Karolin Seeger [Thu, 20 Dec 2018 08:23:46 +0000 (09:23 +0100)]
VERSION: Disable GIT_SNAPSHOT for the 4.9.4 release.
Karolin Seeger [Thu, 20 Dec 2018 08:23:09 +0000 (09:23 +0100)]
WHATSNEW: Add release notes for Samba 4.9.4.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Ralph Boehme [Wed, 21 Nov 2018 16:20:30 +0000 (17:20 +0100)]
vfs_shadow_copy2: in fstat also convert fsp->fsp_name and fsp->base_fsp->fsp_name
Stacked VFS modules might use the file name, not the file
handle. Looking at you, vfs_fruit...
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
aa1fac696956f96e89e54ddd4535a6e2844161b0)
Autobuild-User(v4-9-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-9-test): Thu Dec 13 16:47:40 CET 2018 on sn-devel-144
Ralph Boehme [Sat, 24 Nov 2018 09:54:06 +0000 (10:54 +0100)]
s3:smbd: pass down twrp from SMB2_CREATE to filename_convert()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
9c462e1b324ebad60c51bd6e8e659b39a31ec02e)
Ralph Boehme [Sat, 24 Nov 2018 09:45:49 +0000 (10:45 +0100)]
s3:smbd: add twrp args to filename_convert()
All existing callers pass NULL, no change in behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
14b6e6842b76d7c3e53249ba026a3ff51615ebd7)
Ralph Boehme [Sat, 24 Nov 2018 08:05:37 +0000 (09:05 +0100)]
s3:smbd: add twrp processing to filename_convert_internal()
Not used for now, existing callers pass NULL.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
c69bd336a17ca04dbfb4f5d04a963d25b9925118)
Ralph Boehme [Sat, 24 Nov 2018 07:56:49 +0000 (08:56 +0100)]
s3:smbd: prepare filename_convert_internal() for twrp
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
bffc540bc8459cbb1bd1a98528fb1d3b2b54d1d2)
Ralph Boehme [Fri, 23 Nov 2018 13:36:56 +0000 (14:36 +0100)]
s3:selftest: add a VSS test reading a stream
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
cfffa2e2428b42db65a4ece00602e0cef8ceb5a3)
Günther Deschner [Wed, 10 Oct 2018 15:32:25 +0000 (17:32 +0200)]
s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13708
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Dec 11 17:26:31 CET 2018 on sn-devel-144
(cherry picked from commit
75d15484f3b71b1a2684c4a73e53aaa467f9932b)
Ralph Boehme [Fri, 23 Nov 2018 13:08:15 +0000 (14:08 +0100)]
vfs_shadow_copy2: nicely deal with attempts to open previous version for writing
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
cf95756235f718478e556ce1fbf7c032f9c9acfb)
Ralph Boehme [Thu, 22 Nov 2018 10:04:54 +0000 (11:04 +0100)]
vfs_shadow_copy2: add shadow_copy2_strip_snapshot_converted
Can be used by callers to determine if a path is in fact pointing at a
file in a snapshot. Will be used in the next commit.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
14d6488d355e960ab02e72c414cbbc316f1db718)
Ralph Boehme [Thu, 22 Nov 2018 10:02:24 +0000 (11:02 +0100)]
vfs_shadow_copy2: add _already_converted arg to shadow_copy2_strip_snapshot_internal()
Not used for now, all existing callers pass NULL.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
87bf06ed790dad8a4f650c0cd1b6781864666cbf)
Ralph Boehme [Fri, 23 Nov 2018 09:18:44 +0000 (10:18 +0100)]
s3:script/tests: add a test for VSS write behaviour
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit
12778f015988f7e8755016c72c26939998758dae)
Ralph Boehme [Wed, 14 Nov 2018 12:45:11 +0000 (13:45 +0100)]
s4:torture: add a test-suite for VSS
This test will not be run from the main torture test runner in selftest,
as there we don't pass the required arguments 'twrp_file' and
'twrp_snapshot'.
The test needs a carefully prepared environment with provisioned
snapshot data, so the test will be started from a blackbox test
script. That comes next.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
48ddb87a32ca44c2fcc5aac0cc28c5527dc7eade)
Ralph Boehme [Fri, 23 Nov 2018 09:18:10 +0000 (10:18 +0100)]
vfs_error_inject: add EBADF error
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
523a9b312c9f09178a5afefb48343e684e41d817)
Ralph Boehme [Fri, 23 Nov 2018 09:07:29 +0000 (10:07 +0100)]
vfs_error_inject: add pwrite
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
55a82f907f6410ff478e82b0cf7f1caeacaf5ddd)
Justin Stephenson [Wed, 27 Jun 2018 15:32:31 +0000 (11:32 -0400)]
s3:libads: Add net ads leave keep-account option
Add the ability to leave the domain with --keep-account argument to avoid
removal of the host machine account.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13498
Signed-off-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit
d881f0c8a0ce2fc7cabf1966c5724e72c70d6694)
Ralph Boehme [Wed, 28 Nov 2018 14:39:21 +0000 (15:39 +0100)]
winbindd: Route predefined domains through the BUILTIN domain child
Without this eg "NT Authority" didn't work:
$ bin/wbinfo -n "NT Authority/Authenticated Users"
failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
Could not lookup name NT Authority/Authenticated Users
$ bin/wbinfo --group-info="NT Authority/Authenticated Users"
failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for group NT Authority/Authenticated Users
With the patch:
$ bin/wbinfo -n "NT Authority/Authenticated Users"
S-1-5-11 SID_WKN_GROUP (5)
$ bin/wbinfo --group-info="NT Authority/Authenticated Users"
NT AUTHORITY\authenticated users:x:10002:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Dec 5 11:27:22 CET 2018 on sn-devel-144
(cherry picked from commit
8b8d9fdad4a4e2c479141b3d40e9a7320a49c0dd)
Autobuild-User(v4-9-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-9-test): Mon Dec 10 13:43:15 CET 2018 on sn-devel-144
Ralph Boehme [Wed, 28 Nov 2018 16:20:41 +0000 (17:20 +0100)]
winbindd: fix predefined domains routing in find_lookup_domain_from_sid()
Route predefined domains through the BUILTIN domain child, not passdb.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
b512a58bbd7361cbbcf68f6713943377338fc2a1)
Ralph Boehme [Tue, 27 Nov 2018 16:32:09 +0000 (17:32 +0100)]
winbindd: add some braces
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
e0f784baeaa73096534d9a1ed941028d99f84ece)
Ralph Boehme [Wed, 28 Nov 2018 16:19:39 +0000 (17:19 +0100)]
libcli/security: add dom_sid_lookup_is_predefined_domain()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
2de5f06d399109009c343b0acfef822db38502a1)
Ralph Boehme [Tue, 27 Nov 2018 19:32:09 +0000 (20:32 +0100)]
selftest: test wbinfo -n and --gid-info with "NT Authority"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
c46b6b111e8adcd7cf029e5c3293cbdc471793db)
Stefan Metzmacher [Wed, 28 Nov 2018 14:21:56 +0000 (15:21 +0100)]
CVE-2018-14629 dns: fix CNAME loop prevention using counter regression
The loop prevention should only be done for CNAME records!
Otherwise we truncate the answer records for A, AAAA or
SRV queries, which is a bad idea if you have more than 20 DCs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Dec 4 08:52:29 CET 2018 on sn-devel-144
(cherry picked from commit
34f4491d79b47b2fe2457b8882f11644cf773bc4)
Aaron Haslett [Fri, 30 Nov 2018 05:37:27 +0000 (18:37 +1300)]
CVE-2018-14629: Tests to expose regression from dns cname loop fix
These tests expose the regression described by Stefan Metzmacher in
discussion on the bugzilla paged linked below.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
14399fd818b130a6347eec860460929c292d5996)
Martin Schwenke [Fri, 30 Nov 2018 01:44:26 +0000 (12:44 +1100)]
ctdb-daemon: Exit with error if a database directory does not exist
Since 4.9.0, the log messages can be confusing if a required database
directory does not exist. Explicitly check for database directories,
logging a clear error and exiting if one is missing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13696
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon Dec 3 06:56:41 CET 2018 on sn-devel-144
(cherry picked from commit
dd7574afd1b2fb6a88defa154bc3d15e94f9ce0d)
Autobuild-User(v4-9-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-9-test): Wed Dec 5 13:01:52 CET 2018 on sn-devel-144
Isaac Boukris [Wed, 7 Nov 2018 20:53:35 +0000 (22:53 +0200)]
CVE-2018-16853: fix crash in expired passowrd case
When calling encode_krb5_padata_sequence() make sure to
pass a null terminated array as required.
Fixes expired passowrd case in samba4.blackbox.kinit test.
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(v4-9-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-9-test): Tue Dec 4 17:27:18 CET 2018 on sn-devel-144
Andreas Schneider [Wed, 28 Sep 2016 05:22:32 +0000 (07:22 +0200)]
CVE-2018-16853: Do not segfault if client is not set
This can be triggered with FAST but we don't support this yet.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Isaac Boukris [Sat, 18 Aug 2018 13:01:59 +0000 (16:01 +0300)]
CVE-2018-16853: Add a test to verify s4u2self doesn't crash
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Isaac Boukris [Fri, 17 Aug 2018 21:40:30 +0000 (00:40 +0300)]
CVE-2018-16853: The ticket in check_policy_as can actually be a TGS
This happens when we are called from S4U2Self flow, and in that case
kdcreq->client is NULL. Use the name from client entry instead.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Isaac Boukris [Sat, 18 Aug 2018 12:32:43 +0000 (15:32 +0300)]
CVE-2018-16853: Fix kinit test on system lacking ldbsearch
By fixing bindir variable name.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Wed, 7 Nov 2018 13:00:25 +0000 (14:00 +0100)]
libcli/smb: don't overwrite status code
The original commit
c5cd22b5bbce724dcd68fe94320382b3f772cabf from bug
9175 never worked, as the preceeding signing check overwrote the status
variable.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9175
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Nov 13 17:28:45 CET 2018 on sn-devel-144
(cherry picked from commit
5a8583ed701be97c33a20b2a20f6bbb8ac2f8e99)
Ralph Boehme [Tue, 13 Nov 2018 11:08:10 +0000 (12:08 +0100)]
s4:torture/smb2/session: test smbXcli_session_set_disconnect_expired() works
This adds a simple test that verifies that after having set
smbXcli_session_set_disconnect_expired() a session gets disconnected
when it expires.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9175
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
a5d1bb5c5b5a57a2d7710dc5ab962683fe5c8e68)
Garming Sam [Tue, 13 Nov 2018 21:29:01 +0000 (10:29 +1300)]
ldb_controls: Add some talloc error checking for controls
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13686
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
ad8bb6fcd08be28c40f2522d640333e9e69b7852)
Garming Sam [Sun, 18 Nov 2018 22:05:59 +0000 (11:05 +1300)]
sync_passwords: Remove dirsync cookie logging for continuous operation
Under normal operation, users shouldn't see giant cookies in their logs.
We still log the initial cookie retrieved from the cache database, which
should still be helpful for identifying corrupt cookies.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13686
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
ac90c9faa783fc133229e7c163471d96440ff30e)
Garming Sam [Fri, 26 Oct 2018 00:38:02 +0000 (13:38 +1300)]
dirsync: Allow arbitrary length cookies
The length of the cookie is proportional to the number of DCs ever in
the domain (as it stores the uptodateness vector which has stale
invocationID).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13686
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
b7a0d3b110697923a31e353905d3b1bd9385ea9b)
Joe Guo [Mon, 30 Jul 2018 06:19:05 +0000 (18:19 +1200)]
PEP8: fix E231: missing whitespace after ','
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(part of commit
12d3fbe15cb58b57c60499103101e3a845378859 from master
cherry-picked to v4-9-test)
Karolin Seeger [Tue, 27 Nov 2018 10:05:40 +0000 (11:05 +0100)]
VERSION: Bump version up to 4.9.4.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Tue, 27 Nov 2018 10:05:18 +0000 (11:05 +0100)]
Merge tag 'samba-4.9.3' into v4-9-test
samba: tag release samba-4.9.3
Karolin Seeger [Sun, 25 Nov 2018 14:24:31 +0000 (15:24 +0100)]
VERSION: Disable GIT_SNAPSHOT for the 4.9.3 release.
o CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD
Internal DNS server)
o CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT)
o CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server)
o CVE-2018-16852 (NULL pointer de-reference in Samba AD DC DNS servers)
o CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT Kerberos
configuration (unsupported))
o CVE-2018-16857 (Bad password count in AD DC not always effective)
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Sun, 25 Nov 2018 14:23:23 +0000 (15:23 +0100)]
WHATSNEW: Add release notes for Samba 4.9.3.
o CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD
Internal DNS server)
o CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT)
o CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server)
o CVE-2018-16852 (NULL pointer de-reference in Samba AD DC DNS servers)
o CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT Kerberos
configuration (unsupported))
o CVE-2018-16857 (Bad password count in AD DC not always effective)
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Tim Beale [Tue, 13 Nov 2018 00:22:41 +0000 (13:22 +1300)]
CVE-2018-16857 dsdb/util: Add better default lockOutObservationWindow
Clearly the lockOutObservationWindow value is important, and using a
default value of zero doesn't work very well.
This patch adds a better default value (the domain default setting of 30
minutes).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Tue, 13 Nov 2018 00:19:04 +0000 (13:19 +1300)]
CVE-2018-16857 dsdb/util: Fix lockOutObservationWindow for PSOs
Fix a remaining place where we were trying to read the
msDS-LockoutObservationWindow as an int instead of an int64.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Mon, 12 Nov 2018 23:24:16 +0000 (12:24 +1300)]
CVE-2018-16857 dsdb/util: Correctly treat lockOutObservationWindow as 64-bit int
Commit
442a38c918ae1666b35 refactored some code into a new
get_lockout_observation_window() function. However, in moving the code,
an ldb_msg_find_attr_as_int64() inadvertently got converted to a
ldb_msg_find_attr_as_int().
ldb_msg_find_attr_as_int() will only work for values up to -
2147483648
(about 3.5 minutes in MS timestamp form). Unfortunately, the automated
tests used a low enough timeout that they still worked, however,
password lockout would not work with the Samba default settings.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Mon, 12 Nov 2018 22:49:56 +0000 (11:49 +1300)]
CVE-2018-16857 tests: Sanity-check password lockout works with default values
Sanity-check that when we use the default lockOutObservationWindow that
user lockout actually works.
The easiest way to do this is to reuse the _test_login_lockout()
test-case, but stop at the point where we wait for the lockout duration
to expire (because we don't want the test to wait 30 mins).
This highlights a problem currently where the default values don't work.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joe Guo [Mon, 30 Jul 2018 06:19:21 +0000 (18:19 +1200)]
CVE-2018-16857 PEP8: fix E251: unexpected spaces around keyword / parameter equals
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Partial backport of commit
1ccc36b4010cd63 (only password_lockout_base.py
change) as a dependency for:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683
Joe Guo [Mon, 30 Jul 2018 06:15:34 +0000 (18:15 +1200)]
CVE-2018-16857 PEP8: fix E127: continuation line over-indented for visual indent
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Partial backport of commit
bbb9f57603d (only password_lockout_base.py
change) as a dependency for:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683
Andrew Bartlett [Sun, 2 Sep 2018 06:03:06 +0000 (18:03 +1200)]
CVE-2018-16857 selftest: Split up password_lockout into tests with and without a call to sleep()
This means we can have a long observation window for many of the tests and
so make them much more reliable. Many of these cause frustrating flapping
failures in our CI systems.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Sep 3 06:14:55 CEST 2018 on sn-devel-144
(cherry picked from commit
74357bf347348d3a8b7483c58e5250e98f7e8810)
Backported as a dependency for:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683
Joe Guo [Mon, 30 Jul 2018 06:21:29 +0000 (18:21 +1200)]
CVE-2018-16857 PEP8: fix E305: expected 2 blank lines after class or function definition, found 1
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Partial backport of commit
115f2a71b88 (only password_lockout.py
change) as a dependency for:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683
Andrew Bartlett [Sun, 2 Sep 2018 05:34:03 +0000 (17:34 +1200)]
CVE-2018-16857 selftest: Prepare to allow override of lockout duration in password_lockout tests
This will make it easier to avoid flapping tests.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
(cherry picked from commit
a740a6131c967f9640b19a6964fd5d6f85ce853a)
Backported as a dependency for:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683
Andrew Bartlett [Tue, 6 Nov 2018 00:32:05 +0000 (13:32 +1300)]
CVE-2018-16853 build: The Samba AD DC, when build with MIT Kerberos is experimental
This matches https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13678
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Garming Sam [Mon, 5 Nov 2018 03:18:18 +0000 (16:18 +1300)]
CVE-2018-16851 ldap_server: Check ret before manipulating blob
In the case of hitting the talloc ~256MB limit, this causes a crash in
the server.
Note that you would actually need to load >256MB of data into the LDAP.
Although there is some generated/hidden data which would help you reach that
limit (descriptors and RMD blobs).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13674
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Wed, 7 Nov 2018 02:08:04 +0000 (15:08 +1300)]
CVE-2018-16852 dcerpc dnsserver: refactor common properties handling
dnsserver_common.c and dnsutils.c both share similar code to process
zone properties. This patch extracts the common code and moves it to
dnsserver_common.c.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13669
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Mon, 5 Nov 2018 23:16:30 +0000 (12:16 +1300)]
CVE-2018-16852 dcerpc dnsserver: Ensure properties are handled correctly
Fixes for
Bug 13669 - (CVE-2018-16852) NULL
pointer de-reference in Samba AD DC DNS management
The presence of the ZONE_MASTER_SERVERS property or the
ZONE_SCAVENGING_SERVERS property in a zone record causes the server to
follow a null pointer and terminate.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13669
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Mon, 5 Nov 2018 23:10:07 +0000 (12:10 +1300)]
CVE-2018-16852 dcerpc dnsserver: Verification tests
Tests to verify
Bug 13669 - (CVE-2018-16852) NULL
pointer de-reference in Samba AD DC DNS management
The presence of the ZONE_MASTER_SERVERS property or the
ZONE_SCAVENGING_SERVERS property in a zone record causes the server to
follow a null pointer and terminate.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13669
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Wed, 24 Oct 2018 02:41:28 +0000 (15:41 +1300)]
CVE-2018-16841 selftest: Check for mismatching principal in certficate compared with principal in AS-REQ
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13628
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Tue, 23 Oct 2018 04:33:46 +0000 (17:33 +1300)]
CVE-2018-16841 heimdal: Fix segfault on PKINIT with mis-matching principal
In Heimdal KRB5_KDC_ERR_CLIENT_NAME_MISMATCH is an enum, so we tried to double-free
mem_ctx.
This was introduced in
9a0263a7c316112caf0265237bfb2cfb3a3d370d for the
MIT KDC effort.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13628
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Aaron Haslett [Tue, 23 Oct 2018 04:25:51 +0000 (17:25 +1300)]
CVE-2018-14629 dns: CNAME loop prevention using counter
Count number of answers generated by internal DNS query routine and stop at
20 to match Microsoft's loop prevention mechanism.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Karolin Seeger [Thu, 8 Nov 2018 07:56:10 +0000 (08:56 +0100)]
VERSION: Bump version up to 4.9.3...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
424d4d2b4084e8778d82684d29514b5b45cdfd36)
Martin Schwenke [Wed, 14 Nov 2018 03:09:42 +0000 (14:09 +1100)]
ctdb-tests: Make the debug hung script test cope with unreadable stacks
Ideally this would just involve using "test -r". However, operating
system security features may mean that kernel stacks are not readable
even though they appear to be.
Instead, try reading that stack of a process on the test node. If
that succeeds then so should reading the stack of the "stuck" sleep
process in the test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13684
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Tim Beale <timbeale@catalyst.net.nz>
Autobuild-User(master): Tim Beale <timbeale@samba.org>
Autobuild-Date(master): Thu Nov 15 08:15:32 CET 2018 on sn-devel-144
(cherry picked from commit
c1dd6382e3211792e313f7d559b943f55c9cb0e1)
Autobuild-User(v4-9-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-9-test): Tue Nov 20 15:50:33 CET 2018 on sn-devel-144
Ralph Boehme [Thu, 8 Nov 2018 16:31:41 +0000 (17:31 +0100)]
s3:smb2_sesssetup: check session_info security level before it gets talloc_move'd
We talloc_move() session_info to session->global->auth_session_info
which sets session_info to NULL.
This means security_session_user_level(NULL, NULL) will always return
SECURITY_ANONYMOUS so we never sign the session setup response.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Nov 13 14:22:46 CET 2018 on sn-devel-144
(cherry picked from commit
bb93e691ca9b1922bf552363a1e7d70792749d67)
Ralph Boehme [Fri, 9 Nov 2018 11:39:41 +0000 (12:39 +0100)]
s4:torture/smb2/session: session reauth response must be signed
This test checks that a session setup reauth is signed even when neither
client nor server require signing.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
181f18c4bf70754a6f3132375d06250baab2871b)
Ralph Boehme [Fri, 9 Nov 2018 11:19:16 +0000 (12:19 +0100)]
s4:torture/smb2/session: add force_signing to test_session_expire1i
Existing callers pass true, so no change in behaviour. The next commit
adds an additional test that passes force_signing=false.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
5fdea4095ac82536192c8d91c411b22e2683a5c1)
Ralph Boehme [Fri, 9 Nov 2018 14:34:24 +0000 (15:34 +0100)]
s4:torture/smb2/session: require a signed session setup reauth response
All existing tests using this function require signing, so currently
this passes. A subsequent commit adds a test where neither client nor
server require signing and that's where this trap will explode.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
ffc424ee6bedc3c208acb4c0c83da836a12d6123)
Ralph Boehme [Thu, 8 Nov 2018 14:42:46 +0000 (15:42 +0100)]
s4:torture/smb2/session: invalidate credential cache
Invalidate credential cache before connecting to the server, otherwise
we will reuse the credentials from the credential cache populated by the
preceeding tests.
Also invalidate it at the end, otherwise subsequent tests might run into
problems if the credentials expire while authenticating.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
368e1860654e737aa2fa9516cdd3668fa644009a)
Ralph Boehme [Sat, 10 Nov 2018 21:00:04 +0000 (22:00 +0100)]
libcli/smb: use require_signed_response in smb2cli_conn_dispatch_incoming()
This can be used by the upper layers to force checking a response is
signed. It will be used to implement verification of session setup
reauth responses in a torture test. That comes next.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
53fe148476a5566b7a8204d7e44b6e75ce7d45bc)
Ralph Boehme [Sat, 10 Nov 2018 20:56:28 +0000 (21:56 +0100)]
libcli/smb: defer singing check a little bit
This allows adding an additional condition to the if check where the
condition state may be modified in the "if (opcode ==
SMB2_OP_SESSSETUP)" case directly above.
No change in behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
7abf3900218e3d27c075b405735b2c38ec0fc4ca)
Ralph Boehme [Fri, 9 Nov 2018 14:26:44 +0000 (15:26 +0100)]
libcli/smb: maintain require_signed_response in smbXcli_req_state
Not used for now, that comes next.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
67cfb01611869b7590ccd836dd13a80e53545714)
Ralph Boehme [Fri, 9 Nov 2018 14:17:19 +0000 (15:17 +0100)]
libcli/smb: add smb2cli_session_require_signed_response()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
d407201d9bd4ee5ae5609dd107e3ab9ee7afbeb0)
Ralph Boehme [Fri, 9 Nov 2018 11:33:29 +0000 (12:33 +0100)]
s3:selftest: also run smb2.session torture testsuite against ad_member
The next commit adds a subtest to the smb2.session testsuite that
requires Kerberos (ad_dc would work), but where neither SMB2 server or
client must require signing (ad_dc, being an AD DC, requires signing).
The ad_member environment supports Kerberos with the SMB2 server not
mandating signing, that'll do.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
b86c94f0b929f2d9e521d41396c4e1611f5a4c5b)
Ralph Boehme [Thu, 8 Nov 2018 15:24:45 +0000 (16:24 +0100)]
s3:selftest: split "raw.session" and "smb2.session"
The next commit is going to add a testsuite to "smb2.session".
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
d0a8899ed57c2b368c3870b3899a3422251222aa)
Volker Lendecke [Thu, 15 Nov 2018 14:21:36 +0000 (15:21 +0100)]
torture: Fix the 32-bit build
Unfortunately there's no off_t printf specifier as there's one for
size_t. So we have to use intmax_t.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Nov 15 19:45:24 CET 2018 on sn-devel-144
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13677
(cherry picked from commit
0872f140c4a354511b25bb5ed937b9e9409ade3a)
Autobuild-User(v4-9-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-9-test): Mon Nov 19 13:49:34 CET 2018 on sn-devel-144
Ralph Boehme [Tue, 6 Nov 2018 12:24:14 +0000 (13:24 +0100)]
vfs_fruit: validation of writes on AFP_AfpInfo stream
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13677
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
a7c877847f855be5ee6673e541a181b818013abf)
Autobuild-User(v4-9-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-9-test): Fri Nov 16 11:31:10 CET 2018 on sn-devel-144
Ralph Boehme [Tue, 6 Nov 2018 11:34:17 +0000 (12:34 +0100)]
vfs_fruit: move a comment to the right place
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13677
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
4901d71c3de754a106662d01481b960ed7c2c4dd)
Ralph Boehme [Tue, 6 Nov 2018 11:24:54 +0000 (12:24 +0100)]
s4:torture/vfs/fruit: torture writing AFP_AfpInfo stream
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13677
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
221133b0e9ed28274f7513d9416f13a81b7b458b)
Volker Lendecke [Mon, 12 Nov 2018 15:21:55 +0000 (16:21 +0100)]
winbindd: Fix crash when taking profiles
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13629
Signed-off-by: Volker Lendecke <vl@samba.org>
Andreas Schneider [Wed, 7 Nov 2018 13:32:29 +0000 (14:32 +0100)]
lib:util: Fix DEBUGCLASS pointer initializiation
This fixes a segfault in pyglue:
==10142== Process terminating with default action of signal 11 (SIGSEGV)
==10142== Bad permissions for mapped region at address 0x6F00A20
==10142== at 0x6F1074B: py_set_debug_level (pyglue.c:165)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13679
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
71ef09c1afdbf967b829cb66b33c3a5cb1c18ba0)
Autobuild-User(v4-9-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-9-test): Mon Nov 12 16:04:51 CET 2018 on sn-devel-144
Karolin Seeger [Thu, 8 Nov 2018 07:56:10 +0000 (08:56 +0100)]
VERSION: Bump version up to 4.9.3...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 8 Nov 2018 07:55:24 +0000 (08:55 +0100)]
VERSION: Disable GIT_SNAPSHOT for the 4.9.2 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 8 Nov 2018 07:54:49 +0000 (08:54 +0100)]
WHATSNEW: Add release notes for Samba 4.9.2.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Christof Schmitt [Fri, 2 Nov 2018 19:07:58 +0000 (12:07 -0700)]
selftest: Run smb2.delete-on-close-perms also with "delete readonly = yes"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13673
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Sat Nov 3 05:55:45 CET 2018 on sn-devel-144
(cherry picked from commit
7dd3585f9c3ae04df45d98bfdc62663c7a69d3e0)
Autobuild-User(v4-9-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-9-test): Wed Nov 7 11:44:24 CET 2018 on sn-devel-144
Christof Schmitt [Fri, 2 Nov 2018 19:03:51 +0000 (12:03 -0700)]
selftest: Add share to test "delete readonly" option
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13673
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
a8e79decbcfbae1b1a53ec81b942ee06db26bf8f)
Christof Schmitt [Fri, 2 Nov 2018 19:08:23 +0000 (12:08 -0700)]
smbd: Fix DELETE_ON_CLOSE behaviour on files with READ_ONLY attribute
MS-FSA states that a CREATE with FILE_DELETE_ON_CLOSE on an existing
file with READ_ONLY attribute has to return STATUS_CANNOT_DELETE. This
was missing in smbd as the check used the DOS attributes from the CREATE
instead of the DOS attributes on the existing file.
We need to handle the new file and existing file cases separately.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13673
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
162a5257c48f20d3752f644e86c9e626b46436c0)
Christof Schmitt [Fri, 2 Nov 2018 17:49:53 +0000 (10:49 -0700)]
smbtorture: Add test for DELETE_ON_CLOSE on files with READ_ONLY attribute
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13673
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
dc9bbbe4141d8425e66fe9290ff611845f4bd1ce)
Volker Lendecke [Thu, 1 Nov 2018 11:09:14 +0000 (12:09 +0100)]
torture: Fix the clang build
It's used uninitialized if an early torture_assert fails
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Nov 1 17:34:31 CET 2018 on sn-devel-144
(cherry picked from commit
9b28d47b0d86570be5a7c5628e460e01207afb00)
Autobuild-User(v4-9-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-9-test): Tue Nov 6 12:16:07 CET 2018 on sn-devel-144
Ralph Boehme [Wed, 22 Aug 2018 13:25:26 +0000 (15:25 +0200)]
vfs_fruit: let fruit_open_meta() with O_CREAT return a fake-fd
This is the final step in implementing the needed macOS semantics on the
FinderInfo stream: as long as the client hasn't written a non-zero
FinderInfo blob to the stream, there mustn't be a visible filesystem
entry for other openers.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Nov 1 01:14:23 CET 2018 on sn-devel-144
(cherry picked from commit
1b2de44ea8114cf2025e8b8c843131e2f2dbed27)
Ralph Boehme [Sat, 20 Oct 2018 21:50:32 +0000 (23:50 +0200)]
vfs_fruit: don't check for delete-on-close on the FinderInfo stream
macOS SMB server doesn't filter out the FinderInfo stream if it has
delete-on-close set.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
d8c1bb52018289878b9397d513ebbae63933a05f)
Ralph Boehme [Sat, 20 Oct 2018 21:40:14 +0000 (23:40 +0200)]
vfs_fruit: let fruit_pwrite_meta_stream also ftruncate empty FinderInfo
fruit_streaminfo currently filters out the FinderInfo stream is
delete-on-close is set. We set it here internally, but the client may
also set it over SMB. Turns out that the macOS SMB server does NOT
filter out FinderInfo stream with delete-on-close set, so we must change
the way filtering is done in fruit_streaminfo.
Filtering is now done based on the FinderInfo stream being 0-bytes large which
is why I'm adding the ftruncate here.
No idea why the tests that check the filtering passed the commits
leading up to this one, but if you revert this commit after applying the
whole patchset, the "delete AFP_AfpInfo by writing all 0" test will fail.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
480695cd723cc4949e0b39ddb83560efac393412)
Ralph Boehme [Sat, 20 Oct 2018 21:46:43 +0000 (23:46 +0200)]
vfs_fruit: pass stream size to delete_invalid_meta_stream()
delete_invalid_meta_stream() is meant to guard against random data being
present in the FinderInfo stream. If the stream size is 0, it's likely a
freshly created stream where no data has been written to yet, so don't
delete it.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
6e13dbddaec9f8118e11309297f85c3cdfd22e43)
Ralph Boehme [Wed, 17 Oct 2018 14:51:34 +0000 (16:51 +0200)]
vfs_fruit: let fruit handle all aio on the FinderInfo metadata stream
This will be required to support using fake fds for the FinderInfo
metadata stream.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
6fd256afcd5fedc894036efbfba1fc6d2264fba9)
Ralph Boehme [Wed, 22 Aug 2018 14:49:23 +0000 (16:49 +0200)]
vfs_fruit: do ino calculation
As we'll start returning fake fds in open shortly, we can't rely on the
next module to calculat correct inode numbers for streams and must take
over that responsibility.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
80afafe398566fd622f431966808d08ba9ec6473)
Ralph Boehme [Wed, 22 Aug 2018 13:22:08 +0000 (15:22 +0200)]
vfs_fruit: prepare fruit_pread_meta() for reading on fake-fd
If the read on the stream fails we may have hit a handle on a just
created stream (fio->created=true) with no data written yet.
If that's the case return an empty initialized FinderInfo blob.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
d7d92710711f6e555ed45c1dda528cd6a83e1bf5)
Ralph Boehme [Wed, 22 Aug 2018 13:21:08 +0000 (15:21 +0200)]
vfs_fruit: prepare fruit_pwrite_meta() for on-demand opening and writing
This avoid creating files or blobs in our streams backend when a client
creates a stream but hasn't written anything yet. This is the only sane
way to implement the following semantics:
* client 1: create stream "file:foo"
* client 2: open stream "file:foo"
The second operation of client 2 must fail with NT_STATUS_NOT_FOUND.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
4a5c9a9e73230f640eb045a3c47af75b5be9f1d6)
Ralph Boehme [Wed, 22 Aug 2018 13:22:57 +0000 (15:22 +0200)]
vfs_fruit: prepare struct fio for fake-fd and on-demand opening
Not used for now, that comes in the subsequent commits.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
96320eccc9a63b793ff8d05842bce54f120286f9)
Ralph Boehme [Mon, 22 Oct 2018 14:56:46 +0000 (16:56 +0200)]
vfs_fruit: add fio->created
fio->created tracks whether a create created a stream.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
1e055a79541eb69eb2deeae897dde3665c5ffee2)
Ralph Boehme [Mon, 15 Oct 2018 16:38:33 +0000 (18:38 +0200)]
vfs_fruit: remove resource fork special casing
Directly unlinking a file with open handles is not good, don't do it.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
a26032c3f68028b01fb6a7d38851409db1858161)
Ralph Boehme [Wed, 17 Oct 2018 17:07:11 +0000 (19:07 +0200)]
vfs_fruit: add some debugging of dev/ino
Aids in debugging dev/ino mismatch failures in open_file_ntcreate.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
993c7c4e711612225bd07b8fa5544c4bfef88a9e)
Ralph Boehme [Mon, 22 Oct 2018 14:21:21 +0000 (16:21 +0200)]
s4:torture/vfs/fruit: add test "empty_stream"
One to rule them all: consistently test critical operations on all
streams relevant to macOS clients: the FinderInfo stream, the Resource
Fork stream and an arbitrary stream that macOS maps to xattrs when
written to on a macOS SMB server.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
9d8751db64de75a0de442365b317c1b9ce194170)
Ralph Boehme [Thu, 11 Oct 2018 15:14:50 +0000 (17:14 +0200)]
s4:torture/vfs/fruit: add check_stream_list_handle()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
aba502d440ae3478543d3be5c5bbcea39fb0a463)
Ralph Boehme [Wed, 10 Oct 2018 16:45:56 +0000 (18:45 +0200)]
s4:torture/util: add torture_smb2_open()
This seems to be missing: a simple wrapper to just open a file without
fancy options.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
64b28e4a94365092f46052712a38e6fcfbb9f20c)
Ralph Boehme [Sat, 20 Oct 2018 12:53:50 +0000 (14:53 +0200)]
vfs_fruit: filter empty streams
First step in achieving macOS compliant behaviour wrt to empty streams:
- hide empty streams in streaminfo
- prevent opens of empty streams
This means that we may carry 0-byte sized streams in our streams
backend, but this shouldn't really hurt.
The previous attempt of deleting the streams when an SMB setinfo eof to
0 request came in, turned out be a road into desaster.
We could set delete-on-close on the stream, but that means we'd have to
check for it for every write on a stream and checking the
delete-on-close bits requires fetching the locking.tdb record, so this
is expensive and I'd like to avoid that overhead.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
ebfcf75e993b1a792db76b94aa898532e1c81eeb)