Karolin Seeger [Tue, 12 Sep 2017 22:44:21 +0000 (15:44 -0700)]
VERSION: Disable GIT_SNAPSHOTS for the 4.4.16 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Tue, 12 Sep 2017 22:43:26 +0000 (15:43 -0700)]
WHATSNEW: Add release notes for Samba 4.4.16.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Jeremy Allison [Fri, 8 Sep 2017 17:13:14 +0000 (10:13 -0700)]
CVE-2017-12163: s3:smbd: Prevent client short SMB1 write from writing server memory to file.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13020
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Sat, 17 Dec 2016 09:36:49 +0000 (10:36 +0100)]
CVE-2017-12151: s3:libsmb: make use of cli_state_is_encryption_on()
This will keep enforced encryption across dfs referrals.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12996
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Mon, 14 Aug 2017 10:13:18 +0000 (12:13 +0200)]
CVE-2017-12151: s3:libsmb: add cli_state_is_encryption_on() helper function
This allows to check if the current cli_state uses encryption
(either via unix extentions or via SMB3).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12996
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Mon, 12 Dec 2016 05:07:56 +0000 (06:07 +0100)]
CVE-2017-12150: s3:libsmb: only fallback to anonymous if authentication was not requested
With forced encryption or required signing we should also don't fallback.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 29 Aug 2017 13:35:49 +0000 (15:35 +0200)]
CVE-2017-12150: libcli/smb: add smbXcli_conn_signing_mandatory()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 29 Aug 2017 13:24:14 +0000 (15:24 +0200)]
CVE-2017-12150: auth/credentials: cli_credentials_authentication_requested() should check for NTLM_CCACHE/SIGN/SEAL
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Mon, 12 Dec 2016 04:49:46 +0000 (05:49 +0100)]
CVE-2017-12150: libgpo: make use of SMB_SIGNING_REQUIRED in gpo_connect_server()
It's important that we use a signed connection to get the GPOs!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 9 Dec 2016 08:26:32 +0000 (09:26 +0100)]
CVE-2017-12150: s3:pylibsmb: make use of SMB_SIGNING_DEFAULT for 'samba.samba3.libsmb_samba_internal'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 3 Nov 2016 16:16:43 +0000 (17:16 +0100)]
CVE-2017-12150: s3:lib: get_cmdline_auth_info_signing_state smb_encrypt SMB_SIGNING_REQUIRED
This is an addition to the fixes for CVE-2015-5296.
It applies to smb2mount -e, smbcacls -e and smbcquotas -e.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Karolin Seeger [Tue, 12 Sep 2017 18:28:03 +0000 (11:28 -0700)]
VERSION: Bump version up to 4.5.16...
and re-enable GIT_SNAPSHOTS.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Jeremy Allison [Thu, 13 Jul 2017 19:06:58 +0000 (12:06 -0700)]
s3: smbd: Fix a read after free if a chained SMB1 call goes async.
Reported to the Samba Team by Yihan Lian <lianyihan@360.cn>, a security
researcher of Qihoo 360 GearTeam. Thanks a lot!
smb1_parse_chain() incorrectly used talloc_tos() for the memory
context of the chained smb1 requests. This gets freed between
requests so if a chained request goes async, the saved request
array also is freed, which causes a crash on resume.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12836
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
5fe76a5474823ed7602938a07c9c43226a7882a3)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Tue Jul 25 01:31:58 CEST 2017 on sn-devel-144
Ralph Boehme [Fri, 7 Jul 2017 10:57:57 +0000 (12:57 +0200)]
s3/smbd: let non_widelink_open() chdir() to directories directly
If the caller passes O_DIRECTORY we just try to chdir() to smb_fname
directly, not to the parent directory.
The security check in check_reduced_name() will continue to work, but
this fixes the case of an open() for a previous version of a
subdirectory that contains snapshopt.
Eg:
[share]
path = /shares/test
vfs objects = shadow_copy2
shadow:snapdir = .snapshots
shadow:snapdirseverywhere = yes
Directory tree with fake snapshots:
$ tree -a /shares/test/
/shares/test/
├── dir
│ ├── file
│ └── .snapshots
│ └── @GMT-2017.07.04-04.30.12
│ └── file
├── dir2
│ └── file
├── file
├── .snapshots
│ └── @GMT-2001.01.01-00.00.00
│ ├── dir2
│ │ └── file
│ └── file
└── testfsctl.dat
./bin/smbclient -U slow%x //localhost/share -c 'ls @GMT-2017.07.04-04.30.12/dir/*'
NT_STATUS_OBJECT_NAME_NOT_FOUND listing \@GMT-2017.07.04-04.30.12\dir\*
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12885
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
b886a9443d49f6e27fa3863d87c9e24d12e62874)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Mon Jul 24 04:25:45 CEST 2017 on sn-devel-144
Bob Campbell [Wed, 12 Jul 2017 03:21:27 +0000 (15:21 +1200)]
VERSION: Release Samba 4.4.15 for CVE-2017-11103
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Bob Campbell [Wed, 12 Jul 2017 03:20:28 +0000 (15:20 +1200)]
WHATSNEW: Add release notes for Samba 4.4.15
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Jeffrey Altman [Wed, 12 Apr 2017 19:40:42 +0000 (15:40 -0400)]
CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
In _krb5_extract_ticket() the KDC-REP service name must be obtained from
encrypted version stored in 'enc_part' instead of the unencrypted version
stored in 'ticket'. Use of the unecrypted version provides an
opportunity for successful server impersonation and other attacks.
Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams.
Change-Id: I45ef61e8a46e0f6588d64b5bd572a24c7432547c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12894
(based on heimdal commit
6dd3eb836bbb80a00ffced4ad57077a1cdf227ea)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 12 Jul 2017 06:49:30 +0000 (08:49 +0200)]
Revert "s3: locking: Move two leases functions into a new file."
This reverts commit
419f5cca88fa31d723f4bfe243d72398d4445801.
This should not have been in 4-4-test, see
https://bugzilla.samba.org/show_bug.cgi?id=12628#c6
v4-4-test is in the security fixes only mode.
This also introduces a regression that's fixed in v4-5 and higer only,
see https://bugzilla.samba.org/show_bug.cgi?id=12798
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 12 Jul 2017 06:47:33 +0000 (08:47 +0200)]
Revert "s3: locking: Update oplock optimization for the leases era !"
This reverts commit
2e00feb278e174fd28d003c4d5a576f91c0bd7d0.
This should not have been in 4-4-test, see
https://bugzilla.samba.org/show_bug.cgi?id=12628#c6
v4-4-test is in the security fixes only mode.
This also introduces a regression that's fixed in v4-5 and higer only,
see https://bugzilla.samba.org/show_bug.cgi?id=12798
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Karolin Seeger [Wed, 24 May 2017 08:05:04 +0000 (10:05 +0200)]
VERSION: Bump version up to 4.4.15.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Wed, 24 May 2017 08:04:01 +0000 (10:04 +0200)]
Merge tag 'samba-4.4.14' into v4-4-test
samba: tag release samba-4.4.14
Karolin Seeger [Fri, 19 May 2017 08:43:01 +0000 (10:43 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.4.14 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Fri, 19 May 2017 07:59:25 +0000 (09:59 +0200)]
WHATSNEW: Add release notes for Samba 4.4.14.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Volker Lendecke [Mon, 8 May 2017 19:40:40 +0000 (21:40 +0200)]
CVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12780
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Karolin Seeger [Fri, 19 May 2017 08:23:21 +0000 (10:23 +0200)]
VERSION: Re-enable GIT_SNAPSHOTS.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Fri, 31 Mar 2017 08:14:38 +0000 (10:14 +0200)]
VERSION: Bump version up to 4.4.14.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
dea32007147c1e392a06bf6202ce5361a21ba9fb)
Karolin Seeger [Fri, 31 Mar 2017 08:14:38 +0000 (10:14 +0200)]
VERSION: Bump version up to 4.4.14.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Fri, 31 Mar 2017 08:12:52 +0000 (10:12 +0200)]
Merge tag 'samba-4.4.13' into v4-4-test
samba: tag release samba-4.4.13
Karolin Seeger [Fri, 31 Mar 2017 06:18:52 +0000 (08:18 +0200)]
VERSION: Disable GIT_SNAPSHOTS for the 4.4.13 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Fri, 31 Mar 2017 06:16:17 +0000 (08:16 +0200)]
WHATSNEW: Add release notes for Samba 4.4.13.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Jeremy Allison [Tue, 28 Mar 2017 05:10:29 +0000 (22:10 -0700)]
s3: Test for CVE-2017-2619 regression with "follow symlinks = no" - part 2
Add tests for regular access.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Mar 28 17:05:27 CEST 2017 on sn-devel-144
(cherry picked from commit
4e734fcd1bf82c08aa303ce44e9735acccffcf06)
Jeremy Allison [Tue, 28 Mar 2017 00:09:38 +0000 (17:09 -0700)]
s3: smbd: Fix "follow symlink = no" regression part 2.
Use the cwd_name parameter to reconstruct the original
client name for symlink testing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
e182a4d39e86c9694e255efdf6ee2ea3ccb9af4a)
Jeremy Allison [Tue, 28 Mar 2017 00:04:58 +0000 (17:04 -0700)]
s3: smbd: Fix "follow symlink = no" regression part 2.
Add an extra paramter to cwd_name to check_reduced_name().
If cwd_name == NULL then fname is a client given path relative
to the root path of the share.
If cwd_name != NULL then fname is a client given path relative
to cwd_name. cwd_name is relative to the root path of the share.
Not yet used, logic added in the next commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
83e30cb48859b412b76572b6a3ba84d8fde167af)
Jeremy Allison [Tue, 28 Mar 2017 05:07:50 +0000 (22:07 -0700)]
s3: Fixup test for CVE-2017-2619 regression with "follow symlinks = no"
Use correct bash operators (not string operators).
Add missing "return".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
037297a1c50e90a0092e3b94f472623f41ccc015)
Jeremy Allison [Mon, 27 Mar 2017 18:48:25 +0000 (11:48 -0700)]
s3: Test for CVE-2017-2619 regression with "follow symlinks = no".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Back-ported from commit
782172a9bef0040981d20e49519b13dd744df6a0
Jeremy Allison [Mon, 27 Mar 2017 17:46:47 +0000 (10:46 -0700)]
s3: smbd: Fix incorrect logic exposed by fix for the security bug 12496 (CVE-2017-2619).
In a UNIX filesystem, the names "." and ".." by definition can *never*
be symlinks - they are already reserved names.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit
ae17bebd250bdde5614b2ac17e53512f19fe9b68)
Karolin Seeger [Fri, 31 Mar 2017 06:17:57 +0000 (08:17 +0200)]
VERSION: Re-enable GIT_SNAPSHOTS.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Jeremy Allison [Tue, 28 Mar 2017 05:10:29 +0000 (22:10 -0700)]
s3: Test for CVE-2017-2619 regression with "follow symlinks = no" - part 2
Add tests for regular access.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Mar 28 17:05:27 CEST 2017 on sn-devel-144
(cherry picked from commit
4e734fcd1bf82c08aa303ce44e9735acccffcf06)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Wed Mar 29 13:57:56 CEST 2017 on sn-devel-144
Karolin Seeger [Thu, 23 Mar 2017 09:19:07 +0000 (10:19 +0100)]
VERSION: Bump version up to 4.4.13.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
7086fb6a4d509d2f740ddc61276f25c43c3a5567)
Jeremy Allison [Tue, 28 Mar 2017 00:09:38 +0000 (17:09 -0700)]
s3: smbd: Fix "follow symlink = no" regression part 2.
Use the cwd_name parameter to reconstruct the original
client name for symlink testing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
e182a4d39e86c9694e255efdf6ee2ea3ccb9af4a)
Jeremy Allison [Tue, 28 Mar 2017 00:04:58 +0000 (17:04 -0700)]
s3: smbd: Fix "follow symlink = no" regression part 2.
Add an extra paramter to cwd_name to check_reduced_name().
If cwd_name == NULL then fname is a client given path relative
to the root path of the share.
If cwd_name != NULL then fname is a client given path relative
to cwd_name. cwd_name is relative to the root path of the share.
Not yet used, logic added in the next commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
83e30cb48859b412b76572b6a3ba84d8fde167af)
Jeremy Allison [Tue, 28 Mar 2017 05:07:50 +0000 (22:07 -0700)]
s3: Fixup test for CVE-2017-2619 regression with "follow symlinks = no"
Use correct bash operators (not string operators).
Add missing "return".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
037297a1c50e90a0092e3b94f472623f41ccc015)
Jeremy Allison [Mon, 27 Mar 2017 18:48:25 +0000 (11:48 -0700)]
s3: Test for CVE-2017-2619 regression with "follow symlinks = no".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Back-ported from commit
782172a9bef0040981d20e49519b13dd744df6a0
Jeremy Allison [Mon, 27 Mar 2017 17:46:47 +0000 (10:46 -0700)]
s3: smbd: Fix incorrect logic exposed by fix for the security bug 12496 (CVE-2017-2619).
In a UNIX filesystem, the names "." and ".." by definition can *never*
be symlinks - they are already reserved names.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit
ae17bebd250bdde5614b2ac17e53512f19fe9b68)
Jeremy Allison [Tue, 14 Mar 2017 20:34:07 +0000 (13:34 -0700)]
s3: locking: Update oplock optimization for the leases era !
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12628
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Mar 15 20:04:32 CET 2017 on sn-devel-144
(cherry picked from commit
1c4b15aa5f6707e7bcfc21435e26929fb7f45c0f)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Fri Mar 24 12:35:06 CET 2017 on sn-devel-144
Jeremy Allison [Tue, 14 Mar 2017 20:23:13 +0000 (13:23 -0700)]
s3: locking: Move two leases functions into a new file.
map_oplock_to_lease_type(), fsp_lease_type().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12628
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(back ported from commit
125c78ad0b8f9caaef1ba2f1aeb5ec593375fccd)
Karolin Seeger [Thu, 23 Mar 2017 09:19:07 +0000 (10:19 +0100)]
VERSION: Bump version up to 4.4.13.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 23 Mar 2017 09:18:52 +0000 (10:18 +0100)]
Merge tag 'samba-4.4.12' into v4-4-test
samba: tag release samba-4.4.12
Karolin Seeger [Fri, 17 Mar 2017 08:15:05 +0000 (09:15 +0100)]
VERSION: Disable GIT_SNAPSHOTS for the 4.4.12 release
CVE-2017-2619: Symlink race allows access outside share definition.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Fri, 17 Mar 2017 08:13:29 +0000 (09:13 +0100)]
WHATSNEW: Add release notes for Samba 4.4.12.
CVE-2017-2619: Symlink race allows access outside share definition.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Jeremy Allison [Thu, 15 Dec 2016 21:06:31 +0000 (13:06 -0800)]
CVE-2017-2619: s3: smbd: Use the new non_widelink_open() function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Jeremy Allison [Thu, 15 Dec 2016 21:04:46 +0000 (13:04 -0800)]
CVE-2017-2619: s3: smbd: Add the core functions to prevent symlink open races.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Jeremy Allison [Thu, 15 Dec 2016 20:56:08 +0000 (12:56 -0800)]
CVE-2017-2619: s3: smbd: Move special handling of symlink errno's into a utility function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Jeremy Allison [Thu, 15 Dec 2016 20:52:13 +0000 (12:52 -0800)]
CVE-2017-2619: s3: smbd: Remove O_NOFOLLOW guards. We insist on O_NOFOLLOW existing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Jeremy Allison [Mon, 19 Dec 2016 20:35:32 +0000 (12:35 -0800)]
CVE-2017-2619: s3: smbd: Correctly fallback to open_dir_safely if FDOPENDIR not supported on system.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Jeremy Allison [Mon, 19 Dec 2016 20:32:07 +0000 (12:32 -0800)]
CVE-2017-2619: s3: smbd: Move the reference counting and destructor setup to just before retuning success.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Jeremy Allison [Mon, 19 Dec 2016 20:15:59 +0000 (12:15 -0800)]
CVE-2017-2619: s3: smbd: OpenDir_fsp() - Fix memory leak on error.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Jeremy Allison [Mon, 19 Dec 2016 20:13:20 +0000 (12:13 -0800)]
CVE-2017-2619: s3: smbd: OpenDir_fsp() use early returns.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Jeremy Allison [Tue, 20 Dec 2016 00:35:00 +0000 (16:35 -0800)]
CVE-2017-2619: s3: smbd: Create and use open_dir_safely(). Use from OpenDir().
Hardens OpenDir against TOC/TOU races.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Jeremy Allison [Tue, 20 Dec 2016 00:25:26 +0000 (16:25 -0800)]
CVE-2017-2619: s3: smbd: Opendir_internal() early return if SMB_VFS_OPENDIR failed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Jeremy Allison [Mon, 19 Dec 2016 19:55:56 +0000 (11:55 -0800)]
CVE-2017-2619: s3: smbd: Create wrapper function for OpenDir in preparation for making robust.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Sun, 19 Mar 2017 17:52:10 +0000 (18:52 +0100)]
CVE-2017-2619: s4/torture: add SMB2_FIND tests with SMB2_CONTINUE_FLAG_REOPEN flag
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Ralph Boehme [Sun, 19 Mar 2017 14:58:17 +0000 (15:58 +0100)]
CVE-2017-2619: s3/smbd: re-open directory after dptr_CloseDir()
dptr_CloseDir() will close and invalidate the fsp's file descriptor, we
have to reopen it.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Karolin Seeger [Mon, 13 Mar 2017 10:34:56 +0000 (11:34 +0100)]
VERSION: Bump version up to Samba 4.4.12...
and re-enable GIT_SNAPSHOTS.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
ca33b7c71f5851198e5224c58856be0e8aa6425f)
Karolin Seeger [Mon, 13 Mar 2017 10:34:56 +0000 (11:34 +0100)]
VERSION: Bump version up to Samba 4.4.12...
and re-enable GIT_SNAPSHOTS.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Mon, 13 Mar 2017 10:33:46 +0000 (11:33 +0100)]
VERSION: Disable GIT_SNAPSHOTS for the Samba 4.4.11 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 16 Mar 2017 07:49:53 +0000 (08:49 +0100)]
WHATSNEW: Fix date.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Mon, 13 Mar 2017 10:33:02 +0000 (11:33 +0100)]
WHATSNEW: Add release notes for Samba 4.4.11.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Tue Mar 14 16:30:22 CET 2017 on sn-devel-144
Ralph Boehme [Tue, 7 Mar 2017 17:10:56 +0000 (18:10 +0100)]
manpages/vfs_fruit: document global options
Some options MUST be set in the global section, better document that.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12615
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
0c212c50b59081583572f807cf5214037d1517c4)
Ralph Boehme [Wed, 1 Mar 2017 17:13:35 +0000 (18:13 +0100)]
s4/torture: some tests for kernel oplocks
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit
fd03420c4f59d3248b80d07a302d1404ce78b09f)
Ralph Boehme [Wed, 8 Mar 2017 06:18:36 +0000 (07:18 +0100)]
s3/selftest: adopt config.h check from source4
No change in behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit
6e54d8d2bda2c9232676f8c08c626f22de50f52b)
Ralph Boehme [Tue, 7 Mar 2017 15:27:39 +0000 (16:27 +0100)]
s3/smbd: fix deferred open with streams and kernel oplocks
I noticed smbd can get stuck in an open() call with kernel oplocks
enabled and named streams (provided by vfs_streams_xattr):
- client opens a file and with an exclusive oplock
- client starts writing to the file
- client opens an existing stream of the file
- the smbd process gets stuck in an open()
What happens is:
we had setup a locking.tdb record watch in defer_open(), the watch was
triggered, we reattempted the open and got stuck in a blocking open
because the oplock holder (ourselves) hadn't given up the oplock yet.
Cf
e576bf5310bc9de9686a71539e9a1b60b4fba5cc for the commit that added
the kernel oplock retry logic. tldr: with kernel oplocks the first open
is non-blocking, but the second one is blocking.
Detailed analysis follows.
When opening a named stream of a file, Samba internally opens the
underlying "base" file first. This internal open of the basefile suceeds
and does *not* trigger an oplock break (because it is an internal open
that doesn't call open() at all) but it is added as an entry to the
locking.tdb record of the file.
Next, the stream open ends up in streams_xattr where a non-blocking
open() on the base file is called. This open fails with EWOULDBLOCK
because we have another fd with a kernel oplock on the file.
So we call defer_open() which sets up a watch on the locking.tdb record.
In the subsequent error unwinding code in open_file_ntcreate() and
callers we close the internal open file handle of the basefile which
also removes the entry from the locking.tdb record and so *changes the
record*.
This fires the record watch and in the callback defer_open_done() we
don't check whether the condition (oplock gone) we're interested in is
actually met. The callback blindly reschedules the open request with
schedule_deferred_open_message_smb().
schedule_deferred_open_message_smb() schedules an immediate tevent event
which has precedence over the IPC fd events in messaging, so the open is
always (!) reattempted before processing the oplock break message.
As explained above, this second open will be a blocking one so we get
stuck in a blocking open.
It doesn't help to make all opens non-blocking, that would just result
in a busy loop failing the open, as we never process the oplock break
message (remember, schedule_deferred_open_message_smb() used immediate
tevent events).
To fix this we must add some logic to the record watch callback to check
whether the record watch was done for a kernel oplock file and if yes,
check if the oplock state changed. If not, simply reschedule the
deferred open and keep waiting.
This logic is only needed for kernel oplocks, not for Samba-level
oplocks, because there's no risk of deadlocking, the worst that can
happen is a rescheduled open that fails again in the oplock checks and
gets deferred again.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit
b35a296a27a0807c780f2a9e7af2f2e93feefaa8)
Ralph Boehme [Tue, 7 Mar 2017 14:48:05 +0000 (15:48 +0100)]
s3/smbd: all callers of defer_open() pass a lck
No change in behaviour. Update the function comment explaining how it
works and relies on lck for a record watch.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit
1a6c82e5d5a3462827ee3fe1edab01f535f831a9)
Ralph Boehme [Tue, 7 Mar 2017 18:11:20 +0000 (19:11 +0100)]
s3/smbd: remove async_open arg from defer_open()
All remaining callers pass false.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
7fa2f1159437c9f1aa47f51e65655b4d9afa5c0a)
Ralph Boehme [Tue, 7 Mar 2017 14:33:55 +0000 (15:33 +0100)]
s3/smbd: fix schedule_async_open() timer
schedule_async_open() was calling defer_open with sharemode lock = NULL,
as a result there was never an active 20 s timeout.
This has been broken since the commits in
$ git log --reverse -p -10
8283fd0e0090ed12b0b12d5acb550642d621b026
Just roll our own deferred record instead of calling defer_open() and
also set up timer that, as a last resort, catches stuck opens and just
exits for now.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
ad8c36125f72e0d5f9ebfc94037a4ae9e7608aad)
Ralph Boehme [Tue, 7 Mar 2017 14:03:12 +0000 (15:03 +0100)]
s3/smbd: add and use retry_open() instead of defer_open() in two places
Add a new function that does an immediate open rescheduling.
The first deferred open this commit changes was never scheduled, as the
scheduling relies on a timeout of the watch on the sharemode lock.
This has been broken since the commits in
$ git log --reverse -p -10
8283fd0e0090ed12b0b12d5acb550642d621b026
That patchset added the dbwrap watch record logic to defer_open() and
removed the timers.
I'm doing this mainly to untangle the defer_open() logic which is
complicated by the lck arg.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
beaba6222848fb4ff4392b2247c5be1094b1d65b)
Ralph Boehme [Tue, 7 Mar 2017 13:37:54 +0000 (14:37 +0100)]
s3/smbd: simplify defer_open()
Add a helper function deferred_open_record_create() that creates a
deferred_open_record and let all callers pass all needed arguments
individually.
While we're at it, enhance the debug message in defer_open() to print
all variables.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
b17ff9b181b7b9730d32534e720c45faabfa6799)
Ralph Boehme [Tue, 7 Mar 2017 13:10:39 +0000 (14:10 +0100)]
s3/smbd: req is already validated at the beginning of open_file_ntcreate()
req can't be NULL because the if condition surrounding this code checks
!(oplock_request & INTERNAL_OPEN_ONLY).
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
8580adc1d968304b69237f289d13950972394b48)
Ralph Boehme [Mon, 6 Mar 2017 10:43:08 +0000 (11:43 +0100)]
s3/smbd: add comments and some reformatting to open_file_ntcreate()
No change in behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
f5631f6b3520326d4c9a6bae5636fd8d53e66b29)
Ralph Boehme [Sat, 4 Mar 2017 12:55:55 +0000 (13:55 +0100)]
s3/smbd: add const to get_lease_type() args
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
6924e72ade20e98ac470fcb6ba7120c61b06bb0f)
Ralph Boehme [Mon, 6 Mar 2017 11:09:53 +0000 (12:09 +0100)]
s3/wscript: fix Linux kernel oplock detection
Fix a copy/paste error, the Linux kernel oplocks check was copied from
the change notify support check.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
fe473f805af885a23bb16046c9d26d756e164f30)
Andreas Schneider [Thu, 5 Jan 2017 08:34:36 +0000 (09:34 +0100)]
replace: Include sysmacros.h
In the GNU C Library, "makedev" is defined by <sys/sysmacros.h>. For
historical compatibility, it is currently defined by <sys/types.h> as
well, but it is planned to remove this soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12686
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
0127bdd33b251a52c6ffc44b6cb3b82b16a80741)
Volker Lendecke [Tue, 28 Feb 2017 15:03:45 +0000 (15:03 +0000)]
smbd: Do an early exit on negprot failure
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12610
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
cf9acf9a3da932fca115967eb3d9d9ed48fcbbfc)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Mon Mar 13 13:03:15 CET 2017 on sn-devel-144
Ralph Boehme [Tue, 28 Feb 2017 08:39:37 +0000 (09:39 +0100)]
vfs_fruit: enabling AAPL extensions must be a global switch
Apple's SMB2 AAPL extension is enabled once per SMB2
connection. Unfortunately the (per se correct) fix for bug #12541
results in vfs_fruit checking a per tcon config state variable to
determine whether AAPL has been negotiated. This variable will be false
for all but the first tcon. We must make it a global variable.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12604
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Thu Mar 2 04:34:10 CET 2017 on sn-devel-144
(cherry picked from commit
41204a4972ea62b7b656ad81e24bd052990f7e87)
Jeremy Allison [Thu, 2 Mar 2017 17:13:23 +0000 (09:13 -0800)]
s3: smbd: Restart reading the incoming SMB2 fd when the send queue is drained.
When the send queue grows greater than xconn->smb2.credits.max/16,
smbd_smb2_request_next_incoming() doesn't allocate a new request in state->req.
After smbd_smb2_io_handler() is called, it marks the fd not readable as
state->req == NULL, and never marks it readable again.
Fix by calling smbd_smb2_request_next_incoming() to restart
reads inside smbd_smb2_flush_send_queue() which drains the
send queue.
Reported by <chen.yehua@h3c.com>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12608
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Mar 3 02:23:20 CET 2017 on sn-devel-144
(cherry picked from commit
1e0c79ddb34be9a2b9fa92d35387c443c4a381ae)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Mon Mar 6 16:02:16 CET 2017 on sn-devel-144
Stefan Metzmacher [Thu, 2 Mar 2017 07:13:57 +0000 (08:13 +0100)]
s3:winbindd: fix endless forest trust scan
Commit
0392ebcd1d48e9f472f2148b85316a77d9cc953b effectively
disabled the enumeration of trusts in other forests.
The fixes for https://bugzilla.samba.org/show_bug.cgi?id=11691
changed the way we fill domain->domain_flags for domains
in other forests.
Commit
fffefe72fcc62d9688b45f53a5327667dc0b2fe6 readded the
ability to enumerate trusts of other forests again, in order to
fix https://bugzilla.samba.org/show_bug.cgi?id=11830
Now we have the problem that multiple domains
(even outside of our forest) are considert to be
our forest root, as they have the following flags:
NETR_TRUST_FLAG_TREEROOT and NETR_TRUST_FLAG_IN_FOREST.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12605
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Mar 2 17:53:14 CET 2017 on sn-devel-144
(cherry picked from commit
f9aaddcdd8f9ea648c9c5ea804f56ee3ff6c4c67)
Ralph Boehme [Thu, 19 Jan 2017 08:30:45 +0000 (09:30 +0100)]
vfs_fruit: only veto AppleDouble files with fruit:resource=file
vfs_fruit only creates AppleDouble files itself when "fruit:resource" is
set to "file" (the default). It is only then the these AppleDouble files
should be treated as an internal representation and should be
inaccessible from clients.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12526>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit
708767da8c366c021d6d15a3ae71d009357c3320)
Karolin Seeger [Wed, 1 Mar 2017 08:46:20 +0000 (09:46 +0100)]
VERSION: Bump version up to 4.4.11...
and re-enable git snapshots.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Wed, 1 Mar 2017 08:45:09 +0000 (09:45 +0100)]
VERSION: Disable GIT_SNAPSHOTS for the 4.4.10 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Tue, 28 Feb 2017 15:30:38 +0000 (16:30 +0100)]
WHATSNEW: Add release notes for Samba 4.4.10.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Stefan Metzmacher [Wed, 22 Feb 2017 20:18:32 +0000 (21:18 +0100)]
s3:winbindd: allow a fallback to NTLMSSP for LDAP connections
This matches the behaviour of pdb_get_trust_credentials() for
our machine account and allows us to fallback to NTLMSSP
when contacting trusted domains.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
4e9a0894cd977585ccc94e7c1811de1b0293382d)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Tue Feb 28 13:13:04 CET 2017 on sn-devel-144
Stefan Metzmacher [Thu, 23 Feb 2017 10:54:21 +0000 (11:54 +0100)]
s3:libads: add more debugging to ads_sasl_spnego_bind()
Any fallbacks to other authentication methods should be logged.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(similar to commit
ea0bc12ba52166032d5112ee22ab53d831c13e86)
Stefan Metzmacher [Wed, 22 Feb 2017 19:07:25 +0000 (20:07 +0100)]
s3:winbindd: rely on the kerberos_state from pdb_get_trust_credentials()
The implementation of pdb_get_trust_credentials() should have all
the details to set the kerberos_state to a useful value.
This should enable the fallback to NTLMSSP again, when using our
machine account against trusted domains.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
51caeb7c538b7546e5feccf27a735bb803c78a0b)
Stefan Metzmacher [Thu, 23 Feb 2017 10:54:21 +0000 (11:54 +0100)]
s3:winbindd: add more debugging to cm_prepare_connection()
Any fallbacks to other authentication methods should be logged.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(similar to commit
ba9d139ec3d71af184a24daf24356304c2e49144)
Stefan Metzmacher [Wed, 22 Feb 2017 19:07:25 +0000 (20:07 +0100)]
s3:passdb: use cli_credentials_set_kerberos_state() for trusts in pdb_get_trust_credentials()
Trust accounts can only use kerberos when contacting other AD domains,
using NTLMSSP will fail.
At the same time it doesn't make sense to try kerberos for NT4 domains,
still NTLMSSP will fail, but the callers has to deal with that
case and just fallback to an anonymous SMB connection.
In all cases we should be able to use NETLOGON SCHANNEL
over any anonymous smb or tcp transport.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
d961ae9d14b46708d2693ca91ace04f9f1a53ca2)
Stefan Metzmacher [Wed, 22 Feb 2017 18:18:04 +0000 (19:18 +0100)]
s3:winbindd: fix the valid usage anonymous smb authentication
If we are in a situation where we don't have credentials to contact the
remote domain or against an NT4 with the following settings:
workgroup = NT4DOM
security = domain
require strong key = no
client use spnego = no
client ipc signing = auto
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12587
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(similar to commit
c97a29bdfdc0020ec0113073580da56f2d35edc1)
Stefan Metzmacher [Fri, 24 Feb 2017 15:02:50 +0000 (16:02 +0100)]
auth/credentials: try to use kerberos with the machine account unless we're in an AD domain
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12587
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
b845f16d3ca02dd27cc40bbf722426d6f81bb4b7)
Stefan Metzmacher [Fri, 24 Feb 2017 10:37:32 +0000 (10:37 +0000)]
s3:winbindd: try a NETLOGON connection with noauth over NCACN_NP against trusted domains.
We're using only NCACN_NP here as we rely on the smb signing restrictions
of cm_prepare_connection().
This should fix SMB authentication with a user of a domain
behind a transitive trust.
With this change winbindd is able to call
dcerpc_netr_DsrEnumerateDomainTrusts against the
dc of a trusted domain again. This only works
for two-way trusts.
The main problem is the usage of is_trusted_domain()
which doesn't know about the domain, if winbindd can't
enumerate the domains in the other forest.
is_trusted_domain() is used in make_user_info_map(),
which is called in auth3_check_password() before
auth_check_ntlm_password().
That means we're mapping the user of such a domain
to our own local sam, before calling our auth modules.
A much better fix, which removes the usage of is_trusted_domain()
in planed for master, but this should do the job for current releases.
We should avoid talking to DCs of other domains and always
go via our primary domain. As we should code with one-way trusts
also, we need to avoid relying on a complete list of
domains in future.
For now "wbinfo -m" lists domains behind a two-way transitive
trust again, but that is likely to change in future again!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11830
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
fffefe72fcc62d9688b45f53a5327667dc0b2fe6)
Stefan Metzmacher [Tue, 31 Jan 2017 14:19:00 +0000 (15:19 +0100)]
s3:winbindd: make sure cm_prepare_connection() only returns OK with a valid tree connect
If cm_get_ipc_credentials() returned anonymous creds and signing is required
we were returning the result of cm_get_ipc_credentials() instead of
the original error.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12588
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(similar to commit
cebcc2adc7e568d492466bb69f21ba2a9630a0d2)
Ralph Boehme [Fri, 17 Feb 2017 07:10:53 +0000 (08:10 +0100)]
vfs_streams_xattr: use fsp, not base_fsp
The base_fsp's fd is always -1 as it's closed after being openend in
create_file_unixpath().
Additionally in streams_xattr_open force using of SMB_VFS_FSETXATTR() by
sticking the just created fd into the fsp (and removing it afterwards).
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12591
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Feb 22 08:25:46 CET 2017 on sn-devel-144
(cherry picked from commit
021189e32ba507832b5e821e5cda8a2889225955)
Autobuild-User(v4-4-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-4-test): Sat Feb 25 05:08:00 CET 2017 on sn-devel-144
git.samba.org / vlendec / samba-autobuild / .git / log