Jule Anger [Mon, 28 Aug 2023 13:55:11 +0000 (15:55 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.19.0rc4 release.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Mon, 28 Aug 2023 13:52:29 +0000 (15:52 +0200)]
WHATSNEW: Add release notes for Samba 4.19.0rc4.
Signed-off-by: Jule Anger <janger@samba.org>
Martin Schwenke [Wed, 26 Jul 2023 10:43:37 +0000 (20:43 +1000)]
util: Avoid logging to multiple backends for stdout/stderr
Commit
83fe7a0316d3e5867a56cfdc51ec17f36ea03889 converted the
stdout/stderr logging types to DEBUG_FILE to get a header when using
DEBUG_SYSLOG_FORMAT_ALWAYS. However, this causes all configured
backends to be invoked. When syslog is one of those backends then
this is almost certainly not what is intended.
Instead, call debug_file_log() directly in that special case and
revert the parts of the above commit that convert to file logging.
Most of the changes to debughdrclass() still seem necessary, since
they handle the change of debug_syslog_format from a bool to an enum.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15460
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon Aug 28 01:21:07 UTC 2023 on atb-devel-224
(cherry picked from commit
c7672779128ff12eb7a5cb34052559e62adbd5cb)
Autobuild-User(v4-19-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-19-test): Mon Aug 28 09:36:36 UTC 2023 on atb-devel-224
Joseph Sutton [Fri, 25 Aug 2023 00:14:23 +0000 (12:14 +1200)]
samba-tool: Allow LDB URL to be None
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15458
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
776597bce922d291257e34f1e3304227265a1dbc)
Andrew Bartlett [Thu, 24 Aug 2023 07:09:25 +0000 (19:09 +1200)]
WHATSNEW: Add Resource Based Constrained Delegation (RBCD) feature for Heimdal
This landed in master as
34760dfc89e879a889d64b48c606ccbaf10e8ba3.
(This text based strongly on
e25d6c89bef298ac8cd8c2fb7b49f6cbd4e05ba5
and
b3e043276017c6323afa681df9154df9a4292bd1 in Samba 4.17's WHATSNEW)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15457
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(v4-19-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-19-test): Fri Aug 25 09:02:28 UTC 2023 on atb-devel-224
Jule Anger [Fri, 18 Aug 2023 11:16:15 +0000 (13:16 +0200)]
VERSION: Bump version up to Samba 4.19.0rc4...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Fri, 18 Aug 2023 11:15:48 +0000 (13:15 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.19.0rc3 release.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Fri, 18 Aug 2023 11:14:58 +0000 (13:14 +0200)]
WHATSNEW: Add release notes for Samba 4.19.0rc3.
Signed-off-by: Jule Anger <janger@samba.org>
Andrew Bartlett [Wed, 26 Jul 2023 02:27:16 +0000 (14:27 +1200)]
s4-rpc_server/drsupai: Avoid looping with Azure AD Connect by not incrementing temp_highest_usn for the NC root
We send the NC root first, as a special case for every chunk
that we send until the natural point where it belongs.
We do not bump the tmp_highest_usn in the highwatermark that
the client and server use (it is meant to be an opauqe cookie)
until the 'natural' point where the object appears, similar
to the cache for GET_ANC.
The issue is that without this, because the NC root was sorted
first in whatever chunk it appeared in but could have a 'high'
highwatermark, Azure AD Connect will send back the same
new_highwatermark->tmp_highest_usn, and due to a bug,
a zero reserved_usn, which makes Samba discard it.
The reserved_usn is now much less likely to ever be set because
the tmp_higest_usn is now always advancing.
RN: Avoid infinite loop in initial user sync with Azure AD Connect
when synchronising a large Samba AD domain.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
79ca6ef28a6f94965cb030c4a7da8c1b9db7150b)
Autobuild-User(v4-19-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-19-test): Fri Aug 18 10:33:44 UTC 2023 on atb-devel-224
Andrew Bartlett [Wed, 28 Jun 2023 03:57:47 +0000 (15:57 +1200)]
s4-rpc_server/drsuapi: Ensure logs show DN for replicated objects, not (null)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15407
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
17359afa627a3086ec8d6862f007a3479574a8b4)
Andrew Bartlett [Tue, 27 Jun 2023 05:01:28 +0000 (17:01 +1200)]
s4-rpc_server/drsuapi: Update getnc_state to be != NULL
This is closer to our READDME.Coding style
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
2aba9e230ea62efcbd829f6f073894dfa3180c91)
Andrew Bartlett [Tue, 27 Jun 2023 02:43:39 +0000 (14:43 +1200)]
s4-rpc_server/drsuapi: Rename ncRoot -> untrusted_ncRoot to avoid misuse
Because of the requirement to echo back the original string, we can
not force this to be a trustworthy value.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
2ed9815eeacfcf3a58871bafe0212398cc34c39e)
Andrew Bartlett [Tue, 27 Jun 2023 02:39:18 +0000 (14:39 +1200)]
s4-rpc_server/drsuapi: Avoid modification to ncRoot input variable in GetNCChanges
This tries to avoid it appearing that ncRoot is a value that can
be trusted and used internally by not updating it and instead leaving
it just as an input/echo-back value.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
548f141f11e89d335d8f9d74ab6925fa6b90fb84)
Andrew Bartlett [Tue, 27 Jun 2023 05:06:13 +0000 (17:06 +1200)]
s4-rpc_server/drsuapi: Fix indentation in GetNCChanges()
This avoids the indentation correction being in the previous patch.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
fe7418e1765b79f60945b787536b4d84a548fe02)
Andrew Bartlett [Mon, 26 Jun 2023 04:53:10 +0000 (16:53 +1200)]
s4-rpc_server/drsuapi: Only keep and invalidate replication cycle state for normal replication
This changes the GetNCChanges server to use a per-call state for
extended operations like RID_ALLOC or REPL_OBJ and only maintain
and (more importantly) invalidate the state during normal replication.
This allows REPL_OBJ to be called during a normal replication cycle
that continues using after that call, continuing with the same
highwatermark cookie.
Azure AD will do a sequence of (roughly)
* Normal replication (objects 1..100)
* REPL_OBJ (of 1 object)
* Normal replication (objects 101..200)
However, if there are more than 100 (in this example) objects in the
domain, and the second replication is required, the objects 1..100
are sent, as the replication state was invalidated by the REPL_OBJ call.
RN: Improve GetNChanges to address some (but not all "Azure AD Connect")
syncronisation tool looping during the initial user sync phase.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
99579e706312192f46df33d55949db7f1475d0d0)
Andrew Bartlett [Mon, 24 Jul 2023 00:05:18 +0000 (12:05 +1200)]
s4-torture/drs: Add test showing that if present in the set the NC root leads and tmp_highest_usn moves
The NC root, on any replication when it appears, is the first object to be
replicated, including for all subsequent chunks in the replication.
However the tmp_highest_usn is not updated by that USN, it must
only be updated for the non-NC changes (to match Windows exactly),
or at least only updated with the non-NC changes until it would
naturally appear.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
87414955212143b8502b4c02aca150bc72cb8de5)
Andrew Bartlett [Mon, 26 Jun 2023 04:25:32 +0000 (16:25 +1200)]
s4-torture/drs: Add test demonstrating that a GetNCChanges REPL_OBJ will not reset the replication cookie
This demonstrates the behaviour used by the "Azure AD Connect" cloud sync tool.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
b323169d6ff8357f7c999ae346137166c98218ac)
Andrew Bartlett [Tue, 27 Jun 2023 00:20:32 +0000 (12:20 +1200)]
s4-torture/drs: Add a test matching Azure AD Connect REPL_OBJ behaviour
Azure AD Connect will send a GUID but no DummyDN.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
db16366b0bbefcdb91a0b36c903ed63456a081b8)
Andrew Bartlett [Sun, 23 Jul 2023 23:37:19 +0000 (11:37 +1200)]
s4-torture/drs: Use addCleanup() in getchanges.py for OU handling
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
40f831e67e1f312b1db52c74c119899245d03e32)
Andrew Bartlett [Sun, 23 Jul 2023 23:36:36 +0000 (11:36 +1200)]
s4-torture/drs: Create temp OU with a unique name per test
It is always better to keep the testing OUs unique if possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
628eab11b3c2e82875bf602e363b781d3e5eb96d)
Andrew Bartlett [Sun, 23 Jul 2023 23:40:46 +0000 (11:40 +1200)]
s4-torture/drs: Save the server dnsname on the DcConnection object
This object is used to hold one of many possible connections and
it is helpful for debugging and uniqueness to know which DC is being
connected to.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
c30bb8769ff2c4eba2d8f8a2bd3a56946b7d9d5e)
Andrew Bartlett [Tue, 27 Jun 2023 02:22:52 +0000 (14:22 +1200)]
s4-rpc_server/drsuapi: Remove rudundant check for valid and non-NULL ncRoot_dn
This check was valuable before
aee2039e63ceeb5e69a0461fb77e0f18278e4dc4
but now only checks things we know to be true, as the value has come
from Samba via drs_ObjectIdentifier_to_dn_and_nc_root() either on this
or a previous call.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
0550e469eda4022659718ae9a56f5deaa9f9a307)
Andrew Bartlett [Tue, 27 Jun 2023 02:59:49 +0000 (14:59 +1200)]
s4-dsdb: Improve logging for drs_ObjectIdentifier_to_dn_and_nc_root()
At this layer we can make a reasonable assumption about being able
to read ldb_errstring() to print that for extra useful debugging.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
63843a22c8db73d459bee61e73bb1f0d31e3d427)
Andrew Bartlett [Tue, 27 Jun 2023 05:18:39 +0000 (17:18 +1200)]
s4-rpc_server/drsuapi: Improve debug message for drs_ObjectIdentifier_to_dn_and_nc_root() failure
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
a12bcce89d26ae05bbaeed560cf8fcc7b5bcfdab)
Andrew Bartlett [Tue, 27 Jun 2023 00:18:24 +0000 (12:18 +1200)]
s4-rpc_server/drsuapi: Improve debugging of invalid DNs
This is still unreachable, so but improve the logging
to give more detail in this area anyway.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
d0c1ce53add2fd3b3a4186581f4e214029cbcf1a)
Andrew Bartlett [Sun, 23 Jul 2023 23:35:45 +0000 (11:35 +1200)]
s4-rpc_server/drsuapi: Add tmp_highest_usn tracking to replication log
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15401
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
0d9ea6c559317e19642662220c089e2d59ef3ecd)
Jeremy Allison [Sat, 12 Aug 2023 00:28:53 +0000 (17:28 -0700)]
s3: smbd: Ensure init_smb1_request() zeros out what the incoming pointer points to.
Remove the now unneeded req->xxx = NULL assignments (and the
deliberately bogus req->session = (void *)0xDEADBEEF one
used to demonstrate the bug).
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15432
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Tue Aug 15 12:06:36 UTC 2023 on atb-devel-224
(cherry picked from commit
4145bfb1b5a3639caf26a310d612aec29fc00117)
Autobuild-User(v4-19-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-19-test): Thu Aug 17 10:31:56 UTC 2023 on atb-devel-224
Jeremy Allison [Sat, 12 Aug 2023 00:18:26 +0000 (17:18 -0700)]
s3: torture: Add SMB1-NEGOTIATE-TCON that shows the SMB1 server crashes on the uninitialized req->session.
Found by Robert Morris <rtm@lcs.mit.edu>.
Adds knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15432
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <nopower@samba.org>
(cherry picked from commit
c32df3bb31ce6275cfb91107e34e2d6b3c2fba1b)
Jeremy Allison [Sat, 12 Aug 2023 00:14:38 +0000 (17:14 -0700)]
s3: smbd: init_smb1_request() isn't being passed zero'ed memory from any codepath.
If a client does a SMB1 NEGPROT followed by SMB1 TCON
then req->session is left uninitialized.
Show this causes a crash by deliberately initializing
req->session to an invalid pointer. This will be removed
once the test shows the crash, and the fix is added to
cause init_smb1_request() to zero the memory passed in.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15432
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit
f02f74e931f5821c7b7c1be2b8f0fb60c9a69b19)
Joseph Sutton [Tue, 15 Aug 2023 00:36:05 +0000 (12:36 +1200)]
tests/krb5: Remove incorrect comments
Now that the INT64 claim IDL definition has been corrected, these tests
should pass against Windows.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15452
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 15 19:41:50 UTC 2023 on atb-devel-224
(cherry picked from commit
37fdd79cc0b83b44cb4d4c457fbb8e7410655b24)
Joseph Sutton [Tue, 15 Aug 2023 00:31:54 +0000 (12:31 +1200)]
claims.idl: Use ‘int64’ instead of ‘dlong’ for INT64 claims
This field is supposed to be aligned to eight bytes, but the ‘dlong’
type is aligned to only four bytes. This discrepancy resulted in claims
being encoded and decoded incorrectly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15452
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
aa1815519ce1412cdf25927b54b5178113cdd2a7)
Joseph Sutton [Tue, 15 Aug 2023 00:29:03 +0000 (12:29 +1200)]
librpc:ndr: Add ‘int64’ type
This type behaves like a signed variant of ‘hyper’. Unlike the existing
‘dlong’ type, which has four byte alignment, ‘int64’ is aligned to eight
bytes.
Bump the NDR version to 3.0.1.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15452
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
402bb17693472a9c30f33a0bdf5f5f78df4066cc)
Joseph Sutton [Tue, 15 Aug 2023 00:21:30 +0000 (12:21 +1200)]
tests/krb5: Add a test decoding INT64 PAC claims issued by Windows
Our NDR code currently handles INT64 claims incorrectly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15452
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
631e26e1d63040b37f48fd890ab03f7adfc6d882)
Joseph Sutton [Tue, 15 Aug 2023 00:20:50 +0000 (12:20 +1200)]
tests/krb5: Shorten long lines
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15452
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
0cce616843395215305428b8672ffa315dbdd858)
Joseph Sutton [Tue, 15 Aug 2023 00:20:17 +0000 (12:20 +1200)]
tests/krb5: Remove unused import
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15452
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
2c915e743d53d5e35fa31fa3965d9c9b086351ec)
Jeremy Allison [Fri, 11 Aug 2023 22:19:01 +0000 (15:19 -0700)]
s3: smbd: Add missing 'return;'s in exit paths in reply_exit_done().
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15430
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Mon Aug 14 19:52:49 UTC 2023 on atb-devel-224
(cherry picked from commit
d79d0508a4b8bdc4582a350d109181ecae0bf1e2)
Autobuild-User(v4-19-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-19-test): Tue Aug 15 15:20:43 UTC 2023 on atb-devel-224
Jeremy Allison [Fri, 11 Aug 2023 22:12:05 +0000 (15:12 -0700)]
s3: torture: Add a test doing an SMB1 negotiate+exit.
Robert Morris <rtm@lcs.mit.edu> noticed a missing
return in reply_exit_done().
Adds knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15430
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit
63895e03c4e8ed79a3b2cda928f58ec278cd6608)
Jeremy Allison [Fri, 11 Aug 2023 17:52:31 +0000 (10:52 -0700)]
s3: smbd: Ensure all callers to srvstr_pull_req_talloc() pass a zeroed-out dest pointer.
Now we've fixed srvstr_pull_req_talloc() this isn't
strictly needed, but ensuring pointers are initialized
is best practice to avoid future bugs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15420
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Aug 14 15:55:43 UTC 2023 on atb-devel-224
(cherry picked from commit
5379b8d557a9a16b81eafb87b60b81debc4bfccb)
Jeremy Allison [Fri, 11 Aug 2023 17:47:28 +0000 (10:47 -0700)]
s3: smbd: Uncorrupt the pointer we were using to prove a crash.
Rather than restore to uninitialized, set to NULL as per
modern coding practices.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15420
Reviewed-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
5bc50d2ea4444244721e72b4264311c7005d2f3c)
Jeremy Allison [Fri, 11 Aug 2023 17:42:41 +0000 (10:42 -0700)]
s3: smbd: Ensure srvstr_pull_req_talloc() always NULLs out *dest.
Robert Morris <rtm@lcs.mit.edu> noticed that in the case
where srvstr_pull_req_talloc() is being called with
buffer remaining == 0, we don't NULL out the destination
pointed which is *always* done in the codepaths inside
pull_string_talloc(). This prevents a crash in the caller.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15420
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
9220c45cc191b34e293190f6a923ba463edd5db9)
Jeremy Allison [Fri, 11 Aug 2023 17:39:36 +0000 (10:39 -0700)]
s3: torture: Add SMB1-TRUNCATED-SESSSETUP test.
Shows that we indirect through an uninitialized pointer and the client crashes
it's own smbd.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15420
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
963fd8aa9b76361ab9aeb63307773f2498b17879)
Jeremy Allison [Fri, 11 Aug 2023 17:38:23 +0000 (10:38 -0700)]
s3: smbd: Deliberately currupt an uninitialized pointer.
We will need this to show smbd crashing in the test code.
This will be removed once we're passing the test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15420
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
e7bf94b4e3a7f994aa6f0b859089c5add2ad380f)
Jones Syue [Mon, 7 Aug 2023 09:08:29 +0000 (17:08 +0800)]
mdssvc: Do an early talloc_free() in _mdssvc_open()
Environment setup:
When macOS Finder connect to a samba server with 'spotlight = yes',
macOS would issue mdssvc open (mdssvc.opnum == 0) to samba and it goes
through api _mdssvc_open().
After applied
578e434a94147dc2d7dbfc006d2ab84807859c1d,
(this is reported by jaywei@qnap.com)
this line 'talloc_free(path);' is deleted if _mdssvc_open() normal exit,
so memory is lazy de-allocate: delayed to
smbd_tevent_trace_callback() @ smb2_process.c. [1]
Supposed to explicitly free 'path' in _mdssvc_open() @ srv_mdssvc_nt.c[2]
just like abnormal exit, do not wait for main loop to free 'path' which is
no longer used, this is more consistent while reading source code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15449
[1] gdb tracing 'path' address 0x56204ccc67e0 to know how it is freed.
Breakpoint 2, _tc_free_children_internal (tc=0x56204ccc6780, ptr=0x56204ccc67e0, location=0x7ff430d96410 "../../lib/talloc/talloc.c:1714") at ../../lib/talloc/talloc.c:1656
1656 while (tc->child) {
(gdb) bt
0 _tc_free_children_internal (tc=0x56204ccc6780, ptr=0x56204ccc67e0, location=0x7ff430d96410 "../../lib/talloc/talloc.c:1714") at ../../lib/talloc/talloc.c:1656
1 0x00007ff430d92b14 in _tc_free_internal (tc=0x56204ccc6780, location=0x7ff430d96410 "../../lib/talloc/talloc.c:1714") at ../../lib/talloc/talloc.c:1183
2 0x00007ff430d93b71 in _tc_free_children_internal (tc=0x56204ccc6720, ptr=0x56204ccc6780, location=0x7ff430d96410 "../../lib/talloc/talloc.c:1714") at ../../lib/talloc/talloc.c:1668
3 0x00007ff430d93d66 in talloc_free_children (ptr=0x56204ccc6780) at ../../lib/talloc/talloc.c:1714
4 0x00007ff432235aca in talloc_pop (frame=0x56204ccc6780) at ../../lib/util/talloc_stack.c:125
5 0x00007ff430d92959 in _tc_free_internal (tc=0x56204ccc6720, location=0x7ff431f358d0 "../../source3/smbd/process.c:3726") at ../../lib/talloc/talloc.c:1157
6 0x00007ff430d92cd5 in _talloc_free_internal (ptr=0x56204ccc6780, location=0x7ff431f358d0 "../../source3/smbd/process.c:3726") at ../../lib/talloc/talloc.c:1247
7 0x00007ff430d93f96 in _talloc_free (ptr=0x56204ccc6780, location=0x7ff431f358d0 "../../source3/smbd/process.c:3726") at ../../lib/talloc/talloc.c:1791
8 0x00007ff431d81292 in smbd_tevent_trace_callback (point=TEVENT_TRACE_AFTER_LOOP_ONCE, private_data=0x7ffe46591e30) at ../../source3/smbd/process.c:3726
<...cut...>
[2] gdb tracing 'path' address 0x55a6d66deed0 to know how it is freed.
Breakpoint 2, _tc_free_children_internal (tc=0x55a6d66deed0, ptr=0x55a6d66def30, location=0x7fc4cca84040 "../../source3/rpc_server/mdssvc/srv_mdssvc_nt.c:189") at ../../lib/talloc/talloc.c:1656
1656 while (tc->child) {
(gdb) bt
0 _tc_free_children_internal (tc=0x55a6d66deed0, ptr=0x55a6d66def30, location=0x7fc4cca84040 "../../source3/rpc_server/mdssvc/srv_mdssvc_nt.c:189") at ../../lib/talloc/talloc.c:1656
1 0x00007fc4cb892b14 in _tc_free_internal (tc=0x55a6d66deed0, location=0x7fc4cca84040 "../../source3/rpc_server/mdssvc/srv_mdssvc_nt.c:189") at ../../lib/talloc/talloc.c:1183
2 0x00007fc4cb892cd5 in _talloc_free_internal (ptr=0x55a6d66def30, location=0x7fc4cca84040 "../../source3/rpc_server/mdssvc/srv_mdssvc_nt.c:189") at ../../lib/talloc/talloc.c:1247
3 0x00007fc4cb893f96 in _talloc_free (ptr=0x55a6d66def30, location=0x7fc4cca84040 "../../source3/rpc_server/mdssvc/srv_mdssvc_nt.c:189") at ../../lib/talloc/talloc.c:1791
4 0x00007fc4cc9396e4 in _mdssvc_open (p=0x55a6d66d5600, r=0x55a6d66edc60) at ../../source3/rpc_server/mdssvc/srv_mdssvc_nt.c:189
<...cut...>
Signed-off-by: Jones Syue <jonessyue@qnap.com>
Reviewed-by: Noel Power <npower@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Mon Aug 14 18:11:37 UTC 2023 on atb-devel-224
(cherry picked from commit
044cb8f9d558bfcd7658cae0f05ff36330538748)
Martin Schwenke [Sat, 29 Jul 2023 00:07:35 +0000 (10:07 +1000)]
ctdb-doc: Fix documentation for ctdb event status
Behaviour was changed, documentation wasn't.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15438
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon Aug 7 09:43:33 UTC 2023 on atb-devel-224
(cherry picked from commit
f87f02f6f99157601a6607927305e91835d45ab8)
Autobuild-User(v4-19-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-19-test): Mon Aug 14 08:41:55 UTC 2023 on atb-devel-224
Martin Schwenke [Sun, 30 Jul 2023 01:07:47 +0000 (11:07 +1000)]
ctdb-tools: Fix CID
1539212 - signed/unsigned issue
>>> CID
1539212: Control flow issues (NO_EFFECT)
>>> This greater-than-or-equal-to-zero comparison of an unsigned value is always true. "p >= 0UL".
216 while (p >= 0 && output[p] == '\n') {
This is a real problem in the unlikely event that the output contains
only newlines.
Fix the issue by using a pointer and add a test to cover this case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15438
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
f01a179abcb33d9da6097f5ae45c7e7df1bc0397)
Stefan Metzmacher [Thu, 3 Aug 2023 13:45:45 +0000 (15:45 +0200)]
s3:smbd: fix multichannel connection passing race
If a client opens multiple connection with the same
client guid in parallel, our connection passing is likely
to hit a race.
Assume we have 3 processes:
smbdA: This process already handles all connections for
a given client guid
smbdB: This just received a new connection with an
SMB2 neprot for the same client guid
smbdC: This also received a new connection with an
SMB2 neprot for the same client guid
Now both smbdB and smbdC send a MSG_SMBXSRV_CONNECTION_PASS
message to smbdA. These messages contain the socket fd
for each connection.
While waiting for a MSG_SMBXSRV_CONNECTION_PASSED message
from smbdA, both smbdB and smbdC watch the smbXcli_client.tdb
record for changes (that also verifies smbdA stays alive).
Once one of them say smbdB received the MSG_SMBXSRV_CONNECTION_PASSED
message, the dbwrap_watch logic will wakeup smbdC in order to
let it recheck the smbXcli_client.tdb record in order to
handle the case where smbdA died or deleted its record.
Now smbdC rechecks the smbXcli_client.tdb record, but it
was not woken because of a problem with smbdA. It meant
that smbdC sends a MSG_SMBXSRV_CONNECTION_PASS message
including the socket fd again.
As a result smbdA got the socket fd from smbdC twice (or even more),
and creates two (or more) smbXsrv_connection structures for the
same low level tcp connection. And it also sends more than one
SMB2 negprot response. Depending on the tevent logic, it will
use different smbXsrv_connection structures to process incoming
requests. And this will almost immediately result in errors.
The typicall error is:
smb2_validate_sequence_number: smb2_validate_sequence_number: bad message_id 2 (sequence id 2) (granted = 1, low = 1, range = 1)
But other errors would also be possible.
The detail that leads to the long delays on the client side is
that our smbd_server_connection_terminate_ex() code will close
only the fd of a single smbXsrv_connection, but the refcount
on the socket fd in the kernel is still not 0, so the tcp
connection is still alive...
Now we remember the server_id of the process that we send
the MSG_SMBXSRV_CONNECTION_PASS message to. And just keep
watching the smbXcli_client.tdb record if the server_id
don't change. As we just need more patience to wait for
the MSG_SMBXSRV_CONNECTION_PASSED message.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Aug 8 13:59:58 UTC 2023 on atb-devel-224
(cherry picked from commit
f348b84fbcf203ab1ba92840cf7aecd55dbf9aa0)
Autobuild-User(v4-19-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-19-test): Fri Aug 11 09:01:01 UTC 2023 on atb-devel-224
Stefan Metzmacher [Thu, 3 Aug 2023 13:34:29 +0000 (15:34 +0200)]
s3:smbd: always clear filter_subreq in smb2srv_client_mc_negprot_next()
Commit
5d66d5b84f87267243dcd5223210906ce589af91 introduced a
'verify_again:' target, if we ever hit that, we would leak
the existing filter_subreq.
Moving it just above a possible messaging_filtered_read_send()
will allow us to only clear it if we actually create a new
request. That will help us in the next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
50d61e5300250922bf36bb699306f82dff6a00b9)
Stefan Metzmacher [Fri, 4 Aug 2023 15:16:14 +0000 (17:16 +0200)]
s4:torture/smb2: add smb2.multichannel.bugs.bug_15346
This demonstrates the race quite easily against
Samba and works fine against Windows Server 2022.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
4028d6582907cf582730ceec56872d8584ad02e6)
Stefan Metzmacher [Mon, 7 Aug 2023 10:22:43 +0000 (12:22 +0200)]
s4:torture/smb2: make it possible to pass existing_conn to smb2_connect_ext()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
2b93058be3f6e5eaee239ad3b0e707c62089d18e)
Stefan Metzmacher [Mon, 7 Aug 2023 09:03:41 +0000 (11:03 +0200)]
s4:torture/smb2: let us have a common torture_smb2_con_share()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
dc5a500f0a76720b2a5cb5b1142cf4c35cb6bdea)
Stefan Metzmacher [Mon, 7 Aug 2023 09:03:41 +0000 (11:03 +0200)]
s4:torture/smb2: let torture_smb2_con_sopt() use smb2_connect()
There's no need for smb2_connect_ext().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
ade663ee6ca1a2813b203ea667d933f4dab9e7b7)
Stefan Metzmacher [Fri, 4 Aug 2023 12:03:43 +0000 (14:03 +0200)]
dcerpc.idl: fix definitions for DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED payload
It seems commit
259129e8f4bc8cacd1850eba3f6551134835d079 was partly just
fantasy...
Windows clients just use 16 bytes for DCERPC_PKT_CO_CANCEL and
DCERPC_PKT_ORPHANED pdus.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15446
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Aug 8 08:57:46 UTC 2023 on atb-devel-224
(cherry picked from commit
9ec22e680249cfde06fb1a0a34fcc94d1f47002d)
Autobuild-User(v4-19-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-19-test): Tue Aug 8 14:22:06 UTC 2023 on atb-devel-224
Stefan Metzmacher [Mon, 7 Aug 2023 14:16:27 +0000 (16:16 +0200)]
librpc/rpc: let dcerpc_read_ncacn_packet_next_vector() handle fragments without any payload
DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED don't have any payload by
default. In order to receive them via dcerpc_read_ncacn_packet_send/recv
we need to allow fragments with frag_len == DCERPC_NCACN_PAYLOAD_OFFSET.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15446
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
5c724a3e156ae734e4d187bf9639d895bb011834)
Stefan Metzmacher [Fri, 4 Aug 2023 11:57:12 +0000 (13:57 +0200)]
s4:torture/ndr: add tests for DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED
The PDUs were generated by Windows clients.
And we fail to parse them currently.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15446
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
c37adb762640b7df9731d6a60edce808aa8787f8)
Jule Anger [Tue, 8 Aug 2023 07:13:27 +0000 (09:13 +0200)]
VERSION: Bump version up to Samba 4.19.0rc3...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Tue, 8 Aug 2023 07:12:57 +0000 (09:12 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.19.0rc2 release.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Tue, 8 Aug 2023 07:11:57 +0000 (09:11 +0200)]
WHATSNEW: Add release notes for Samba 4.19.0rc2.
Signed-off-by: Jule Anger <janger@samba.org>
Joseph Sutton [Thu, 3 Aug 2023 01:57:20 +0000 (13:57 +1200)]
third_party/heimdal: Import lorikeet-heimdal-
202308030152 (commit
2a036a6fd80833799316b8a85623cdea3a1135df)
This import fixes the build on 32-bit FreeBSD.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15443
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Joseph Sutton <jsutton@samba.org>
Autobuild-Date(master): Thu Aug 3 05:40:28 UTC 2023 on atb-devel-224
(cherry picked from commit
06d673a1a0c54e78773cc951124486b547ca880d)
Autobuild-User(v4-19-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-19-test): Fri Aug 4 09:31:54 UTC 2023 on atb-devel-224
Noel Power [Thu, 27 Jul 2023 12:26:21 +0000 (13:26 +0100)]
s3/modules: Fix DFS links when widelinks = yes
In openat(), even if we fail to open the file,
propagate stat if and only if the object is a link in
a DFS share. This allows calling code to further process
the link.
Also remove knownfail
Pair-Programmed-With: Jeremy Alison <jra@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jul 29 00:43:52 UTC 2023 on atb-devel-224
(cherry picked from commit
0bf8b25aacdf2f5c746922320b32e3f0886c81f5)
Autobuild-User(v4-19-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-19-test): Thu Aug 3 14:30:32 UTC 2023 on atb-devel-224
Noel Power [Thu, 27 Jul 2023 16:36:29 +0000 (17:36 +0100)]
s3/modules: Add flag indicating if connected share is a dfs share
Not used yet, will be used in the next commit to avoid testing
if the connected share is a dfs one.
Pair-Programmed-With: Jeremy Alison <jra@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
2668dcd0968133cca4f8410bf8c41ed0483f5d87)
Noel Power [Fri, 28 Jul 2023 08:41:59 +0000 (09:41 +0100)]
sefltest: Add new regression test dfs with widelinks = yes
Adds a new test trying to cd into dfs path on share with
widelinks enabled, should generate an error (see BUG:)
Add a knownfail so CI continues
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
3d2e9db8b95f9f45d486f8272e53584975f177fa)
Noel Power [Fri, 28 Jul 2023 08:40:57 +0000 (09:40 +0100)]
selftest: Add new dfs share (with widelinks enabled)
Adds share (to be used in later test) that has dfs node
but additionally has widelinks set to yes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
b57cdfd7efb161cf96b3a39dc7a1652db817e602)
Jones Syue [Wed, 2 Aug 2023 01:48:40 +0000 (09:48 +0800)]
vfs_aio_pthread: fix segfault if samba-tool ntacl get
If configured as AD DC and aio_pthread appended into 'vfs objects'[1],
run these commands would get segfault:
1. sudo samba-tool ntacl get .
2. sudo net vfs getntacl sysvol .
gdb said it goes through aio_pthread_openat_fn() @ vfs_aio_pthread.c[2],
and the fsp->conn->sconn->client is null (0x0).
'sconn->client' memory is allocated when a new connection is accpeted:
smbd_accept_connection > smbd_process > smbXsrv_client_create
While running local commands looks like it would not go through
smbXsrv_client_create so the 'client' is null, segfault might happen.
We should not dereference 'client->server_multi_channel_enabled',
if 'client' is null.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15441
[1] smb.conf example, samba-4.18.5, ubuntu 22.04.2
[global]
dns forwarder = 127.0.0.53
netbios name = U22-JONES-88X1
realm = U22-JONES-88X1.X88X1.JONES
server role = active directory domain controller
workgroup = X88X1
idmap_ldb:use rfc2307 = yes
vfs objects = dfs_samba4 acl_xattr aio_pthread
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[netlogon]
path = /var/lib/samba/sysvol/u22-jones-88x1.x88x1.jones/scripts
read only = No
[2] gdb
(gdb) run /usr/local/samba/bin/samba-tool ntacl get .
Starting program: /usr/local/Python3/bin/python3 /usr/local/samba/bin/samba-tool ntacl get .
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
0x00007fffd0eb809e in aio_pthread_openat_fn (handle=0x8d5cc0, dirfsp=0x8c3070, smb_fname=0x18ab4f0, fsp=0x1af3550, flags=196608, mode=0)
at ../../source3/modules/vfs_aio_pthread.c:467
warning: Source file is more recent than executable.
467 if (fsp->conn->sconn->client->server_multi_channel_enabled) {
(gdb) bt
at ../../source3/modules/vfs_aio_pthread.c:467
at ../../source3/smbd/pysmbd.c:320
---Type <return> to continue, or q <return> to quit---
(gdb) f
at ../../source3/modules/vfs_aio_pthread.c:467
467 if (fsp->conn->sconn->client->server_multi_channel_enabled) {
(gdb) p fsp->conn->sconn->client
$1 = (struct smbXsrv_client *) 0x0
(gdb)
Signed-off-by: Jones Syue <jonessyue@qnap.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
8f4c1c67b4f118a9a47b09ac7908cd3d969b19c2)
Autobuild-User(v4-19-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-19-test): Thu Aug 3 09:45:34 UTC 2023 on atb-devel-224
Andrew Bartlett [Thu, 27 Jul 2023 05:18:45 +0000 (17:18 +1200)]
dsdb: Use samdb_system_container_dn() in pdb_samba_dsdb_*()
This makes more calls to add children, but avoids the cn=system string in the
codebase which makes it easier to audit that this is always being built
correctly.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Jul 31 07:20:21 UTC 2023 on atb-devel-224
(cherry picked from commit
5571ce9619d856d3c9545099366f4e0259aee8ef)
RN: A second container with name CN=System would disable the operation
of the Samba AD DC. Samba now finds the CN=System container by exact
DN and not a search.
Autobuild-User(v4-19-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-19-test): Tue Aug 1 12:12:30 UTC 2023 on atb-devel-224
Andrew Bartlett [Thu, 27 Jul 2023 05:14:30 +0000 (17:14 +1200)]
dsdb: Use samdb_system_container_dn() in dsdb_trust_*()
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
4250d07e4dcd43bf7450b1ae603ff46fdc892d02)
Andrew Bartlett [Thu, 27 Jul 2023 05:11:39 +0000 (17:11 +1200)]
s4-rpc_server/backupkey: Use samdb_system_container_dn() in get_lsa_secret()
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
9b4f3f3cb4ed17bb233d3b5ccd191be63f01f3f4)
Andrew Bartlett [Thu, 27 Jul 2023 05:09:31 +0000 (17:09 +1200)]
s4-rpc_server/backupkey: Use samdb_system_container_dn() in set_lsa_secret()
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
13eed1e0e7d0bdef6b5cdb6b858f124b812adbea)
Andrew Bartlett [Thu, 27 Jul 2023 05:00:21 +0000 (17:00 +1200)]
s4-rpc_server/netlogon: Use samdb_system_container_dn() in fill_trusted_domains_array()
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
a900f6aa5d909d912ee3ca529baa4047c9c4da87)
Andrew Bartlett [Thu, 27 Jul 2023 04:58:13 +0000 (16:58 +1200)]
s4-rpc_server/lsa: Use samdb_system_container_dn() in dcesrv_lsa_get_policy_state()
This is now exactly the same actions, but just uses common code to do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
4e18066fa243da1c505f782ba87187c3bb1078ee)
Andrew Bartlett [Thu, 27 Jul 2023 04:44:10 +0000 (16:44 +1200)]
dsdb: Use samdb_get_system_container_dn() to get Password Settings Container
By doing this we use the common samdb_get_system_container_dn() routine and we
avoid doing a linerize and parse step on the main DN, instead using the
already stored parse of the DN. This is more hygenic.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
3669caa97f76d3e893ac6a1ab88341057929ee6a)
Andrew Bartlett [Thu, 27 Jul 2023 04:29:34 +0000 (16:29 +1200)]
dsdb: Use samdb_system_container_dn() in samldb.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
97b682e0eb0450513dcecb74be672e18e84fe7a2)
Andrew Bartlett [Thu, 27 Jul 2023 04:12:11 +0000 (16:12 +1200)]
dsdb: Add new function samdb_system_container_dn()
This will replace many calls crafting or searching for this DN
elsewhere in the code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
25b0e1102e1a502152d2695aeddf7c65555b16fb)
Arvid Requate [Fri, 26 Aug 2016 14:20:34 +0000 (16:20 +0200)]
Bug #9959: Don't search for CN=System
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
2d461844a201fbca55ebc9a46a15e1d16048055b)
Arvid Requate [Fri, 26 Aug 2016 14:18:57 +0000 (16:18 +0200)]
For Bug #9959: local talloc frame for next commit
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959
Signed-off-by: Arvid Requate <requate@univention.de>
[abartlet@samba.org Added additional talloc_free() in failure paths]
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
b6e80733c3a589f9d784eec86fc713f1ec9c1049)
Jule Anger [Fri, 28 Jul 2023 12:11:30 +0000 (14:11 +0200)]
VERSION: Bump version up to Samba 4.19.0rc2...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 28 Jul 2023 09:49:28 +0000 (11:49 +0200)]
VERSION: Disable GIT_SNAPSHOT for the Samba 4.19.0rc1 release.
Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Jule Anger [Tue, 25 Jul 2023 13:59:19 +0000 (15:59 +0200)]
WHATSNEW: Up to Samba 4.19.0rc1.
Signed-off-by: Jule Anger <janger@samba.org>
Jule Anger [Tue, 18 Jul 2023 08:48:57 +0000 (10:48 +0200)]
ldb: release 2.8.0 for use in Samba 4.19.x
* CVE-2023-0614 Not-secret but access controlled LDAP attributes can be discovered (bug 15270)
* pyldb: Raise an exception if ldb_dn_get_parent() fails
* Implement ldap_whoami in pyldb and add the RFC4532 LDB_EXTENDED_WHOAMI_OID definition
* Documentation and spelling fixes
* Add ldb_val -> bool,uint64,int64 parsing functions
* Split out ldb_val_as_dn() helper function
* add LDB_CHANGETYPE_MODRDN support to ldb_ldif_to_pyobject()
* add LDB_CHANGETYPE_DELETE support to ldb_ldif_to_pyobject()
* let ldb_ldif_parse_modrdn() handle names without 'rdn_name=' prefix
* Don't create error string if there is no error
* Avoid allocation and memcpy() for every wildcard match candidate
* Make ldb_msg_remove_attr O(n)
* pyldb: Throw error on invalid controls
* pyldb: remove py2 ifdefs
* Call tevent_set_max_debug_level(TEVENT_DEBUG_TRACE)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Martin Schwenke [Wed, 12 Jul 2023 00:39:06 +0000 (10:39 +1000)]
ctdb-tools: Improve printing of multi-line event script output
Multi-line output currently prints like this:
OUTPUT: aaa
bbb
ccc
This is less beautiful than it could be.
Instead, print multi-line output with no inlining and each line
indented:
OUTPUT:
aaa
bbb
ccc
However, continue to inline single line output:
OUTPUT: foo
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 12 Jul 2023 00:39:06 +0000 (10:39 +1000)]
ctdb-tools: Always print script output in event status
When event scripts succeed they generally produce no output. However,
when a script succeeds and produces output, such output almost
certainly contains warnings. So, always print script output.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Andrew Bartlett [Wed, 26 Jul 2023 20:06:48 +0000 (08:06 +1200)]
librpc/idl: Remove DCOM and WMI IDL
As hinted in
f2416493c0c779356606aebf0aceca8fa416b55c the DCOM and WMI
IDL is now unused. These generate code with PIDL, costing a small
amount of build time but more importantly are fuzzed, which costs an
ongoing amount of CPU time as oss-fuzz tries to find parsing issues.
We do not need to continue this waste, and these can be restored
if this effort is ever to start again.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 26 Jul 2023 20:17:07 +0000 (08:17 +1200)]
dcom: Remove remainder of DCOM test client code
This follows
f2416493c0c779356606aebf0aceca8fa416b55c, removing the remaining parts
of our DCOM effort. This can be resumed at a later time, but for now this is untested
(as we have no server) and just uses build time.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Pavel Filipenský [Thu, 27 Jul 2023 14:30:00 +0000 (16:30 +0200)]
librpc:crypto: SAFE_FREE() -> krb5_free_enctypes()
Reported by Red Hat internal covscan
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Pavel Filipenský [Thu, 27 Jul 2023 14:29:19 +0000 (16:29 +0200)]
librpc:crypto: SAFE_FREE() -> krb5_free_string()
Reported by Red Hat internal covscan
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Pavel Filipenský [Thu, 27 Jul 2023 14:28:48 +0000 (16:28 +0200)]
auth:credentials: SAFE_FREE() -> krb5_free_string()
Reported by Red Hat internal covscan
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Pavel Filipenský [Thu, 27 Jul 2023 14:26:57 +0000 (16:26 +0200)]
auth:credentials: SAFE_FREE() -> krb5_free_enctypes()
Reported by Red Hat internal covscan
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Pavel Filipenský [Thu, 27 Jul 2023 20:01:00 +0000 (22:01 +0200)]
krb5_wrap: add krb5_free_string()
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Pavel Filipenský [Thu, 27 Jul 2023 14:22:22 +0000 (16:22 +0200)]
krb5_wrap: add krb5_free_enctypes()
MIT Kerberos implements krb5_free_enctypes(), Heimdal is missing it and
offers krb5_xfree() instead.
This introduces a wrapper krb5_free_enctypes() around krb5_xfree() for
Heimdal.
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Fri, 28 Jul 2023 09:16:04 +0000 (11:16 +0200)]
smbd: move tevent_req_post() out of smbd_smb2_create_after_exec()
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Jeremy Allison [Wed, 26 Jul 2023 23:39:51 +0000 (16:39 -0700)]
s3: smbd: Sanitize any "server" and "share" components of SMB1 DFS paths to remove UNIX separators.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15419
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Jul 27 10:52:50 UTC 2023 on atb-devel-224
Jeremy Allison [Wed, 26 Jul 2023 23:37:11 +0000 (16:37 -0700)]
s3: torture: Add test to show an SMB1 DFS path of "\\x//\\/" crashes smbd.
Adds knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15419
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Thu, 18 May 2023 16:12:19 +0000 (18:12 +0200)]
mdssvc: fix returning file modification date for older Mac releases
Mac 10.10 uses kMDItemContentModificationDate instead of
kMDItemFSContentChangeDate.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jul 26 23:42:44 UTC 2023 on atb-devel-224
Ralph Boehme [Wed, 17 May 2023 14:38:39 +0000 (16:38 +0200)]
mdssvc: fix date marshalling
Did this ever work? Possible just copied over from Netatalk and was always
broken... The Mac client expects the timevalue as seconds relative to
2001-01-01 00:00:00 UTC, packed as IEEE float.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 17 May 2023 14:37:36 +0000 (16:37 +0200)]
mdssvc: prepare for returning timestamps with sub-seconds granularity
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15427
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 20 Apr 2023 15:27:20 +0000 (17:27 +0200)]
mdssvc: reduce pagesize to 50
Lastest macOS queries additional file metadata per search result, which causes
the mashalled paged result set including metadata to exceed the 64 KB result
fragment buffer.
Lacking fragementation support in mdssvc (it's supported by the protocol), for
now just reduce the maximum number of results per search page.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15342
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 21 Apr 2023 05:07:13 +0000 (07:07 +0200)]
tests/mdssvc: match hits:total:value to be the actual amount of entries in hits
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15342
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 20 Apr 2023 15:58:38 +0000 (17:58 +0200)]
mdssvc: fix enforcement of "elasticsearch:max results"
This wasn't enforced at all thus a query would return all available matches
without limit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15342
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 20 Apr 2023 15:24:30 +0000 (17:24 +0200)]
mdssvc: add and use SL_PAGESIZE
SL_PAGESIZE is the number of entries we want to process per paged search result
set. This is different from MAX_SL_RESULTS which ought to be a default maximum
value for total number of results returned for a search query.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15342
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 23 Mar 2023 15:39:11 +0000 (16:39 +0100)]
mdssvc: fix long running backend queries
If a query is still running in the backend and we have no results yet, returning
0 triggers a search termination by the client in latest macOS releases. macOS
returns 0x23 in this case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15342
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 19 Apr 2023 12:38:45 +0000 (14:38 +0200)]
mdssvc: set query state for continued queries to SLQ_STATE_RUNNING
SLQ_STATE_RESULTS implies that there are already results attached to the slq
which is not the case. Instead the backend will start processing from where it
left off when it hits the maximum result limit and had set the state to
SLQ_STATE_FULL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15342
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>