[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 261ef9d5b62 dbcheck: fix the err_empty_attribute() check via dd6f0dad218 dbcheck: use the str() value of the "name" attribute from 52bf5c25261 s3:script: Fix running cp in modprinter.pl https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 261ef9d5b62f0d49f858717e6d8b4b41f008efb5 Author: Stefan Metzmacher Date: Tue Mar 19 13:16:59 2019 +0100 dbcheck: fix the err_empty_attribute() check ldb.bytes('') == '' is never True in python3, we nee ldb.bytes('') == b'' in order to check that on attribute has an empty value, that seems to work for python2 and python3. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13843 Signed-off-by: Stefan Metzmacher Reviewed-by: Noel Power Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Thu Mar 21 18:15:20 UTC 2019 on sn-devel-144 commit dd6f0dad218ec1d5aa38ea8aa6848ec81035cb3f Author: Stefan Metzmacher Date: Tue Mar 19 13:05:16 2019 +0100 dbcheck: use the str() value of the "name" attribute We do the same with the rdn attribute value and we need the same logic on both in order to check they are the same. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816 Signed-off-by: Stefan Metzmacher Reviewed-by: Noel Power --- Summary of changes: python/samba/dbchecker.py | 4 ++-- .../expected-dbcheck-link-output-lost-deleted-user1.txt | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py index 98508192c10..a0500c6c578 100644 --- a/python/samba/dbchecker.py +++ b/python/samba/dbchecker.py @@ -2311,7 +2311,7 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base))) self.report("ERROR: Not fixing num_values(%d) for '%s' on '%s'" % (len(obj[attrname]), attrname, str(obj.dn))) else: -name_val = obj[attrname][0] +name_val = str(obj[attrname][0]) if str(attrname).lower() == str(obj.dn.get_rdn_name()).lower(): object_rdn_attr = attrname @@ -2445,7 +2445,7 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base))) # check for empty attributes for val in obj[attrname]: -if val == '': +if val == b'': self.err_empty_attribute(dn, attrname) error_count += 1 continue diff --git a/source4/selftest/provisions/release-4-5-0-pre1/expected-dbcheck-link-output-lost-deleted-user1.txt b/source4/selftest/provisions/release-4-5-0-pre1/expected-dbcheck-link-output-lost-deleted-user1.txt index 3c55de8fa01..1f5f2272bc1 100644 --- a/source4/selftest/provisions/release-4-5-0-pre1/expected-dbcheck-link-output-lost-deleted-user1.txt +++ b/source4/selftest/provisions/release-4-5-0-pre1/expected-dbcheck-link-output-lost-deleted-user1.txt @@ -1,7 +1,7 @@ Checking 232 objects WARNING: no target object found for GUID component link lastKnownParent in deleted object CN=fred\0ADEL:2301a64c-1234-5678-851e-12d4a711cfb4,OU=removed,DC=release-4-5-0-pre1,DC=samba,DC=corp - ;OU=removed,DC=release-4-5-0-pre1,DC=samba,DC=corp Not removing dangling one-way link on deleted object (tombstone garbage collection in progress?) -ERROR: wrong dn[CN=fred\0ADEL:2301a64c-1234-5678-851e-12d4a711cfb4,OU=removed,DC=release-4-5-0-pre1,DC=samba,DC=corp] cn='fred\nDEL:2301a64c-1234-5678-851e-12d4a711cfb4' name=b'fred\nDEL:2301a64c-1234-5678-851e-12d4a711cfb4' new_dn[CN=fred\0ADEL:2301a64c-1234-5678-851e-12d4a711cfb4,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp] +ERROR: wrong dn[CN=fred\0ADEL:2301a64c-1234-5678-851e-12d4a711cfb4,OU=removed,DC=release-4-5-0-pre1,DC=samba,DC=corp] name='fred\nDEL:2301a64c-1234-5678-851e-12d4a711cfb4' new_dn[CN=fred\0ADEL:2301a64c-1234-5678-851e-12d4a711cfb4,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp] Rename CN=fred\0ADEL:2301a64c-1234-5678-851e-12d4a711cfb4,OU=removed,DC=release-4-5-0-pre1,DC=samba,DC=corp to CN=fred\0ADEL:2301a64c-1234-5678-851e-12d4a711cfb4,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp? [YES] Renamed CN=fred\0ADEL:2301a64c-1234-5678-851e-12d4a711cfb4,OU=removed,DC=release-4-5-0-pre1,DC=samba,DC=corp into CN=fred\0ADEL:2301a64c-1234-5678-851e-12d4a711cfb4,CN=Deleted Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp WARNING: parent object not found for CN=fred\0ADEL:2301a64c-1234-5678-851e-12d4a711cfb4,OU=removed,DC=release-4-5-0-pre1,DC=samba,DC=corp -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag ldb-1.6.3 created
The annotated tag, ldb-1.6.3 has been created at 7ef2603bca114ff6c157516ab64936b00ecd5878 (tag) tagging 81648d576d56e924945b2214ac12ca6a40679db8 (commit) replaces tevent-0.10.0 tagged by Stefan Metzmacher on Thu Mar 21 11:16:15 2019 +0100 - Log - ldb: tag release ldb-1.6.3 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlyTZG8ACgkQR5ORYRMI QCUEPAf+OhCck99hwhPoN8kbk2uQMsF9GYMeJZg1J6Zb3D+Osu7wgPRhvOgizyhD X8XYVFyk2FVBZW25eHOcNEOkis5rqMg//mtsY6wHuYOpH6htiqn0dCquweOMN5E6 veTtlR5+6zQby8E4cYAAWpfqeOnCOklXIYlA97neld7Ds0GdyXK8HP5YBQqAIE7/ tXPvFVENF6Q9j5e97tHRx9Kt2YMbyVK0dqjIe79Pidft/FEU4gQC5ozT91rciok/ dzsXkuqkbl+xQqSr9XYpNDYCc6xioIztKJC0UC9F3xNrvZmnFJP6fBHlJ/g98spf wYwtYv3DMtxdtK0ORQGT1bTLJf19sA== =WG50 -END PGP SIGNATURE- Andrew Bartlett (1): ldb: Release ldb 1.6.3 --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag tevent-0.10.0 created
The annotated tag, tevent-0.10.0 has been created at fa5587d230bb41396e3630574448054804667ba4 (tag) tagging 6f2278018436184785e19f69efc60ec408b14aa7 (commit) replaces tdb-1.4.0 tagged by Stefan Metzmacher on Thu Mar 21 11:15:38 2019 +0100 - Log - tevent: tag release tevent-0.10.0 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlyTZEoACgkQR5ORYRMI QCVjHAgAiT55J/spNfBGT4Uj0PMkxmzFLMHKQKOADqMSWLrHC5/u5mJ7UTaZORH3 thogvx1MBSwkh5GdKgUDDNqBWGxPyL1BS2NvnpnN7+UxRyPtq/URDtIJnkAouH/c 3G1ELRRTCo1meQzYHclJXOEXy7zHqbqZGWzRTBgTx1yfkaegnxfwFMnPi3IjjYm9 0EL15pHMROKzo0JDx3I8JyxCUWjFAoNIx3tWWEK9AmGk8mbaTSq/JYQxP4nY1LrF 2yCs1waMmHXlDN5h6SZevhWQQn6LrJfdmmFBmXzm+q00tm8IRLs0qUOsRCsirMaJ Za/2Npw/gXVWjE4QqEU84fu5vcnhpg== =Mx1G -END PGP SIGNATURE- Andrew Bartlett (1): tevent: Release tevent 0.10.0 --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag tdb-1.4.0 created
The annotated tag, tdb-1.4.0 has been created at 432055298027f1d5438201f9dbcac7ebb153f0b6 (tag) tagging fe69d807eae06cb041f25c2dfe351d4e25d541cd (commit) replaces talloc-2.2.0 tagged by Stefan Metzmacher on Thu Mar 21 11:14:24 2019 +0100 - Log - tdb: tag release tdb-1.4.0 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlyTZAAACgkQR5ORYRMI QCVoJAf+Ju/rV+QyT2HmMRVZacKFrXdkuqMwcevgsYAObuUAQ2juQLlb/IM+wuSa gqSCBqHCltPMJySOladcly+712u/iyry65GfeENXJ9jH9P75GtzmldZmq6c/9Nuj 1d7gr4ei7F1sQN7m1ua1fnTe0wP0KHfMSUGokIcOQitn8nWs2ccj0pcR37B0q3Wo KVxDtj5PjGKjBC7rDoqWgSPK1ddOo+iIKRaJhWj1tCwlryVqVex6BnnoXJaniTIj 33wyk1C8yrWJ0lOEEFn37DeYsFTk+086VB7CT8CxlHdXJN7yavhneGP7km3LvEKQ nDAv69u7R9aiS5uPOJSKHtS8UFH+yA== =AfHt -END PGP SIGNATURE- Andrew Bartlett (1): tdb: Release tdb 1.4.0 --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag talloc-2.2.0 created
The annotated tag, talloc-2.2.0 has been created at b1b036668f28e9b759bc02204492ca05ae2c7118 (tag) tagging b80140ba00282ce67f7d394bbf684e726df1126e (commit) replaces ldb-1.6.2 tagged by Stefan Metzmacher on Thu Mar 21 11:13:42 2019 +0100 - Log - talloc: tag release talloc-2.2.0 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlyTY9YACgkQR5ORYRMI QCXmewgAiVETBLZ6yxjEpb4BScA+vE5OqrolmKZEnZM1aaLc1cWyK36QCJvDlnZa LFhbbpvTIJz4g4kD3ldUE9sTgNSuuJNoMmDu3O8kCVEiiKnOmvUyY1e2e910Jv2R yX+N5QhGzuW6cjM+uaXAnPzDW9hyx/GGCGNUAEFq1FiVWEu8Y8imIzj/8kgtpobo im84qa4G/f/tBP6bfGEDe7Tk9LNRU36M4TyfztNuRN8reKX0con4OOJaukq3fwmI gXMFF9mCSgmoY8tv23YWt1+EdOUaYIQdTTw8OB5B0jYK1uLK2JUCokJ5z4lcxlYn Ffy5xL5BGpI97zbBI3j0IEFVlKpXpg== =DP1W -END PGP SIGNATURE- Aaron Haslett (1): tests: Reduce likelihood of auth_log test locking up during CI Amitay Isaacs (2): ctdb-daemon: Fix maybe-uninitialized error with picky developer ctdb-version: Simplify version string usage Andreas Schneider (22): libcli:smb: Zero sensitive memory after use auth:gensec: Make sure we zero the checksum after use libcli:auth: Avoid explicit ZERO_STRUCT lib:crypto: Include only the required header files krb5_wrap: Only use the required md4 header libcli:auth: Only use the required md4 header libcli:auth: Only use the required md4 header s4:dsdb: Only use the required md4 header file s4:dsdb: Only use the required md4 and md5 header files libcli:samsync: Remove unused header file s4:dsdb: Remove unused header file s4:torture: Remove unused header file libcli:auth: Remove unused header file s4:torture: Make sure we do not create a shadow 'struct params' lib:util: Move debug message for mkdir failing to log level 1 s3:script: Fix jobid check in test_smbspool.sh s3:client: Pass DEVICE_URI and AUTH_INFO_REQUIRED env to smbspool s3:client: Evaluate the AUTH_INFO_REQUIRED variable set by cups s3:client: Make sure we work on a copy of the title s3:client: Fix smbspool device uri handling talloc: Fix alignment issues for casting pointers s4:librpc: Fix installation of Samba Andrew Bartlett (22): dsdb: Unify samdb_{get,set}_ntds_{objectGUID,invocation_id} kcc: Give a better error message when samdb_ntds_objectGUID fails dsdb: Provide better error strings in rootdse GUID attribute handling s4-server: Open and close a transaction on sam.ldb at startup modules: Add dependency on tirpc to vfs_nfs4acl_xattr samba-tool domain provision: Fix --interactive module in python3 build: Allow build when --disable-gnutls is set regfio: Update code near recent changes to match README.Coding regfio tests: Update comment style to match README.Coding pytalloc: Remove deprecated pytalloc_CObject_FromTallocPtr() build: Remove --extra-python build: Remove bld.gen_python_environments() selftest: Remove support for running multiple tests against python versions in a single run selftest: Remove obsolete py3_compatible=True markers selftest: Remove mention of --extra-python from comment build: Remove distinct .py3 ABI files ABI: Remove unused .py3*.sigs files build: Do not make python mandatory to build build: Set default minimum python version to 3.4.0 build: Remove manual specification of minimum python version build: Standardise on calling conf.SAMBA_CHECK_PYTHON() in libraries talloc: Release talloc 2.2.0 Björn Jacke (1): wafbuild: create missing private library symlinks on platforms without soname support for shared libs Christof Schmitt (4): lib/winbind_util: Move include out of ifdef lib/winbind_util: Remove winbind_[gu]id_to_sid lib/winbind_util: Add winbind_xid_to_sid for --without-winbind passdb: Increase ABI version to 0.28.0 David Disseldorp (8): vfs_ceph: add missing fallocate hook vfs_ceph: fix strict_allocate_ftruncate() vfs_ceph: remove ceph_fallocate/ceph_ftruncate fallback vfs_ceph: drop ifdef HAVE_FCHOWN/_FCHMOD docs: fix minor typo in smb.conf "log level" section ctdb_mutex_ceph_rados_helper: revert strtoull_err() usage vfs: drop lseek stat-open checks smbd: fix check_parent_access() talloc stackframe leaks Douglas Bagnall (23): s4/auth/krb: fix spelling of entries dns_hub: use python 3 shebang tests/rodc_rwdc: p.communicate() gives bytes, not str dsdb:util_links: count el->values with unsigned int dsdb/group_audit: use common get_parsed_dns_trusted() replmd/la: disambiguate error messages a bit dsdb/pytests: sanity checks for links under subtree renames dsdb:replmd: add compatible feature helper function dsdb: linked_attrib
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 4f307f2302b selftest: force running with TZ=UTC via be6cf83c01d autobuild: try to distribute the tasks a bit more via 253acdafd2b .gitlab-ci.yml: use .shared_template for samba via e0bd12e0543 autobuild: spread ad-dc tests over 6 autobuild/ci separate tasks/jobs via 54278049e20 autobuild: add samba-ad-member task via 2d576c3afce autobuild: run ad_dc_backup tests in samba-ad-dc-backup via 1bc2456b87c autobuild: move maptoguest and simpleserver to 'samba-fileserver' via 3cf317c9b86 autobuild: move nt4_dc_schannel out of 'samba' via cd42d70d491 s4:selftest: make use of ad_dc_backup via 13fe139fb26 selftest:Samba4: add ad_dc_backup alias to ad_dc via 780cceaed9a s4:selftest: make use of ad_dc_default via c217a15a2c3 selftest:Samba4: add ad_dc_default alias to ad_dc_ntvfs via 3385b33cec1 s4:selftest: make use of ad_dc_slowtests via c82b60c8272 selftest:Samba4: add ad_dc_slowtests alias to ad_dc_ntvfs via 07b662e287b s4:selftest: use the fl2008dc alias when looping over all functional levels via 62eeab8f6cb selftest:Samba4: add fl2008dc as alias to ad_dc_ntvfs via ec115b9012c s4:selftest: move very slow tests on ad_dc_ntvfs into one location in tests.py from eb13f70e374 libcli:auth: Remove unused header file https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4f307f2302b0fe8fd0fc6379eb8e6491faf8520c Author: Stefan Metzmacher Date: Wed Feb 27 08:22:09 2019 +0100 selftest: force running with TZ=UTC Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Wed Feb 27 11:24:59 UTC 2019 on sn-devel-144 commit be6cf83c01db24b341125d4938f79304f875411a Author: Stefan Metzmacher Date: Tue Feb 26 22:55:05 2019 +0100 autobuild: try to distribute the tasks a bit more Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider commit 253acdafd2bf655cb8115aaf1e3a3522e96dde1c Author: Stefan Metzmacher Date: Thu Feb 21 09:05:18 2019 +0100 .gitlab-ci.yml: use .shared_template for samba Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider commit e0bd12e0543c5a39bf1cf015659ed32c116ab8cb Author: Stefan Metzmacher Date: Tue Feb 26 15:04:14 2019 +0100 autobuild: spread ad-dc tests over 6 autobuild/ci separate tasks/jobs Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider commit 54278049e203a489c69fde0795c4551bcd46365d Author: Stefan Metzmacher Date: Tue Feb 26 14:59:00 2019 +0100 autobuild: add samba-ad-member task Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider commit 2d576c3afce92021501da9e56ca5504d3fd00310 Author: Stefan Metzmacher Date: Tue Feb 26 15:12:36 2019 +0100 autobuild: run ad_dc_backup tests in samba-ad-dc-backup Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider commit 1bc2456b87c4ddc603170d30e25cd615349a48e3 Author: Stefan Metzmacher Date: Thu Feb 21 08:42:50 2019 +0100 autobuild: move maptoguest and simpleserver to 'samba-fileserver' Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider commit 3cf317c9b866dd9820039669769af26a1195db7a Author: Stefan Metzmacher Date: Thu Feb 21 08:37:53 2019 +0100 autobuild: move nt4_dc_schannel out of 'samba' Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider commit cd42d70d491586b83f97100c10e1039c542d3b29 Author: Stefan Metzmacher Date: Tue Feb 26 14:04:42 2019 +0100 s4:selftest: make use of ad_dc_backup Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider commit 13fe139fb2661abf36701e35f2aca3a9a5df17ef Author: Stefan Metzmacher Date: Tue Feb 26 14:03:29 2019 +0100 selftest:Samba4: add ad_dc_backup alias to ad_dc This will allow us to run really most tests in an isolated autobuild/ci task later. Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider commit 780cceaed9aa130ca9cba199a4b98fa1c8bbc77a Author: Stefan Metzmacher Date: Tue Feb 26 14:04:42 2019 +0100 s4:selftest: make use of ad_dc_default Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider commit c217a15a2c3c6b6c171d28a57f9b0248dacaec53 Author: Stefan Metzmacher Date: Tue Feb 26 14:03:29 2019 +0100 selftest:Samba4: add ad_dc_default alias to ad_dc_ntvfs This will allow us to run really most tests in an isolated autobuild/ci task later. This will apply to tests, which may not rely on the ntvfs backend, so the ad_dc_default alias can point to another environment in future. Signed-off-by: Stefan Metzmacher
[SCM] Samba Shared Repository - annotated tag ldb-1.2.4 created
The annotated tag, ldb-1.2.4 has been created at 91319df7d4107e2030aa2c1273140263354b83a2 (tag) tagging a6f3bbf17ea49838b799aad2bc942105fdf718db (commit) replaces samba-4.7.12 tagged by Stefan Metzmacher on Tue Feb 26 17:00:39 2019 +0100 - Log - ldb: tag release ldb-1.2.4 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlx1YqcACgkQR5ORYRMI QCXiEgf/bLf0fQsvSrROts7VgFAChNpMY0ZyKlr38tXIxjaRZbI9zaGP4BDbig1I oNACwzDCkWtjNH3DuASHFa9+oGn0hRtgcUs7upYm6yewCzvf2MxBS82lKttUAiWV dHmqecxbvz0IQetCqQTnbeS/Y9F0a1x1oDHJbkaieZQiRGaJKltQi44LhzMBBQPo ob0g5xYv45sdqB/TGp6/B9HbNVwBeJ5hpb64xOsKNXn6pHMDtTGSrqTpqseJjlkS jKm2f6AMjgC67fwWdLqoIH8IDQQwWtCPHITWs4prDxbjGIv1SykUJdcvPdJrFsiq CBHGNMEV8nBRItOVpXAHfZMBzqxu7g== =dQLi -END PGP SIGNATURE- Aaron Haslett (1): CVE-2018-14629: Tests to expose regression from dns cname loop fix Andreas Schneider (1): CVE-2018-16853: Do not segfault if client is not set Andrew Bartlett (3): .gitlab-ci.yml: Adapt to current GitLab CI setup CVE-2019-3824 ldb: Extra comments to clarify no pointer wrap in wildcard processing CVE-2019-3824 ldb: Improve code style and layout in wildcard processing Gary Lockyer (5): CVE-2019-3824 ldb: ldb_parse_tree use talloc_zero CVE-2019-3824 ldb: wildcard_match check tree operation CVE-2019-3824 ldb: wildcard_match end of data check CVE-2019-3824 ldb: Add tests for ldb_wildcard_match CVE-2019-3824 ldb: Release ldb 1.2.4 Isaac Boukris (4): CVE-2018-16853: Fix kinit test on system lacking ldbsearch CVE-2018-16853: The ticket in check_policy_as can actually be a TGS CVE-2018-16853: Add a test to verify s4u2self doesn't crash CVE-2018-16853: fix crash in expired passowrd case Joe Guo (1): gitlab-ci: add .gitlab-ci.yml Karolin Seeger (3): VERSION: Bump version up to 4.7.12... Merge tag 'samba-4.7.12' into v4-7-test VERSION: Bump version up to 4.7.13. Lukas Slebodnik (1): CVE-2019-3824 ldb: Out of bound read in ldb_wildcard_compare Stefan Metzmacher (1): CVE-2018-14629 dns: fix CNAME loop prevention using counter regression --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-7-test updated
The branch, v4-7-test has been updated via a6f3bbf17ea CVE-2019-3824 ldb: Release ldb 1.2.4 via c6ec3fc6d0f CVE-2019-3824 ldb: Add tests for ldb_wildcard_match via 8ddaf853404 CVE-2019-3824 ldb: wildcard_match end of data check via c62bd66b84d CVE-2019-3824 ldb: wildcard_match check tree operation via e71cdbe57b5 CVE-2019-3824 ldb: ldb_parse_tree use talloc_zero via 5d6df9adbfd CVE-2019-3824 ldb: Improve code style and layout in wildcard processing via a3c42ff9331 CVE-2019-3824 ldb: Extra comments to clarify no pointer wrap in wildcard processing via e8af7222d2d CVE-2019-3824 ldb: Out of bound read in ldb_wildcard_compare from 23b41ebe1de CVE-2018-14629 dns: fix CNAME loop prevention using counter regression https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test - Log - commit a6f3bbf17ea49838b799aad2bc942105fdf718db Author: Gary Lockyer Date: Wed Feb 20 01:03:41 2019 + CVE-2019-3824 ldb: Release ldb 1.2.4 * CVE-2019-3824 out of bounds read in wildcard compare (bug 13773) BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer Autobuild-User(v4-7-test): Stefan Metzmacher Autobuild-Date(v4-7-test): Tue Feb 26 16:52:19 CET 2019 on sn-devel-144 commit c6ec3fc6d0f47885f4ce4fa89ac5644167a7dab0 Author: Gary Lockyer Date: Tue Feb 19 10:24:38 2019 +1300 CVE-2019-3824 ldb: Add tests for ldb_wildcard_match Add cmocka tests for ldb_wildcard_match. Running test_wildcard_match under valgrind reproduces CVE-2019-3824 out of bounds read in wildcard compare (bug 13773) valgrind --suppressions=lib/ldb/tests/ldb_match_test.valgrind\ bin/ldb_match_test BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer commit 8ddaf853404f3cddef84b77b38951526d73ffbda Author: Gary Lockyer Date: Tue Feb 19 10:26:56 2019 +1300 CVE-2019-3824 ldb: wildcard_match end of data check ldb_handler_copy and ldb_val_dup over allocate by one and add a trailing '\0' to the data, to make them safe to use the C string functions on. However testing for the trailing '\0' is not the correct way to test for the end of a value, the length should be checked instead. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer commit c62bd66b84defc73465e5f16f230f1855fb3bde3 Author: Gary Lockyer Date: Tue Feb 19 10:26:25 2019 +1300 CVE-2019-3824 ldb: wildcard_match check tree operation Check the operation type of the passed parse tree, and return LDB_INAPPROPRIATE_MATCH if the operation is not LDB_OP_SUBSTRING. A query of "attribute=*" gets parsed as LDB_OP_PRESENT, checking the operation and failing ldb_wildcard_match should help prevent confusion writing tests. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer commit e71cdbe57b5c86e597f1c007c07c66df652038c5 Author: Gary Lockyer Date: Tue Feb 19 10:25:24 2019 +1300 CVE-2019-3824 ldb: ldb_parse_tree use talloc_zero Initialise the created ldb_parse_tree with talloc_zero, this ensures that it is correctly initialised if inadvertently passed to a function expecting a different operation type. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer commit 5d6df9adbfd279cc0da7d5cae90cd724b635e97c Author: Andrew Bartlett Date: Mon Feb 4 11:22:50 2019 +1300 CVE-2019-3824 ldb: Improve code style and layout in wildcard processing BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Andrew Bartlett commit a3c42ff9331642ea989cba20175b7813050b9f5f Author: Andrew Bartlett Date: Mon Feb 4 11:22:34 2019 +1300 CVE-2019-3824 ldb: Extra comments to clarify no pointer wrap in wildcard processing BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Andrew Bartlett commit e8af7222d2de69d19216b922d5a85e4259ea5c40 Author: Lukas Slebodnik Date: Fri Jan 18 16:37:24 2019 +0100 CVE-2019-3824 ldb: Out of bound read in ldb_wildcard_compare There is valgrind error in few tests tests/test-generic.sh 91 echo "Test wildcard match" 92 $VALGRIND ldbadd $LDBDIR/tests/test-wildcard.ldif || exit 1 93 $VALGRIND ldbsearch '(cn=test*multi)' || exit 1 95 $VALGRIND ldbsearch '(cn=*test_multi)' || exit 1 97 $VALGRIND ldbsearch '(cn=test*multi*test*multi)' || exit 1 e.g. ==3098== Memcheck, a memory error detector ==3098== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==3098== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info ==
[SCM] Samba Shared Repository - annotated tag ldb-1.3.8 created
The annotated tag, ldb-1.3.8 has been created at 82d82420fa6a446bd2a413567487025bd647f01e (tag) tagging 8be2836cd825054ecffe112226400cdc42a2afc3 (commit) replaces ldb-1.3.7 tagged by Stefan Metzmacher on Tue Feb 26 16:14:40 2019 +0100 - Log - ldb: tag release ldb-1.3.8 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlx1V+AACgkQR5ORYRMI QCUZXwgAm8j1TZQFILZ1Dldt0Wnnqu6G+BGsCAFSt7jTpKXhe2b+F0mPS41NtnNZ lysz28BUEhzQHNjUB8Pw1VXQ0deRyR6ayLRTOncX0g6vUZukLOzKj3PA6DR3BqbL JkK/641J+LLj4LZixpNeGkIBijA3qgnaO3xj+y0aUhRrvpSJi7ERb1oam2a1YF0H cHZepXaH197KxqJ9K4OuRlAqMc4Rt501zC7Jbj7c6hAeC3ptl8hbVp93ZjDgUsVa WsTTiQJqC6RDVrm7E1bUppVEF3GKt8nIJCVKT2OwHDlf4wBkfwptWWqDXQ4/3Ssa ea0d9Ys5dMyj3J7hQ9DCSvlfU/ez2w== =t2YO -END PGP SIGNATURE- Andreas Schneider (2): s3:vfs: Initialize pid to 0 in test_netatalk_lock() s3:vfs: Correctly check if OFD locks should be enabled or not Andrew Bartlett (2): CVE-2019-3824 ldb: Extra comments to clarify no pointer wrap in wildcard processing CVE-2019-3824 ldb: Improve code style and layout in wildcard processing Christof Schmitt (1): waf: Check for libnscd David Disseldorp (2): printing: drop pcap_cache_loaded() guard around load_printers() printing: check lp_load_printers() prior to pcap cache update Gary Lockyer (5): CVE-2019-3824 ldb: ldb_parse_tree use talloc_zero CVE-2019-3824 ldb: wildcard_match check tree operation CVE-2019-3824 ldb: wildcard_match end of data check CVE-2019-3824 ldb: Add tests for ldb_wildcard_match PVE-2019-3824 ldb: Release ldb 1.3.8 Günther Deschner (1): s3-smbd: use fruit:model string for mDNS registration Jeremy Allison (4): s3: tests: Add regression test for smbd crash on share force group change with existing connection. smbd: uid: Don't crash if 'force group' is added to an existing share connection. s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility code. s4: torture: vfs_fruit. Change test_fruit_locking_conflict() to match the vfs_fruit working server code. Joe Guo (1): netcmd/user: python[3]-gpgme unsupported and replaced by python[3]-gpg Lukas Slebodnik (1): CVE-2019-3824 ldb: Out of bound read in ldb_wildcard_compare Ralph Boehme (2): tldap: avoid a use after free crash tldap: avoid more use after free errors --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag ldb-1.4.6 created
The annotated tag, ldb-1.4.6 has been created at 78c542c07a00ab1c402fd48294a2bc2a2368da64 (tag) tagging 2bbd2dcf282b865f2de6d7074b2d671b4a21666e (commit) replaces ldb-1.4.5 tagged by Stefan Metzmacher on Tue Feb 26 16:13:55 2019 +0100 - Log - ldb: tag release ldb-1.4.6 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlx1V7MACgkQR5ORYRMI QCXjQAgAlX4v7tfAY7fVaMVEalyf4PSCW9mMlEZ7DGYNFDxRldoJLKpthSV+YCo4 Mbb8mS/gFZhbF1GTLTsp4lW2cublEkG1KapC7hf+DAcjCcvaGe7Jlj0xjtr0gMnv tVBGoBr0l/jkRmluIYdM2Bfa61Hpu1mHAMvC7yb7rBYfYPHnmge5HzT3CuBXkUPP 6iFOU7vAT5Ir0QIrseTzTN22Hjjyf2X0btEBaLbHnH/OEK+D6XXC/hmr9rBEhDAS 7+ZMh29vpLLDHyZWFosoSoesFnYtScDGMsby36Zy3v2VN049zK2envKlK9waWfwK ZdfMm2VwiWxEWzem1t4Yh+DBWPQfYw== =6aiV -END PGP SIGNATURE- Andreas Schneider (2): s3:vfs: Initialize pid to 0 in test_netatalk_lock() s3:vfs: Correctly check if OFD locks should be enabled or not Andrew Bartlett (2): CVE-2019-3824 ldb: Extra comments to clarify no pointer wrap in wildcard processing CVE-2019-3824 ldb: Improve code style and layout in wildcard processing Christof Schmitt (1): waf: Check for libnscd David Disseldorp (2): printing: drop pcap_cache_loaded() guard around load_printers() printing: check lp_load_printers() prior to pcap cache update Gary Lockyer (5): CVE-2019-3824 ldb: ldb_parse_tree use talloc_zero CVE-2019-3824 ldb: wildcard_match check tree operation CVE-2019-3824 ldb: wildcard_match end of data check CVE-2019-3824 ldb: Add tests for ldb_wildcard_match CVE-2019-3824 ldb: Release ldb 1.4.6 Günther Deschner (1): s3-smbd: use fruit:model string for mDNS registration Jeremy Allison (4): s3: tests: Add regression test for smbd crash on share force group change with existing connection. smbd: uid: Don't crash if 'force group' is added to an existing share connection. s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility code. s4: torture: vfs_fruit. Change test_fruit_locking_conflict() to match the vfs_fruit working server code. Joe Guo (1): netcmd/user: python[3]-gpgme unsupported and replaced by python[3]-gpg Lukas Slebodnik (1): CVE-2019-3824 ldb: Out of bound read in ldb_wildcard_compare Ralph Boehme (2): tldap: avoid a use after free crash tldap: avoid more use after free errors --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag ldb-1.5.4 created
The annotated tag, ldb-1.5.4 has been created at 3d0c919197e7f131ec71f6f155dd2b132ca971f8 (tag) tagging 97fcdfb58a751046541c370d68d6c52114fd702b (commit) replaces samba-4.10.0rc3 tagged by Stefan Metzmacher on Tue Feb 26 16:13:09 2019 +0100 - Log - ldb: tag release ldb-1.5.4 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlx1V4UACgkQR5ORYRMI QCUjPAgAndQrJdspvXMCsdowQO66PacW4RDeAEPLyQHugQvtuCnf13tbys3SsqOU eQ/FjaqQa8K6aXWWtmykg+VDfooeeAtWGUD2FeZH6/7/pDZy7DzS4r7fQM0zRWCR OPPv6cPGL6ZA+22jB/OMf/DRzgSG1ivcGZFNL8mi8HWEffNiFz7H/2wzLPRi+Bzn /C4JCw/OLVDYhaMByF7su85hb3SSbLIhVKgE+zOmK6MACmmcalmZ24GlHt0I8tjA MopCbso8uylUcgvBzABDsvYprj4da1rx1o3KWn5rt+H08DW7a6wnMmpe+aPh6b2O /iMHkZ5m0NZf/smxCOk8QeXfx27m5g== =cTwZ -END PGP SIGNATURE- Andreas Schneider (7): lib:tdb: Use C99 initializer for PyGetSetDef in pytdb lib:tdb: Use C99 initializer for tdb_header lib:tdb: Use C99 initializer for tdb_logging_context lib:tevent: Use correct C99 initializer for tevent_req lib:ldb: Use C99 initializer for PyGetSetDef in pyldb lib:ldb: Use C99 initializer for tdb_logging_context lib:ldb: Use correct C99 initializer for 'struct tm' Andrew Bartlett (2): CVE-2019-3824 ldb: Extra comments to clarify no pointer wrap in wildcard processing CVE-2019-3824 ldb: Improve code style and layout in wildcard processing David Mulder (1): Search for location of waf script Douglas Bagnall (1): py_tevent: add_timer takes float argument Gary Lockyer (4): CVE-2019-3824 ldb: ldb_parse_tree use talloc_zero CVE-2019-3824 ldb: wildcard_match check tree operation CVE-2019-3824 ldb: wildcard_match end of data check CVE-2019-3824 ldb: Add tests for ldb_wildcard_match Karolin Seeger (1): VERSION: Bump version up to 4.10.0rc4... Lukas Slebodnik (3): tdb: Fix compatibility of wscript with older python ldb: The test api.py should not rely on order of entries in dict CVE-2019-3824 ldb: Out of bound read in ldb_wildcard_compare Noel Power (1): buildtools/wafsamba: Avoid decode when using python2 Stefan Metzmacher (4): tdb: version 1.3.18 talloc: version 2.1.16 tevent: version 0.9.39 CVE-2019-3824 ldb: version 1.5.4 --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via 97fcdfb58a7 CVE-2019-3824 ldb: version 1.5.4 via 21a44989274 CVE-2019-3824 ldb: Add tests for ldb_wildcard_match via aecd14f8bdc CVE-2019-3824 ldb: wildcard_match end of data check via 41fd2cde0c7 CVE-2019-3824 ldb: wildcard_match check tree operation via 9a0ace32390 CVE-2019-3824 ldb: ldb_parse_tree use talloc_zero via 4cd0abe3c70 CVE-2019-3824 ldb: Improve code style and layout in wildcard processing via e9afae48efa CVE-2019-3824 ldb: Extra comments to clarify no pointer wrap in wildcard processing via aa13a46221a CVE-2019-3824 ldb: Out of bound read in ldb_wildcard_compare via bfa9353ce1d ldb: The test api.py should not rely on order of entries in dict via 942822e7165 lib:ldb: Use correct C99 initializer for 'struct tm' via d16b81cf586 lib:ldb: Use C99 initializer for tdb_logging_context via 7d0902c2a2b lib:ldb: Use C99 initializer for PyGetSetDef in pyldb via 0da2d830806 tevent: version 0.9.39 via f868654638a py_tevent: add_timer takes float argument via 6b125f6ce2d lib:tevent: Use correct C99 initializer for tevent_req via 7bc0d67e2f5 talloc: version 2.1.16 via dd2ec6de72d tdb: version 1.3.18 via 0130b999d2a lib:tdb: Use C99 initializer for tdb_logging_context via a5284f9ce32 lib:tdb: Use C99 initializer for tdb_header via b6bb285d9a9 lib:tdb: Use C99 initializer for PyGetSetDef in pytdb via 50be2c58274 tdb: Fix compatibility of wscript with older python via ba5a93c860a Search for location of waf script from fb1d5988e30 buildtools/wafsamba: Avoid decode when using python2 https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit 97fcdfb58a751046541c370d68d6c52114fd702b Author: Stefan Metzmacher Date: Tue Feb 26 12:29:13 2019 +0100 CVE-2019-3824 ldb: version 1.5.4 * Fix standalone build of ldb. * C99 build fixes. * CVE-2019-3824 out of bounds read in wildcard compare (bug 13773) Signed-off-by: Stefan Metzmacher Autobuild-User(v4-10-test): Stefan Metzmacher Autobuild-Date(v4-10-test): Tue Feb 26 16:09:12 CET 2019 on sn-devel-144 commit 21a449892743994487f70dd67914f87cd83e4fc1 Author: Gary Lockyer Date: Tue Feb 19 10:24:38 2019 +1300 CVE-2019-3824 ldb: Add tests for ldb_wildcard_match Add cmocka tests for ldb_wildcard_match. Running test_wildcard_match under valgrind reproduces CVE-2019-3824 out of bounds read in wildcard compare (bug 13773) valgrind --suppressions=lib/ldb/tests/ldb_match_test.valgrind\ bin/ldb_match_test BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer Reviewed-by: Andrew Bartlett (cherry picked from commit 45b75db50f5c1a7c8c38af59a62fccee5401c845) commit aecd14f8bdc00519c981f17d398df3054fcab9da Author: Gary Lockyer Date: Tue Feb 19 10:26:56 2019 +1300 CVE-2019-3824 ldb: wildcard_match end of data check ldb_handler_copy and ldb_val_dup over allocate by one and add a trailing '\0' to the data, to make them safe to use the C string functions on. However testing for the trailing '\0' is not the correct way to test for the end of a value, the length should be checked instead. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer Reviewed-by: Andrew Bartlett (cherry picked from commit 42f0f57eb819ce6b68a8c5b3b53123b83ec917e3) commit 41fd2cde0c7e422381c7ae62296b1767feec9dcb Author: Gary Lockyer Date: Tue Feb 19 10:26:25 2019 +1300 CVE-2019-3824 ldb: wildcard_match check tree operation Check the operation type of the passed parse tree, and return LDB_INAPPROPRIATE_MATCH if the operation is not LDB_OP_SUBSTRING. A query of "attribute=*" gets parsed as LDB_OP_PRESENT, checking the operation and failing ldb_wildcard_match should help prevent confusion writing tests. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer Reviewed-by: Andrew Bartlett (cherry picked from commit 34383981a0c40860f71a4451ff8fd752e1b67666) commit 9a0ace323908104b01840c4ff3e01376d20cb5c3 Author: Gary Lockyer Date: Tue Feb 19 10:25:24 2019 +1300 CVE-2019-3824 ldb: ldb_parse_tree use talloc_zero Initialise the created ldb_parse_tree with talloc_zero, this ensures that it is correctly initialised if inadvertently passed to a function expecting a different operation type. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer Reviewed-by: Andrew Bartlett (cherry picked from commit 8d34d172092f71baad0d777567e49aebfa07313d) commit 4cd0abe3c709e46
[SCM] Samba Shared Repository - branch v4-8-test updated
The branch, v4-8-test has been updated via 8be2836cd82 PVE-2019-3824 ldb: Release ldb 1.3.8 via a6b067e00b6 CVE-2019-3824 ldb: Add tests for ldb_wildcard_match via 2f6b4d11136 CVE-2019-3824 ldb: wildcard_match end of data check via 9b5a7c8abec CVE-2019-3824 ldb: wildcard_match check tree operation via da12e534efe CVE-2019-3824 ldb: ldb_parse_tree use talloc_zero via 699e2aa1994 CVE-2019-3824 ldb: Improve code style and layout in wildcard processing via 28193ca851c CVE-2019-3824 ldb: Extra comments to clarify no pointer wrap in wildcard processing via bd62896ddc2 CVE-2019-3824 ldb: Out of bound read in ldb_wildcard_compare from 080dae06412 waf: Check for libnscd https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-test - Log - commit 8be2836cd825054ecffe112226400cdc42a2afc3 Author: Gary Lockyer Date: Wed Feb 20 10:45:05 2019 +1300 PVE-2019-3824 ldb: Release ldb 1.3.8 * CVE-2019-3824 out of bounds read in wildcard compare (bug 13773) BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer Autobuild-User(v4-8-test): Stefan Metzmacher Autobuild-Date(v4-8-test): Tue Feb 26 12:58:03 CET 2019 on sn-devel-144 commit a6b067e00b67cac6f3a36c8ef5edba6fd9b10def Author: Gary Lockyer Date: Tue Feb 19 10:24:38 2019 +1300 CVE-2019-3824 ldb: Add tests for ldb_wildcard_match Add cmocka tests for ldb_wildcard_match. Running test_wildcard_match under valgrind reproduces CVE-2019-3824 out of bounds read in wildcard compare (bug 13773) valgrind --suppressions=lib/ldb/tests/ldb_match_test.valgrind\ bin/ldb_match_test BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer commit 2f6b4d11136f042f5c532199389877ed846c6f83 Author: Gary Lockyer Date: Tue Feb 19 10:26:56 2019 +1300 CVE-2019-3824 ldb: wildcard_match end of data check ldb_handler_copy and ldb_val_dup over allocate by one and add a trailing '\0' to the data, to make them safe to use the C string functions on. However testing for the trailing '\0' is not the correct way to test for the end of a value, the length should be checked instead. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer commit 9b5a7c8abecbf605227cc974927c6d76f9b5 Author: Gary Lockyer Date: Tue Feb 19 10:26:25 2019 +1300 CVE-2019-3824 ldb: wildcard_match check tree operation Check the operation type of the passed parse tree, and return LDB_INAPPROPRIATE_MATCH if the operation is not LDB_OP_SUBSTRING. A query of "attribute=*" gets parsed as LDB_OP_PRESENT, checking the operation and failing ldb_wildcard_match should help prevent confusion writing tests. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer commit da12e534efe2c80dc394295315a9a34ac72a2e9f Author: Gary Lockyer Date: Tue Feb 19 10:25:24 2019 +1300 CVE-2019-3824 ldb: ldb_parse_tree use talloc_zero Initialise the created ldb_parse_tree with talloc_zero, this ensures that it is correctly initialised if inadvertently passed to a function expecting a different operation type. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer commit 699e2aa19946d43b162355dcb299a1dd798c9cd7 Author: Andrew Bartlett Date: Mon Feb 4 11:22:50 2019 +1300 CVE-2019-3824 ldb: Improve code style and layout in wildcard processing BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Andrew Bartlett commit 28193ca851ccba9652f59a2ba4213f536c9fa198 Author: Andrew Bartlett Date: Mon Feb 4 11:22:34 2019 +1300 CVE-2019-3824 ldb: Extra comments to clarify no pointer wrap in wildcard processing BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Andrew Bartlett commit bd62896ddc223270082dd67b068e944c696fed09 Author: Lukas Slebodnik Date: Fri Jan 18 16:37:24 2019 +0100 CVE-2019-3824 ldb: Out of bound read in ldb_wildcard_compare There is valgrind error in few tests tests/test-generic.sh 91 echo "Test wildcard match" 92 $VALGRIND ldbadd $LDBDIR/tests/test-wildcard.ldif || exit 1 93 $VALGRIND ldbsearch '(cn=test*multi)' || exit 1 95 $VALGRIND ldbsearch '(cn=*test_multi)' || exit 1 97 $VALGRIND ldbsearch '(cn=test*multi*test*multi)' || exit 1 e.g. ==3098== Memcheck, a memory error detector ==3098== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==3098== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info ==3098== Command: ./bin/ldbsearch (cn=test*multi
[SCM] Samba Shared Repository - annotated tag tevent-0.9.39 created
The annotated tag, tevent-0.9.39 has been created at 74f21d5f6a5fdd3f50bcf66ab9d49ddfb84958aa (tag) tagging db58a50296041ca57675daee15caea8850f1d3f8 (commit) replaces talloc-2.1.16 tagged by Stefan Metzmacher on Tue Feb 26 12:46:21 2019 +0100 - Log - tevent: tag release tevent-0.9.39 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlx1Jw0ACgkQR5ORYRMI QCWdDwf/YZDy6K2r10bMk2zSabmHF4OHk14d2h3wtozaiKIyolBVUeneEOYJJQt/ Zv17ABWkbV1lvvSmIXfOuq6m1I0+GTdSeZqkX0VLwDf3SzCLtBKIYDGurmuN6TLL F73j5wgKRoi9KqIjBqoWlb+hBhkC9eAC5rgxyjH4b6Q+URYmZrh+HlwZvvgpr7FI BiiiPPsei+Njg86OeBgD63LnY3dYq9dc5oBiEGLYXdxqCivuRxr4CIDCOqx7lt9c 5za7DivWgcPkFIjgYpdzjyHRXk83+6CZbWih5F8NHeilJ27JkJ0idxIZ/iWAJiQJ nCrkMiucKwNBjW5ieoAdXybWR7mTIg== =IMes -END PGP SIGNATURE- Stefan Metzmacher (1): tevent: version 0.9.39 --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag ldb-1.6.2 created
The annotated tag, ldb-1.6.2 has been created at 8eacdf6f9ad5ead9158d2243527c6d5e0b2ea3f5 (tag) tagging 09d281d69b668a71e4457889bb5e949414a664fb (commit) replaces tevent-0.9.39 tagged by Stefan Metzmacher on Tue Feb 26 12:46:48 2019 +0100 - Log - ldb: tag release ldb-1.6.2 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlx1JygACgkQR5ORYRMI QCUoMAgAiVI4h0U6D3xDnypc765txCrdnONkWcJU2boBfKCLsYYG7/Rc0gCyYYnt PeniYrTjRStjb31JKKYGeNIWBoUDMYAQr2QGL/Ye7ER6+zJn3CzfRGcSe2LksCV9 zKy8eJp4kejpoMCJZQVXTaU690WVV6RcV8hEVAGv3ofoV7HP+QRNfOxbm7BJUpBl ejsQHZl4JC/MaE39KosqvESdXy+Bm5iHY/P4RMfs+5dwxefBzmeI32ZNZcjHlct0 Ze0fOdMR8XbnynW0n44fCcPYZ60DXrFSZMNRYv41COZ2y+/oLhvCtRegAJQ4IXtc xBd/LZnC32IcnDMdPWlSVwQwUwIyzQ== =PiE8 -END PGP SIGNATURE- Stefan Metzmacher (1): ldb: version 1.6.2 --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag talloc-2.1.16 created
The annotated tag, talloc-2.1.16 has been created at 6e2ffc7dfa92e8cb2ca8c2ef986e7dd98956e1df (tag) tagging 3fe1551b5347934a20b9161a23e6a16220c3aeb6 (commit) replaces tdb-1.3.18 tagged by Stefan Metzmacher on Tue Feb 26 12:45:53 2019 +0100 - Log - talloc: tag release talloc-2.1.16 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlx1JvEACgkQR5ORYRMI QCXagwgAsEzBVZIHff2gYyxp4uKtq3bv3L+cmGMMBSDhTVFe4DiMOtJjFRBgAWlq xwFohbwlzi4v6EyOUqwV6DB9vfzEJrd/nfOV2DL5c/93WkoboL3n9xRY+2EgFu7T Fy5Apb/DCnpJWPnevlTrPjapWRON9YAzRf91DrCY2uqfdjH/qlU8c5X1DsrVMxn4 xOMBHgwzFdC+1Yu6QuGgn189vXmpIJO33g8+zs0P+opd13QxEFIQhLJErBK3KOp3 BHF6Lr+lo4u5apyp60WFWvSG2kGe5J+xax69TLeJS5lBzHDtteBcnKo/EUus3gtG 2/QqjMBlT148ytUIOWFTF4EMmfSV/Q== =gp9Q -END PGP SIGNATURE- Stefan Metzmacher (1): talloc: version 2.1.16 --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag tdb-1.3.18 created
The annotated tag, tdb-1.3.18 has been created at 73f231b11299a4df7aa21c769de08bc938fe5fad (tag) tagging f0d26dd1816f35a00abf52b640f42547ffdfa01b (commit) replaces ldb-1.6.1 tagged by Stefan Metzmacher on Tue Feb 26 12:45:17 2019 +0100 - Log - tdb: tag release tdb-1.3.18 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlx1Js0ACgkQR5ORYRMI QCX4Ywf7BzRLcMNGG8qCc1vu3KoRXMppbd/C59wikyuTp097iDnl9M8cEDFnFwxV J+8ISMegJBIiYJ3paI/ORFFZu+uNC3iHv7D4UNbsjbSYRTjyJQpIwhTNbTN5ldAP QGDohKUSXOfa/w0y7jtVofmMVjCfHx3rEoLtaqRJ4HxtXeAQZRdhnVG2z9jWurj+ 8eExKyDaFnLJcrbD/O/+6ogIfk+4HiIe0cbwEKrWefzI2HH1YYNp7vu6VulGqh/K OKVEW3ayrPNoZWQtMJQQw3oaThqGECXWnh+7OGXB6YH3jPvrDwA3qgONO+GCS0n3 HosB5bFs7+xilsFisP1Jn88fT3JmUA== =Crqu -END PGP SIGNATURE- David Mulder (1): Search for location of waf script Stefan Metzmacher (1): tdb: version 1.3.18 --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 09d281d69b6 ldb: version 1.6.2 via db58a502960 tevent: version 0.9.39 via 3fe1551b534 talloc: version 2.1.16 via f0d26dd1816 tdb: version 1.3.18 via 5ed5c337644 Search for location of waf script from de3bb5cd523 CVE-2019-3824 ldb: Release ldb 1.6.1 https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 09d281d69b668a71e4457889bb5e949414a664fb Author: Stefan Metzmacher Date: Tue Feb 26 10:19:44 2019 +0100 ldb: version 1.6.2 * Fix standalone build of ldb. Signed-off-by: Stefan Metzmacher Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Tue Feb 26 12:10:40 CET 2019 on sn-devel-144 commit db58a50296041ca57675daee15caea8850f1d3f8 Author: Stefan Metzmacher Date: Tue Feb 26 10:19:44 2019 +0100 tevent: version 0.9.39 * py_tevent: add_timer takes float argument * C99 build fixes. * Fix standalone build of tevent. Signed-off-by: Stefan Metzmacher commit 3fe1551b5347934a20b9161a23e6a16220c3aeb6 Author: Stefan Metzmacher Date: Tue Feb 26 10:19:44 2019 +0100 talloc: version 2.1.16 * Fix standalone build of talloc. Signed-off-by: Stefan Metzmacher commit f0d26dd1816f35a00abf52b640f42547ffdfa01b Author: Stefan Metzmacher Date: Tue Feb 26 10:19:44 2019 +0100 tdb: version 1.3.18 * Fix build problems with older python versions. * C99 build fixes. * Fix standalone build of tdb. Signed-off-by: Stefan Metzmacher commit 5ed5c337644c641aba0d07f3668d478050e5f69e Author: David Mulder Date: Thu Feb 7 10:47:47 2019 -0700 Search for location of waf script When calling make from the ldb, talloc, tdb, and tevent bundles, we need to first find the location of the waf script. Currently the build fails since it can't find waf. Fixes regression caused by a660b7f. Signed-off-by: David Mulder Reviewed-by: Andrew Bartlett --- Summary of changes: lib/ldb/ABI/{ldb-1.5.1.sigs => ldb-1.6.2.sigs} | 0 lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util-1.6.2.sigs} | 0 lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util.py3-1.6.2.sigs} | 0 lib/ldb/Makefile | 3 ++- lib/ldb/wscript| 2 +- .../ABI/{pytalloc-util-2.1.10.sigs => pytalloc-util-2.1.16.sigs} | 0 .../{pytalloc-util.py3-2.1.10.sigs => pytalloc-util.py3-2.1.16.sigs} | 0 lib/talloc/ABI/{talloc-2.1.10.sigs => talloc-2.1.16.sigs} | 0 lib/talloc/Makefile| 3 ++- lib/talloc/wscript | 2 +- lib/tdb/ABI/{tdb-1.3.17.sigs => tdb-1.3.18.sigs} | 0 lib/tdb/Makefile | 3 ++- lib/tdb/wscript| 2 +- lib/tevent/ABI/{tevent-0.9.37.sigs => tevent-0.9.39.sigs} | 0 lib/tevent/Makefile| 3 ++- lib/tevent/wscript | 2 +- 16 files changed, 12 insertions(+), 8 deletions(-) copy lib/ldb/ABI/{ldb-1.5.1.sigs => ldb-1.6.2.sigs} (100%) copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util-1.6.2.sigs} (100%) copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util.py3-1.6.2.sigs} (100%) copy lib/talloc/ABI/{pytalloc-util-2.1.10.sigs => pytalloc-util-2.1.16.sigs} (100%) copy lib/talloc/ABI/{pytalloc-util.py3-2.1.10.sigs => pytalloc-util.py3-2.1.16.sigs} (100%) copy lib/talloc/ABI/{talloc-2.1.10.sigs => talloc-2.1.16.sigs} (100%) copy lib/tdb/ABI/{tdb-1.3.17.sigs => tdb-1.3.18.sigs} (100%) copy lib/tevent/ABI/{tevent-0.9.37.sigs => tevent-0.9.39.sigs} (100%) Changeset truncated at 500 lines: diff --git a/lib/ldb/ABI/ldb-1.5.1.sigs b/lib/ldb/ABI/ldb-1.6.2.sigs similarity index 100% copy from lib/ldb/ABI/ldb-1.5.1.sigs copy to lib/ldb/ABI/ldb-1.6.2.sigs diff --git a/lib/ldb/ABI/pyldb-util-1.1.10.sigs b/lib/ldb/ABI/pyldb-util-1.6.2.sigs similarity index 100% copy from lib/ldb/ABI/pyldb-util-1.1.10.sigs copy to lib/ldb/ABI/pyldb-util-1.6.2.sigs diff --git a/lib/ldb/ABI/pyldb-util-1.1.10.sigs b/lib/ldb/ABI/pyldb-util.py3-1.6.2.sigs similarity index 100% copy from lib/ldb/ABI/pyldb-util-1.1.10.sigs copy to lib/ldb/ABI/pyldb-util.py3-1.6.2.sigs diff --git a/lib/ldb/Makefile b/lib/ldb/Makefile index 18ef459eb16..b82723f35ed 100644 --- a/lib/ldb/Makefile +++ b/lib/ldb/Makefile @@ -1,6 +1,7 @@ # simple makefile wrapper to run waf -WAF_BINARY=$(PYTHON) ../../buildtools/bin/waf +WAF_BIN=`PATH=buildtools/b
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via 2bbd2dcf282 CVE-2019-3824 ldb: Release ldb 1.4.6 via 47b2344bdb1 CVE-2019-3824 ldb: Add tests for ldb_wildcard_match via 2a88a47b9f8 CVE-2019-3824 ldb: wildcard_match end of data check via 73187de7138 CVE-2019-3824 ldb: wildcard_match check tree operation via 754bc1a76e9 CVE-2019-3824 ldb: ldb_parse_tree use talloc_zero via 33fa01b4be0 CVE-2019-3824 ldb: Improve code style and layout in wildcard processing via cedc4e89625 CVE-2019-3824 ldb: Extra comments to clarify no pointer wrap in wildcard processing via fd8e90b9a51 CVE-2019-3824 ldb: Out of bound read in ldb_wildcard_compare from 2f5823c5015 waf: Check for libnscd https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit 2bbd2dcf282b865f2de6d7074b2d671b4a21666e Author: Gary Lockyer Date: Wed Feb 20 10:17:16 2019 +1300 CVE-2019-3824 ldb: Release ldb 1.4.6 * CVE-2019-3824 out of bounds read in wildcard compare (bug 13773) BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer Autobuild-User(v4-9-test): Stefan Metzmacher Autobuild-Date(v4-9-test): Tue Feb 26 11:11:42 CET 2019 on sn-devel-144 commit 47b2344bdb126964a314cdc9e938ad81023216f5 Author: Gary Lockyer Date: Tue Feb 19 10:24:38 2019 +1300 CVE-2019-3824 ldb: Add tests for ldb_wildcard_match Add cmocka tests for ldb_wildcard_match. Running test_wildcard_match under valgrind reproduces CVE-2019-3824 out of bounds read in wildcard compare (bug 13773) valgrind --suppressions=lib/ldb/tests/ldb_match_test.valgrind\ bin/ldb_match_test BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer commit 2a88a47b9f8460be4b46d4dce7ac9fc4a53c86a7 Author: Gary Lockyer Date: Tue Feb 19 10:26:56 2019 +1300 CVE-2019-3824 ldb: wildcard_match end of data check ldb_handler_copy and ldb_val_dup over allocate by one and add a trailing '\0' to the data, to make them safe to use the C string functions on. However testing for the trailing '\0' is not the correct way to test for the end of a value, the length should be checked instead. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer commit 73187de71382e48c7eba595aad2fa69dca020a7d Author: Gary Lockyer Date: Tue Feb 19 10:26:25 2019 +1300 CVE-2019-3824 ldb: wildcard_match check tree operation Check the operation type of the passed parse tree, and return LDB_INAPPROPRIATE_MATCH if the operation is not LDB_OP_SUBSTRING. A query of "attribute=*" gets parsed as LDB_OP_PRESENT, checking the operation and failing ldb_wildcard_match should help prevent confusion writing tests. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer commit 754bc1a76e91c265fc1cd69264d013ea60d25392 Author: Gary Lockyer Date: Tue Feb 19 10:25:24 2019 +1300 CVE-2019-3824 ldb: ldb_parse_tree use talloc_zero Initialise the created ldb_parse_tree with talloc_zero, this ensures that it is correctly initialised if inadvertently passed to a function expecting a different operation type. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer commit 33fa01b4be0d70c880a82069cd264c618b981822 Author: Andrew Bartlett Date: Mon Feb 4 11:22:50 2019 +1300 CVE-2019-3824 ldb: Improve code style and layout in wildcard processing BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Andrew Bartlett commit cedc4e89625c98ac5607f8a4facef933e6bf04ca Author: Andrew Bartlett Date: Mon Feb 4 11:22:34 2019 +1300 CVE-2019-3824 ldb: Extra comments to clarify no pointer wrap in wildcard processing BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Andrew Bartlett commit fd8e90b9a51ed67f05cb50645fbb05d708770d2f Author: Lukas Slebodnik Date: Fri Jan 18 16:37:24 2019 +0100 CVE-2019-3824 ldb: Out of bound read in ldb_wildcard_compare There is valgrind error in few tests tests/test-generic.sh 91 echo "Test wildcard match" 92 $VALGRIND ldbadd $LDBDIR/tests/test-wildcard.ldif || exit 1 93 $VALGRIND ldbsearch '(cn=test*multi)' || exit 1 95 $VALGRIND ldbsearch '(cn=*test_multi)' || exit 1 97 $VALGRIND ldbsearch '(cn=test*multi*test*multi)' || exit 1 e.g. ==3098== Memcheck, a memory error detector ==3098== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==3098== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info ==3098== Command: ./bin/ldbsearch (cn=test*multi
[SCM] Samba Shared Repository - annotated tag ldb-1.6.1 created
The annotated tag, ldb-1.6.1 has been created at 99b2f65801deac7f102853d717747dfd125d5fb5 (tag) tagging de3bb5cd5236565f2b79644d99e55d03b254b65e (commit) replaces samba-4.10.0rc1 tagged by Stefan Metzmacher on Tue Feb 26 07:44:57 2019 +0100 - Log - ldb: tag release ldb-1.6.1 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlx04GkACgkQR5ORYRMI QCX2aAgAkI/J9NAaiRj0098ufSes6cW4qnR/Qrv0aOfJqDrdOAXsxmFBLKfxfwgz Vc+CcdKmKQAly6AFMFS0cWQOxc5BMINbHqyymQB2lKb1WkPpZyh/OBqiCcnIArfZ rXz66RMzMQ+e3wMC904D12pwBnV8y1f5RSonahuhN7llptwlYz7VMYgOpO+Z8aUQ XQwbUmGY+vN1BaVItKK3ilqmAEK1s4TMoP920tmQptfTcWIKd6ohLUcYMUAb9lOx 74jwq0SIDBUlC/Ga0fV3CclPJ/gXXcXcOivFoU+GK9q9epejlVGwx1PTdhNZ8DiF yGBoz65K8nNS5oAQU+hxUYPhgkDSkg== =dYKn -END PGP SIGNATURE- Aliaksei Karaliou (7): build: Get rid of hardcoded 'bin/default' in includes build:docs: Get rid of hardcoded 'bin/default' build: Fixed usage of non-default path to WAFLOCK build: Don't generate kerberos_implementation.py if building without python s3:util: Move popen wrappers to lib/util s3:util: Move static file_pload() function to lib/util s3:modules: Fix compilation of nfs41acl_xdr.c when building outside src Andreas Schneider (141): generate_param.py: Use C99 initializer for last element in param table s4:librpc: Use C99 initializer for PyGetSetDef in py_auth s3:lib: Fix the debug message for adding cache entries. lib:mscat: Fix may be used uninitialized warnings lib:mscat: Use size_t for len value to fix build issue s4:dsdb: Fix size types in audit_log s4:dsdb: Fix size type for num_of_attrs in acl_read s4:kdc: Fix size type for num_bind in kdc-heimdal gitlab-ci: Move the image definition to the template gitlab-ci: Move before and after script to shared template gitlab-ci: Use artifacts instead of after_script ctdb: Use C99 initializer for poptOption in ctdb tool ctdb: Use C99 initializer for poptOption in test_options examples: Reformat testacl libsmbclient example examples: Use C99 initializer for poptOption in testacl lib:texpect: Use C99 initializer for poptOption in texpect libcli:nbt: Use C99 initializer for poptOption in nmblookup nsswitch: Use C99 initializer for poptOption in wbinfo s3:client: Use C99 initializer for poptOption in smbclient s3:rpcclient: Use C99 initializer for poptOption in cmd_witness s3:smbd: Use C99 initializer for poptOption in smbd server s3:torture: Use C99 initializer for poptOption in vfstest s3:utils: Use C99 initializer for poptOption in smbstatus s3:utils: Use C99 initializer for poptOption in smbcacls s3:utils: Use C99 initializer for poptOption in nmblookup s3:utils: Use C99 initializer for poptOption in profiles s3:utils: Use C99 initializer for poptOption in sharesec s3:utils: Use C99 initializer for poptOption in ntlm_auth s3:utils: Use C99 initializer for poptOption in smbcquotas s3:utils: Use C99 initializer for poptOption in testparm s3:utils: Use C99 initializer for poptOption in log2pcaphex s3:utils: Use C99 initializer for poptOption in net s3:utils: Use C99 initializer for poptOption in smbtree s3:utils: Use C99 initializer for poptOption in smbget s3:param: Use C99 initializer for poptOption in test_lp_load s3:winbind: Use C99 initializer for poptOption in winbindd s3:lib: Use POPT_TABLEEND for last element of poptOption s3:lib: Use C99 initializer for poptOption in netapi common test s3:lib: Use C99 initializer for poptOption in netapi nltest s3:lib: Use C99 initializer for poptOption in popt_common s3:lib: Use C99 initializer for poptOption in popt_common_cmdline s3:netapi: Use C99 initializer for poptOption in netapi example s3:nmbd: Use C99 initializer for poptOption in nmbd s3:utils: Use C99 initializer for poptOption in mvxattr s4:smbd: Use C99 initializer for poptOption in server s4:client: Use C99 initializer for poptOption in client s4:client: Use C99 initializer for poptOption in cifsdd s4:lib: Use C99 initializer for poptOption in popt_common s4:lib: Use C99 initializer for poptOption in popt_credentials s3:torture: Use C99 initializer for cmd_set in cmd_vfs s3:torture: Use C99 initializer for cmd_set in vfstest s3:rpcclient: Use C99 initializer for cmd_set in cmd_spoolss s3:rpcclient: Use C99 initializer for cmd_set in cmd_dfs s3:rpcclient: Use C99 initializer for cmd_set in cmd_netlogon s3:rpcclient: Use C99 initializer for cmd_set in cmd_srvsvc s3:rpcclient: Use C99 initializer for cmd_set in cmd_echo s3:rpcclient: Use C99 initializer for cmd_set in cmd_drsuapi s3:rpcclient: Use C99 i
[SCM] Samba Shared Repository - annotated tag ldb-1.5.3 created
The annotated tag, ldb-1.5.3 has been created at fbdac6dc625d3aace4cf7018405b994fc6000bc7 (tag) tagging e21e24d8345e441d639020affc1f6ee59762725d (commit) replaces samba-4.10.0rc2 tagged by Stefan Metzmacher on Thu Feb 14 12:22:12 2019 +0100 - Log - ldb: tag release ldb-1.5.3 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlxlT2QACgkQR5ORYRMI QCWO0AgAgNrTTHuDaO7LknJVYR7kzPikSb7kAn3vQ+RGIFh9vefhbMHopyQCj6lH I1Vf+5j6Yr7FLNpVWxcSbr/rIZ0LfphTewTvvJQ+y1Ot3cSSRvzy+vOdmIb7nncX WSsc2pZ2XkZYIGq253vbyCJ+T39KwTsaoMjSFSqzsghQ0AxcsMe1q7PaLB7mxFui kV+gESyd5UbiXvRZ9DXpOQISfYkLpeBvRBuT6ua56BvfrXD3y606oabYzipCM7Zf DBiO0YDgufppnlSGmJhBRkpkvWI8wPG2Pp92UVDAClTUtMWVQwMnCv8Vu9L1dfhX ob08hjryOtbTXLKVZSNQmHTX7bYQnQ== =Hi3U -END PGP SIGNATURE- Andrew Bartlett (2): ldb: Add even more comments on what strict does to the list intersections ldb: Release ldb 1.5.3 Karolin Seeger (1): VERSION: Bump version up to 4.10.0rc2... Tim Beale (4): ldb: Avoid inefficient one-level searches ldb: Remove comment that no longer makes sense ldb: Elaborate on ldb_kv_search_indexed() comments ldb: Rename variable --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag ldb-1.4.5 created
The annotated tag, ldb-1.4.5 has been created at 8e8a195e18dfe35e7d8db15d8369112e163c8882 (tag) tagging c7b04443226f0bc83e6d14d48b48e15a4592c812 (commit) replaces ldb-1.4.4 tagged by Stefan Metzmacher on Thu Feb 14 12:21:06 2019 +0100 - Log - ldb: tag release ldb-1.4.5 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlxlTyIACgkQR5ORYRMI QCUa+Qf9FJ6Dbq/jjIf+gGgcAbKqDVppkC6EL6msEiXctMkbAa1Gn9ZYl3sFGUvS 8s+tnN3mkE8TDnZJNo4V9u56azBzWlQmnP2bm/LsbP35sIPuyujfKRorKF9Sm8uj H6Jzs8KnALJt0XmzuOfr3iN5SAeKIu9GZIzj406oG7moaHm6qcZEmoRX6CHLTWJI tqdQ+vDYszeVNZp5GN3RA5HdZ7XC5Lx/WbNP5YnQ9F3lIcvMOl1Mi/L2szn6vfxl DNlw8dX8md2dcJ6ZUjqp0jboJFj6SLdk+B5rbGvqc5iCj59uG22V4VU3Fr/xIBZl YRs/oTl1ZdFZZV57B26WUmDxtsPd5Q== =BCP0 -END PGP SIGNATURE- Andrew Bartlett (1): audit_logging: Remove debug log header and JSON Authentication: prefix Anoop C S (2): vfs_glusterfs: Adapt to changes in libgfapi signatures s3-vfs: Use ENOATTR in errno comparison for getxattr Gary Lockyer (1): json: Modify API to use return codes Günther Deschner (1): s3-vfs: add glusterfs_fuse vfs module. Justin Stephenson (5): s3:libsmb: Check disable_netbios in socket connect s3:libsmb: Print debug message about Netbios s3:smbpasswd: Print debug message about Netbios s3:utils:net: Print debug message about Netbios s3:libsmb: Honor disable_netbios option in smbsock_connect_send Philipp Gesang (1): lib/audit_logging: actually create talloc Ralph Boehme (1): s3: libsmb: use smb2cli_conn_max_trans_size() in cli_smb2_list() Ralph Wuerthner (2): vfs_fileid: fix get_connectpath_ino vfs_fileid: fix fsname_norootdir algorithm Stefan Metzmacher (5): manpages/samba.7.xml: smbcontrol can also work with 'samba' s4:messaging: add support 'smbcontrol debug/debuglevel' s4:server: avoid using pid=0 for the parent 'samba' process s4:server: add support for 'smbcontrol samba shutdown' selftest:Samba4: use 'smbcontrol samba shutdown' Tim Beale (6): libcli: Add error log if insufficient SMB2 credits s3:libsmb: cli_smb2_list() can sometimes fail initially on a connection join: Fix TypeError when handling exception join: Throw CommandError instead of Exception for simple errors ldb: Avoid inefficient one-level searches ldb: Bump ldb version to 1.4.5 Volker Lendecke (1): ctdb: Print locks latency in machinereadable stats --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag ldb-1.3.7 created
The annotated tag, ldb-1.3.7 has been created at 8a50096066de6a7ed9f8c3bf2df13a7989a9f7c3 (tag) tagging 22d5649e895c41875ecbb3403d4b14753e12c1a4 (commit) replaces samba-4.8.9 tagged by Stefan Metzmacher on Thu Feb 14 12:20:22 2019 +0100 - Log - ldb: tag release ldb-1.3.7 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlxlTvYACgkQR5ORYRMI QCXvRAf/Um7t/yG7ng+j8J1ATlbZ3RBhyV0v1LuANVfe+d19+J5/zsU0mbnGXtO9 r1+R+UNweaWWeUwrTsj90uPALLn/ZMguucorXKYklka5j23qgeJuXK3iC5iySqn1 BAxtg2fH4x/NTHfO8QxjDbuOaYTMoz47FOdNTMn5opxfs0HuHKXkeOfkupwJhTgz FFx3Tz2jRiujb/p2VgA/AmWdEXXrTK6bPkm0gPSjGraXIFiy48bA2kEAbJuR4J/g VA8oblStqGV/ofm7WACP4AOSmV4u254aXjAN0HTRJpy1fmbdEi1Dwv45wcaCRNtC CIF/e2ncMq8pfyX4P/Gqe+Rq6+enhA== =9wiW -END PGP SIGNATURE- Karolin Seeger (1): VERSION: Bump version up to 4.8.10... Tim Beale (2): ldb: Avoid inefficient one-level searches ldb: Bump ldb version to 1.3.7 --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via c7b04443226 ldb: Bump ldb version to 1.4.5 via befb3527bc2 ldb: Avoid inefficient one-level searches from 9b21b518d72 s3-vfs: Use ENOATTR in errno comparison for getxattr https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit c7b04443226f0bc83e6d14d48b48e15a4592c812 Author: Tim Beale Date: Mon Feb 4 12:20:34 2019 +1300 ldb: Bump ldb version to 1.4.5 * ldb: Avoid inefficient one-level searches BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762 Signed-off-by: Tim Beale Signed-off-by: Stefan Metzmacher Autobuild-User(v4-9-test): Stefan Metzmacher Autobuild-Date(v4-9-test): Wed Feb 13 18:26:30 CET 2019 on sn-devel-144 commit befb3527bc2c94763d5daf57afa7ad5e94c929da Author: Tim Beale Date: Mon Feb 4 10:49:03 2019 +1300 ldb: Avoid inefficient one-level searches Commit 88ae60ed186c9 introduced a problem that made one-level searches inefficient if there were a lot of child objects in the same level, and the requested object didn't exist. Basically, it ignored the case where ldb_kv_index_dn() returned LDB_ERR_NO_SUCH_OBJECT, i.e. the indexed lookup was successful, but didn't find a match. At which point, there was no more processing we needed to do. The behaviour after 88ae60ed186c9 was to fall-through and run the ldb_kv_index_filter() function over *all* the children. This still returned the correct result, but could be costly if there were a lot of children. The case 88ae60ed186c9 was trying to fix was where we could not do an indexed search (e.g. trying to match on a 'attribute=*' filter). In which case we want to ignore the LDB_ERR_OPERATIONS_ERROR and just run ldb_kv_index_filter() over all the children. This is still more efficient than the fallback of doing a full database scan. This patch adds in a short-circuit for the NO_SUCH_OBJECT case, so we can skip the unnecessary ldb_kv_index_filter() work. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762 Signed-off-by: Tim Beale Reviewed-by: Andrew Bartlett (Manual merge of commit 9a893f9613bd6440ab in master) --- Summary of changes: lib/ldb/ABI/{ldb-1.3.0.sigs => ldb-1.4.5.sigs} | 0 .../{pyldb-util-1.1.10.sigs => pyldb-util-1.4.5.sigs} | 0 ...yldb-util-1.1.10.sigs => pyldb-util.py3-1.4.5.sigs} | 0 lib/ldb/ldb_tdb/ldb_index.c| 18 ++ lib/ldb/wscript| 2 +- 5 files changed, 15 insertions(+), 5 deletions(-) copy lib/ldb/ABI/{ldb-1.3.0.sigs => ldb-1.4.5.sigs} (100%) copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util-1.4.5.sigs} (100%) copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util.py3-1.4.5.sigs} (100%) Changeset truncated at 500 lines: diff --git a/lib/ldb/ABI/ldb-1.3.0.sigs b/lib/ldb/ABI/ldb-1.4.5.sigs similarity index 100% copy from lib/ldb/ABI/ldb-1.3.0.sigs copy to lib/ldb/ABI/ldb-1.4.5.sigs diff --git a/lib/ldb/ABI/pyldb-util-1.1.10.sigs b/lib/ldb/ABI/pyldb-util-1.4.5.sigs similarity index 100% copy from lib/ldb/ABI/pyldb-util-1.1.10.sigs copy to lib/ldb/ABI/pyldb-util-1.4.5.sigs diff --git a/lib/ldb/ABI/pyldb-util-1.1.10.sigs b/lib/ldb/ABI/pyldb-util.py3-1.4.5.sigs similarity index 100% copy from lib/ldb/ABI/pyldb-util-1.1.10.sigs copy to lib/ldb/ABI/pyldb-util.py3-1.4.5.sigs diff --git a/lib/ldb/ldb_tdb/ldb_index.c b/lib/ldb/ldb_tdb/ldb_index.c index 4b5054e81ec..55abcba6b74 100644 --- a/lib/ldb/ldb_tdb/ldb_index.c +++ b/lib/ldb/ldb_tdb/ldb_index.c @@ -2031,13 +2031,23 @@ int ltdb_search_indexed(struct ltdb_context *ac, uint32_t *match_count) } /* * Here we load the index for the tree. -* -* We only care if this is successful, if the -* index can't trim the result list down then -* the ONELEVEL index is still good enough. */ ret = ltdb_index_dn(ac->module, ltdb, ac->tree, idx_one_tree_list); + + /* +* We can stop if we're sure the object doesn't exist +*/ + if (ret == LDB_ERR_NO_SUCH_OBJECT) { + talloc_free(idx_one_tree_list); + talloc_free(dn_list); + return LDB_ERR_NO_SUCH_OBJECT; + } + + /* We only care if this is successful, if the +* index can't trim the result
[SCM] Samba Shared Repository - branch v4-8-test updated
The branch, v4-8-test has been updated via 22d5649e895 ldb: Bump ldb version to 1.3.7 via d3a9f298f49 ldb: Avoid inefficient one-level searches from 9917a7e70ea VERSION: Bump version up to 4.8.10... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-test - Log - commit 22d5649e895c41875ecbb3403d4b14753e12c1a4 Author: Tim Beale Date: Mon Feb 4 15:37:07 2019 +1300 ldb: Bump ldb version to 1.3.7 * ldb: Avoid inefficient one-level searches * dirsync: Allow arbitrary length cookies BUG: https://bugzilla.samba.org/show_bug.cgi?id=13686 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762 Signed-off-by: Tim Beale Autobuild-User(v4-8-test): Stefan Metzmacher Autobuild-Date(v4-8-test): Wed Feb 13 17:56:32 CET 2019 on sn-devel-144 commit d3a9f298f49b9e9950315007667cb10a3e51ffde Author: Tim Beale Date: Mon Feb 4 10:49:03 2019 +1300 ldb: Avoid inefficient one-level searches Commit 88ae60ed186c9 introduced a problem that made one-level searches inefficient if there were a lot of child objects in the same level, and the requested object didn't exist. Basically, it ignored the case where ldb_kv_index_dn() returned LDB_ERR_NO_SUCH_OBJECT, i.e. the indexed lookup was successful, but didn't find a match. At which point, there was no more processing we needed to do. The behaviour after 88ae60ed186c9 was to fall-through and run the ldb_kv_index_filter() function over *all* the children. This still returned the correct result, but could be costly if there were a lot of children. The case 88ae60ed186c9 was trying to fix was where we could not do an indexed search (e.g. trying to match on a 'attribute=*' filter). In which case we want to ignore the LDB_ERR_OPERATIONS_ERROR and just run ldb_kv_index_filter() over all the children. This is still more efficient than the fallback of doing a full database scan. This patch adds in a short-circuit for the NO_SUCH_OBJECT case, so we can skip the unnecessary ldb_kv_index_filter() work. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762 Signed-off-by: Tim Beale Reviewed-by: Andrew Bartlett (Manual merge of commit 9a893f9613bd6440ab in master) --- Summary of changes: lib/ldb/ABI/{ldb-1.3.0.sigs => ldb-1.3.7.sigs} | 0 .../{pyldb-util-1.1.10.sigs => pyldb-util-1.3.7.sigs} | 0 ...yldb-util-1.1.10.sigs => pyldb-util.py3-1.3.7.sigs} | 0 lib/ldb/ldb_tdb/ldb_index.c| 18 ++ lib/ldb/wscript| 2 +- 5 files changed, 15 insertions(+), 5 deletions(-) copy lib/ldb/ABI/{ldb-1.3.0.sigs => ldb-1.3.7.sigs} (100%) copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util-1.3.7.sigs} (100%) copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util.py3-1.3.7.sigs} (100%) Changeset truncated at 500 lines: diff --git a/lib/ldb/ABI/ldb-1.3.0.sigs b/lib/ldb/ABI/ldb-1.3.7.sigs similarity index 100% copy from lib/ldb/ABI/ldb-1.3.0.sigs copy to lib/ldb/ABI/ldb-1.3.7.sigs diff --git a/lib/ldb/ABI/pyldb-util-1.1.10.sigs b/lib/ldb/ABI/pyldb-util-1.3.7.sigs similarity index 100% copy from lib/ldb/ABI/pyldb-util-1.1.10.sigs copy to lib/ldb/ABI/pyldb-util-1.3.7.sigs diff --git a/lib/ldb/ABI/pyldb-util-1.1.10.sigs b/lib/ldb/ABI/pyldb-util.py3-1.3.7.sigs similarity index 100% copy from lib/ldb/ABI/pyldb-util-1.1.10.sigs copy to lib/ldb/ABI/pyldb-util.py3-1.3.7.sigs diff --git a/lib/ldb/ldb_tdb/ldb_index.c b/lib/ldb/ldb_tdb/ldb_index.c index 429c8f5aa24..f07c9a818c4 100644 --- a/lib/ldb/ldb_tdb/ldb_index.c +++ b/lib/ldb/ldb_tdb/ldb_index.c @@ -1835,13 +1835,23 @@ int ltdb_search_indexed(struct ltdb_context *ac, uint32_t *match_count) } /* * Here we load the index for the tree. -* -* We only care if this is successful, if the -* index can't trim the result list down then -* the ONELEVEL index is still good enough. */ ret = ltdb_index_dn(ac->module, ltdb, ac->tree, idx_one_tree_list); + + /* +* We can stop if we're sure the object doesn't exist +*/ + if (ret == LDB_ERR_NO_SUCH_OBJECT) { + talloc_free(idx_one_tree_list); + talloc_free(dn_list); + return LDB_ERR_NO_SUCH_OBJECT; + } + + /* We only care if this is successful, if the +
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via e21e24d8345 ldb: Release ldb 1.5.3 via bb850a07502 ldb: Add even more comments on what strict does to the list intersections via 2a915942295 ldb: Rename variable via 62fea7e9c3f ldb: Elaborate on ldb_kv_search_indexed() comments via f7774530936 ldb: Remove comment that no longer makes sense via 7fc34817657 ldb: Avoid inefficient one-level searches from 0c75bfe674b VERSION: Bump version up to 4.10.0rc2... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit e21e24d8345e441d639020affc1f6ee59762725d Author: Andrew Bartlett Date: Fri Feb 1 14:41:18 2019 +1300 ldb: Release ldb 1.5.3 * Avoid inefficient one-level searches (bug 13762) * The test api.py should not rely on order of entries in dict (bug 13772) BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13772 Signed-off-by: Andrew Bartlett Reviewed-by: Garming Sam (cherry picked from commit 5e716c0256a6bec92e7855ccfc077a328320f2ea) Autobuild-User(v4-10-test): Stefan Metzmacher Autobuild-Date(v4-10-test): Wed Feb 13 16:24:32 CET 2019 on sn-devel-144 commit bb850a075024ad8ac26a25681339f6ce88334aba Author: Andrew Bartlett Date: Fri Feb 1 14:22:17 2019 +1300 ldb: Add even more comments on what strict does to the list intersections BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762 Signed-off-by: Andrew Bartlett Reviewed-by: Garming Sam (cherry picked from commit e7f524fd2128aacb82e980652af8eb6fd275e1a8) commit 2a915942295e6cdc87dc9aab6cf2c8c78741f26e Author: Tim Beale Date: Thu Jan 10 14:25:06 2019 +1300 ldb: Rename variable The old name confused me because it's not really related to the one-level index at all. It's the result from evaluating the indexed search specified in the ac->tree. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762 Signed-off-by: Tim Beale Reviewed-by: Andrew Bartlett (cherry picked from commit 57a565b2fd680fc1a34f4ab91c6f6314f68ef67f) commit 62fea7e9c3f94d254e6c9f72cd690137c2ee556c Author: Tim Beale Date: Thu Jan 10 14:19:19 2019 +1300 ldb: Elaborate on ldb_kv_search_indexed() comments Disclaimer: this is based on my limited understanding of what the code is doing. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762 Signed-off-by: Tim Beale Reviewed-by: Andrew Bartlett (cherry picked from commit 132600685b8c5d4964f20634cd7a64b14f41cfa7) commit f7774530936bc3e9795b2f0089c984641ab5c5c9 Author: Tim Beale Date: Thu Jan 10 13:53:47 2019 +1300 ldb: Remove comment that no longer makes sense This comment was written before the GUID_index_attribute block of code existed. So we now *do* load the index values and *do* check for a strict intersect, so the comment is redundant. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762 Signed-off-by: Tim Beale Reviewed-by: Andrew Bartlett (cherry picked from commit 72928444823c5b18ac9ef98e7432c999d70aa571) commit 7fc3481765720d2fa0324f297e4a658520fb092f Author: Tim Beale Date: Thu Jan 10 13:34:18 2019 +1300 ldb: Avoid inefficient one-level searches Commit 88ae60ed186c9 introduced a problem that made one-level searches inefficient if there were a lot of child objects in the same level, and the requested object didn't exist. Basically, it ignored the case where ldb_kv_index_dn() returned LDB_ERR_NO_SUCH_OBJECT, i.e. the indexed lookup was successful, but didn't find a match. At which point, there was no more processing we needed to do. The behaviour after 88ae60ed186c9 was to fall-through and run the ldb_kv_index_filter() function over *all* the children. This still returned the correct result, but could be costly if there were a lot of children. The case 88ae60ed186c9 was trying to fix was where we could not do an indexed search (e.g. trying to match on a 'attribute=*' filter). In which case we want to ignore the LDB_ERR_OPERATIONS_ERROR and just run ldb_kv_index_filter() over all the children. This is still more efficient than the fallback of doing a full database scan. This patch adds in a short-circuit for the NO_SUCH_OBJECT case, so we can skip the unnecessary ldb_kv_index_filter() work. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762 Signed-off-by: Tim Beale Reviewed-by: Andrew Bartlett (cherry picked from commit 9a893f9613bd6440abd8e487d22a39ab5b82a7b9) --- Summary of changes: lib/ldb/ABI/{ldb-1.5.1.sigs => ldb-1.5.3.sigs} | 0 ...yldb-util-1.1.10.sigs => pyldb
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 95b2c9d7751 autobuild: Split backup/restore testenvs out into separate job from cca48c1a102 docs: Document DCEPRC binding string for rpcclient https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 95b2c9d7751ae1e5a00e1fb096f045dd73c03d72 Author: Tim Beale Date: Tue Feb 5 15:17:03 2019 +1300 autobuild: Split backup/restore testenvs out into separate job The samba-ad-dc-2 job was reaching its limits with the number of testenvs and what the resource-limited CI machines can handle. Samba processes were getting swapped out of memory, causing CI runs to fail. This patch splits the backup/restore testenv targets into a separate autobuild job: samba-ad-dc-backup. Signed-off-by: Tim Beale Reviewed-by: Stefan Metzmacher Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Tue Feb 5 12:23:31 CET 2019 on sn-devel-144 --- Summary of changes: .gitlab-ci.yml | 5 + script/autobuild.py | 12 2 files changed, 17 insertions(+) Changeset truncated at 500 lines: diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 5cc21033f53..908c29ec9d9 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -67,6 +67,11 @@ build_samba_ad_dc_2: # this one takes about 1 hours to finish - script/autobuild.py samba-ad-dc-2 --verbose --nocleanup --keeplogs --tail --testbase /tmp/samba-testbase +build_samba_ad_dc_backup: + <<: *shared_template + script: +- script/autobuild.py samba-ad-dc-backup--verbose --nocleanup --keeplogs --tail --testbase /tmp/samba-testbase + build_samba_ad_dc_2_py2: <<: *shared_template script: diff --git a/script/autobuild.py b/script/autobuild.py index 2ea9e55b932..00f0d2202a3 100755 --- a/script/autobuild.py +++ b/script/autobuild.py @@ -51,6 +51,7 @@ builddirs = { "samba-ad-dc-py2": ".", "samba-ad-dc-2": ".", "samba-ad-dc-2-py2": ".", +"samba-ad-dc-backup": ".", "samba-systemkrb5": ".", "samba-nopython": ".", "samba-buildpy2-only": ".", @@ -166,6 +167,17 @@ tasks = { "--include-env=vampire_2000_dc " "--include-env=fl2000dc " "--include-env=ad_dc_no_nss " + "'", + "text/plain"), +("check-clean-tree", "script/clean-source-tree.sh", "text/plain")], + +# run the backup/restore testenvs separately as they're fairly standalone +# (and CI seems to max out at ~8 different DCs running at once) +"samba-ad-dc-backup": [("random-sleep", "script/random-sleep.sh 60 600", "text/plain"), +("configure", "./configure.developer --with-selftest-prefix=./bin/ab" + samba_configure_params, "text/plain"), +("make", "make -j", "text/plain"), +("test", "make test FAIL_IMMEDIATELY=1 " + "TESTS='${PY3_ONLY}" "--include-env=backupfromdc " "--include-env=restoredc " "--include-env=renamedc " -- Samba Shared Repository
Re: Problem with pyconfig.h in python36 which is already solved for python27
Hi koobs, >> in Samba we recently switched to use python3 by default. But this breaks >> the build on FreeBSD (at least 11.1 and 12.0). In order to be most >> portable, we have a policy in Samba to include as the >> first header when creating python bindings. It means pyconfig.h and >> various system headers are included before our own config.h. >> A detailed way to reproduce this can be found at the end of this mail. >> >> The problem is that pyconfig.h defines >> _POSIX_C_SOURCE, __BSD_VISIBLE, _XOPEN_SOURCE and _XOPEN_SOURCE_EXTENDED. >> >> This seems to be fixed for python27 in this commit: >> https://github.com/freebsd/freebsd-ports/commit/4b17dd9aeb9b28759551f38bf0f6b0edcac88607 >> >> which added lang/python27/files/patch-pr192365. >> >> Could this be fixed for all python versions? > > Hi Stefan, > > The commit was added via: > > x11-toolkits/py-wxPython30 build fails > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192365 > > A similar issue (if not the same), reported upstream here: > > https://bugs.python.org/issue17120 > > I don't see any issues with carrying the same change in other python > ports, *but* we'd all like to see it resolved permanently upstream. > > In order of preference, to progress we'd need: > > 1) Upstream patches submitted against master, 3.7, 3.6, 2.7 so upstream > can resolve this completely, commits/merges from which we can backport > to our python ports. > > or > > 2) Patches against lang/pythonXY ports similar to python27, which may > not be suitable for upstreaming *as is* (freebsd-specific?) > > Along with either of those, create a new bug in Bugzilla to track this > too, with summary like "lang/python3*: " adding bug > 192365 to "See Also" > > I'm happy to put in the cycles to backport commits from (1) if we can > get the root of the issue solved upstream. > > Thanks for the detailed report. Thanks for the hints. I the meantime I noticed https://en.cppreference.com/w/c/string/byte/memset which states that __STDC_WANT_LIB_EXT1__ should be explicitly defined in order to get memset_s(). I'm going to fix Samba by using -D__STDC_WANT_LIB_EXT1__=1 instead of defining it in Samba's lib/replace/replace.h. That means __STDC_WANT_LIB_EXT1__ is also defined if Python.h is the first header. Thanks! metze signature.asc Description: OpenPGP digital signature
Problem with pyconfig.h in python36 which is already solved for python27
Hi, in Samba we recently switched to use python3 by default. But this breaks the build on FreeBSD (at least 11.1 and 12.0). In order to be most portable, we have a policy in Samba to include as the first header when creating python bindings. It means pyconfig.h and various system headers are included before our own config.h. A detailed way to reproduce this can be found at the end of this mail. The problem is that pyconfig.h defines _POSIX_C_SOURCE, __BSD_VISIBLE, _XOPEN_SOURCE and _XOPEN_SOURCE_EXTENDED. This seems to be fixed for python27 in this commit: https://github.com/freebsd/freebsd-ports/commit/4b17dd9aeb9b28759551f38bf0f6b0edcac88607 which added lang/python27/files/patch-pr192365. Could this be fixed for all python versions? An alternative fix for this specific problem would be defining __STDC_WANT_LIB_EXT1__ in pyconfig.h, but I don't know the reason for lang/python27/files/patch-pr192365 and I guess it's better to have the same fix for all python versions. Is this the correct channel to report this problem? Thanks in advance! metze This is a standalone way to reproduce the problem: $ cat memset_s.c #include #include int main(void) { char array[5] = { 1, }; memset_s(array, 5, 0, 5); return 0; } $ gcc -o memset_s.exe memset_s.c -I /usr/local/include/python2.7/ $ gcc -o memset_s.exe memset_s.c -I /usr/local/include/python3.6m/ memset_s.c: In function 'main': memset_s.c:6:2: warning: implicit declaration of function 'memset_s'; did you mean 'memset'? [-Wimplicit-function-declaration] memset_s(array, 5, 0, 5); ^~~~ memset $ gcc -o memset_s.exe memset_s.c -I ./python3.6m/ $ diff -Npur /usr/local/include/python3.6m/ ./python3.6m/ diff -Npur /usr/local/include/python3.6m/pyconfig.h ./python3.6m/pyconfig.h --- /usr/local/include/python3.6m/pyconfig.h2019-01-10 02:17:29.0 +0100 +++ ./python3.6m/pyconfig.h 2019-01-25 23:14:09.425842000 +0100 @@ -1478,7 +1478,7 @@ /* #undef _POSIX_1_SOURCE */ /* Define to activate features from IEEE Stds 1003.1-2008 */ -#define _POSIX_C_SOURCE 200809L +//#define _POSIX_C_SOURCE 200809L /* Define to 1 if you need to in order for `stat' and other things to work. */ /* #undef _POSIX_SOURCE */ @@ -1490,13 +1490,13 @@ #define _REENTRANT 1 /* Define to the level of X/Open that your system supports */ -#define _XOPEN_SOURCE 700 +//#define _XOPEN_SOURCE 700 /* Define to activate Unix95-and-earlier features */ -#define _XOPEN_SOURCE_EXTENDED 1 +//#define _XOPEN_SOURCE_EXTENDED 1 /* Define on FreeBSD to activate all library features */ -#define __BSD_VISIBLE 1 +//#define __BSD_VISIBLE 1 /* Define to 1 if type `char' is unsigned and you are not using gcc. */ #ifndef __CHAR_UNSIGNED__ $ gcc -o memset_s.exe memset_s.c -I ./python3.6m.fix2/ $ diff -Npur /usr/local/include/python3.6m/ ./python3.6m.fix2/ diff -Npur /usr/local/include/python3.6m/pyconfig.h ./python3.6m.fix2/pyconfig.h --- /usr/local/include/python3.6m/pyconfig.h2019-01-10 02:17:29.0 +0100 +++ ./python3.6m.fix2/pyconfig.h2019-01-25 23:43:59.350194000 +0100 @@ -1498,6 +1498,8 @@ /* Define on FreeBSD to activate all library features */ #define __BSD_VISIBLE 1 +#define __STDC_WANT_LIB_EXT1__ 1 + /* Define to 1 if type `char' is unsigned and you are not using gcc. */ #ifndef __CHAR_UNSIGNED__ /* # undef __CHAR_UNSIGNED__ */ signature.asc Description: OpenPGP digital signature
[SCM] Samba Shared Repository - annotated tag ldb-1.4.4 created
The annotated tag, ldb-1.4.4 has been created at f77fe63b6681f16193c31c446033af209897e648 (tag) tagging 76bcdecae236277f1510601aa35c207850c4e91e (commit) replaces samba-4.9.4 tagged by Stefan Metzmacher on Tue Jan 22 15:17:30 2019 +0100 - Log - ldb: tag release ldb-1.4.4 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlxHJfoACgkQR5ORYRMI QCVkqQf9HyrCS2REcpBnffNeK3l37/mcd4I0ZJgM0fEGbSVKOGi9q5dfgJfR3k1T QLUjbhpGFbCE5kT57pvNgQ8fg0Xtq3X+GkylAaxLoF4/fMYF2+o5mChJ5P6JnfVI NjmUFv2WHhQ/crL2GZe06df3vKBMqnOti1RLGfBtGEayJyCgcHwfx+wv6mulPEP9 1x7jScG1W7xcrniFC7XNd1ZYbAKBt9GGrdpkVsR32LtpDG0LXVW4VpWFzL4lpw4Z 2C8o1ueD/lgrYmAxHe1WDmUiWGDRz0H9uKwCjBKMUAMRW+mG4PJrcuOM6AZeWeFb 723xhCKMipJS/YC+IsUHa+uCby/ONQ== =2ZQ1 -END PGP SIGNATURE- Aaron Haslett (1): dns: changing onelevel search for wildcard to subtree Björn Jacke (1): samba-tool: don't print backtrace on simple DNS errors Christian Ambach (3): s3:script/tests reduce code duplication s3:utils/smbget add error handling for mkdir() calls s3:utils/smbget fix recursive download with empty source directories Douglas Bagnall (1): samba-tool drs showrepl: do not crash if no dnsHostName found Gary Lockyer (1): audit_logging: auth_json_audit required auth_json Günther Deschner (3): s3-smbd: avoid assuming fsp is always intact after close_file call. s3-vfs-streams_xattr: add close call s3-vfs-fruit: add close call Jeremy Allison (1): s3: lib: nmbname: Ensure we limit the NetBIOS name correctly. CID: 1433607 Justin Stephenson (1): s3: net: Do not set NET_FLAGS_ANONYMOUS with -k Karolin Seeger (1): VERISON: Bump version up to 4.9.5... Martin Schwenke (1): lib/util: Count a trailing line that doesn't end in a newline Noel Power (5): python: Add new compat PYARG_STR_UNI format s4/libnet: use 'et' as format for ParseTuple with python2 lib/ldb/tests/python: Add test to pass utf8 encoded bytes to ldb.Dn lib/ldb: Use new PYARG_ES format for parseTuple ldb: Bump ldb version to 1.4.4 Stefan Metzmacher (4): s3:auth: ignore create_builtin_guests() failing without a valid idmap configuration s3:auth_winbind: remove fallback to optional backend s3:auth_winbind: return NT_STATUS_NO_LOGON_SERVERS if winbindd is not available s3:auth_winbind: ignore a missing winbindd as NT4 PDC/BDC without trusts --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag tevent-0.9.38 created
The annotated tag, tevent-0.9.38 has been created at e09c950ab9f76b1310ddd5d813f9d371facd0180 (tag) tagging 1c73f38633ce40bcf19775fbeaf5e3baacdba9ab (commit) replaces talloc-2.1.15 tagged by Stefan Metzmacher on Tue Jan 15 11:46:43 2019 +0100 - Log - tevent: tag release tevent-0.9.38 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlw9uhMACgkQR5ORYRMI QCXhMQgAwK47tpF5TgCWmK6f3ITHEqklGZxzFyIreP7DRAQCs3ozvUIgnAx+BnFu ymIFN6EEL2QMEWWSAULRq/a4IOiSrVsQrH0yswFeS0h6eH3IlE58F5hwKN664KiH yDD7o15Tf3iAVhAH23nGhh0GXAgDKvu0zKRQVNJUzR62+SF6iB91CVhqa5kNgpgo H6Vq5vI4CBghSrlhNkRxVtBaz6WSXHDsKUhHCnXJ8et+6qoRUjhMgMHyOL35kUAH WD1lIIEqzfogUH2yxBGsjaWJJc2JeV1Tr8QQF1rtpj233XVtR8fldXuW8QJDKklc KgiAz2G3Dk2gJC4JXc6Y9DAEL/miVQ== =Wafc -END PGP SIGNATURE- Stefan Metzmacher (1): tevent: version 0.9.38 --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag ldb-1.5.2 created
The annotated tag, ldb-1.5.2 has been created at 60449a4f4a5fac4fd9ea467cfd6f50cef08b46b2 (tag) tagging 340cb9ca97bc2a23f102f80897a8d8f4809f0072 (commit) replaces tevent-0.9.38 tagged by Stefan Metzmacher on Tue Jan 15 11:47:16 2019 +0100 - Log - ldb: tag release ldb-1.5.2 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlw9ujQACgkQR5ORYRMI QCX4aQf/Tt6bnVR4mNj/04t9HnU7gvDKuuDQkvIwceeQ40sNgfzgJLTSVwsSxc2b G7jww8KSE3PXgCw7Q7pJftXNJhMA8iBC9M42JPE96TXFs4w5U+w9zTG3RyHJQBwr xXPyue+t1D9YVGvokdzAdmLmJCiudecpYpoUoW98C3KWJs1zcvpQ7wR3FJ8q7iOH HKtRZStW5NlVVkpfdeXlV1X5uHxp3OOyQarFFWzQYnBmXiDGq8GfnznZkraXcxp6 BVQjI+IpTHWWomymoCsKrH3hGpBU1ZQDMKU+issQa+y7jzvyaqN1xrbuBo8GuL50 3LigL08eKaCo+WGZAQSFPmPFZBWFQw== =Fpax -END PGP SIGNATURE- Stefan Metzmacher (1): ldb: version 1.5.2 --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag talloc-2.1.15 created
The annotated tag, talloc-2.1.15 has been created at 2bc2aa0c3983224d97629697bdd018c511799885 (tag) tagging b915626087c2340c7cd89cd2ecb7a8b20a756c0a (commit) replaces tdb-1.3.17 tagged by Stefan Metzmacher on Tue Jan 15 11:46:08 2019 +0100 - Log - talloc: tag release talloc-2.1.15 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlw9ufAACgkQR5ORYRMI QCWChggAw+WS0PumqmerAH+cOd0G9AIXcZtLlg2f1f7ogTn2o1bCx89b//BU58Cr x8CtCKq3N3/ptWZE3+jBGCQbuLQKyFg2qYy70vjNuN8gre+T8I9nMqiHVyNJ8fwJ xUYS5HfQzYMAJGmCieK3o8g2AHeYrQIgwBG1BLjqD63KSuNdIXBM+dkskdwn1uSW y7PA/xDXNOEiNX3NwWCCBgaNpm1dE40WreCsCwQ+I+E1U5vWwpZDRxpj6I9rbb0A y5bQLsuRfGo/DNIrKWAElhlhcPkp2wSqeh7qRQsJdAEa1/EAduQfgXp+0RBWVhDS 5+sKVxsY1uidN6GEz7c0NiEUyxD1+Q== =kVY/ -END PGP SIGNATURE- Aaron Haslett (1): dns: changing onelevel search for wildcard to subtree Björn Jacke (5): statvfs: fix bsize and frsize mixup waf: check for utmpx struct member ut_host s3/smbd: fix utmp hostname logging on Solaris waf:lib/replace: fix a build error with non-gcc compilers statvfs: rename linux_statvfs to posix_statvfs Karolin Seeger (6): WHATSNEW: Add release note for Samba 4.10.0rc1. VERSION: Bump version up to 4.10.0rc1... VERSION: Bump version up to 4.10.0rc2... Revert "VERSION: Bump version up to 4.10.0rc2..." Revert "VERSION: Bump version up to 4.10.0rc1..." Revert "WHATSNEW: Add release note for Samba 4.10.0rc1." Ladislav Michl via samba-technical (1): lib: replace: snprintf: Whitespace clean up Noel Power (8): python: Fix memory leak with ParseTuple (using 'es' format) python: Add new compat PYARG_STR_UNI format auth/credentials: use 'et' as format for ParseTuple with python2 python: use 'et' as format for ParseTuple with python2 s4/libnet: use 'et' as format for ParseTuple with python2 lib/ldb/tests/python: Add test to pass utf8 encoded bytes to ldb.Dn selftest: Enable ldb.python for PY3 lib/ldb: Use new PYARG_ES format for parseTuple Ralph Boehme (70): s3:lib: add root_unix_token() s3:smbd: let SMB_VFS_GETXATTRAT_SEND() do explicit impersonation s3:smbd: pass (raw) ev to SMB_VFS_GET_DOS_ATTRIBUTES_SEND() instead of smb_vfs_ev_glue s3:smbd: pass (raw) ev to dos_mode_at_send() instead of smb_vfs_ev_glue s3:smbd: pass (raw) ev to fetch_dos_mode_send instead of smb_vfs_ev_glue Revert "pthreadpool: reset monitor_fd after calling tevent_fd_set_auto_close()" Revert "pthreadpool: ignore the return value of poll(NULL, 0UL, 1)" Revert "pthreadpool: we need to use pthreadpool_tevent_per_thread_cwd() on the callers pool" Revert "vfs_aio_pthread: use event context and threadpool from user_vfs_evg" Revert "s3: vfs: add user_vfs_evg to connection_struct" Revert "s3: vfs: add smb_vfs_ev_glue" Revert "smbd: introduce sconn->sync_thread_pool" smbd: rename sconn->raw_thread_pool to sconn->pool Revert "pthreadpool: test cancelling and freeing jobs of a wrapped pthreadpool_tevent" Revert "pthreadpool: implement pthreadpool_tevent_wrapper_create() infrastructure" Revert "pthreadpool: add pthreadpool_restart_check[_monitor_{fd,drain}]()" Revert "pthreadpool: call unshare(CLONE_FS) if available" Revert "pthreadpool: add tests for pthreadpool_tevent_[current_job_]per_thread_cwd()" Revert "pthreadpool: add pthreadpool_tevent_[current_job_]per_thread_cwd()" Revert "pthreadpool: test cancelling and freeing pending pthreadpool_tevent jobs/pools" Revert "pthreadpool: add a comment about a further optimization in pthreadpool_tevent_job_destructor()" Revert "pthreadpool: maintain a list of job_states on each pthreadpool_tevent_glue" Revert "pthreadpool: add helgrind magic to PTHREAD_TEVENT_JOB_THREAD_FENCE_*()" Revert "pthreadpool: add some lockless coordination between the main and job threads" Revert "pthreadpool: maintain a global list of orphaned pthreadpool_tevent_jobs" Revert "pthreadpool: add pthreadpool_tevent_job_cancel()" Revert "pthreadpool: split out pthreadpool_tevent_job from pthreadpool_tevent_job_state" Revert "smbd: remove unused change_to_root_user() from brl_timeout_fn()" Revert "smbd: remove unused change_to_root_user() from smbd_sig_hup_handler()" Revert "smbd: avoid explicit change_to_user() in defer_rename_done() already done by impersonation" Revert "smbd: implement smbd_impersonate_{conn_vuid,conn_sess,root,g
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 12398a2d1dd vfs_fileid: fix get_connectpath_ino from 6619cec3dec s3:smbd: perform impersonation in smb2_query_directory_fetch_write_time_done() https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 12398a2d1ddcd326e02e5d8b0749e0e796145165 Author: Ralph Wuerthner Date: Thu Jan 10 14:28:14 2019 +0100 vfs_fileid: fix get_connectpath_ino Bug: https://bugzilla.samba.org/show_bug.cgi?id=13741 Signed-off-by: Ralph Wuerthner Reviewed-by: Volker Lendecke Reviewed-by: Jeremy Allison Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Tue Jan 15 04:13:15 CET 2019 on sn-devel-144 --- Summary of changes: source3/modules/vfs_fileid.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_fileid.c b/source3/modules/vfs_fileid.c index 5d08fe97d15..cb77a2e52c6 100644 --- a/source3/modules/vfs_fileid.c +++ b/source3/modules/vfs_fileid.c @@ -297,12 +297,14 @@ static int get_connectpath_ino(struct vfs_handle_struct *handle, } ret = SMB_VFS_NEXT_STAT(handle, fname); - TALLOC_FREE(fname); if (ret != 0) { DBG_ERR("stat failed for %s with %s\n", handle->conn->connectpath, strerror(errno)); + TALLOC_FREE(fname); return -1; } + *ino = fname->st.st_ex_ino; + TALLOC_FREE(fname); return 0; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
quot; via 622ba5191d9 Revert "pthreadpool: add pthreadpool_tevent_[current_job_]per_thread_cwd()" via f4d6c48c65b Revert "pthreadpool: add tests for pthreadpool_tevent_[current_job_]per_thread_cwd()" via e94cd84bbf8 Revert "pthreadpool: call unshare(CLONE_FS) if available" via 67015e13ca2 Revert "pthreadpool: add pthreadpool_restart_check[_monitor_{fd,drain}]()" via 9b7d2257996 Revert "pthreadpool: implement pthreadpool_tevent_wrapper_create() infrastructure" via d032210d972 Revert "pthreadpool: test cancelling and freeing jobs of a wrapped pthreadpool_tevent" via 29fc7c7db78 smbd: rename sconn->raw_thread_pool to sconn->pool via 8074922c267 Revert "smbd: introduce sconn->sync_thread_pool" via cedbfbd9b86 Revert "s3: vfs: add smb_vfs_ev_glue" via 29dd6f3e590 Revert "s3: vfs: add user_vfs_evg to connection_struct" via 56f76944817 Revert "vfs_aio_pthread: use event context and threadpool from user_vfs_evg" via 96332ed1000 Revert "pthreadpool: we need to use pthreadpool_tevent_per_thread_cwd() on the callers pool" via a75f5de15db Revert "pthreadpool: ignore the return value of poll(NULL, 0UL, 1)" via 57c7aaa36d2 Revert "pthreadpool: reset monitor_fd after calling tevent_fd_set_auto_close()" via edb75eeb56d s3:smbd: pass (raw) ev to fetch_dos_mode_send instead of smb_vfs_ev_glue via 9f3d9ba49b0 s3:smbd: pass (raw) ev to dos_mode_at_send() instead of smb_vfs_ev_glue via 56dee840e48 s3:smbd: pass (raw) ev to SMB_VFS_GET_DOS_ATTRIBUTES_SEND() instead of smb_vfs_ev_glue via 7f7ce0ec2f3 s3:smbd: let SMB_VFS_GETXATTRAT_SEND() do explicit impersonation via a62bc3f221b s3:torture: call per_thread_cwd_check() in vfstest.c main() via 16166542753 s3:smbd: prepare the usage of per_thread_cwd_*() functions via 92c2ed4db29 s3:lib: add per_thread_cwd_{check,supported,disable,activate}() helper functions via ad04a6ce49f s3:lib: add root_unix_token() from 8af4ec752a5 selftest: Improve an error message https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 168079b2c3693c08ac994e4ee61be101986a4bae Author: Stefan Metzmacher Date: Tue Jan 8 15:25:22 2019 +0100 tevent: deprecate tevent_wrapper api again Samba doesn't use it anymore and we don't want to invite new users of that api without further discussion. Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme Reviewed-by: Volker Lendecke Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Sat Jan 12 03:12:09 CET 2019 on sn-devel-144 commit dcd0edfdc90a009a87fc8b0bafbd09e2711ebccb Author: Ralph Boehme Date: Thu Dec 27 15:26:15 2018 +0100 Revert "smbd: add smbd_server_connection->raw_ev_ctx pointer" This reverts commit 6114f9545fa856717220658e87f2a60f6767b7f4. See the discussion in https://lists.samba.org/archive/samba-technical/2018-December/131731.html for the reasoning behind this revert. Signed-off-by: Ralph Boehme Reviewed-by: Volker Lendecke Reviewed-by: Stefan Metzmacher commit 47c443b479566bafc01ec6e3f94f2481d9659806 Author: Ralph Boehme Date: Tue Jan 8 10:39:56 2019 +0100 vfs_aio_pthread: add sync fallback Signed-off-by: Ralph Boehme Reviewed-by: Volker Lendecke Reviewed-by: Stefan Metzmacher commit a307e798ddfc4f8fa32e22827c39f5e1f0e87d47 Author: Ralph Boehme Date: Tue Jan 8 10:34:11 2019 +0100 vfs_aio_pthread: store conn instead of sconn in aio_open_private_data Signed-off-by: Ralph Boehme Reviewed-by: Volker Lendecke Reviewed-by: Stefan Metzmacher commit e2f46c9333e2919fbdfddc1f6049478fe07765aa Author: Ralph Boehme Date: Tue Jan 8 10:32:16 2019 +0100 vfs_aio_pthread: use struct initializer for aio_open_private_data Signed-off-by: Ralph Boehme Reviewed-by: Volker Lendecke Reviewed-by: Stefan Metzmacher commit 2f406fee523692e4dc4b11b13637dcbabaabe8c7 Author: Ralph Boehme Date: Tue Jan 8 07:38:53 2019 +0100 vfs_default: add sync fallback to fsync_send/recv Signed-off-by: Ralph Boehme Reviewed-by: Volker Lendecke Reviewed-by: Stefan Metzmacher commit 4673a8b9e36647500428a0283edb5ed645ff0da4 Author: Ralph Boehme Date: Tue Jan 8 07:38:42 2019 +0100 vfs_default: add sync fallback to pwrite_send/recv Signed-off-by: Ralph Boehme Reviewed-by: Volker Lendecke Reviewed-by: Stefan Metzmacher commit bc539d8104fcf7954331df1d4385ad84343c919a Author: Ralph Boehme Date: Tue Jan 8 07:38:04 2019 +0100 vfs_default: add sync fallback to pread_send/recv Signed-off
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via fd355dff906 s3:libsmb: cli_smb2_list() can sometimes fail initially on a connection via bf229de7926 libcli: Add error log if insufficient SMB2 credits from 08867de2efd s3:utils:net: Print debug message about Netbios https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit fd355dff906f5f4832901bce76544f1a4e50c33d Author: Tim Beale Date: Mon Jan 7 15:28:12 2019 +1300 s3:libsmb: cli_smb2_list() can sometimes fail initially on a connection cli_smb2_list() appears to be a slightly unique SMB operation in that it specifies the max transaction size for the response buffer size. The Python bindings highlighted a problem where if cli_smb2_list() were one of the first operations performed on the SMBv2 connection, it would fail due to insufficient credits. Because the response buffer size is (potentially) so much larger, it requires more credits (128) compared with other SMB operations. When talking to a samba DC, the connection credits seem to start off at 1, then increase by 32 for every SMB reply we receive back from the server. After cli_full_connection(), the connection has 65 credits. The cli_smb2_create_fnum() in cli_smb2_list() adds another 32 credits, but this is still less than the 128 that smb2cli_query_directory() requires. This problem doesn't happen for smbclient because the cli_cm_open() API it uses ends up sending more messages, and so the connection has more credits. This patch changes cli_smb2_list(), so it requests a smaller response buffer size if it doesn't have enough credits available for the max transaction size. smb2cli_query_directory() is already in a loop, so it can span multiple SMB messages if for some reason the transaction size isn't big enough for the listings. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13736 Signed-off-by: Tim Beale Reviewed-by: Stefan Metzmacher Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Thu Jan 10 02:40:16 CET 2019 on sn-devel-144 commit bf229de7926f12e329cdb3201f68f20ae776fe32 Author: Tim Beale Date: Mon Jan 7 12:06:15 2019 +1300 libcli: Add error log if insufficient SMB2 credits Although it's unusual to hit this case, I was seeing it happen while working on the SMB python bindings. Even with debug level 10, there was nothing coming out to help pin down the source of the NT_STATUS_INTERNAL_ERROR. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13736 Signed-off-by: Tim Beale Reviewed-by: Stefan Metzmacher --- Summary of changes: libcli/smb/smbXcli_base.c | 3 +++ source3/libsmb/cli_smb2_fnum.c | 14 +- 2 files changed, 16 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c index 40480c83aa0..a237bf17d0a 100644 --- a/libcli/smb/smbXcli_base.c +++ b/libcli/smb/smbXcli_base.c @@ -3231,6 +3231,9 @@ NTSTATUS smb2cli_req_compound_submit(struct tevent_req **reqs, avail = MIN(avail, state->conn->smb2.cur_credits); if (avail < charge) { + DBG_ERR("Insufficient credits. " + "%"PRIu64" available, %"PRIu16" needed\n", + avail, charge); return NT_STATUS_INTERNAL_ERROR; } diff --git a/source3/libsmb/cli_smb2_fnum.c b/source3/libsmb/cli_smb2_fnum.c index 6cba4422634..3a64438a5b9 100644 --- a/source3/libsmb/cli_smb2_fnum.c +++ b/source3/libsmb/cli_smb2_fnum.c @@ -919,7 +919,9 @@ NTSTATUS cli_smb2_list(struct cli_state *cli, TALLOC_CTX *frame = talloc_stackframe(); TALLOC_CTX *subframe = NULL; bool mask_has_wild; - uint32_t max_trans = smb2cli_conn_max_trans_size(cli->conn); + uint32_t max_trans; + uint32_t max_avail_len; + bool ok; if (smbXcli_conn_has_async_calls(cli->conn)) { /* @@ -968,6 +970,16 @@ NTSTATUS cli_smb2_list(struct cli_state *cli, goto fail; } + /* +* ideally, use the max transaction size, but don't send a request +* bigger than we have credits available for +*/ + max_trans = smb2cli_conn_max_trans_size(cli->conn); + ok = smb2cli_conn_req_possible(cli->conn, &max_avail_len); + if (ok) { + max_trans = MIN(max_trans, max_avail_len); + } + do { uint8_t *dir_data = NULL; uint32_t dir_data_length = 0; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via a9def5c6971 s3:libsmb: Revert SMB Py bindings name back to libsmb_samba_internal via 84069c8a547 netcmd/user: python[3]-gpgme unsupported and replaced by python[3]-gpg from b2a9d4c1f69 xml_docs: update traffic script documentation https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a9def5c6971fa1dea3aaa2da0e5dfd9246dd0c87 Author: Tim Beale Date: Wed Jan 9 10:15:49 2019 +1300 s3:libsmb: Revert SMB Py bindings name back to libsmb_samba_internal In order to make it clear that the APIs in these Python bindings are unstable and should not be used by external consumers, this patch changes the name of the Python bindings back to libsmb_samba_internal. To make the Python code that uses these bindings (i.e. samba-tool, etc) look a little cleaner, we can just change the module name as we import it, e.g. from samba.samba3 import libsmb_samba_internal as libsmb Signed-off-by: Tim Beale Reviewed-by: Stefan Metzmacher Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Wed Jan 9 14:30:31 CET 2019 on sn-devel-144 commit 84069c8a5476a47d45ab946d82abb0d6c04635c3 Author: Joe Guo Date: Thu Dec 20 16:47:00 2018 +1300 netcmd/user: python[3]-gpgme unsupported and replaced by python[3]-gpg python[3]-gpgme is deprecated since ubuntu 1804 and debian 9. use python[3]-gpg instead, and adapt the API. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13728 Signed-off-by: Joe Guo Reviewed-by: Andrew Bartlett Reviewed-by: Douglas Bagnall Reviewed-by: Stefan Metzmacher --- Summary of changes: python/samba/netcmd/user.py | 86 ++- python/samba/ntacls.py| 2 +- python/samba/tests/dcerpc/raw_testcase.py | 2 +- python/samba/tests/libsmb.py | 2 +- python/samba/tests/smb.py | 2 +- source3/libsmb/pylibsmb.c | 13 +++-- source3/wscript_build | 2 +- 7 files changed, 74 insertions(+), 35 deletions(-) Changeset truncated at 500 lines: diff --git a/python/samba/netcmd/user.py b/python/samba/netcmd/user.py index b3af8fffd6a..8ead8e583f3 100644 --- a/python/samba/netcmd/user.py +++ b/python/samba/netcmd/user.py @@ -21,6 +21,7 @@ import samba.getopt as options import ldb import pwd import os +import io import re import tempfile import difflib @@ -57,15 +58,56 @@ from samba.compat import text_type from samba.compat import get_bytes from samba.compat import get_string -try: -import io -import gpgme -gpgme_support = True -decrypt_samba_gpg_help = "Decrypt the SambaGPG password as cleartext source" -except ImportError as e: -gpgme_support = False -decrypt_samba_gpg_help = "Decrypt the SambaGPG password not supported, " + \ -"python-gpgme required" + +# python[3]-gpgme is abandoned since ubuntu 1804 and debian 9 +# have to use python[3]-gpg instead +# The API is different, need to adapt. + +def _gpgme_decrypt(encrypted_bytes): +""" +Use python[3]-gpgme to decrypt GPG. +""" +ctx = gpgme.Context() +ctx.armor = True # use ASCII-armored +out = io.BytesIO() +ctx.decrypt(io.BytesIO(encrypted_bytes), out) +return out.getvalue() + + +def _gpg_decrypt(encrypted_bytes): +""" +Use python[3]-gpg to decrypt GPG. +""" +ciphertext = gpg.Data(string=encrypted_bytes) +ctx = gpg.Context(armor=True) +# plaintext, result, verify_result +plaintext, _, _ = ctx.decrypt(ciphertext) +return plaintext + + +gpg_decrypt = None + +if not gpg_decrypt: +try: +import gpgme +gpg_decrypt = _gpgme_decrypt +except ImportError: +pass + +if not gpg_decrypt: +try: +import gpg +gpg_decrypt = _gpg_decrypt +except ImportError: +pass + +if gpg_decrypt: +decrypt_samba_gpg_help = ("Decrypt the SambaGPG password as " + "cleartext source") +else: +decrypt_samba_gpg_help = ("Decrypt the SambaGPG password not supported, " + "python[3]-gpgme or python[3]-gpg required") + disabled_virtual_attributes = { } @@ -1033,13 +1075,8 @@ class GetPasswordCommand(Command): # sgv = get_package("Primary:SambaGPG", min_idx=-1) if sgv is not None and unicodePwd is not None: -ctx = gpgme.Context() -ctx.armor = True -cipher_io = io.BytesIO(sgv) -plain_io = io.BytesIO() try: -ctx.decrypt(cipher_io, plain_i
Re: [SCM] Samba Shared Repository - branch master updated
Hi Tim, > diff --git a/source3/wscript_build b/source3/wscript_build > index a8ea8e581df..9d188a8d36a 100644 > --- a/source3/wscript_build > +++ b/source3/wscript_build > @@ -1323,7 +1323,7 @@ for env in bld.gen_python_environments(): > bld.SAMBA3_PYTHON('pylibsmb', >source='libsmb/pylibsmb.c', >deps='smbclient samba-credentials %s' % pycredentials, > - realname='samba/samba3/libsmb_samba_internal.so' > + realname='samba/samba3/libsmb.so' >) What's wrong with libsmb_samba_internal? I'd keep the name. metze signature.asc Description: OpenPGP digital signature
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3d016d6f327 Happy New Year 2019! from be2a67319d1 auth/gensec: enforce that all DCERPC contexts support SIGN_PKT_HEADER https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3d016d6f327058db49f6920e92102df4dcc85945 Author: Stefan Metzmacher Date: Tue Jan 1 12:52:26 2019 +0100 Happy New Year 2019! Signed-off-by: Stefan Metzmacher Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Tue Jan 1 16:02:05 CET 2019 on sn-devel-144 --- Summary of changes: source3/include/smb.h | 2 +- source4/smbd/server.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/smb.h b/source3/include/smb.h index 0fd9471c356..dfdb79cba56 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -30,7 +30,7 @@ #include "libds/common/roles.h" /* logged when starting the various Samba daemons */ -#define COPYRIGHT_STARTUP_MESSAGE "Copyright Andrew Tridgell and the Samba Team 1992-2018" +#define COPYRIGHT_STARTUP_MESSAGE "Copyright Andrew Tridgell and the Samba Team 1992-2019" #define SAFETY_MARGIN 1024 #define LARGE_WRITEX_HDR_SIZE 65 diff --git a/source4/smbd/server.c b/source4/smbd/server.c index 57e05dccade..086fed99273 100644 --- a/source4/smbd/server.c +++ b/source4/smbd/server.c @@ -509,7 +509,7 @@ static int binary_smbd_main(const char *binary_name, binary_name, SAMBA_VERSION_STRING)); DEBUGADD(0,("Copyright Andrew Tridgell and the Samba Team" - " 1992-2018\n")); + " 1992-2019\n")); if (sizeof(uint16_t) < 2 || sizeof(uint32_t) < 4 || -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via ecafdcb3914 s3:pylibsmb: allow ImpersonationLevel argument to create() via c8a5e89d9f6 s3:libsmb: pass impersonation_level to cli_ntcreate_send() via ed0deadf628 s3:libsmb: pass ImpersonationLevel to cli_ntcreate1_send() via 850aef94dc4 s3:libsmb: pass impersonation_level to cli_smb2_create_fnum() via be464c1dc86 s3:libsmb: pass impersonation_level to cli_smb2_create_fnum_send() via 64e68abdc9e s3:pylibsmb: make use of protocol independent cli_read_send/recv in py_cli_read() via 3c3b44004fd s3:pylibsmb: make use of protocol independent cli_write_send/recv in py_cli_write() via 9fb0d8e7e2e s3:libsmb: add comments for cli_write_send/cli_push_send via 6a3d2c3345a s3:libsmb: add cli_write_send/recv which work with SMB1/2/3 via 0af6b335448 s3:pylibsmb: make use of PYARG_BYTES_LEN in py_cli_write() via 60148c9ee14 s3:pylibsmb: make use of PyBytes_FromStringAndSize() in py_cli_read() via aaf7aaa6e26 s3:pylibsmb: .get_oplock_break API is dependent on multi_threaded=True via fdc62b03ca5 s3:pylibsmb: remember that a connection uses SMB1 via 790dab571c4 s3:pylibsmb: add force_smb1=True in order to control forcing of SMB1 via 247a71b63ae s3:pylibsmb: add sign=True to require signing via 1bccbfcff78 s3:pylibsmb: only use poll_mt backend if multi_threaded=True is specified via 59cb025e61a s3:pylibsmb: pass self to py_tevent_req_wait_exc() via 660b872163c wafsamba: fix pidl dependencies to rebuild on pidl changes from 57783d6295d pidl: Fix unsigned integer comparison warning https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit ecafdcb39143b6b3a74f2b9d578241a0170f8486 Author: Stefan Metzmacher Date: Fri Dec 7 16:40:10 2018 +0100 s3:pylibsmb: allow ImpersonationLevel argument to create() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 Signed-off-by: Stefan Metzmacher Reviewed-by: Tim Beale Reviewed-by: Andrew Bartlett Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Thu Dec 13 12:35:06 CET 2018 on sn-devel-144 commit c8a5e89d9f6575c4e9eb770997172e9c25f8e9d0 Author: Stefan Metzmacher Date: Fri Dec 7 16:38:57 2018 +0100 s3:libsmb: pass impersonation_level to cli_ntcreate_send() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 Signed-off-by: Stefan Metzmacher Reviewed-by: Tim Beale Reviewed-by: Andrew Bartlett commit ed0deadf6287c4c56e99503bf78f20db2f297401 Author: Stefan Metzmacher Date: Fri Dec 7 16:35:16 2018 +0100 s3:libsmb: pass ImpersonationLevel to cli_ntcreate1_send() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 Signed-off-by: Stefan Metzmacher Reviewed-by: Tim Beale Reviewed-by: Andrew Bartlett commit 850aef94dc4d9370d03f18510de93116221a0feb Author: Stefan Metzmacher Date: Fri Dec 7 16:42:06 2018 +0100 s3:libsmb: pass impersonation_level to cli_smb2_create_fnum() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 Signed-off-by: Stefan Metzmacher Reviewed-by: Tim Beale Reviewed-by: Andrew Bartlett commit be464c1dc8675f6e362b7a5b51c6776dc682e3b9 Author: Stefan Metzmacher Date: Fri Dec 7 16:32:05 2018 +0100 s3:libsmb: pass impersonation_level to cli_smb2_create_fnum_send() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 Signed-off-by: Stefan Metzmacher Reviewed-by: Tim Beale Reviewed-by: Andrew Bartlett commit 64e68abdc9e7d991809e6eab57826b4456d8e973 Author: Stefan Metzmacher Date: Fri Dec 7 14:28:04 2018 +0100 s3:pylibsmb: make use of protocol independent cli_read_send/recv in py_cli_read() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 Signed-off-by: Stefan Metzmacher Reviewed-by: Tim Beale Reviewed-by: Andrew Bartlett commit 3c3b44004fd39a890f2bdfadf3ebb68a53f3403f Author: Stefan Metzmacher Date: Fri Dec 7 14:28:04 2018 +0100 s3:pylibsmb: make use of protocol independent cli_write_send/recv in py_cli_write() BUG: https://bugzilla.samba.org
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 2f68c436cc8 wscript_configure_system_mitkrb5: reject a system heimdal krb5-config from bd4bdced5ff selftest: Don't run KCC on backup testenvs (to avoid flappiness) https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 2f68c436cc857dd6c56ec75e03664388f5d1da2b Author: Stefan Metzmacher Date: Wed Dec 5 13:30:07 2018 +0100 wscript_configure_system_mitkrb5: reject a system heimdal krb5-config Review with: git show -w Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Thu Dec 6 16:53:33 CET 2018 on sn-devel-144 --- Summary of changes: wscript_configure_system_mitkrb5 | 40 +--- 1 file changed, 21 insertions(+), 19 deletions(-) Changeset truncated at 500 lines: diff --git a/wscript_configure_system_mitkrb5 b/wscript_configure_system_mitkrb5 index 534818b9dcb..b05ac3f3e50 100644 --- a/wscript_configure_system_mitkrb5 +++ b/wscript_configure_system_mitkrb5 @@ -1,5 +1,5 @@ import sys -from waflib import Logs, Options +from waflib import Logs, Options, Errors # Check for kerberos have_gssapi=False @@ -56,24 +56,26 @@ if conf.env.KRB5_CONFIG: vendor = conf.cmd_and_log(conf.env.KRB5_CONFIG+['--vendor']) conf.env.KRB5_VENDOR = vendor.strip().lower() -if conf.env.KRB5_VENDOR != 'heimdal': -conf.define('USING_SYSTEM_KRB5', 1) -del conf.env.HEIMDAL_KRB5_CONFIG -krb5_conf_version = conf.cmd_and_log(conf.env.KRB5_CONFIG+['--version']).strip() - -krb5_version = krb5_conf_version.split()[-1] - -# drop '-prerelease' suffix -if krb5_version.find('-') > 0: -krb5_version = krb5_version.split("-")[0] - -if parse_version(krb5_version) < parse_version(krb5_required_version): -Logs.error('ERROR: The MIT KRB5 build with Samba AD requires at least %s. %s has been found and cannot be used' % (krb5_required_version, krb5_version)) -Logs.error('ERROR: If you want to just build Samba FS (File Server) use the option --without-ad-dc which requires version %s' % (krb5_min_required_version)) -Logs.error('ERROR: You may try to build with embedded Heimdal Kerberos by not specifying --with-system-mitkrb5') -sys.exit(1) -else: -Logs.info('MIT Kerberos %s detected, MIT krb5 build can proceed' % (krb5_version)) +if conf.env.KRB5_VENDOR == 'heimdal': +raise Errors.WafError('--with-system-mitkrb5 cannot be used with system heimdal') + +conf.define('USING_SYSTEM_KRB5', 1) +del conf.env.HEIMDAL_KRB5_CONFIG +krb5_conf_version = conf.cmd_and_log(conf.env.KRB5_CONFIG+['--version']).strip() + +krb5_version = krb5_conf_version.split()[-1] + +# drop '-prerelease' suffix +if krb5_version.find('-') > 0: +krb5_version = krb5_version.split("-")[0] + +if parse_version(krb5_version) < parse_version(krb5_required_version): +Logs.error('ERROR: The MIT KRB5 build with Samba AD requires at least %s. %s has been found and cannot be used' % (krb5_required_version, krb5_version)) +Logs.error('ERROR: If you want to just build Samba FS (File Server) use the option --without-ad-dc which requires version %s' % (krb5_min_required_version)) +Logs.error('ERROR: You may try to build with embedded Heimdal Kerberos by not specifying --with-system-mitkrb5') +sys.exit(1) +else: +Logs.info('MIT Kerberos %s detected, MIT krb5 build can proceed' % (krb5_version)) conf.CHECK_CFG(args="--cflags --libs", package="com_err", uselib_store="com_err") conf.CHECK_FUNCS_IN('_et_list', 'com_err') -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 5674c21c115 Added redirect from GitHub to GitLab via f87d6cbfff3 ctdb/wscript: make use of MODE_{644,744,755,777} via 19d71597b07 wafsamba: add MODE_{744,_777} via 8ba0a9a1abb ctdb/wscript: use python 3.6 compatible functions via a83e4a24abd buildtools: remove unused buildtools/bin/waf-1.9 from 8b8d9fdad4a winbindd: Route predefined domains through the BUILTIN domain child https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 5674c21c1156bab0c0ec461e4db147f431ec50d6 Author: Daniel Southward-Ellis Date: Tue Dec 4 14:35:47 2018 +1300 Added redirect from GitHub to GitLab Signed-off-by: Daniel Southward-Ellis Reviewed-by: Gary Lockyer Reviewed-by: Andrew Bartlett Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Wed Dec 5 16:35:33 CET 2018 on sn-devel-144 commit f87d6cbfff3ebb74fe09b9547676f16ecd8547a8 Author: Stefan Metzmacher Date: Wed Dec 5 00:05:36 2018 +0100 ctdb/wscript: make use of MODE_{644,744,755,777} Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett commit 19d71597b078544e0527a5d07b65c454e4534931 Author: Stefan Metzmacher Date: Sat Nov 17 13:11:52 2018 +0100 wafsamba: add MODE_{744,_777} Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett commit 8ba0a9a1abb8bbe1df5ff808645adf305bc4e0b3 Author: Stefan Metzmacher Date: Mon Nov 19 12:05:29 2018 +0100 ctdb/wscript: use python 3.6 compatible functions Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett commit a83e4a24abd4116c78b7fa775b7f05511d843481 Author: Stefan Metzmacher Date: Mon Nov 19 12:04:56 2018 +0100 buildtools: remove unused buildtools/bin/waf-1.9 Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- Summary of changes: .github/contributing.md| 4 + .github/pull_request_template.md | 4 + buildtools/bin/waf-1.9 | 164 - buildtools/wafsamba/samba_utils.py | 2 + ctdb/wscript | 30 +++ 5 files changed, 26 insertions(+), 178 deletions(-) create mode 100644 .github/contributing.md create mode 100644 .github/pull_request_template.md delete mode 100755 buildtools/bin/waf-1.9 Changeset truncated at 500 lines: diff --git a/.github/contributing.md b/.github/contributing.md new file mode 100644 index 000..ad5136b3bc3 --- /dev/null +++ b/.github/contributing.md @@ -0,0 +1,4 @@ +## Samba is moving to GitLab +The samba project is moving to GitLab, please consider contributing there instead. +Instructions for setting up can be found at: https://wiki.samba.org/index.php/Samba_CI_on_gitlab +The GitLab repository can be found here: https://gitlab.com/samba-team/samba diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 000..c12ae3bb602 --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,4 @@ +## Samba is moving to GitLab +The samba project is moving to GitLab, please consider opening a merge request there instead. +Instructions for setting up can be found at: https://wiki.samba.org/index.php/Samba_CI_on_gitlab +The GitLab repository can be found here: https://gitlab.com/samba-team/samba diff --git a/buildtools/bin/waf-1.9 b/buildtools/bin/waf-1.9 deleted file mode 100755 index a83a2430ed3..000 --- a/buildtools/bin/waf-1.9 +++ /dev/null @@ -1,164 +0,0 @@ -#!/usr/bin/env python -# encoding: ISO8859-1 -# Thomas Nagy, 2005-2015 - -""" -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: - -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - -3. The name of the author may not be used to endorse or promote products - derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR -IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, -INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -
[SCM] Samba Shared Repository - annotated tag ldb-1.4.3 created
The annotated tag, ldb-1.4.3 has been created at b314989a08f25f7e256bd5f2fbeca8d6e3129c19 (tag) tagging c20b587a3bb2b339468fefd3f60c5ca85e1873c6 (commit) replaces samba-4.9.1 tagged by Stefan Metzmacher on Thu Nov 8 09:08:23 2018 +0100 - Log - ldb: tag release ldb-1.4.3 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlvj7vcACgkQR5ORYRMI QCW1CQgAiGbRet/8rBitEPF8p1ROls4N6mAUdToYPLGRhKWJQwpxmk/odkuJT6Ks XD7jpTOcjIj3jwhiUcbux5xhbvIQ5qRGMWCtRVO4r8u78EjKv9UrNrIpGPVO+ZQF QvEzyS3wstXxKZbcNBLleRtrRuLY5pEFkG8byJdvinEjVAwQ45kBHAbOhRdOF3m9 TxkWwXEMpM5oX9NR93vAIRlPNpzQrYh6w3XDLuNd63v7/nStoB6PyMg3wKslaNdR JN8X7zFWHfylHKwRCO4hQNV93h1/iVKfRJU8NU94FbJA6TJqU7nwx+cqifnhCgGm bG0TU754bwTxGJhN7oX+5rN9jOwnHg== =W3Cp -END PGP SIGNATURE- Amitay Isaacs (12): ctdb-daemon: Add invalid_records flag to ctdb_db_context ctdb-daemon: Don't pull any records if records are invalidated ctdb-daemon: Invalidate records if a node becomes INACTIVE ctdb-vacuum: Simplify the deletion of vacuumed records ctdb-vacuum: Fix the incorrect counting of remote errors ctdb-vacuum: Remove unnecessary check for zero records in delete list ctdb-daemon: Drop implementation of RECEIVE_RECORDS control ctdb-protocol: Mark RECEIVE_RECORDS control obsolete ctdb-protocol: Drop marshalling code for RECEIVE_RECORDS control ctdb-tests: Drop code for RECEIVE_RECORDS control ctdb-common: Set close-on-exec for startup fd ctdb-event: Check the return status of sock_daemon_set_startup_fd Andreas Schneider (3): waf: Check for -fstack-protect-strong support waf: Add -fstack-clash-protection s3:winbind: Check return code of initialize_password_db() Andrew Bartlett (2): dsdb: Ensure that a DN (now) pointing at a deleted object counts for objectclass-based MUST dsdb: Add comments explaining the limitations of our current backlink behaviour Christof Schmitt (16): s3/lib:popt_common: Move setup_logging to common callback s3:lib: Move popt_common_credentials to separate file s3:lib: Introduce cmdline context wrapper test:doc: Skip 'clustering=yes' s3:smbpasswd: Use cmdline_messaging_context s3:smbstatus: Use cmdline_messaging_context rpcclient: Use cmdline_messaging_context s3:net: Use cmdline_messaging_context s3:pdbedit: Use cmdline_messaging_context s3:testparm: Use cmdline_messaging_context s3:sharesec: Use cmdline_messaging_context s3: ntlm_auth: Use cmdline_messaging_context s3:eventlogadm: Use cmdline_messaging_context s3:dbwrap_tool: Use cmdline_messaging_context s3:smbcontrol: Use cmdline_messaging_context s3:smbget: Use cmdline_messaging_context David Mulder (2): python: Allow forced signing via smb.SMB() lib:socket: If returning early, set ifaces Jeremy Allison (1): s3: smbd: Prevent valgrind errors in smbtorture3 POSIX test. Karolin Seeger (1): VERSION: Bump version up to 4.9.2... Martin Schwenke (4): ctdb-tests: Add recovery record resurrection test for volatile databases ctdb-daemon: Return early when refusing to run an event script ctdb-daemon: Exit if eventd goes away ctdb-daemon: Fix valgrind hit in event code Noel Power (4): lib/ldb: Test correct variable for no mem condition lib/ldb/tests: add test for ldb.Dn passed utf8 unicode lib/ldb: Ensure ldb.Dn can accept utf8 encoded unicode ldb: Bump ldb version to 1.4.3 Ralph Boehme (35): s3:lib/server_contexts: make server_event_ctx and server_msg_ctx static s3:loadparm: reinit_globals in lp_load_with_registry_shares() selftest: pass configfile to pdbedit s3:popt_common: use cmdline_messaging_context() in popt_common_credentials_callback() s3:messaging: remove unused messaging_init_client() s4:torture: FinderInfo conversion test with AppleDouble without xattr data vfs_fruit: fix two comments vfs_fruit: store filler bytes from AppleDouble file header in struct adouble vfs_fruit: move setting ADEID_FINDERI length to ad_convert_xattr() vfs_fruit: do direct return from error checks in ad_convert() vfs_fruit: remove unneeded fd argument from ad_convert() vfs_fruit: move storing of modified struct adouble to ad_convert() vfs_fruit: move FinderInfo conversion to helper function and call it from ad_convert() vfs_fruit: move FinderInfo lenght check to ad_convert() vfs_fruit: split out truncating from ad_convert() vfs_fruit: use ADEDOFF_RFORK_DOT_UND offset macro in ad_convert_truncate() vfs_fruit: split out moving of the resource fork vfs_fruit: use ADEDOFF_RFORK_DOT_UND offset macro in ad_convert_move_reso() vfs_fruit: fix error returns in ad_convert_xattr() vfs_fruit: let
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via aeef8b4 dsdb group audit tests: log_membership_changes extra tests via c952fc1 dsdb group audit tests: check_version improve diagnostics via e2970887 dsdb group audit tests: check_timestamp improve diagnostics via 8420a4d dsdb group audit: align dn_compare with memcmp via eeb4089 dsdb group_audit: Test to replicate BUG 13664 from 852e1db dsdb: Add comments explaining the limitations of our current backlink behaviour https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit aeef8b41fa03a32859f824f4a09560ad83bd2b50 Author: Gary Lockyer Date: Thu Oct 25 10:52:55 2018 +1300 dsdb group audit tests: log_membership_changes extra tests Add extra tests to ensure better test coverage of log_membership_changes Signed-off-by: Gary Lockyer Reviewed-by: Stefan Metzmacher Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Tue Oct 30 20:20:26 CET 2018 on sn-devel-144 commit c952fc1273397c04fddf177bcd809551d6324bdd Author: Gary Lockyer Date: Thu Oct 25 14:38:31 2018 +1300 dsdb group audit tests: check_version improve diagnostics Change check_version to display the expected, actual along with the line and name of the failing test, rather than the line in check_version Signed-off-by: Gary Lockyer Reviewed-by: Stefan Metzmacher commit e2970887140d558c6359fd9b3f8c2a4c26d2cf35 Author: Gary Lockyer Date: Thu Oct 25 13:28:09 2018 +1300 dsdb group audit tests: check_timestamp improve diagnostics Change check_timestamp to display the expected, actual along with the line and name of the failing test, rather than the line in check_timestamp. Signed-off-by: Gary Lockyer Reviewed-by: Stefan Metzmacher commit 8420a4d0fddd71af608635a707ef20f37fa9b627 Author: Gary Lockyer Date: Thu Oct 25 10:52:27 2018 +1300 dsdb group audit: align dn_compare with memcmp Rename the parameter names and adjust the return codes from dn_compare so that: dn_compare(a, b) => LESS_THAN means a is less than b. GREATER_THAN means a is greater than b. Thanks to metze for suggesting the correct semantics for dn_compare BUG: https://bugzilla.samba.org/show_bug.cgi?id=13664 Signed-off-by: Gary Lockyer Reviewed-by: Stefan Metzmacher commit eeb4089dafc45277d8af19073ef9348451c1836a Author: Gary Lockyer Date: Tue Oct 23 17:14:34 2018 +1300 dsdb group_audit: Test to replicate BUG 13664 The group audit code incorrectly logs member additions and deletions. Thanks to metze for the debugging that isolated the issue, and for suggesting the fix to dn_compare. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13664 Signed-off-by: Gary Lockyer Reviewed-by: Stefan Metzmacher --- Summary of changes: source4/dsdb/samdb/ldb_modules/group_audit.c | 31 +- .../samdb/ldb_modules/tests/test_group_audit.c | 716 - 2 files changed, 718 insertions(+), 29 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/samdb/ldb_modules/group_audit.c b/source4/dsdb/samdb/ldb_modules/group_audit.c index 1c74805..47b6943 100644 --- a/source4/dsdb/samdb/ldb_modules/group_audit.c +++ b/source4/dsdb/samdb/ldb_modules/group_audit.c @@ -311,35 +311,36 @@ enum dn_compare_result { GREATER_THAN }; /* - * @brief compare parsed_dns + * @brief compare parsed_dn, using GUID ordering * - * Compare two parsed_dn structures, parsing the entries if necessary. + * Compare two parsed_dn structures, using GUID ordering. * To avoid the overhead of parsing the DN's this function does a binary - * compare first. Only parsing the DN's they are not equal at a binary level. + * compare first. The DN's tre only parsed if they are not equal at a binary + * level. * * @param ctx talloc context that will own the parsed dsdb_dn * @param ldb ldb_context - * @param old_val The old value - * @param new_val The old value + * @param dn1 The first dn + * @param dn2 The second dn * * @return BINARY_EQUAL values are equal at a binary level * EQUALDN's are equal but the meta data is different - * LESS_THANold value < new value - * GREATER_THAN old value > new value + * LESS_THANdn1's GUID is less than dn2's GUID + * GREATER_THAN dn1's GUID is greater than dn2's GUID * */ static enum dn_compare_result dn_compare( TALLOC_CTX *mem_ctx, struct ldb_context *ldb, - struct parsed_dn *old_val, - struct parsed_dn *new_val) { + struct parsed_dn *dn1, + struct parsed_dn *dn2) { int res = 0; /* * Do a
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via cff1b31 smbd: Simplify downgrade_share_lease via a93aa15 smbd: Move downgrade_share_lease into downgrade_lease via 56139b8 smbd: Simplify downgrade_lease via 664808a smbd: Slightly simplify downgrade_lease() via 4980e60 smbd: Use find_share_mode_lease() in downgrade_share_lease via 0e7c546 smbd: Move downgrade_share_lease() to smbd/oplock.c from 6240022 tests: Check pam_winbind pw change with different options https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit cff1b31c2a82d7e07b7d413bed8a2843f1cd6508 Author: Volker Lendecke Date: Sun Sep 16 11:25:14 2018 +0200 smbd: Simplify downgrade_share_lease Coalesce the NT_STATUS_OPLOCK_BREAK_IN_PROGRESS case into just one if-condition Signed-off-by: Volker Lendecke Reviewed-by: Stefan Metzmacher Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Tue Oct 2 22:22:37 CEST 2018 on sn-devel-144 commit a93aa1511fe71a7d43facb79cca7e89aed289075 Author: Volker Lendecke Date: Fri Sep 14 16:41:25 2018 +0200 smbd: Move downgrade_share_lease into downgrade_lease The next step will simplify the logic of the code. Signed-off-by: Volker Lendecke Reviewed-by: Stefan Metzmacher commit 56139b8ec621d47d542042e7aa512aa07fd53fd0 Author: Volker Lendecke Date: Fri Sep 14 16:10:58 2018 +0200 smbd: Simplify downgrade_lease To me, the "additive" SMB2_LEASE_WRITE|SMB2_LEASE_HANDLE is easier to read than the negated ~SMB2_LEASE_READ. Signed-off-by: Volker Lendecke Reviewed-by: Stefan Metzmacher commit 664808af09bf42206af2ce15c9e9b5d773ab56ca Author: Volker Lendecke Date: Fri Sep 14 16:03:57 2018 +0200 smbd: Slightly simplify downgrade_lease() As much as I dislike }else{ and prefer early returns, I even more dislike asking for the same condition in two different ways. Signed-off-by: Volker Lendecke Reviewed-by: Stefan Metzmacher commit 4980e60dfc5b9e6b96ea8c8de4d2e911c9c2f011 Author: Volker Lendecke Date: Fri Sep 14 13:30:43 2018 +0200 smbd: Use find_share_mode_lease() in downgrade_share_lease Simple simplification: In locking/ we did not have the direct reference to find_share_mode_lock. Signed-off-by: Volker Lendecke Reviewed-by: Stefan Metzmacher commit 0e7c5464631cee3a7eda0d03a941b5179981019c Author: Volker Lendecke Date: Fri Sep 14 13:18:50 2018 +0200 smbd: Move downgrade_share_lease() to smbd/oplock.c This function is pretty closely entangled with its only caller. In particular the NT_STATUS_OPLOCK_BREAK_IN_PROGRESS triggers acitivity in the caller, and that's the only case where "*_l" is being set to non-NULL. Prepare for cleanup Signed-off-by: Volker Lendecke Reviewed-by: Stefan Metzmacher --- Summary of changes: source3/locking/locking.c | 85 -- source3/locking/proto.h | 6 source3/smbd/oplock.c | 86 ++- 3 files changed, 78 insertions(+), 99 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/locking/locking.c b/source3/locking/locking.c index 8ee9237..ae5f0bb 100644 --- a/source3/locking/locking.c +++ b/source3/locking/locking.c @@ -969,91 +969,6 @@ bool downgrade_share_oplock(struct share_mode_lock *lck, files_struct *fsp) return True; } -NTSTATUS downgrade_share_lease(struct smbd_server_connection *sconn, - struct share_mode_lock *lck, - const struct smb2_lease_key *key, - uint32_t new_lease_state, - struct share_mode_lease **_l) -{ - struct share_mode_data *d = lck->data; - struct share_mode_lease *l; - uint32_t i; - - *_l = NULL; - - for (i=0; inum_leases; i++) { - if (smb2_lease_equal(&sconn->client->connections->smb2.client.guid, -key, -&d->leases[i].client_guid, -&d->leases[i].lease_key)) { - break; - } - } - if (i == d->num_leases) { - DEBUG(10, ("lease not found\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - l = &d->leases[i]; - - if (!l->breaking) { - DBG_WARNING("Attempt to break from %"PRIu32" to %"PRIu32" - " - "but we're not in breaking state\n", - l->current_state, new_lease_state); -
Re: [Patch v7 21/22] CIFS: SMBD: Upper layer performs SMB read via RDMA write through memory registration
> They're basically the same concept, it's a subtle difference. > > FRMR = Fast Register Memory Region > FRWR = Fast Register Work Request > > The memory region is the mr itself, this is created early on. > > The work request is built when actually binding the physical > pages to the region, and setting the offset, length, etc, which > is what's happening in the routine that I made the comment on. > > So, for this discussion I chose to say FRWR. Sorry for any > confusion! Ah, thanks! Confusion resolved:-) metze signature.asc Description: OpenPGP digital signature
Re: [Patch v7 21/22] CIFS: SMBD: Upper layer performs SMB read via RDMA write through memory registration
Hi Tom, >> I just tested that setting: >> >> mr->iova &= (PAGE_SIZE - 1); >> mr->iova |= 0x; >> >> after the ib_map_mr_sg() and before doing the IB_WR_REG_MR, seems to >> work. > > Good! As you know, we were concerned about it after seeing that > the ib_dma_map_sg() code was unconditionally setting it to the > dma_mapped address. By salting those 's with varying data, > this should give your FRWR regions stronger integrity in addition > to not leaking kernel "addresses" to the wire. Just wondering... Isn't the thing we use called FRMR? metze signature.asc Description: OpenPGP digital signature
Re: [Patch v7 21/22] CIFS: SMBD: Upper layer performs SMB read via RDMA write through memory registration
Hi, >> + req->Channel = SMB2_CHANNEL_RDMA_V1_INVALIDATE; >> + if (need_invalidate) >> + req->Channel = SMB2_CHANNEL_RDMA_V1; >> + req->ReadChannelInfoOffset = >> + offsetof(struct smb2_read_plain_req, Buffer); >> + req->ReadChannelInfoLength = >> + sizeof(struct smbd_buffer_descriptor_v1); >> + v1 = (struct smbd_buffer_descriptor_v1 *) &req->Buffer[0]; >> + v1->offset = rdata->mr->mr->iova; > > It's unnecessary, and possibly leaking kernel information, to use > the IOVA as the offset of a memory region which is registered using > an FRWR. Because such regions are based on the exact bytes targeted > by the memory handle, the offset can be set to any value, typically > zero, but nearly arbitrary. As long as the (offset + length) does > not wrap or otherwise overflow, offset can be set to anything > convenient. > > Since SMB reads and writes range up to 8MB, I'd suggest zeroing the > least significant 23 bits, which should guarantee it. The other 41 > bits, party on. You could randomize them, pass some clever identifier > such as MID sequence, whatever. I just tested that setting: mr->iova &= (PAGE_SIZE - 1); mr->iova |= 0x; after the ib_map_mr_sg() and before doing the IB_WR_REG_MR, seems to work. metze signature.asc Description: OpenPGP digital signature
[SCM] Samba Shared Repository - branch v4-7-test updated
The branch, v4-7-test has been updated via dccaea5 krb5-samba: interdomain trust uses different salt principal via b31ba49 testprogs/blackbox: let test_trust_user_account.sh check the correct kerberos salt via 5f89783 testprogs/blackbox: add testit[_expect_failure]_grep() to subunit.sh via fab6d42 samba-tool: add virtualKerberosSalt attribute to 'user getpassword/syncpasswords' via f7b9267 s4:selftest: test kinit with the interdomain trust user account via 38d7e58 libds: rename UF_MACHINE_ACCOUNT_MASK to UF_TRUST_ACCOUNT_MASK via 17ed5e0 vfs_fruit: Don't unlink the main file via 3d8fdc3 torture: Make sure that fruit_ftruncate only unlinks streams via 0e8298e s3:smbd: add a comment stating that file_close_user() is redundant for SMB2 via b7c659a s3:smbd: let session logoff close files and tcons before deleting the session via 5125304 s3:smbd: reorder tcon global record deletion and closing files of a tcon via 6a179a5 selftest: add a durable handle test with delayed disconnect via 34b4b5b s4:selftest: reformat smb2_s3only list via ada2165 vfs_delay_inject: adding delay to VFS calls via fc3d25b s4:rpc_server/netlogon: don't treet trusted domains as primary in LogonGetDomainInfo() via f77ea35 s4:rpc_server/netlogon: make use of talloc_zero_array() for the netr_OneDomainInfo array via f73ef35 s4:rpc_server/netlogon: use samdb_domain_guid()/dsdb_trust_local_tdo_info() to build our netr_OneDomainInfo values via ecffd79 s4:dsdb/common: add samdb_domain_guid() helper function via 14a2695 dsdb:util_trusts: add dsdb_trust_local_tdo_info() helper function via 467e6ae dsdb/util_trusts: domain_dn is an input parameter of dsdb_trust_crossref_tdo_info() via 8e81aa4 s4:torture/rpc/netlogon: verify the trusted domains output of LogonGetDomainInfo() via 435e096a s4:torture/rpc/netlogon: assert that cli_credentials_get_{workstation,password} don't return NULL via 592bdff smbd: Fix a memleak in async search ask sharemode via 8f1183d s3: util: Do not take over stderr when there is no log file from 1cdf976 s3: smbd: Ensure get_real_filename() copes with empty pathnames. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test - Log - commit dccaea50ce57d6718ffd937cc8b97b64c98c0e79 Author: Alexander Bokovoy Date: Fri Feb 16 18:15:28 2018 +0200 krb5-samba: interdomain trust uses different salt principal Salt principal for the interdomain trust is krbtgt/DOMAIN@REALM where DOMAIN is the sAMAccountName without the dollar sign ($) The salt principal for the BLA$ user object was generated wrong. dn: CN=bla.base,CN=System,DC=w4edom-l4,DC=base securityIdentifier: S-1-5-21-4053568372-2049667917-3384589010 trustDirection: 3 trustPartner: bla.base trustPosixOffset: -2147483648 trustType: 2 trustAttributes: 8 flatName: BLA dn: CN=BLA$,CN=Users,DC=w4edom-l4,DC=base userAccountControl: 2080 primaryGroupID: 513 objectSid: S-1-5-21-278041429-3399921908-1452754838-1597 accountExpires: 9223372036854775807 sAMAccountName: BLA$ sAMAccountType: 805306370 pwdLastSet: 131485652467995000 The salt stored by Windows in the package_PrimaryKerberosBlob (within supplementalCredentials) seems to be 'W4EDOM-L4.BASEkrbtgtBLA' for the above trust and Samba stores 'W4EDOM-L4.BASEBLA$'. While the salt used when building the keys from trustAuthOutgoing/trustAuthIncoming is 'W4EDOM-L4.BASEkrbtgtBLA.BASE', which we handle correct. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13539 Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Alexander Bokovoy Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Wed Sep 5 03:57:22 CEST 2018 on sn-devel-144 (cherry picked from commit f3e349bebc443133fdbe4e14b148ca8db8237060) Autobuild-User(v4-7-test): Stefan Metzmacher Autobuild-Date(v4-7-test): Wed Sep 5 18:44:46 CEST 2018 on sn-devel-144 commit b31ba498125995dcb67451e4cb28cc27f9e799ed Author: Stefan Metzmacher Date: Tue Sep 4 10:53:52 2018 +0200 testprogs/blackbox: let test_trust_user_account.sh check the correct kerberos salt This demonstrates the bug we currently have. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13539 Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett (cherry picked from commit 1b31fa62567ec549e32c9177b322cfbfb3b6ec1a) commit 5f8978321fea94bab94810bda4ea4b16928fd150 Author: Stefan Metzmacher Date: Tue Sep 4 10:38:44 2018 +0200 testprogs/blackbox: add testit[_e
[SCM] Samba Shared Repository - branch v4-8-test updated
The branch, v4-8-test has been updated via 3ea96a2 krb5-samba: interdomain trust uses different salt principal via d726535 testprogs/blackbox: let test_trust_user_account.sh check the correct kerberos salt via 04fee9e testprogs/blackbox: add testit[_expect_failure]_grep() to subunit.sh via e311e6e samba-tool: add virtualKerberosSalt attribute to 'user getpassword/syncpasswords' via 0534104 s4:selftest: test kinit with the interdomain trust user account via d39a80c libds: rename UF_MACHINE_ACCOUNT_MASK to UF_TRUST_ACCOUNT_MASK via 772600f vfs_fruit: Don't unlink the main file via 64a9107 torture: Make sure that fruit_ftruncate only unlinks streams via 37f8294 s3:smbd: add a comment stating that file_close_user() is redundant for SMB2 via 9fe8691 s3:smbd: let session logoff close files and tcons before deleting the session via d36fbe9 s3:smbd: reorder tcon global record deletion and closing files of a tcon via e667b17 selftest: add a durable handle test with delayed disconnect via 34eeed2 s4:selftest: reformat smb2_s3only list via 3304d86 vfs_delay_inject: adding delay to VFS calls via a2b04c3 s4:rpc_server/netlogon: don't treet trusted domains as primary in LogonGetDomainInfo() via 73e383f s4:rpc_server/netlogon: make use of talloc_zero_array() for the netr_OneDomainInfo array via 2e7e58a s4:rpc_server/netlogon: use samdb_domain_guid()/dsdb_trust_local_tdo_info() to build our netr_OneDomainInfo values via e7b4313 s4:dsdb/common: add samdb_domain_guid() helper function via 66a0554 dsdb:util_trusts: add dsdb_trust_local_tdo_info() helper function via 96ae85b dsdb/util_trusts: domain_dn is an input parameter of dsdb_trust_crossref_tdo_info() via b7bd12d s4:torture/rpc/netlogon: verify the trusted domains output of LogonGetDomainInfo() via 7276bdb s4:torture/rpc/netlogon: assert that cli_credentials_get_{workstation,password} don't return NULL via 91a5d38 smbd: Fix a memleak in async search ask sharemode via 8385a0c ctdb-daemon: Log complete eventd startup command via f3a2f0b ctdb-daemon: Do not retry connection to eventd via 0f342d4 ctdb-daemon: Wait for eventd to be ready before connecting via eb3d91e ctdb-daemon: Open eventd pipe earlier via a4021fb ctdb-daemon: Improve error handling consistency via ae515ea ctdb-event: Add support to eventd for the startup notification FD via 0e50da4 ctdb-common: Add support for sock daemon to notify of successful startup via b53eb6f s3: util: Do not take over stderr when there is no log file from 1b01025 s3: smbd: Ensure get_real_filename() copes with empty pathnames. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-test - Log - commit 3ea96a259258e286284c65e840148b6a7d57a5a8 Author: Alexander Bokovoy Date: Fri Feb 16 18:15:28 2018 +0200 krb5-samba: interdomain trust uses different salt principal Salt principal for the interdomain trust is krbtgt/DOMAIN@REALM where DOMAIN is the sAMAccountName without the dollar sign ($) The salt principal for the BLA$ user object was generated wrong. dn: CN=bla.base,CN=System,DC=w4edom-l4,DC=base securityIdentifier: S-1-5-21-4053568372-2049667917-3384589010 trustDirection: 3 trustPartner: bla.base trustPosixOffset: -2147483648 trustType: 2 trustAttributes: 8 flatName: BLA dn: CN=BLA$,CN=Users,DC=w4edom-l4,DC=base userAccountControl: 2080 primaryGroupID: 513 objectSid: S-1-5-21-278041429-3399921908-1452754838-1597 accountExpires: 9223372036854775807 sAMAccountName: BLA$ sAMAccountType: 805306370 pwdLastSet: 131485652467995000 The salt stored by Windows in the package_PrimaryKerberosBlob (within supplementalCredentials) seems to be 'W4EDOM-L4.BASEkrbtgtBLA' for the above trust and Samba stores 'W4EDOM-L4.BASEBLA$'. While the salt used when building the keys from trustAuthOutgoing/trustAuthIncoming is 'W4EDOM-L4.BASEkrbtgtBLA.BASE', which we handle correct. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13539 Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Alexander Bokovoy Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Wed Sep 5 03:57:22 CEST 2018 on sn-devel-144 (cherry picked from commit f3e349bebc443133fdbe4e14b148ca8db8237060) Autobuild-User(v4-8-test): Stefan Metzmacher Autobuild-Date(v4-8-test): Wed Sep 5 18:32:05 CEST 2018 on sn-devel-144 commit d726535d61c6c8ac52e387d500841d6bf967186d Author: Stefan Metzmacher Date: Tue
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 7356e81 s3:vfs: fix valgrind warning in SMB_VFS_{PREAD,PWRITE,FSYNC}_RECV() from c86f6c2 s4: torture: Ensure we close the handle on the correct tree-id. https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7356e814dfd3921e465a16cfe4b7998bc6f92dd1 Author: Stefan Metzmacher Date: Wed Aug 29 04:24:46 2018 +0200 s3:vfs: fix valgrind warning in SMB_VFS_{PREAD,PWRITE,FSYNC}_RECV() tevent_req_received() destroys 'state', so we need helper variables to hold the return value. Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Tue Sep 4 10:45:10 CEST 2018 on sn-devel-144 --- Summary of changes: source3/smbd/vfs.c | 12 +--- 1 file changed, 9 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c index 2687e35..a6c49cf 100644 --- a/source3/smbd/vfs.c +++ b/source3/smbd/vfs.c @@ -2579,14 +2579,16 @@ ssize_t SMB_VFS_PREAD_RECV(struct tevent_req *req, { struct smb_vfs_call_pread_state *state = tevent_req_data( req, struct smb_vfs_call_pread_state); + ssize_t retval; if (tevent_req_is_unix_error(req, &vfs_aio_state->error)) { tevent_req_received(req); return -1; } *vfs_aio_state = state->vfs_aio_state; + retval = state->retval; tevent_req_received(req); - return state->retval; + return retval; } ssize_t smb_vfs_call_pwrite(struct vfs_handle_struct *handle, @@ -2653,14 +2655,16 @@ ssize_t SMB_VFS_PWRITE_RECV(struct tevent_req *req, { struct smb_vfs_call_pwrite_state *state = tevent_req_data( req, struct smb_vfs_call_pwrite_state); + ssize_t retval; if (tevent_req_is_unix_error(req, &vfs_aio_state->error)) { tevent_req_received(req); return -1; } *vfs_aio_state = state->vfs_aio_state; + retval = state->retval; tevent_req_received(req); - return state->retval; + return retval; } off_t smb_vfs_call_lseek(struct vfs_handle_struct *handle, @@ -2748,14 +2752,16 @@ int SMB_VFS_FSYNC_RECV(struct tevent_req *req, struct vfs_aio_state *vfs_aio_sta { struct smb_vfs_call_fsync_state *state = tevent_req_data( req, struct smb_vfs_call_fsync_state); + ssize_t retval; if (tevent_req_is_unix_error(req, &vfs_aio_state->error)) { tevent_req_received(req); return -1; } *vfs_aio_state = state->vfs_aio_state; + retval = state->retval; tevent_req_received(req); - return state->retval; + return retval; } /* -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-9-stable updated
The branch, v4-9-stable has been updated via ba2ef7f VERISON: Disable GIT_SNAPSHOT for 4.9.0rc3 release. via 6f1fdf9 WHATSNEW: Add release notes for Samba 4.9.0rc3. via bf3bb82 libsmb: Fix CID 1438243 Unchecked return value via 601eb6b libsmb: Fix CID 1438244 Unsigned compared against 0 via 33c7d3c smbd: Fix CID 1438245 Dereference before null check via 0eaef7e smbd: Fix CID 1438246 Unchecked return value via e30cf1a smbd: Align integer types via 2d5c574 ctdb: add expiry test for ctdb_mutex_ceph_rados_helper via 37b4e0b ctdb_mutex_ceph_rados_helper: fix deadlock via lock renewals via 2849d57 ctdb_mutex_ceph_rados_helper: rename timer_ev to ppid_timer_ev via 5f3548b ctdb_mutex_ceph_rados_helper: use talloc destructor for cleanup via eae828b ctdb_mutex_ceph_rados_helper: Set SIGINT signal handler via 609109d ctdb/build: link ctdb_mutex_ceph_rados_helper against ceph-common via b09fdd0 s3: tests: smbclient. Regression test to ensure we get NT_STATUS_DIRECTORY_NOT_EMPTY on rmdir. via 921a5bb s4/torture: Add new test for DELETE_ON_CLOSE on non-empty directories via 81b0d5c s3/libsmb: Explicitly set delete_on_close token for rmdir via 7ed470b cracknames: Fix DoS (NULL pointer de-ref) when not servicePrincipalName is set on a user via 4a2880b libsmb: Harden smbc_readdir_internal() against returns from malicious servers. via 61e34a2 libsmb: Ensure smbc_urlencode() can't overwrite passed in buffer. via 4897bf3 CVE-2018-10919 tests: Add extra test for dirsync deleted object corner-case via 52b5ed8 CVE-2018-10919 acl_read: Fix unauthorized attribute access via searches via a5cd47d CVE-2018-10919 acl_read: Flip the logic in the dirsync check via 4c201d0 CVE-2018-10919 acl_read: Small refactor to aclread_callback() via 0395055 CVE-2018-10919 acl_read: Split access_mask logic out into helper function via 605a7f3 CVE-2018-10919 security: Fix checking of object-specific CONTROL_ACCESS rights via 9c9f50b CVE-2018-10919 tests: test ldap searches for non-existent attributes. via e2574d0 CVE-2018-10919 tests: Add test case for object visibility with limited rights via 10a2c8d CVE-2018-10919 tests: Add tests for guessing confidential attributes via 17b7206 CVE-2018-10919 security: Add more comments to the object-specific access checks via 5bcbf5a CVE-2018-10919 security: Move object-specific access checks into separate function via 164766b CVE-2018-1140 dns: Add a test to trigger the LDB casefolding issue on invalid chars via e2d6ad5 Release LDB 1.4.2 for CVE-2018-1140 via bf988ac CVE-2018-1140 ldb: Add tests for search add and rename with a bad dn= DN via dc2898f CVE-2018-1140 ldb_tdb: Check for DN validity in add, rename and search via 8fed2cc CVE-2018-1140 ldb_tdb: Ensure the dn in distinguishedName= is valid before use via 504cff7 CVE-2018-1140 ldb: Check for ldb_dn_get_casefold() failure in ldb_sqlite via 31a001f CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in ltdb_index_dn_attr() via 3e89172 CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it is disabled via "ntlm auth". via e2b2c00 CVE-2018-1139 selftest: verify whether ntlmv1 can be used via SMB1 when it is disabled. via 48f5dbd CVE-2018-1139 s3-utils: use enum ntlm_auth_level in ntlm_password_check(). via d171f8d CVE-2018-1139 libcli/auth: fix debug messages in hash_password_check() via 3579ac4 CVE-2018-1139 libcli/auth: Add initial tests for ntlm_password_check() via 7751937 s3/smbd: Ensure quota code is only called when quota support detected via 31e07eb Shorten description in vfs_linux_xfs_sgid manual via 1a0d142 s3:waf: Install eventlogadm to /usr/sbin via b1558f1 systemd: Only start smb when network interfaces are up via 39dc0db ctdb-eventd: Fix CID 1438155 via ec22496 ctdb: Fix a cut&paste error via b0c0a19 s3/utils: fix regression where specifying -Unetbios/root works via 134f17c s3/smbd: allow set quota for non root user (when built with --enable-selftest) via 951722d s3/script/tests: Add simple (smb1 & smb2) get/set/list tests for smbcquotas via a9d0df4 s3/script/test: modify existing smbcquota test to use SMB2 in addition to SMB1. via b65c3de s3/smbd: smb2 server implementation for query get/set info. via 046d3a3 s3/smbd: adjust smb1 server to use idl structs and generated ndr push/pull funcs via bdfcecc s3/libsmb: adjust smb2 code for new idl structs & generated ndr push/pull funcs. via 0ccd34a s3/libsmb: adjust smb1 cli code to use idl structs and ndr push/pull funcs. via 59bb7dd librpc/idl Add some query [getset]info quota related structures
[SCM] Samba Shared Repository - annotated tag ldb-1.3.6 created
The annotated tag, ldb-1.3.6 has been created at 2c866ba7a203f49983aadb7f2880c0475fb22daf (tag) tagging 6b37dea927f4bfc98919282215004def7891687b (commit) replaces samba-4.8.4 tagged by Stefan Metzmacher on Thu Aug 23 15:52:44 2018 +0200 - Log - ldb: tag release ldb-1.3.6 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlt+vCwACgkQR5ORYRMI QCWZNQgAqHW5rHg3atFgTSCZPrK7N2yJOPQ+85wSxt0lOQEXMbc6DGIWMynUssmE 3VBr3a4OzBza1Q6xECOBPlcbTeuJAcIDJZRSvNaNVBQpWm1YRXpkTYYjWNQUiV2O K38UFRo2MIIeUc2S74sz6HPLglvIQb1A/v3rR+rGF8vJdm3PIe9QAGJ2a83xeisj qgpY2oc2/z4bBWnjEOk6rwSelNb3iDORS231iTrMF9+UzwDbDDZ6I6+fFGCgw1b/ TGQwoz1nz1yAiIvJiId9zkMYPcc46D1L8HIwjqU6Ci6Hk0VuBmaLDgVcrROEc3p7 UjEktVKUJsL3YLlNYEHPWgaVZ55QEw== =feam -END PGP SIGNATURE- Alexander Bokovoy (2): tests/auth_log: Permit SMB2 service description if empty binding is used for kerberos authentication samba-tool trust: support discovery via netr_GetDcName Amitay Isaacs (16): replace: Add test for sin6_len in sockaddr_in6 structure ctdb-common: Use sin6_len only if the structure supports it ctdb: Fix build on AIX tdb: Fix build on AIX ctdb-common: Use correct return type for tevent_queue_add_entry wafsamba: Add strict option to CHECK_CODE wafsamba: Be strict when checking __attribute__ features socket_wrapper: Be strict when checking __attribute__ features nss_wrapper: Be strict when checking __attribute__ features pam_wrapper: Be strict when checking __attribute__ features resolv_wrapper: Be strict when checking __attribute__ features uid_wrapper: Be strict when checking __attribute__ features socket_wrapper: Add missing dependency on tirpc ctdb-pmda: Use modified API in pcp library 4.0 ctdb-tests: Avoid segfault by initializing logging ctdb-tests: Avoid segfault by initializing logging Andreas Schneider (4): krb5_plugin: Install plugins to krb5 modules dir krb5_plugin: Move krb5 locator plugin to krb5_plugin subdir docs: Move winbind_krb5_locator manpage to volume 8 docs: Add manpage for winbind_krb5_localauth.8 Andrew Bartlett (3): ldb: Refuse to build Samba against a newer minor version of ldb ldb: Fix missing NULL terminator in ldb_mod_op_test testsuite ldb: Release LDB 1.3.6 Anoop C S (2): s3/libsmb: Explicitly set delete_on_close token for rmdir s4/torture: Add new test for DELETE_ON_CLOSE on non-empty directories Bailey Berro (1): libsmbclient: Initialize written in cli_splice_fallback() David Disseldorp (7): vfs_ceph: don't lie about flock support docs/vfs_ceph: add CTDB_SAMBA_SKIP_SHARE_CHECK=yes caveat ctdb/build: link ctdb_mutex_ceph_rados_helper against ceph-common ctdb_mutex_ceph_rados_helper: use talloc destructor for cleanup ctdb_mutex_ceph_rados_helper: rename timer_ev to ppid_timer_ev ctdb_mutex_ceph_rados_helper: fix deadlock via lock renewals ctdb: add expiry test for ctdb_mutex_ceph_rados_helper Gary Lockyer (2): dns wildcards: tests to confirm BUG 13536 dns wildcards: fix BUG 13536 Jeremy Allison (10): python: pysmbd: Additional error path leak fix. libsmbclient: Initialize written value before use. s3: torture: Test SMB1 cli_splice() fallback path when doing a non-full file splice. s3: libsmbclient: Fix cli_splice() fallback when reading less than a complete file. s3: smbd: Fix Linux sendfile() for SMB2. Ensure we don't spin on EAGAIN. s3: smbd: Fix Solaris sendfile() for SMB2. Ensure we don't spin on EAGAIN. s3: smbd: Fix HPUX sendfile() for SMB2. Ensure we don't spin on EAGAIN. s3: smbd: Fix FreeBSD sendfile() for SMB2. Ensure we don't spin on EAGAIN. s3: smbd: Fix AIX sendfile() for SMB2. Ensure we don't spin on EAGAIN. s3: tests: smbclient. Regression test to ensure we get NT_STATUS_DIRECTORY_NOT_EMPTY on rmdir. Justin Stephenson (2): s3:client: Add --quiet option to smbclient s3:tests: Add test for smbclient --quiet Karolin Seeger (3): VERSION: Bump version up to 4.8.4... Merge tag 'samba-4.8.4' into v4-8-test VERSION: Bump version up to 4.8.5. Martin Schwenke (7): ctdb-client: Fix typo where CTDB_BROADCAST_ALL is repeated ctdb-tests: Add check for non-lmaster node status in integration tests ctdb-tests: Add a simple test for database traverses ctdb-server: Rename CTDB_BROADCAST_VNNMAP -> CTDB_BROADCAST_ACTIVE ctdb-docs: Fix the documentation for VNN map ctdb-tests: Switch fake_ctdbd to use ctdb_get_peer_pid() ctdb-daemon: Only consider client ID for local database attach Noel Power (13): s3/lib: Fix misleading typo in debug message s3/libsmb: Avoid potential smbpanic calling parse_user_quota_list.
[SCM] Samba Shared Repository - annotated tag ldb-1.5.1 created
The annotated tag, ldb-1.5.1 has been created at 46e75c1db906219c5b53f67d2ee5d88521b4f732 (tag) tagging bdbb9422c0430d74c3173822257e23a9dfb2713e (commit) replaces ldb-1.5.0 tagged by Stefan Metzmacher on Thu Aug 16 10:44:25 2018 +0200 - Log - ldb: tag release ldb-1.5.1 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlt1OWkACgkQR5ORYRMI QCUPSQf/R5JPqOfkhfXuNaG69HFHzhuZ2KutZVoCYDnT9S/n53TfDJ6HowOoxYNp Ni9H5i63CncdWr0+Zc5TAb5mAQ+9lCnT5EDvZY77dvAsgmGeSstPslt/WFNBtzIm VJx4i7DJECR3VNalAY+PsfaLqiqsb/USw/Sqs4JLhOxxOLclHjIhcdIPWwFPXNg4 1XfM44yHE60kAYUcnngbswJhZ4tlWmxqXzqz6+wk5TYW0LBcNEwHOQisLB8TOVc6 ELpCzKb4oDadyMGC3ybd4etW1EHd1cdFqvRipQAcXcVtWLKoKXgXhq43ySHuRPJl nYty0+1nBSWXvwClqUMRmPEUtQNMFQ== =FOjL -END PGP SIGNATURE- Andreas Schneider (1): s3:libads: Free addr before we free the context Andrej Gessel (2): fix mem leak in ltdb_index_dn_base_dn and ltdb_search_indexed fix mem leak in ldbsearch Andrew Bartlett (5): cracknames: Fix DoS (NULL pointer de-ref) when not servicePrincipalName is set on a user ldb_tdb: Remove pointless check of ldb_dn_is_valid() ldb: Add new function ldb_dn_add_child_val() ldb: extend API tests ldb: Release LDB 1.5.1 Gary Lockyer (1): CVE-2018-10919 tests: test ldap searches for non-existent attributes. Jeremy Allison (2): libsmb: Ensure smbc_urlencode() can't overwrite passed in buffer. libsmb: Harden smbc_readdir_internal() against returns from malicious servers. Joe Guo (1): ldb: no need to call del_transaction in ldb_transaction_commit Kai Blin (1): CVE-2018-1140 dns: Add a test to trigger the LDB casefolding issue on invalid chars Tim Beale (10): CVE-2018-10919 security: Move object-specific access checks into separate function CVE-2018-10919 security: Add more comments to the object-specific access checks CVE-2018-10919 tests: Add tests for guessing confidential attributes CVE-2018-10919 tests: Add test case for object visibility with limited rights CVE-2018-10919 security: Fix checking of object-specific CONTROL_ACCESS rights CVE-2018-10919 acl_read: Split access_mask logic out into helper function CVE-2018-10919 acl_read: Small refactor to aclread_callback() CVE-2018-10919 acl_read: Flip the logic in the dirsync check CVE-2018-10919 acl_read: Fix unauthorized attribute access via searches CVE-2018-10919 tests: Add extra test for dirsync deleted object corner-case Timur I. Bakeyev (1): ldb tests: fix assertion on wrong pointer --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag ldb-1.4.2 created
The annotated tag, ldb-1.4.2 has been created at 826a35bd813bc4a830ae1ecefe145d379bda0c39 (tag) tagging e2d6ad5147e0bf5869e94eb60c49c385e91eba5d (commit) replaces samba-4.9.0rc2 tagged by Stefan Metzmacher on Tue Aug 14 21:25:13 2018 +0200 - Log - ldb: tag release ldb-1.4.2 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAltzLJkACgkQR5ORYRMI QCXOfwf/VbfN80BCJW0nCaed1cm2ndqViv6oqhivKiJT0p0UgRtVNiGOqhZXAhq0 Up3x9ckRZhQHflUo/L5zOG/BLWJh6nWCDesVPOofpYoaI0T02soImmF2naFsXUrR e6JHItyTw6dUDFY1I1vZzuBYb+GthuZfIHnbtCjuHqrUrhZS3YubJphNuD+dHNuS mG2U7TkfZvyI1DlP+QHIWyWuzxCEP7b4vMyhsOZVOabxuhRK/rUVhNak19yNeE3I /4PYK3QoOzZgKH6hTTSSPfytLkAA3IeDirgf4bDFovA5xOair7aiU17G3UNSg8gu l24fMK2shap8Ao8HKWgSl6gQWzzUZQ== =Dlfg -END PGP SIGNATURE- Amitay Isaacs (1): ctdb-eventd: Fix CID 1438155 Andreas Schneider (1): s3:waf: Install eventlogadm to /usr/sbin Andrej Gessel (1): CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in ltdb_index_dn_attr() Andrew Bartlett (6): CVE-2018-1139 libcli/auth: Add initial tests for ntlm_password_check() CVE-2018-1140 ldb: Check for ldb_dn_get_casefold() failure in ldb_sqlite CVE-2018-1140 ldb_tdb: Ensure the dn in distinguishedName= is valid before use CVE-2018-1140 ldb_tdb: Check for DN validity in add, rename and search CVE-2018-1140 ldb: Add tests for search add and rename with a bad dn= DN Release LDB 1.4.2 for CVE-2018-1140 Günther Deschner (5): s3-tldap: do not install test_tldap CVE-2018-1139 libcli/auth: fix debug messages in hash_password_check() CVE-2018-1139 s3-utils: use enum ntlm_auth_level in ntlm_password_check(). CVE-2018-1139 selftest: verify whether ntlmv1 can be used via SMB1 when it is disabled. CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it is disabled via "ntlm auth". Justin Stephenson (1): Shorten description in vfs_linux_xfs_sgid manual Karolin Seeger (1): VERSION: Bump version up to 4.9.0rc3... Noel Power (13): s3/lib: Fix misleading typo in debug message s3/libsmb: Avoid potential smbpanic calling parse_user_quota_list. s3/smbd: Don't stat when doing a quota operation (as it's a fake file) librpc/idl Add some query [getset]info quota related structures s3/libsmb: adjust smb1 cli code to use idl structs and ndr push/pull funcs. s3/libsmb: adjust smb2 code for new idl structs & generated ndr push/pull funcs. s3/smbd: adjust smb1 server to use idl structs and generated ndr push/pull funcs s3/smbd: smb2 server implementation for query get/set info. s3/script/test: modify existing smbcquota test to use SMB2 in addition to SMB1. s3/script/tests: Add simple (smb1 & smb2) get/set/list tests for smbcquotas s3/smbd: allow set quota for non root user (when built with --enable-selftest) s3/utils: fix regression where specifying -Unetbios/root works s3/smbd: Ensure quota code is only called when quota support detected Oleksandr Natalenko (1): systemd: Only start smb when network interfaces are up Volker Lendecke (1): ctdb: Fix a cut&paste error --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via bf3bb82 libsmb: Fix CID 1438243 Unchecked return value via 601eb6b libsmb: Fix CID 1438244 Unsigned compared against 0 via 33c7d3c smbd: Fix CID 1438245 Dereference before null check via 0eaef7e smbd: Fix CID 1438246 Unchecked return value via e30cf1a smbd: Align integer types via 2d5c574 ctdb: add expiry test for ctdb_mutex_ceph_rados_helper via 37b4e0b ctdb_mutex_ceph_rados_helper: fix deadlock via lock renewals via 2849d57 ctdb_mutex_ceph_rados_helper: rename timer_ev to ppid_timer_ev via 5f3548b ctdb_mutex_ceph_rados_helper: use talloc destructor for cleanup via eae828b ctdb_mutex_ceph_rados_helper: Set SIGINT signal handler via 609109d ctdb/build: link ctdb_mutex_ceph_rados_helper against ceph-common via b09fdd0 s3: tests: smbclient. Regression test to ensure we get NT_STATUS_DIRECTORY_NOT_EMPTY on rmdir. via 921a5bb s4/torture: Add new test for DELETE_ON_CLOSE on non-empty directories via 81b0d5c s3/libsmb: Explicitly set delete_on_close token for rmdir via 7ed470b cracknames: Fix DoS (NULL pointer de-ref) when not servicePrincipalName is set on a user via 4a2880b libsmb: Harden smbc_readdir_internal() against returns from malicious servers. via 61e34a2 libsmb: Ensure smbc_urlencode() can't overwrite passed in buffer. via 4897bf3 CVE-2018-10919 tests: Add extra test for dirsync deleted object corner-case via 52b5ed8 CVE-2018-10919 acl_read: Fix unauthorized attribute access via searches via a5cd47d CVE-2018-10919 acl_read: Flip the logic in the dirsync check via 4c201d0 CVE-2018-10919 acl_read: Small refactor to aclread_callback() via 0395055 CVE-2018-10919 acl_read: Split access_mask logic out into helper function via 605a7f3 CVE-2018-10919 security: Fix checking of object-specific CONTROL_ACCESS rights via 9c9f50b CVE-2018-10919 tests: test ldap searches for non-existent attributes. via e2574d0 CVE-2018-10919 tests: Add test case for object visibility with limited rights via 10a2c8d CVE-2018-10919 tests: Add tests for guessing confidential attributes via 17b7206 CVE-2018-10919 security: Add more comments to the object-specific access checks via 5bcbf5a CVE-2018-10919 security: Move object-specific access checks into separate function via 164766b CVE-2018-1140 dns: Add a test to trigger the LDB casefolding issue on invalid chars via e2d6ad5 Release LDB 1.4.2 for CVE-2018-1140 via bf988ac CVE-2018-1140 ldb: Add tests for search add and rename with a bad dn= DN via dc2898f CVE-2018-1140 ldb_tdb: Check for DN validity in add, rename and search via 8fed2cc CVE-2018-1140 ldb_tdb: Ensure the dn in distinguishedName= is valid before use via 504cff7 CVE-2018-1140 ldb: Check for ldb_dn_get_casefold() failure in ldb_sqlite via 31a001f CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in ltdb_index_dn_attr() via 3e89172 CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it is disabled via "ntlm auth". via e2b2c00 CVE-2018-1139 selftest: verify whether ntlmv1 can be used via SMB1 when it is disabled. via 48f5dbd CVE-2018-1139 s3-utils: use enum ntlm_auth_level in ntlm_password_check(). via d171f8d CVE-2018-1139 libcli/auth: fix debug messages in hash_password_check() via 3579ac4 CVE-2018-1139 libcli/auth: Add initial tests for ntlm_password_check() from 7751937 s3/smbd: Ensure quota code is only called when quota support detected https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit bf3bb82d8a7e31950f01a3508787a8e6951ea9a4 Author: Volker Lendecke Date: Wed Aug 8 10:14:26 2018 +0200 libsmb: Fix CID 1438243 Unchecked return value BUG: https://bugzilla.samba.org/show_bug.cgi?id=13553 Signed-off-by: Volker Lendecke Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Wed Aug 8 23:10:22 CEST 2018 on sn-devel-144 Autobuild-User(v4-9-test): Stefan Metzmacher Autobuild-Date(v4-9-test): Tue Aug 14 20:49:09 CEST 2018 on sn-devel-144 commit 601eb6bc3fa5b44841bdbc31f31c42f21feb0982 Author: Volker Lendecke Date: Wed Aug 8 10:08:38 2018 +0200 libsmb: Fix CID 1438244 Unsigned compared against 0 ndr_size_dom_sid returns a size_t, so that can't be <0. Also, the only case that ndr_size_dom_sid returns 0 is a NULL sid pointer. ndr_size_dom_sid can reasonably be assumed to not overflow, the number of sub-auths is a uint8. That times 4 plus 8 always fits into a size_t. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13553 Signed-off-by: Volker Lendecke Reviewed-by:
[SCM] Samba Shared Repository - annotated tag ldb-1.5.0 created
The annotated tag, ldb-1.5.0 has been created at 505c6917218418b34bff8567126552e58e0c2e49 (tag) tagging b7f0ee93f58e663bb8fc0b39985aa49b254582d9 (commit) replaces samba-4.9.0rc1 tagged by Stefan Metzmacher on Tue Aug 14 17:34:50 2018 +0200 - Log - ldb: tag release ldb-1.5.0 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlty9poACgkQR5ORYRMI QCUtxQf/dOtUFhflHWWWrnrKaJbbGQ8DMF+ZO/JDEgGA1T6KgZsFZ3mxFEcbiOHN X+qfvL/+iZuOXs0umc6kHXOowFT7zOs1FqGvGwOY2kgYaShj9eFkMjqy32Xg2N1p 5+N4wm+8+G9A/A1wkmvmAgYiaHtO1y9azb1XLGj2ijYiT9yUXYAtviZdBDbwenlq oK46GZskRw8OtYj5N+9v+3+njAJ1o7cfocCrYuNQA+r3qu5YhiAvzQZtGrnnwtPu n4dkZ+TQRoFZHri19PnfhV7S8pwwe0zfkutKCji/EvCvkFLSqTVrRBWmevUQSGiS VwSL00NMdFjJZ1Esvx4lbEWejF9qHg== =TKe6 -END PGP SIGNATURE- Aaron Haslett (5): tdb: adding readonly locks mode to tdbbackup tool tdb: test for readonly locks mode on tdbbackup command netcmd: domain backup offline command netcmd: domain backup offline command - offline test with ldapcmp selftest: offline backup restore target Alexander Bokovoy (6): wafsamba/samba_abi: always hide ABI symbols which must be local s4-dns_server: Only build dns server Python code for AD DC s4-dsdb: only build dsdb Python modules for AD DC python/samba/tests: make sure samba.tests can be imported without SamDB tests/auth_log: Permit SMB2 service description if empty binding is used for kerberos authentication samba-tool trust: support discovery via netr_GetDcName Amitay Isaacs (27): popt: Check for headers only if building in-tree version popt: Add check for iconv library ctdb-tests: Add errno matching utility ctdb-tests: Add required_error() to match on error codes ctdb-common: Switch to ETIMEDOUT from ETIME ctdb-event: Switch to ETIMEDOUT instead of ETIME ctdb-daemon: Switch to using ETIMEDOUT instead of ETIME ctdb-client: Switch to ETIMEDOUT instead of ETIME ctdb-tests: Add ps output filter for freebsd ctdb-tests: Add signal code matching utility ctdb-tests: Use sigcode to match signals ctdb-tests: Porting tests should ignore unsupported features ctdb-common: Add line based I/O ctdb-protocol: Avoid fgets in ctdb_connection_list_read ctdb-common: Add fd argument to ctdb_connection_list_read() ctdb-tests: Do not try to match pstree output in eventd tests ctdb-tests: Simplify pattern matching for ctime output ctdb-scripts: date "+%N" is non-portable ctdb-tests: Use portable wc -c instead of stat -c "%s" ctdb-tests: Replace md5sum with posix cksum ctdb-tests: Use errcode to translate ETIMEDOUT ctdb-tests: Fix a typo ctdb-tests: Strip all spaces from od output ctdb-common: Fix the TCP packet length check ctdb-eventd: Fix CID 1438155 dlz-bind: Add support for BIND 9.12.x provision: Add support for BIND 9.12.x Andreas Schneider (11): s3:waf: Install eventlogadm to /usr/sbin lib: Add support to parse MS Catalog files wbinfo: Free memory when we leave wbinfo_dsgetdcname() s3:passdb: Don't leak memory on error in fetch_ldap_pw() s3:utils: Do not overflow the destination buffer in net_idmap_restore() s3:utils: Do not leak memory in new_user() s4:lib: Fix a possible fd leak in gp_get_file() s3:client: Avoid a possible fd leak in do_get() s3:libads: Fix memory leaks in ads_krb5_chg_password() s3:registry: Fix possible memory leak in _reg_perfcount_multi_sz_from_tdb() s3:winbind: Fix memory leak in nss_init() Andrej Gessel (1): CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in ltdb_index_dn_attr() Andrew Bartlett (7): autobuild: Test with and without building bundled popt CVE-2018-1139 libcli/auth: Add initial tests for ntlm_password_check() CVE-2018-1140 ldb: Check for ldb_dn_get_casefold() failure in ldb_sqlite CVE-2018-1140 ldb_tdb: Ensure the dn in distinguishedName= is valid before use CVE-2018-1140 ldb_tdb: Check for DN validity in add, rename and search CVE-2018-1140 ldb: Add tests for search add and rename with a bad dn= DN Release LDB 1.5.0 for CVE-2018-1140 Anoop C S (4): s3/locking: Fix assertion check on lock reference count s3/locking: Corrections and improvements to inline comments s3/libsmb: Explicitly set delete_on_close token for rmdir s4/torture: Add new test for DELETE_ON_CLOSE on non-empty directories Björn Jacke (1): docs: mention that the echo handler is for SMB1 only Christof Schmitt (1): selftest: Load time_audit and full_audit modules for all tests David Disseldorp (8): s3: torture: adjust SMB1 cli_splice() test sizes dbwrap: determine basename once instead of three times docs/kerneloplocks: drop I
[SCM] Samba Shared Repository - annotated tag ldb-1.3.5 created
The annotated tag, ldb-1.3.5 has been created at fe1a5a7a9f4589018ec7e1e3c943eb074e43cb41 (tag) tagging 5ad366eb3db510d7e2dd54a7a796180416dea315 (commit) replaces samba-4.8.3 tagged by Stefan Metzmacher on Tue Aug 14 10:54:14 2018 +0200 - Log - ldb: tag release ldb-1.3.5 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAltymLYACgkQR5ORYRMI QCV5AQf/WFx3qiDLXylbs5V+Nrw7SxECQGasy/cTZ1og6iNkL6jJpSoc3aX3/0fo 3k+XCnVbHYFCazzIpHb6C5qPREHWFcMvbH3m2vUwMdCqVsYgDGXVa55dQNMx99HH RZeWyFPfUJF4+ph4f1wJyGeqFSSlhxyHGQml07y6y9FGOav/79DRx3isx08rgIOo 9k9bcOtjxubQuC8/V7GNppDPyxblAydWe2IVb8LTjoSYQIBNfXB8lKWi575JkdJP 17K1aHjTAzGhuGoOcIQ+zz0jOzJtd4UHat4QKsa80s6OJcWmMPPjMqKnOU7ZgpHr kdbiK3s/ln2o4U79vh9OVcyJcOckSw== =OXOR -END PGP SIGNATURE- Andrej Gessel (1): CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in ltdb_index_dn_attr() Andrew Bartlett (7): CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when not servicePrincipalName is set on a user CVE-2018-1139 libcli/auth: Add initial tests for ntlm_password_check() CVE-2018-1140 ldb: Check for ldb_dn_get_casefold() failure in ldb_sqlite CVE-2018-1140 ldb_tdb: Ensure the dn in distinguishedName= is valid before use CVE-2018-1140 ldb_tdb: Check for DN validity in add, rename and search CVE-2018-1140 ldb: Add tests for search add and rename with a bad dn= DN ldb: Release LDB 1.3.5 for CVE-2018-1140 Douglas Bagnall (1): selftest/tests.py: remove always-needed, never-set with_cmocka flag Gary Lockyer (1): CVE-2018-10919 tests: test ldap searches for non-existent attributes. Günther Deschner (4): CVE-2018-1139 libcli/auth: fix debug messages in hash_password_check() CVE-2018-1139 s3-utils: use enum ntlm_auth_level in ntlm_password_check(). CVE-2018-1139 selftest: verify whether ntlmv1 can be used via SMB1 when it is disabled. CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it is disabled via "ntlm auth". Jeremy Allison (2): CVE-2018-10858: libsmb: Ensure smbc_urlencode() can't overwrite passed in buffer. CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against returns from malicious servers. Karolin Seeger (1): VERSION: Bump version up to 4.8.4... Tim Beale (10): CVE-2018-10919 security: Move object-specific access checks into separate function CVE-2018-10919 security: Add more comments to the object-specific access checks CVE-2018-10919 tests: Add tests for guessing confidential attributes CVE-2018-10919 tests: Add test case for object visibility with limited rights CVE-2018-10919 security: Fix checking of object-specific CONTROL_ACCESS rights CVE-2018-10919 acl_read: Split access_mask logic out into helper function CVE-2018-10919 acl_read: Small refactor to aclread_callback() CVE-2018-10919 acl_read: Flip the logic in the dirsync check CVE-2018-10919 acl_read: Fix unauthorized attribute access via searches CVE-2018-10919 tests: Add extra test for dirsync deleted object corner-case --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via 516a440 s3: vfs: bump to version 39, Samba 4.9 will ship with that from ef0cae1 VERSION: Bump version up to 4.9.0rc2... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit 516a440b156e7ec586256067427efbe99fd9bc1a Author: Ralph Boehme Date: Tue Mar 13 16:17:27 2018 +0100 s3: vfs: bump to version 39, Samba 4.9 will ship with that Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher (cherry picked from commit b2ae22a310c07da61ca5d57cba1b403851e928d9) Autobuild-User(v4-9-test): Stefan Metzmacher Autobuild-Date(v4-9-test): Thu Jul 26 21:24:08 CEST 2018 on sn-devel-144 --- Summary of changes: source3/include/vfs.h | 1 + 1 file changed, 1 insertion(+) Changeset truncated at 500 lines: diff --git a/source3/include/vfs.h b/source3/include/vfs.h index 4e5b787..8e2cbc3 100644 --- a/source3/include/vfs.h +++ b/source3/include/vfs.h @@ -245,6 +245,7 @@ /* Version 37 - Rename SMB_VFS_STRICT_LOCK to SMB_VFS_STRICT_LOCK_CHECK */ /* Version 38 - Remove SMB_VFS_INIT_SEARCH_OP */ +/* Bump to version 39, Samba 4.9 will ship with that */ /* Version 39 - Remove SMB_VFS_FSYNC Only implement async versions. */ /* Version 39 - Remove SMB_VFS_READ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 4e711d1 smbd: don't client->connections without checking client != NULL first in exit_server_common() from 5ab0b4a examples/VFS/skel_transparent: make vfs_fn_pointers static https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4e711d18c8e9953aca2ca64179c3d0b305a41c62 Author: Ralph Boehme Date: Wed Jul 25 20:02:23 2018 +0200 smbd: don't client->connections without checking client != NULL first in exit_server_common() exit_server_common() can be called also in smbd processes without a smbXsrv_client structure, e.g. the parent or some background tasks. Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Thu Jul 26 01:29:38 CEST 2018 on sn-devel-144 --- Summary of changes: source3/smbd/server_exit.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/server_exit.c b/source3/smbd/server_exit.c index 149cd86..cc8ea18 100644 --- a/source3/smbd/server_exit.c +++ b/source3/smbd/server_exit.c @@ -96,6 +96,7 @@ static void exit_server_common(enum server_exit_reason how, if (client != NULL) { sconn = client->sconn; + xconn = client->connections; } if (!exit_firsttime) @@ -108,7 +109,7 @@ static void exit_server_common(enum server_exit_reason how, /* * Here we typically have just one connection */ - for (xconn = client->connections; xconn != NULL; xconn = xconn_next) { + for (; xconn != NULL; xconn = xconn_next) { xconn_next = xconn->next; DLIST_REMOVE(client->connections, xconn); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 5ab0b4a examples/VFS/skel_transparent: make vfs_fn_pointers static via f37f8cc examples/VFS/skel_opaque: make vfs_fn_pointers static via 53d7822 examples/VFS/skel_opaque: fix a likely a copy/paste error via bd79564 s3:modules: add vfs_not_implemented module via cd37bad vfs_aio_pthread: use event context and threadpool from user_vfs_evg via 2dd95c1 s3: vfs: add user_vfs_evg to connection_struct via 1251a53 s3: vfs: add smb_vfs_ev_glue via 0c97226 smbd: introduce sconn->sync_thread_pool via 2be7518 smbd: rename sconn->pool to sconn->raw_thread_pool via 0e900d6 smbd: add missing DO_PROFILE_INC(disconnect) to smbd_server_connection_terminate_ex() via 8d4792e smbd: disconnect/destroy all connections before calling smbXsrv_session_logoff_all() via 9848727 smbd: only pass struct smbXsrv_client to smbXsrv_session_logoff_all() via 5cb94ca smbd: only pass struct smbXsrv_client to smb1srv_tcon_disconnect_all() via 3fd1a41 pthreadpool: add a missing include from a5e02f7 lib audit_logging: add _WARN_UNUSED_RESULT_ https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 5ab0b4af9edbd50c0c7747840f9b3aca9cb01da8 Author: Stefan Metzmacher Date: Wed Jul 25 12:30:37 2018 +0200 examples/VFS/skel_transparent: make vfs_fn_pointers static Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Wed Jul 25 20:44:12 CEST 2018 on sn-devel-144 commit f37f8cca3ba70db326caabc27397719bca6fcc68 Author: Ralph Boehme Date: Wed Jul 25 15:47:37 2018 +0200 examples/VFS/skel_opaque: make vfs_fn_pointers static Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit 53d78225ffd81e24fe00a013f7497851965c8171 Author: Ralph Boehme Date: Wed Jul 25 15:45:44 2018 +0200 examples/VFS/skel_opaque: fix a likely a copy/paste error This line was probably copied over from skel_transparent.c, remove it. Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit bd79564af10052e5b7bf4c446118b6eeb1b1e589 Author: Stefan Metzmacher Date: Wed Jul 25 12:26:05 2018 +0200 s3:modules: add vfs_not_implemented module This provides helper functions, which can be used by other modules, if they don't implement a specific function. Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit cd37badc02b3e56f974168b28447444cd54ee541 Author: Ralph Boehme Date: Fri Jul 13 16:48:19 2018 +0200 vfs_aio_pthread: use event context and threadpool from user_vfs_evg Or the root glue in case we're already root. Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Stefan Metzmacher Signed-off-by: Ralph Boehme commit 2dd95c1c38b9e1ce32d3d1081b6ec177910087a4 Author: Ralph Boehme Date: Thu Jul 5 13:09:53 2018 +0200 s3: vfs: add user_vfs_evg to connection_struct This will be used to in order to pass down the impersonation magic from the SMB layer through the SMB_VFS layer. This includes the following options: smbd:force sync user path safe threadpool smbd:force sync user chdir safe threadpool smbd:force sync root path safe threadpool smbd:force sync root chdir safe threadpool They can be used in order to test the non linux code path on linux, once we get code that makes full use of the new infrastructure. Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Stefan Metzmacher Signed-off-by: Ralph Boehme commit 1251a536df4b1df58d9ddacab03d3ebe6f4e5b60 Author: Ralph Boehme Date: Sun Jul 8 16:28:02 2018 +0200 s3: vfs: add smb_vfs_ev_glue This adds VFS helper functions and that work on a struct smb_vfs_ev_glue object which bundles two event contexts and a few threadpools. This will be used to streamline the use of impersonating wrappers in the SMB_VFS. Notice the verbose comments in source3/smbd/vfs.c. This will allow us to introduce path based async operations to the SMB_VFS layer. Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Stefan Metzmacher Signed-off-by: Ralph Boehme commit 0c97226356f2ba5f01a58d361371055caf11e2a7 Author: Stefan Metzmacher Date: Tue Jul 24 10:56:34 2018 +0200 smbd: introduce sconn->sync_thread_pool This just simulates a threadpool, but executes the job functions inline (blocking) in the main thread. This will be used to work arround some OS limitations, e.g. if per thread credentials or per thread working directory are not supported. Signed-off-by: Stefan Metzmacher Reviewed-by:
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 1e78cb5 s3: vfs: bump to version 40, Samba 4.10 will ship with that via b2ae22a s3: vfs: bump to version 39, Samba 4.9 will ship with that via 55097f7 s3: vfs: add missing tevent_req_received() to SMB_VFS_FSYNC_RECV() via d769e9e s3: vfs: add missing tevent_req_received() to SMB_VFS_PWRITE_RECV() via 83f01b0 s3: vfs: add missing tevent_req_received() to SMB_VFS_PREAD_RECV() via 27bb2cb vfs_default: fix async fsync idle/busy time profiling via 580ff20 s3: libsmb: use smb2cli_conn_max_trans_size() in cli_smb2_list() via 76c68bc s4: libcli/smb2: calculate correct credit charge for finds via 7d1de8b s3: lib/xattr_tdb: fix listing xattrs via 1bc92d1 vfs_default: call smb_vfs_assert_all_fns() via 42e99ec examples/VFS/skel_transparent: call smb_vfs_assert_all_fns() via 829fdf1 examples/VFS/skel_transparent: add missing durable handle functions via 68b8e5a examples/VFS/skel_transparent: add missing audit_file_fn via f9db9ae examples/VFS/skel_opaque: call smb_vfs_assert_all_fns() via d163353 examples/VFS/skel_opaque: add missing durable handle functions via b294c7c examples/VFS/skel_opaque: add missing audit_file_fn via 010bbe5 autobuild: add some basic tests for the all static build from 7d40f60 winbind: Move variable declarations close to their use https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1e78cb57f663fa3592655d9b8dfa25ae9a81ff7d Author: Ralph Boehme Date: Tue Mar 13 16:17:27 2018 +0100 s3: vfs: bump to version 40, Samba 4.10 will ship with that Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Wed Jul 25 03:23:44 CEST 2018 on sn-devel-144 commit b2ae22a310c07da61ca5d57cba1b403851e928d9 Author: Ralph Boehme Date: Tue Mar 13 16:17:27 2018 +0100 s3: vfs: bump to version 39, Samba 4.9 will ship with that Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit 55097f7d1d836471363011a8777224af0c772905 Author: Ralph Boehme Date: Thu Jul 12 14:44:40 2018 +0200 s3: vfs: add missing tevent_req_received() to SMB_VFS_FSYNC_RECV() Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit d769e9ea4087dc8e7224f440db6801e0a8a2d801 Author: Ralph Boehme Date: Thu Jul 12 14:44:27 2018 +0200 s3: vfs: add missing tevent_req_received() to SMB_VFS_PWRITE_RECV() Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit 83f01b0212cbdd9af88a46a8f1c5c27626e63537 Author: Ralph Boehme Date: Thu Jul 12 14:43:55 2018 +0200 s3: vfs: add missing tevent_req_received() to SMB_VFS_PREAD_RECV() Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit 27bb2cbc2ed6e5f3309a4abb1d7f74e3c4a21830 Author: Ralph Boehme Date: Wed Jun 20 10:54:04 2018 +0200 vfs_default: fix async fsync idle/busy time profiling Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit 580ff206431969dc2924d520053b956b7169ca07 Author: Ralph Boehme Date: Tue Mar 20 15:27:44 2018 +0100 s3: libsmb: use smb2cli_conn_max_trans_size() in cli_smb2_list() Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit 76c68bc20f06e3e6244ef1a6b0d4b43be8ebea42 Author: Ralph Boehme Date: Thu Mar 22 10:07:49 2018 +0100 s4: libcli/smb2: calculate correct credit charge for finds Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit 7d1de8bd48c0ea1e0ddd9f103d6fb1c7c3855c93 Author: Ralph Boehme Date: Thu Jun 28 21:47:54 2018 +0200 s3: lib/xattr_tdb: fix listing xattrs If there's no record in the xattr.tdb, dbwrap_fetch() will return NT_STATUS_NOT_FOUND. That should not result in an error in callers of xattr_tdb_load_attrs(). Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit 1bc92d1090cb26b66c84e46b76411e6481869866 Author: Stefan Metzmacher Date: Mon Jul 23 09:14:36 2018 +0200 vfs_default: call smb_vfs_assert_all_fns() This module needs to implement every call. Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit 42e99ec331dd667f145389683d7a0d8d310a8275 Author: Stefan Metzmacher Date: Mon Jul 23 09:02:52 2018 +0200 examples/VFS/skel_transparent: call smb_vfs_assert_all_fns() This template should always include all calls. Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit 829fdf10303fed8ed0e972cc2391bc88eebb3bb6 Author: Ralph Boehme Date: Tue Jul 24 22:03:01 2018 +0200 examples/VFS/skel_transparent: add missing durable handle functions Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher c
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3eee52b pthreadpool: allocate glue->tctx on glue as memory context. via 2575642 pthreadpool: maintain a global list of orphaned pthreadpool_tevent_jobs via fa070d9 pthreadpool: make use of pthreadpool_stop() in pthreadpool_tevent_destructor() via 791c051 pthreadpool: add pthreadpool_tevent_job_cancel() via 245d684 pthreadpool: split out pthreadpool_tevent_job from pthreadpool_tevent_job_state via cdbad90 pthreadpool: let pthreadpool_tevent_job_send() fail with an invalid pool via f19552e pthreadpool: split out a pthreadpool_stop() from pthreadpool_destroy() via 5976841 pthreadpool: don't process further jobs when shutting down via 4e54543 pthreadpool: add pthreadpool_cancel_job() via e4dfd3d pthreadpool: add pthreadpool_tevent_max_threads() and pthreadpool_tevent_queued_jobs() via 505d298 pthreadpool: add pthreadpool_max_threads() and pthreadpool_queued_jobs() helpers via 76474a6 pthreadpool: expand test_create() to check unlimited, sync and one thread pool via f1dac71 pthreadpool: fix helgrind error in pthreadpool_free() via c9f54db pthreadpool: use talloc_zero() in tests_cmocka.c setup_pthreadpool_tevent() via e45d33e pthreadpool: use strict sync processing only with max_threads=0 via 03830a3 pthreadpool: consitently use unlock_res for pthread_mutex_unlock() in pthreadpool_add_job() via 65faef9 s3:messages: explicitly use max_thread=unlimited for pthreadpool_tevent_init() in messaging_dgm_init() via 53a9f3c pthreadpool: explicitly use max_thread=unlimited for pthreadpool_tevent_init() tests via 5e723bc pthreadpool: use unsigned for num_idle, num_threads and max_threads via 19e4a08 pthreadpool: correctly handle pthreadpool_tevent_register_ev() failures via c310647 smbd: remove unused change_to_root_user() from brl_timeout_fn() via d0b1f96 smbd: remove unused change_to_root_user() from smbd_sig_hup_handler() via e37e41b smbd: avoid explicit change_to_user() in defer_rename_done() already done by impersonation via 1b804f7 smbd: implement smbd_impersonate_{conn_vuid,conn_sess,root,guest}_create() wrappers via 0dcaa07 smbd: make use of smbd_impersonate_{conn_vuid,conn_sess,root,guest}_create() wrappers via 5285966 smbd: add simple noop smbd_impersonate_{conn_vuid,conn_sess,root,guest}_create() wrappers via 23319ef smbd: add smbd_impersonate_debug_create() helper via 7b5a47b smbd: add [un]become_guest() helper functions from 710ce1c WHATSNEW: Start release notes for Samba 4.10. https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3eee52b44daa8544e1c1fb609f901a3a96b29b25 Author: Stefan Metzmacher Date: Fri Jun 22 17:11:53 2018 +0200 pthreadpool: allocate glue->tctx on glue as memory context. This means it will go aways together with glue and thte event context. Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Thu Jul 12 17:18:01 CEST 2018 on sn-devel-144 commit 25756425aaf5465e56ea809cd415b6a387848919 Author: Stefan Metzmacher Date: Wed Jun 20 13:38:19 2018 +0200 pthreadpool: maintain a global list of orphaned pthreadpool_tevent_jobs Instead of leaking the memory forever, we retry the cleanup, if other pthreadpool_tevent_*() functions are used. pthreadpool_tevent_cleanup_orphaned_jobs() could also be called by external callers. Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit fa070d90074629cb8262bc4e2a6ceef57a9fbd5c Author: Stefan Metzmacher Date: Wed Apr 25 20:25:21 2018 +0200 pthreadpool: make use of pthreadpool_stop() in pthreadpool_tevent_destructor() Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit 791c05144ee9296024cc0fdebe4afeaaf67e26bc Author: Stefan Metzmacher Date: Wed Apr 25 14:43:22 2018 +0200 pthreadpool: add pthreadpool_tevent_job_cancel() Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit 245d684d28dab630f3d47ff61006a1fe3e5eeefa Author: Stefan Metzmacher Date: Fri Jun 22 01:39:47 2018 +0200 pthreadpool: split out pthreadpool_tevent_job from pthreadpool_tevent_job_state This makes it much easier to handle orphaned jobs, we either wait for the immediate tevent to trigger or we just keep leaking the memory. The next commits will improve this further. Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit cdbad9041b8afd3f0436fbeb5d6b50f9f1ada60d Author: Stefan Metzmacher Date: Fri Apr 20 15:07:08 2018 +0200 pthreadpool: let pthreadpool_tevent_job_send() fail with an invalid pool
[SCM] Samba Shared Repository - annotated tag ldb-1.4.1 created
The annotated tag, ldb-1.4.1 has been created at 17acc22526716af4c1f173c95626682003a72cc9 (tag) tagging 3eecdbcc38dbe084b285c9720443d819304f7b97 (commit) replaces talloc-2.1.14 tagged by Stefan Metzmacher on Thu Jul 12 07:55:32 2018 +0200 - Log - ldb: tag release ldb-1.4.1 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAltG7VQACgkQR5ORYRMI QCXxpQf8CL4/3SUOVGkcmRB7BOTEN3g/228BpNFKFFj7xlM4grF+6zTDupsnlLs2 jKPwS61Ulq2LvWOBNfw4tjRT1d0h9HdK672/fPja3tT8bcwF9F5QVcMO/+XrZH+d lNJ52kwS1upFU0pQnPAiuQ+9x9u6MBSWp+TGBufzpWTDBuicL9EeDVjL7Q7V2lqt bNKANMroR6405JRDKvUa4Pw31PXMqnRbP5vLCnFYllxKncYP/M95fh7kVjVZLLgm TmFHrE+sz13Sc5qsmWDtHLwrN5KUlR5/QDQh9oiFoVcAVoSpWfJus6kxsEVaQtQi aBL/tD2m2WQ0OcJkjRfVEr0XUPVMTA== =kowD -END PGP SIGNATURE- Stefan Metzmacher (1): ldb: version 1.4.1 --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag talloc-2.1.14 created
The annotated tag, talloc-2.1.14 has been created at ccc62a47c22f4b3007ae22e7a47e45904bf3e4e2 (tag) tagging df858ec17e1d86ac983f0e74f7b80fbac64cab30 (commit) replaces tdb-1.3.16 tagged by Stefan Metzmacher on Thu Jul 12 07:54:48 2018 +0200 - Log - talloc: tag release talloc-2.1.14 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAltG7SgACgkQR5ORYRMI QCVYcAgAgVAqHAms+Vt0fOH2bidFH7eRIjg/By2Oms6vapKiOoDcKRIGvfc6xfYo /IEtmaddQ+qy28lMzTlmcKkXv+2/3HmcGLC0GBsf90ySEtVuIt36A70p1hY45kTM 6yNIlrak8z+Q5nFhFdKp7d5DNfH/uIxMB1GWIUeuIFgEr0TAb5fYrc1JEirAtcGv 9tBWVSYOrPnSAm7zQGdzgI3/IuDaam/UHqIRxZa2zgGvl+FKcKJEC27zn5l4dZ2Y bMk1zciHDrzX6/qVdu4jQRTisLZEqRnU908WPromhrOEB3yOXqSzPnMZoRZNdcGJ jsjZL8T0sK44FOSywfuSaCEZ69lD2A== =H6AE -END PGP SIGNATURE- Stefan Metzmacher (1): talloc: version 2.1.14 --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag tdb-1.3.16 created
The annotated tag, tdb-1.3.16 has been created at 1830c1e4027572713cbafe276d0ececebf040417 (tag) tagging b9efc5a628007f84c650789027385faaace913e8 (commit) replaces tevent-0.9.37 tagged by Stefan Metzmacher on Thu Jul 12 07:54:09 2018 +0200 - Log - tdb: tag release tdb-1.3.16 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAltG7QEACgkQR5ORYRMI QCV/Nwf/Z+nLu6X45Wk4xol6qwHirEvfSTKq+mSTCBNoxeEgBuN4mhH98MuLG5W8 Nq4M7m1ZwNrKWXN7oxkvdcltSg2OCQVuyi1Kgalwiv3nuchhCkAOCFBVRZfxZJGF gjVnthsrOU0hp/CnauZWTQL3E/MwLGVDpzukkmDz588SDeFUer54KKRT4Mk1UsDx 7S464XgWjNZV00CcRxJRtQljv3GW033CPJdhLLVTyvoKW9Q3QSgzf9mUYIjnx5Q0 ef5zkPgkHBd2yMom3BK+Bq5Dz8pn3IF2WsNuOuwjOsdy/Rsmhm834qBfrD/0brWv BykVzS5rmrfQE54vt8IL3MToCmM9gg== =sxcB -END PGP SIGNATURE- Aaron Haslett (12): dns: record aging tests rpc dns: setting timestamp to 0 on RPC processed records rpc dns: reading zone properties from LDB rpc dns: reset dword aging related zone properties dns: moving name_equal func into common dns: server side implementation of record aging dns: custom match rule for DNS records to be tombstoned dns: Use ldb.SCOPE_SUBTREE in ldap_get_records() routine in tests/dns.py dns: dns record scavenging function (without task) dns+kcc: adding dns scavenging to kcc periodic run dns: update tool changed for scavenging dns: static records Andrew Bartlett (11): WHATSNEW: Add entry for "Dynamic DNS record scavenging support" docs: Explain that "max xmit" is SMB1 only WHATSNEW: Fix spelling selftest: Add tests for samba.auth.admin_session() python: Add samba.auth.session_info_fill_unix() tests/posixacl: Test with and without filling in the unix_token WHATSNEW: document sysvolreset improvement WHATSNEW: Explain that Jansson is requied for AD DC, mention --without-json-audit docs: Remove mention of --without-json-audit from the AD DC ldb: Ban ldb 1.4.x with Samba 4.8 and earlier ldb: Refuse to build Samba against a newer minor version of ldb Bob Campbell (1): python/tests: check setting values on dnsRecord attributes Gary Lockyer (5): smb.conf: add dns_zone_scavenging dns: Reformat DNS with clang-format tests dns: fix rpc null byte test tests dns: dns.py remove flake8 warnings tests dns: dns_base.py remove flake8 warnings Joe Guo (16): pysmbd: add session_info arg to get_conn_tos pysmbd: add session_info arg to py_smbd_set_nt_acl smbd/msdfs: add null check for session_info.unix_info smbd/posix_acls: reuse secutiry token from session info if exist ntacls: reuse predefined SECURITY_SECINFO_FLAGS ntacls: add session_info arg to setntacl and pass down to set_nt_acl api provision/setsysvolacl: build session_info and pass down to setntacl provision/setsysvolacl: create helper function to simplify code tests/posixacl: rm commented code tests/posixacl: define global DOM_SID to make code DRY tests/posixacl: define global ACL to make code DRY tests/posixacl: remove unused imports tests/posixacl: use assertRaises to simplify code tests/posixacl: rm duplicated test tests/posixacl: move setUp and tearDown to top tests/posixacl: derive a new testcase to run same tests with session Stefan Metzmacher (7): s3:messages: protect against usage of wrapper tevent_context objects for messaging s3:messages: allow messaging_{dgm,ctdb}_register_tevent_context() to use wrapper tevent_context s3:messages: allow messaging_dgm_ref() to use wrapper tevent_context s3:messages: allow messaging_filtered_read_send() to use wrapper tevent_context s4:messaging: allow imessaging_post_handler() to free the messaging context from a handler s4:messaging: make sure only imessaging_client_init() can be used with a wrapper tevent_context wrapper tdb: version 1.3.16 Timur I. Bakeyev (1): WHATSNEW: Add note about defaults changes for the vfs_full_audit and acceptance of all syslog facilities for all audit modules. Volker Lendecke (5): lib: Multi-line a long line in wscript_build lib: Add tevent_req_profile helpers torture: Test tevent_req_profile winbindd: Convert process_request() to tevent_req winbindd: Do request profiling --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag tevent-0.9.37 created
The annotated tag, tevent-0.9.37 has been created at d4347fecc1529d308abe71a609fcc74a502bfe6c (tag) tagging f4fe3f77669875070cd7ba4a28ad33f6a058f105 (commit) replaces ldb-1.4.0 tagged by Stefan Metzmacher on Thu Jul 12 07:53:02 2018 +0200 - Log - tevent: tag release tevent-0.9.37 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAltG7L4ACgkQR5ORYRMI QCW0qAf/ZH8gFDxajI7ZwkN2mpeEpw1ZtBppvxX9dd2BTt3QTL8YkIFfCXtj3Ac5 Y4PU67FdmlYhe5QGUDDo8gYMqoH1La79Wnd4YYH1+sUwHX2cPqp7dQ3jNmBhwwAu WkdmebwlhP/vm0LBlDlBv4w7m6m3EPP4KYte8aiqbhMvA78BvaZnt8Lt6rtPCjWN Y57nZYForN3iXix7nxCd8ilRCC8+lRy/Xp3dPJ0DqvivgRRrPyC9/8vT5xUCa7Mp KO03YVz6oQqXfgOvOYKAMSnamoD764qRDMwMwiRR/xwXfJfcglkSKQ8/rFIAVENn opLN+eeVN9zlEKVdeWzc7k2SqqxDCA== =Jd04 -END PGP SIGNATURE- Aaron Haslett (6): samba: read backup date field on init and fail if present param: Add non-global smb.cfg option (support 2 different smb.confs) join: Pipe through dns_backend option for clones netcmd: domain backup online command netcmd: domain backup restore command tests: Add tests for the domain backup online/restore commands Amit Kumar (1): MAN: Adding entry for net ads lookup Amitay Isaacs (47): ctdb-common: Simplify process registration using linked list ctdb-common: Do not initialize run_proc inside run_event ctdb-common: Rename run_event_script_list to run_event_list ctdb-common: Return script_list for zero scripts ctdb-common: Improve error handling in run_event ctdb-common: Reset running state on failure ctdb-common: Add support to run events through failure ctdb-common: Correctly handle conf->reload() replace: Add test for sin6_len in sockaddr_in6 structure ctdb-common: Use sin6_len only if the structure supports it ctdb-build: Add checks for raw pkt handling support ctdb-build: Add ipv6 headers check for packet details ctdb: Fix build on AIX tdb: Fix build on AIX ctdb-common: Use correct return type for tevent_queue_add_entry ctdb-tests: Avoid segfault by initializing logging ctdb-daemon: Avoid closing stdin when running in interactive mode ctdb-daemon: Set environment variable if running in interactive mode wafsamba: Add strict option to CHECK_CODE wafsamba: Be strict when checking __attribute__ features socket_wrapper: Be strict when checking __attribute__ features replace: Be strict when checking __attribute__ features nss_wrapper: Be strict when checking __attribute__ features pam_wrapper: Be strict when checking __attribute__ features resolv_wrapper: Be strict when checking __attribute__ features uid_wrapper: Be strict when checking __attribute__ features ctdb-protocol: Separate protocol-basic subsystem ctdb-build: Add ctdb prefix to build target ctdb-tests: Separate testing code for basic data types ctdb-common: Add client pid to connect callback in sock_daemon ctdb-event: Add event daemon protocol ctdb-event: Add event daemon implementation ctdb-event: Add event daemon client code ctdb-event: Add event daemon client tool ctdb-tests: Rename eventd testsuite to ctdb_eventd ctdb-event: Add tests for event daemon ctdb-daemon: Switch to starting new event daemon ctdb-tools: Switch to using new event daemon tool ctdb-tests: Remove tests for old event daemon ctdb-daemon: Remove old event daemon ctdb-tools: Remove old event daemon tool ctdb-client: Remove client code for old event daemon ctdb-protocol: Remove protocol for old event daemon ctdb-daemon: Add client code to talk to new event daemon ctdb-tests: Switch to using new event daemon ctdb-common: Fix CID 437606 ctdb-tests: Avoid segfault by initializing logging Andreas Schneider (14): testparm: Remove warning from the last century samdb: Fix build error with gcc8 s3:registry: Fix buffer truncation issues issues with gcc8 s3:smbget: Fix buffer truncation issues with gcc8 s3:winbind: Fix regression introduced with bso #12851 krb5_plugin: Add winbind localauth plugin for MIT Kerberos krb5_plugin: Install plugins to krb5 modules dir krb5_plugin: Move krb5 locator plugin to krb5_plugin subdir docs: Move winbind_krb5_locator manpage to volume 8 docs: Add manpage for winbind_krb5_localauth.8 nsswitch: Add tests to lookup user via getpwnam s3:winbind: Do not lookup local system accounts in AD nsswitch: Use a swtich in the wbinfo test to lookup users winbind_krb5_localauth: Fix a compiler warning Andrej Gessel (3): Fix several mem leaks in ldb_index ldb_search ldb_tdb ldb: check return values check return value before using key_values Andrew Bartlett (33): selftest: M
[SCM] Samba Shared Repository - annotated tag ldb-1.3.4 created
The annotated tag, ldb-1.3.4 has been created at 92c2eab8320300bf8f1ef8f97781791b38836f07 (tag) tagging e25631d6be56374b69209afafda0fc4485bc8b54 (commit) replaces samba-4.8.2 tagged by Stefan Metzmacher on Tue Jun 26 21:12:19 2018 +0200 - Log - ldb: tag release ldb-1.3.4 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlsykBMACgkQR5ORYRMI QCUG1QgAxRFAL79USfUGLPbr+JHPazvpGjA/DV98Z85SsolZ3cP8FOhIPYBiuwfN qRfjNkkV41k7DB0EXMFwtKinfhzo990WP101oxXByLS5GNAl/HzPZah20ICL0B71 T6vIMs4yhdxVO4eN55KrpFnjSSWENuUEvAalrWKi6h6kSPPXzDNtDqgOy0ppxkrH cpgLodyZTX75Ww0qzN3xEtgiBMRWqGyF+Diq6unvkdMmer3LPpXazeLJsSrNHjSi MaZ3IgJqMFZZ3yj//sucZSKw8R3zxJOQX3ILBUSow9R8Yzy0xmeb0c7gNKWrFZZF EIVLZ23maGy4bYiBUOvdj7k6TY6SeQ== =lLqR -END PGP SIGNATURE- Andreas Schneider (24): selftest: Make sure we have correct group mappings nsswitch: Add a test looking up the user using the upn nsswitch: Add a test looking up domain sid nsswitch: Lookup the domain in tests with the wb seperator selftest: Add a user with a different userPrincipalName nsswitch:tests: Add test for wbinfo --user-info winbind: Remove unused function parse_domain_user_talloc() winbind: Fix UPN handling in parse_domain_user() winbind: Fix UPN handling in canonicalize_username() s3:utils: Do not segfault on error in DoDNSUpdate() lib:util: Fix string check in mkdir_p() s4:torture: Use strlcpy() in gen_name() s3:lib: Use memcpy() in escape_ldap_string() s3:passdb: Fix size of ascii_p16 s3:winbind: Fix uninitialzed variable warning lib:util: Fix parameter aliasing in tfork test lib:util: Fix size types in debug.c s4:ntvfs: Fix string copy of share_name lib: Fix array size in audit_logging krb5_plugin: Add winbind localauth plugin for MIT Kerberos s3:registry: Fix buffer truncation issues issues with gcc8 s3:smbget: Fix buffer truncation issues with gcc8 s3:winbind: Fix regression introduced with bso #12851 samdb: Fix build error with gcc8 Andrej Gessel (3): ldb: check return values check return value before using key_values Fix several mem leaks in ldb_index ldb_search ldb_tdb Andrew Bartlett (12): s3-lib: Remove support for libexc for IRIX backtraces lib/util: Log PANIC before calling pacic action just like s3 lib/util: Move log_stack_trace() to common code lib/util: Call log_stack_trace() in smb_panic_default() ldb: Save a copy of the index result before calling the callbacks. ldb: Indicate that the ltdb_dn_list_sort() in list_union is a bit subtle. ldb: Explain why an entry can vanish from the index ldb: One-level search was incorrectly falling back to full DB scan ldb: Add tests for when we should expect a full scan ldb_tdb: Use mem_ctx and so avoid leak onto long-term memory on duplicated add. .gitlab-ci.yml: Adapt to current GitLab CI setup ldb: version 1.3.4 Christof Schmitt (6): selftest: Add dfq_cache share with 'dfree cache time' set selftest: Add test for 'dfree cache' memcache: Add new cache type for dfree information smbd: Cache dfree information based on query path smbd: Flush dfree memcache on service reload krb5_wrap: fix keep_old_entries logic for older kerberos libraries Günther Deschner (6): s4-heimdal: Fix the format-truncation errors. s3-winbindd: use fill_domain_username_talloc() in winbind. s3-winbindd: remove unused fill_domain_username() s3-printing: fix format-truncation in print_queue_update() s4-torture: fix format-truncation warning in smb2 session tests. s3-utils: fix format-truncation in smbpasswd Jeffrey Altman (1): heimdal: lib/krb5: do not fail set_config_files due to parse error Jeremy Allison (5): s3: smbd: Fix SMB2-FLUSH against directories. s3: smbtorture: Add new SMB2-DIR-FSYNC test to show behavior of FSYNC on directories. s3: torture: Add DELETE-PRINT test. s3: smbd: printing: Re-implement delete-on-close semantics for print files missing since 3.5.x. python: Fix talloc frame use in make_simple_acl(). Karolin Seeger (2): VERSION: Bump version up to 4.8.3... bla Lukas Slebodnik (1): ldb: Fix memory leak on module context Ralph Boehme (2): s4:torture/smb2: new test for interaction between chown and SD flags s3:smbd: fix interaction between chown and SD flags Stefan Metzmacher (4): winbind: Pass upn unmodified to lookup names auth/ntlmssp: add ntlmssp_client:ldap_style_send_seal option s4:selftest: run test_ldb_simple.sh with more auth options auth/ntlmssp: fix handling of GENSEC_FEATURE_LDAP_STYLE as a server Volker Lendecke (1): libgpo: Fix the
[SCM] Samba Shared Repository - branch master updated
df5e459 s3:lib: add caching to set_current_user_info() from 5d4f229 s4-dsdb: fix the build of audit_util.c https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log --------- commit 721fbbfa7001b2788602106101f0407483894322 Author: Stefan Metzmacher Date: Thu Mar 22 10:54:41 2018 +0100 smbd: remove unused smbd_server_connection->ev_ctx Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Mon Jun 18 11:46:36 CEST 2018 on sn-devel-144 commit 894e5001c747ce765dad5517778dda55d7d1f4d9 Author: Stefan Metzmacher Date: Thu Mar 22 10:54:41 2018 +0100 smbd: add an effective {smb,smbd_smb2}_request->ev_ctx that holds the event context used for the request processing In future this will an impersonation wrapper tevent_context based on the user session. Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit f2df8be16be9dccd3d10ec060f1efbe5007a28c6 Author: Stefan Metzmacher Date: Thu Mar 22 10:54:41 2018 +0100 smbd: add an effective connection_struct->user_ev_ctx that holds the event context used for the current user This will be filled with an impersonation wrapper in the next commits. Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit c835ffa72ddfd2431d22909148913b50f0d829d1 Author: Stefan Metzmacher Date: Thu Mar 22 10:54:41 2018 +0100 smbd: use sconn->root_ev_ctx for smbd_sig_{term,hup}_handler() They already call change_to_root_user(), which can be removed later. Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit 182991c26c8149c79b13a277b9822efc49fd1df0 Author: Stefan Metzmacher Date: Thu Mar 22 10:54:41 2018 +0100 smbd: use sconn->root_ev_ctx for brl_timeout_fn() This already calls change_to_root_user(), which can be removed later. Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit 146938217ed1ab9a7a9f38c055fec5513cbd5c4d Author: Stefan Metzmacher Date: Thu Mar 22 10:54:41 2018 +0100 smbd: add smbd_server_connection->{root,guest}_ev_ctx pointer For now these are just the same as smbd_server_connection->ev_ctx, but this will change in future and we'll use impersonation wrappers. Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit f5f9b719741465c7be3de20a6a69ec106ecc4568 Author: Stefan Metzmacher Date: Thu Mar 22 10:54:41 2018 +0100 smbd: use raw_ev_ctx to clear the MSG_SMB_CONF_UPDATED registration Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit dc517b20f60a156d73fdd551557eb1d4366dfdeb Author: Stefan Metzmacher Date: Thu Mar 22 10:54:41 2018 +0100 smbd: explain that/why we use the raw tevent_context for linux_oplock_signal_handler() Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit 1d5210b615035e46b90758ac7aa4ceec9174bee5 Author: Stefan Metzmacher Date: Thu Mar 22 10:54:41 2018 +0100 smbd: explain that/why we use the raw tevent_context for do_break_to_none() Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit e73eaa3c8004d3d8aff316cdb26b0bef85eceaca Author: Stefan Metzmacher Date: Thu Mar 22 10:54:41 2018 +0100 smbd: explain that/why we use the raw tevent_context for oplock_timeout_handler() Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit 52f098d38da72d6eff3c4cac61487da897a8651c Author: Stefan Metzmacher Date: Thu Mar 22 10:54:41 2018 +0100 smbd: explain that/why we use the raw tevent_context for lease_timeout_handler() Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit 7cfafaf190643eb28fc95d21a02a4e5e529e16d1 Author: Stefan Metzmacher Date: Thu Mar 22 10:54:41 2018 +0100 smbd: explain that/why we use the raw tevent_context for update_write_time_handler() Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit b0af5715b0a7592a9728e0b76f653b9ab6228708 Author: Stefan Metzmacher Date: Thu Mar 22 10:54:41 2018 +0100 vfs_glusterfs: explain that/why we use the raw tevent_context in init_gluster_aio() Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit 6114f9545fa856717220658e87f2a60f6767b7f4 Author: Stefan Metzmacher Date: Thu Mar 22 10:54:41 2018 +0100 smbd: add smbd_server_connection->raw_ev_ctx pointer This will replace smbd_server_connection->ev_ctx in the next commits. Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit c059f0ae729a47883362a1ba01b530b3d743bc45 Author: Stefan Metzmacher Date: Thu Mar 22 10:54:41 2018 +0100 smbd: use req->xconn->client->raw_ev_ctx for schedule_deferred_open_message_smb(
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 5ef6775 smbd: don't call change_to_root_user() before change_to_guest() via 9393d95 smbd: remove useless allow_access() check for AS_GUEST via 51407b9 smbd: split out a fsp_flush_write_time_update() function from update_write_time_handler() via 553df61 smbd: make smbd_setup_sig_{term,hup}_handler() static via 55b1b55 vfs_glusterfs: use tevent_req_defer_callback() in order to use the correct event context via efce558 smbd: call samba_tevent_context_init() within create_conn_struct_as_root() via ee8ea5c smbd: use pconn = talloc_move(ctx, &conn) in create_conn_struct_as_root() via d156483 smbd: remove unused create_conn_struct() function via b5302c6 smbd: let create_conn_struct_tos() use create_conn_struct_as_root() directly via b71362b vfstest: make use of create_conn_struct_tos() via cdb875f smbd: remove unused create_conn_struct_cwd() function via 240c47c printing: convert delete_driver_files() to use create_conn_struct_tos_cwd() via ae32a26 printing: convert move_driver_to_download_area() to use create_conn_struct_tos_cwd() via 76297c3 printing: convert get_correct_cversion() to use create_conn_struct_tos_cwd() via e56bb42 printing: add an explicit talloc_stackframe() to delete_driver_files() via a2ad24f printing: add an explicit talloc_stackframe() to move_driver_to_download_area() via bad43d3 printing: add an explicit talloc_stackframe() to get_correct_cversion() via 7d493ea printing: add more 'const' to read only input pointers via 498830c s3:rpc_server/srvsvc: _srvsvc_NetSetFileSecurity form_junctions() to use create_conn_struct_tos_cwd() via f9860b6 s3:rpc_server/srvsvc: _srvsvc_NetGetFileSecurity() to use create_conn_struct_tos_cwd() via 185d471 s3:rpc_server/srvsvc: add an explicit talloc_stackframe() to _srvsvc_NetSetFileSecurity() via 44e3c03 s3:rpc_server/srvsvc: add an explicit talloc_stackframe() to _srvsvc_NetGetFileSecurity() via 36d3de0 smbd: convert form_junctions() to use create_conn_struct_tos_cwd() via bcb4d42 smbd: convert count_dfs_links() to use create_conn_struct_tos_cwd() via 73e5d47 smbd: convert get_referred_path() to use create_conn_struct_tos_cwd() via 42610e0 smbd: convert junction_to_local_path() to use create_conn_struct_tos_cwd() via 2401e25 smbd: add an explicit talloc_stackframe() to form_junctions() via 15ea2c1 smbd: add an explicit talloc_stackframe() to count_dfs_links() via e3837d3 smbd: add an explicit talloc_stackframe() to get_referred_path() via a9f5dcd smbd: add an explicit talloc_stackframe() to {create,remove}_msdfs_link() via ac922eb s3:rpc_server/fss: make use of create_conn_struct_tos() via 7983c70 s3:rpc_server/fss: use talloc_stackframe() for temporary memory via 96ac5a8 smbd: make use of create_conn_struct_tos() in get_nt_acl_no_snum() via 1566766 pysmbd: make use of create_conn_struct_tos() via 67ea594 pysmbd: remove explicit talloc_stackframe() from get_conn() and name it get_conn_tos() via 539f51f pysmbd: fix some talloc_stackframe() memory leaks and clean up the frame hierarchy in make_simple_acl(). via 7ef67df pysmbd: consitently use talloc_stackframe() for temporary memory via cbde2e3 pysmbd: remove useless explicit conn_free() from set_nt_acl_conn() via 66bc2c4 smbd: add create_conn_struct_tos[_cwd]() helper functions via ebae5e0 printing: remove unused arguments from delete_and_reload_printers() via 72bd688 printing: remove unused arguments from load_printers() from d33c355 CID 1416475: possibly dereferencing NULL in fruit_pread_meta https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 5ef6775919e83fdae66385db8d1579fa259602f1 Author: Stefan Metzmacher Date: Wed May 23 14:26:37 2018 +0200 smbd: don't call change_to_root_user() before change_to_guest() This is just an optimization and it makes it clearer that calling change_to_root_user() just before change_to_guest() is useless and confusing. We call change_to_guest() before set_current_service() now, but that has no impact as we pass 'do_chdir=false' as AS_GUEST is never mixed with AS_USER or DO_CHDIR. Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Thu Jun 14 23:38:55 CEST 2018 on sn-devel-144 commit 9393d95f22276a5374f991746d48050fe0be47c5 Author: Stefan Metzmacher Date: Wed May 23 14:23:17 2018 +0200 smbd: remove useless allow_access() check for AS_GUEST We already call allow_access() when we accept the con
[SCM] Samba Shared Repository - annotated tag ldb-1.4.0 created
The annotated tag, ldb-1.4.0 has been created at 7558352d92528cb3d7d92c0a05e18ee48fb262d5 (tag) tagging 4e2eb5660a11cea215d39495844aa76ffb5a1a2e (commit) replaces talloc-2.1.13 tagged by Stefan Metzmacher on Wed May 30 15:30:34 2018 +0200 - Log - ldb: tag release ldb-1.4.0 -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAABAgAGBQJbDqd6AAoJEEeTkWETCEAlqGcH/j3s431HObSY3N0MHs45J+eq fHOF9cnRTLtLu98Tr9bkh4zc73LH6rZSSHPxpQh2DqpLlkYQU/PuX9Dg+SmfcxpQ 8eQTPrKpCqHLsiDYZ0qKP1h6fjedNdbqt070QKMimVXQc5YWrW9Su2+k1ao+Z/5u Ws8ING9c7YTZxLnalWadpBttcSU2GBhX3YdBsw10RHNw6MSrTp0saB4BXKdc1y/d EUYjieyReuc1ll9ikIAY9fiAzgyoIPb5ipVImGqSUHINI00wrBbW+g2P7a6CzKtC H/3qztZhPd1m9yw1aFLv1iagBa5Q/biEsP4OaHL5fwxDcnhz72vE/pb2ROwfj6A= =CMYJ -END PGP SIGNATURE- Aaron Haslett (5): ldb: removing prior secret from logs samdb rid: clear cache to prevent old ntds_guid devel: removing unused code from chgkrbtgtpass auth: keytab invalidation test auth: keytab invalidation fix Amitay Isaacs (20): ctdb-client: Remove ununsed functions from old client code ctdb-build: Drop unnessary dependency on ctdb-client ctdb-daemon: Move ctdb_client.c to server/ subdir ctdb-build: Rename ctdb-client2 subsystem to ctdb-client third_party: Update popt to 1.16 release ctdb-packaging: Package all helpers using wildcard ctdb-common: Add command line processing abstraction ctdb-common: Add utility code to get various paths ctdb-common: Add path tool ctdb-tests: Setup $CTDB_BASE/{run,var} directories util: Add tini to samba-util-core ctdb-common: Add config file parsing code ctdb-common: Add config options tool ctdb-common: Refactor log backend parsing code ctdb-common: Add a function to validate logging specification ctdb-tools: Add logging config options to config tool ctdb-common: Fix CID 1435599 ctdb-event: Add event daemon config file options ctdb-tools: Add event daemon config options to config tool socket_wrapper: Add missing dependency on tirpc Andreas Schneider (35): wafsamba: Add '-Werror=strict-overflow -Wstrict-overflow=2' to the developer build s3:passdb: Do not return OK if we don't have pinfo set up s3:smbspool: Fix cmdline argument handling selftest: Make sure we have correct group mappings nsswitch: Add a test looking up the user using the upn nsswitch: Add a test looking up domain sid nsswitch: Lookup the domain in tests with the wb seperator selftest: Add a user with a different userPrincipalName nsswitch:tests: Add test for wbinfo --user-info winbind: Remove unused function parse_domain_user_talloc() winbind: Fix UPN handling in parse_domain_user() winbind: Fix UPN handling in canonicalize_username() s4:dsdb:tests: Add return code check s3:winbind: Initialize validation_level in winbind_dual_SamLogon() s3:modules: Initialize pointers in vfs_virusfilter s4:torture: Make sure variable is initialized in oplock test libcli: Fix coverity warning in smb2cli_notify_send() s3:smbd: Fix converity warning with _smb_setlen_large() ctdb: Check return values of tevent_req_set_endtime() s3:libsmbclient: Use const for setting and getting strings s4:torture: Do not leak memory in libsmbclient test s4:torture: Do not leak file descriptor in smb2 oplock test s3:utils: Do not segfault on error in DoDNSUpdate() s3:winbind: Add sanity check when closing fd s3:winbind: Check if we have an open file descriptor lib:util: Fix string check in mkdir_p() s4:torture: Use strlcpy() in gen_name() s3:lib: Use memcpy() in escape_ldap_string() s3:passdb: Fix size of ascii_p16 s3:winbind: Fix uninitialzed variable warning lib:util: Fix parameter aliasing in tfork test lib:util: Fix size types in debug.c s4:ntvfs: Fix string copy of share_name lib: Fix array size in audit_logging s3:utils: Remove double error check Andrew Bartlett (88): ldb: Fix missing NULL terminator in ldb_mod_op_test testsuite samba-tool domain classicupgrade: Do not mix python-samdb transactions and passdb modifications ldb: Ignore these tests in mdb test mode ldb: Allow GUID index mode to be tested on TDB ldb_tdb: A more robust check for if we can fit the index string in provision: Set @INDEXLIST first when building dummy sam.ldb samba-tool: Escape username and computername in ldb search filter samba-tool: Use same method for removing trailing $ as elsewhere in the tool s3-lib: Remove support for libexc for IRIX backtraces lib/util: Log PANIC before calling pacic action just like s3 lib/util: Move log_stack_trace() to common code lib/util: Call log_s
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e9b638c autobuild: cover the Gentoo case with python disabled all down the stack via 95c117f Make ldb configuration --disable-python work as intended via 4c354cd torture: Give extra information on WINBINDD_SHOW_SEQUENCE failure from a9084dc s3:utils: Remove double error check https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e9b638c43f006bd48158f21fc9b598c61d615499 Author: Andrew Bartlett Date: Thu May 10 09:09:56 2018 +1200 autobuild: cover the Gentoo case with python disabled all down the stack Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Fri May 25 13:07:47 CEST 2018 on sn-devel-144 commit 95c117ff1114122aad367adab6c738b835a7c3d3 Author: Timur I. Bakeyev Date: Fri May 18 10:10:50 2018 +0800 Make ldb configuration --disable-python work as intended Signed-off-by: Timur I. Bakeyev Reviewed-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher commit 4c354cd551715e98b9d016be6f1c6bc02a931192 Author: Andrew Bartlett Date: Thu May 24 13:49:11 2018 +1200 torture: Give extra information on WINBINDD_SHOW_SEQUENCE failure Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher --- Summary of changes: lib/ldb/wscript| 13 ++--- script/autobuild.py| 32 source4/torture/winbind/struct_based.c | 22 +- 3 files changed, 55 insertions(+), 12 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/ldb/wscript b/lib/ldb/wscript index dfca1bc..412bd4f 100644 --- a/lib/ldb/wscript +++ b/lib/ldb/wscript @@ -201,9 +201,15 @@ def build(bld): bld.RECURSE('lib/tdb') if bld.env.standalone_ldb: +if not 'PACKAGE_VERSION' in bld.env: +bld.env.PACKAGE_VERSION = VERSION +bld.env.PKGCONFIGDIR = '${LIBDIR}/pkgconfig' private_library = False else: private_library = True +# we're not currently linking against the ldap libs, but ldb.pc.in +# has @LDAP_LIBS@ +bld.env.LDAP_LIBS = '' LDB_MAP_SRC = bld.SUBDIR('ldb_map', 'ldb_map.c ldb_map_inbound.c ldb_map_outbound.c') @@ -224,13 +230,6 @@ def build(bld): if bld.PYTHON_BUILD_IS_ENABLED(): if not bld.CONFIG_SET('USING_SYSTEM_PYLDB_UTIL'): for env in bld.gen_python_environments(['PKGCONFIGDIR']): -# we're not currently linking against the ldap libs, but ldb.pc.in -# has @LDAP_LIBS@ -bld.env.LDAP_LIBS = '' - -if not 'PACKAGE_VERSION' in bld.env: -bld.env.PACKAGE_VERSION = VERSION -bld.env.PKGCONFIGDIR = '${LIBDIR}/pkgconfig' name = bld.pyembed_libname('pyldb-util') bld.SAMBA_LIBRARY(name, diff --git a/script/autobuild.py b/script/autobuild.py index 2d71b5e..429d644 100755 --- a/script/autobuild.py +++ b/script/autobuild.py @@ -80,9 +80,10 @@ samba_configure_params = " --picky-developer ${PREFIX} ${EXTRA_PYTHON} --with-pr samba_libs_envvars = "PYTHONPATH=${PYTHON_PREFIX}/site-packages:$PYTHONPATH" samba_libs_envvars += " PKG_CONFIG_PATH=$PKG_CONFIG_PATH:${PREFIX_DIR}/lib/pkgconfig" samba_libs_envvars += " ADDITIONAL_CFLAGS='-Wmissing-prototypes'" -samba_libs_configure_base = samba_libs_envvars + " ./configure --abi-check --enable-debug --picky-developer -C ${PREFIX} ${EXTRA_PYTHON}" -samba_libs_configure_libs = samba_libs_configure_base + " --bundled-libraries=cmocka,NONE" -samba_libs_configure_samba = samba_libs_configure_base + " --bundled-libraries=!talloc,!pytalloc-util,!tdb,!pytdb,!ldb,!pyldb,!pyldb-util,!tevent,!pytevent" +samba_libs_configure_base = samba_libs_envvars + " ./configure --abi-check --enable-debug --picky-developer -C ${PREFIX}" +samba_libs_configure_libs = samba_libs_configure_base + " --bundled-libraries=cmocka,NONE ${EXTRA_PYTHON}" +samba_libs_configure_bundled_libs = " --bundled-libraries=!talloc,!pytalloc-util,!tdb,!pytdb,!ldb,!pyldb,!pyldb-util,!tevent,!pytevent" +samba_libs_configure_samba = samba_libs_configure_base + samba_libs_configure_bundled_libs + " ${EXTRA_PYTHON}" if os.environ.get("AUTOBUILD_NO_EXTRA_PYTHON", "0") == "1": extra_python = "" @@ -274,7 +275,30 @@ tasks = { ("make", "make -j", "text/plain"),
[Bug 1717790] Re: libibverbs should come from the rdma-core source package
This seems to be fixed in bionic ** Changed in: libibverbs (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1717790 Title: libibverbs should come from the rdma-core source package To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libibverbs/+bug/1717790/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[SCM] Samba Shared Repository - annotated tag ldb-1.3.3 created
The annotated tag, ldb-1.3.3 has been created at f5897ce28b4dacf9414467cc352690d47863f715 (tag) tagging bf0a6646108bd447c05f099a7f345cf2a3bda070 (commit) replaces samba-4.8.1 tagged by Stefan Metzmacher on Wed May 2 21:38:55 2018 +0200 - Log - ldb: tag release ldb-1.3.3 -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAABAgAGBQJa6hPPAAoJEEeTkWETCEAlYbEH+wcYUTlF9AZSd5VLa/mndkwX v7BoxBsT/FNu4GucvBUpsvLHUIIwM6kTIlmIWN6EOAi6B/SEx+hRiiyBYu16QSXC zKAbZRospDbCngydIfLJ7UZIDzlXxjFEjvCNceB1UvTuEFSpWoC9rhwofYBviwJj sCeTb4nvHlHtDwkUDJF3xzBqTh93RH7ISMk2gz7E9HBIrUbTuzed84YFgflNLq06 L4iP80FDS+Xz3H3VT53bwDAVZfiLVSpuDlCJZPAELgJ3/WkGjtfqzGu5bkiQ68Cu lVTtcJUBrfj00HiRUpv7sCy3ZvUXNGgRLVOcUAx7hR8bPvpsR5ioxe2JdMiCIk4= =ZFOX -END PGP SIGNATURE- Andrew Bartlett (3): ldb_tdb: Ensure we can not commit an index that is corrupt due to partial re-index ldb: Add test to show a reindex failure must not leave the DB corrupt ldb: Release ldb 1.3.3 Gary Lockyer (3): ldb_tdb: Do not fail in GUID index mode if there is a duplicate attribute ldb_tdb: Add tests for truncated index keys lib ldb tests: Prepare to run api and index test on tdb and lmdb Karolin Seeger (1): VERSION: Bump version up to 4.8.2... --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-8-test updated
The branch, v4-8-test has been updated via 13f23ec nsswitch: fix memory leak in winbind_open_pipe_sock() when the privileged pipe is not accessable. via bf0a664 ldb: Release ldb 1.3.3 via 21e10ff ldb: Add test to show a reindex failure must not leave the DB corrupt via 89ce0d9 lib ldb tests: Prepare to run api and index test on tdb and lmdb via 7f70fcd ldb_tdb: Ensure we can not commit an index that is corrupt due to partial re-index via 3f15f1c ldb_tdb: Add tests for truncated index keys via b1ac094 ldb_tdb: Do not fail in GUID index mode if there is a duplicate attribute from f1bf8d7 VERSION: Bump version up to 4.8.2... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-test - Log - commit 13f23ec11ef3c932b0cb2000613dfbc6dd14554b Author: Stefan Metzmacher Date: Tue Apr 24 10:59:05 2018 +0200 nsswitch: fix memory leak in winbind_open_pipe_sock() when the privileged pipe is not accessable. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13400 Signed-off-by: Stefan Metzmacher Reviewed-by: Volker Lendecke (cherry picked from commit ffe970007bf934955f72ec2d73bf8f94a2b796eb) Autobuild-User(v4-8-test): Stefan Metzmacher Autobuild-Date(v4-8-test): Wed May 2 18:56:45 CEST 2018 on sn-devel-144 commit bf0a6646108bd447c05f099a7f345cf2a3bda070 Author: Andrew Bartlett Date: Mon Apr 30 11:15:55 2018 +1200 ldb: Release ldb 1.3.3 * Fix failure to upgrade to the GUID index DB format * Add tests for GUID index behaviour BUG: https://bugzilla.samba.org/show_bug.cgi?id=13306 Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher commit 21e10ff3d46814c170ed9b35e341f3c6a72406ef Author: Andrew Bartlett Date: Mon Mar 26 16:07:45 2018 +1300 ldb: Add test to show a reindex failure must not leave the DB corrupt BUG: https://bugzilla.samba.org/show_bug.cgi?id=13335 Signed-off-by: Andrew Bartlett Reviewed-by: Gary Lockyer Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Thu Apr 5 07:53:10 CEST 2018 on sn-devel-144 (cherry picked from commit 653a0a1ba932fc0cc567253f3e153b2928505ba2) commit 89ce0d90f70140b28a3cf6fa15e4fc6e803b5495 Author: Gary Lockyer Date: Tue Mar 6 09:13:31 2018 +1300 lib ldb tests: Prepare to run api and index test on tdb and lmdb BUG: https://bugzilla.samba.org/show_bug.cgi?id=13335 Signed-off-by: Gary Lockyer Reviewed-by: Andrew Bartlett (cherry picked from commit 06d9566ef7005588de18c5a1d07a5b9cd179d17b) commit 7f70fcd8baa82ae13ce1a29fc493643bbe29c6b7 Author: Andrew Bartlett Date: Mon Mar 26 16:01:13 2018 +1300 ldb_tdb: Ensure we can not commit an index that is corrupt due to partial re-index The re-index traverse can abort part-way though and we need to ensure that the transaction is never committed as that will leave an un-useable db. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13335 Signed-off-by: Andrew Bartlett Reviewed-by: Gary Lockyer (cherry picked from commit e481e4f30f4dc540f6f129b4f2faea48ee195673) commit 3f15f1c63b994066e4ea9bc5e407c1d182511918 Author: Gary Lockyer Date: Wed Feb 21 15:12:40 2018 +1300 ldb_tdb: Add tests for truncated index keys Tests for the index truncation code as well as the GUID index format in general. Covers truncation of both the DN and equality search keys. Signed-off-by: Gary Lockyer Reviewed-by: Douglas Bagnall Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Sat Mar 3 09:58:40 CET 2018 on sn-devel-144 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13335 (cherry picked into 4.8 and cut down to operate without truncated index values from master commit 4c0c888b571d4c21ab267024178353925a8c087c by Andrew Bartlett) commit b1ac0944146705ed13a89b0d0ac1b4656641c170 Author: Gary Lockyer Date: Wed Feb 28 11:47:22 2018 +1300 ldb_tdb: Do not fail in GUID index mode if there is a duplicate attribute It is not the job of the index code to enforce this, but do give a a warning given it has been detected. However, now that we do allow it, we must never return the same object twice to the caller, so filter for it in ltdb_index_filter(). The GUID list is sorted, which makes this cheap to handle, thankfully. Signed-off-by: Gary Lockyer Reviewed-by: Douglas Bagnall Reviewed-by: Andrew Bartlett BUG: https://bugzilla.samba.org/show_bug.cgi?id=13335 (cherry picked from commit 5c1504b94d1417894176811f18c5d450de22cfd2) --- Summary of changes: lib/ldb/ABI/{ldb-1.3.2.sigs => ldb-1.3.3.sigs} |0 ...b-util.
[SCM] Samba Shared Repository - branch v4-7-test updated
The branch, v4-7-test has been updated via d6ac540 nsswitch: fix memory leak in winbind_open_pipe_sock() when the privileged pipe is not accessable. from 825aea7 s4:rpc_server: fix call_id truncation in dcesrv_find_fragmented_call() https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test - Log - commit d6ac5408f7c4d2fc0bb648a302bc012b725bec41 Author: Stefan Metzmacher Date: Tue Apr 24 10:59:05 2018 +0200 nsswitch: fix memory leak in winbind_open_pipe_sock() when the privileged pipe is not accessable. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13400 Signed-off-by: Stefan Metzmacher Reviewed-by: Volker Lendecke (cherry picked from commit ffe970007bf934955f72ec2d73bf8f94a2b796eb) Autobuild-User(v4-7-test): Stefan Metzmacher Autobuild-Date(v4-7-test): Wed May 2 15:36:48 CEST 2018 on sn-devel-144 --- Summary of changes: nsswitch/wb_common.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/nsswitch/wb_common.c b/nsswitch/wb_common.c index 262181a..336092b 100644 --- a/nsswitch/wb_common.c +++ b/nsswitch/wb_common.c @@ -420,14 +420,14 @@ static int winbind_open_pipe_sock(struct winbindd_context *ctx, ctx->winbindd_fd = fd; ctx->is_privileged = 1; } + + SAFE_FREE(response.extra_data.data); } if ((need_priv != 0) && (ctx->is_privileged == 0)) { return -1; } - SAFE_FREE(response.extra_data.data); - return ctx->winbindd_fd; #else return -1; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 8e5cc97 s3:messages: improve tevent_create_immediate recycling via dfb712a s3:messages: check tevent_fd_get_flags() == 0 before using stale event context pointer via fdcc162 s3:messages: check reg->refcount == 0 before accessing other elements from 0b04258 winbind: Remove an unused struct declaration https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 8e5cc9732bb99df912bfd0fa09f7c14068f09874 Author: Ralph Boehme Date: Tue Mar 27 16:04:58 2018 +0200 s3:messages: improve tevent_create_immediate recycling We should create the immediate event at the beginning were we have a chance to return an error, rather than ignoring a failure later. As a side effect this also reuses the immediate event after the refcount went to 0 and up again. Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Ralph Boehme Signed-off-by: Stefan Metzmacher Reviewed-by: Volker Lendecke Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Tue Apr 24 14:30:20 CEST 2018 on sn-devel-144 commit dfb712a03c2bd36641506ae9cfce1a0820e1a329 Author: Ralph Boehme Date: Tue Mar 27 15:27:32 2018 +0200 s3:messages: check tevent_fd_get_flags() == 0 before using stale event context pointer If the event context got deleted, tevent_fd_get_flags() will return 0 for the stale fde. In that case we should not use fde_ev->ev anymore. Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Ralph Boehme Signed-off-by: Stefan Metzmacher Reviewed-by: Volker Lendecke commit fdcc1622082eaea3fc03c0346a56afbbff88e6d1 Author: Ralph Boehme Date: Tue Mar 27 16:05:30 2018 +0200 s3:messages: check reg->refcount == 0 before accessing other elements Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Ralph Boehme Signed-off-by: Stefan Metzmacher Reviewed-by: Volker Lendecke --- Summary of changes: source3/lib/messages.c | 63 + source3/lib/messages_ctdb.c | 14 -- source3/lib/messages_dgm.c | 14 -- 3 files changed, 70 insertions(+), 21 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/messages.c b/source3/lib/messages.c index 5a31f34..82a1778 100644 --- a/source3/lib/messages.c +++ b/source3/lib/messages.c @@ -192,19 +192,34 @@ static bool messaging_register_event_context(struct messaging_context *ctx, for (i=0; ievent_contexts[i]; - if (reg->ev == ev) { - reg->refcount += 1; - return true; - } if (reg->refcount == 0) { if (reg->ev != NULL) { abort(); } free_reg = reg; + /* +* We continue here and may find another +* free_req, but the important thing is +* that we continue to search for an +* existing registration in the loop. +*/ + continue; + } + + if (reg->ev == ev) { + reg->refcount += 1; + return true; } } if (free_reg == NULL) { + struct tevent_immediate *im = NULL; + + im = tevent_create_immediate(ctx); + if (im == NULL) { + return false; + } + tmp = talloc_realloc(ctx, ctx->event_contexts, struct messaging_registered_ev, num_event_contexts+1); @@ -214,9 +229,14 @@ static bool messaging_register_event_context(struct messaging_context *ctx, ctx->event_contexts = tmp; free_reg = &ctx->event_contexts[num_event_contexts]; + free_reg->im = talloc_move(ctx->event_contexts, &im); } - *free_reg = (struct messaging_registered_ev) { .ev = ev, .refcount = 1 }; + /* +* free_reg->im might be cached +*/ + free_reg->ev = ev; + free_reg->refcount = 1; return true; } @@ -231,14 +251,25 @@ static bool messaging_deregister_event_context(struct messaging_context *ctx, for (i=0; ievent_contexts[i]; + if (reg->refcount == 0) { + continue; + } + if (reg->ev == ev) { - if (reg->refcount == 0) { - return false; - }
[Bug 1761737] Re: [bionic] samba PANIC, INTERNAL ERROR: Signal 11
Can someone try what happens with https://attachments.samba.org/attachment.cgi?id=14155 together with "kerberos method = secrets and keytab"? I'd guess it should behave like "system keytab" or "dedicated keytab", but it would be good to have this verified. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1761737 Title: [bionic] samba PANIC, INTERNAL ERROR: Signal 11 To manage notifications about this bug go to: https://bugs.launchpad.net/samba/+bug/1761737/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1761737] Re: [bionic] samba PANIC, INTERNAL ERROR: Signal 11
I just noticed https://bugzilla.samba.org/show_bug.cgi?id=13376 and closed https://bugzilla.samba.org/show_bug.cgi?id=13393 again... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1761737 Title: [bionic] samba PANIC, INTERNAL ERROR: Signal 11 To manage notifications about this bug go to: https://bugs.launchpad.net/samba/+bug/1761737/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1761737] Re: [bionic] samba PANIC, INTERNAL ERROR: Signal 11
This is https://bugzilla.samba.org/show_bug.cgi?id=13393 Does changing 'secrets and keytab' to 'keytab' help? ** Bug watch added: Samba Bugzilla #13393 https://bugzilla.samba.org/show_bug.cgi?id=13393 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1761737 Title: [bionic] samba PANIC, INTERNAL ERROR: Signal 11 To manage notifications about this bug go to: https://bugs.launchpad.net/samba/+bug/1761737/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[SCM] Samba Shared Repository - branch v4-7-test updated
The branch, v4-7-test has been updated via 5a2066f torture: Test compound request request counters via bb15458 s3:smb2_server: correctly maintain request counters for compound requests from 686b2ba winbindd: Do not ignore domain in the LOOKUPNAME request https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test - Log - commit 5a2066f5ca52d8f1421139f27112183952070a05 Author: Volker Lendecke Date: Wed Apr 11 15:11:10 2018 +0200 torture: Test compound request request counters This will send an unfixed smbd into the SMB_ASSERT(op->request_count > 0); in smbd_smb2_request_reply_update_counts BUG: https://bugzilla.samba.org/show_bug.cgi?id=13215 Signed-off-by: Volker Lendecke Reviewed-by: Stefan Metzmacher Autobuild-User(master): Volker Lendecke Autobuild-Date(master): Thu Apr 12 14:38:39 CEST 2018 on sn-devel-144 (cherry picked from commit 40edd1bc273f664d5567ef5be169033899acee1f) Autobuild-User(v4-7-test): Stefan Metzmacher Autobuild-Date(v4-7-test): Fri Apr 13 22:48:05 CEST 2018 on sn-devel-144 commit bb15458485e48ce173e54186f1b54aef2e852544 Author: Stefan Metzmacher Date: Wed Apr 11 12:14:59 2018 +0200 s3:smb2_server: correctly maintain request counters for compound requests If a session expires during a compound request chain, we exit smbd_smb2_request_dispatch() with 'return smbd_smb2_request_error(req, ...)' before calling smbd_smb2_request_dispatch_update_counts(). As req->request_counters_updated was only reset within smbd_smb2_request_dispatch_update_counts(), smbd_smb2_request_reply_update_counts() was called twice on the same request, which triggers SMB_ASSERT(op->request_count > 0); BUG: https://bugzilla.samba.org/show_bug.cgi?id=13215 Signed-off-by: Stefan Metzmacher Reviewed-by: Volker Lendecke (cherry picked from commit 87e25cd1e45bfe57292b62ffc44ddafc01c61ca0) --- Summary of changes: source3/smbd/smb2_server.c | 6 +++- source4/torture/smb2/compound.c | 77 + 2 files changed, 82 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c index ee03a8e..177e5ff 100644 --- a/source3/smbd/smb2_server.c +++ b/source3/smbd/smb2_server.c @@ -2180,7 +2180,7 @@ static NTSTATUS smbd_smb2_request_dispatch_update_counts( bool update_open = false; NTSTATUS status = NT_STATUS_OK; - req->request_counters_updated = false; + SMB_ASSERT(!req->request_counters_updated); if (xconn->protocol < PROTOCOL_SMB2_22) { return NT_STATUS_OK; @@ -2315,6 +2315,8 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) DO_PROFILE_INC(request); + SMB_ASSERT(!req->request_counters_updated); + /* TODO: verify more things */ flags = IVAL(inhdr, SMB2_HDR_FLAGS); @@ -2755,6 +2757,8 @@ static void smbd_smb2_request_reply_update_counts(struct smbd_smb2_request *req) return; } + req->request_counters_updated = false; + if (xconn->protocol < PROTOCOL_SMB2_22) { return; } diff --git a/source4/torture/smb2/compound.c b/source4/torture/smb2/compound.c index c592308..d2d4d7e 100644 --- a/source4/torture/smb2/compound.c +++ b/source4/torture/smb2/compound.c @@ -1030,6 +1030,81 @@ done: return ret; } +static bool test_compound_invalid4(struct torture_context *tctx, + struct smb2_tree *tree) +{ + struct smb2_create cr; + struct smb2_read rd; + NTSTATUS status; + const char *fname = "compound_invalid4.dat"; + struct smb2_close cl; + bool ret = true; + bool ok; + struct smb2_request *req[2]; + + smb2_transport_credits_ask_num(tree->session->transport, 2); + + smb2_util_unlink(tree, fname); + + ZERO_STRUCT(cr); + cr.in.security_flags = 0x00; + cr.in.oplock_level= 0; + cr.in.impersonation_level = NTCREATEX_IMPERSONATION_IMPERSONATION; + cr.in.create_flags= 0x; + cr.in.reserved= 0x; + cr.in.desired_access = SEC_RIGHTS_FILE_ALL; + cr.in.file_attributes = FILE_ATTRIBUTE_NORMAL; + cr.in.share_access= NTCREATEX_SHARE_ACCESS_READ | + NTCREATEX_SHARE_ACCESS_WRITE | + NTCREATEX_SHARE_ACCESS_DELETE; + cr.in.create_disposition = NTCREATEX_DISP_OPEN_IF; + cr.in.create_options = NTCREATEX_OPTIONS_SEQUENTIAL_ONLY |
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via b8f7167 libdgram: Fix an error path memleak via 8b770e6 libnbt: Align data types via 5fea3e3 libnbt: Add an explicit "mem_ctx" to name_request_send from ce63db2 traffic_relay: bulk port print to modern py3 style https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit b8f71674742a45c296b6ef6a69be3870c4ddf61c Author: Volker Lendecke Date: Sun Feb 25 13:00:39 2018 +0100 libdgram: Fix an error path memleak Signed-off-by: Volker Lendecke Reviewed-by: Stefan Metzmacher Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Fri Apr 13 21:04:28 CEST 2018 on sn-devel-144 commit 8b770e646aa28e6ef36647f42b97a8330203bbd0 Author: Volker Lendecke Date: Thu Apr 12 20:40:32 2018 +0200 libnbt: Align data types ARRAY_SIZE returns size_t Signed-off-by: Volker Lendecke Reviewed-by: Stefan Metzmacher commit 5fea3e3f23cf75e111b9043ddad8a93aad6c06bf Author: Volker Lendecke Date: Sun Feb 4 12:16:14 2018 + libnbt: Add an explicit "mem_ctx" to name_request_send Implicitly hanging requests off nbtsock is too inflexible for future use Signed-off-by: Volker Lendecke Reviewed-by: Stefan Metzmacher --- Summary of changes: libcli/nbt/namequery.c | 4 ++-- libcli/nbt/namerefresh.c| 2 +- libcli/nbt/nameregister.c | 2 +- libcli/nbt/namerelease.c| 2 +- libcli/nbt/nbt_proto.h | 3 ++- libcli/nbt/nbtsocket.c | 7 --- source4/libcli/dgram/mailslot.c | 1 + 7 files changed, 12 insertions(+), 9 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/nbt/namequery.c b/libcli/nbt/namequery.c index e344235..49ab10c 100644 --- a/libcli/nbt/namequery.c +++ b/libcli/nbt/namequery.c @@ -56,7 +56,7 @@ _PUBLIC_ struct nbt_name_request *nbt_name_query_send(struct nbt_name_socket *nb dest = socket_address_from_strings(packet, nbtsock->sock->backend_name, io->in.dest_addr, io->in.dest_port); if (dest == NULL) goto failed; - req = nbt_name_request_send(nbtsock, dest, packet, + req = nbt_name_request_send(nbtsock, nbtsock, dest, packet, io->in.timeout, io->in.retries, false); if (req == NULL) goto failed; @@ -160,7 +160,7 @@ _PUBLIC_ struct nbt_name_request *nbt_name_status_send(struct nbt_name_socket *n dest = socket_address_from_strings(packet, nbtsock->sock->backend_name, io->in.dest_addr, io->in.dest_port); if (dest == NULL) goto failed; - req = nbt_name_request_send(nbtsock, dest, packet, + req = nbt_name_request_send(nbtsock, nbtsock, dest, packet, io->in.timeout, io->in.retries, false); if (req == NULL) goto failed; diff --git a/libcli/nbt/namerefresh.c b/libcli/nbt/namerefresh.c index b525356..b3aef76 100644 --- a/libcli/nbt/namerefresh.c +++ b/libcli/nbt/namerefresh.c @@ -72,7 +72,7 @@ struct nbt_name_request *nbt_name_refresh_send(struct nbt_name_socket *nbtsock, nbtsock->sock->backend_name, io->in.dest_addr, io->in.dest_port); if (dest == NULL) goto failed; - req = nbt_name_request_send(nbtsock, dest, packet, + req = nbt_name_request_send(nbtsock, nbtsock, dest, packet, io->in.timeout, io->in.retries, false); if (req == NULL) goto failed; diff --git a/libcli/nbt/nameregister.c b/libcli/nbt/nameregister.c index ff5418c..8e8271d 100644 --- a/libcli/nbt/nameregister.c +++ b/libcli/nbt/nameregister.c @@ -80,7 +80,7 @@ struct nbt_name_request *nbt_name_register_send(struct nbt_name_socket *nbtsock, dest = socket_address_from_strings(packet, nbtsock->sock->backend_name, io->in.dest_addr, io->in.dest_port); if (dest == NULL) goto failed; - req = nbt_name_request_send(nbtsock, dest, packet, + req = nbt_name_request_send(nbtsock, nbtsock, dest, packet, io->in.timeout, io->in.retries, false); if (req == NULL) goto failed; diff --git a/libcli/nbt/namerelease.c b/libcli/nbt/namerelease.c index 8f46981..68c8252 100644 --- a/libcli/nbt/namerelease.c +++ b/libcli/nbt/namerelease.c @@ -69,7 +69,7 @@ _PUBLIC_ struct nbt_name_request *nbt_name_release_send(struct nbt_name_socket * dest = socket_address_from_strings(packet, nbtsock->sock->backend_name, io->in.dest_addr, io->in.dest_port);
[SCM] Samba Shared Repository - branch v4-8-test updated
The branch, v4-8-test has been updated via 7e01028 torture: Test compound request request counters via de39857 s3:smb2_server: correctly maintain request counters for compound requests from bb5526d winbindd: Do not ignore domain in the LOOKUPNAME request https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-test - Log - commit 7e010280ade0834638c58ca7c60ed2f0ff78c112 Author: Volker Lendecke Date: Wed Apr 11 15:11:10 2018 +0200 torture: Test compound request request counters This will send an unfixed smbd into the SMB_ASSERT(op->request_count > 0); in smbd_smb2_request_reply_update_counts BUG: https://bugzilla.samba.org/show_bug.cgi?id=13215 Signed-off-by: Volker Lendecke Reviewed-by: Stefan Metzmacher Autobuild-User(master): Volker Lendecke Autobuild-Date(master): Thu Apr 12 14:38:39 CEST 2018 on sn-devel-144 (cherry picked from commit 40edd1bc273f664d5567ef5be169033899acee1f) Autobuild-User(v4-8-test): Stefan Metzmacher Autobuild-Date(v4-8-test): Thu Apr 12 22:55:22 CEST 2018 on sn-devel-144 commit de398573fe753a347cba35666fcf84b30a3307f7 Author: Stefan Metzmacher Date: Wed Apr 11 12:14:59 2018 +0200 s3:smb2_server: correctly maintain request counters for compound requests If a session expires during a compound request chain, we exit smbd_smb2_request_dispatch() with 'return smbd_smb2_request_error(req, ...)' before calling smbd_smb2_request_dispatch_update_counts(). As req->request_counters_updated was only reset within smbd_smb2_request_dispatch_update_counts(), smbd_smb2_request_reply_update_counts() was called twice on the same request, which triggers SMB_ASSERT(op->request_count > 0); BUG: https://bugzilla.samba.org/show_bug.cgi?id=13215 Signed-off-by: Stefan Metzmacher Reviewed-by: Volker Lendecke (cherry picked from commit 87e25cd1e45bfe57292b62ffc44ddafc01c61ca0) --- Summary of changes: source3/smbd/smb2_server.c | 6 +++- source4/torture/smb2/compound.c | 77 + 2 files changed, 82 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c index ee03a8e..177e5ff 100644 --- a/source3/smbd/smb2_server.c +++ b/source3/smbd/smb2_server.c @@ -2180,7 +2180,7 @@ static NTSTATUS smbd_smb2_request_dispatch_update_counts( bool update_open = false; NTSTATUS status = NT_STATUS_OK; - req->request_counters_updated = false; + SMB_ASSERT(!req->request_counters_updated); if (xconn->protocol < PROTOCOL_SMB2_22) { return NT_STATUS_OK; @@ -2315,6 +2315,8 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) DO_PROFILE_INC(request); + SMB_ASSERT(!req->request_counters_updated); + /* TODO: verify more things */ flags = IVAL(inhdr, SMB2_HDR_FLAGS); @@ -2755,6 +2757,8 @@ static void smbd_smb2_request_reply_update_counts(struct smbd_smb2_request *req) return; } + req->request_counters_updated = false; + if (xconn->protocol < PROTOCOL_SMB2_22) { return; } diff --git a/source4/torture/smb2/compound.c b/source4/torture/smb2/compound.c index c592308..d2d4d7e 100644 --- a/source4/torture/smb2/compound.c +++ b/source4/torture/smb2/compound.c @@ -1030,6 +1030,81 @@ done: return ret; } +static bool test_compound_invalid4(struct torture_context *tctx, + struct smb2_tree *tree) +{ + struct smb2_create cr; + struct smb2_read rd; + NTSTATUS status; + const char *fname = "compound_invalid4.dat"; + struct smb2_close cl; + bool ret = true; + bool ok; + struct smb2_request *req[2]; + + smb2_transport_credits_ask_num(tree->session->transport, 2); + + smb2_util_unlink(tree, fname); + + ZERO_STRUCT(cr); + cr.in.security_flags = 0x00; + cr.in.oplock_level= 0; + cr.in.impersonation_level = NTCREATEX_IMPERSONATION_IMPERSONATION; + cr.in.create_flags= 0x; + cr.in.reserved= 0x; + cr.in.desired_access = SEC_RIGHTS_FILE_ALL; + cr.in.file_attributes = FILE_ATTRIBUTE_NORMAL; + cr.in.share_access= NTCREATEX_SHARE_ACCESS_READ | + NTCREATEX_SHARE_ACCESS_WRITE | + NTCREATEX_SHARE_ACCESS_DELETE; + cr.in.create_disposition = NTCREATEX_DISP_OPEN_IF; + cr.in.create_options = NTCREATEX_OPTIONS_SEQUENTIAL_ONLY |
[SCM] Samba Shared Repository - branch v4-6-test updated
The branch, v4-6-test has been updated via c90accf torture: Test compound request request counters via fb602bd s3:smb2_server: correctly maintain request counters for compound requests from e1c58ec s3: smbd: Unix extensions attempts to change wrong field in fchown call. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-6-test - Log - commit c90accf0275d17fb237ea01e7477d741ed8123bd Author: Volker Lendecke Date: Wed Apr 11 15:11:10 2018 +0200 torture: Test compound request request counters This will send an unfixed smbd into the SMB_ASSERT(op->request_count > 0); in smbd_smb2_request_reply_update_counts BUG: https://bugzilla.samba.org/show_bug.cgi?id=13215 Signed-off-by: Volker Lendecke Reviewed-by: Stefan Metzmacher Autobuild-User(master): Volker Lendecke Autobuild-Date(master): Thu Apr 12 14:38:39 CEST 2018 on sn-devel-144 (cherry picked from commit 40edd1bc273f664d5567ef5be169033899acee1f) Autobuild-User(v4-6-test): Stefan Metzmacher Autobuild-Date(v4-6-test): Thu Apr 12 21:56:31 CEST 2018 on sn-devel-144 commit fb602bddc4f968310b958f5fd06eb8857a39 Author: Stefan Metzmacher Date: Wed Apr 11 12:14:59 2018 +0200 s3:smb2_server: correctly maintain request counters for compound requests If a session expires during a compound request chain, we exit smbd_smb2_request_dispatch() with 'return smbd_smb2_request_error(req, ...)' before calling smbd_smb2_request_dispatch_update_counts(). As req->request_counters_updated was only reset within smbd_smb2_request_dispatch_update_counts(), smbd_smb2_request_reply_update_counts() was called twice on the same request, which triggers SMB_ASSERT(op->request_count > 0); BUG: https://bugzilla.samba.org/show_bug.cgi?id=13215 Signed-off-by: Stefan Metzmacher Reviewed-by: Volker Lendecke (cherry picked from commit 87e25cd1e45bfe57292b62ffc44ddafc01c61ca0) --- Summary of changes: source3/smbd/smb2_server.c | 6 +++- source4/torture/smb2/compound.c | 77 + 2 files changed, 82 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c index 573f5f6..23eb4b6 100644 --- a/source3/smbd/smb2_server.c +++ b/source3/smbd/smb2_server.c @@ -2148,7 +2148,7 @@ static NTSTATUS smbd_smb2_request_dispatch_update_counts( bool update_open = false; NTSTATUS status = NT_STATUS_OK; - req->request_counters_updated = false; + SMB_ASSERT(!req->request_counters_updated); if (xconn->protocol < PROTOCOL_SMB2_22) { return NT_STATUS_OK; @@ -2283,6 +2283,8 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) DO_PROFILE_INC(request); + SMB_ASSERT(!req->request_counters_updated); + /* TODO: verify more things */ flags = IVAL(inhdr, SMB2_HDR_FLAGS); @@ -2722,6 +2724,8 @@ static void smbd_smb2_request_reply_update_counts(struct smbd_smb2_request *req) return; } + req->request_counters_updated = false; + if (xconn->protocol < PROTOCOL_SMB2_22) { return; } diff --git a/source4/torture/smb2/compound.c b/source4/torture/smb2/compound.c index 1856054..da95479 100644 --- a/source4/torture/smb2/compound.c +++ b/source4/torture/smb2/compound.c @@ -1030,6 +1030,81 @@ done: return ret; } +static bool test_compound_invalid4(struct torture_context *tctx, + struct smb2_tree *tree) +{ + struct smb2_create cr; + struct smb2_read rd; + NTSTATUS status; + const char *fname = "compound_invalid4.dat"; + struct smb2_close cl; + bool ret = true; + bool ok; + struct smb2_request *req[2]; + + smb2_transport_credits_ask_num(tree->session->transport, 2); + + smb2_util_unlink(tree, fname); + + ZERO_STRUCT(cr); + cr.in.security_flags = 0x00; + cr.in.oplock_level= 0; + cr.in.impersonation_level = NTCREATEX_IMPERSONATION_IMPERSONATION; + cr.in.create_flags= 0x; + cr.in.reserved= 0x; + cr.in.desired_access = SEC_RIGHTS_FILE_ALL; + cr.in.file_attributes = FILE_ATTRIBUTE_NORMAL; + cr.in.share_access= NTCREATEX_SHARE_ACCESS_READ | + NTCREATEX_SHARE_ACCESS_WRITE | + NTCREATEX_SHARE_ACCESS_DELETE; + cr.in.create_disposition = NTCREATEX_DISP_OPEN_IF; + cr.in.create_options = NTCREATEX_OPTIONS_SEQUENTIAL_ONLY |
[SCM] Samba Shared Repository - annotated tag talloc-2.1.13 created
The annotated tag, talloc-2.1.13 has been created at c13a723cb67863d57da4ef71cb9d15c6623b7c36 (tag) tagging d48b62326a5256fabdcbdd97cc71c44527672527 (commit) replaces talloc-2.1.12 tagged by Stefan Metzmacher on Thu Apr 5 23:05:08 2018 +0200 - Log - talloc: tag release talloc-2.1.13 -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAABAgAGBQJaxo+EAAoJEEeTkWETCEAlFbgIAKsUuhlbo+hS9pvf1l1AGaLQ cnICcGQOOxrFPRVpG89XGU+jvSvlI2dseQL3WOR6+hWk+c2hKvxhPa5QNZCY2NeP WVLqmUx4gvUM8W1l7y+FRmdOr/FHKAtYgd6oDxZLu6Vt7ccX5WJAlICG6nP94H0u SIdjB2APoeyYvpNiOlcV50SI/4aJG2cMz+Fgmo+KZeWKYW7Yl3TpOkB7n4VilQrN wW23x0vCSr0XuhOH6j54HDxiwadpDPVBdNH/nKO/X7/qSmbWQI54zvOWCN4wazMO nOl5kxnXYzWrdyfeGP3f3uznU5QE2LMy5B8DBZEMArJLAgU+/YJQJ7nQCnhTkgQ= =zJZ0 -END PGP SIGNATURE- Amitay Isaacs (15): ctdb-client: Do not try to allocate 0 sized record ctdb-client: Add missing initialization of tevent_context ctdb-tests: Convert database map to a linked list in fake_ctdbd ctdb-tests: Add dbdir option for creating databases in fake_ctdbd ctdb-tests: Implement database attach control in fake_ctdbd ctdb-tests: Add database attach tests ctdb-tests: Use seqnum from tdb if available in fake_ctdbd ctdb-tests: Add req_call processing in fake_ctdbd ctdb-tests: Add volatile database tests ctdb-tests: Implement transaction control in fake_ctdbd ctdb-tests: Add persistent database tests ctdb-tests: Implement traverse control in fake_ctdbd ctdb-tests: Add database traverse tests ctdb-tests: Add debug messages for unimplemented functions ctdb-scripts: Drop "net serverid wipe" from 50.samba event script Andreas Schneider (25): s3:printing: Fix size check in get_file_version() s3:lib: Fix size types in ms_fnmatch() s3:lib: Fix size types in tldap_find_first_star() lib:param: Fix the size type in lp_do_parameter_parametric() s3:lib: Fix probably a copy&paste error in namemap_cache_set_sid2name() third_party: Update pam_wrapper to version 1.0.6 ldb: Add test for ldb_qsort() ldb: Fix overflow checks third_party: Fix size type in cmocka lib:util: Fix size types in fgets_slash() s4:registry: Fix size type and loop s4:client: Fix size types and loop heimdal: Fix size types and array access s4:torture: Fix size types in torture_create_procs() s3:smbd: Fix size types in reply_negprot() s3:printing: Fix size types s3:spoolss: Fix size types s3:client: Fix size types s3:torture: Fix size types in make_nonstd_fd() s3:modules: Update getdate.y to work with newer bison versions s3:modules: Generate new getdate.c with bison wafsamba: Add missing cflags_end argument to SAMBA_MODULE replace: Check for -Wno-strict-overflow s3:modules: Set -Wno-strict-overflow for getdate if supported wafsamba: Add missing cflags_end argument to SAMBA_BINARY Andrew Bartlett (35): autobuild: Move defaulttasks to one-per-line travis-ci: Only un-shallow for PIDL travis-ci: Use Gold linker for faster builds libsmb: Use the same #ifdef for is_our_primary_domain() as the only caller s3-libnet: move rpc_join label into HAVE_ADS block with only caller selftest: Align cleanup of tmpkpasswdscript with scripts that use it selftest: Ensure tmpkpasswdscript is always under $PREFIX autobuild: Move "none" environment to samba-none-env winbindd: Add a cache of the samr and lsa handles for the passdb domain winbindd: Do re-connect if the RPC call fails in the passdb case winbindd: Use talloc_zero_array for consistency with other winbindd_domain allocators gitlab-ci: Create swap space to work around the 2G image autobuild: Run nt4_dc and nt4_member tests in parallel travis-ci: Run new samba-nt4 environment gitlab-ci: Add samba-nt4 environment to the CI selftest: Do not run smb2.notify against nt4_dc and ad_dc autobuild: Run all "ad_dc" environment tests in samba-ad-dc autobuild: Remove fileserver tests from the main build selftest: Move base.delaywrite tests to fileserver environment Move smbtorture3 tests to fileserver environment autobuild: Try and test different configure options for new environments selftest: Move slower base.deny1 and base.deny2 to fileserver environment selftest: Move samba.tests.samba_tool{.dnscmd,.sites} to chgdcpass gitlab-ci: Set shared and private tags to allow builds that need ext4 to pass autobuild: Split up the build further with samba-ad-dc-2 gitlab: Run fileserver tests on "private" not "shared" autobuild: Run all envs that depend on ad_dc in the ad_dc job selftest: Do not run raw.notify, smb2.oplock and raw.oplock twice
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d48b623 talloc: version 2.1.13 via 03124c8 talloc: use atexit() again instead of a library destructor from 707af5b selftest: enable py3 for samba.tests.blackbox.ndrdump https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d48b62326a5256fabdcbdd97cc71c44527672527 Author: Stefan Metzmacher Date: Tue Apr 3 13:46:20 2018 +0200 talloc: version 2.1.13 * Use atexit() again instead of a library destructor (bug #13366) Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Thu Apr 5 15:53:16 CEST 2018 on sn-devel-144 commit 03124c85f1141f1e57398e526f38798b6f1fa741 Author: Stefan Metzmacher Date: Tue Apr 3 13:13:01 2018 +0200 talloc: use atexit() again instead of a library destructor The change for https://bugzilla.samba.org/show_bug.cgi?id=7587 ("talloc_autofree_context() in shared libraries and plugins is a bad idea on FreeBSD") (ommit 41b6810ba01f44537f470c806adb8686e1a39c48) causes the following for sssd on Linux: Stack trace of thread 19667: #0 0x7f2cab91ff6b __GI_raise (libc.so.6) #1 0x7f2cab90a5c1 __GI_abort (libc.so.6) #2 0x7f2cab90a491 __assert_fail_base (libc.so.6) #3 0x7f2cab9186e2 __GI___assert_fail (libc.so.6) #4 0x7f2cb10aaca5 k5_mutex_lock (libkrb5.so.3) #5 0x7f2cb10ab790 k5_mutex_lock (libkrb5.so.3) #6 0x7f2cb10ab8f5 profile_free_file (libkrb5.so.3) #7 0x7f2cb10ab983 profile_close_file (libkrb5.so.3) #8 0x7f2cb10af249 profile_release (libkrb5.so.3) #9 0x7f2cb10a06c7 k5_os_free_context (libkrb5.so.3) #10 0x7f2cb1075a9a krb5_free_context (libkrb5.so.3) #11 0x55cea7cb2dd1 kcm_data_destructor (sssd_kcm) #12 0x7f2cac153e96 _tc_free_internal (libtalloc.so.2) #13 0x7f2cac1537b0 _tc_free_internal (libtalloc.so.2) #14 0x7f2cac1537b0 _tc_free_internal (libtalloc.so.2) #15 0x7f2cac1537b0 _tc_free_internal (libtalloc.so.2) #16 0x7f2cac1537b0 _tc_free_internal (libtalloc.so.2) #17 0x7f2cac14e648 _talloc_free (libtalloc.so.2) #18 0x7f2cac14c480 talloc_lib_fini (libtalloc.so.2) #19 0x7f2cb151da96 _dl_fini (ld-linux-x86-64.so.2) #20 0x7f2cab9226bc __run_exit_handlers (libc.so.6) #21 0x7f2cab9227ec __GI_exit (libc.so.6) #22 0x7f2cb030dc61 orderly_shutdown (libsss_util.so) #23 0x7f2cac365a46 tevent_common_check_signal (libtevent.so.0) #24 0x7f2cac367975 epoll_event_loop_once (libtevent.so.0) #25 0x7f2cac365dab std_event_loop_once (libtevent.so.0) #26 0x7f2cac362098 _tevent_loop_once (libtevent.so.0) #27 0x7f2cac3622eb tevent_common_loop_wait (libtevent.so.0) #28 0x7f2cac365d3b std_event_loop_wait (libtevent.so.0) #29 0x7f2cb030eb37 server_loop (libsss_util.so) #30 0x55cea7cb29f4 main (sssd_kcm) #31 0x7f2cab90c1eb __libc_start_main (libc.so.6) #32 0x55cea7cb2c7a _start (sssd_kcm) We still only register one atexit handler instead of multiple ones like in talloc 2.1.11, but avoids using a library destructor. Bug #7587 seems to be fixed by not using talloc_autofree_context() within samba. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13366 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- Summary of changes: .../{pytalloc-util-2.1.9.sigs => pytalloc-util-2.1.13.sigs} | 0 ...loc-util.py3-2.1.9.sigs => pytalloc-util.py3-2.1.13.sigs} | 0 lib/talloc/ABI/{talloc-2.1.9.sigs => talloc-2.1.13.sigs} | 0 lib/talloc/talloc.c | 12 ++-- lib/talloc/wscript | 2 +- 5 files changed, 3 insertions(+), 11 deletions(-) copy lib/talloc/ABI/{pytalloc-util-2.1.9.sigs => pytalloc-util-2.1.13.sigs} (100%) copy lib/talloc/ABI/{pytalloc-util.py3-2.1.9.sigs => pytalloc-util.py3-2.1.13.sigs} (100%) copy lib/talloc/ABI/{talloc-2.1.9.sigs => talloc-2.1.13.sigs} (100%) Changeset truncated at 500 lines: diff --git a/lib/talloc/ABI/pytalloc-util-2.1.9.sigs b/lib/talloc/ABI/pytalloc-util-2.1.13.sigs similarity index 100% copy from lib/talloc/ABI/pytalloc-util-2.1.9.sigs copy to lib/talloc/ABI/pytalloc-util-2.1.13.sigs diff --git a/lib/talloc/ABI/pytalloc-util.py3-2.1.9.sigs b/lib/talloc/ABI/pytalloc-util.py3-2.1.13.sigs similarity index 100% copy from lib/talloc/ABI/pytalloc-util.py3-2.1.9.sigs copy to lib/talloc/ABI/pytalloc-util.
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 702665c s3:modules: fix the build of vfs_aixacl2.c via 666dda9 ldb/tests: avoid 'return void_function();' which isn't portable via 7ae77db lib/crypto: avoid 'return void_function();' which isn't portable via 74278a7 s3:modules: make virusfilter_io_connect_path() more portable via fb7b67a s3:modules: fix the picky-developer build of vfs_virusfilter.c on FreeBSD 11 via dc16024 nsswitch: fix the developer build of nsswitch/wins.c on freebsd 11 via d5be3b3 nsswitch: add some const to _nss_winbind_initgroups_dyn() prototype via b8c30ab nsswitch: maintain prototypes for the linux based functions only once via 329a229 lib/replace: define __[u]intptr_t_defined if we prove an replacement via f2ff61c lib/util: remove unused '#include ' from tests/tfork.c from 6b75d2c ctdb-scripts: Drop "net serverid wipe" from 50.samba event script https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 702665cc52d5dc05ae636519e1ffe9c296f5ef77 Author: Stefan Metzmacher Date: Wed Mar 21 07:48:16 2018 +0100 s3:modules: fix the build of vfs_aixacl2.c BUG: https://bugzilla.samba.org/show_bug.cgi?id=13345 Signed-off-by: Stefan Metzmacher Reviewed-by: Björn Jacke Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Tue Apr 3 20:18:58 CEST 2018 on sn-devel-144 commit 666dda907b7f190b2dff1f2639bd2518240b9fb2 Author: Stefan Metzmacher Date: Wed Mar 21 07:33:16 2018 +0100 ldb/tests: avoid 'return void_function();' which isn't portable BUG: https://bugzilla.samba.org/show_bug.cgi?id=13343 Signed-off-by: Stefan Metzmacher Reviewed-by: Björn Jacke commit 7ae77db3b29ef08e1f74aa413049b995a598a5dd Author: Stefan Metzmacher Date: Wed Mar 21 07:33:16 2018 +0100 lib/crypto: avoid 'return void_function();' which isn't portable BUG: https://bugzilla.samba.org/show_bug.cgi?id=13343 Signed-off-by: Stefan Metzmacher Reviewed-by: Björn Jacke commit 74278a70389e2479d80ec5c88b01a09c141e8d39 Author: Stefan Metzmacher Date: Wed Mar 21 07:25:11 2018 +0100 s3:modules: make virusfilter_io_connect_path() more portable We have existing utility functions to prepare a socket. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13343 Signed-off-by: Stefan Metzmacher Reviewed-by: Björn Jacke commit fb7b67af984812784756574df4f0fb55d472181b Author: Stefan Metzmacher Date: Tue Mar 20 12:10:01 2018 +0100 s3:modules: fix the picky-developer build of vfs_virusfilter.c on FreeBSD 11 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13344 Signed-off-by: Stefan Metzmacher Reviewed-by: Björn Jacke commit dc160247d13e2c63574a7e7ec7720fc4c690483b Author: Stefan Metzmacher Date: Sat Oct 21 14:15:12 2017 +0200 nsswitch: fix the developer build of nsswitch/wins.c on freebsd 11 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13344 Signed-off-by: Stefan Metzmacher Reviewed-by: Björn Jacke commit d5be3b3279162005d9ebea2eda71d455e4c48739 Author: Stefan Metzmacher Date: Sat Oct 21 14:14:34 2017 +0200 nsswitch: add some const to _nss_winbind_initgroups_dyn() prototype BUG: https://bugzilla.samba.org/show_bug.cgi?id=13344 Signed-off-by: Stefan Metzmacher Reviewed-by: Björn Jacke commit b8c30abb02f461f16af4da83eecd173993974dc1 Author: Stefan Metzmacher Date: Sat Oct 21 14:08:15 2017 +0200 nsswitch: maintain prototypes for the linux based functions only once BUG: https://bugzilla.samba.org/show_bug.cgi?id=13344 Signed-off-by: Stefan Metzmacher Reviewed-by: Björn Jacke commit 329a229af3c3c9475b9254ca68c413ec18fa3b71 Author: Stefan Metzmacher Date: Tue Mar 20 21:46:12 2018 +0100 lib/replace: define __[u]intptr_t_defined if we prove an replacement BUG: https://bugzilla.samba.org/show_bug.cgi?id=13344 Signed-off-by: Stefan Metzmacher Reviewed-by: Björn Jacke commit f2ff61ce9e8ab56d8a69fce29c9f214d5d98f89e Author: Stefan Metzmacher Date: Tue Mar 20 16:49:30 2018 +0100 lib/util: remove unused '#include ' from tests/tfork.c BUG: https://bugzilla.samba.org/show_bug.cgi?id=13342 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme --- Summary of changes: lib/crypto/aes.c| 10 ++ lib/ldb/tests/ldb_mod_op_test.c | 8 lib/replace/replace.h | 2 ++ lib/util/tests/tfork.c | 1 - nsswitch/winbind_nss.h | 6 ++ nsswitch/winbind_nss_freebsd.c | 19 --
[SCM] Samba Shared Repository - annotated tag talloc-2.1.12 created
The annotated tag, talloc-2.1.12 has been created at 52933e59df9c5ca06a5cce1ab85034b27d7f45c6 (tag) tagging 80f9ec016496087bca06d3c34b6f687f0dc145ac (commit) replaces ldb-1.3.2 tagged by Stefan Metzmacher on Thu Mar 22 07:25:36 2018 +0100 - Log - talloc: tag release talloc-2.1.12 -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAABAgAGBQJas0xgAAoJEEeTkWETCEAlnVIIAL+jaVruICy/3ELvm7qie2Tc waIwZxPDEob+99PgYZ7EUxRqZKXotSrfaoh4bl4x+XDfxiOg8ZXb4Dn6WB0lMZDG PthnxTBNT3luG9cSlV088hagxxVdvj8A2+9ey2x/nJyxf4ftUnJF5alKHQyQ60uB O+nAN+MSaUm8RCrj+q/cHvkOVJ1IR0B2a7YXyJF0UD3FyqIrO2RK+vJML4MDDuWv FPQqHfEOau0uNZecfM41NyBYI8VL7E+aLVfBSoxxZnErklwgPgshcdMbu7CkkEvl dPiS6uF7J2JOZcMvy2sr2jysyaUooYgfn6NdP2SJ3ocK9bjVfPGmr8AQMQqZmoQ= =Brv4 -END PGP SIGNATURE- Amitay Isaacs (8): ctdb-pmda: Use modified API in pcp library 4.0 ctdb-ib: Avoid fall through case statements ctdb-client: Client code should never free the client context ctdb-tools: Wait for ctdb daemon to go away in shutdown ctdb-tools: Drop ipiface command from ctdb tool ctdb-common: Drop unused function ctdb_sys_find_ifname() ctdb-tools: Event script commands cannot be run without daemon ctdb-tools: Fix documentation for ctdb ping command Andreas Schneider (105): s4:lib:com: Fix function declartions lib:texpect: Avoid some compiler warnings lib:replace: Add FALL_THROUGH support lib:replace: Add FALL_THROUGH statements in strptime.c lib:ldb: Add FALL_THROUGH statements in common/ldb_dn.c lib:ldb: Add FALL_THROUGH statements in ldb_map/ldb_map_inbound.c lib:ldb: Add FALL_THROUGH statements in ldb_map/ldb_map.c lib:ldb: Add FALL_THROUGH statements in ldb_map/ldb_map_outbound.c lib:param: Add FALL_THROUGH statements in loadparm.c lib:util: Add FALL_THROUGH statements in substitute.c lib:util: Add FALL_THROUGH statements in charset/charset_macosxfs.c lib:util: Add FALL_THROUGH statements in util_file.c s3:lib: Add FALL_THROUGH statements in substitute_generic.c s3:lib: Add FALL_THROUGH statements in util_path.c s3:lib: Add FALL_THROUGH statements in util_str.c lib:tdb: Add FALL_THROUGH statements in hash.c lib:tdb: Add FALL_THROUGH statements in tdbtool.c lib:tdb: Add FALL_THROUGH statements in common/summary.c libgpo: Add FALL_THROUGH statements in gpo_sec.c librpc:ndr: Add FALL_THROUGH statements in ndr_cab.c s3:auth: Add FALL_THROUGH statements in auth_sam.c s3:auth: Add FALL_THROUGH statements in pampass.c s3:lib: Add FALL_THROUGH statements in cbuf.c s3:lib: Add FALL_THROUGH statements in sysacls.c s3:lib: Add FALL_THROUGH statements in util_sd.c s3:libsmb: Add FALL_THROUGH statements in dsgetdcname.c s3:modules: Add FALL_THROUGH statements in vfs_acl_common.c s3:smbd: Add FALL_THROUGH statements in nttrans.c s3:smbd: Add FALL_THROUGH statements in trans2.c s3:utils: Add FALL_THROUGH statements in regedit.c s3:utils: Add FALL_THROUGH statements in net_conf.c s3:utils: Add FALL_THROUGH statements in net_rpc_conf.c s3:rpc_server: Add FALL_THROUGH statements in rpc_server.c s4:samdb: Add FALL_THROUGH statements in cracknames.c s4:samdb: Add FALL_THROUGH statements in linked_attributes.c s4:auth: Add FALL_THROUGH statements in auth_util.c s4:auth: Add FALL_THROUGH statements in auth_sam.c s4:auth: Add FALL_THROUGH statements in gensec_krb5.c s4:rpc_server: Add FALL_THROUGH statements in dcesrv_srvsvc.c s4:torture: Add FALL_THROUGH statements in basic/misc.c s4:torture: Add FALL_THROUGH statements in rpc/spoolss.c auth:credentials: Add FALL_THROUGH statements in credentials_secrets.c auth:gensec: Add FALL_THROUGH statements in spnego.c nsswitch: Add FALL_THROUGH statements in pam_winbind.c s3:libnet: Add FALL_THROUGH statements in libnet_join.c s3:modules: Add FALL_THROUGH statements in getdate.c s3:lsa: Add FALL_THROUGH statements in srv_lsa_nt.c s3:rpcclient: Add FALL_THROUGH statements in rpcclient.c s3:smbd: Add FALL_THROUGH statements in reply.c s3:utils: Add FALL_THROUGH statements in net_registry_check.c s3:utils: Add FALL_THROUGH statements in ntlm_auth.c s3:winbindd: Add FALL_THROUGH statements in idmap_autorid.c s4:dsdb: Add FALL_THROUGH statements in password_hash.c s4:lib: Add FALL_THROUGH statements in http.c s3:spoolss: Remove incorrect fall through comment in srv_spoolss_nt.c libsmb: Remove incorrect fall through comment in trusts_util.c third_party: Update pam_wrapper to version 1.0.5 third_party: Add missing config.h in libpamtest auth:credentials: Add FALL_THROUGH statements in credentials.c auth:credentials: Avoid an 'else' branch wafsa
[SCM] Samba Shared Repository - branch v4-8-test updated
The branch, v4-8-test has been updated via cbbb6ef s3:auth: make use of make_{server,session}_info_anonymous() via f9d850d s3:rpc_server: make use of make_session_info_anonymous() via a6ecafa s3:auth: add make_{server,session}_info_anonymous() via 07091cd s3:auth: pass the whole auth_session_info from copy_session_info_serverinfo_guest() to create_local_token() via e811adb s3:auth: base make_new_session_info_system() on auth_system_user_info_dc() and auth3_create_session_info() via 59cf56e s3:auth: add auth3_user_info_dc_add_hints() and auth3_session_info_create() via df9ae9d auth: add auth_user_info_copy() function via 05fad28 s3:auth: remove static from finalize_local_nt_token() via aee3318 s3:auth: pass AUTH_SESSION_INFO_* flags to finalize_local_nt_token() via 3adb292 s3:auth: don't try to expand system or anonymous tokens in finalize_local_nt_token() via 2c148eb s3:auth: add add_builtin_guests() handling to finalize_local_nt_token() via 8557994 s3:auth: only call secrets_fetch_domain_sid() once in finalize_local_nt_token() via 03b4684 s3:passdb: handle dom_sid=NULL in create_builtin_{users,administrators}() via 253f0d1 s3:auth: move add_local_groups() out of finalize_local_nt_token() via 88c8499 s3:auth: add the "Unix Groups" sid for the primary gid via a67e3d0 s3:auth: remove unused auth_serversupplied_info->system via abffcb8 libcli/security: only announce a session as GUEST if 'Builtin\Guests' is there without 'Authenticated User' via 8227b0a s3:selftest: run SMB2-ANONYMOUS via ebc2137 s3:torture: add SMB2-ANONYMOUS which asserts no GUEST bit for anonymous from 5d36aa6 VERSION: Bump version up to 4.8.1... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-test - Log - commit cbbb6ef5c2b41bb46972fabc08c55134098ac29b Author: Stefan Metzmacher Date: Fri Mar 2 14:40:19 2018 +0100 s3:auth: make use of make_{server,session}_info_anonymous() It's important to have them separated from make_{server,session}_info_guest(), because there's a fundamental difference between anonymous (the client requested no authentication) and guest (the server lies about the authentication failure). When it's really an anonymous connection, we should reflect that in the resulting session info. This should fix a problem where Windows 10 tries to join a Samba hosted NT4 domain and has SMB2/3 enabled. We no longer return SMB_SETUP_GUEST or SMB2_SESSION_FLAG_IS_GUEST for true anonymous connections. The commit message from a few commit before shows the resulting auth_session_info change. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Fri Mar 16 03:03:31 CET 2018 on sn-devel-144 (cherry picked from commit 1957bf11f127fc08c6622999cadc7dd580ac7d3b) Autobuild-User(v4-8-test): Stefan Metzmacher Autobuild-Date(v4-8-test): Wed Mar 21 02:29:57 CET 2018 on sn-devel-144 commit f9d850d3d1b803143bee807ebba218b7f14aaef0 Author: Stefan Metzmacher Date: Fri Mar 2 14:40:19 2018 +0100 s3:rpc_server: make use of make_session_info_anonymous() For unauthenticated connections we should default to a session info with an anonymous nt token. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme (cherry picked from commit 0ee9a550944034718ea188b277cca4b6fc5fbc5c) commit a6ecafa7189938b77c11faf8e1026cb8c02256b8 Author: Stefan Metzmacher Date: Fri Mar 2 14:39:44 2018 +0100 s3:auth: add make_{server,session}_info_anonymous() It's important to have them separated from make_{server,session}_info_guest(), because there's a fundamental difference between anonymous (the client requested no authentication) and guest (the server lies about the authentication failure). The following is the difference between guest and anonymous token: security_token: struct security_token -num_sids : 0x000a (10) -sids: ARRAY(10) -sids : S-1-5-21-3793881525-3372187982-3724979742-501 -sids : S-1-5-21-3793881525-3372187982-3724979742-514 -sids : S-1-22-2-65534 -sids : S-1-22-2-65533 +num_sids : 0x0009 (9) +sids: ARRAY(9) +s
[SCM] Samba Shared Repository - branch v4-7-test updated
The branch, v4-7-test has been updated via 7a49112 s4:auth_sam: allow logons with an empty domain name via 7ea5588 tests/bind.py: Add a bind test with NTLMSSP with no domain via 35c8220 tests/py_creds: Add a SamLogonEx test with an empty string domain via 04cc893 s3:cliconnect.c: remove useless ';' via 4c087a0 s3:libsmb: allow -U"\administrator" to work via 6c1dde6 s3:auth: make use of make_{server,session}_info_anonymous() via 47b1336 s3:rpc_server: make use of make_session_info_anonymous() via 8f69498 s3:auth: add make_{server,session}_info_anonymous() via c3fdc61 s3:auth: pass the whole auth_session_info from copy_session_info_serverinfo_guest() to create_local_token() via 1902652 s3:auth: base make_new_session_info_system() on auth_system_user_info_dc() and auth3_create_session_info() via b8c518d s3:auth: add auth3_user_info_dc_add_hints() and auth3_session_info_create() via 104de61 auth: add auth_user_info_copy() function via 8b5253e s3:auth: remove static from finalize_local_nt_token() via 627a86b s3:auth: pass AUTH_SESSION_INFO_* flags to finalize_local_nt_token() via ecee945 s3:auth: don't try to expand system or anonymous tokens in finalize_local_nt_token() via 7687d26 s3:auth: add add_builtin_guests() handling to finalize_local_nt_token() via e0e4aa1 s3:auth: only call secrets_fetch_domain_sid() once in finalize_local_nt_token() via c1f61c0 s3:passdb: handle dom_sid=NULL in create_builtin_{users,administrators}() via 85097b1 s3:auth: move add_local_groups() out of finalize_local_nt_token() via 1258f28 s3:auth: add the "Unix Groups" sid for the primary gid via b991dca s3:auth: remove unused auth_serversupplied_info->system via ff7a8e4 libcli/security: only announce a session as GUEST if 'Builtin\Guests' is there without 'Authenticated User' via e39a5bd s3:selftest: run SMB2-ANONYMOUS via 23d1850 s3:torture: add SMB2-ANONYMOUS which asserts no GUEST bit for anonymous from 17977a9 Merge tag 'samba-4.7.6' into v4-7-test https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test - Log ----- commit 7a49112b5077381383d9d6c2b5356e6208dceaf0 Author: Stefan Metzmacher Date: Tue Jan 9 08:54:11 2018 +0100 s4:auth_sam: allow logons with an empty domain name It turns out that an empty domain name maps to the local SAM. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206 Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Fri Feb 23 04:08:26 CET 2018 on sn-devel-144 (cherry picked from commit 57762229da971e837b923f09ca01bad6151f9419) Autobuild-User(v4-7-test): Stefan Metzmacher Autobuild-Date(v4-7-test): Tue Mar 20 21:51:18 CET 2018 on sn-devel-144 commit 7ea5588d089b5b97f307c71aa4de78fe0aa2441b Author: Garming Sam Date: Mon Jan 8 16:34:02 2018 +1300 tests/bind.py: Add a bind test with NTLMSSP with no domain Confirmed to pass against Windows 2012 R2. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206 Signed-off-by: Garming Sam Reviewed-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher (cherry picked from commit 2e49a9ebf5bffbeadca03517b4a21bca24c0) commit 35c8220990a2671443ca6b9f457efd72a427be9e Author: Garming Sam Date: Mon Jan 8 13:36:59 2018 +1300 tests/py_creds: Add a SamLogonEx test with an empty string domain This test passes against 4.6, but failed against 4.7.5 and master. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206 Signed-off-by: Garming Sam Reviewed-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher (cherry picked from commit 5c625eae3f54e8de434de26e9f6a0f2fde557c18) commit 04cc8936c3f90bf3bbb05bce25c55212c8f0823b Author: Stefan Metzmacher Date: Tue Jan 9 08:57:05 2018 +0100 s3:cliconnect.c: remove useless ';' BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206 Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett (cherry picked from commit e039e9b0d2a16b21ace019b028e5c8244486b8a3) commit 4c087a0e9e8ffd797e810f7dc21d630fd6833eed Author: Stefan Metzmacher Date: Tue Jan 9 08:55:48 2018 +0100 s3:libsmb: allow -U"\\administrator" to work cli_credentials_get_principal() returns NULL in that case. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206 Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett (cherry picked from commit 0786a65cabb92a812cf1c692d0d26914f74a6f87) commit 6c1dde631da2f5b41682210eca40f9d363168696 Author: Stefan Metzmacher Date: Fri Mar 2 14:40:19 2018 +0100
[SCM] Samba Shared Repository - branch v4-6-test updated
The branch, v4-6-test has been updated via 0afb85c tests/bind.py: Add a bind test with NTLMSSP with no domain via 96d9297 s3:cliconnect.c: remove useless ';' via bb14cec s3:libsmb: allow -U"\administrator" to work from d71e1a2 Merge tag 'samba-4.6.14' into v4-6-test https://git.samba.org/?p=samba.git;a=shortlog;h=v4-6-test - Log - commit 0afb85c28f3932ef952abbbe10c20340e51ca90d Author: Garming Sam Date: Mon Jan 8 16:34:02 2018 +1300 tests/bind.py: Add a bind test with NTLMSSP with no domain Confirmed to pass against Windows 2012 R2. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206 Signed-off-by: Garming Sam Reviewed-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher (cherry picked from commit 2e49a9ebf5bffbeadca03517b4a21bca24c0) Autobuild-User(v4-6-test): Stefan Metzmacher Autobuild-Date(v4-6-test): Tue Mar 20 21:20:00 CET 2018 on sn-devel-144 commit 96d9297a98d86000ec776049d84305ad9371efcc Author: Stefan Metzmacher Date: Tue Jan 9 08:57:05 2018 +0100 s3:cliconnect.c: remove useless ';' BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206 Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett (cherry picked from commit e039e9b0d2a16b21ace019b028e5c8244486b8a3) commit bb14cec6160bf9249fe2eb997ff48ad1408885d3 Author: Stefan Metzmacher Date: Tue Jan 9 08:55:48 2018 +0100 s3:libsmb: allow -U"\\administrator" to work cli_credentials_get_principal() returns NULL in that case. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206 Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett (cherry picked from commit 0786a65cabb92a812cf1c692d0d26914f74a6f87) --- Summary of changes: auth/credentials/tests/bind.py | 26 +- source3/libsmb/cliconnect.c| 9 +++-- 2 files changed, 32 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/auth/credentials/tests/bind.py b/auth/credentials/tests/bind.py index 91e493d..4aa4498 100755 --- a/auth/credentials/tests/bind.py +++ b/auth/credentials/tests/bind.py @@ -43,6 +43,7 @@ creds_machine = copy.deepcopy(creds) creds_user1 = copy.deepcopy(creds) creds_user2 = copy.deepcopy(creds) creds_user3 = copy.deepcopy(creds) +creds_user4 = copy.deepcopy(creds) class BindTests(samba.tests.TestCase): @@ -64,7 +65,7 @@ class BindTests(samba.tests.TestCase): self.config_dn = self.info_dc["configurationNamingContext"][0] self.computer_dn = "CN=centos53,CN=Computers,%s" % self.domain_dn self.password = "P@ssw0rd" -self.username = "BindTestUser_" + time.strftime("%s", time.gmtime()) +self.username = "BindTestUser" def tearDown(self): super(BindTests, self).tearDown() @@ -113,6 +114,7 @@ unicodePwd:: """ + base64.b64encode("\"P@ssw0rd\"".encode('utf-16-le')) + """ expression="(samAccountName=%s)" % self.username) self.assertEquals(len(ldb_res), 1) user_dn = ldb_res[0]["dn"] +self.addCleanup(delete_force, self.ldb, user_dn) # do a simple bind and search with the user account in format user@realm creds_user1.set_bind_dn(self.username + "@" + creds.get_realm()) @@ -138,5 +140,27 @@ unicodePwd:: """ + base64.b64encode("\"P@ssw0rd\"".encode('utf-16-le')) + """ lp=lp, ldap_only=True) res = ldb_user3.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"]) +def test_user_account_bind_no_domain(self): +# create user +self.ldb.newuser(username=self.username, password=self.password) +ldb_res = self.ldb.search(base=self.domain_dn, + scope=SCOPE_SUBTREE, + expression="(samAccountName=%s)" % self.username) +self.assertEquals(len(ldb_res), 1) +user_dn = ldb_res[0]["dn"] +self.addCleanup(delete_force, self.ldb, user_dn) + +creds_user4.set_username(self.username) +creds_user4.set_password(self.password) +creds_user4.set_domain('') +creds_user4.set_workstation('') +print "BindTest (no domain) with: " + self.username +try: +ldb_user4 = samba.tests.connect_samdb(host, credentials=creds_user4, + lp=lp, ldap_only=True) +except: +
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via da39e74 libcli/security: fix some SID values in comments via 3056e24 test_smbclient_s3.sh: force LANG=C during test_utimes() from 0361748 wbinfo: Improve the wording for --online-status https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit da39e74c3909f1c260b4899ea835e789044aaa56 Author: Stefan Metzmacher Date: Tue Mar 6 16:38:30 2018 +0100 libcli/security: fix some SID values in comments Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Fri Mar 16 19:47:15 CET 2018 on sn-devel-144 commit 3056e24a4bee545b94847265ec8ab3b228ce5f89 Author: Stefan Metzmacher Date: Wed Mar 7 11:19:54 2018 +0100 test_smbclient_s3.sh: force LANG=C during test_utimes() This makes the test independent from the developers environment. Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme --- Summary of changes: libcli/security/util_sid.c| 6 +++--- source3/script/tests/test_smbclient_s3.sh | 8 2 files changed, 11 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/security/util_sid.c b/libcli/security/util_sid.c index 4e4a8fa..af04dff 100644 --- a/libcli/security/util_sid.c +++ b/libcli/security/util_sid.c @@ -34,10 +34,10 @@ */ -/* S-1 */ +/* S-1-1 */ const struct dom_sid global_sid_World_Domain = /* Everyone domain */ { 1, 0, {0,0,0,0,0,1}, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}}; -/* S-1-1 */ +/* S-1-1-0 */ const struct dom_sid global_sid_World = /* Everyone */ { 1, 1, {0,0,0,0,0,1}, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}}; /* S-1-2 */ @@ -52,7 +52,7 @@ const struct dom_sid global_sid_NT_Authority = /* NT Authority */ /* S-1-5-18 */ const struct dom_sid global_sid_System = /* System */ { 1, 1, {0,0,0,0,0,5}, {18,0,0,0,0,0,0,0,0,0,0,0,0,0,0}}; -/* S-1-0 */ +/* S-1-0-0 */ const struct dom_sid global_sid_NULL = /* NULL sid */ { 1, 1, {0,0,0,0,0,0}, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}}; /* S-1-5-11 */ diff --git a/source3/script/tests/test_smbclient_s3.sh b/source3/script/tests/test_smbclient_s3.sh index db77eb1..03f7b27 100755 --- a/source3/script/tests/test_smbclient_s3.sh +++ b/source3/script/tests/test_smbclient_s3.sh @@ -1422,6 +1422,9 @@ test_utimes() saved_TZ="$TZ" TZ=UTC export TZ +saved_LANG="$LANG" +LANG=C +export LANG cat > $tmpfile <
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via c41895b CVE-2018-1050: s3: RPC: spoolss server. Protect against null pointer derefs. via 50e7788 CVE-2018-1057: s4:dsdb/acl: changing dBCSPwd is only allowed with a control via c804568 CVE-2018-1057: s4:dsdb: use DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID via ab7dc21 CVE-2018-1057: s4:dsdb/samdb: define DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID control via 407a34c CVE-2018-1057: s4:dsdb/acl: run password checking only once via 3e6621f CVE-2018-1057: s4/dsdb: correctly detect password resets via 9dd7dd9 CVE-2018-1057: s4:dsdb/acl: add a NULL check for talloc_new() in acl_check_password_rights() via 766ab4c CVE-2018-1057: s4:dsdb/acl: add check for DSDB_CONTROL_PASSWORD_HASH_VALUES_OID control via 0e15ce1 CVE-2018-1057: s4:dsdb/acl: check for internal controls before other checks via 39e689a CVE-2018-1057: s4:dsdb/acl: remove unused else branches in acl_check_password_rights() via 2fea9ee CVE-2018-1057: s4:dsdb/acl: only call dsdb_acl_debug() if we checked the acl in acl_check_password_rights() via c653e51 CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for passwordAttr->num_values via b23bf04 CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for LDB_FLAG_MOD_TYPE via fbd1647 CVE-2018-1057: s4:dsdb/tests: add a test for password change with empty delete from 614f5a0 README.Coding: codify line splitting on function calls https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c41895be8222199ffe69749e32afc9946517f63f Author: Jeremy Allison Date: Tue Jan 2 15:56:03 2018 -0800 CVE-2018-1050: s3: RPC: spoolss server. Protect against null pointer derefs. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11343 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Tue Mar 13 16:06:10 CET 2018 on sn-devel-144 commit 50e7788603b97104fe116a07ab14a1d1148f4405 Author: Ralph Boehme Date: Thu Feb 15 23:11:38 2018 +0100 CVE-2018-1057: s4:dsdb/acl: changing dBCSPwd is only allowed with a control This is not strictly needed to fig bug 13272, but it makes sense to also fix this while fixing the overall ACL checking logic. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit c80456855197f9fe9ef497a7fc94504c28445343 Author: Ralph Boehme Date: Fri Feb 16 15:38:19 2018 +0100 CVE-2018-1057: s4:dsdb: use DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID This is used to pass information about which password change operation (change or reset) the acl module validated, down to the password_hash module. It's very important that both modules treat the request identical. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit ab7dc210e9aedc1222055822ff296e4a67cfb27b Author: Ralph Boehme Date: Fri Feb 16 15:30:13 2018 +0100 CVE-2018-1057: s4:dsdb/samdb: define DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID control Will be used to pass "user password change" vs "password reset" from the ACL to the password_hash module, ensuring both modules treat the request identical. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit 407a34c73fcd666c22776bbc4aa56d02c0683463 Author: Ralph Boehme Date: Wed Feb 14 19:15:49 2018 +0100 CVE-2018-1057: s4:dsdb/acl: run password checking only once This is needed, because a later commit will let the acl module add a control to the change request msg and we must ensure that this is only done once. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit 3e6621fe58014f19477633b1c0b54288550f0e87 Author: Ralph Boehme Date: Thu Feb 22 10:54:37 2018 +0100 CVE-2018-1057: s4/dsdb: correctly detect password resets This change ensures we correctly treat the following LDIF dn: cn=testuser,cn=users,... changetype: modify delete: userPassword add: userPassword userPassword: thatsAcomplPASS1 as a password reset. Because delete and add element counts are both one, the ACL module wrongly treated this as a password change request. For a password change we need at least one value to delete and one value to add. This patch ensures we correctly check attributes and their values. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272 Signed-off-by: Ralph Boehme Reviewed-by
[SCM] Samba Shared Repository - branch v4-8-test updated
The branch, v4-8-test has been updated via 03e63dd CVE-2018-1050: s3: RPC: spoolss server. Protect against null pointer derefs. via 87b10d3 CVE-2018-1057: s4:dsdb/acl: changing dBCSPwd is only allowed with a control via 5c957af CVE-2018-1057: s4:dsdb: use DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID via 6335660 CVE-2018-1057: s4:dsdb/samdb: define DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID control via f8ff72d CVE-2018-1057: s4:dsdb/acl: run password checking only once via 4e30547 CVE-2018-1057: s4/dsdb: correctly detect password resets via bd39608 CVE-2018-1057: s4:dsdb/acl: add a NULL check for talloc_new() in acl_check_password_rights() via b152db9 CVE-2018-1057: s4:dsdb/acl: add check for DSDB_CONTROL_PASSWORD_HASH_VALUES_OID control via 93e11c7 CVE-2018-1057: s4:dsdb/acl: check for internal controls before other checks via 9e7dc49 CVE-2018-1057: s4:dsdb/acl: remove unused else branches in acl_check_password_rights() via be3c583 CVE-2018-1057: s4:dsdb/acl: only call dsdb_acl_debug() if we checked the acl in acl_check_password_rights() via 9a3f754 CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for passwordAttr->num_values via 231ed98 CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for LDB_FLAG_MOD_TYPE via ccb38e9 CVE-2018-1057: s4:dsdb/tests: add a test for password change with empty delete from 60c7969 WHATSNEW: Domain member setups require winbindd https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-test - Log - commit 03e63dd9841085ee16993d74dff4e62957298bbd Author: Jeremy Allison Date: Tue Jan 2 15:56:03 2018 -0800 CVE-2018-1050: s3: RPC: spoolss server. Protect against null pointer derefs. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11343 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(v4-8-test): Stefan Metzmacher Autobuild-Date(v4-8-test): Tue Mar 13 15:58:25 CET 2018 on sn-devel-144 commit 87b10d37533950abf793f64b43542632b3cb40ae Author: Ralph Boehme Date: Thu Feb 15 23:11:38 2018 +0100 CVE-2018-1057: s4:dsdb/acl: changing dBCSPwd is only allowed with a control This is not strictly needed to fig bug 13272, but it makes sense to also fix this while fixing the overall ACL checking logic. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit 5c957af090354f678a75cb59861a3a61ef24333e Author: Ralph Boehme Date: Fri Feb 16 15:38:19 2018 +0100 CVE-2018-1057: s4:dsdb: use DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID This is used to pass information about which password change operation (change or reset) the acl module validated, down to the password_hash module. It's very important that both modules treat the request identical. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit 6335660ea218fe59f461658db0be364b8b58b4ca Author: Ralph Boehme Date: Fri Feb 16 15:30:13 2018 +0100 CVE-2018-1057: s4:dsdb/samdb: define DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID control Will be used to pass "user password change" vs "password reset" from the ACL to the password_hash module, ensuring both modules treat the request identical. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit f8ff72d75bef5552eb00852a3012db44261d423f Author: Ralph Boehme Date: Wed Feb 14 19:15:49 2018 +0100 CVE-2018-1057: s4:dsdb/acl: run password checking only once This is needed, because a later commit will let the acl module add a control to the change request msg and we must ensure that this is only done once. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit 4e30547371cf9e38cd7a219dd43c9bc5c7a2a7fb Author: Ralph Boehme Date: Thu Feb 22 10:54:37 2018 +0100 CVE-2018-1057: s4/dsdb: correctly detect password resets This change ensures we correctly treat the following LDIF dn: cn=testuser,cn=users,... changetype: modify delete: userPassword add: userPassword userPassword: thatsAcomplPASS1 as a password reset. Because delete and add element counts are both one, the ACL module wrongly treated this as a password change request. For a password change we need at least one value to delete and one value to add. This patch ensures we correctly check attributes and their values. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272 Signed-off-by: Ralph Boehme Reviewed-by
[SCM] Samba Shared Repository - branch v4-7-test updated
The branch, v4-7-test has been updated via 17977a9 Merge tag 'samba-4.7.6' into v4-7-test via 5cfa947 VERSION: Disable GIT_SNAPSHOT for the 4.7.6 release. via 4119137 WHATSNEW: Add release notes for Samba 4.7.6. via 11fbafc CVE-2018-1057: s4:dsdb/acl: changing dBCSPwd is only allowed with a control via 86b41e9 CVE-2018-1057: s4:dsdb: use DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID via f11f3cc CVE-2018-1057: s4:dsdb/samdb: define DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID control via 32d65d8 CVE-2018-1057: s4:dsdb/acl: run password checking only once via 946bab0 CVE-2018-1057: s4/dsdb: correctly detect password resets via bb2ab8e CVE-2018-1057: s4:dsdb/acl: add a NULL check for talloc_new() in acl_check_password_rights() via a6221ea CVE-2018-1057: s4:dsdb/acl: add check for DSDB_CONTROL_PASSWORD_HASH_VALUES_OID control via 32384ea CVE-2018-1057: s4:dsdb/acl: check for internal controls before other checks via 31088fa CVE-2018-1057: s4:dsdb/acl: remove unused else branches in acl_check_password_rights() via 50eb427 CVE-2018-1057: s4:dsdb/acl: only call dsdb_acl_debug() if we checked the acl in acl_check_password_rights() via e2acd0d CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for passwordAttr->num_values via 5ad58a9 CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for LDB_FLAG_MOD_TYPE via d8de52b CVE-2018-1057: s4:dsdb/tests: add a test for password change with empty delete via 9f9db58 CVE-2018-1050: s3: RPC: spoolss server. Protect against null pointer derefs. via a572eed VERSION: Bump version up to 4.7.6... from cc04ea1 VERSION: Bump version up to 4.7.7. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test - Log - commit 17977a918f97309f2d2d2aeaa162766f36342478 Merge: cc04ea1 5cfa947 Author: Stefan Metzmacher Date: Tue Mar 13 11:11:29 2018 +0100 Merge tag 'samba-4.7.6' into v4-7-test samba: tag release samba-4.7.6 --- Summary of changes: Changeset truncated at 500 lines: -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-6-test updated
The branch, v4-6-test has been updated via d71e1a2 Merge tag 'samba-4.6.14' into v4-6-test via d64e68a VERSION: Disable GIT_SNAPSHOT for the 4.6.14 release. via 7d6f329 WHATSNEW: Add release notes for Samba 4.6.14. via 8300e8e CVE-2018-1057: s4:dsdb/acl: changing dBCSPwd is only allowed with a control via c1de637 CVE-2018-1057: s4:dsdb: use DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID via 06032bf CVE-2018-1057: s4:dsdb/samdb: define DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID control via aee3832 CVE-2018-1057: s4:dsdb/acl: run password checking only once via c8aa8ff CVE-2018-1057: s4/dsdb: correctly detect password resets via 7f4fef0 CVE-2018-1057: s4:dsdb/acl: add a NULL check for talloc_new() in acl_check_password_rights() via 39aa58a CVE-2018-1057: s4:dsdb/acl: add check for DSDB_CONTROL_PASSWORD_HASH_VALUES_OID control via ddf8122 CVE-2018-1057: s4:dsdb/acl: check for internal controls before other checks via 67ad3bf CVE-2018-1057: s4:dsdb/acl: remove unused else branches in acl_check_password_rights() via a529401 CVE-2018-1057: s4:dsdb/acl: only call dsdb_acl_debug() if we checked the acl in acl_check_password_rights() via 09eed84 CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for passwordAttr->num_values via 116c4e3 CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for LDB_FLAG_MOD_TYPE via 429a17f CVE-2018-1057: s4:dsdb/tests: add a test for password change with empty delete via 189d129 CVE-2018-1050: s3: RPC: spoolss server. Protect against null pointer derefs. via 24df683b VERSION: Bump version up to 4.6.14... from 2d2fb95 VERSION: Bump version up to 4.6.15... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-6-test - Log - commit d71e1a2bf4b28442022002bf0a27ba5b0b8dbe45 Merge: 2d2fb95 d64e68a Author: Stefan Metzmacher Date: Tue Mar 13 11:11:55 2018 +0100 Merge tag 'samba-4.6.14' into v4-6-test samba: tag release samba-4.6.14 --- Summary of changes: Changeset truncated at 500 lines: -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-5-stable updated
The branch, v4-5-stable has been updated via cfb28f6 VERSION: Disable GIT_SNAPSHOT for the 4.6.16 release. via 6e98de0 Merge tag 'samba-4.5.16' into v4-5-test via 8376a89 VERSION: Bump version up to 4.5.16. via 829fa02 Merge tag 'samba-4.5.15' into v4-5-test via 3ad2444 python: use communicate to fix Popen deadlock via d433c7f blackbox tests: method to check specific exit codes via aba4994 VERSION: Bump version up to 4.5.15... via f84484a Merge tag 'samba-4.5.14' into v4-5-test from 4b43ad8 VERSION: Disable GIT_SNAPSHOT for the 4.6.16 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-5-stable - Log - commit cfb28f69529c0f71c026096eb75d44370964c6df Author: Karolin Seeger Date: Mon Mar 12 13:10:30 2018 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.6.16 release. CVE-2018-1050 (Denial of Service Attack on external print server.) CVE-2018-1057 (Authenticated users can change other users' password.) Signed-off-by: Karolin Seeger commit 6e98de015870fd5e0461f985d11ce6baabce5d99 Merge: 8376a89 4b43ad8 Author: Stefan Metzmacher Date: Tue Mar 13 11:00:06 2018 +0100 Merge tag 'samba-4.5.16' into v4-5-test samba: tag release samba-4.5.16 commit 8376a89e40b82c0b4b365b8daf155159f59945cb Author: Karolin Seeger Date: Wed Nov 22 09:04:28 2017 +0100 VERSION: Bump version up to 4.5.16. Signed-off-by: Karolin Seeger commit 829fa020f5f06b2d6496d37a064bccf166a3ecf9 Merge: 3ad2444 f333815 Author: Karolin Seeger Date: Wed Nov 22 09:03:52 2017 +0100 Merge tag 'samba-4.5.15' into v4-5-test samba: tag release samba-4.5.15 commit 3ad244462a075874f4740d58b42a2a5f082e3f1d Author: Joe Guo Date: Fri Sep 15 16:13:26 2017 +1200 python: use communicate to fix Popen deadlock `Popen.wait()` will deadlock when using stdout=PIPE and/or stderr=PIPE and the child process generates large output to a pipe such that it blocks waiting for the OS pipe buffer to accept more data. Use communicate() to avoid that. Signed-off-by: Joe Guo Reviewed-by: Douglas Bagnall Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Thu Oct 19 09:27:16 CEST 2017 on sn-devel-144 (cherry picked from commit 5dc773a5b00834c7a53130a73a48f49048bd55e8) Autobuild-User(v4-5-test): Stefan Metzmacher Autobuild-Date(v4-5-test): Tue Nov 14 14:35:22 CET 2017 on sn-devel-144 commit d433c7f455e9ccb03c96bad2984c7cab3ef28628 Author: Gary Lockyer Date: Wed Aug 16 13:52:25 2017 +1200 blackbox tests: method to check specific exit codes Signed-off-by: Gary Lockyer Reviewed-by: Douglas Bagnall Reviewed-by: Garming Sam (cherry picked from commit 74ebcf6dfc84b6aab6838fa99e12808eb6b913d9) commit aba4994bd071bdef8c623632ee248cb99d68ed05 Author: Karolin Seeger Date: Wed Sep 20 13:03:53 2017 +0200 VERSION: Bump version up to 4.5.15... and re-enable GIT_SNAPSHOTS. Signed-off-by: Karolin Seeger commit f84484ac9dc52062cefd0ab055670985d394588d Merge: 5c645ed f261c9a Author: Karolin Seeger Date: Wed Sep 20 13:03:09 2017 +0200 Merge tag 'samba-4.5.14' into v4-5-test samba: tag release samba-4.5.14 --- Summary of changes: Changeset truncated at 500 lines: -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-5-test updated
The branch, v4-5-test has been updated via cfb28f6 VERSION: Disable GIT_SNAPSHOT for the 4.6.16 release. from 6e98de0 Merge tag 'samba-4.5.16' into v4-5-test https://git.samba.org/?p=samba.git;a=shortlog;h=v4-5-test - Log - commit cfb28f69529c0f71c026096eb75d44370964c6df Author: Karolin Seeger Date: Mon Mar 12 13:10:30 2018 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.6.16 release. CVE-2018-1050 (Denial of Service Attack on external print server.) CVE-2018-1057 (Authenticated users can change other users' password.) Signed-off-by: Karolin Seeger --- Summary of changes: VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 2142867..ffb776e 100644 --- a/VERSION +++ b/VERSION @@ -99,7 +99,7 @@ SAMBA_VERSION_RC_RELEASE= # e.g. SAMBA_VERSION_IS_SVN_SNAPSHOT=yes # # -> "3.0.0-SVN-build-199" # -SAMBA_VERSION_IS_GIT_SNAPSHOT=yes +SAMBA_VERSION_IS_GIT_SNAPSHOT=no # This is for specifying a release nickname# -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-5-test updated
The branch, v4-5-test has been updated via 6e98de0 Merge tag 'samba-4.5.16' into v4-5-test via 4b43ad8 VERSION: Disable GIT_SNAPSHOT for the 4.6.16 release. via 3e0aa75 WHATSNEW: Add release notes for Samba 4.6.16. via 3663981 CVE-2018-1057: s4:dsdb/acl: changing dBCSPwd is only allowed with a control via e5b8c81 CVE-2018-1057: s4:dsdb: use DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID via 4adcba5 CVE-2018-1057: s4:dsdb/samdb: define DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID control via bb43ab0 CVE-2018-1057: s4:dsdb/acl: run password checking only once via 67fa44a CVE-2018-1057: s4/dsdb: correctly detect password resets via 6c980a0 CVE-2018-1057: s4:dsdb/acl: add a NULL check for talloc_new() in acl_check_password_rights() via 54c363e CVE-2018-1057: s4:dsdb/acl: add check for DSDB_CONTROL_PASSWORD_HASH_VALUES_OID control via 6d5caff CVE-2018-1057: s4:dsdb/acl: check for internal controls before other checks via 99f46aa CVE-2018-1057: s4:dsdb/acl: remove unused else branches in acl_check_password_rights() via d552abe CVE-2018-1057: s4:dsdb/acl: only call dsdb_acl_debug() if we checked the acl in acl_check_password_rights() via abf925c CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for passwordAttr->num_values via 7eabe3d CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for LDB_FLAG_MOD_TYPE via e577464 CVE-2018-1057: s4:dsdb/tests: add a test for password change with empty delete via dff5d43 CVE-2018-1050: s3: RPC: spoolss server. Protect against null pointer derefs. via 64b6a9f VERSION: Re-enable GIT_SNAPSHOT. via f3ec20f VERSION: Bump version up to 4.5.16. from 8376a89 VERSION: Bump version up to 4.5.16. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-5-test - Log - commit 6e98de015870fd5e0461f985d11ce6baabce5d99 Merge: 8376a89 4b43ad8 Author: Stefan Metzmacher Date: Tue Mar 13 11:00:06 2018 +0100 Merge tag 'samba-4.5.16' into v4-5-test samba: tag release samba-4.5.16 --- Summary of changes: WHATSNEW.txt | 80 +- source3/rpc_server/spoolss/srv_spoolss_nt.c| 13 +++ source4/dsdb/samdb/ldb_modules/acl.c | 146 ++--- source4/dsdb/samdb/ldb_modules/password_hash.c | 45 ++-- source4/dsdb/samdb/samdb.h | 9 ++ source4/dsdb/tests/python/passwords.py | 49 + source4/libcli/ldap/ldap_controls.c| 1 + source4/setup/schema_samba4.ldif | 2 + 8 files changed, 320 insertions(+), 25 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index b245e30..a204a54 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,80 @@ == + Release Notes for Samba 4.5.16 + March 13, 2018 + == + + +This is a security release in order to address the following defects: + +o CVE-2018-1050 (Denial of Service Attack on external print server.) +o CVE-2018-1057 (Authenticated users can change other users' password.) + + +=== +Details +=== + +o CVE-2018-1050: + All versions of Samba from 4.0.0 onwards are vulnerable to a denial of + service attack when the RPC spoolss service is configured to be run as + an external daemon. Missing input sanitization checks on some of the + input parameters to spoolss RPC calls could cause the print spooler + service to crash. + + There is no known vulnerability associated with this error, merely a + denial of service. If the RPC spoolss service is left by default as an + internal service, all a client can do is crash its own authenticated + connection. + +o CVE-2018-1057: + On a Samba 4 AD DC the LDAP server in all versions of Samba from + 4.0.0 onwards incorrectly validates permissions to modify passwords + over LDAP allowing authenticated users to change any other users' + passwords, including administrative users. + + Possible workarounds are described at a dedicated page in the Samba wiki: + https://wiki.samba.org/index.php/CVE-2018-1057 + + +Changes since 4.5.15: +- + +o Jeremy Allison + * BUG 11343: CVE-2018-1050: Codenomicon crashes in spoolss server code. + +o Ralph Boehme + * BUG 13272: CVE-2018-1057: Unprivileged user can change any user (and admin) + password. + +o Stefan Metzmacher + * BUG 13272: CVE-2018-1057: Unprivileged user can change any user (and admin) + password. + + +### +Reporting bugs & Development Discussion +### + +Ple
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 1e77789 Add backports for CVE-2018-1057 on top of 4.3.13 and 4.4.16 via de29a97 redirect outdated https://www.samba.org/samba/patches/ to https://www.samba.org/samba/history/security.html from 52725a6 Fix typos. https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 1e77789ef43cfbf79ade5526c8602cd2391c1c44 Author: Stefan Metzmacher Date: Tue Mar 13 10:51:40 2018 +0100 Add backports for CVE-2018-1057 on top of 4.3.13 and 4.4.16 Signed-off-by: Stefan Metzmacher commit de29a9719794542e51a4615d5e451996f338af6e Author: Stefan Metzmacher Date: Tue Mar 13 10:51:10 2018 +0100 redirect outdated https://www.samba.org/samba/patches/ to https://www.samba.org/samba/history/security.html Signed-off-by: Stefan Metzmacher --- Summary of changes: history/security.html | 4 +++ patches/index.html| 95 --- 2 files changed, 10 insertions(+), 89 deletions(-) Changeset truncated at 500 lines: diff --git a/history/security.html b/history/security.html index d81359a..4321668 100755 --- a/history/security.html +++ b/history/security.html @@ -29,6 +29,10 @@ link to full release notes for each release. patch for Samba 4.6.13 patch for Samba 4.5.15 + + patch for Samba 4.4.16 (only CVE-2018-1057) + + patch for Samba 4.3.13 (only CVE-2018-1057) Numerous CVEs. Please see the announcements for details. please refer to the advisories diff --git a/patches/index.html b/patches/index.html index 1be34e6..9ee2a0b 100755 --- a/patches/index.html +++ b/patches/index.html @@ -1,92 +1,9 @@ - Samba - opening windows to a wider world - +You are being redirected... -Patches for Recent or Unsupported Releases + -In order to better support the Samba community, this page - contains recommended patches for the most recent production - releases. These patches have been integrated into the - main Samba development trees for the next version of Samba. - - -Follow these instructions for applying patches: -$ tar zxvf samba-3.x.y.tar.gz -$ cd samba-3.x.y -$ patch -p1 < "downloaded_patch_file" -$ cd source - - -Or use the http://savannah.nongnu.org/projects/quilt";>quilt -tool to apply all patches to a known series. For example: - -$ tar zxvf samba-3.0.24.tar.gz -$ cd samba-3.0.24 -$ wget http://www.samba.org/samba/patches/fetch-patches>http://www.samba.org/samba/patches/fetch-patches -$ sh ./fetch-patches 3.0.24 -$ quilt push -a -$ cd source - - -build Samba as normal - -Please note that in some cases it will be necessary to regenerate - the configure script by executing autogen.sh located in the - source/ directory. In all cases, it is best to do a clean build - after applying any patches. - - - - - -Samba 3.0.37 - - - -PatchDescription - - -Allow non-ASCII netbios names -Push the domain and netbios name into the DOS charset. - - - - - - - -Samba 3.2.15 - - - -PatchDescription - - -BUG 6606 -Fix file corruption using smbclient with NT4 server. - - -BUG 6776 -Fix core dump when running overlapping Byte Lock test. - - - - - -Samba 3.3.14 - - - -PatchDescription - - -BUG 7715 -Setting Samba Write Cache Size Can Cause File Corruption. - - - - - - - - + + + + -- Samba Website Repository