:util: Add cache oversize test for memcache
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14625
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
00543ab3b29e3fbfe8314e51919629803e14ede6)
Andreas Schneider [Wed, 3 Feb 2021 09:30:08 +0000 (10:30 +0100)]
lib:util: Add basic memcache unit test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14625
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
bebbf621d6052f797c5cf19a2a9bbc13e699d3f0)
Jeremy Allison [Thu, 28 Jan 2021 19:08:48 +0000 (11:08 -0800)]
s3: libsmb: cli_state_save_tcon(). Don't deepcopy tcon struct when temporarily swapping out a connection on a cli_state.
This used to make a deep copy of either
cli->smb2.tcon or cli->smb1.tcon, but this leaves
the original tcon pointer in place which will then get
TALLOC_FREE()'d when the new tree connection is made on
this cli_state.
As there may be pipes open on the old tree connection with
talloc'ed state allocated using the original tcon pointer as a
talloc parent we can't deep copy and then free this pointer
as that will fire the destructors on the pipe memory and
mark them as not connected.
This call is used to temporarily swap out a tcon pointer
(whilst keeping existing pipes open) to allow a new tcon
on the same cli_state and all users correctly call
cli_state_restore_tcon() once they are finished with
the new tree connection.
Just return the existing pointer and set the old value to NULL.
We know we MUST be calling cli_state_restore_tcon() below
to restore the original tcon tree connection pointer before
closing the session.
Remove the knownfail.d entry.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13992
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Feb 2 21:05:25 UTC 2021 on sn-devel-184
(cherry picked from commit
4f80f5f9046b64a9e5e0503b1cb54f1492c4faec)
Jeremy Allison [Fri, 29 Jan 2021 01:35:55 +0000 (17:35 -0800)]
s3: torture: Change the SMB1-only UID-REGRESSION-TEST to do an explicit copy of the tcon struct in use.
For this test only, explicitly copy the SMB1 tcon struct,
don't use cli_state_save_tcon()//cli_state_restore_tcon()
as these calls will soon change to just manipulate the pointer
to avoid TALLOC_FREE() on the tcon struct which calls
destructors on child pipe data.
In SMB1 this test calls cli_tdis() twice with an invalid
vuid and expects the SMB1 tcon struct to be preserved
across the calls.
SMB1 cli_tdis() frees cli->smb1.tcon so we must put back
a deep copy into cli->smb1.tcon to be able to safely call
cli_tdis() again.
This is a test-only hack. Real client code
uses cli_state_save_tcon()/cli_state_restore_tcon()
if it needs to temporarily swap out the active
tcon on a client connection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13992
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
e93e6108837eff0cebad8dc26d055c0e1386093a)
Jeremy Allison [Thu, 28 Jan 2021 18:56:18 +0000 (10:56 -0800)]
s3: smbtorture3: Ensure run_tcon_test() always replaces any saved tcon and shuts down correctly even in error paths.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13992
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
f9ca91bd293e9f2710c4449c5d4f5d016a066049)
Jeremy Allison [Thu, 28 Jan 2021 18:46:33 +0000 (10:46 -0800)]
s3: smbtorture3: Ensure we *always* replace the saved saved_tcon even in an error condition.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13992
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
dc701959cad7bf15aa47cad6451212606520f67f)
Jeremy Allison [Thu, 28 Jan 2021 22:07:23 +0000 (14:07 -0800)]
s3: tests: Add regression test for bug 13992.
Subtle extra test. Mark as knownfail for now.
'^ user1$' must appear MORE THAN ONCE, as it can read more than one
share. The previous test found user1, but only once as the bug only
allows reading the security descriptor for one share, and we were
unlucky that the first share security descriptor returned allows
user1 to read from it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13992
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
068f4a977f0539f790809d580bf22d2362032e3d)
Ralph Boehme [Fri, 15 Jan 2021 11:56:25 +0000 (12:56 +0100)]
s3/auth: implement "winbind:ignore domains"
Under the following conditions a user from an ignored domain might be able to
authenticate:
- using Kerberos
- successfully previous authentication so the idmap and name caches are filled
- winbind not running (fwiw, winbindd is mandatory on a domain member)
- nscd running with a cached getpwnam for the ignored user (otherwise auth fails
because getpwnam fails)
- lookup_name() function being modified to look into the name cache before
contacting winbindd. Currently it talks directly to winbindd and that will
check the cache.
Currently, authentication will only fail because creating the local token for
the user fails because an LSA lookupname RPC call fails (because winbindd is not
running).
All of this makes a successfull authentication unlikelly, but that is more by
accident then by design.
To ensures that if winbindd is not running and as such winbindd itself can not
enforce the restriction, also implement the ignored domains check in the auth
system as a last line of defense.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
RN: "winbind:ignore domains" doesn't prevent user login from trusted domain
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
df5fe2d835169161d3930acf1e9c750dd2bc64b6)
Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-12-test): Thu Jan 28 10:14:02 UTC 2021 on sn-devel-184
Ralph Boehme [Thu, 14 Jan 2021 09:42:53 +0000 (10:42 +0100)]
winbind: check for allowed domains in winbindd_pam_auth_pac_verify()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
da474ddd13d84f07f5da81c843e651844f33a003)
Ralph Boehme [Mon, 11 Jan 2021 16:59:48 +0000 (17:59 +0100)]
winbind: check for allowed domains in winbindd_dual_pam_chauthtok()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
88e92faace7ec17810903166fa3433aa4842a4e3)
Ralph Boehme [Mon, 11 Jan 2021 16:19:05 +0000 (17:19 +0100)]
winbind: check for allowed domains in winbindd_dual_pam_chng_pswd_auth_crap()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
4bc17600bc50fbc0e54d9d019d8db67001fc3eef)
Ralph Boehme [Mon, 11 Jan 2021 16:10:19 +0000 (17:10 +0100)]
winbind: check for allowed domains in winbindd_dual_pam_auth_crap()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit
c17bc9c6115e4e92132f3cb912547eac78227938)
[slow@samba.org: removed knownfail entry]
Ralph Boehme [Mon, 11 Jan 2021 15:50:31 +0000 (16:50 +0100)]
winbind: check for allowed domains in winbindd_dual_pam_auth()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
4cefdf03fec91cdcf700922b1a5ceca02407e259)
Ralph Boehme [Mon, 11 Jan 2021 15:15:15 +0000 (16:15 +0100)]
winbind: move "winbind:ignore domain" logic to a seperate function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
894caca79476d25a0268d89b2ad8a5758b7e31f3)
Ralph Boehme [Wed, 20 Jan 2021 11:00:16 +0000 (12:00 +0100)]
winbind: handle MSG_SMB_CONF_UPDATED in the winbinds children
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
072ef48001710ed8326c83295f2d3cc301d27cfe)
Ralph Boehme [Wed, 20 Jan 2021 11:27:23 +0000 (12:27 +0100)]
winbind: set logfile after reloading config
lp_load_global() will overwrite whatever we've set with lp_set_logfile().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
0c4497f8c66d0ea7c68d42c19e859932ebc3e2ac)
Ralph Boehme [Wed, 20 Jan 2021 10:17:22 +0000 (11:17 +0100)]
winbind: move config-reloading code to winbindd_dual.c
In preperation of forwarding MSG_SMB_CONF_UPDATED to all childs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
81edc65e79aba121db800ec53aadd766e61a0001)
Karolin Seeger [Thu, 21 Jan 2021 12:03:44 +0000 (13:03 +0100)]
script/release.sh: always select the GPG key by it's ID
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
715b208b513035269a6523f8543c4bf328a7c0f2)
Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-12-test): Fri Jan 22 14:09:07 UTC 2021 on sn-devel-184
Karolin Seeger [Thu, 21 Jan 2021 12:02:26 +0000 (13:02 +0100)]
ReleaseKey: add GnuPG key transition statement for the Samba release key
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
38a278b1afedd6c0a6de0fd4f08008e83f8597a9)
Karolin Seeger [Tue, 22 Dec 2020 08:35:58 +0000 (09:35 +0100)]
script/release.sh: Use new GPG key.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
2f6cea063ddf52d77037644d612bbc209837e707)
Jeremy Allison [Tue, 12 Jan 2021 19:44:44 +0000 (11:44 -0800)]
s3: smbd: Add call to conn_setup_case_options() to create_conn_struct_as_root().
Ensures temporary DFS share doesn't leave the case parameters set
as zero (i.e.:
conn->case sensitive = 0
conn->share_case_preserve = 0
and default case is lower
which can cause problems doing a DFS_GET_REFERRALS request).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14612
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Wed Jan 13 18:14:31 UTC 2021 on sn-devel-184
(cherry picked from commit
39ce73321093a0a5e25f574d0d32d7f88892de46)
Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-12-test): Wed Jan 20 11:29:51 UTC 2021 on sn-devel-184
Jeremy Allison [Tue, 12 Jan 2021 19:39:51 +0000 (11:39 -0800)]
s3: smbd: Factor out setting up case parameters for a share to a function - conn_setup_case_options().
Will allow it to be reused in the msdfs temporary share code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14612
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
(cherry picked from commit
ab7700177c2badbf8ed649985be8029223b6e946)
Ralph Boehme [Sun, 27 Sep 2020 06:52:58 +0000 (08:52 +0200)]
build: remove smbd_conn private library
This is not needed anymore since
6822baa2920f30374ec84363497d97e24f359fab.
Needed here for:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14612
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
80ac7fa7c4c728bef4f947872c090fec35fb26f0)
Stefan Metzmacher [Thu, 14 Jan 2021 16:32:15 +0000 (17:32 +0100)]
libcli/smb: allow unexpected padding in SMB2 IOCTL responses
A NetApp Ontap 7.3.7 SMB server add 8 padding bytes to an
offset that's already 8 byte aligned.
RN: Work around special SMB2 IOCTL response behavior of NetApp Ontap 7.3.7
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607
Pair-Programmed-With: Volker Lendecke <vl@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Jan 15 08:36:34 UTC 2021 on sn-devel-184
(cherry picked from commit
4c6c71e1378401d66bf2ed230544a75f7b04376f)
Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-12-test): Mon Jan 18 08:57:48 UTC 2021 on sn-devel-184
Stefan Metzmacher [Thu, 14 Jan 2021 16:27:21 +0000 (17:27 +0100)]
libcli/smb: split out smb2cli_ioctl_parse_buffer()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607
Pair-Programmed-With: Volker Lendecke <vl@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
508ed5b42c23f8b3d9730d838bd921cb73c61358)
Jeremy Allison [Wed, 6 Jan 2021 17:03:05 +0000 (09:03 -0800)]
libcli/smb: Allow smb2cli_validate_negotiate_info_done() to ignore NT_STATUS_INVALID_PARAMETER.
This can be returned from NetApp Ontap 7.3.7 SMB server
implementations. Now we have ensured smb2_signing_check_pdu()
cannot return NT_STATUS_INVALID_PARAMETER on a signing error
it's safe to check this error code here. Windows 10
clients ignore this error from the NetApp.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
0abb5ca6b96c843909dea56d5594e334547ae90f)
Stefan Metzmacher [Mon, 11 Jan 2021 09:01:39 +0000 (10:01 +0100)]
libcli/smb: Change some checks to SMB_ASSERTS
If we end up here, it's definitely a programming error in the basic
parsing layer of the SMB2 packet.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
fdcdfceefdd3186ef0b70bb6e83dddc8f4c073db)
Karolin Seeger [Mon, 18 Jan 2021 07:55:29 +0000 (08:55 +0100)]
WHATSNEW: Remove superfluous line.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 14 Jan 2021 08:25:11 +0000 (09:25 +0100)]
VERSION: Bump version up to 4.12.12...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 14 Jan 2021 08:24:26 +0000 (09:24 +0100)]
VERSION: Disable GIT_SNAPSHOT for the 4.12.11 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 14 Jan 2021 08:23:55 +0000 (09:23 +0100)]
WHATSNEW: Add release notes for Samba 4.11.11.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Ralph Boehme [Fri, 11 Dec 2020 11:59:28 +0000 (12:59 +0100)]
vfs_fruit: fix close for fake_fd
If the next backend doesn't use kernel fd's should not
pass a fake_fd to the next backend.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14596
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jan 8 21:38:18 UTC 2021 on sn-devel-184
(back-ported from commit
564b62a6f7c0a9b9712946d723118122b9c3785f)
Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-12-test): Wed Jan 13 13:45:00 UTC 2021 on sn-devel-184
Ralph Boehme [Fri, 11 Dec 2020 12:00:56 +0000 (13:00 +0100)]
vfs_fruit: check fake_fd in fruit_pread_meta_stream()
Don't call into the next VFS backend if we know we still have a fake-fd. Just
return -1 and the caller has the logic to handle this, which results in
returning a AFP_AfpInfo blob initialized with some defaults.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14596
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(back-ported from commit
c5da08422990dfc1e082bc01aa10d6e415eebe3f)
Ralph Boehme [Fri, 11 Dec 2020 12:00:09 +0000 (13:00 +0100)]
vfs_fruit: use "fake_fd" instead of "created"
Both have basically the same semantics.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14596
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(back-ported from commit
36eb30fd7d4b82bffd0e1ab471c088f678d700a4)
Stefan Metzmacher [Fri, 18 Dec 2020 13:36:00 +0000 (14:36 +0100)]
vfs_streams_xattr: make use of vfs_fake_fd_close()
When we used vfs_fake_fd() we should use vfs_fake_fd_close()
in order to have things symetric.
That may allows us to change vfs_fake_fd() internally if required.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14596
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(back-ported from commit
40e70cbd3c3a1df9205a7b18d07784c1754cc340)
Stefan Metzmacher [Fri, 18 Dec 2020 13:36:00 +0000 (14:36 +0100)]
vfs_fruit: make use of vfs_fake_fd_close()
When we used vfs_fake_fd() we should use vfs_fake_fd_close()
in order to have things symetric.
That may allows us to change vfs_fake_fd() internally if required.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14596
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(back-ported from commit
719c83b4dc4cef16429ec2803621039545f6885e)
Stefan Metzmacher [Fri, 18 Dec 2020 13:03:09 +0000 (14:03 +0100)]
s3:smbd: add vfs_fake_fd_close() helper
When we used vfs_fake_fd() we should use vfs_fake_fd_close()
in order to have things symetric.
This makes code easier to understand and may allow us to change
vfs_fake_fd() internally if required.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14596
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(back-ported from commit
8f057333466b2d9845cd8bc2b794d98252ade2a4)
Andreas Schneider [Mon, 21 Dec 2020 09:36:46 +0000 (10:36 +0100)]
s3:lib: Create the cache path of user gencache recursively
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14601
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan 6 23:59:58 UTC 2021 on sn-devel-184
(cherry picked from commit
38c989fab78c3baade3e441829b7becf6b25ef3f)
Andreas Schneider [Mon, 21 Dec 2020 09:35:51 +0000 (10:35 +0100)]
lib:util: Add directory_create_or_exists_recursive()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14601
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
from commit
bf7b165877bdfd07eb84ecafdc87bd7a6d945f09)
Arne Kreddig [Fri, 1 Jan 2021 21:54:22 +0000 (22:54 +0100)]
vfs_virusfilter: Allocate separate memory for config char*
Instead of using only the pointer to the configuration char* from the
global configuration, vfs_virusfilter now allocates its own memory and
copies the char* from the global configuration.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14606
Signed-off-by: Arne Kreddig <arne@kreddig.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jan 7 19:25:38 UTC 2021 on sn-devel-184
(cherry picked from commit
2f21d1b0ac8526508161de73290f67858b2fe668)
Andrew Bartlett [Mon, 23 Nov 2020 06:35:37 +0000 (19:35 +1300)]
Do not create an empty DB when accessing a sam.ldb
Samba already does this for samba-tool and doing this should make
our errors more sensible, particularly in BIND9 if not provisioned
with the correct --dns-backend=DLZ_BIND9
The old error was like:
named[62954]: samba_dlz: Unable to get basedn for
/var/lib/samba/private/dns/sam.ldb
- NULL Base DN invalid for a base search.
The new error will be like (in this case from the torture test):
Failed to connect to Failed to connect to
ldb:///home/abartlet/samba/st/chgdcpass/bind-dns/dns/sam.ldb:
Unable to open tdb '/home/abartlet/samba/st/chgdcpass/bind-dns/dns/sam.ldb':
No such file or directory: Operations error
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14579
Reviewed-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
d49e96bc45ea5e2d3364242dad36fe9094b7cc42)
Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-12-test): Thu Jan 7 09:50:29 UTC 2021 on sn-devel-184
Martin Schwenke [Tue, 8 Dec 2020 13:03:47 +0000 (00:03 +1100)]
bootstrap: Cope with case changes in CentOS 8 repo names
RN: Be more flexible with repository names in CentOS 8 test environments
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14594
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(backported from commit
1c59f49aaede8ec1662d4e49aef84fcd902a8a76)
Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-12-test): Wed Jan 6 12:19:21 UTC 2021 on sn-devel-184
Dimitry Andric [Fri, 1 Jan 2021 17:25:48 +0000 (18:25 +0100)]
lib: Avoid declaring zero-length VLAs in various messaging functions
In messaging_rec_create(), messaging_recv_cb() and
messaging_dispatch_rec(), variable length arrays of file descriptors are
declared using an incoming num_fds parameter.
However, there are several scenarios where num_fds can be zero, and
declaring a zero-length VLA is undefined behavior. This can lead to
segmentation faults and/or other crashes when compiling with recent
versions of clang at high optimization levels.
To avoid ever using zero as the length for these declarations, use
MAX(1, length) instead.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14605
Signed-off-by: Dimitry Andric <dimitry@andric.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Jan 4 10:50:07 UTC 2021 on sn-devel-184
(cherry picked from commit
3e96c95d41e4ccd0bf43b3ee78af644e2bc32e30)
Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-12-test): Tue Jan 5 09:11:44 UTC 2021 on sn-devel-184
Ralph Boehme [Mon, 30 Nov 2020 11:28:58 +0000 (12:28 +0100)]
vfs_zfsacl: add missing inherited flag on hidden "magic" everyone@ ACE
This was an omission in the fixes for bug 14470.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14587
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Dec 1 20:29:34 UTC 2020 on sn-devel-184
(cherry picked from commit
936f74daed0d6221312f651f35c4ed357bbf1414)
Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-12-test): Wed Dec 9 11:45:09 UTC 2020 on sn-devel-184
Ralph Boehme [Mon, 30 Nov 2020 11:28:00 +0000 (12:28 +0100)]
vfs_zfsacl: reformatting
No change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14587
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
a8457ac3c80e22588e33a343c2306b702734ca88)
Ralph Boehme [Thu, 26 Nov 2020 14:24:44 +0000 (15:24 +0100)]
s4/samba: call force_check_log_size() in standard_new_task()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14248
RN: samba process does not honor max log size
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Dec 7 18:54:29 UTC 2020 on sn-devel-184
(cherry picked from commit
058f96f4c4eda42b404f0067521d3eafb495fe7d)
Ralph Boehme [Thu, 26 Nov 2020 14:24:26 +0000 (15:24 +0100)]
s4/samba: call force_check_log_size() in standard_accept_connection()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14248
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
6fa5fb8ef26dab862df5c46bb5e74f19839c30e2)
Ralph Boehme [Thu, 26 Nov 2020 14:23:58 +0000 (15:23 +0100)]
s4/samba: call force_check_log_size() in prefork_reload_after_fork()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14248
Signed-off-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
82b64e930b0e2d3b2e5186017d9f8e420994136c)
Ralph Boehme [Mon, 23 Nov 2020 15:44:04 +0000 (16:44 +0100)]
s4: call reopen_logs_internal() in the SIGHUP handler of the prefork process model
With debug_schedule_reopen_logs() the actual reopen only takes place at some
point in the future when a DEBUG message is processed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14248
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
19413e76a46f07fdd46fde5e60707bb6845a782d)
Ralph Boehme [Fri, 20 Nov 2020 14:21:03 +0000 (15:21 +0100)]
s4: replace low-level SIGUP handler with a tevent handler
Replace the low-level signal handler for SIGHUP with a nice tevent signal
handler. The low-level handler sig_hup() installed by setup_signals() remains
being used during early startup before a tevent context is available.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14248
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
9f71e6173ab43a04804ba8061cb0e8ae6c0165bf)
Ralph Boehme [Thu, 26 Nov 2020 13:21:58 +0000 (14:21 +0100)]
s4: install tevent tracing hooks to trigger logfile rotation
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14248
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit
516c2a04a242a539f9fbddb2822295fee233644c)
[slow@samba.org: process_prefork.c has additional include in master]
Ralph Boehme [Mon, 23 Nov 2020 16:53:57 +0000 (17:53 +0100)]
s4: add samba server tevent trace helper stuff
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14248
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit
68f71f227b17774a12c84575c1eecd82279fac95)
[slow@samba.org: conflict due to rename source4/smbd/ -> source4/samba/ in master]
Ralph Boehme [Mon, 23 Nov 2020 15:04:03 +0000 (16:04 +0100)]
debug: detect logrotation by checking inode number
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14248
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
3651a51e93b45104323d5db1d5ea704d4f71acf1)
Ralph Boehme [Mon, 23 Nov 2020 14:51:09 +0000 (15:51 +0100)]
debug: pass struct debug_class *config to do_one_check_log_size()
Pass a pointer to the struct instead of all struct members individually. No
change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14248
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
b7ee36146458bcc2c944f5670b7632df8281ae61)
Ralph Boehme [Mon, 23 Nov 2020 14:46:47 +0000 (15:46 +0100)]
debug: pass struct debug_class *config to reopen_one_log()
Pass a pointer to the struct instead of all struct members individually. No
change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14248
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
29cd139a32d5dbf36bef68eb9c7f1160201e3042)
Ralph Boehme [Fri, 13 Nov 2020 11:34:50 +0000 (12:34 +0100)]
loadparm: setup debug subsystem setting max_log_size from config
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14248
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
ab2c712c016f4e4dacd5064b9eb8f6417f4b9b60)
Jeremy Allison [Wed, 2 Dec 2020 19:47:02 +0000 (11:47 -0800)]
s3: smbd: Quiet log messages from usershares for an unknown share.
No need to log missing shares/sharenames at debug level zero.
Keep the debug level zero for all other usershare problems.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14590
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Rowland penny <rpenny@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Dec 4 20:54:06 UTC 2020 on sn-devel-184
(cherry picked from commit
8a0a7359faba642baf55a8f98ff78c0d0884d0f0)
Günther Deschner [Tue, 24 Nov 2020 14:38:41 +0000 (15:38 +0100)]
vfs_glusterfs: print exact cmdline for disabling write-behind translator
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14486
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Nov 27 17:15:07 UTC 2020 on sn-devel-184
(cherry picked from commit
369c1d539837b70e94fe9d533d44860c8a9380a1)
Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-12-test): Wed Dec 2 17:35:21 UTC 2020 on sn-devel-184
Anoop C S [Thu, 5 Nov 2020 10:42:09 +0000 (16:12 +0530)]
manpages/vfs_glusterfs: Mention silent skipping of write-behind translator
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14486
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Nov 9 13:30:06 UTC 2020 on sn-devel-184
(cherry picked from commit
be03ce7d8bb213633eedcfc3299b8d9865a3c67f)
Anoop C S [Thu, 12 Nov 2020 14:57:24 +0000 (20:27 +0530)]
vfs_shadow_copy2: Preserve all open flags assuming ROFS
Instead of replacing open flags with just O_RDONLY, filter out all those
flags unrelated to a Read Only File System
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14573
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Nov 12 17:23:19 UTC 2020 on sn-devel-184
(cherry picked from commit
e9e06a11daf036abf7a7022ebc8eaefde178aa52)
Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-12-test): Thu Nov 19 14:09:43 UTC 2020 on sn-devel-184
Jeremy Allison [Thu, 5 Nov 2020 23:48:08 +0000 (15:48 -0800)]
s3: spoolss: Make parameters in call to user_ok_token() match all other uses.
We already have p->session_info->unix_info->unix_name, we don't
need to go through a legacy call to uidtoname(p->session_info->unix_token->uid).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14568
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Nov 9 04:10:45 UTC 2020 on sn-devel-184
(cherry picked from commit
e5e1759057a767f517bf480a2172a36623df2799)
Jeremy Allison [Sun, 27 Sep 2020 05:14:33 +0000 (22:14 -0700)]
s3: smbd: Don't overwrite contents of fsp->aio_requests[0] with NULL via TALLOC_FREE().
They may have been carefully set by the aio_del_req_from_fsp()
destructor so we must not overwrite here.
Found via some *amazing* debugging work from Ashok Ramakrishnan <aramakrishnan@nasuni.com>.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14515
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Sep 30 11:18:43 UTC 2020 on sn-devel-184
(cherry picked from commit
fca8cb63762faff54cda243c1ed8217b36333131)
Jones Syue [Mon, 28 Sep 2020 01:10:03 +0000 (09:10 +0800)]
interface: fix if_index is not parsed correctly
Replace probed_ifaces[i] with ifs.
In SDC 2020 SMB3 Virtual IO Lab,
run Windows Protocol Test Suite to test FileServer multichannel test cases.
Samba server has 2 virtual interfaces for VPN connection:
> name=tun2001, ip/mask=192.168.144.9/22
> name=tun2002, ip/mask=192.168.144.10/22
test suite client can ping these 2 ip addresses and browse shares.
Then client try to use IOCTL FSCTL_QUERY_NETWORK_INTERFACE_INFO to get the
virtual ip addresses of samba server, but samba server responded it
without the virtual ip addresses. My VPN setup is point-to-point and the
virtual interfaces 'tun2001' & 'tun2002' are without flag IFF_BROADCAST.
So edit smb.conf and add
"interfaces = ${virtual_ip}/${mask_length};if_index=${id}", like this:
> interfaces = eth4 eth8 eth11 eth10 qvs0 "192.168.144.9/22;if_index=50" "192.168.144.10/22;if_index=51"
then samba server IOCTL response could return the virtual ip addresses,
but found a issue:
the interface index of virtual ip addresses is always
4294967295
(0xFFFFFFFF, -1).
Quote Metze: https://gitlab.com/samba-team/devel/samba/-/commit/
6cadb55d975a6348a417caed8b3258f5be2acba4#note_419181789
This looks good, I think that also explains
the possible memory corruption/crash I mentioned in the bug report.
As 'i' is most likely the same as 'total_probed' and
probed_ifaces[i] is not valid, so we overwrite unrelated memory.
Later I see 'realloc(): invalid pointer' and this backtrace:
BACKTRACE:
#0 log_stack_trace + 0x29 [ip=0x7f2f1b6fffa9] [sp=0x7ffcd0ab53e0]
#1 smb_panic + 0x11 [ip=0x7f2f1b700301] [sp=0x7ffcd0ab5d10]
#2 sig_fault + 0x54 [ip=0x7f2f1b7004f4] [sp=0x7ffcd0ab5e20]
#3 funlockfile + 0x50 [ip=0x7f2f17ce6dd0] [sp=0x7ffcd0ab5ec0]
#4 gsignal + 0x10f [ip=0x7f2f1794970f] [sp=0x7ffcd0ab6b90]
#5 abort + 0x127 [ip=0x7f2f17933b25] [sp=0x7ffcd0ab6cb0]
#6 __libc_message + 0x297 [ip=0x7f2f1798c897] [sp=0x7ffcd0ab6de0]
#7 malloc_printerr + 0x1c [ip=0x7f2f17992fdc] [sp=0x7ffcd0ab6ef0]
#8 realloc + 0x23a [ip=0x7f2f17997f6a] [sp=0x7ffcd0ab6f00]
#9 _talloc_realloc + 0xee [ip=0x7f2f1a365d2e] [sp=0x7ffcd0ab6f50]
#10 messaging_filtered_read_send + 0x18c [ip=0x7f2f1a10f54c] [sp=0x7ffcd0ab6fb0]
#11 messaging_read_send + 0x55 [ip=0x7f2f1a10f705] [sp=0x7ffcd0ab7000]
#12 smb2srv_session_table_init + 0x83 [ip=0x7f2f1b3a6cd3] [sp=0x7ffcd0ab7040]
#13 smbXsrv_connection_init_tables + 0x2d [ip=0x7f2f1b373f4d] [sp=0x7ffcd0ab7060]
#14 smbd_smb2_request_process_negprot + 0x827 [ip=0x7f2f1b38cb47] [sp=0x7ffcd0ab7080]
#15 smbd_smb2_request_dispatch + 0x19db [ip=0x7f2f1b38921b] [sp=0x7ffcd0ab71d0]
#16 smbd_smb2_process_negprot + 0x298 [ip=0x7f2f1b38bb38] [sp=0x7ffcd0ab7260]
#17 process_smb + 0x2ca [ip=0x7f2f1b37537a] [sp=0x7ffcd0ab72b0]
#18 smbd_server_connection_read_handler + 0xd0 [ip=0x7f2f1b376420] [sp=0x7ffcd0ab7350]
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14514
Signed-off-by: Jones Syue <jonessyue@qnap.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
b78ff5717654064c8a4facc54a8e9833e5843c21)
Jeremy Allison [Tue, 10 Nov 2020 18:18:18 +0000 (10:18 -0800)]
s3: modules: gluster. Fix the error I made in preventing talloc leaks from a function.
file_lines_parse() plays horrible tricks with
the passed-in talloc pointers and the hierarcy
which makes freeing hard to get right.
As we know mem_ctx is freed by the caller, after
calling file_lines_parse don't free on exit and let the caller
handle it. This violates good Samba coding practice
but we know we're not leaking here.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14486
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Nov 11 15:02:27 UTC 2020 on sn-devel-184
(cherry picked from commit
457b49c67803dd95abc8502c2a410fac273f6fba)
Jeremy Allison [Fri, 13 Nov 2020 22:18:43 +0000 (14:18 -0800)]
libcli: smb2: Never print length if smb2_signing_key_valid() fails for crypto blob.
Blob could be NULL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14210
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Nov 16 09:47:38 UTC 2020 on sn-devel-184
(cherry picked from commit
26ba04a4d1987a859152751e6083d9b9aef770ff)
Günther Deschner [Mon, 2 Nov 2020 15:10:44 +0000 (16:10 +0100)]
s3-vfs_glusterfs: always disable write-behind translator
The "pass-through" option has now been merged upstream as of:
https://github.com/gluster/glusterfs/pull/1640
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14486
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Pair-Programmed-With: Anoop C S <anoopcs@samba.org>
Pair-Programmed-With: Sachin Prabhu <sprabhu@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov 4 22:53:49 UTC 2020 on sn-devel-184
(cherry picked from commit
a51cda69ec6a017ad04b5690a3ae67a5478deee9)
Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-12-test): Thu Nov 5 12:27:28 UTC 2020 on sn-devel-184
Karolin Seeger [Thu, 5 Nov 2020 09:07:17 +0000 (10:07 +0100)]
VERSION: Bump version up to 4.12.11...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 5 Nov 2020 09:06:06 +0000 (10:06 +0100)]
VERSION: Disable GIT_SNAPSHOT for the 4.12.10 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 5 Nov 2020 09:03:16 +0000 (10:03 +0100)]
WHATSNEW: Add release notes for Samba 4.12.10.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Jeremy Allison [Mon, 2 Nov 2020 23:46:51 +0000 (15:46 -0800)]
s3: modules: vfs_glusterfs: Fix leak of char **lines onto mem_ctx on return.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14486
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Nov 3 01:56:59 UTC 2020 on sn-devel-184
(cherry picked from commit
7d846cd178d653600c71ee4bd6a491a9e48a56da)
Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-12-test): Tue Nov 3 13:02:10 UTC 2020 on sn-devel-184
Günther Deschner [Mon, 2 Nov 2020 11:30:36 +0000 (12:30 +0100)]
s3-vfs_glusterfs: refuse connection when write-behind xlator is present
s3-vfs_glusterfs: refuse connection when write-behind xlator is present
Once the new glusterfs api is available we will programmtically disable
the translator, for now we just refuse the connection as there is
a potential for serious data damage.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14486
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Pair-Programmed-With: Sachin Prabhu <sprabhu@redhat.com>
Pair-Programmed-With: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Nov 2 21:40:33 UTC 2020 on sn-devel-184
(cherry picked from commit
2a49ccbcf5e3ff0f6833bcb7f04b800125f1783f)
Sachin Prabhu [Thu, 15 Oct 2020 11:14:33 +0000 (12:14 +0100)]
docs-xml/manpages: Add warning about write-behind translator for vfs_glusterfs
Add warning about data corruption with the write-behind translator.
The data corruption is highlighted by the smbtorture test smb2.rw.rw1.
More information about this data corruption issue is available in the
bz.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14486
Signed-off-by: Sachin Prabhu <sprabhu@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
08f8f665d409ee7b93840c25a8142f2ce8bacfa1)
Amitay Isaacs [Mon, 27 Jul 2020 02:51:41 +0000 (12:51 +1000)]
ctdb-common: Avoid aliasing errors during code optimization
When compiling with GCC 10.x and -O3 optimization, the IP checksum
calculation code generates wrong checksum. The function uint16_checksum
gets inlined during optimization and ip4pkt->tcp data gets wrongly
aliased.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14537
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Oct 21 05:52:28 UTC 2020 on sn-devel-184
(cherry picked from commit
6aa396b0cd1f83f45cb76a4f3123d99135e8dd8c)
Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-12-test): Fri Oct 30 15:24:11 UTC 2020 on sn-devel-184
Andrew Walker [Thu, 24 Sep 2020 20:04:12 +0000 (16:04 -0400)]
vfs_zfsacl: only grant DELETE_CHILD if ACL tag is special
When ZFS aclmode is set to "passthrough" chmod(2)/fchmod(2) will result
in special entries being modified in a way such that delete, delete_child,
write_named_attr, write_attribute are stripped from the returned ACL entry,
and the kernel / ZFS treats this as having rights equivalent to the desired
POSIX mode. Historically, samba has added delete_child to the NFSv4 ACL, but
this is only really called for in the case of special entries in this
particular circumstance.
Alter circumstances in which delete_child is granted so that it only
is added to special entries. This preserves the intend post-chmod behavior,
but avoids unnecessarily increasing permissions in cases where it's not
intended. Further modification of this behavior may be required so that
we grant a general read or general write permissions set in case of
POSIX read / POSIX write on special entries.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14471
RN: vfs_zfsacl: only grant DELETE_CHILD if ACL tag is special
Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
c1a37b4f31d5252ce074d41f69e526aa84b0d3b3)
Ralph Boehme [Thu, 20 Aug 2020 14:41:36 +0000 (16:41 +0200)]
vfs_zfsacl: use a helper variable in zfs_get_nt_acl_common()
No change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14471
Pair-Programmed-With: Andrew Walker <awalker@ixsystems.com>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
13b4f913b06457d8e1f7cf71c85722bbecabd990)
Ralph Boehme [Thu, 20 Aug 2020 14:42:17 +0000 (16:42 +0200)]
vfs_zfsacl: README.Coding fix
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14471
Pair-Programmed-With: Andrew Walker <awalker@ixsystems.com>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
a182f2e6cdded739812e209430d340097acc0031)
Andrew Walker [Thu, 24 Sep 2020 15:42:16 +0000 (11:42 -0400)]
vfs_zfsacl: Add new parameter to stop automatic addition of special entries
Prevent ZFS from automatically adding NFSv4 special entries (owner@, group@,
everyone@). ZFS will automatically add these these entries when calculating the
inherited ACL of new files if the ACL of the parent directory lacks an
inheriting special entry. This may result in user confusion and unexpected
change in permissions of files and directories as the inherited ACL is
generated. Blocking this behavior is achieved by setting an inheriting
everyone@ that grants no permissions and not adding the entry to the file's
Security Descriptor.
This change also updates behavior so that the fd-based syscall facl() is
used where possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14470
RN: vfs_zfsacl: Add new parameter to stop automatic addition of special entries
Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
c10ae30c1185463eb937f69c1fc9914558087167)
Ralph Boehme [Thu, 20 Aug 2020 14:18:35 +0000 (16:18 +0200)]
vfs_zfsacl: use handle based facl() call to query ZFS filesytem ACL
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14470
Pair-Programmed-With: Andrew Walker <awalker@ixsystems.com>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit
f763b1e43640082af80c855a4a519f7747a6c87c)
[slow@samba.org: conflict in zfs_get_nt_acl_common() due to *AT changes in 4.13]
Alexander Bokovoy [Sat, 17 Oct 2020 07:58:12 +0000 (10:58 +0300)]
smb.conf.5: add clarification how configuration changes reflected by Samba
Users of Linux distributions know to read smb.conf(5) manual page but
apparently not many of them read smbd(8) and winbindd(8) to understand
how changes to smb.conf file are reflected in the running processes.
Add a small section that makes it clear where to find relevant
information. Also correct the information in smbd, nmbd, and winbindd
manual pages.
The interval at which smbd does check for smb.conf changes was increased
from 60 seconds to 180 seconds in 1999 with commit
3db52feb1f3b.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14538
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Tue Oct 20 08:50:13 UTC 2020 on sn-devel-184
(cherry picked from commit
e32846f0692df44b4ee929c5ed6ba1de88ec4bd2)
Karolin Seeger [Thu, 29 Oct 2020 09:42:44 +0000 (10:42 +0100)]
VERSION: Bump version up to 4.12.10.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 29 Oct 2020 09:42:15 +0000 (10:42 +0100)]
Merge tag 'samba-4.12.9' into v4-12-test
samba: tag release samba-4.12.9
Karolin Seeger [Tue, 27 Oct 2020 11:24:47 +0000 (12:24 +0100)]
VERSION: Disable GIT_SNAPSHOT for Samba 4.12.9.
o CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify.
o CVE-2020-14323: Unprivileged user can crash winbind.
o CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily
crafted records.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Tue, 27 Oct 2020 11:24:13 +0000 (12:24 +0100)]
WHATSNEW: Add release notes for Samba 4.12.9.
Signed-off-by: Karolin Seeger <kseeger@samba.org>