sfrench/samba-autobuild/.git
22 months agoVERSION: Release Samba 4.4.15 for CVE-2017-11103 samba-4.4.15
Bob Campbell [Wed, 12 Jul 2017 03:21:27 +0000 (15:21 +1200)]
VERSION: Release Samba 4.4.15 for CVE-2017-11103

Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
22 months agoWHATSNEW: Add release notes for Samba 4.4.15
Bob Campbell [Wed, 12 Jul 2017 03:20:28 +0000 (15:20 +1200)]
WHATSNEW: Add release notes for Samba 4.4.15

Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
22 months agoCVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
Jeffrey Altman [Wed, 12 Apr 2017 19:40:42 +0000 (15:40 -0400)]
CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation

In _krb5_extract_ticket() the KDC-REP service name must be obtained from
encrypted version stored in 'enc_part' instead of the unencrypted version
stored in 'ticket'.  Use of the unecrypted version provides an
opportunity for successful server impersonation and other attacks.

Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams.

Change-Id: I45ef61e8a46e0f6588d64b5bd572a24c7432547c

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12894
(based on heimdal commit 6dd3eb836bbb80a00ffced4ad57077a1cdf227ea)

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
22 months agoRevert "s3: locking: Move two leases functions into a new file."
Stefan Metzmacher [Wed, 12 Jul 2017 06:49:30 +0000 (08:49 +0200)]
Revert "s3: locking: Move two leases functions into a new file."

This reverts commit 419f5cca88fa31d723f4bfe243d72398d4445801.

This should not have been in 4-4-test, see
https://bugzilla.samba.org/show_bug.cgi?id=12628#c6
v4-4-test is in the security fixes only mode.

This also introduces a regression that's fixed in v4-5 and higer only,
see https://bugzilla.samba.org/show_bug.cgi?id=12798

Signed-off-by: Stefan Metzmacher <metze@samba.org>
22 months agoRevert "s3: locking: Update oplock optimization for the leases era !"
Stefan Metzmacher [Wed, 12 Jul 2017 06:47:33 +0000 (08:47 +0200)]
Revert "s3: locking: Update oplock optimization for the leases era !"

This reverts commit 2e00feb278e174fd28d003c4d5a576f91c0bd7d0.

This should not have been in 4-4-test, see
https://bugzilla.samba.org/show_bug.cgi?id=12628#c6
v4-4-test is in the security fixes only mode.

This also introduces a regression that's fixed in v4-5 and higer only,
see https://bugzilla.samba.org/show_bug.cgi?id=12798

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2 years agoVERSION: Bump version up to 4.4.15.
Karolin Seeger [Wed, 24 May 2017 08:05:04 +0000 (10:05 +0200)]
VERSION: Bump version up to 4.4.15.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
2 years agoMerge tag 'samba-4.4.14' into v4-4-test
Karolin Seeger [Wed, 24 May 2017 08:04:01 +0000 (10:04 +0200)]
Merge tag 'samba-4.4.14' into v4-4-test

samba: tag release samba-4.4.14

2 years agoVERSION: Disable GIT_SNAPSHOT for the 4.4.14 release. samba-4.4.14
Karolin Seeger [Fri, 19 May 2017 08:43:01 +0000 (10:43 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.4.14 release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
2 years agoWHATSNEW: Add release notes for Samba 4.4.14.
Karolin Seeger [Fri, 19 May 2017 07:59:25 +0000 (09:59 +0200)]
WHATSNEW: Add release notes for Samba 4.4.14.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
2 years agoCVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside
Volker Lendecke [Mon, 8 May 2017 19:40:40 +0000 (21:40 +0200)]
CVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12780

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2 years agoVERSION: Re-enable GIT_SNAPSHOTS.
Karolin Seeger [Fri, 19 May 2017 08:23:21 +0000 (10:23 +0200)]
VERSION: Re-enable GIT_SNAPSHOTS.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
2 years agoVERSION: Bump version up to 4.4.14.
Karolin Seeger [Fri, 31 Mar 2017 08:14:38 +0000 (10:14 +0200)]
VERSION: Bump version up to 4.4.14.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit dea32007147c1e392a06bf6202ce5361a21ba9fb)

2 years agoVERSION: Bump version up to 4.4.14.
Karolin Seeger [Fri, 31 Mar 2017 08:14:38 +0000 (10:14 +0200)]
VERSION: Bump version up to 4.4.14.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
2 years agoMerge tag 'samba-4.4.13' into v4-4-test
Karolin Seeger [Fri, 31 Mar 2017 08:12:52 +0000 (10:12 +0200)]
Merge tag 'samba-4.4.13' into v4-4-test

samba: tag release samba-4.4.13

2 years agoVERSION: Disable GIT_SNAPSHOTS for the 4.4.13 release. samba-4.4.13
Karolin Seeger [Fri, 31 Mar 2017 06:18:52 +0000 (08:18 +0200)]
VERSION: Disable GIT_SNAPSHOTS for the 4.4.13 release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
2 years agoWHATSNEW: Add release notes for Samba 4.4.13.
Karolin Seeger [Fri, 31 Mar 2017 06:16:17 +0000 (08:16 +0200)]
WHATSNEW: Add release notes for Samba 4.4.13.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
2 years agos3: Test for CVE-2017-2619 regression with "follow symlinks = no" - part 2
Jeremy Allison [Tue, 28 Mar 2017 05:10:29 +0000 (22:10 -0700)]
s3: Test for CVE-2017-2619 regression with "follow symlinks = no" - part 2

Add tests for regular access.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Mar 28 17:05:27 CEST 2017 on sn-devel-144

(cherry picked from commit 4e734fcd1bf82c08aa303ce44e9735acccffcf06)

2 years agos3: smbd: Fix "follow symlink = no" regression part 2.
Jeremy Allison [Tue, 28 Mar 2017 00:09:38 +0000 (17:09 -0700)]
s3: smbd: Fix "follow symlink = no" regression part 2.

Use the cwd_name parameter to reconstruct the original
client name for symlink testing.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit e182a4d39e86c9694e255efdf6ee2ea3ccb9af4a)

2 years agos3: smbd: Fix "follow symlink = no" regression part 2.
Jeremy Allison [Tue, 28 Mar 2017 00:04:58 +0000 (17:04 -0700)]
s3: smbd: Fix "follow symlink = no" regression part 2.

Add an extra paramter to cwd_name to check_reduced_name().

If cwd_name == NULL then fname is a client given path relative
to the root path of the share.

If cwd_name != NULL then fname is a client given path relative
to cwd_name. cwd_name is relative to the root path of the share.

Not yet used, logic added in the next commit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 83e30cb48859b412b76572b6a3ba84d8fde167af)

2 years agos3: Fixup test for CVE-2017-2619 regression with "follow symlinks = no"
Jeremy Allison [Tue, 28 Mar 2017 05:07:50 +0000 (22:07 -0700)]
s3: Fixup test for CVE-2017-2619 regression with "follow symlinks = no"

Use correct bash operators (not string operators).
Add missing "return".

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 037297a1c50e90a0092e3b94f472623f41ccc015)

2 years agos3: Test for CVE-2017-2619 regression with "follow symlinks = no".
Jeremy Allison [Mon, 27 Mar 2017 18:48:25 +0000 (11:48 -0700)]
s3: Test for CVE-2017-2619 regression with "follow symlinks = no".

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Back-ported from commit 782172a9bef0040981d20e49519b13dd744df6a0

2 years agos3: smbd: Fix incorrect logic exposed by fix for the security bug 12496 (CVE-2017...
Jeremy Allison [Mon, 27 Mar 2017 17:46:47 +0000 (10:46 -0700)]
s3: smbd: Fix incorrect logic exposed by fix for the security bug 12496 (CVE-2017-2619).

In a UNIX filesystem, the names "." and ".." by definition can *never*
be symlinks - they are already reserved names.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit ae17bebd250bdde5614b2ac17e53512f19fe9b68)

2 years agoVERSION: Re-enable GIT_SNAPSHOTS.
Karolin Seeger [Fri, 31 Mar 2017 06:17:57 +0000 (08:17 +0200)]
VERSION: Re-enable GIT_SNAPSHOTS.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
2 years agos3: Test for CVE-2017-2619 regression with "follow symlinks = no" - part 2
Jeremy Allison [Tue, 28 Mar 2017 05:10:29 +0000 (22:10 -0700)]
s3: Test for CVE-2017-2619 regression with "follow symlinks = no" - part 2

Add tests for regular access.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Mar 28 17:05:27 CEST 2017 on sn-devel-144

(cherry picked from commit 4e734fcd1bf82c08aa303ce44e9735acccffcf06)

Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Wed Mar 29 13:57:56 CEST 2017 on sn-devel-144

2 years agoVERSION: Bump version up to 4.4.13.
Karolin Seeger [Thu, 23 Mar 2017 09:19:07 +0000 (10:19 +0100)]
VERSION: Bump version up to 4.4.13.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit 7086fb6a4d509d2f740ddc61276f25c43c3a5567)

2 years agos3: smbd: Fix "follow symlink = no" regression part 2.
Jeremy Allison [Tue, 28 Mar 2017 00:09:38 +0000 (17:09 -0700)]
s3: smbd: Fix "follow symlink = no" regression part 2.

Use the cwd_name parameter to reconstruct the original
client name for symlink testing.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit e182a4d39e86c9694e255efdf6ee2ea3ccb9af4a)

2 years agos3: smbd: Fix "follow symlink = no" regression part 2.
Jeremy Allison [Tue, 28 Mar 2017 00:04:58 +0000 (17:04 -0700)]
s3: smbd: Fix "follow symlink = no" regression part 2.

Add an extra paramter to cwd_name to check_reduced_name().

If cwd_name == NULL then fname is a client given path relative
to the root path of the share.

If cwd_name != NULL then fname is a client given path relative
to cwd_name. cwd_name is relative to the root path of the share.

Not yet used, logic added in the next commit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 83e30cb48859b412b76572b6a3ba84d8fde167af)

2 years agos3: Fixup test for CVE-2017-2619 regression with "follow symlinks = no"
Jeremy Allison [Tue, 28 Mar 2017 05:07:50 +0000 (22:07 -0700)]
s3: Fixup test for CVE-2017-2619 regression with "follow symlinks = no"

Use correct bash operators (not string operators).
Add missing "return".

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 037297a1c50e90a0092e3b94f472623f41ccc015)

2 years agos3: Test for CVE-2017-2619 regression with "follow symlinks = no".
Jeremy Allison [Mon, 27 Mar 2017 18:48:25 +0000 (11:48 -0700)]
s3: Test for CVE-2017-2619 regression with "follow symlinks = no".

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Back-ported from commit 782172a9bef0040981d20e49519b13dd744df6a0

2 years agos3: smbd: Fix incorrect logic exposed by fix for the security bug 12496 (CVE-2017...
Jeremy Allison [Mon, 27 Mar 2017 17:46:47 +0000 (10:46 -0700)]
s3: smbd: Fix incorrect logic exposed by fix for the security bug 12496 (CVE-2017-2619).

In a UNIX filesystem, the names "." and ".." by definition can *never*
be symlinks - they are already reserved names.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit ae17bebd250bdde5614b2ac17e53512f19fe9b68)

2 years agos3: locking: Update oplock optimization for the leases era !
Jeremy Allison [Tue, 14 Mar 2017 20:34:07 +0000 (13:34 -0700)]
s3: locking: Update oplock optimization for the leases era !

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12628

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Mar 15 20:04:32 CET 2017 on sn-devel-144

(cherry picked from commit 1c4b15aa5f6707e7bcfc21435e26929fb7f45c0f)

Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Fri Mar 24 12:35:06 CET 2017 on sn-devel-144

2 years agos3: locking: Move two leases functions into a new file.
Jeremy Allison [Tue, 14 Mar 2017 20:23:13 +0000 (13:23 -0700)]
s3: locking: Move two leases functions into a new file.

map_oplock_to_lease_type(), fsp_lease_type().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12628

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(back ported from commit 125c78ad0b8f9caaef1ba2f1aeb5ec593375fccd)

2 years agoVERSION: Bump version up to 4.4.13.
Karolin Seeger [Thu, 23 Mar 2017 09:19:07 +0000 (10:19 +0100)]
VERSION: Bump version up to 4.4.13.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
2 years agoMerge tag 'samba-4.4.12' into v4-4-test
Karolin Seeger [Thu, 23 Mar 2017 09:18:52 +0000 (10:18 +0100)]
Merge tag 'samba-4.4.12' into v4-4-test

samba: tag release samba-4.4.12

2 years agoVERSION: Disable GIT_SNAPSHOTS for the 4.4.12 release samba-4.4.12
Karolin Seeger [Fri, 17 Mar 2017 08:15:05 +0000 (09:15 +0100)]
VERSION: Disable GIT_SNAPSHOTS for the 4.4.12 release

CVE-2017-2619: Symlink race allows access outside share definition.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496

Signed-off-by: Karolin Seeger <kseeger@samba.org>
2 years agoWHATSNEW: Add release notes for Samba 4.4.12.
Karolin Seeger [Fri, 17 Mar 2017 08:13:29 +0000 (09:13 +0100)]
WHATSNEW: Add release notes for Samba 4.4.12.

CVE-2017-2619: Symlink race allows access outside share definition.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496

Signed-off-by: Karolin Seeger <kseeger@samba.org>
2 years agoCVE-2017-2619: s3: smbd: Use the new non_widelink_open() function.
Jeremy Allison [Thu, 15 Dec 2016 21:06:31 +0000 (13:06 -0800)]
CVE-2017-2619: s3: smbd: Use the new non_widelink_open() function.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agoCVE-2017-2619: s3: smbd: Add the core functions to prevent symlink open races.
Jeremy Allison [Thu, 15 Dec 2016 21:04:46 +0000 (13:04 -0800)]
CVE-2017-2619: s3: smbd: Add the core functions to prevent symlink open races.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agoCVE-2017-2619: s3: smbd: Move special handling of symlink errno's into a utility...
Jeremy Allison [Thu, 15 Dec 2016 20:56:08 +0000 (12:56 -0800)]
CVE-2017-2619: s3: smbd: Move special handling of symlink errno's into a utility function.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agoCVE-2017-2619: s3: smbd: Remove O_NOFOLLOW guards. We insist on O_NOFOLLOW existing.
Jeremy Allison [Thu, 15 Dec 2016 20:52:13 +0000 (12:52 -0800)]
CVE-2017-2619: s3: smbd: Remove O_NOFOLLOW guards. We insist on O_NOFOLLOW existing.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agoCVE-2017-2619: s3: smbd: Correctly fallback to open_dir_safely if FDOPENDIR not suppo...
Jeremy Allison [Mon, 19 Dec 2016 20:35:32 +0000 (12:35 -0800)]
CVE-2017-2619: s3: smbd: Correctly fallback to open_dir_safely if FDOPENDIR not supported on system.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agoCVE-2017-2619: s3: smbd: Move the reference counting and destructor setup to just...
Jeremy Allison [Mon, 19 Dec 2016 20:32:07 +0000 (12:32 -0800)]
CVE-2017-2619: s3: smbd: Move the reference counting and destructor setup to just before retuning success.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agoCVE-2017-2619: s3: smbd: OpenDir_fsp() - Fix memory leak on error.
Jeremy Allison [Mon, 19 Dec 2016 20:15:59 +0000 (12:15 -0800)]
CVE-2017-2619: s3: smbd: OpenDir_fsp() - Fix memory leak on error.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agoCVE-2017-2619: s3: smbd: OpenDir_fsp() use early returns.
Jeremy Allison [Mon, 19 Dec 2016 20:13:20 +0000 (12:13 -0800)]
CVE-2017-2619: s3: smbd: OpenDir_fsp() use early returns.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agoCVE-2017-2619: s3: smbd: Create and use open_dir_safely(). Use from OpenDir().
Jeremy Allison [Tue, 20 Dec 2016 00:35:00 +0000 (16:35 -0800)]
CVE-2017-2619: s3: smbd: Create and use open_dir_safely(). Use from OpenDir().

Hardens OpenDir against TOC/TOU races.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agoCVE-2017-2619: s3: smbd: Opendir_internal() early return if SMB_VFS_OPENDIR failed.
Jeremy Allison [Tue, 20 Dec 2016 00:25:26 +0000 (16:25 -0800)]
CVE-2017-2619: s3: smbd: Opendir_internal() early return if SMB_VFS_OPENDIR failed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agoCVE-2017-2619: s3: smbd: Create wrapper function for OpenDir in preparation for makin...
Jeremy Allison [Mon, 19 Dec 2016 19:55:56 +0000 (11:55 -0800)]
CVE-2017-2619: s3: smbd: Create wrapper function for OpenDir in preparation for making robust.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agoCVE-2017-2619: s4/torture: add SMB2_FIND tests with SMB2_CONTINUE_FLAG_REOPEN flag
Ralph Boehme [Sun, 19 Mar 2017 17:52:10 +0000 (18:52 +0100)]
CVE-2017-2619: s4/torture: add SMB2_FIND tests with SMB2_CONTINUE_FLAG_REOPEN flag

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12496

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agoCVE-2017-2619: s3/smbd: re-open directory after dptr_CloseDir()
Ralph Boehme [Sun, 19 Mar 2017 14:58:17 +0000 (15:58 +0100)]
CVE-2017-2619: s3/smbd: re-open directory after dptr_CloseDir()

dptr_CloseDir() will close and invalidate the fsp's file descriptor, we
have to reopen it.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12496

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2 years agoVERSION: Bump version up to Samba 4.4.12...
Karolin Seeger [Mon, 13 Mar 2017 10:34:56 +0000 (11:34 +0100)]
VERSION: Bump version up to Samba 4.4.12...

and re-enable GIT_SNAPSHOTS.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit ca33b7c71f5851198e5224c58856be0e8aa6425f)

2 years agoVERSION: Bump version up to Samba 4.4.12...
Karolin Seeger [Mon, 13 Mar 2017 10:34:56 +0000 (11:34 +0100)]
VERSION: Bump version up to Samba 4.4.12...

and re-enable GIT_SNAPSHOTS.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
2 years agoVERSION: Disable GIT_SNAPSHOTS for the Samba 4.4.11 release. samba-4.4.11
Karolin Seeger [Mon, 13 Mar 2017 10:33:46 +0000 (11:33 +0100)]
VERSION: Disable GIT_SNAPSHOTS for the Samba 4.4.11 release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
2 years agoWHATSNEW: Fix date.
Karolin Seeger [Thu, 16 Mar 2017 07:49:53 +0000 (08:49 +0100)]
WHATSNEW: Fix date.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
2 years agoWHATSNEW: Add release notes for Samba 4.4.11.
Karolin Seeger [Mon, 13 Mar 2017 10:33:02 +0000 (11:33 +0100)]
WHATSNEW: Add release notes for Samba 4.4.11.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Tue Mar 14 16:30:22 CET 2017 on sn-devel-144

2 years agomanpages/vfs_fruit: document global options
Ralph Boehme [Tue, 7 Mar 2017 17:10:56 +0000 (18:10 +0100)]
manpages/vfs_fruit: document global options

Some options MUST be set in the global section, better document that.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12615

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 0c212c50b59081583572f807cf5214037d1517c4)

2 years agos4/torture: some tests for kernel oplocks
Ralph Boehme [Wed, 1 Mar 2017 17:13:35 +0000 (18:13 +0100)]
s4/torture: some tests for kernel oplocks

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit fd03420c4f59d3248b80d07a302d1404ce78b09f)

2 years agos3/selftest: adopt config.h check from source4
Ralph Boehme [Wed, 8 Mar 2017 06:18:36 +0000 (07:18 +0100)]
s3/selftest: adopt config.h check from source4

No change in behaviour.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit 6e54d8d2bda2c9232676f8c08c626f22de50f52b)

2 years agos3/smbd: fix deferred open with streams and kernel oplocks
Ralph Boehme [Tue, 7 Mar 2017 15:27:39 +0000 (16:27 +0100)]
s3/smbd: fix deferred open with streams and kernel oplocks

I noticed smbd can get stuck in an open() call with kernel oplocks
enabled and named streams (provided by vfs_streams_xattr):

- client opens a file and with an exclusive oplock

- client starts writing to the file

- client opens an existing stream of the file

- the smbd process gets stuck in an open()

What happens is:

we had setup a locking.tdb record watch in defer_open(), the watch was
triggered, we reattempted the open and got stuck in a blocking open
because the oplock holder (ourselves) hadn't given up the oplock yet.

Cf e576bf5310bc9de9686a71539e9a1b60b4fba5cc for the commit that added
the kernel oplock retry logic. tldr: with kernel oplocks the first open
is non-blocking, but the second one is blocking.

Detailed analysis follows.

When opening a named stream of a file, Samba internally opens the
underlying "base" file first. This internal open of the basefile suceeds
and does *not* trigger an oplock break (because it is an internal open
that doesn't call open() at all) but it is added as an entry to the
locking.tdb record of the file.

Next, the stream open ends up in streams_xattr where a non-blocking
open() on the base file is called. This open fails with EWOULDBLOCK
because we have another fd with a kernel oplock on the file.

So we call defer_open() which sets up a watch on the locking.tdb record.

In the subsequent error unwinding code in open_file_ntcreate() and
callers we close the internal open file handle of the basefile which
also removes the entry from the locking.tdb record and so *changes the
record*.

This fires the record watch and in the callback defer_open_done() we
don't check whether the condition (oplock gone) we're interested in is
actually met. The callback blindly reschedules the open request with
schedule_deferred_open_message_smb().

schedule_deferred_open_message_smb() schedules an immediate tevent event
which has precedence over the IPC fd events in messaging, so the open is
always (!) reattempted before processing the oplock break message.

As explained above, this second open will be a blocking one so we get
stuck in a blocking open.

It doesn't help to make all opens non-blocking, that would just result
in a busy loop failing the open, as we never process the oplock break
message (remember, schedule_deferred_open_message_smb() used immediate
tevent events).

To fix this we must add some logic to the record watch callback to check
whether the record watch was done for a kernel oplock file and if yes,
check if the oplock state changed. If not, simply reschedule the
deferred open and keep waiting.

This logic is only needed for kernel oplocks, not for Samba-level
oplocks, because there's no risk of deadlocking, the worst that can
happen is a rescheduled open that fails again in the oplock checks and
gets deferred again.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit b35a296a27a0807c780f2a9e7af2f2e93feefaa8)

2 years agos3/smbd: all callers of defer_open() pass a lck
Ralph Boehme [Tue, 7 Mar 2017 14:48:05 +0000 (15:48 +0100)]
s3/smbd: all callers of defer_open() pass a lck

No change in behaviour. Update the function comment explaining how it
works and relies on lck for a record watch.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit 1a6c82e5d5a3462827ee3fe1edab01f535f831a9)

2 years agos3/smbd: remove async_open arg from defer_open()
Ralph Boehme [Tue, 7 Mar 2017 18:11:20 +0000 (19:11 +0100)]
s3/smbd: remove async_open arg from defer_open()

All remaining callers pass false.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 7fa2f1159437c9f1aa47f51e65655b4d9afa5c0a)

2 years agos3/smbd: fix schedule_async_open() timer
Ralph Boehme [Tue, 7 Mar 2017 14:33:55 +0000 (15:33 +0100)]
s3/smbd: fix schedule_async_open() timer

schedule_async_open() was calling defer_open with sharemode lock = NULL,
as a result there was never an active 20 s timeout.

This has been broken since the commits in

$ git log --reverse -p -10 8283fd0e0090ed12b0b12d5acb550642d621b026

Just roll our own deferred record instead of calling defer_open() and
also set up timer that, as a last resort, catches stuck opens and just
exits for now.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit ad8c36125f72e0d5f9ebfc94037a4ae9e7608aad)

2 years agos3/smbd: add and use retry_open() instead of defer_open() in two places
Ralph Boehme [Tue, 7 Mar 2017 14:03:12 +0000 (15:03 +0100)]
s3/smbd: add and use retry_open() instead of defer_open() in two places

Add a new function that does an immediate open rescheduling.

The first deferred open this commit changes was never scheduled, as the
scheduling relies on a timeout of the watch on the sharemode lock.

This has been broken since the commits in

$ git log --reverse -p -10 8283fd0e0090ed12b0b12d5acb550642d621b026

That patchset added the dbwrap watch record logic to defer_open() and
removed the timers.

I'm doing this mainly to untangle the defer_open() logic which is
complicated by the lck arg.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit beaba6222848fb4ff4392b2247c5be1094b1d65b)

2 years agos3/smbd: simplify defer_open()
Ralph Boehme [Tue, 7 Mar 2017 13:37:54 +0000 (14:37 +0100)]
s3/smbd: simplify defer_open()

Add a helper function deferred_open_record_create() that creates a
deferred_open_record and let all callers pass all needed arguments
individually.

While we're at it, enhance the debug message in defer_open() to print
all variables.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit b17ff9b181b7b9730d32534e720c45faabfa6799)

2 years agos3/smbd: req is already validated at the beginning of open_file_ntcreate()
Ralph Boehme [Tue, 7 Mar 2017 13:10:39 +0000 (14:10 +0100)]
s3/smbd: req is already validated at the beginning of open_file_ntcreate()

req can't be NULL because the if condition surrounding this code checks
!(oplock_request & INTERNAL_OPEN_ONLY).

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 8580adc1d968304b69237f289d13950972394b48)

2 years agos3/smbd: add comments and some reformatting to open_file_ntcreate()
Ralph Boehme [Mon, 6 Mar 2017 10:43:08 +0000 (11:43 +0100)]
s3/smbd: add comments and some reformatting to open_file_ntcreate()

No change in behaviour.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit f5631f6b3520326d4c9a6bae5636fd8d53e66b29)

2 years agos3/smbd: add const to get_lease_type() args
Ralph Boehme [Sat, 4 Mar 2017 12:55:55 +0000 (13:55 +0100)]
s3/smbd: add const to get_lease_type() args

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 6924e72ade20e98ac470fcb6ba7120c61b06bb0f)

2 years agos3/wscript: fix Linux kernel oplock detection
Ralph Boehme [Mon, 6 Mar 2017 11:09:53 +0000 (12:09 +0100)]
s3/wscript: fix Linux kernel oplock detection

Fix a copy/paste error, the Linux kernel oplocks check was copied from
the change notify support check.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit fe473f805af885a23bb16046c9d26d756e164f30)

2 years agoreplace: Include sysmacros.h
Andreas Schneider [Thu, 5 Jan 2017 08:34:36 +0000 (09:34 +0100)]
replace: Include sysmacros.h

In the GNU C Library, "makedev" is defined by <sys/sysmacros.h>. For
historical compatibility, it is currently defined by <sys/types.h> as
well, but it is planned to remove this soon.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12686

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 0127bdd33b251a52c6ffc44b6cb3b82b16a80741)

2 years agosmbd: Do an early exit on negprot failure
Volker Lendecke [Tue, 28 Feb 2017 15:03:45 +0000 (15:03 +0000)]
smbd: Do an early exit on negprot failure

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12610

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit cf9acf9a3da932fca115967eb3d9d9ed48fcbbfc)

Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Mon Mar 13 13:03:15 CET 2017 on sn-devel-144

2 years agovfs_fruit: enabling AAPL extensions must be a global switch
Ralph Boehme [Tue, 28 Feb 2017 08:39:37 +0000 (09:39 +0100)]
vfs_fruit: enabling AAPL extensions must be a global switch

Apple's SMB2 AAPL extension is enabled once per SMB2
connection. Unfortunately the (per se correct) fix for bug #12541
results in vfs_fruit checking a per tcon config state variable to
determine whether AAPL has been negotiated. This variable will be false
for all but the first tcon. We must make it a global variable.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12604

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Thu Mar  2 04:34:10 CET 2017 on sn-devel-144

(cherry picked from commit 41204a4972ea62b7b656ad81e24bd052990f7e87)

2 years agos3: smbd: Restart reading the incoming SMB2 fd when the send queue is drained.
Jeremy Allison [Thu, 2 Mar 2017 17:13:23 +0000 (09:13 -0800)]
s3: smbd: Restart reading the incoming SMB2 fd when the send queue is drained.

When the send queue grows greater than xconn->smb2.credits.max/16,
smbd_smb2_request_next_incoming() doesn't allocate a new request in state->req.

After smbd_smb2_io_handler() is called, it marks the fd not readable as
state->req == NULL, and never marks it readable again.

Fix by calling smbd_smb2_request_next_incoming() to restart
reads inside smbd_smb2_flush_send_queue() which drains the
send queue.

Reported by <chen.yehua@h3c.com>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12608

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Mar  3 02:23:20 CET 2017 on sn-devel-144

(cherry picked from commit 1e0c79ddb34be9a2b9fa92d35387c443c4a381ae)

Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Mon Mar  6 16:02:16 CET 2017 on sn-devel-144

2 years agos3:winbindd: fix endless forest trust scan
Stefan Metzmacher [Thu, 2 Mar 2017 07:13:57 +0000 (08:13 +0100)]
s3:winbindd: fix endless forest trust scan

Commit 0392ebcd1d48e9f472f2148b85316a77d9cc953b effectively
disabled the enumeration of trusts in other forests.

The fixes for https://bugzilla.samba.org/show_bug.cgi?id=11691
changed the way we fill domain->domain_flags for domains
in other forests.

Commit fffefe72fcc62d9688b45f53a5327667dc0b2fe6 readded the
ability to enumerate trusts of other forests again, in order to
fix https://bugzilla.samba.org/show_bug.cgi?id=11830

Now we have the problem that multiple domains
(even outside of our forest) are considert to be
our forest root, as they have the following flags:
NETR_TRUST_FLAG_TREEROOT and NETR_TRUST_FLAG_IN_FOREST.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12605

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Mar  2 17:53:14 CET 2017 on sn-devel-144

(cherry picked from commit f9aaddcdd8f9ea648c9c5ea804f56ee3ff6c4c67)

2 years agovfs_fruit: only veto AppleDouble files with fruit:resource=file
Ralph Boehme [Thu, 19 Jan 2017 08:30:45 +0000 (09:30 +0100)]
vfs_fruit: only veto AppleDouble files with fruit:resource=file

vfs_fruit only creates AppleDouble files itself when "fruit:resource" is
set to "file" (the default). It is only then the these AppleDouble files
should be treated as an internal representation and should be
inaccessible from clients.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12526>

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 708767da8c366c021d6d15a3ae71d009357c3320)

2 years agoVERSION: Bump version up to 4.4.11...
Karolin Seeger [Wed, 1 Mar 2017 08:46:20 +0000 (09:46 +0100)]
VERSION: Bump version up to 4.4.11...

and re-enable git snapshots.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
2 years agoVERSION: Disable GIT_SNAPSHOTS for the 4.4.10 release. samba-4.4.10
Karolin Seeger [Wed, 1 Mar 2017 08:45:09 +0000 (09:45 +0100)]
VERSION: Disable GIT_SNAPSHOTS for the 4.4.10 release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
2 years agoWHATSNEW: Add release notes for Samba 4.4.10.
Karolin Seeger [Tue, 28 Feb 2017 15:30:38 +0000 (16:30 +0100)]
WHATSNEW: Add release notes for Samba 4.4.10.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
2 years agos3:winbindd: allow a fallback to NTLMSSP for LDAP connections
Stefan Metzmacher [Wed, 22 Feb 2017 20:18:32 +0000 (21:18 +0100)]
s3:winbindd: allow a fallback to NTLMSSP for LDAP connections

This matches the behaviour of pdb_get_trust_credentials() for
our machine account and allows us to fallback to NTLMSSP
when contacting trusted domains.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 4e9a0894cd977585ccc94e7c1811de1b0293382d)

Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Tue Feb 28 13:13:04 CET 2017 on sn-devel-144

2 years agos3:libads: add more debugging to ads_sasl_spnego_bind()
Stefan Metzmacher [Thu, 23 Feb 2017 10:54:21 +0000 (11:54 +0100)]
s3:libads: add more debugging to ads_sasl_spnego_bind()

Any fallbacks to other authentication methods should be logged.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598

Signed-off-by: Stefan Metzmacher <metze@samba.org>
(similar to commit ea0bc12ba52166032d5112ee22ab53d831c13e86)

2 years agos3:winbindd: rely on the kerberos_state from pdb_get_trust_credentials()
Stefan Metzmacher [Wed, 22 Feb 2017 19:07:25 +0000 (20:07 +0100)]
s3:winbindd: rely on the kerberos_state from pdb_get_trust_credentials()

The implementation of pdb_get_trust_credentials() should have all
the details to set the kerberos_state to a useful value.

This should enable the fallback to NTLMSSP again, when using our
machine account against trusted domains.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 51caeb7c538b7546e5feccf27a735bb803c78a0b)

2 years agos3:winbindd: add more debugging to cm_prepare_connection()
Stefan Metzmacher [Thu, 23 Feb 2017 10:54:21 +0000 (11:54 +0100)]
s3:winbindd: add more debugging to cm_prepare_connection()

Any fallbacks to other authentication methods should be logged.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598

Signed-off-by: Stefan Metzmacher <metze@samba.org>
(similar to commit ba9d139ec3d71af184a24daf24356304c2e49144)

2 years agos3:passdb: use cli_credentials_set_kerberos_state() for trusts in pdb_get_trust_crede...
Stefan Metzmacher [Wed, 22 Feb 2017 19:07:25 +0000 (20:07 +0100)]
s3:passdb: use cli_credentials_set_kerberos_state() for trusts in pdb_get_trust_credentials()

Trust accounts can only use kerberos when contacting other AD domains,
using NTLMSSP will fail.

At the same time it doesn't make sense to try kerberos for NT4 domains,
still NTLMSSP will fail, but the callers has to deal with that
case and just fallback to an anonymous SMB connection.

In all cases we should be able to use NETLOGON SCHANNEL
over any anonymous smb or tcp transport.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit d961ae9d14b46708d2693ca91ace04f9f1a53ca2)

2 years agos3:winbindd: fix the valid usage anonymous smb authentication
Stefan Metzmacher [Wed, 22 Feb 2017 18:18:04 +0000 (19:18 +0100)]
s3:winbindd: fix the valid usage anonymous smb authentication

If we are in a situation where we don't have credentials to contact the
remote domain or against an NT4 with the following settings:

  workgroup = NT4DOM
  security = domain
  require strong key = no
  client use spnego = no
  client ipc signing = auto

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12587

Signed-off-by: Stefan Metzmacher <metze@samba.org>
(similar to commit c97a29bdfdc0020ec0113073580da56f2d35edc1)

2 years agoauth/credentials: try to use kerberos with the machine account unless we're in an...
Stefan Metzmacher [Fri, 24 Feb 2017 15:02:50 +0000 (16:02 +0100)]
auth/credentials: try to use kerberos with the machine account unless we're in an AD domain

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12587

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit b845f16d3ca02dd27cc40bbf722426d6f81bb4b7)

2 years agos3:winbindd: try a NETLOGON connection with noauth over NCACN_NP against trusted...
Stefan Metzmacher [Fri, 24 Feb 2017 10:37:32 +0000 (10:37 +0000)]
s3:winbindd: try a NETLOGON connection with noauth over NCACN_NP against trusted domains.

We're using only NCACN_NP here as we rely on the smb signing restrictions
of cm_prepare_connection().

This should fix SMB authentication with a user of a domain
behind a transitive trust.

With this change winbindd is able to call
dcerpc_netr_DsrEnumerateDomainTrusts against the
dc of a trusted domain again. This only works
for two-way trusts.

The main problem is the usage of is_trusted_domain()
which doesn't know about the domain, if winbindd can't
enumerate the domains in the other forest.

is_trusted_domain() is used in make_user_info_map(),
which is called in auth3_check_password() before
auth_check_ntlm_password().

That means we're mapping the user of such a domain
to our own local sam, before calling our auth modules.

A much better fix, which removes the usage of is_trusted_domain()
in planed for master, but this should do the job for current releases.

We should avoid talking to DCs of other domains and always
go via our primary domain. As we should code with one-way trusts
also, we need to avoid relying on a complete list of
domains in future.

For now "wbinfo -m" lists domains behind a two-way transitive
trust again, but that is likely to change in future again!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11830

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit fffefe72fcc62d9688b45f53a5327667dc0b2fe6)

2 years agos3:winbindd: make sure cm_prepare_connection() only returns OK with a valid tree...
Stefan Metzmacher [Tue, 31 Jan 2017 14:19:00 +0000 (15:19 +0100)]
s3:winbindd: make sure cm_prepare_connection() only returns OK with a valid tree connect

If cm_get_ipc_credentials() returned anonymous creds and signing is required
we were returning the result of cm_get_ipc_credentials() instead of
the original error.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12588

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(similar to commit cebcc2adc7e568d492466bb69f21ba2a9630a0d2)

2 years agovfs_streams_xattr: use fsp, not base_fsp
Ralph Boehme [Fri, 17 Feb 2017 07:10:53 +0000 (08:10 +0100)]
vfs_streams_xattr: use fsp, not base_fsp

The base_fsp's fd is always -1 as it's closed after being openend in
create_file_unixpath().

Additionally in streams_xattr_open force using of SMB_VFS_FSETXATTR() by
sticking the just created fd into the fsp (and removing it afterwards).

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12591

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Feb 22 08:25:46 CET 2017 on sn-devel-144

(cherry picked from commit 021189e32ba507832b5e821e5cda8a2889225955)

Autobuild-User(v4-4-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-4-test): Sat Feb 25 05:08:00 CET 2017 on sn-devel-144

2 years agolibcli/auth: use the correct creds value against servers without LogonSamLogonEx
Stefan Metzmacher [Wed, 15 Feb 2017 07:58:20 +0000 (08:58 +0100)]
libcli/auth: use the correct creds value against servers without LogonSamLogonEx

If we use the credential chain we need to use the value from
netlogon_creds_client_authenticator() to make sure we have the current
value to encrypt in logon info.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12586

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 0ed2a65593b5abc9ba7f40992ed0ed8f448f5836)

2 years agolibrpc/rpc: fix regression in NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE error mapping
Stefan Metzmacher [Wed, 15 Feb 2017 07:07:06 +0000 (08:07 +0100)]
librpc/rpc: fix regression in NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE error mapping

Commit 1eef70872930fa4f9d3dedd23476b34cae638428 changed the mapping for
DCERPC_NCA_S_FAULT_INVALID_TAG from NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE
to NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12585

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit c97e39b34fcf260ded42ef1a9efe7ed55e65a1cf)

2 years agokrb5_wrap: use our own code to calculate the ENCTYPE_ARCFOUR_HMAC key
Stefan Metzmacher [Tue, 21 Feb 2017 11:15:07 +0000 (12:15 +0100)]
krb5_wrap: use our own code to calculate the ENCTYPE_ARCFOUR_HMAC key

Our own convert_string_talloc() function handles a wider range
of unicode code points than the MIT krb5 or heimdal code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Feb 21 20:08:16 CET 2017 on sn-devel-144
(similar to commit 10e1b92c288ae27f775debb16c3e122b6063fa21)

2 years agos4:libcli/raw: remove unused DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH
Stefan Metzmacher [Tue, 23 Aug 2016 10:41:48 +0000 (12:41 +0200)]
s4:libcli/raw: remove unused DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit e9c184088cbbb47e48d9e96fc753a56c544301dc)

2 years agos3:include: remove unused DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH
Stefan Metzmacher [Tue, 23 Aug 2016 10:41:48 +0000 (12:41 +0200)]
s3:include: remove unused DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 21cbf8e4db6928a8a3fb712b3750bb50c1201948)

2 years agos3:net_rpc_trust: make use of trust_pw_new_value()
Stefan Metzmacher [Tue, 23 Aug 2016 08:42:30 +0000 (10:42 +0200)]
s3:net_rpc_trust: make use of trust_pw_new_value()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 13fd543929c72fa5af1ae6e21ca8dda9a57a0f55)

2 years agos3:libnet_join: make use of trust_pw_new_value()
Stefan Metzmacher [Tue, 23 Aug 2016 10:09:57 +0000 (12:09 +0200)]
s3:libnet_join: make use of trust_pw_new_value()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 77edef9555acd6e0c843582637bc367fa0d2a203)

2 years agos3:libads: use trust_pw_new_value() for krb5 machine passwords
Stefan Metzmacher [Tue, 23 Aug 2016 08:38:58 +0000 (10:38 +0200)]
s3:libads: use trust_pw_new_value() for krb5 machine passwords

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(similar to commit 00136940757ea6947f97c9c92b25207d9413727b)

2 years agos3:libsmb: use trust_pw_new_value() in trust_pw_change()
Stefan Metzmacher [Tue, 23 Aug 2016 10:12:35 +0000 (12:12 +0200)]
s3:libsmb: use trust_pw_new_value() in trust_pw_change()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit c21e9981d04fa016ef708941ea82051d0438b7a7)

2 years agos3:libsmb: add trust_pw_new_value() helper function
Stefan Metzmacher [Tue, 23 Aug 2016 10:12:35 +0000 (12:12 +0200)]
s3:libsmb: add trust_pw_new_value() helper function

This generates a new trust password based on the secure channel type
and lp_security().

NT4 really has a limit of 28 UTF16 bytes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 9e26ad86fbd7e6f39f98fb9d037ac86f3146cb11)

2 years agos3:libsmb: let trust_pw_change() verify the new password at the end.
Stefan Metzmacher [Thu, 9 Feb 2017 21:53:52 +0000 (22:53 +0100)]
s3:libsmb: let trust_pw_change() verify the new password at the end.

We should notice problems as early as possible, it makes no
sense to keep things working for a while and later find out
the we lost our trust relationship with our domain.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit a2877541681e07f09aee7d7c21adbe50346755e3)

2 years agos3:libsmb: let trust_pw_change() debug more verbose information
Stefan Metzmacher [Wed, 18 Jan 2017 18:57:30 +0000 (19:57 +0100)]
s3:libsmb: let trust_pw_change() debug more verbose information

Password changes caused much trouble in the past, so we better debug
them at log level 0 and may see them also in the syslog.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 4185689dbf0085fcb3840ad8b520df21a33e5d2a)

2 years agolib/util: add generate_random_machine_password() function
Stefan Metzmacher [Tue, 23 Aug 2016 07:30:05 +0000 (09:30 +0200)]
lib/util: add generate_random_machine_password() function

It generates more random password for the use as machine password,
restricted to codepoints <= 0xFFFF in order to be compatible
with MIT krb5 and Heimdal.

Note: the fallback to ascii if 'unix charset' is not 'utf8'.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit ad12cfae42cc592166d6a1c1ee323f1aae82f235)

2 years agolibcli/auth: add netlogon_creds_cli_debug_string()
Stefan Metzmacher [Thu, 9 Feb 2017 20:47:52 +0000 (21:47 +0100)]
libcli/auth: add netlogon_creds_cli_debug_string()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit abe427775ee8ed1d278d5094ca127f85289ca5a3)