[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 261ef9d5b62 dbcheck: fix the err_empty_attribute() check
via dd6f0dad218 dbcheck: use the str() value of the "name" attribute
from 52bf5c25261 s3:script: Fix running cp in modprinter.pl
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 261ef9d5b62f0d49f858717e6d8b4b41f008efb5
Author: Stefan Metzmacher
Date: Tue Mar 19 13:16:59 2019 +0100
dbcheck: fix the err_empty_attribute() check
ldb.bytes('') == '' is never True in python3,
we nee ldb.bytes('') == b'' in order to
check that on attribute has an empty value,
that seems to work for python2 and python3.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13843
Signed-off-by: Stefan Metzmacher
Reviewed-by: Noel Power
Autobuild-User(master): Stefan Metzmacher
Autobuild-Date(master): Thu Mar 21 18:15:20 UTC 2019 on sn-devel-144
commit dd6f0dad218ec1d5aa38ea8aa6848ec81035cb3f
Author: Stefan Metzmacher
Date: Tue Mar 19 13:05:16 2019 +0100
dbcheck: use the str() value of the "name" attribute
We do the same with the rdn attribute value
and we need the same logic on both in order to
check they are the same.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816
Signed-off-by: Stefan Metzmacher
Reviewed-by: Noel Power
---
Summary of changes:
python/samba/dbchecker.py | 4 ++--
.../expected-dbcheck-link-output-lost-deleted-user1.txt | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py
index 98508192c10..a0500c6c578 100644
--- a/python/samba/dbchecker.py
+++ b/python/samba/dbchecker.py
@@ -2311,7 +2311,7 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn),
str(to_base)))
self.report("ERROR: Not fixing num_values(%d) for '%s' on
'%s'" %
(len(obj[attrname]), attrname, str(obj.dn)))
else:
-name_val = obj[attrname][0]
+name_val = str(obj[attrname][0])
if str(attrname).lower() == str(obj.dn.get_rdn_name()).lower():
object_rdn_attr = attrname
@@ -2445,7 +2445,7 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn),
str(to_base)))
# check for empty attributes
for val in obj[attrname]:
-if val == '':
+if val == b'':
self.err_empty_attribute(dn, attrname)
error_count += 1
continue
diff --git
a/source4/selftest/provisions/release-4-5-0-pre1/expected-dbcheck-link-output-lost-deleted-user1.txt
b/source4/selftest/provisions/release-4-5-0-pre1/expected-dbcheck-link-output-lost-deleted-user1.txt
index 3c55de8fa01..1f5f2272bc1 100644
---
a/source4/selftest/provisions/release-4-5-0-pre1/expected-dbcheck-link-output-lost-deleted-user1.txt
+++
b/source4/selftest/provisions/release-4-5-0-pre1/expected-dbcheck-link-output-lost-deleted-user1.txt
@@ -1,7 +1,7 @@
Checking 232 objects
WARNING: no target object found for GUID component link lastKnownParent in
deleted object
CN=fred\0ADEL:2301a64c-1234-5678-851e-12d4a711cfb4,OU=removed,DC=release-4-5-0-pre1,DC=samba,DC=corp
-
;OU=removed,DC=release-4-5-0-pre1,DC=samba,DC=corp
Not removing dangling one-way link on deleted object (tombstone garbage
collection in progress?)
-ERROR: wrong
dn[CN=fred\0ADEL:2301a64c-1234-5678-851e-12d4a711cfb4,OU=removed,DC=release-4-5-0-pre1,DC=samba,DC=corp]
cn='fred\nDEL:2301a64c-1234-5678-851e-12d4a711cfb4'
name=b'fred\nDEL:2301a64c-1234-5678-851e-12d4a711cfb4'
new_dn[CN=fred\0ADEL:2301a64c-1234-5678-851e-12d4a711cfb4,CN=Deleted
Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp]
+ERROR: wrong
dn[CN=fred\0ADEL:2301a64c-1234-5678-851e-12d4a711cfb4,OU=removed,DC=release-4-5-0-pre1,DC=samba,DC=corp]
name='fred\nDEL:2301a64c-1234-5678-851e-12d4a711cfb4'
new_dn[CN=fred\0ADEL:2301a64c-1234-5678-851e-12d4a711cfb4,CN=Deleted
Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp]
Rename
CN=fred\0ADEL:2301a64c-1234-5678-851e-12d4a711cfb4,OU=removed,DC=release-4-5-0-pre1,DC=samba,DC=corp
to CN=fred\0ADEL:2301a64c-1234-5678-851e-12d4a711cfb4,CN=Deleted
Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp? [YES]
Renamed
CN=fred\0ADEL:2301a64c-1234-5678-851e-12d4a711cfb4,OU=removed,DC=release-4-5-0-pre1,DC=samba,DC=corp
into CN=fred\0ADEL:2301a64c-1234-5678-851e-12d4a711cfb4,CN=Deleted
Objects,DC=release-4-5-0-pre1,DC=samba,DC=corp
WARNING: parent object not found for
CN=fred\0ADEL:2301a64c-1234-5678-851e-12d4a711cfb4,OU=removed,DC=release-4-5-0-pre1,DC=samba,DC=corp
--
Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag ldb-1.6.3 created
The annotated tag, ldb-1.6.3 has been created at 7ef2603bca114ff6c157516ab64936b00ecd5878 (tag) tagging 81648d576d56e924945b2214ac12ca6a40679db8 (commit) replaces tevent-0.10.0 tagged by Stefan Metzmacher on Thu Mar 21 11:16:15 2019 +0100 - Log - ldb: tag release ldb-1.6.3 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlyTZG8ACgkQR5ORYRMI QCUEPAf+OhCck99hwhPoN8kbk2uQMsF9GYMeJZg1J6Zb3D+Osu7wgPRhvOgizyhD X8XYVFyk2FVBZW25eHOcNEOkis5rqMg//mtsY6wHuYOpH6htiqn0dCquweOMN5E6 veTtlR5+6zQby8E4cYAAWpfqeOnCOklXIYlA97neld7Ds0GdyXK8HP5YBQqAIE7/ tXPvFVENF6Q9j5e97tHRx9Kt2YMbyVK0dqjIe79Pidft/FEU4gQC5ozT91rciok/ dzsXkuqkbl+xQqSr9XYpNDYCc6xioIztKJC0UC9F3xNrvZmnFJP6fBHlJ/g98spf wYwtYv3DMtxdtK0ORQGT1bTLJf19sA== =WG50 -END PGP SIGNATURE- Andrew Bartlett (1): ldb: Release ldb 1.6.3 --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag tevent-0.10.0 created
The annotated tag, tevent-0.10.0 has been created at fa5587d230bb41396e3630574448054804667ba4 (tag) tagging 6f2278018436184785e19f69efc60ec408b14aa7 (commit) replaces tdb-1.4.0 tagged by Stefan Metzmacher on Thu Mar 21 11:15:38 2019 +0100 - Log - tevent: tag release tevent-0.10.0 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlyTZEoACgkQR5ORYRMI QCVjHAgAiT55J/spNfBGT4Uj0PMkxmzFLMHKQKOADqMSWLrHC5/u5mJ7UTaZORH3 thogvx1MBSwkh5GdKgUDDNqBWGxPyL1BS2NvnpnN7+UxRyPtq/URDtIJnkAouH/c 3G1ELRRTCo1meQzYHclJXOEXy7zHqbqZGWzRTBgTx1yfkaegnxfwFMnPi3IjjYm9 0EL15pHMROKzo0JDx3I8JyxCUWjFAoNIx3tWWEK9AmGk8mbaTSq/JYQxP4nY1LrF 2yCs1waMmHXlDN5h6SZevhWQQn6LrJfdmmFBmXzm+q00tm8IRLs0qUOsRCsirMaJ Za/2Npw/gXVWjE4QqEU84fu5vcnhpg== =Mx1G -END PGP SIGNATURE- Andrew Bartlett (1): tevent: Release tevent 0.10.0 --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag tdb-1.4.0 created
The annotated tag, tdb-1.4.0 has been created at 432055298027f1d5438201f9dbcac7ebb153f0b6 (tag) tagging fe69d807eae06cb041f25c2dfe351d4e25d541cd (commit) replaces talloc-2.2.0 tagged by Stefan Metzmacher on Thu Mar 21 11:14:24 2019 +0100 - Log - tdb: tag release tdb-1.4.0 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlyTZAAACgkQR5ORYRMI QCVoJAf+Ju/rV+QyT2HmMRVZacKFrXdkuqMwcevgsYAObuUAQ2juQLlb/IM+wuSa gqSCBqHCltPMJySOladcly+712u/iyry65GfeENXJ9jH9P75GtzmldZmq6c/9Nuj 1d7gr4ei7F1sQN7m1ua1fnTe0wP0KHfMSUGokIcOQitn8nWs2ccj0pcR37B0q3Wo KVxDtj5PjGKjBC7rDoqWgSPK1ddOo+iIKRaJhWj1tCwlryVqVex6BnnoXJaniTIj 33wyk1C8yrWJ0lOEEFn37DeYsFTk+086VB7CT8CxlHdXJN7yavhneGP7km3LvEKQ nDAv69u7R9aiS5uPOJSKHtS8UFH+yA== =AfHt -END PGP SIGNATURE- Andrew Bartlett (1): tdb: Release tdb 1.4.0 --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag talloc-2.2.0 created
The annotated tag, talloc-2.2.0 has been created
at b1b036668f28e9b759bc02204492ca05ae2c7118 (tag)
tagging b80140ba00282ce67f7d394bbf684e726df1126e (commit)
replaces ldb-1.6.2
tagged by Stefan Metzmacher
on Thu Mar 21 11:13:42 2019 +0100
- Log -
talloc: tag release talloc-2.2.0
-BEGIN PGP SIGNATURE-
iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlyTY9YACgkQR5ORYRMI
QCXmewgAiVETBLZ6yxjEpb4BScA+vE5OqrolmKZEnZM1aaLc1cWyK36QCJvDlnZa
LFhbbpvTIJz4g4kD3ldUE9sTgNSuuJNoMmDu3O8kCVEiiKnOmvUyY1e2e910Jv2R
yX+N5QhGzuW6cjM+uaXAnPzDW9hyx/GGCGNUAEFq1FiVWEu8Y8imIzj/8kgtpobo
im84qa4G/f/tBP6bfGEDe7Tk9LNRU36M4TyfztNuRN8reKX0con4OOJaukq3fwmI
gXMFF9mCSgmoY8tv23YWt1+EdOUaYIQdTTw8OB5B0jYK1uLK2JUCokJ5z4lcxlYn
Ffy5xL5BGpI97zbBI3j0IEFVlKpXpg==
=DP1W
-END PGP SIGNATURE-
Aaron Haslett (1):
tests: Reduce likelihood of auth_log test locking up during CI
Amitay Isaacs (2):
ctdb-daemon: Fix maybe-uninitialized error with picky developer
ctdb-version: Simplify version string usage
Andreas Schneider (22):
libcli:smb: Zero sensitive memory after use
auth:gensec: Make sure we zero the checksum after use
libcli:auth: Avoid explicit ZERO_STRUCT
lib:crypto: Include only the required header files
krb5_wrap: Only use the required md4 header
libcli:auth: Only use the required md4 header
libcli:auth: Only use the required md4 header
s4:dsdb: Only use the required md4 header file
s4:dsdb: Only use the required md4 and md5 header files
libcli:samsync: Remove unused header file
s4:dsdb: Remove unused header file
s4:torture: Remove unused header file
libcli:auth: Remove unused header file
s4:torture: Make sure we do not create a shadow 'struct params'
lib:util: Move debug message for mkdir failing to log level 1
s3:script: Fix jobid check in test_smbspool.sh
s3:client: Pass DEVICE_URI and AUTH_INFO_REQUIRED env to smbspool
s3:client: Evaluate the AUTH_INFO_REQUIRED variable set by cups
s3:client: Make sure we work on a copy of the title
s3:client: Fix smbspool device uri handling
talloc: Fix alignment issues for casting pointers
s4:librpc: Fix installation of Samba
Andrew Bartlett (22):
dsdb: Unify samdb_{get,set}_ntds_{objectGUID,invocation_id}
kcc: Give a better error message when samdb_ntds_objectGUID fails
dsdb: Provide better error strings in rootdse GUID attribute handling
s4-server: Open and close a transaction on sam.ldb at startup
modules: Add dependency on tirpc to vfs_nfs4acl_xattr
samba-tool domain provision: Fix --interactive module in python3
build: Allow build when --disable-gnutls is set
regfio: Update code near recent changes to match README.Coding
regfio tests: Update comment style to match README.Coding
pytalloc: Remove deprecated pytalloc_CObject_FromTallocPtr()
build: Remove --extra-python
build: Remove bld.gen_python_environments()
selftest: Remove support for running multiple tests against python
versions in a single run
selftest: Remove obsolete py3_compatible=True markers
selftest: Remove mention of --extra-python from comment
build: Remove distinct .py3 ABI files
ABI: Remove unused .py3*.sigs files
build: Do not make python mandatory to build
build: Set default minimum python version to 3.4.0
build: Remove manual specification of minimum python version
build: Standardise on calling conf.SAMBA_CHECK_PYTHON() in libraries
talloc: Release talloc 2.2.0
Björn Jacke (1):
wafbuild: create missing private library symlinks on platforms without
soname support for shared libs
Christof Schmitt (4):
lib/winbind_util: Move include out of ifdef
lib/winbind_util: Remove winbind_[gu]id_to_sid
lib/winbind_util: Add winbind_xid_to_sid for --without-winbind
passdb: Increase ABI version to 0.28.0
David Disseldorp (8):
vfs_ceph: add missing fallocate hook
vfs_ceph: fix strict_allocate_ftruncate()
vfs_ceph: remove ceph_fallocate/ceph_ftruncate fallback
vfs_ceph: drop ifdef HAVE_FCHOWN/_FCHMOD
docs: fix minor typo in smb.conf "log level" section
ctdb_mutex_ceph_rados_helper: revert strtoull_err() usage
vfs: drop lseek stat-open checks
smbd: fix check_parent_access() talloc stackframe leaks
Douglas Bagnall (23):
s4/auth/krb: fix spelling of entries
dns_hub: use python 3 shebang
tests/rodc_rwdc: p.communicate() gives bytes, not str
dsdb:util_links: count el->values with unsigned int
dsdb/group_audit: use common get_parsed_dns_trusted()
replmd/la: disambiguate error messages a bit
dsdb/pytests: sanity checks for links under subtree renames
dsdb:replmd: add compatible feature helper function
dsdb: linked_attrib
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 4f307f2302b selftest: force running with TZ=UTC
via be6cf83c01d autobuild: try to distribute the tasks a bit more
via 253acdafd2b .gitlab-ci.yml: use .shared_template for samba
via e0bd12e0543 autobuild: spread ad-dc tests over 6 autobuild/ci
separate tasks/jobs
via 54278049e20 autobuild: add samba-ad-member task
via 2d576c3afce autobuild: run ad_dc_backup tests in samba-ad-dc-backup
via 1bc2456b87c autobuild: move maptoguest and simpleserver to
'samba-fileserver'
via 3cf317c9b86 autobuild: move nt4_dc_schannel out of 'samba'
via cd42d70d491 s4:selftest: make use of ad_dc_backup
via 13fe139fb26 selftest:Samba4: add ad_dc_backup alias to ad_dc
via 780cceaed9a s4:selftest: make use of ad_dc_default
via c217a15a2c3 selftest:Samba4: add ad_dc_default alias to ad_dc_ntvfs
via 3385b33cec1 s4:selftest: make use of ad_dc_slowtests
via c82b60c8272 selftest:Samba4: add ad_dc_slowtests alias to
ad_dc_ntvfs
via 07b662e287b s4:selftest: use the fl2008dc alias when looping over
all functional levels
via 62eeab8f6cb selftest:Samba4: add fl2008dc as alias to ad_dc_ntvfs
via ec115b9012c s4:selftest: move very slow tests on ad_dc_ntvfs into
one location in tests.py
from eb13f70e374 libcli:auth: Remove unused header file
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 4f307f2302b0fe8fd0fc6379eb8e6491faf8520c
Author: Stefan Metzmacher
Date: Wed Feb 27 08:22:09 2019 +0100
selftest: force running with TZ=UTC
Signed-off-by: Stefan Metzmacher
Reviewed-by: Andreas Schneider
Autobuild-User(master): Stefan Metzmacher
Autobuild-Date(master): Wed Feb 27 11:24:59 UTC 2019 on sn-devel-144
commit be6cf83c01db24b341125d4938f79304f875411a
Author: Stefan Metzmacher
Date: Tue Feb 26 22:55:05 2019 +0100
autobuild: try to distribute the tasks a bit more
Signed-off-by: Stefan Metzmacher
Reviewed-by: Andreas Schneider
commit 253acdafd2bf655cb8115aaf1e3a3522e96dde1c
Author: Stefan Metzmacher
Date: Thu Feb 21 09:05:18 2019 +0100
.gitlab-ci.yml: use .shared_template for samba
Signed-off-by: Stefan Metzmacher
Reviewed-by: Andreas Schneider
commit e0bd12e0543c5a39bf1cf015659ed32c116ab8cb
Author: Stefan Metzmacher
Date: Tue Feb 26 15:04:14 2019 +0100
autobuild: spread ad-dc tests over 6 autobuild/ci separate tasks/jobs
Signed-off-by: Stefan Metzmacher
Reviewed-by: Andreas Schneider
commit 54278049e203a489c69fde0795c4551bcd46365d
Author: Stefan Metzmacher
Date: Tue Feb 26 14:59:00 2019 +0100
autobuild: add samba-ad-member task
Signed-off-by: Stefan Metzmacher
Reviewed-by: Andreas Schneider
commit 2d576c3afce92021501da9e56ca5504d3fd00310
Author: Stefan Metzmacher
Date: Tue Feb 26 15:12:36 2019 +0100
autobuild: run ad_dc_backup tests in samba-ad-dc-backup
Signed-off-by: Stefan Metzmacher
Reviewed-by: Andreas Schneider
commit 1bc2456b87c4ddc603170d30e25cd615349a48e3
Author: Stefan Metzmacher
Date: Thu Feb 21 08:42:50 2019 +0100
autobuild: move maptoguest and simpleserver to 'samba-fileserver'
Signed-off-by: Stefan Metzmacher
Reviewed-by: Andreas Schneider
commit 3cf317c9b866dd9820039669769af26a1195db7a
Author: Stefan Metzmacher
Date: Thu Feb 21 08:37:53 2019 +0100
autobuild: move nt4_dc_schannel out of 'samba'
Signed-off-by: Stefan Metzmacher
Reviewed-by: Andreas Schneider
commit cd42d70d491586b83f97100c10e1039c542d3b29
Author: Stefan Metzmacher
Date: Tue Feb 26 14:04:42 2019 +0100
s4:selftest: make use of ad_dc_backup
Signed-off-by: Stefan Metzmacher
Reviewed-by: Andreas Schneider
commit 13fe139fb2661abf36701e35f2aca3a9a5df17ef
Author: Stefan Metzmacher
Date: Tue Feb 26 14:03:29 2019 +0100
selftest:Samba4: add ad_dc_backup alias to ad_dc
This will allow us to run really most tests in an isolated
autobuild/ci task later.
Signed-off-by: Stefan Metzmacher
Reviewed-by: Andreas Schneider
commit 780cceaed9aa130ca9cba199a4b98fa1c8bbc77a
Author: Stefan Metzmacher
Date: Tue Feb 26 14:04:42 2019 +0100
s4:selftest: make use of ad_dc_default
Signed-off-by: Stefan Metzmacher
Reviewed-by: Andreas Schneider
commit c217a15a2c3c6b6c171d28a57f9b0248dacaec53
Author: Stefan Metzmacher
Date: Tue Feb 26 14:03:29 2019 +0100
selftest:Samba4: add ad_dc_default alias to ad_dc_ntvfs
This will allow us to run really most tests in an isolated
autobuild/ci task later.
This will apply to tests, which may not rely on the ntvfs backend, so
the ad_dc_default alias can point to another environment in future.
Signed-off-by: Stefan Metzmacher
[SCM] Samba Shared Repository - annotated tag ldb-1.2.4 created
The annotated tag, ldb-1.2.4 has been created at 91319df7d4107e2030aa2c1273140263354b83a2 (tag) tagging a6f3bbf17ea49838b799aad2bc942105fdf718db (commit) replaces samba-4.7.12 tagged by Stefan Metzmacher on Tue Feb 26 17:00:39 2019 +0100 - Log - ldb: tag release ldb-1.2.4 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlx1YqcACgkQR5ORYRMI QCXiEgf/bLf0fQsvSrROts7VgFAChNpMY0ZyKlr38tXIxjaRZbI9zaGP4BDbig1I oNACwzDCkWtjNH3DuASHFa9+oGn0hRtgcUs7upYm6yewCzvf2MxBS82lKttUAiWV dHmqecxbvz0IQetCqQTnbeS/Y9F0a1x1oDHJbkaieZQiRGaJKltQi44LhzMBBQPo ob0g5xYv45sdqB/TGp6/B9HbNVwBeJ5hpb64xOsKNXn6pHMDtTGSrqTpqseJjlkS jKm2f6AMjgC67fwWdLqoIH8IDQQwWtCPHITWs4prDxbjGIv1SykUJdcvPdJrFsiq CBHGNMEV8nBRItOVpXAHfZMBzqxu7g== =dQLi -END PGP SIGNATURE- Aaron Haslett (1): CVE-2018-14629: Tests to expose regression from dns cname loop fix Andreas Schneider (1): CVE-2018-16853: Do not segfault if client is not set Andrew Bartlett (3): .gitlab-ci.yml: Adapt to current GitLab CI setup CVE-2019-3824 ldb: Extra comments to clarify no pointer wrap in wildcard processing CVE-2019-3824 ldb: Improve code style and layout in wildcard processing Gary Lockyer (5): CVE-2019-3824 ldb: ldb_parse_tree use talloc_zero CVE-2019-3824 ldb: wildcard_match check tree operation CVE-2019-3824 ldb: wildcard_match end of data check CVE-2019-3824 ldb: Add tests for ldb_wildcard_match CVE-2019-3824 ldb: Release ldb 1.2.4 Isaac Boukris (4): CVE-2018-16853: Fix kinit test on system lacking ldbsearch CVE-2018-16853: The ticket in check_policy_as can actually be a TGS CVE-2018-16853: Add a test to verify s4u2self doesn't crash CVE-2018-16853: fix crash in expired passowrd case Joe Guo (1): gitlab-ci: add .gitlab-ci.yml Karolin Seeger (3): VERSION: Bump version up to 4.7.12... Merge tag 'samba-4.7.12' into v4-7-test VERSION: Bump version up to 4.7.13. Lukas Slebodnik (1): CVE-2019-3824 ldb: Out of bound read in ldb_wildcard_compare Stefan Metzmacher (1): CVE-2018-14629 dns: fix CNAME loop prevention using counter regression --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-7-test updated
The branch, v4-7-test has been updated via a6f3bbf17ea CVE-2019-3824 ldb: Release ldb 1.2.4 via c6ec3fc6d0f CVE-2019-3824 ldb: Add tests for ldb_wildcard_match via 8ddaf853404 CVE-2019-3824 ldb: wildcard_match end of data check via c62bd66b84d CVE-2019-3824 ldb: wildcard_match check tree operation via e71cdbe57b5 CVE-2019-3824 ldb: ldb_parse_tree use talloc_zero via 5d6df9adbfd CVE-2019-3824 ldb: Improve code style and layout in wildcard processing via a3c42ff9331 CVE-2019-3824 ldb: Extra comments to clarify no pointer wrap in wildcard processing via e8af7222d2d CVE-2019-3824 ldb: Out of bound read in ldb_wildcard_compare from 23b41ebe1de CVE-2018-14629 dns: fix CNAME loop prevention using counter regression https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test - Log - commit a6f3bbf17ea49838b799aad2bc942105fdf718db Author: Gary Lockyer Date: Wed Feb 20 01:03:41 2019 + CVE-2019-3824 ldb: Release ldb 1.2.4 * CVE-2019-3824 out of bounds read in wildcard compare (bug 13773) BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer Autobuild-User(v4-7-test): Stefan Metzmacher Autobuild-Date(v4-7-test): Tue Feb 26 16:52:19 CET 2019 on sn-devel-144 commit c6ec3fc6d0f47885f4ce4fa89ac5644167a7dab0 Author: Gary Lockyer Date: Tue Feb 19 10:24:38 2019 +1300 CVE-2019-3824 ldb: Add tests for ldb_wildcard_match Add cmocka tests for ldb_wildcard_match. Running test_wildcard_match under valgrind reproduces CVE-2019-3824 out of bounds read in wildcard compare (bug 13773) valgrind --suppressions=lib/ldb/tests/ldb_match_test.valgrind\ bin/ldb_match_test BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer commit 8ddaf853404f3cddef84b77b38951526d73ffbda Author: Gary Lockyer Date: Tue Feb 19 10:26:56 2019 +1300 CVE-2019-3824 ldb: wildcard_match end of data check ldb_handler_copy and ldb_val_dup over allocate by one and add a trailing '\0' to the data, to make them safe to use the C string functions on. However testing for the trailing '\0' is not the correct way to test for the end of a value, the length should be checked instead. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer commit c62bd66b84defc73465e5f16f230f1855fb3bde3 Author: Gary Lockyer Date: Tue Feb 19 10:26:25 2019 +1300 CVE-2019-3824 ldb: wildcard_match check tree operation Check the operation type of the passed parse tree, and return LDB_INAPPROPRIATE_MATCH if the operation is not LDB_OP_SUBSTRING. A query of "attribute=*" gets parsed as LDB_OP_PRESENT, checking the operation and failing ldb_wildcard_match should help prevent confusion writing tests. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer commit e71cdbe57b5c86e597f1c007c07c66df652038c5 Author: Gary Lockyer Date: Tue Feb 19 10:25:24 2019 +1300 CVE-2019-3824 ldb: ldb_parse_tree use talloc_zero Initialise the created ldb_parse_tree with talloc_zero, this ensures that it is correctly initialised if inadvertently passed to a function expecting a different operation type. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer commit 5d6df9adbfd279cc0da7d5cae90cd724b635e97c Author: Andrew Bartlett Date: Mon Feb 4 11:22:50 2019 +1300 CVE-2019-3824 ldb: Improve code style and layout in wildcard processing BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Andrew Bartlett commit a3c42ff9331642ea989cba20175b7813050b9f5f Author: Andrew Bartlett Date: Mon Feb 4 11:22:34 2019 +1300 CVE-2019-3824 ldb: Extra comments to clarify no pointer wrap in wildcard processing BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Andrew Bartlett commit e8af7222d2de69d19216b922d5a85e4259ea5c40 Author: Lukas Slebodnik Date: Fri Jan 18 16:37:24 2019 +0100 CVE-2019-3824 ldb: Out of bound read in ldb_wildcard_compare There is valgrind error in few tests tests/test-generic.sh 91 echo "Test wildcard match" 92 $VALGRIND ldbadd $LDBDIR/tests/test-wildcard.ldif || exit 1 93 $VALGRIND ldbsearch '(cn=test*multi)' || exit 1 95 $VALGRIND ldbsearch '(cn=*test_multi)' || exit 1 97 $VALGRIND ldbsearch '(cn=test*multi*test*multi)' || exit 1 e.g. ==3098== Memcheck, a memory error detector ==3098== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==3098== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info ==
[SCM] Samba Shared Repository - annotated tag ldb-1.3.8 created
The annotated tag, ldb-1.3.8 has been created at 82d82420fa6a446bd2a413567487025bd647f01e (tag) tagging 8be2836cd825054ecffe112226400cdc42a2afc3 (commit) replaces ldb-1.3.7 tagged by Stefan Metzmacher on Tue Feb 26 16:14:40 2019 +0100 - Log - ldb: tag release ldb-1.3.8 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlx1V+AACgkQR5ORYRMI QCUZXwgAm8j1TZQFILZ1Dldt0Wnnqu6G+BGsCAFSt7jTpKXhe2b+F0mPS41NtnNZ lysz28BUEhzQHNjUB8Pw1VXQ0deRyR6ayLRTOncX0g6vUZukLOzKj3PA6DR3BqbL JkK/641J+LLj4LZixpNeGkIBijA3qgnaO3xj+y0aUhRrvpSJi7ERb1oam2a1YF0H cHZepXaH197KxqJ9K4OuRlAqMc4Rt501zC7Jbj7c6hAeC3ptl8hbVp93ZjDgUsVa WsTTiQJqC6RDVrm7E1bUppVEF3GKt8nIJCVKT2OwHDlf4wBkfwptWWqDXQ4/3Ssa ea0d9Ys5dMyj3J7hQ9DCSvlfU/ez2w== =t2YO -END PGP SIGNATURE- Andreas Schneider (2): s3:vfs: Initialize pid to 0 in test_netatalk_lock() s3:vfs: Correctly check if OFD locks should be enabled or not Andrew Bartlett (2): CVE-2019-3824 ldb: Extra comments to clarify no pointer wrap in wildcard processing CVE-2019-3824 ldb: Improve code style and layout in wildcard processing Christof Schmitt (1): waf: Check for libnscd David Disseldorp (2): printing: drop pcap_cache_loaded() guard around load_printers() printing: check lp_load_printers() prior to pcap cache update Gary Lockyer (5): CVE-2019-3824 ldb: ldb_parse_tree use talloc_zero CVE-2019-3824 ldb: wildcard_match check tree operation CVE-2019-3824 ldb: wildcard_match end of data check CVE-2019-3824 ldb: Add tests for ldb_wildcard_match PVE-2019-3824 ldb: Release ldb 1.3.8 Günther Deschner (1): s3-smbd: use fruit:model string for mDNS registration Jeremy Allison (4): s3: tests: Add regression test for smbd crash on share force group change with existing connection. smbd: uid: Don't crash if 'force group' is added to an existing share connection. s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility code. s4: torture: vfs_fruit. Change test_fruit_locking_conflict() to match the vfs_fruit working server code. Joe Guo (1): netcmd/user: python[3]-gpgme unsupported and replaced by python[3]-gpg Lukas Slebodnik (1): CVE-2019-3824 ldb: Out of bound read in ldb_wildcard_compare Ralph Boehme (2): tldap: avoid a use after free crash tldap: avoid more use after free errors --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag ldb-1.4.6 created
The annotated tag, ldb-1.4.6 has been created at 78c542c07a00ab1c402fd48294a2bc2a2368da64 (tag) tagging 2bbd2dcf282b865f2de6d7074b2d671b4a21666e (commit) replaces ldb-1.4.5 tagged by Stefan Metzmacher on Tue Feb 26 16:13:55 2019 +0100 - Log - ldb: tag release ldb-1.4.6 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlx1V7MACgkQR5ORYRMI QCXjQAgAlX4v7tfAY7fVaMVEalyf4PSCW9mMlEZ7DGYNFDxRldoJLKpthSV+YCo4 Mbb8mS/gFZhbF1GTLTsp4lW2cublEkG1KapC7hf+DAcjCcvaGe7Jlj0xjtr0gMnv tVBGoBr0l/jkRmluIYdM2Bfa61Hpu1mHAMvC7yb7rBYfYPHnmge5HzT3CuBXkUPP 6iFOU7vAT5Ir0QIrseTzTN22Hjjyf2X0btEBaLbHnH/OEK+D6XXC/hmr9rBEhDAS 7+ZMh29vpLLDHyZWFosoSoesFnYtScDGMsby36Zy3v2VN049zK2envKlK9waWfwK ZdfMm2VwiWxEWzem1t4Yh+DBWPQfYw== =6aiV -END PGP SIGNATURE- Andreas Schneider (2): s3:vfs: Initialize pid to 0 in test_netatalk_lock() s3:vfs: Correctly check if OFD locks should be enabled or not Andrew Bartlett (2): CVE-2019-3824 ldb: Extra comments to clarify no pointer wrap in wildcard processing CVE-2019-3824 ldb: Improve code style and layout in wildcard processing Christof Schmitt (1): waf: Check for libnscd David Disseldorp (2): printing: drop pcap_cache_loaded() guard around load_printers() printing: check lp_load_printers() prior to pcap cache update Gary Lockyer (5): CVE-2019-3824 ldb: ldb_parse_tree use talloc_zero CVE-2019-3824 ldb: wildcard_match check tree operation CVE-2019-3824 ldb: wildcard_match end of data check CVE-2019-3824 ldb: Add tests for ldb_wildcard_match CVE-2019-3824 ldb: Release ldb 1.4.6 Günther Deschner (1): s3-smbd: use fruit:model string for mDNS registration Jeremy Allison (4): s3: tests: Add regression test for smbd crash on share force group change with existing connection. smbd: uid: Don't crash if 'force group' is added to an existing share connection. s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility code. s4: torture: vfs_fruit. Change test_fruit_locking_conflict() to match the vfs_fruit working server code. Joe Guo (1): netcmd/user: python[3]-gpgme unsupported and replaced by python[3]-gpg Lukas Slebodnik (1): CVE-2019-3824 ldb: Out of bound read in ldb_wildcard_compare Ralph Boehme (2): tldap: avoid a use after free crash tldap: avoid more use after free errors --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag ldb-1.5.4 created
The annotated tag, ldb-1.5.4 has been created at 3d0c919197e7f131ec71f6f155dd2b132ca971f8 (tag) tagging 97fcdfb58a751046541c370d68d6c52114fd702b (commit) replaces samba-4.10.0rc3 tagged by Stefan Metzmacher on Tue Feb 26 16:13:09 2019 +0100 - Log - ldb: tag release ldb-1.5.4 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlx1V4UACgkQR5ORYRMI QCUjPAgAndQrJdspvXMCsdowQO66PacW4RDeAEPLyQHugQvtuCnf13tbys3SsqOU eQ/FjaqQa8K6aXWWtmykg+VDfooeeAtWGUD2FeZH6/7/pDZy7DzS4r7fQM0zRWCR OPPv6cPGL6ZA+22jB/OMf/DRzgSG1ivcGZFNL8mi8HWEffNiFz7H/2wzLPRi+Bzn /C4JCw/OLVDYhaMByF7su85hb3SSbLIhVKgE+zOmK6MACmmcalmZ24GlHt0I8tjA MopCbso8uylUcgvBzABDsvYprj4da1rx1o3KWn5rt+H08DW7a6wnMmpe+aPh6b2O /iMHkZ5m0NZf/smxCOk8QeXfx27m5g== =cTwZ -END PGP SIGNATURE- Andreas Schneider (7): lib:tdb: Use C99 initializer for PyGetSetDef in pytdb lib:tdb: Use C99 initializer for tdb_header lib:tdb: Use C99 initializer for tdb_logging_context lib:tevent: Use correct C99 initializer for tevent_req lib:ldb: Use C99 initializer for PyGetSetDef in pyldb lib:ldb: Use C99 initializer for tdb_logging_context lib:ldb: Use correct C99 initializer for 'struct tm' Andrew Bartlett (2): CVE-2019-3824 ldb: Extra comments to clarify no pointer wrap in wildcard processing CVE-2019-3824 ldb: Improve code style and layout in wildcard processing David Mulder (1): Search for location of waf script Douglas Bagnall (1): py_tevent: add_timer takes float argument Gary Lockyer (4): CVE-2019-3824 ldb: ldb_parse_tree use talloc_zero CVE-2019-3824 ldb: wildcard_match check tree operation CVE-2019-3824 ldb: wildcard_match end of data check CVE-2019-3824 ldb: Add tests for ldb_wildcard_match Karolin Seeger (1): VERSION: Bump version up to 4.10.0rc4... Lukas Slebodnik (3): tdb: Fix compatibility of wscript with older python ldb: The test api.py should not rely on order of entries in dict CVE-2019-3824 ldb: Out of bound read in ldb_wildcard_compare Noel Power (1): buildtools/wafsamba: Avoid decode when using python2 Stefan Metzmacher (4): tdb: version 1.3.18 talloc: version 2.1.16 tevent: version 0.9.39 CVE-2019-3824 ldb: version 1.5.4 --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via 97fcdfb58a7 CVE-2019-3824 ldb: version 1.5.4 via 21a44989274 CVE-2019-3824 ldb: Add tests for ldb_wildcard_match via aecd14f8bdc CVE-2019-3824 ldb: wildcard_match end of data check via 41fd2cde0c7 CVE-2019-3824 ldb: wildcard_match check tree operation via 9a0ace32390 CVE-2019-3824 ldb: ldb_parse_tree use talloc_zero via 4cd0abe3c70 CVE-2019-3824 ldb: Improve code style and layout in wildcard processing via e9afae48efa CVE-2019-3824 ldb: Extra comments to clarify no pointer wrap in wildcard processing via aa13a46221a CVE-2019-3824 ldb: Out of bound read in ldb_wildcard_compare via bfa9353ce1d ldb: The test api.py should not rely on order of entries in dict via 942822e7165 lib:ldb: Use correct C99 initializer for 'struct tm' via d16b81cf586 lib:ldb: Use C99 initializer for tdb_logging_context via 7d0902c2a2b lib:ldb: Use C99 initializer for PyGetSetDef in pyldb via 0da2d830806 tevent: version 0.9.39 via f868654638a py_tevent: add_timer takes float argument via 6b125f6ce2d lib:tevent: Use correct C99 initializer for tevent_req via 7bc0d67e2f5 talloc: version 2.1.16 via dd2ec6de72d tdb: version 1.3.18 via 0130b999d2a lib:tdb: Use C99 initializer for tdb_logging_context via a5284f9ce32 lib:tdb: Use C99 initializer for tdb_header via b6bb285d9a9 lib:tdb: Use C99 initializer for PyGetSetDef in pytdb via 50be2c58274 tdb: Fix compatibility of wscript with older python via ba5a93c860a Search for location of waf script from fb1d5988e30 buildtools/wafsamba: Avoid decode when using python2 https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit 97fcdfb58a751046541c370d68d6c52114fd702b Author: Stefan Metzmacher Date: Tue Feb 26 12:29:13 2019 +0100 CVE-2019-3824 ldb: version 1.5.4 * Fix standalone build of ldb. * C99 build fixes. * CVE-2019-3824 out of bounds read in wildcard compare (bug 13773) Signed-off-by: Stefan Metzmacher Autobuild-User(v4-10-test): Stefan Metzmacher Autobuild-Date(v4-10-test): Tue Feb 26 16:09:12 CET 2019 on sn-devel-144 commit 21a449892743994487f70dd67914f87cd83e4fc1 Author: Gary Lockyer Date: Tue Feb 19 10:24:38 2019 +1300 CVE-2019-3824 ldb: Add tests for ldb_wildcard_match Add cmocka tests for ldb_wildcard_match. Running test_wildcard_match under valgrind reproduces CVE-2019-3824 out of bounds read in wildcard compare (bug 13773) valgrind --suppressions=lib/ldb/tests/ldb_match_test.valgrind\ bin/ldb_match_test BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer Reviewed-by: Andrew Bartlett (cherry picked from commit 45b75db50f5c1a7c8c38af59a62fccee5401c845) commit aecd14f8bdc00519c981f17d398df3054fcab9da Author: Gary Lockyer Date: Tue Feb 19 10:26:56 2019 +1300 CVE-2019-3824 ldb: wildcard_match end of data check ldb_handler_copy and ldb_val_dup over allocate by one and add a trailing '\0' to the data, to make them safe to use the C string functions on. However testing for the trailing '\0' is not the correct way to test for the end of a value, the length should be checked instead. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer Reviewed-by: Andrew Bartlett (cherry picked from commit 42f0f57eb819ce6b68a8c5b3b53123b83ec917e3) commit 41fd2cde0c7e422381c7ae62296b1767feec9dcb Author: Gary Lockyer Date: Tue Feb 19 10:26:25 2019 +1300 CVE-2019-3824 ldb: wildcard_match check tree operation Check the operation type of the passed parse tree, and return LDB_INAPPROPRIATE_MATCH if the operation is not LDB_OP_SUBSTRING. A query of "attribute=*" gets parsed as LDB_OP_PRESENT, checking the operation and failing ldb_wildcard_match should help prevent confusion writing tests. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer Reviewed-by: Andrew Bartlett (cherry picked from commit 34383981a0c40860f71a4451ff8fd752e1b67666) commit 9a0ace323908104b01840c4ff3e01376d20cb5c3 Author: Gary Lockyer Date: Tue Feb 19 10:25:24 2019 +1300 CVE-2019-3824 ldb: ldb_parse_tree use talloc_zero Initialise the created ldb_parse_tree with talloc_zero, this ensures that it is correctly initialised if inadvertently passed to a function expecting a different operation type. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer Reviewed-by: Andrew Bartlett (cherry picked from commit 8d34d172092f71baad0d777567e49aebfa07313d) commit 4cd0abe3c709e46
[SCM] Samba Shared Repository - branch v4-8-test updated
The branch, v4-8-test has been updated via 8be2836cd82 PVE-2019-3824 ldb: Release ldb 1.3.8 via a6b067e00b6 CVE-2019-3824 ldb: Add tests for ldb_wildcard_match via 2f6b4d11136 CVE-2019-3824 ldb: wildcard_match end of data check via 9b5a7c8abec CVE-2019-3824 ldb: wildcard_match check tree operation via da12e534efe CVE-2019-3824 ldb: ldb_parse_tree use talloc_zero via 699e2aa1994 CVE-2019-3824 ldb: Improve code style and layout in wildcard processing via 28193ca851c CVE-2019-3824 ldb: Extra comments to clarify no pointer wrap in wildcard processing via bd62896ddc2 CVE-2019-3824 ldb: Out of bound read in ldb_wildcard_compare from 080dae06412 waf: Check for libnscd https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-test - Log - commit 8be2836cd825054ecffe112226400cdc42a2afc3 Author: Gary Lockyer Date: Wed Feb 20 10:45:05 2019 +1300 PVE-2019-3824 ldb: Release ldb 1.3.8 * CVE-2019-3824 out of bounds read in wildcard compare (bug 13773) BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer Autobuild-User(v4-8-test): Stefan Metzmacher Autobuild-Date(v4-8-test): Tue Feb 26 12:58:03 CET 2019 on sn-devel-144 commit a6b067e00b67cac6f3a36c8ef5edba6fd9b10def Author: Gary Lockyer Date: Tue Feb 19 10:24:38 2019 +1300 CVE-2019-3824 ldb: Add tests for ldb_wildcard_match Add cmocka tests for ldb_wildcard_match. Running test_wildcard_match under valgrind reproduces CVE-2019-3824 out of bounds read in wildcard compare (bug 13773) valgrind --suppressions=lib/ldb/tests/ldb_match_test.valgrind\ bin/ldb_match_test BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer commit 2f6b4d11136f042f5c532199389877ed846c6f83 Author: Gary Lockyer Date: Tue Feb 19 10:26:56 2019 +1300 CVE-2019-3824 ldb: wildcard_match end of data check ldb_handler_copy and ldb_val_dup over allocate by one and add a trailing '\0' to the data, to make them safe to use the C string functions on. However testing for the trailing '\0' is not the correct way to test for the end of a value, the length should be checked instead. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer commit 9b5a7c8abecbf605227cc974927c6d76f9b5 Author: Gary Lockyer Date: Tue Feb 19 10:26:25 2019 +1300 CVE-2019-3824 ldb: wildcard_match check tree operation Check the operation type of the passed parse tree, and return LDB_INAPPROPRIATE_MATCH if the operation is not LDB_OP_SUBSTRING. A query of "attribute=*" gets parsed as LDB_OP_PRESENT, checking the operation and failing ldb_wildcard_match should help prevent confusion writing tests. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer commit da12e534efe2c80dc394295315a9a34ac72a2e9f Author: Gary Lockyer Date: Tue Feb 19 10:25:24 2019 +1300 CVE-2019-3824 ldb: ldb_parse_tree use talloc_zero Initialise the created ldb_parse_tree with talloc_zero, this ensures that it is correctly initialised if inadvertently passed to a function expecting a different operation type. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer commit 699e2aa19946d43b162355dcb299a1dd798c9cd7 Author: Andrew Bartlett Date: Mon Feb 4 11:22:50 2019 +1300 CVE-2019-3824 ldb: Improve code style and layout in wildcard processing BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Andrew Bartlett commit 28193ca851ccba9652f59a2ba4213f536c9fa198 Author: Andrew Bartlett Date: Mon Feb 4 11:22:34 2019 +1300 CVE-2019-3824 ldb: Extra comments to clarify no pointer wrap in wildcard processing BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Andrew Bartlett commit bd62896ddc223270082dd67b068e944c696fed09 Author: Lukas Slebodnik Date: Fri Jan 18 16:37:24 2019 +0100 CVE-2019-3824 ldb: Out of bound read in ldb_wildcard_compare There is valgrind error in few tests tests/test-generic.sh 91 echo "Test wildcard match" 92 $VALGRIND ldbadd $LDBDIR/tests/test-wildcard.ldif || exit 1 93 $VALGRIND ldbsearch '(cn=test*multi)' || exit 1 95 $VALGRIND ldbsearch '(cn=*test_multi)' || exit 1 97 $VALGRIND ldbsearch '(cn=test*multi*test*multi)' || exit 1 e.g. ==3098== Memcheck, a memory error detector ==3098== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==3098== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info ==3098== Command: ./bin/ldbsearch (cn=test*multi
[SCM] Samba Shared Repository - annotated tag tevent-0.9.39 created
The annotated tag, tevent-0.9.39 has been created at 74f21d5f6a5fdd3f50bcf66ab9d49ddfb84958aa (tag) tagging db58a50296041ca57675daee15caea8850f1d3f8 (commit) replaces talloc-2.1.16 tagged by Stefan Metzmacher on Tue Feb 26 12:46:21 2019 +0100 - Log - tevent: tag release tevent-0.9.39 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlx1Jw0ACgkQR5ORYRMI QCWdDwf/YZDy6K2r10bMk2zSabmHF4OHk14d2h3wtozaiKIyolBVUeneEOYJJQt/ Zv17ABWkbV1lvvSmIXfOuq6m1I0+GTdSeZqkX0VLwDf3SzCLtBKIYDGurmuN6TLL F73j5wgKRoi9KqIjBqoWlb+hBhkC9eAC5rgxyjH4b6Q+URYmZrh+HlwZvvgpr7FI BiiiPPsei+Njg86OeBgD63LnY3dYq9dc5oBiEGLYXdxqCivuRxr4CIDCOqx7lt9c 5za7DivWgcPkFIjgYpdzjyHRXk83+6CZbWih5F8NHeilJ27JkJ0idxIZ/iWAJiQJ nCrkMiucKwNBjW5ieoAdXybWR7mTIg== =IMes -END PGP SIGNATURE- Stefan Metzmacher (1): tevent: version 0.9.39 --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag ldb-1.6.2 created
The annotated tag, ldb-1.6.2 has been created at 8eacdf6f9ad5ead9158d2243527c6d5e0b2ea3f5 (tag) tagging 09d281d69b668a71e4457889bb5e949414a664fb (commit) replaces tevent-0.9.39 tagged by Stefan Metzmacher on Tue Feb 26 12:46:48 2019 +0100 - Log - ldb: tag release ldb-1.6.2 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlx1JygACgkQR5ORYRMI QCUoMAgAiVI4h0U6D3xDnypc765txCrdnONkWcJU2boBfKCLsYYG7/Rc0gCyYYnt PeniYrTjRStjb31JKKYGeNIWBoUDMYAQr2QGL/Ye7ER6+zJn3CzfRGcSe2LksCV9 zKy8eJp4kejpoMCJZQVXTaU690WVV6RcV8hEVAGv3ofoV7HP+QRNfOxbm7BJUpBl ejsQHZl4JC/MaE39KosqvESdXy+Bm5iHY/P4RMfs+5dwxefBzmeI32ZNZcjHlct0 Ze0fOdMR8XbnynW0n44fCcPYZ60DXrFSZMNRYv41COZ2y+/oLhvCtRegAJQ4IXtc xBd/LZnC32IcnDMdPWlSVwQwUwIyzQ== =PiE8 -END PGP SIGNATURE- Stefan Metzmacher (1): ldb: version 1.6.2 --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag talloc-2.1.16 created
The annotated tag, talloc-2.1.16 has been created at 6e2ffc7dfa92e8cb2ca8c2ef986e7dd98956e1df (tag) tagging 3fe1551b5347934a20b9161a23e6a16220c3aeb6 (commit) replaces tdb-1.3.18 tagged by Stefan Metzmacher on Tue Feb 26 12:45:53 2019 +0100 - Log - talloc: tag release talloc-2.1.16 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlx1JvEACgkQR5ORYRMI QCXagwgAsEzBVZIHff2gYyxp4uKtq3bv3L+cmGMMBSDhTVFe4DiMOtJjFRBgAWlq xwFohbwlzi4v6EyOUqwV6DB9vfzEJrd/nfOV2DL5c/93WkoboL3n9xRY+2EgFu7T Fy5Apb/DCnpJWPnevlTrPjapWRON9YAzRf91DrCY2uqfdjH/qlU8c5X1DsrVMxn4 xOMBHgwzFdC+1Yu6QuGgn189vXmpIJO33g8+zs0P+opd13QxEFIQhLJErBK3KOp3 BHF6Lr+lo4u5apyp60WFWvSG2kGe5J+xax69TLeJS5lBzHDtteBcnKo/EUus3gtG 2/QqjMBlT148ytUIOWFTF4EMmfSV/Q== =gp9Q -END PGP SIGNATURE- Stefan Metzmacher (1): talloc: version 2.1.16 --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag tdb-1.3.18 created
The annotated tag, tdb-1.3.18 has been created at 73f231b11299a4df7aa21c769de08bc938fe5fad (tag) tagging f0d26dd1816f35a00abf52b640f42547ffdfa01b (commit) replaces ldb-1.6.1 tagged by Stefan Metzmacher on Tue Feb 26 12:45:17 2019 +0100 - Log - tdb: tag release tdb-1.3.18 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlx1Js0ACgkQR5ORYRMI QCX4Ywf7BzRLcMNGG8qCc1vu3KoRXMppbd/C59wikyuTp097iDnl9M8cEDFnFwxV J+8ISMegJBIiYJ3paI/ORFFZu+uNC3iHv7D4UNbsjbSYRTjyJQpIwhTNbTN5ldAP QGDohKUSXOfa/w0y7jtVofmMVjCfHx3rEoLtaqRJ4HxtXeAQZRdhnVG2z9jWurj+ 8eExKyDaFnLJcrbD/O/+6ogIfk+4HiIe0cbwEKrWefzI2HH1YYNp7vu6VulGqh/K OKVEW3ayrPNoZWQtMJQQw3oaThqGECXWnh+7OGXB6YH3jPvrDwA3qgONO+GCS0n3 HosB5bFs7+xilsFisP1Jn88fT3JmUA== =Crqu -END PGP SIGNATURE- David Mulder (1): Search for location of waf script Stefan Metzmacher (1): tdb: version 1.3.18 --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 09d281d69b6 ldb: version 1.6.2
via db58a502960 tevent: version 0.9.39
via 3fe1551b534 talloc: version 2.1.16
via f0d26dd1816 tdb: version 1.3.18
via 5ed5c337644 Search for location of waf script
from de3bb5cd523 CVE-2019-3824 ldb: Release ldb 1.6.1
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 09d281d69b668a71e4457889bb5e949414a664fb
Author: Stefan Metzmacher
Date: Tue Feb 26 10:19:44 2019 +0100
ldb: version 1.6.2
* Fix standalone build of ldb.
Signed-off-by: Stefan Metzmacher
Autobuild-User(master): Stefan Metzmacher
Autobuild-Date(master): Tue Feb 26 12:10:40 CET 2019 on sn-devel-144
commit db58a50296041ca57675daee15caea8850f1d3f8
Author: Stefan Metzmacher
Date: Tue Feb 26 10:19:44 2019 +0100
tevent: version 0.9.39
* py_tevent: add_timer takes float argument
* C99 build fixes.
* Fix standalone build of tevent.
Signed-off-by: Stefan Metzmacher
commit 3fe1551b5347934a20b9161a23e6a16220c3aeb6
Author: Stefan Metzmacher
Date: Tue Feb 26 10:19:44 2019 +0100
talloc: version 2.1.16
* Fix standalone build of talloc.
Signed-off-by: Stefan Metzmacher
commit f0d26dd1816f35a00abf52b640f42547ffdfa01b
Author: Stefan Metzmacher
Date: Tue Feb 26 10:19:44 2019 +0100
tdb: version 1.3.18
* Fix build problems with older python versions.
* C99 build fixes.
* Fix standalone build of tdb.
Signed-off-by: Stefan Metzmacher
commit 5ed5c337644c641aba0d07f3668d478050e5f69e
Author: David Mulder
Date: Thu Feb 7 10:47:47 2019 -0700
Search for location of waf script
When calling make from the ldb, talloc, tdb, and
tevent bundles, we need to first find the
location of the waf script. Currently the build
fails since it can't find waf.
Fixes regression caused by a660b7f.
Signed-off-by: David Mulder
Reviewed-by: Andrew Bartlett
---
Summary of changes:
lib/ldb/ABI/{ldb-1.5.1.sigs => ldb-1.6.2.sigs} | 0
lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util-1.6.2.sigs} | 0
lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util.py3-1.6.2.sigs} | 0
lib/ldb/Makefile | 3 ++-
lib/ldb/wscript| 2 +-
.../ABI/{pytalloc-util-2.1.10.sigs => pytalloc-util-2.1.16.sigs} | 0
.../{pytalloc-util.py3-2.1.10.sigs => pytalloc-util.py3-2.1.16.sigs} | 0
lib/talloc/ABI/{talloc-2.1.10.sigs => talloc-2.1.16.sigs} | 0
lib/talloc/Makefile| 3 ++-
lib/talloc/wscript | 2 +-
lib/tdb/ABI/{tdb-1.3.17.sigs => tdb-1.3.18.sigs} | 0
lib/tdb/Makefile | 3 ++-
lib/tdb/wscript| 2 +-
lib/tevent/ABI/{tevent-0.9.37.sigs => tevent-0.9.39.sigs} | 0
lib/tevent/Makefile| 3 ++-
lib/tevent/wscript | 2 +-
16 files changed, 12 insertions(+), 8 deletions(-)
copy lib/ldb/ABI/{ldb-1.5.1.sigs => ldb-1.6.2.sigs} (100%)
copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util-1.6.2.sigs} (100%)
copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util.py3-1.6.2.sigs} (100%)
copy lib/talloc/ABI/{pytalloc-util-2.1.10.sigs => pytalloc-util-2.1.16.sigs}
(100%)
copy lib/talloc/ABI/{pytalloc-util.py3-2.1.10.sigs =>
pytalloc-util.py3-2.1.16.sigs} (100%)
copy lib/talloc/ABI/{talloc-2.1.10.sigs => talloc-2.1.16.sigs} (100%)
copy lib/tdb/ABI/{tdb-1.3.17.sigs => tdb-1.3.18.sigs} (100%)
copy lib/tevent/ABI/{tevent-0.9.37.sigs => tevent-0.9.39.sigs} (100%)
Changeset truncated at 500 lines:
diff --git a/lib/ldb/ABI/ldb-1.5.1.sigs b/lib/ldb/ABI/ldb-1.6.2.sigs
similarity index 100%
copy from lib/ldb/ABI/ldb-1.5.1.sigs
copy to lib/ldb/ABI/ldb-1.6.2.sigs
diff --git a/lib/ldb/ABI/pyldb-util-1.1.10.sigs
b/lib/ldb/ABI/pyldb-util-1.6.2.sigs
similarity index 100%
copy from lib/ldb/ABI/pyldb-util-1.1.10.sigs
copy to lib/ldb/ABI/pyldb-util-1.6.2.sigs
diff --git a/lib/ldb/ABI/pyldb-util-1.1.10.sigs
b/lib/ldb/ABI/pyldb-util.py3-1.6.2.sigs
similarity index 100%
copy from lib/ldb/ABI/pyldb-util-1.1.10.sigs
copy to lib/ldb/ABI/pyldb-util.py3-1.6.2.sigs
diff --git a/lib/ldb/Makefile b/lib/ldb/Makefile
index 18ef459eb16..b82723f35ed 100644
--- a/lib/ldb/Makefile
+++ b/lib/ldb/Makefile
@@ -1,6 +1,7 @@
# simple makefile wrapper to run waf
-WAF_BINARY=$(PYTHON) ../../buildtools/bin/waf
+WAF_BIN=`PATH=buildtools/b
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via 2bbd2dcf282 CVE-2019-3824 ldb: Release ldb 1.4.6 via 47b2344bdb1 CVE-2019-3824 ldb: Add tests for ldb_wildcard_match via 2a88a47b9f8 CVE-2019-3824 ldb: wildcard_match end of data check via 73187de7138 CVE-2019-3824 ldb: wildcard_match check tree operation via 754bc1a76e9 CVE-2019-3824 ldb: ldb_parse_tree use talloc_zero via 33fa01b4be0 CVE-2019-3824 ldb: Improve code style and layout in wildcard processing via cedc4e89625 CVE-2019-3824 ldb: Extra comments to clarify no pointer wrap in wildcard processing via fd8e90b9a51 CVE-2019-3824 ldb: Out of bound read in ldb_wildcard_compare from 2f5823c5015 waf: Check for libnscd https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit 2bbd2dcf282b865f2de6d7074b2d671b4a21666e Author: Gary Lockyer Date: Wed Feb 20 10:17:16 2019 +1300 CVE-2019-3824 ldb: Release ldb 1.4.6 * CVE-2019-3824 out of bounds read in wildcard compare (bug 13773) BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer Autobuild-User(v4-9-test): Stefan Metzmacher Autobuild-Date(v4-9-test): Tue Feb 26 11:11:42 CET 2019 on sn-devel-144 commit 47b2344bdb126964a314cdc9e938ad81023216f5 Author: Gary Lockyer Date: Tue Feb 19 10:24:38 2019 +1300 CVE-2019-3824 ldb: Add tests for ldb_wildcard_match Add cmocka tests for ldb_wildcard_match. Running test_wildcard_match under valgrind reproduces CVE-2019-3824 out of bounds read in wildcard compare (bug 13773) valgrind --suppressions=lib/ldb/tests/ldb_match_test.valgrind\ bin/ldb_match_test BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer commit 2a88a47b9f8460be4b46d4dce7ac9fc4a53c86a7 Author: Gary Lockyer Date: Tue Feb 19 10:26:56 2019 +1300 CVE-2019-3824 ldb: wildcard_match end of data check ldb_handler_copy and ldb_val_dup over allocate by one and add a trailing '\0' to the data, to make them safe to use the C string functions on. However testing for the trailing '\0' is not the correct way to test for the end of a value, the length should be checked instead. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer commit 73187de71382e48c7eba595aad2fa69dca020a7d Author: Gary Lockyer Date: Tue Feb 19 10:26:25 2019 +1300 CVE-2019-3824 ldb: wildcard_match check tree operation Check the operation type of the passed parse tree, and return LDB_INAPPROPRIATE_MATCH if the operation is not LDB_OP_SUBSTRING. A query of "attribute=*" gets parsed as LDB_OP_PRESENT, checking the operation and failing ldb_wildcard_match should help prevent confusion writing tests. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer commit 754bc1a76e91c265fc1cd69264d013ea60d25392 Author: Gary Lockyer Date: Tue Feb 19 10:25:24 2019 +1300 CVE-2019-3824 ldb: ldb_parse_tree use talloc_zero Initialise the created ldb_parse_tree with talloc_zero, this ensures that it is correctly initialised if inadvertently passed to a function expecting a different operation type. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer commit 33fa01b4be0d70c880a82069cd264c618b981822 Author: Andrew Bartlett Date: Mon Feb 4 11:22:50 2019 +1300 CVE-2019-3824 ldb: Improve code style and layout in wildcard processing BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Andrew Bartlett commit cedc4e89625c98ac5607f8a4facef933e6bf04ca Author: Andrew Bartlett Date: Mon Feb 4 11:22:34 2019 +1300 CVE-2019-3824 ldb: Extra comments to clarify no pointer wrap in wildcard processing BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Andrew Bartlett commit fd8e90b9a51ed67f05cb50645fbb05d708770d2f Author: Lukas Slebodnik Date: Fri Jan 18 16:37:24 2019 +0100 CVE-2019-3824 ldb: Out of bound read in ldb_wildcard_compare There is valgrind error in few tests tests/test-generic.sh 91 echo "Test wildcard match" 92 $VALGRIND ldbadd $LDBDIR/tests/test-wildcard.ldif || exit 1 93 $VALGRIND ldbsearch '(cn=test*multi)' || exit 1 95 $VALGRIND ldbsearch '(cn=*test_multi)' || exit 1 97 $VALGRIND ldbsearch '(cn=test*multi*test*multi)' || exit 1 e.g. ==3098== Memcheck, a memory error detector ==3098== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==3098== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info ==3098== Command: ./bin/ldbsearch (cn=test*multi
[SCM] Samba Shared Repository - annotated tag ldb-1.6.1 created
The annotated tag, ldb-1.6.1 has been created at 99b2f65801deac7f102853d717747dfd125d5fb5 (tag) tagging de3bb5cd5236565f2b79644d99e55d03b254b65e (commit) replaces samba-4.10.0rc1 tagged by Stefan Metzmacher on Tue Feb 26 07:44:57 2019 +0100 - Log - ldb: tag release ldb-1.6.1 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlx04GkACgkQR5ORYRMI QCX2aAgAkI/J9NAaiRj0098ufSes6cW4qnR/Qrv0aOfJqDrdOAXsxmFBLKfxfwgz Vc+CcdKmKQAly6AFMFS0cWQOxc5BMINbHqyymQB2lKb1WkPpZyh/OBqiCcnIArfZ rXz66RMzMQ+e3wMC904D12pwBnV8y1f5RSonahuhN7llptwlYz7VMYgOpO+Z8aUQ XQwbUmGY+vN1BaVItKK3ilqmAEK1s4TMoP920tmQptfTcWIKd6ohLUcYMUAb9lOx 74jwq0SIDBUlC/Ga0fV3CclPJ/gXXcXcOivFoU+GK9q9epejlVGwx1PTdhNZ8DiF yGBoz65K8nNS5oAQU+hxUYPhgkDSkg== =dYKn -END PGP SIGNATURE- Aliaksei Karaliou (7): build: Get rid of hardcoded 'bin/default' in includes build:docs: Get rid of hardcoded 'bin/default' build: Fixed usage of non-default path to WAFLOCK build: Don't generate kerberos_implementation.py if building without python s3:util: Move popen wrappers to lib/util s3:util: Move static file_pload() function to lib/util s3:modules: Fix compilation of nfs41acl_xdr.c when building outside src Andreas Schneider (141): generate_param.py: Use C99 initializer for last element in param table s4:librpc: Use C99 initializer for PyGetSetDef in py_auth s3:lib: Fix the debug message for adding cache entries. lib:mscat: Fix may be used uninitialized warnings lib:mscat: Use size_t for len value to fix build issue s4:dsdb: Fix size types in audit_log s4:dsdb: Fix size type for num_of_attrs in acl_read s4:kdc: Fix size type for num_bind in kdc-heimdal gitlab-ci: Move the image definition to the template gitlab-ci: Move before and after script to shared template gitlab-ci: Use artifacts instead of after_script ctdb: Use C99 initializer for poptOption in ctdb tool ctdb: Use C99 initializer for poptOption in test_options examples: Reformat testacl libsmbclient example examples: Use C99 initializer for poptOption in testacl lib:texpect: Use C99 initializer for poptOption in texpect libcli:nbt: Use C99 initializer for poptOption in nmblookup nsswitch: Use C99 initializer for poptOption in wbinfo s3:client: Use C99 initializer for poptOption in smbclient s3:rpcclient: Use C99 initializer for poptOption in cmd_witness s3:smbd: Use C99 initializer for poptOption in smbd server s3:torture: Use C99 initializer for poptOption in vfstest s3:utils: Use C99 initializer for poptOption in smbstatus s3:utils: Use C99 initializer for poptOption in smbcacls s3:utils: Use C99 initializer for poptOption in nmblookup s3:utils: Use C99 initializer for poptOption in profiles s3:utils: Use C99 initializer for poptOption in sharesec s3:utils: Use C99 initializer for poptOption in ntlm_auth s3:utils: Use C99 initializer for poptOption in smbcquotas s3:utils: Use C99 initializer for poptOption in testparm s3:utils: Use C99 initializer for poptOption in log2pcaphex s3:utils: Use C99 initializer for poptOption in net s3:utils: Use C99 initializer for poptOption in smbtree s3:utils: Use C99 initializer for poptOption in smbget s3:param: Use C99 initializer for poptOption in test_lp_load s3:winbind: Use C99 initializer for poptOption in winbindd s3:lib: Use POPT_TABLEEND for last element of poptOption s3:lib: Use C99 initializer for poptOption in netapi common test s3:lib: Use C99 initializer for poptOption in netapi nltest s3:lib: Use C99 initializer for poptOption in popt_common s3:lib: Use C99 initializer for poptOption in popt_common_cmdline s3:netapi: Use C99 initializer for poptOption in netapi example s3:nmbd: Use C99 initializer for poptOption in nmbd s3:utils: Use C99 initializer for poptOption in mvxattr s4:smbd: Use C99 initializer for poptOption in server s4:client: Use C99 initializer for poptOption in client s4:client: Use C99 initializer for poptOption in cifsdd s4:lib: Use C99 initializer for poptOption in popt_common s4:lib: Use C99 initializer for poptOption in popt_credentials s3:torture: Use C99 initializer for cmd_set in cmd_vfs s3:torture: Use C99 initializer for cmd_set in vfstest s3:rpcclient: Use C99 initializer for cmd_set in cmd_spoolss s3:rpcclient: Use C99 initializer for cmd_set in cmd_dfs s3:rpcclient: Use C99 initializer for cmd_set in cmd_netlogon s3:rpcclient: Use C99 initializer for cmd_set in cmd_srvsvc s3:rpcclient: Use C99 initializer for cmd_set in cmd_echo s3:rpcclient: Use C99 initializer for cmd_set in cmd_drsuapi s3:rpcclient: Use C99 i
[SCM] Samba Shared Repository - annotated tag ldb-1.5.3 created
The annotated tag, ldb-1.5.3 has been created at fbdac6dc625d3aace4cf7018405b994fc6000bc7 (tag) tagging e21e24d8345e441d639020affc1f6ee59762725d (commit) replaces samba-4.10.0rc2 tagged by Stefan Metzmacher on Thu Feb 14 12:22:12 2019 +0100 - Log - ldb: tag release ldb-1.5.3 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlxlT2QACgkQR5ORYRMI QCWO0AgAgNrTTHuDaO7LknJVYR7kzPikSb7kAn3vQ+RGIFh9vefhbMHopyQCj6lH I1Vf+5j6Yr7FLNpVWxcSbr/rIZ0LfphTewTvvJQ+y1Ot3cSSRvzy+vOdmIb7nncX WSsc2pZ2XkZYIGq253vbyCJ+T39KwTsaoMjSFSqzsghQ0AxcsMe1q7PaLB7mxFui kV+gESyd5UbiXvRZ9DXpOQISfYkLpeBvRBuT6ua56BvfrXD3y606oabYzipCM7Zf DBiO0YDgufppnlSGmJhBRkpkvWI8wPG2Pp92UVDAClTUtMWVQwMnCv8Vu9L1dfhX ob08hjryOtbTXLKVZSNQmHTX7bYQnQ== =Hi3U -END PGP SIGNATURE- Andrew Bartlett (2): ldb: Add even more comments on what strict does to the list intersections ldb: Release ldb 1.5.3 Karolin Seeger (1): VERSION: Bump version up to 4.10.0rc2... Tim Beale (4): ldb: Avoid inefficient one-level searches ldb: Remove comment that no longer makes sense ldb: Elaborate on ldb_kv_search_indexed() comments ldb: Rename variable --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag ldb-1.4.5 created
The annotated tag, ldb-1.4.5 has been created at 8e8a195e18dfe35e7d8db15d8369112e163c8882 (tag) tagging c7b04443226f0bc83e6d14d48b48e15a4592c812 (commit) replaces ldb-1.4.4 tagged by Stefan Metzmacher on Thu Feb 14 12:21:06 2019 +0100 - Log - ldb: tag release ldb-1.4.5 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlxlTyIACgkQR5ORYRMI QCUa+Qf9FJ6Dbq/jjIf+gGgcAbKqDVppkC6EL6msEiXctMkbAa1Gn9ZYl3sFGUvS 8s+tnN3mkE8TDnZJNo4V9u56azBzWlQmnP2bm/LsbP35sIPuyujfKRorKF9Sm8uj H6Jzs8KnALJt0XmzuOfr3iN5SAeKIu9GZIzj406oG7moaHm6qcZEmoRX6CHLTWJI tqdQ+vDYszeVNZp5GN3RA5HdZ7XC5Lx/WbNP5YnQ9F3lIcvMOl1Mi/L2szn6vfxl DNlw8dX8md2dcJ6ZUjqp0jboJFj6SLdk+B5rbGvqc5iCj59uG22V4VU3Fr/xIBZl YRs/oTl1ZdFZZV57B26WUmDxtsPd5Q== =BCP0 -END PGP SIGNATURE- Andrew Bartlett (1): audit_logging: Remove debug log header and JSON Authentication: prefix Anoop C S (2): vfs_glusterfs: Adapt to changes in libgfapi signatures s3-vfs: Use ENOATTR in errno comparison for getxattr Gary Lockyer (1): json: Modify API to use return codes Günther Deschner (1): s3-vfs: add glusterfs_fuse vfs module. Justin Stephenson (5): s3:libsmb: Check disable_netbios in socket connect s3:libsmb: Print debug message about Netbios s3:smbpasswd: Print debug message about Netbios s3:utils:net: Print debug message about Netbios s3:libsmb: Honor disable_netbios option in smbsock_connect_send Philipp Gesang (1): lib/audit_logging: actually create talloc Ralph Boehme (1): s3: libsmb: use smb2cli_conn_max_trans_size() in cli_smb2_list() Ralph Wuerthner (2): vfs_fileid: fix get_connectpath_ino vfs_fileid: fix fsname_norootdir algorithm Stefan Metzmacher (5): manpages/samba.7.xml: smbcontrol can also work with 'samba' s4:messaging: add support 'smbcontrol debug/debuglevel' s4:server: avoid using pid=0 for the parent 'samba' process s4:server: add support for 'smbcontrol samba shutdown' selftest:Samba4: use 'smbcontrol samba shutdown' Tim Beale (6): libcli: Add error log if insufficient SMB2 credits s3:libsmb: cli_smb2_list() can sometimes fail initially on a connection join: Fix TypeError when handling exception join: Throw CommandError instead of Exception for simple errors ldb: Avoid inefficient one-level searches ldb: Bump ldb version to 1.4.5 Volker Lendecke (1): ctdb: Print locks latency in machinereadable stats --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag ldb-1.3.7 created
The annotated tag, ldb-1.3.7 has been created at 8a50096066de6a7ed9f8c3bf2df13a7989a9f7c3 (tag) tagging 22d5649e895c41875ecbb3403d4b14753e12c1a4 (commit) replaces samba-4.8.9 tagged by Stefan Metzmacher on Thu Feb 14 12:20:22 2019 +0100 - Log - ldb: tag release ldb-1.3.7 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlxlTvYACgkQR5ORYRMI QCXvRAf/Um7t/yG7ng+j8J1ATlbZ3RBhyV0v1LuANVfe+d19+J5/zsU0mbnGXtO9 r1+R+UNweaWWeUwrTsj90uPALLn/ZMguucorXKYklka5j23qgeJuXK3iC5iySqn1 BAxtg2fH4x/NTHfO8QxjDbuOaYTMoz47FOdNTMn5opxfs0HuHKXkeOfkupwJhTgz FFx3Tz2jRiujb/p2VgA/AmWdEXXrTK6bPkm0gPSjGraXIFiy48bA2kEAbJuR4J/g VA8oblStqGV/ofm7WACP4AOSmV4u254aXjAN0HTRJpy1fmbdEi1Dwv45wcaCRNtC CIF/e2ncMq8pfyX4P/Gqe+Rq6+enhA== =9wiW -END PGP SIGNATURE- Karolin Seeger (1): VERSION: Bump version up to 4.8.10... Tim Beale (2): ldb: Avoid inefficient one-level searches ldb: Bump ldb version to 1.3.7 --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated
via c7b04443226 ldb: Bump ldb version to 1.4.5
via befb3527bc2 ldb: Avoid inefficient one-level searches
from 9b21b518d72 s3-vfs: Use ENOATTR in errno comparison for getxattr
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test
- Log -
commit c7b04443226f0bc83e6d14d48b48e15a4592c812
Author: Tim Beale
Date: Mon Feb 4 12:20:34 2019 +1300
ldb: Bump ldb version to 1.4.5
* ldb: Avoid inefficient one-level searches
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762
Signed-off-by: Tim Beale
Signed-off-by: Stefan Metzmacher
Autobuild-User(v4-9-test): Stefan Metzmacher
Autobuild-Date(v4-9-test): Wed Feb 13 18:26:30 CET 2019 on sn-devel-144
commit befb3527bc2c94763d5daf57afa7ad5e94c929da
Author: Tim Beale
Date: Mon Feb 4 10:49:03 2019 +1300
ldb: Avoid inefficient one-level searches
Commit 88ae60ed186c9 introduced a problem that made one-level
searches inefficient if there were a lot of child objects in the same
level, and the requested object didn't exist. Basically, it ignored the
case where ldb_kv_index_dn() returned LDB_ERR_NO_SUCH_OBJECT, i.e. the
indexed lookup was successful, but didn't find a match. At which point,
there was no more processing we needed to do.
The behaviour after 88ae60ed186c9 was to fall-through and run the
ldb_kv_index_filter() function over *all* the children. This still
returned the correct result, but could be costly if there were a lot of
children.
The case 88ae60ed186c9 was trying to fix was where we could not do
an indexed search (e.g. trying to match on a 'attribute=*' filter). In
which case we want to ignore the LDB_ERR_OPERATIONS_ERROR and just run
ldb_kv_index_filter() over all the children. This is still more
efficient than the fallback of doing a full database scan.
This patch adds in a short-circuit for the NO_SUCH_OBJECT case, so we
can skip the unnecessary ldb_kv_index_filter() work.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762
Signed-off-by: Tim Beale
Reviewed-by: Andrew Bartlett
(Manual merge of commit 9a893f9613bd6440ab in master)
---
Summary of changes:
lib/ldb/ABI/{ldb-1.3.0.sigs => ldb-1.4.5.sigs} | 0
.../{pyldb-util-1.1.10.sigs => pyldb-util-1.4.5.sigs} | 0
...yldb-util-1.1.10.sigs => pyldb-util.py3-1.4.5.sigs} | 0
lib/ldb/ldb_tdb/ldb_index.c| 18 ++
lib/ldb/wscript| 2 +-
5 files changed, 15 insertions(+), 5 deletions(-)
copy lib/ldb/ABI/{ldb-1.3.0.sigs => ldb-1.4.5.sigs} (100%)
copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util-1.4.5.sigs} (100%)
copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util.py3-1.4.5.sigs} (100%)
Changeset truncated at 500 lines:
diff --git a/lib/ldb/ABI/ldb-1.3.0.sigs b/lib/ldb/ABI/ldb-1.4.5.sigs
similarity index 100%
copy from lib/ldb/ABI/ldb-1.3.0.sigs
copy to lib/ldb/ABI/ldb-1.4.5.sigs
diff --git a/lib/ldb/ABI/pyldb-util-1.1.10.sigs
b/lib/ldb/ABI/pyldb-util-1.4.5.sigs
similarity index 100%
copy from lib/ldb/ABI/pyldb-util-1.1.10.sigs
copy to lib/ldb/ABI/pyldb-util-1.4.5.sigs
diff --git a/lib/ldb/ABI/pyldb-util-1.1.10.sigs
b/lib/ldb/ABI/pyldb-util.py3-1.4.5.sigs
similarity index 100%
copy from lib/ldb/ABI/pyldb-util-1.1.10.sigs
copy to lib/ldb/ABI/pyldb-util.py3-1.4.5.sigs
diff --git a/lib/ldb/ldb_tdb/ldb_index.c b/lib/ldb/ldb_tdb/ldb_index.c
index 4b5054e81ec..55abcba6b74 100644
--- a/lib/ldb/ldb_tdb/ldb_index.c
+++ b/lib/ldb/ldb_tdb/ldb_index.c
@@ -2031,13 +2031,23 @@ int ltdb_search_indexed(struct ltdb_context *ac,
uint32_t *match_count)
}
/*
* Here we load the index for the tree.
-*
-* We only care if this is successful, if the
-* index can't trim the result list down then
-* the ONELEVEL index is still good enough.
*/
ret = ltdb_index_dn(ac->module, ltdb, ac->tree,
idx_one_tree_list);
+
+ /*
+* We can stop if we're sure the object doesn't exist
+*/
+ if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+ talloc_free(idx_one_tree_list);
+ talloc_free(dn_list);
+ return LDB_ERR_NO_SUCH_OBJECT;
+ }
+
+ /* We only care if this is successful, if the
+* index can't trim the result
[SCM] Samba Shared Repository - branch v4-8-test updated
The branch, v4-8-test has been updated
via 22d5649e895 ldb: Bump ldb version to 1.3.7
via d3a9f298f49 ldb: Avoid inefficient one-level searches
from 9917a7e70ea VERSION: Bump version up to 4.8.10...
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-test
- Log -
commit 22d5649e895c41875ecbb3403d4b14753e12c1a4
Author: Tim Beale
Date: Mon Feb 4 15:37:07 2019 +1300
ldb: Bump ldb version to 1.3.7
* ldb: Avoid inefficient one-level searches
* dirsync: Allow arbitrary length cookies
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13686
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762
Signed-off-by: Tim Beale
Autobuild-User(v4-8-test): Stefan Metzmacher
Autobuild-Date(v4-8-test): Wed Feb 13 17:56:32 CET 2019 on sn-devel-144
commit d3a9f298f49b9e9950315007667cb10a3e51ffde
Author: Tim Beale
Date: Mon Feb 4 10:49:03 2019 +1300
ldb: Avoid inefficient one-level searches
Commit 88ae60ed186c9 introduced a problem that made one-level
searches inefficient if there were a lot of child objects in the same
level, and the requested object didn't exist. Basically, it ignored the
case where ldb_kv_index_dn() returned LDB_ERR_NO_SUCH_OBJECT, i.e. the
indexed lookup was successful, but didn't find a match. At which point,
there was no more processing we needed to do.
The behaviour after 88ae60ed186c9 was to fall-through and run the
ldb_kv_index_filter() function over *all* the children. This still
returned the correct result, but could be costly if there were a lot of
children.
The case 88ae60ed186c9 was trying to fix was where we could not do
an indexed search (e.g. trying to match on a 'attribute=*' filter). In
which case we want to ignore the LDB_ERR_OPERATIONS_ERROR and just run
ldb_kv_index_filter() over all the children. This is still more
efficient than the fallback of doing a full database scan.
This patch adds in a short-circuit for the NO_SUCH_OBJECT case, so we
can skip the unnecessary ldb_kv_index_filter() work.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762
Signed-off-by: Tim Beale
Reviewed-by: Andrew Bartlett
(Manual merge of commit 9a893f9613bd6440ab in master)
---
Summary of changes:
lib/ldb/ABI/{ldb-1.3.0.sigs => ldb-1.3.7.sigs} | 0
.../{pyldb-util-1.1.10.sigs => pyldb-util-1.3.7.sigs} | 0
...yldb-util-1.1.10.sigs => pyldb-util.py3-1.3.7.sigs} | 0
lib/ldb/ldb_tdb/ldb_index.c| 18 ++
lib/ldb/wscript| 2 +-
5 files changed, 15 insertions(+), 5 deletions(-)
copy lib/ldb/ABI/{ldb-1.3.0.sigs => ldb-1.3.7.sigs} (100%)
copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util-1.3.7.sigs} (100%)
copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util.py3-1.3.7.sigs} (100%)
Changeset truncated at 500 lines:
diff --git a/lib/ldb/ABI/ldb-1.3.0.sigs b/lib/ldb/ABI/ldb-1.3.7.sigs
similarity index 100%
copy from lib/ldb/ABI/ldb-1.3.0.sigs
copy to lib/ldb/ABI/ldb-1.3.7.sigs
diff --git a/lib/ldb/ABI/pyldb-util-1.1.10.sigs
b/lib/ldb/ABI/pyldb-util-1.3.7.sigs
similarity index 100%
copy from lib/ldb/ABI/pyldb-util-1.1.10.sigs
copy to lib/ldb/ABI/pyldb-util-1.3.7.sigs
diff --git a/lib/ldb/ABI/pyldb-util-1.1.10.sigs
b/lib/ldb/ABI/pyldb-util.py3-1.3.7.sigs
similarity index 100%
copy from lib/ldb/ABI/pyldb-util-1.1.10.sigs
copy to lib/ldb/ABI/pyldb-util.py3-1.3.7.sigs
diff --git a/lib/ldb/ldb_tdb/ldb_index.c b/lib/ldb/ldb_tdb/ldb_index.c
index 429c8f5aa24..f07c9a818c4 100644
--- a/lib/ldb/ldb_tdb/ldb_index.c
+++ b/lib/ldb/ldb_tdb/ldb_index.c
@@ -1835,13 +1835,23 @@ int ltdb_search_indexed(struct ltdb_context *ac,
uint32_t *match_count)
}
/*
* Here we load the index for the tree.
-*
-* We only care if this is successful, if the
-* index can't trim the result list down then
-* the ONELEVEL index is still good enough.
*/
ret = ltdb_index_dn(ac->module, ltdb, ac->tree,
idx_one_tree_list);
+
+ /*
+* We can stop if we're sure the object doesn't exist
+*/
+ if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+ talloc_free(idx_one_tree_list);
+ talloc_free(dn_list);
+ return LDB_ERR_NO_SUCH_OBJECT;
+ }
+
+ /* We only care if this is successful, if the
+
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated
via e21e24d8345 ldb: Release ldb 1.5.3
via bb850a07502 ldb: Add even more comments on what strict does to the
list intersections
via 2a915942295 ldb: Rename variable
via 62fea7e9c3f ldb: Elaborate on ldb_kv_search_indexed() comments
via f7774530936 ldb: Remove comment that no longer makes sense
via 7fc34817657 ldb: Avoid inefficient one-level searches
from 0c75bfe674b VERSION: Bump version up to 4.10.0rc2...
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test
- Log -
commit e21e24d8345e441d639020affc1f6ee59762725d
Author: Andrew Bartlett
Date: Fri Feb 1 14:41:18 2019 +1300
ldb: Release ldb 1.5.3
* Avoid inefficient one-level searches (bug 13762)
* The test api.py should not rely on order of entries in dict (bug 13772)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13772
Signed-off-by: Andrew Bartlett
Reviewed-by: Garming Sam
(cherry picked from commit 5e716c0256a6bec92e7855ccfc077a328320f2ea)
Autobuild-User(v4-10-test): Stefan Metzmacher
Autobuild-Date(v4-10-test): Wed Feb 13 16:24:32 CET 2019 on sn-devel-144
commit bb850a075024ad8ac26a25681339f6ce88334aba
Author: Andrew Bartlett
Date: Fri Feb 1 14:22:17 2019 +1300
ldb: Add even more comments on what strict does to the list intersections
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762
Signed-off-by: Andrew Bartlett
Reviewed-by: Garming Sam
(cherry picked from commit e7f524fd2128aacb82e980652af8eb6fd275e1a8)
commit 2a915942295e6cdc87dc9aab6cf2c8c78741f26e
Author: Tim Beale
Date: Thu Jan 10 14:25:06 2019 +1300
ldb: Rename variable
The old name confused me because it's not really related to the
one-level index at all. It's the result from evaluating the indexed
search specified in the ac->tree.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762
Signed-off-by: Tim Beale
Reviewed-by: Andrew Bartlett
(cherry picked from commit 57a565b2fd680fc1a34f4ab91c6f6314f68ef67f)
commit 62fea7e9c3f94d254e6c9f72cd690137c2ee556c
Author: Tim Beale
Date: Thu Jan 10 14:19:19 2019 +1300
ldb: Elaborate on ldb_kv_search_indexed() comments
Disclaimer: this is based on my limited understanding of what the code
is doing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762
Signed-off-by: Tim Beale
Reviewed-by: Andrew Bartlett
(cherry picked from commit 132600685b8c5d4964f20634cd7a64b14f41cfa7)
commit f7774530936bc3e9795b2f0089c984641ab5c5c9
Author: Tim Beale
Date: Thu Jan 10 13:53:47 2019 +1300
ldb: Remove comment that no longer makes sense
This comment was written before the GUID_index_attribute block of code
existed. So we now *do* load the index values and *do* check for a
strict intersect, so the comment is redundant.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762
Signed-off-by: Tim Beale
Reviewed-by: Andrew Bartlett
(cherry picked from commit 72928444823c5b18ac9ef98e7432c999d70aa571)
commit 7fc3481765720d2fa0324f297e4a658520fb092f
Author: Tim Beale
Date: Thu Jan 10 13:34:18 2019 +1300
ldb: Avoid inefficient one-level searches
Commit 88ae60ed186c9 introduced a problem that made one-level
searches inefficient if there were a lot of child objects in the same
level, and the requested object didn't exist. Basically, it ignored the
case where ldb_kv_index_dn() returned LDB_ERR_NO_SUCH_OBJECT, i.e. the
indexed lookup was successful, but didn't find a match. At which point,
there was no more processing we needed to do.
The behaviour after 88ae60ed186c9 was to fall-through and run the
ldb_kv_index_filter() function over *all* the children. This still
returned the correct result, but could be costly if there were a lot of
children.
The case 88ae60ed186c9 was trying to fix was where we could not do
an indexed search (e.g. trying to match on a 'attribute=*' filter). In
which case we want to ignore the LDB_ERR_OPERATIONS_ERROR and just run
ldb_kv_index_filter() over all the children. This is still more
efficient than the fallback of doing a full database scan.
This patch adds in a short-circuit for the NO_SUCH_OBJECT case, so we
can skip the unnecessary ldb_kv_index_filter() work.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762
Signed-off-by: Tim Beale
Reviewed-by: Andrew Bartlett
(cherry picked from commit 9a893f9613bd6440abd8e487d22a39ab5b82a7b9)
---
Summary of changes:
lib/ldb/ABI/{ldb-1.5.1.sigs => ldb-1.5.3.sigs} | 0
...yldb-util-1.1.10.sigs => pyldb
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 95b2c9d7751 autobuild: Split backup/restore testenvs out into
separate job
from cca48c1a102 docs: Document DCEPRC binding string for rpcclient
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 95b2c9d7751ae1e5a00e1fb096f045dd73c03d72
Author: Tim Beale
Date: Tue Feb 5 15:17:03 2019 +1300
autobuild: Split backup/restore testenvs out into separate job
The samba-ad-dc-2 job was reaching its limits with the number of
testenvs and what the resource-limited CI machines can handle.
Samba processes were getting swapped out of memory, causing CI runs
to fail.
This patch splits the backup/restore testenv targets into a separate
autobuild job: samba-ad-dc-backup.
Signed-off-by: Tim Beale
Reviewed-by: Stefan Metzmacher
Autobuild-User(master): Stefan Metzmacher
Autobuild-Date(master): Tue Feb 5 12:23:31 CET 2019 on sn-devel-144
---
Summary of changes:
.gitlab-ci.yml | 5 +
script/autobuild.py | 12
2 files changed, 17 insertions(+)
Changeset truncated at 500 lines:
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 5cc21033f53..908c29ec9d9 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -67,6 +67,11 @@ build_samba_ad_dc_2:
# this one takes about 1 hours to finish
- script/autobuild.py samba-ad-dc-2 --verbose --nocleanup --keeplogs
--tail --testbase /tmp/samba-testbase
+build_samba_ad_dc_backup:
+ <<: *shared_template
+ script:
+- script/autobuild.py samba-ad-dc-backup--verbose --nocleanup
--keeplogs --tail --testbase /tmp/samba-testbase
+
build_samba_ad_dc_2_py2:
<<: *shared_template
script:
diff --git a/script/autobuild.py b/script/autobuild.py
index 2ea9e55b932..00f0d2202a3 100755
--- a/script/autobuild.py
+++ b/script/autobuild.py
@@ -51,6 +51,7 @@ builddirs = {
"samba-ad-dc-py2": ".",
"samba-ad-dc-2": ".",
"samba-ad-dc-2-py2": ".",
+"samba-ad-dc-backup": ".",
"samba-systemkrb5": ".",
"samba-nopython": ".",
"samba-buildpy2-only": ".",
@@ -166,6 +167,17 @@ tasks = {
"--include-env=vampire_2000_dc "
"--include-env=fl2000dc "
"--include-env=ad_dc_no_nss "
+ "'",
+ "text/plain"),
+("check-clean-tree", "script/clean-source-tree.sh",
"text/plain")],
+
+# run the backup/restore testenvs separately as they're fairly standalone
+# (and CI seems to max out at ~8 different DCs running at once)
+"samba-ad-dc-backup": [("random-sleep", "script/random-sleep.sh 60 600",
"text/plain"),
+("configure", "./configure.developer
--with-selftest-prefix=./bin/ab" + samba_configure_params, "text/plain"),
+("make", "make -j", "text/plain"),
+("test", "make test FAIL_IMMEDIATELY=1 "
+ "TESTS='${PY3_ONLY}"
"--include-env=backupfromdc "
"--include-env=restoredc "
"--include-env=renamedc "
--
Samba Shared Repository
Re: Problem with pyconfig.h in python36 which is already solved for python27
Hi koobs, >> in Samba we recently switched to use python3 by default. But this breaks >> the build on FreeBSD (at least 11.1 and 12.0). In order to be most >> portable, we have a policy in Samba to include as the >> first header when creating python bindings. It means pyconfig.h and >> various system headers are included before our own config.h. >> A detailed way to reproduce this can be found at the end of this mail. >> >> The problem is that pyconfig.h defines >> _POSIX_C_SOURCE, __BSD_VISIBLE, _XOPEN_SOURCE and _XOPEN_SOURCE_EXTENDED. >> >> This seems to be fixed for python27 in this commit: >> https://github.com/freebsd/freebsd-ports/commit/4b17dd9aeb9b28759551f38bf0f6b0edcac88607 >> >> which added lang/python27/files/patch-pr192365. >> >> Could this be fixed for all python versions? > > Hi Stefan, > > The commit was added via: > > x11-toolkits/py-wxPython30 build fails > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192365 > > A similar issue (if not the same), reported upstream here: > > https://bugs.python.org/issue17120 > > I don't see any issues with carrying the same change in other python > ports, *but* we'd all like to see it resolved permanently upstream. > > In order of preference, to progress we'd need: > > 1) Upstream patches submitted against master, 3.7, 3.6, 2.7 so upstream > can resolve this completely, commits/merges from which we can backport > to our python ports. > > or > > 2) Patches against lang/pythonXY ports similar to python27, which may > not be suitable for upstreaming *as is* (freebsd-specific?) > > Along with either of those, create a new bug in Bugzilla to track this > too, with summary like "lang/python3*: " adding bug > 192365 to "See Also" > > I'm happy to put in the cycles to backport commits from (1) if we can > get the root of the issue solved upstream. > > Thanks for the detailed report. Thanks for the hints. I the meantime I noticed https://en.cppreference.com/w/c/string/byte/memset which states that __STDC_WANT_LIB_EXT1__ should be explicitly defined in order to get memset_s(). I'm going to fix Samba by using -D__STDC_WANT_LIB_EXT1__=1 instead of defining it in Samba's lib/replace/replace.h. That means __STDC_WANT_LIB_EXT1__ is also defined if Python.h is the first header. Thanks! metze signature.asc Description: OpenPGP digital signature
Problem with pyconfig.h in python36 which is already solved for python27
Hi,
in Samba we recently switched to use python3 by default. But this breaks
the build on FreeBSD (at least 11.1 and 12.0). In order to be most
portable, we have a policy in Samba to include as the
first header when creating python bindings. It means pyconfig.h and
various system headers are included before our own config.h.
A detailed way to reproduce this can be found at the end of this mail.
The problem is that pyconfig.h defines
_POSIX_C_SOURCE, __BSD_VISIBLE, _XOPEN_SOURCE and _XOPEN_SOURCE_EXTENDED.
This seems to be fixed for python27 in this commit:
https://github.com/freebsd/freebsd-ports/commit/4b17dd9aeb9b28759551f38bf0f6b0edcac88607
which added lang/python27/files/patch-pr192365.
Could this be fixed for all python versions?
An alternative fix for this specific problem would be
defining __STDC_WANT_LIB_EXT1__ in pyconfig.h,
but I don't know the reason for lang/python27/files/patch-pr192365
and I guess it's better to have the same fix for all python versions.
Is this the correct channel to report this problem?
Thanks in advance!
metze
This is a standalone way to reproduce the problem:
$ cat memset_s.c
#include
#include
int main(void)
{
char array[5] = { 1, };
memset_s(array, 5, 0, 5);
return 0;
}
$ gcc -o memset_s.exe memset_s.c -I /usr/local/include/python2.7/
$ gcc -o memset_s.exe memset_s.c -I /usr/local/include/python3.6m/
memset_s.c: In function 'main':
memset_s.c:6:2: warning: implicit declaration of function 'memset_s';
did you mean 'memset'? [-Wimplicit-function-declaration]
memset_s(array, 5, 0, 5);
^~~~
memset
$ gcc -o memset_s.exe memset_s.c -I ./python3.6m/
$ diff -Npur /usr/local/include/python3.6m/ ./python3.6m/
diff -Npur /usr/local/include/python3.6m/pyconfig.h ./python3.6m/pyconfig.h
--- /usr/local/include/python3.6m/pyconfig.h2019-01-10
02:17:29.0 +0100
+++ ./python3.6m/pyconfig.h 2019-01-25 23:14:09.425842000 +0100
@@ -1478,7 +1478,7 @@
/* #undef _POSIX_1_SOURCE */
/* Define to activate features from IEEE Stds 1003.1-2008 */
-#define _POSIX_C_SOURCE 200809L
+//#define _POSIX_C_SOURCE 200809L
/* Define to 1 if you need to in order for `stat' and other things to
work. */
/* #undef _POSIX_SOURCE */
@@ -1490,13 +1490,13 @@
#define _REENTRANT 1
/* Define to the level of X/Open that your system supports */
-#define _XOPEN_SOURCE 700
+//#define _XOPEN_SOURCE 700
/* Define to activate Unix95-and-earlier features */
-#define _XOPEN_SOURCE_EXTENDED 1
+//#define _XOPEN_SOURCE_EXTENDED 1
/* Define on FreeBSD to activate all library features */
-#define __BSD_VISIBLE 1
+//#define __BSD_VISIBLE 1
/* Define to 1 if type `char' is unsigned and you are not using gcc. */
#ifndef __CHAR_UNSIGNED__
$ gcc -o memset_s.exe memset_s.c -I ./python3.6m.fix2/
$ diff -Npur /usr/local/include/python3.6m/ ./python3.6m.fix2/
diff -Npur /usr/local/include/python3.6m/pyconfig.h
./python3.6m.fix2/pyconfig.h
--- /usr/local/include/python3.6m/pyconfig.h2019-01-10
02:17:29.0 +0100
+++ ./python3.6m.fix2/pyconfig.h2019-01-25 23:43:59.350194000 +0100
@@ -1498,6 +1498,8 @@
/* Define on FreeBSD to activate all library features */
#define __BSD_VISIBLE 1
+#define __STDC_WANT_LIB_EXT1__ 1
+
/* Define to 1 if type `char' is unsigned and you are not using gcc. */
#ifndef __CHAR_UNSIGNED__
/* # undef __CHAR_UNSIGNED__ */
signature.asc
Description: OpenPGP digital signature
[SCM] Samba Shared Repository - annotated tag ldb-1.4.4 created
The annotated tag, ldb-1.4.4 has been created at f77fe63b6681f16193c31c446033af209897e648 (tag) tagging 76bcdecae236277f1510601aa35c207850c4e91e (commit) replaces samba-4.9.4 tagged by Stefan Metzmacher on Tue Jan 22 15:17:30 2019 +0100 - Log - ldb: tag release ldb-1.4.4 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlxHJfoACgkQR5ORYRMI QCVkqQf9HyrCS2REcpBnffNeK3l37/mcd4I0ZJgM0fEGbSVKOGi9q5dfgJfR3k1T QLUjbhpGFbCE5kT57pvNgQ8fg0Xtq3X+GkylAaxLoF4/fMYF2+o5mChJ5P6JnfVI NjmUFv2WHhQ/crL2GZe06df3vKBMqnOti1RLGfBtGEayJyCgcHwfx+wv6mulPEP9 1x7jScG1W7xcrniFC7XNd1ZYbAKBt9GGrdpkVsR32LtpDG0LXVW4VpWFzL4lpw4Z 2C8o1ueD/lgrYmAxHe1WDmUiWGDRz0H9uKwCjBKMUAMRW+mG4PJrcuOM6AZeWeFb 723xhCKMipJS/YC+IsUHa+uCby/ONQ== =2ZQ1 -END PGP SIGNATURE- Aaron Haslett (1): dns: changing onelevel search for wildcard to subtree Björn Jacke (1): samba-tool: don't print backtrace on simple DNS errors Christian Ambach (3): s3:script/tests reduce code duplication s3:utils/smbget add error handling for mkdir() calls s3:utils/smbget fix recursive download with empty source directories Douglas Bagnall (1): samba-tool drs showrepl: do not crash if no dnsHostName found Gary Lockyer (1): audit_logging: auth_json_audit required auth_json Günther Deschner (3): s3-smbd: avoid assuming fsp is always intact after close_file call. s3-vfs-streams_xattr: add close call s3-vfs-fruit: add close call Jeremy Allison (1): s3: lib: nmbname: Ensure we limit the NetBIOS name correctly. CID: 1433607 Justin Stephenson (1): s3: net: Do not set NET_FLAGS_ANONYMOUS with -k Karolin Seeger (1): VERISON: Bump version up to 4.9.5... Martin Schwenke (1): lib/util: Count a trailing line that doesn't end in a newline Noel Power (5): python: Add new compat PYARG_STR_UNI format s4/libnet: use 'et' as format for ParseTuple with python2 lib/ldb/tests/python: Add test to pass utf8 encoded bytes to ldb.Dn lib/ldb: Use new PYARG_ES format for parseTuple ldb: Bump ldb version to 1.4.4 Stefan Metzmacher (4): s3:auth: ignore create_builtin_guests() failing without a valid idmap configuration s3:auth_winbind: remove fallback to optional backend s3:auth_winbind: return NT_STATUS_NO_LOGON_SERVERS if winbindd is not available s3:auth_winbind: ignore a missing winbindd as NT4 PDC/BDC without trusts --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag tevent-0.9.38 created
The annotated tag, tevent-0.9.38 has been created at e09c950ab9f76b1310ddd5d813f9d371facd0180 (tag) tagging 1c73f38633ce40bcf19775fbeaf5e3baacdba9ab (commit) replaces talloc-2.1.15 tagged by Stefan Metzmacher on Tue Jan 15 11:46:43 2019 +0100 - Log - tevent: tag release tevent-0.9.38 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlw9uhMACgkQR5ORYRMI QCXhMQgAwK47tpF5TgCWmK6f3ITHEqklGZxzFyIreP7DRAQCs3ozvUIgnAx+BnFu ymIFN6EEL2QMEWWSAULRq/a4IOiSrVsQrH0yswFeS0h6eH3IlE58F5hwKN664KiH yDD7o15Tf3iAVhAH23nGhh0GXAgDKvu0zKRQVNJUzR62+SF6iB91CVhqa5kNgpgo H6Vq5vI4CBghSrlhNkRxVtBaz6WSXHDsKUhHCnXJ8et+6qoRUjhMgMHyOL35kUAH WD1lIIEqzfogUH2yxBGsjaWJJc2JeV1Tr8QQF1rtpj233XVtR8fldXuW8QJDKklc KgiAz2G3Dk2gJC4JXc6Y9DAEL/miVQ== =Wafc -END PGP SIGNATURE- Stefan Metzmacher (1): tevent: version 0.9.38 --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag ldb-1.5.2 created
The annotated tag, ldb-1.5.2 has been created at 60449a4f4a5fac4fd9ea467cfd6f50cef08b46b2 (tag) tagging 340cb9ca97bc2a23f102f80897a8d8f4809f0072 (commit) replaces tevent-0.9.38 tagged by Stefan Metzmacher on Tue Jan 15 11:47:16 2019 +0100 - Log - ldb: tag release ldb-1.5.2 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlw9ujQACgkQR5ORYRMI QCX4aQf/Tt6bnVR4mNj/04t9HnU7gvDKuuDQkvIwceeQ40sNgfzgJLTSVwsSxc2b G7jww8KSE3PXgCw7Q7pJftXNJhMA8iBC9M42JPE96TXFs4w5U+w9zTG3RyHJQBwr xXPyue+t1D9YVGvokdzAdmLmJCiudecpYpoUoW98C3KWJs1zcvpQ7wR3FJ8q7iOH HKtRZStW5NlVVkpfdeXlV1X5uHxp3OOyQarFFWzQYnBmXiDGq8GfnznZkraXcxp6 BVQjI+IpTHWWomymoCsKrH3hGpBU1ZQDMKU+issQa+y7jzvyaqN1xrbuBo8GuL50 3LigL08eKaCo+WGZAQSFPmPFZBWFQw== =Fpax -END PGP SIGNATURE- Stefan Metzmacher (1): ldb: version 1.5.2 --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag talloc-2.1.15 created
The annotated tag, talloc-2.1.15 has been created
at 2bc2aa0c3983224d97629697bdd018c511799885 (tag)
tagging b915626087c2340c7cd89cd2ecb7a8b20a756c0a (commit)
replaces tdb-1.3.17
tagged by Stefan Metzmacher
on Tue Jan 15 11:46:08 2019 +0100
- Log -
talloc: tag release talloc-2.1.15
-BEGIN PGP SIGNATURE-
iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlw9ufAACgkQR5ORYRMI
QCWChggAw+WS0PumqmerAH+cOd0G9AIXcZtLlg2f1f7ogTn2o1bCx89b//BU58Cr
x8CtCKq3N3/ptWZE3+jBGCQbuLQKyFg2qYy70vjNuN8gre+T8I9nMqiHVyNJ8fwJ
xUYS5HfQzYMAJGmCieK3o8g2AHeYrQIgwBG1BLjqD63KSuNdIXBM+dkskdwn1uSW
y7PA/xDXNOEiNX3NwWCCBgaNpm1dE40WreCsCwQ+I+E1U5vWwpZDRxpj6I9rbb0A
y5bQLsuRfGo/DNIrKWAElhlhcPkp2wSqeh7qRQsJdAEa1/EAduQfgXp+0RBWVhDS
5+sKVxsY1uidN6GEz7c0NiEUyxD1+Q==
=kVY/
-END PGP SIGNATURE-
Aaron Haslett (1):
dns: changing onelevel search for wildcard to subtree
Björn Jacke (5):
statvfs: fix bsize and frsize mixup
waf: check for utmpx struct member ut_host
s3/smbd: fix utmp hostname logging on Solaris
waf:lib/replace: fix a build error with non-gcc compilers
statvfs: rename linux_statvfs to posix_statvfs
Karolin Seeger (6):
WHATSNEW: Add release note for Samba 4.10.0rc1.
VERSION: Bump version up to 4.10.0rc1...
VERSION: Bump version up to 4.10.0rc2...
Revert "VERSION: Bump version up to 4.10.0rc2..."
Revert "VERSION: Bump version up to 4.10.0rc1..."
Revert "WHATSNEW: Add release note for Samba 4.10.0rc1."
Ladislav Michl via samba-technical (1):
lib: replace: snprintf: Whitespace clean up
Noel Power (8):
python: Fix memory leak with ParseTuple (using 'es' format)
python: Add new compat PYARG_STR_UNI format
auth/credentials: use 'et' as format for ParseTuple with python2
python: use 'et' as format for ParseTuple with python2
s4/libnet: use 'et' as format for ParseTuple with python2
lib/ldb/tests/python: Add test to pass utf8 encoded bytes to ldb.Dn
selftest: Enable ldb.python for PY3
lib/ldb: Use new PYARG_ES format for parseTuple
Ralph Boehme (70):
s3:lib: add root_unix_token()
s3:smbd: let SMB_VFS_GETXATTRAT_SEND() do explicit impersonation
s3:smbd: pass (raw) ev to SMB_VFS_GET_DOS_ATTRIBUTES_SEND() instead of
smb_vfs_ev_glue
s3:smbd: pass (raw) ev to dos_mode_at_send() instead of smb_vfs_ev_glue
s3:smbd: pass (raw) ev to fetch_dos_mode_send instead of smb_vfs_ev_glue
Revert "pthreadpool: reset monitor_fd after calling
tevent_fd_set_auto_close()"
Revert "pthreadpool: ignore the return value of poll(NULL, 0UL, 1)"
Revert "pthreadpool: we need to use pthreadpool_tevent_per_thread_cwd()
on the callers pool"
Revert "vfs_aio_pthread: use event context and threadpool from
user_vfs_evg"
Revert "s3: vfs: add user_vfs_evg to connection_struct"
Revert "s3: vfs: add smb_vfs_ev_glue"
Revert "smbd: introduce sconn->sync_thread_pool"
smbd: rename sconn->raw_thread_pool to sconn->pool
Revert "pthreadpool: test cancelling and freeing jobs of a wrapped
pthreadpool_tevent"
Revert "pthreadpool: implement pthreadpool_tevent_wrapper_create()
infrastructure"
Revert "pthreadpool: add pthreadpool_restart_check[_monitor_{fd,drain}]()"
Revert "pthreadpool: call unshare(CLONE_FS) if available"
Revert "pthreadpool: add tests for
pthreadpool_tevent_[current_job_]per_thread_cwd()"
Revert "pthreadpool: add
pthreadpool_tevent_[current_job_]per_thread_cwd()"
Revert "pthreadpool: test cancelling and freeing pending
pthreadpool_tevent jobs/pools"
Revert "pthreadpool: add a comment about a further optimization in
pthreadpool_tevent_job_destructor()"
Revert "pthreadpool: maintain a list of job_states on each
pthreadpool_tevent_glue"
Revert "pthreadpool: add helgrind magic to
PTHREAD_TEVENT_JOB_THREAD_FENCE_*()"
Revert "pthreadpool: add some lockless coordination between the main and
job threads"
Revert "pthreadpool: maintain a global list of orphaned
pthreadpool_tevent_jobs"
Revert "pthreadpool: add pthreadpool_tevent_job_cancel()"
Revert "pthreadpool: split out pthreadpool_tevent_job from
pthreadpool_tevent_job_state"
Revert "smbd: remove unused change_to_root_user() from brl_timeout_fn()"
Revert "smbd: remove unused change_to_root_user() from
smbd_sig_hup_handler()"
Revert "smbd: avoid explicit change_to_user() in defer_rename_done()
already done by impersonation"
Revert "smbd: implement
smbd_impersonate_{conn_vuid,conn_sess,root,g
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 12398a2d1dd vfs_fileid: fix get_connectpath_ino
from 6619cec3dec s3:smbd: perform impersonation in
smb2_query_directory_fetch_write_time_done()
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 12398a2d1ddcd326e02e5d8b0749e0e796145165
Author: Ralph Wuerthner
Date: Thu Jan 10 14:28:14 2019 +0100
vfs_fileid: fix get_connectpath_ino
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13741
Signed-off-by: Ralph Wuerthner
Reviewed-by: Volker Lendecke
Reviewed-by: Jeremy Allison
Autobuild-User(master): Stefan Metzmacher
Autobuild-Date(master): Tue Jan 15 04:13:15 CET 2019 on sn-devel-144
---
Summary of changes:
source3/modules/vfs_fileid.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
Changeset truncated at 500 lines:
diff --git a/source3/modules/vfs_fileid.c b/source3/modules/vfs_fileid.c
index 5d08fe97d15..cb77a2e52c6 100644
--- a/source3/modules/vfs_fileid.c
+++ b/source3/modules/vfs_fileid.c
@@ -297,12 +297,14 @@ static int get_connectpath_ino(struct vfs_handle_struct
*handle,
}
ret = SMB_VFS_NEXT_STAT(handle, fname);
- TALLOC_FREE(fname);
if (ret != 0) {
DBG_ERR("stat failed for %s with %s\n",
handle->conn->connectpath, strerror(errno));
+ TALLOC_FREE(fname);
return -1;
}
+ *ino = fname->st.st_ex_ino;
+ TALLOC_FREE(fname);
return 0;
}
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
quot;
via 622ba5191d9 Revert "pthreadpool: add
pthreadpool_tevent_[current_job_]per_thread_cwd()"
via f4d6c48c65b Revert "pthreadpool: add tests for
pthreadpool_tevent_[current_job_]per_thread_cwd()"
via e94cd84bbf8 Revert "pthreadpool: call unshare(CLONE_FS) if
available"
via 67015e13ca2 Revert "pthreadpool: add
pthreadpool_restart_check[_monitor_{fd,drain}]()"
via 9b7d2257996 Revert "pthreadpool: implement
pthreadpool_tevent_wrapper_create() infrastructure"
via d032210d972 Revert "pthreadpool: test cancelling and freeing jobs
of a wrapped pthreadpool_tevent"
via 29fc7c7db78 smbd: rename sconn->raw_thread_pool to sconn->pool
via 8074922c267 Revert "smbd: introduce sconn->sync_thread_pool"
via cedbfbd9b86 Revert "s3: vfs: add smb_vfs_ev_glue"
via 29dd6f3e590 Revert "s3: vfs: add user_vfs_evg to connection_struct"
via 56f76944817 Revert "vfs_aio_pthread: use event context and
threadpool from user_vfs_evg"
via 96332ed1000 Revert "pthreadpool: we need to use
pthreadpool_tevent_per_thread_cwd() on the callers pool"
via a75f5de15db Revert "pthreadpool: ignore the return value of
poll(NULL, 0UL, 1)"
via 57c7aaa36d2 Revert "pthreadpool: reset monitor_fd after calling
tevent_fd_set_auto_close()"
via edb75eeb56d s3:smbd: pass (raw) ev to fetch_dos_mode_send instead
of smb_vfs_ev_glue
via 9f3d9ba49b0 s3:smbd: pass (raw) ev to dos_mode_at_send() instead of
smb_vfs_ev_glue
via 56dee840e48 s3:smbd: pass (raw) ev to
SMB_VFS_GET_DOS_ATTRIBUTES_SEND() instead of smb_vfs_ev_glue
via 7f7ce0ec2f3 s3:smbd: let SMB_VFS_GETXATTRAT_SEND() do explicit
impersonation
via a62bc3f221b s3:torture: call per_thread_cwd_check() in vfstest.c
main()
via 16166542753 s3:smbd: prepare the usage of per_thread_cwd_*()
functions
via 92c2ed4db29 s3:lib: add
per_thread_cwd_{check,supported,disable,activate}() helper functions
via ad04a6ce49f s3:lib: add root_unix_token()
from 8af4ec752a5 selftest: Improve an error message
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 168079b2c3693c08ac994e4ee61be101986a4bae
Author: Stefan Metzmacher
Date: Tue Jan 8 15:25:22 2019 +0100
tevent: deprecate tevent_wrapper api again
Samba doesn't use it anymore and we don't want to
invite new users of that api without further discussion.
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
Reviewed-by: Volker Lendecke
Autobuild-User(master): Stefan Metzmacher
Autobuild-Date(master): Sat Jan 12 03:12:09 CET 2019 on sn-devel-144
commit dcd0edfdc90a009a87fc8b0bafbd09e2711ebccb
Author: Ralph Boehme
Date: Thu Dec 27 15:26:15 2018 +0100
Revert "smbd: add smbd_server_connection->raw_ev_ctx pointer"
This reverts commit 6114f9545fa856717220658e87f2a60f6767b7f4.
See the discussion in
https://lists.samba.org/archive/samba-technical/2018-December/131731.html
for the reasoning behind this revert.
Signed-off-by: Ralph Boehme
Reviewed-by: Volker Lendecke
Reviewed-by: Stefan Metzmacher
commit 47c443b479566bafc01ec6e3f94f2481d9659806
Author: Ralph Boehme
Date: Tue Jan 8 10:39:56 2019 +0100
vfs_aio_pthread: add sync fallback
Signed-off-by: Ralph Boehme
Reviewed-by: Volker Lendecke
Reviewed-by: Stefan Metzmacher
commit a307e798ddfc4f8fa32e22827c39f5e1f0e87d47
Author: Ralph Boehme
Date: Tue Jan 8 10:34:11 2019 +0100
vfs_aio_pthread: store conn instead of sconn in aio_open_private_data
Signed-off-by: Ralph Boehme
Reviewed-by: Volker Lendecke
Reviewed-by: Stefan Metzmacher
commit e2f46c9333e2919fbdfddc1f6049478fe07765aa
Author: Ralph Boehme
Date: Tue Jan 8 10:32:16 2019 +0100
vfs_aio_pthread: use struct initializer for aio_open_private_data
Signed-off-by: Ralph Boehme
Reviewed-by: Volker Lendecke
Reviewed-by: Stefan Metzmacher
commit 2f406fee523692e4dc4b11b13637dcbabaabe8c7
Author: Ralph Boehme
Date: Tue Jan 8 07:38:53 2019 +0100
vfs_default: add sync fallback to fsync_send/recv
Signed-off-by: Ralph Boehme
Reviewed-by: Volker Lendecke
Reviewed-by: Stefan Metzmacher
commit 4673a8b9e36647500428a0283edb5ed645ff0da4
Author: Ralph Boehme
Date: Tue Jan 8 07:38:42 2019 +0100
vfs_default: add sync fallback to pwrite_send/recv
Signed-off-by: Ralph Boehme
Reviewed-by: Volker Lendecke
Reviewed-by: Stefan Metzmacher
commit bc539d8104fcf7954331df1d4385ad84343c919a
Author: Ralph Boehme
Date: Tue Jan 8 07:38:04 2019 +0100
vfs_default: add sync fallback to pread_send/recv
Signed-off
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via fd355dff906 s3:libsmb: cli_smb2_list() can sometimes fail initially
on a connection
via bf229de7926 libcli: Add error log if insufficient SMB2 credits
from 08867de2efd s3:utils:net: Print debug message about Netbios
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit fd355dff906f5f4832901bce76544f1a4e50c33d
Author: Tim Beale
Date: Mon Jan 7 15:28:12 2019 +1300
s3:libsmb: cli_smb2_list() can sometimes fail initially on a connection
cli_smb2_list() appears to be a slightly unique SMB operation in that it
specifies the max transaction size for the response buffer size. The
Python bindings highlighted a problem where if cli_smb2_list() were one
of the first operations performed on the SMBv2 connection, it would fail
due to insufficient credits. Because the response buffer size is
(potentially) so much larger, it requires more credits (128) compared
with other SMB operations.
When talking to a samba DC, the connection credits seem to start off at
1, then increase by 32 for every SMB reply we receive back from the
server. After cli_full_connection(), the connection has 65 credits. The
cli_smb2_create_fnum() in cli_smb2_list() adds another 32 credits, but
this is still less than the 128 that smb2cli_query_directory() requires.
This problem doesn't happen for smbclient because the cli_cm_open() API
it uses ends up sending more messages, and so the connection has more
credits.
This patch changes cli_smb2_list(), so it requests a smaller response
buffer size if it doesn't have enough credits available for the max
transaction size. smb2cli_query_directory() is already in a loop, so it
can span multiple SMB messages if for some reason the transaction size
isn't big enough for the listings.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13736
Signed-off-by: Tim Beale
Reviewed-by: Stefan Metzmacher
Autobuild-User(master): Stefan Metzmacher
Autobuild-Date(master): Thu Jan 10 02:40:16 CET 2019 on sn-devel-144
commit bf229de7926f12e329cdb3201f68f20ae776fe32
Author: Tim Beale
Date: Mon Jan 7 12:06:15 2019 +1300
libcli: Add error log if insufficient SMB2 credits
Although it's unusual to hit this case, I was seeing it happen while
working on the SMB python bindings. Even with debug level 10, there was
nothing coming out to help pin down the source of the
NT_STATUS_INTERNAL_ERROR.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13736
Signed-off-by: Tim Beale
Reviewed-by: Stefan Metzmacher
---
Summary of changes:
libcli/smb/smbXcli_base.c | 3 +++
source3/libsmb/cli_smb2_fnum.c | 14 +-
2 files changed, 16 insertions(+), 1 deletion(-)
Changeset truncated at 500 lines:
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index 40480c83aa0..a237bf17d0a 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -3231,6 +3231,9 @@ NTSTATUS smb2cli_req_compound_submit(struct tevent_req
**reqs,
avail = MIN(avail, state->conn->smb2.cur_credits);
if (avail < charge) {
+ DBG_ERR("Insufficient credits. "
+ "%"PRIu64" available, %"PRIu16" needed\n",
+ avail, charge);
return NT_STATUS_INTERNAL_ERROR;
}
diff --git a/source3/libsmb/cli_smb2_fnum.c b/source3/libsmb/cli_smb2_fnum.c
index 6cba4422634..3a64438a5b9 100644
--- a/source3/libsmb/cli_smb2_fnum.c
+++ b/source3/libsmb/cli_smb2_fnum.c
@@ -919,7 +919,9 @@ NTSTATUS cli_smb2_list(struct cli_state *cli,
TALLOC_CTX *frame = talloc_stackframe();
TALLOC_CTX *subframe = NULL;
bool mask_has_wild;
- uint32_t max_trans = smb2cli_conn_max_trans_size(cli->conn);
+ uint32_t max_trans;
+ uint32_t max_avail_len;
+ bool ok;
if (smbXcli_conn_has_async_calls(cli->conn)) {
/*
@@ -968,6 +970,16 @@ NTSTATUS cli_smb2_list(struct cli_state *cli,
goto fail;
}
+ /*
+* ideally, use the max transaction size, but don't send a request
+* bigger than we have credits available for
+*/
+ max_trans = smb2cli_conn_max_trans_size(cli->conn);
+ ok = smb2cli_conn_req_possible(cli->conn, &max_avail_len);
+ if (ok) {
+ max_trans = MIN(max_trans, max_avail_len);
+ }
+
do {
uint8_t *dir_data = NULL;
uint32_t dir_data_length = 0;
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via a9def5c6971 s3:libsmb: Revert SMB Py bindings name back to
libsmb_samba_internal
via 84069c8a547 netcmd/user: python[3]-gpgme unsupported and replaced
by python[3]-gpg
from b2a9d4c1f69 xml_docs: update traffic script documentation
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit a9def5c6971fa1dea3aaa2da0e5dfd9246dd0c87
Author: Tim Beale
Date: Wed Jan 9 10:15:49 2019 +1300
s3:libsmb: Revert SMB Py bindings name back to libsmb_samba_internal
In order to make it clear that the APIs in these Python bindings are
unstable and should not be used by external consumers, this patch
changes the name of the Python bindings back to libsmb_samba_internal.
To make the Python code that uses these bindings (i.e. samba-tool, etc)
look a little cleaner, we can just change the module name as we import
it, e.g.
from samba.samba3 import libsmb_samba_internal as libsmb
Signed-off-by: Tim Beale
Reviewed-by: Stefan Metzmacher
Autobuild-User(master): Stefan Metzmacher
Autobuild-Date(master): Wed Jan 9 14:30:31 CET 2019 on sn-devel-144
commit 84069c8a5476a47d45ab946d82abb0d6c04635c3
Author: Joe Guo
Date: Thu Dec 20 16:47:00 2018 +1300
netcmd/user: python[3]-gpgme unsupported and replaced by python[3]-gpg
python[3]-gpgme is deprecated since ubuntu 1804 and debian 9.
use python[3]-gpg instead, and adapt the API.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13728
Signed-off-by: Joe Guo
Reviewed-by: Andrew Bartlett
Reviewed-by: Douglas Bagnall
Reviewed-by: Stefan Metzmacher
---
Summary of changes:
python/samba/netcmd/user.py | 86 ++-
python/samba/ntacls.py| 2 +-
python/samba/tests/dcerpc/raw_testcase.py | 2 +-
python/samba/tests/libsmb.py | 2 +-
python/samba/tests/smb.py | 2 +-
source3/libsmb/pylibsmb.c | 13 +++--
source3/wscript_build | 2 +-
7 files changed, 74 insertions(+), 35 deletions(-)
Changeset truncated at 500 lines:
diff --git a/python/samba/netcmd/user.py b/python/samba/netcmd/user.py
index b3af8fffd6a..8ead8e583f3 100644
--- a/python/samba/netcmd/user.py
+++ b/python/samba/netcmd/user.py
@@ -21,6 +21,7 @@ import samba.getopt as options
import ldb
import pwd
import os
+import io
import re
import tempfile
import difflib
@@ -57,15 +58,56 @@ from samba.compat import text_type
from samba.compat import get_bytes
from samba.compat import get_string
-try:
-import io
-import gpgme
-gpgme_support = True
-decrypt_samba_gpg_help = "Decrypt the SambaGPG password as cleartext
source"
-except ImportError as e:
-gpgme_support = False
-decrypt_samba_gpg_help = "Decrypt the SambaGPG password not supported, " +
\
-"python-gpgme required"
+
+# python[3]-gpgme is abandoned since ubuntu 1804 and debian 9
+# have to use python[3]-gpg instead
+# The API is different, need to adapt.
+
+def _gpgme_decrypt(encrypted_bytes):
+"""
+Use python[3]-gpgme to decrypt GPG.
+"""
+ctx = gpgme.Context()
+ctx.armor = True # use ASCII-armored
+out = io.BytesIO()
+ctx.decrypt(io.BytesIO(encrypted_bytes), out)
+return out.getvalue()
+
+
+def _gpg_decrypt(encrypted_bytes):
+"""
+Use python[3]-gpg to decrypt GPG.
+"""
+ciphertext = gpg.Data(string=encrypted_bytes)
+ctx = gpg.Context(armor=True)
+# plaintext, result, verify_result
+plaintext, _, _ = ctx.decrypt(ciphertext)
+return plaintext
+
+
+gpg_decrypt = None
+
+if not gpg_decrypt:
+try:
+import gpgme
+gpg_decrypt = _gpgme_decrypt
+except ImportError:
+pass
+
+if not gpg_decrypt:
+try:
+import gpg
+gpg_decrypt = _gpg_decrypt
+except ImportError:
+pass
+
+if gpg_decrypt:
+decrypt_samba_gpg_help = ("Decrypt the SambaGPG password as "
+ "cleartext source")
+else:
+decrypt_samba_gpg_help = ("Decrypt the SambaGPG password not supported, "
+ "python[3]-gpgme or python[3]-gpg required")
+
disabled_virtual_attributes = {
}
@@ -1033,13 +1075,8 @@ class GetPasswordCommand(Command):
#
sgv = get_package("Primary:SambaGPG", min_idx=-1)
if sgv is not None and unicodePwd is not None:
-ctx = gpgme.Context()
-ctx.armor = True
-cipher_io = io.BytesIO(sgv)
-plain_io = io.BytesIO()
try:
-ctx.decrypt(cipher_io, plain_i
Re: [SCM] Samba Shared Repository - branch master updated
Hi Tim,
> diff --git a/source3/wscript_build b/source3/wscript_build
> index a8ea8e581df..9d188a8d36a 100644
> --- a/source3/wscript_build
> +++ b/source3/wscript_build
> @@ -1323,7 +1323,7 @@ for env in bld.gen_python_environments():
> bld.SAMBA3_PYTHON('pylibsmb',
>source='libsmb/pylibsmb.c',
>deps='smbclient samba-credentials %s' % pycredentials,
> - realname='samba/samba3/libsmb_samba_internal.so'
> + realname='samba/samba3/libsmb.so'
>)
What's wrong with libsmb_samba_internal? I'd keep the name.
metze
signature.asc
Description: OpenPGP digital signature
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 3d016d6f327 Happy New Year 2019!
from be2a67319d1 auth/gensec: enforce that all DCERPC contexts support
SIGN_PKT_HEADER
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 3d016d6f327058db49f6920e92102df4dcc85945
Author: Stefan Metzmacher
Date: Tue Jan 1 12:52:26 2019 +0100
Happy New Year 2019!
Signed-off-by: Stefan Metzmacher
Autobuild-User(master): Stefan Metzmacher
Autobuild-Date(master): Tue Jan 1 16:02:05 CET 2019 on sn-devel-144
---
Summary of changes:
source3/include/smb.h | 2 +-
source4/smbd/server.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 0fd9471c356..dfdb79cba56 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -30,7 +30,7 @@
#include "libds/common/roles.h"
/* logged when starting the various Samba daemons */
-#define COPYRIGHT_STARTUP_MESSAGE "Copyright Andrew Tridgell and the
Samba Team 1992-2018"
+#define COPYRIGHT_STARTUP_MESSAGE "Copyright Andrew Tridgell and the
Samba Team 1992-2019"
#define SAFETY_MARGIN 1024
#define LARGE_WRITEX_HDR_SIZE 65
diff --git a/source4/smbd/server.c b/source4/smbd/server.c
index 57e05dccade..086fed99273 100644
--- a/source4/smbd/server.c
+++ b/source4/smbd/server.c
@@ -509,7 +509,7 @@ static int binary_smbd_main(const char *binary_name,
binary_name,
SAMBA_VERSION_STRING));
DEBUGADD(0,("Copyright Andrew Tridgell and the Samba Team"
- " 1992-2018\n"));
+ " 1992-2019\n"));
if (sizeof(uint16_t) < 2 ||
sizeof(uint32_t) < 4 ||
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via ecafdcb3914 s3:pylibsmb: allow ImpersonationLevel argument to create() via c8a5e89d9f6 s3:libsmb: pass impersonation_level to cli_ntcreate_send() via ed0deadf628 s3:libsmb: pass ImpersonationLevel to cli_ntcreate1_send() via 850aef94dc4 s3:libsmb: pass impersonation_level to cli_smb2_create_fnum() via be464c1dc86 s3:libsmb: pass impersonation_level to cli_smb2_create_fnum_send() via 64e68abdc9e s3:pylibsmb: make use of protocol independent cli_read_send/recv in py_cli_read() via 3c3b44004fd s3:pylibsmb: make use of protocol independent cli_write_send/recv in py_cli_write() via 9fb0d8e7e2e s3:libsmb: add comments for cli_write_send/cli_push_send via 6a3d2c3345a s3:libsmb: add cli_write_send/recv which work with SMB1/2/3 via 0af6b335448 s3:pylibsmb: make use of PYARG_BYTES_LEN in py_cli_write() via 60148c9ee14 s3:pylibsmb: make use of PyBytes_FromStringAndSize() in py_cli_read() via aaf7aaa6e26 s3:pylibsmb: .get_oplock_break API is dependent on multi_threaded=True via fdc62b03ca5 s3:pylibsmb: remember that a connection uses SMB1 via 790dab571c4 s3:pylibsmb: add force_smb1=True in order to control forcing of SMB1 via 247a71b63ae s3:pylibsmb: add sign=True to require signing via 1bccbfcff78 s3:pylibsmb: only use poll_mt backend if multi_threaded=True is specified via 59cb025e61a s3:pylibsmb: pass self to py_tevent_req_wait_exc() via 660b872163c wafsamba: fix pidl dependencies to rebuild on pidl changes from 57783d6295d pidl: Fix unsigned integer comparison warning https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit ecafdcb39143b6b3a74f2b9d578241a0170f8486 Author: Stefan Metzmacher Date: Fri Dec 7 16:40:10 2018 +0100 s3:pylibsmb: allow ImpersonationLevel argument to create() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 Signed-off-by: Stefan Metzmacher Reviewed-by: Tim Beale Reviewed-by: Andrew Bartlett Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Thu Dec 13 12:35:06 CET 2018 on sn-devel-144 commit c8a5e89d9f6575c4e9eb770997172e9c25f8e9d0 Author: Stefan Metzmacher Date: Fri Dec 7 16:38:57 2018 +0100 s3:libsmb: pass impersonation_level to cli_ntcreate_send() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 Signed-off-by: Stefan Metzmacher Reviewed-by: Tim Beale Reviewed-by: Andrew Bartlett commit ed0deadf6287c4c56e99503bf78f20db2f297401 Author: Stefan Metzmacher Date: Fri Dec 7 16:35:16 2018 +0100 s3:libsmb: pass ImpersonationLevel to cli_ntcreate1_send() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 Signed-off-by: Stefan Metzmacher Reviewed-by: Tim Beale Reviewed-by: Andrew Bartlett commit 850aef94dc4d9370d03f18510de93116221a0feb Author: Stefan Metzmacher Date: Fri Dec 7 16:42:06 2018 +0100 s3:libsmb: pass impersonation_level to cli_smb2_create_fnum() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 Signed-off-by: Stefan Metzmacher Reviewed-by: Tim Beale Reviewed-by: Andrew Bartlett commit be464c1dc8675f6e362b7a5b51c6776dc682e3b9 Author: Stefan Metzmacher Date: Fri Dec 7 16:32:05 2018 +0100 s3:libsmb: pass impersonation_level to cli_smb2_create_fnum_send() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 Signed-off-by: Stefan Metzmacher Reviewed-by: Tim Beale Reviewed-by: Andrew Bartlett commit 64e68abdc9e7d991809e6eab57826b4456d8e973 Author: Stefan Metzmacher Date: Fri Dec 7 14:28:04 2018 +0100 s3:pylibsmb: make use of protocol independent cli_read_send/recv in py_cli_read() BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 Signed-off-by: Stefan Metzmacher Reviewed-by: Tim Beale Reviewed-by: Andrew Bartlett commit 3c3b44004fd39a890f2bdfadf3ebb68a53f3403f Author: Stefan Metzmacher Date: Fri Dec 7 14:28:04 2018 +0100 s3:pylibsmb: make use of protocol independent cli_write_send/recv in py_cli_write() BUG: https://bugzilla.samba.org
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 2f68c436cc8 wscript_configure_system_mitkrb5: reject a system
heimdal krb5-config
from bd4bdced5ff selftest: Don't run KCC on backup testenvs (to avoid
flappiness)
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 2f68c436cc857dd6c56ec75e03664388f5d1da2b
Author: Stefan Metzmacher
Date: Wed Dec 5 13:30:07 2018 +0100
wscript_configure_system_mitkrb5: reject a system heimdal krb5-config
Review with: git show -w
Signed-off-by: Stefan Metzmacher
Reviewed-by: Andreas Schneider
Autobuild-User(master): Stefan Metzmacher
Autobuild-Date(master): Thu Dec 6 16:53:33 CET 2018 on sn-devel-144
---
Summary of changes:
wscript_configure_system_mitkrb5 | 40 +---
1 file changed, 21 insertions(+), 19 deletions(-)
Changeset truncated at 500 lines:
diff --git a/wscript_configure_system_mitkrb5 b/wscript_configure_system_mitkrb5
index 534818b9dcb..b05ac3f3e50 100644
--- a/wscript_configure_system_mitkrb5
+++ b/wscript_configure_system_mitkrb5
@@ -1,5 +1,5 @@
import sys
-from waflib import Logs, Options
+from waflib import Logs, Options, Errors
# Check for kerberos
have_gssapi=False
@@ -56,24 +56,26 @@ if conf.env.KRB5_CONFIG:
vendor = conf.cmd_and_log(conf.env.KRB5_CONFIG+['--vendor'])
conf.env.KRB5_VENDOR = vendor.strip().lower()
-if conf.env.KRB5_VENDOR != 'heimdal':
-conf.define('USING_SYSTEM_KRB5', 1)
-del conf.env.HEIMDAL_KRB5_CONFIG
-krb5_conf_version =
conf.cmd_and_log(conf.env.KRB5_CONFIG+['--version']).strip()
-
-krb5_version = krb5_conf_version.split()[-1]
-
-# drop '-prerelease' suffix
-if krb5_version.find('-') > 0:
-krb5_version = krb5_version.split("-")[0]
-
-if parse_version(krb5_version) < parse_version(krb5_required_version):
-Logs.error('ERROR: The MIT KRB5 build with Samba AD requires at
least %s. %s has been found and cannot be used' % (krb5_required_version,
krb5_version))
-Logs.error('ERROR: If you want to just build Samba FS (File
Server) use the option --without-ad-dc which requires version %s' %
(krb5_min_required_version))
-Logs.error('ERROR: You may try to build with embedded Heimdal
Kerberos by not specifying --with-system-mitkrb5')
-sys.exit(1)
-else:
-Logs.info('MIT Kerberos %s detected, MIT krb5 build can proceed' %
(krb5_version))
+if conf.env.KRB5_VENDOR == 'heimdal':
+raise Errors.WafError('--with-system-mitkrb5 cannot be used with
system heimdal')
+
+conf.define('USING_SYSTEM_KRB5', 1)
+del conf.env.HEIMDAL_KRB5_CONFIG
+krb5_conf_version =
conf.cmd_and_log(conf.env.KRB5_CONFIG+['--version']).strip()
+
+krb5_version = krb5_conf_version.split()[-1]
+
+# drop '-prerelease' suffix
+if krb5_version.find('-') > 0:
+krb5_version = krb5_version.split("-")[0]
+
+if parse_version(krb5_version) < parse_version(krb5_required_version):
+Logs.error('ERROR: The MIT KRB5 build with Samba AD requires at least
%s. %s has been found and cannot be used' % (krb5_required_version,
krb5_version))
+Logs.error('ERROR: If you want to just build Samba FS (File Server)
use the option --without-ad-dc which requires version %s' %
(krb5_min_required_version))
+Logs.error('ERROR: You may try to build with embedded Heimdal Kerberos
by not specifying --with-system-mitkrb5')
+sys.exit(1)
+else:
+Logs.info('MIT Kerberos %s detected, MIT krb5 build can proceed' %
(krb5_version))
conf.CHECK_CFG(args="--cflags --libs", package="com_err",
uselib_store="com_err")
conf.CHECK_FUNCS_IN('_et_list', 'com_err')
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 5674c21c115 Added redirect from GitHub to GitLab
via f87d6cbfff3 ctdb/wscript: make use of MODE_{644,744,755,777}
via 19d71597b07 wafsamba: add MODE_{744,_777}
via 8ba0a9a1abb ctdb/wscript: use python 3.6 compatible functions
via a83e4a24abd buildtools: remove unused buildtools/bin/waf-1.9
from 8b8d9fdad4a winbindd: Route predefined domains through the BUILTIN
domain child
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 5674c21c1156bab0c0ec461e4db147f431ec50d6
Author: Daniel Southward-Ellis
Date: Tue Dec 4 14:35:47 2018 +1300
Added redirect from GitHub to GitLab
Signed-off-by: Daniel Southward-Ellis
Reviewed-by: Gary Lockyer
Reviewed-by: Andrew Bartlett
Autobuild-User(master): Stefan Metzmacher
Autobuild-Date(master): Wed Dec 5 16:35:33 CET 2018 on sn-devel-144
commit f87d6cbfff3ebb74fe09b9547676f16ecd8547a8
Author: Stefan Metzmacher
Date: Wed Dec 5 00:05:36 2018 +0100
ctdb/wscript: make use of MODE_{644,744,755,777}
Signed-off-by: Stefan Metzmacher
Reviewed-by: Andrew Bartlett
commit 19d71597b078544e0527a5d07b65c454e4534931
Author: Stefan Metzmacher
Date: Sat Nov 17 13:11:52 2018 +0100
wafsamba: add MODE_{744,_777}
Signed-off-by: Stefan Metzmacher
Reviewed-by: Andrew Bartlett
commit 8ba0a9a1abb8bbe1df5ff808645adf305bc4e0b3
Author: Stefan Metzmacher
Date: Mon Nov 19 12:05:29 2018 +0100
ctdb/wscript: use python 3.6 compatible functions
Signed-off-by: Stefan Metzmacher
Reviewed-by: Andrew Bartlett
commit a83e4a24abd4116c78b7fa775b7f05511d843481
Author: Stefan Metzmacher
Date: Mon Nov 19 12:04:56 2018 +0100
buildtools: remove unused buildtools/bin/waf-1.9
Signed-off-by: Stefan Metzmacher
Reviewed-by: Andrew Bartlett
---
Summary of changes:
.github/contributing.md| 4 +
.github/pull_request_template.md | 4 +
buildtools/bin/waf-1.9 | 164 -
buildtools/wafsamba/samba_utils.py | 2 +
ctdb/wscript | 30 +++
5 files changed, 26 insertions(+), 178 deletions(-)
create mode 100644 .github/contributing.md
create mode 100644 .github/pull_request_template.md
delete mode 100755 buildtools/bin/waf-1.9
Changeset truncated at 500 lines:
diff --git a/.github/contributing.md b/.github/contributing.md
new file mode 100644
index 000..ad5136b3bc3
--- /dev/null
+++ b/.github/contributing.md
@@ -0,0 +1,4 @@
+## Samba is moving to GitLab
+The samba project is moving to GitLab, please consider contributing there
instead.
+Instructions for setting up can be found at:
https://wiki.samba.org/index.php/Samba_CI_on_gitlab
+The GitLab repository can be found here: https://gitlab.com/samba-team/samba
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
new file mode 100644
index 000..c12ae3bb602
--- /dev/null
+++ b/.github/pull_request_template.md
@@ -0,0 +1,4 @@
+## Samba is moving to GitLab
+The samba project is moving to GitLab, please consider opening a merge request
there instead.
+Instructions for setting up can be found at:
https://wiki.samba.org/index.php/Samba_CI_on_gitlab
+The GitLab repository can be found here: https://gitlab.com/samba-team/samba
diff --git a/buildtools/bin/waf-1.9 b/buildtools/bin/waf-1.9
deleted file mode 100755
index a83a2430ed3..000
--- a/buildtools/bin/waf-1.9
+++ /dev/null
@@ -1,164 +0,0 @@
-#!/usr/bin/env python
-# encoding: ISO8859-1
-# Thomas Nagy, 2005-2015
-
-"""
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-
-1. Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
-3. The name of the author may not be used to endorse or promote products
- derived from this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR
-IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
-INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-
[SCM] Samba Shared Repository - annotated tag ldb-1.4.3 created
The annotated tag, ldb-1.4.3 has been created at b314989a08f25f7e256bd5f2fbeca8d6e3129c19 (tag) tagging c20b587a3bb2b339468fefd3f60c5ca85e1873c6 (commit) replaces samba-4.9.1 tagged by Stefan Metzmacher on Thu Nov 8 09:08:23 2018 +0100 - Log - ldb: tag release ldb-1.4.3 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlvj7vcACgkQR5ORYRMI QCW1CQgAiGbRet/8rBitEPF8p1ROls4N6mAUdToYPLGRhKWJQwpxmk/odkuJT6Ks XD7jpTOcjIj3jwhiUcbux5xhbvIQ5qRGMWCtRVO4r8u78EjKv9UrNrIpGPVO+ZQF QvEzyS3wstXxKZbcNBLleRtrRuLY5pEFkG8byJdvinEjVAwQ45kBHAbOhRdOF3m9 TxkWwXEMpM5oX9NR93vAIRlPNpzQrYh6w3XDLuNd63v7/nStoB6PyMg3wKslaNdR JN8X7zFWHfylHKwRCO4hQNV93h1/iVKfRJU8NU94FbJA6TJqU7nwx+cqifnhCgGm bG0TU754bwTxGJhN7oX+5rN9jOwnHg== =W3Cp -END PGP SIGNATURE- Amitay Isaacs (12): ctdb-daemon: Add invalid_records flag to ctdb_db_context ctdb-daemon: Don't pull any records if records are invalidated ctdb-daemon: Invalidate records if a node becomes INACTIVE ctdb-vacuum: Simplify the deletion of vacuumed records ctdb-vacuum: Fix the incorrect counting of remote errors ctdb-vacuum: Remove unnecessary check for zero records in delete list ctdb-daemon: Drop implementation of RECEIVE_RECORDS control ctdb-protocol: Mark RECEIVE_RECORDS control obsolete ctdb-protocol: Drop marshalling code for RECEIVE_RECORDS control ctdb-tests: Drop code for RECEIVE_RECORDS control ctdb-common: Set close-on-exec for startup fd ctdb-event: Check the return status of sock_daemon_set_startup_fd Andreas Schneider (3): waf: Check for -fstack-protect-strong support waf: Add -fstack-clash-protection s3:winbind: Check return code of initialize_password_db() Andrew Bartlett (2): dsdb: Ensure that a DN (now) pointing at a deleted object counts for objectclass-based MUST dsdb: Add comments explaining the limitations of our current backlink behaviour Christof Schmitt (16): s3/lib:popt_common: Move setup_logging to common callback s3:lib: Move popt_common_credentials to separate file s3:lib: Introduce cmdline context wrapper test:doc: Skip 'clustering=yes' s3:smbpasswd: Use cmdline_messaging_context s3:smbstatus: Use cmdline_messaging_context rpcclient: Use cmdline_messaging_context s3:net: Use cmdline_messaging_context s3:pdbedit: Use cmdline_messaging_context s3:testparm: Use cmdline_messaging_context s3:sharesec: Use cmdline_messaging_context s3: ntlm_auth: Use cmdline_messaging_context s3:eventlogadm: Use cmdline_messaging_context s3:dbwrap_tool: Use cmdline_messaging_context s3:smbcontrol: Use cmdline_messaging_context s3:smbget: Use cmdline_messaging_context David Mulder (2): python: Allow forced signing via smb.SMB() lib:socket: If returning early, set ifaces Jeremy Allison (1): s3: smbd: Prevent valgrind errors in smbtorture3 POSIX test. Karolin Seeger (1): VERSION: Bump version up to 4.9.2... Martin Schwenke (4): ctdb-tests: Add recovery record resurrection test for volatile databases ctdb-daemon: Return early when refusing to run an event script ctdb-daemon: Exit if eventd goes away ctdb-daemon: Fix valgrind hit in event code Noel Power (4): lib/ldb: Test correct variable for no mem condition lib/ldb/tests: add test for ldb.Dn passed utf8 unicode lib/ldb: Ensure ldb.Dn can accept utf8 encoded unicode ldb: Bump ldb version to 1.4.3 Ralph Boehme (35): s3:lib/server_contexts: make server_event_ctx and server_msg_ctx static s3:loadparm: reinit_globals in lp_load_with_registry_shares() selftest: pass configfile to pdbedit s3:popt_common: use cmdline_messaging_context() in popt_common_credentials_callback() s3:messaging: remove unused messaging_init_client() s4:torture: FinderInfo conversion test with AppleDouble without xattr data vfs_fruit: fix two comments vfs_fruit: store filler bytes from AppleDouble file header in struct adouble vfs_fruit: move setting ADEID_FINDERI length to ad_convert_xattr() vfs_fruit: do direct return from error checks in ad_convert() vfs_fruit: remove unneeded fd argument from ad_convert() vfs_fruit: move storing of modified struct adouble to ad_convert() vfs_fruit: move FinderInfo conversion to helper function and call it from ad_convert() vfs_fruit: move FinderInfo lenght check to ad_convert() vfs_fruit: split out truncating from ad_convert() vfs_fruit: use ADEDOFF_RFORK_DOT_UND offset macro in ad_convert_truncate() vfs_fruit: split out moving of the resource fork vfs_fruit: use ADEDOFF_RFORK_DOT_UND offset macro in ad_convert_move_reso() vfs_fruit: fix error returns in ad_convert_xattr() vfs_fruit: let
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via aeef8b4 dsdb group audit tests: log_membership_changes extra tests
via c952fc1 dsdb group audit tests: check_version improve diagnostics
via e2970887 dsdb group audit tests: check_timestamp improve diagnostics
via 8420a4d dsdb group audit: align dn_compare with memcmp
via eeb4089 dsdb group_audit: Test to replicate BUG 13664
from 852e1db dsdb: Add comments explaining the limitations of our
current backlink behaviour
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit aeef8b41fa03a32859f824f4a09560ad83bd2b50
Author: Gary Lockyer
Date: Thu Oct 25 10:52:55 2018 +1300
dsdb group audit tests: log_membership_changes extra tests
Add extra tests to ensure better test coverage of log_membership_changes
Signed-off-by: Gary Lockyer
Reviewed-by: Stefan Metzmacher
Autobuild-User(master): Stefan Metzmacher
Autobuild-Date(master): Tue Oct 30 20:20:26 CET 2018 on sn-devel-144
commit c952fc1273397c04fddf177bcd809551d6324bdd
Author: Gary Lockyer
Date: Thu Oct 25 14:38:31 2018 +1300
dsdb group audit tests: check_version improve diagnostics
Change check_version to display the expected, actual along with the
line and name of the failing test, rather than the line in check_version
Signed-off-by: Gary Lockyer
Reviewed-by: Stefan Metzmacher
commit e2970887140d558c6359fd9b3f8c2a4c26d2cf35
Author: Gary Lockyer
Date: Thu Oct 25 13:28:09 2018 +1300
dsdb group audit tests: check_timestamp improve diagnostics
Change check_timestamp to display the expected, actual along with the
line and name of the failing test, rather than the line in
check_timestamp.
Signed-off-by: Gary Lockyer
Reviewed-by: Stefan Metzmacher
commit 8420a4d0fddd71af608635a707ef20f37fa9b627
Author: Gary Lockyer
Date: Thu Oct 25 10:52:27 2018 +1300
dsdb group audit: align dn_compare with memcmp
Rename the parameter names and adjust the return codes from dn_compare
so that:
dn_compare(a, b) =>
LESS_THAN means a is less than b.
GREATER_THAN means a is greater than b.
Thanks to metze for suggesting the correct semantics for dn_compare
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13664
Signed-off-by: Gary Lockyer
Reviewed-by: Stefan Metzmacher
commit eeb4089dafc45277d8af19073ef9348451c1836a
Author: Gary Lockyer
Date: Tue Oct 23 17:14:34 2018 +1300
dsdb group_audit: Test to replicate BUG 13664
The group audit code incorrectly logs member additions and deletions.
Thanks to metze for the debugging that isolated the issue, and for
suggesting the fix to dn_compare.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13664
Signed-off-by: Gary Lockyer
Reviewed-by: Stefan Metzmacher
---
Summary of changes:
source4/dsdb/samdb/ldb_modules/group_audit.c | 31 +-
.../samdb/ldb_modules/tests/test_group_audit.c | 716 -
2 files changed, 718 insertions(+), 29 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/samdb/ldb_modules/group_audit.c
b/source4/dsdb/samdb/ldb_modules/group_audit.c
index 1c74805..47b6943 100644
--- a/source4/dsdb/samdb/ldb_modules/group_audit.c
+++ b/source4/dsdb/samdb/ldb_modules/group_audit.c
@@ -311,35 +311,36 @@ enum dn_compare_result {
GREATER_THAN
};
/*
- * @brief compare parsed_dns
+ * @brief compare parsed_dn, using GUID ordering
*
- * Compare two parsed_dn structures, parsing the entries if necessary.
+ * Compare two parsed_dn structures, using GUID ordering.
* To avoid the overhead of parsing the DN's this function does a binary
- * compare first. Only parsing the DN's they are not equal at a binary level.
+ * compare first. The DN's tre only parsed if they are not equal at a binary
+ * level.
*
* @param ctx talloc context that will own the parsed dsdb_dn
* @param ldb ldb_context
- * @param old_val The old value
- * @param new_val The old value
+ * @param dn1 The first dn
+ * @param dn2 The second dn
*
* @return BINARY_EQUAL values are equal at a binary level
* EQUALDN's are equal but the meta data is different
- * LESS_THANold value < new value
- * GREATER_THAN old value > new value
+ * LESS_THANdn1's GUID is less than dn2's GUID
+ * GREATER_THAN dn1's GUID is greater than dn2's GUID
*
*/
static enum dn_compare_result dn_compare(
TALLOC_CTX *mem_ctx,
struct ldb_context *ldb,
- struct parsed_dn *old_val,
- struct parsed_dn *new_val) {
+ struct parsed_dn *dn1,
+ struct parsed_dn *dn2) {
int res = 0;
/*
* Do a
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via cff1b31 smbd: Simplify downgrade_share_lease
via a93aa15 smbd: Move downgrade_share_lease into downgrade_lease
via 56139b8 smbd: Simplify downgrade_lease
via 664808a smbd: Slightly simplify downgrade_lease()
via 4980e60 smbd: Use find_share_mode_lease() in downgrade_share_lease
via 0e7c546 smbd: Move downgrade_share_lease() to smbd/oplock.c
from 6240022 tests: Check pam_winbind pw change with different options
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit cff1b31c2a82d7e07b7d413bed8a2843f1cd6508
Author: Volker Lendecke
Date: Sun Sep 16 11:25:14 2018 +0200
smbd: Simplify downgrade_share_lease
Coalesce the NT_STATUS_OPLOCK_BREAK_IN_PROGRESS case into just one
if-condition
Signed-off-by: Volker Lendecke
Reviewed-by: Stefan Metzmacher
Autobuild-User(master): Stefan Metzmacher
Autobuild-Date(master): Tue Oct 2 22:22:37 CEST 2018 on sn-devel-144
commit a93aa1511fe71a7d43facb79cca7e89aed289075
Author: Volker Lendecke
Date: Fri Sep 14 16:41:25 2018 +0200
smbd: Move downgrade_share_lease into downgrade_lease
The next step will simplify the logic of the code.
Signed-off-by: Volker Lendecke
Reviewed-by: Stefan Metzmacher
commit 56139b8ec621d47d542042e7aa512aa07fd53fd0
Author: Volker Lendecke
Date: Fri Sep 14 16:10:58 2018 +0200
smbd: Simplify downgrade_lease
To me, the "additive" SMB2_LEASE_WRITE|SMB2_LEASE_HANDLE is easier to
read than the negated ~SMB2_LEASE_READ.
Signed-off-by: Volker Lendecke
Reviewed-by: Stefan Metzmacher
commit 664808af09bf42206af2ce15c9e9b5d773ab56ca
Author: Volker Lendecke
Date: Fri Sep 14 16:03:57 2018 +0200
smbd: Slightly simplify downgrade_lease()
As much as I dislike }else{ and prefer early returns, I even more
dislike asking for the same condition in two different ways.
Signed-off-by: Volker Lendecke
Reviewed-by: Stefan Metzmacher
commit 4980e60dfc5b9e6b96ea8c8de4d2e911c9c2f011
Author: Volker Lendecke
Date: Fri Sep 14 13:30:43 2018 +0200
smbd: Use find_share_mode_lease() in downgrade_share_lease
Simple simplification: In locking/ we did not have the direct
reference to find_share_mode_lock.
Signed-off-by: Volker Lendecke
Reviewed-by: Stefan Metzmacher
commit 0e7c5464631cee3a7eda0d03a941b5179981019c
Author: Volker Lendecke
Date: Fri Sep 14 13:18:50 2018 +0200
smbd: Move downgrade_share_lease() to smbd/oplock.c
This function is pretty closely entangled with its only caller. In
particular the NT_STATUS_OPLOCK_BREAK_IN_PROGRESS triggers acitivity
in the caller, and that's the only case where "*_l" is being set to
non-NULL. Prepare for cleanup
Signed-off-by: Volker Lendecke
Reviewed-by: Stefan Metzmacher
---
Summary of changes:
source3/locking/locking.c | 85 --
source3/locking/proto.h | 6
source3/smbd/oplock.c | 86 ++-
3 files changed, 78 insertions(+), 99 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/locking/locking.c b/source3/locking/locking.c
index 8ee9237..ae5f0bb 100644
--- a/source3/locking/locking.c
+++ b/source3/locking/locking.c
@@ -969,91 +969,6 @@ bool downgrade_share_oplock(struct share_mode_lock *lck,
files_struct *fsp)
return True;
}
-NTSTATUS downgrade_share_lease(struct smbd_server_connection *sconn,
- struct share_mode_lock *lck,
- const struct smb2_lease_key *key,
- uint32_t new_lease_state,
- struct share_mode_lease **_l)
-{
- struct share_mode_data *d = lck->data;
- struct share_mode_lease *l;
- uint32_t i;
-
- *_l = NULL;
-
- for (i=0; inum_leases; i++) {
- if
(smb2_lease_equal(&sconn->client->connections->smb2.client.guid,
-key,
-&d->leases[i].client_guid,
-&d->leases[i].lease_key)) {
- break;
- }
- }
- if (i == d->num_leases) {
- DEBUG(10, ("lease not found\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- l = &d->leases[i];
-
- if (!l->breaking) {
- DBG_WARNING("Attempt to break from %"PRIu32" to %"PRIu32" - "
- "but we're not in breaking state\n",
- l->current_state, new_lease_state);
-
Re: [Patch v7 21/22] CIFS: SMBD: Upper layer performs SMB read via RDMA write through memory registration
> They're basically the same concept, it's a subtle difference. > > FRMR = Fast Register Memory Region > FRWR = Fast Register Work Request > > The memory region is the mr itself, this is created early on. > > The work request is built when actually binding the physical > pages to the region, and setting the offset, length, etc, which > is what's happening in the routine that I made the comment on. > > So, for this discussion I chose to say FRWR. Sorry for any > confusion! Ah, thanks! Confusion resolved:-) metze signature.asc Description: OpenPGP digital signature
Re: [Patch v7 21/22] CIFS: SMBD: Upper layer performs SMB read via RDMA write through memory registration
Hi Tom, >> I just tested that setting: >> >> mr->iova &= (PAGE_SIZE - 1); >> mr->iova |= 0x; >> >> after the ib_map_mr_sg() and before doing the IB_WR_REG_MR, seems to >> work. > > Good! As you know, we were concerned about it after seeing that > the ib_dma_map_sg() code was unconditionally setting it to the > dma_mapped address. By salting those 's with varying data, > this should give your FRWR regions stronger integrity in addition > to not leaking kernel "addresses" to the wire. Just wondering... Isn't the thing we use called FRMR? metze signature.asc Description: OpenPGP digital signature
Re: [Patch v7 21/22] CIFS: SMBD: Upper layer performs SMB read via RDMA write through memory registration
Hi, >> + req->Channel = SMB2_CHANNEL_RDMA_V1_INVALIDATE; >> + if (need_invalidate) >> + req->Channel = SMB2_CHANNEL_RDMA_V1; >> + req->ReadChannelInfoOffset = >> + offsetof(struct smb2_read_plain_req, Buffer); >> + req->ReadChannelInfoLength = >> + sizeof(struct smbd_buffer_descriptor_v1); >> + v1 = (struct smbd_buffer_descriptor_v1 *) &req->Buffer[0]; >> + v1->offset = rdata->mr->mr->iova; > > It's unnecessary, and possibly leaking kernel information, to use > the IOVA as the offset of a memory region which is registered using > an FRWR. Because such regions are based on the exact bytes targeted > by the memory handle, the offset can be set to any value, typically > zero, but nearly arbitrary. As long as the (offset + length) does > not wrap or otherwise overflow, offset can be set to anything > convenient. > > Since SMB reads and writes range up to 8MB, I'd suggest zeroing the > least significant 23 bits, which should guarantee it. The other 41 > bits, party on. You could randomize them, pass some clever identifier > such as MID sequence, whatever. I just tested that setting: mr->iova &= (PAGE_SIZE - 1); mr->iova |= 0x; after the ib_map_mr_sg() and before doing the IB_WR_REG_MR, seems to work. metze signature.asc Description: OpenPGP digital signature
[SCM] Samba Shared Repository - branch v4-7-test updated
The branch, v4-7-test has been updated
via dccaea5 krb5-samba: interdomain trust uses different salt principal
via b31ba49 testprogs/blackbox: let test_trust_user_account.sh check
the correct kerberos salt
via 5f89783 testprogs/blackbox: add testit[_expect_failure]_grep() to
subunit.sh
via fab6d42 samba-tool: add virtualKerberosSalt attribute to 'user
getpassword/syncpasswords'
via f7b9267 s4:selftest: test kinit with the interdomain trust user
account
via 38d7e58 libds: rename UF_MACHINE_ACCOUNT_MASK to
UF_TRUST_ACCOUNT_MASK
via 17ed5e0 vfs_fruit: Don't unlink the main file
via 3d8fdc3 torture: Make sure that fruit_ftruncate only unlinks streams
via 0e8298e s3:smbd: add a comment stating that file_close_user() is
redundant for SMB2
via b7c659a s3:smbd: let session logoff close files and tcons before
deleting the session
via 5125304 s3:smbd: reorder tcon global record deletion and closing
files of a tcon
via 6a179a5 selftest: add a durable handle test with delayed disconnect
via 34b4b5b s4:selftest: reformat smb2_s3only list
via ada2165 vfs_delay_inject: adding delay to VFS calls
via fc3d25b s4:rpc_server/netlogon: don't treet trusted domains as
primary in LogonGetDomainInfo()
via f77ea35 s4:rpc_server/netlogon: make use of talloc_zero_array() for
the netr_OneDomainInfo array
via f73ef35 s4:rpc_server/netlogon: use
samdb_domain_guid()/dsdb_trust_local_tdo_info() to build our netr_OneDomainInfo
values
via ecffd79 s4:dsdb/common: add samdb_domain_guid() helper function
via 14a2695 dsdb:util_trusts: add dsdb_trust_local_tdo_info() helper
function
via 467e6ae dsdb/util_trusts: domain_dn is an input parameter of
dsdb_trust_crossref_tdo_info()
via 8e81aa4 s4:torture/rpc/netlogon: verify the trusted domains output
of LogonGetDomainInfo()
via 435e096a s4:torture/rpc/netlogon: assert that
cli_credentials_get_{workstation,password} don't return NULL
via 592bdff smbd: Fix a memleak in async search ask sharemode
via 8f1183d s3: util: Do not take over stderr when there is no log file
from 1cdf976 s3: smbd: Ensure get_real_filename() copes with empty
pathnames.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test
- Log -
commit dccaea50ce57d6718ffd937cc8b97b64c98c0e79
Author: Alexander Bokovoy
Date: Fri Feb 16 18:15:28 2018 +0200
krb5-samba: interdomain trust uses different salt principal
Salt principal for the interdomain trust is krbtgt/DOMAIN@REALM where
DOMAIN is the sAMAccountName without the dollar sign ($)
The salt principal for the BLA$ user object was generated wrong.
dn: CN=bla.base,CN=System,DC=w4edom-l4,DC=base
securityIdentifier: S-1-5-21-4053568372-2049667917-3384589010
trustDirection: 3
trustPartner: bla.base
trustPosixOffset: -2147483648
trustType: 2
trustAttributes: 8
flatName: BLA
dn: CN=BLA$,CN=Users,DC=w4edom-l4,DC=base
userAccountControl: 2080
primaryGroupID: 513
objectSid: S-1-5-21-278041429-3399921908-1452754838-1597
accountExpires: 9223372036854775807
sAMAccountName: BLA$
sAMAccountType: 805306370
pwdLastSet: 131485652467995000
The salt stored by Windows in the package_PrimaryKerberosBlob
(within supplementalCredentials) seems to be
'W4EDOM-L4.BASEkrbtgtBLA' for the above trust
and Samba stores 'W4EDOM-L4.BASEBLA$'.
While the salt used when building the keys from
trustAuthOutgoing/trustAuthIncoming is
'W4EDOM-L4.BASEkrbtgtBLA.BASE', which we handle correct.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13539
Pair-Programmed-With: Stefan Metzmacher
Signed-off-by: Alexander Bokovoy
Signed-off-by: Stefan Metzmacher
Reviewed-by: Andrew Bartlett
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Wed Sep 5 03:57:22 CEST 2018 on sn-devel-144
(cherry picked from commit f3e349bebc443133fdbe4e14b148ca8db8237060)
Autobuild-User(v4-7-test): Stefan Metzmacher
Autobuild-Date(v4-7-test): Wed Sep 5 18:44:46 CEST 2018 on sn-devel-144
commit b31ba498125995dcb67451e4cb28cc27f9e799ed
Author: Stefan Metzmacher
Date: Tue Sep 4 10:53:52 2018 +0200
testprogs/blackbox: let test_trust_user_account.sh check the correct
kerberos salt
This demonstrates the bug we currently have.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13539
Signed-off-by: Stefan Metzmacher
Reviewed-by: Andrew Bartlett
(cherry picked from commit 1b31fa62567ec549e32c9177b322cfbfb3b6ec1a)
commit 5f8978321fea94bab94810bda4ea4b16928fd150
Author: Stefan Metzmacher
Date: Tue Sep 4 10:38:44 2018 +0200
testprogs/blackbox: add testit[_e
[SCM] Samba Shared Repository - branch v4-8-test updated
The branch, v4-8-test has been updated
via 3ea96a2 krb5-samba: interdomain trust uses different salt principal
via d726535 testprogs/blackbox: let test_trust_user_account.sh check
the correct kerberos salt
via 04fee9e testprogs/blackbox: add testit[_expect_failure]_grep() to
subunit.sh
via e311e6e samba-tool: add virtualKerberosSalt attribute to 'user
getpassword/syncpasswords'
via 0534104 s4:selftest: test kinit with the interdomain trust user
account
via d39a80c libds: rename UF_MACHINE_ACCOUNT_MASK to
UF_TRUST_ACCOUNT_MASK
via 772600f vfs_fruit: Don't unlink the main file
via 64a9107 torture: Make sure that fruit_ftruncate only unlinks streams
via 37f8294 s3:smbd: add a comment stating that file_close_user() is
redundant for SMB2
via 9fe8691 s3:smbd: let session logoff close files and tcons before
deleting the session
via d36fbe9 s3:smbd: reorder tcon global record deletion and closing
files of a tcon
via e667b17 selftest: add a durable handle test with delayed disconnect
via 34eeed2 s4:selftest: reformat smb2_s3only list
via 3304d86 vfs_delay_inject: adding delay to VFS calls
via a2b04c3 s4:rpc_server/netlogon: don't treet trusted domains as
primary in LogonGetDomainInfo()
via 73e383f s4:rpc_server/netlogon: make use of talloc_zero_array() for
the netr_OneDomainInfo array
via 2e7e58a s4:rpc_server/netlogon: use
samdb_domain_guid()/dsdb_trust_local_tdo_info() to build our netr_OneDomainInfo
values
via e7b4313 s4:dsdb/common: add samdb_domain_guid() helper function
via 66a0554 dsdb:util_trusts: add dsdb_trust_local_tdo_info() helper
function
via 96ae85b dsdb/util_trusts: domain_dn is an input parameter of
dsdb_trust_crossref_tdo_info()
via b7bd12d s4:torture/rpc/netlogon: verify the trusted domains output
of LogonGetDomainInfo()
via 7276bdb s4:torture/rpc/netlogon: assert that
cli_credentials_get_{workstation,password} don't return NULL
via 91a5d38 smbd: Fix a memleak in async search ask sharemode
via 8385a0c ctdb-daemon: Log complete eventd startup command
via f3a2f0b ctdb-daemon: Do not retry connection to eventd
via 0f342d4 ctdb-daemon: Wait for eventd to be ready before connecting
via eb3d91e ctdb-daemon: Open eventd pipe earlier
via a4021fb ctdb-daemon: Improve error handling consistency
via ae515ea ctdb-event: Add support to eventd for the startup
notification FD
via 0e50da4 ctdb-common: Add support for sock daemon to notify of
successful startup
via b53eb6f s3: util: Do not take over stderr when there is no log file
from 1b01025 s3: smbd: Ensure get_real_filename() copes with empty
pathnames.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-test
- Log -
commit 3ea96a259258e286284c65e840148b6a7d57a5a8
Author: Alexander Bokovoy
Date: Fri Feb 16 18:15:28 2018 +0200
krb5-samba: interdomain trust uses different salt principal
Salt principal for the interdomain trust is krbtgt/DOMAIN@REALM where
DOMAIN is the sAMAccountName without the dollar sign ($)
The salt principal for the BLA$ user object was generated wrong.
dn: CN=bla.base,CN=System,DC=w4edom-l4,DC=base
securityIdentifier: S-1-5-21-4053568372-2049667917-3384589010
trustDirection: 3
trustPartner: bla.base
trustPosixOffset: -2147483648
trustType: 2
trustAttributes: 8
flatName: BLA
dn: CN=BLA$,CN=Users,DC=w4edom-l4,DC=base
userAccountControl: 2080
primaryGroupID: 513
objectSid: S-1-5-21-278041429-3399921908-1452754838-1597
accountExpires: 9223372036854775807
sAMAccountName: BLA$
sAMAccountType: 805306370
pwdLastSet: 131485652467995000
The salt stored by Windows in the package_PrimaryKerberosBlob
(within supplementalCredentials) seems to be
'W4EDOM-L4.BASEkrbtgtBLA' for the above trust
and Samba stores 'W4EDOM-L4.BASEBLA$'.
While the salt used when building the keys from
trustAuthOutgoing/trustAuthIncoming is
'W4EDOM-L4.BASEkrbtgtBLA.BASE', which we handle correct.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13539
Pair-Programmed-With: Stefan Metzmacher
Signed-off-by: Alexander Bokovoy
Signed-off-by: Stefan Metzmacher
Reviewed-by: Andrew Bartlett
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Wed Sep 5 03:57:22 CEST 2018 on sn-devel-144
(cherry picked from commit f3e349bebc443133fdbe4e14b148ca8db8237060)
Autobuild-User(v4-8-test): Stefan Metzmacher
Autobuild-Date(v4-8-test): Wed Sep 5 18:32:05 CEST 2018 on sn-devel-144
commit d726535d61c6c8ac52e387d500841d6bf967186d
Author: Stefan Metzmacher
Date: Tue
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 7356e81 s3:vfs: fix valgrind warning in
SMB_VFS_{PREAD,PWRITE,FSYNC}_RECV()
from c86f6c2 s4: torture: Ensure we close the handle on the correct
tree-id.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 7356e814dfd3921e465a16cfe4b7998bc6f92dd1
Author: Stefan Metzmacher
Date: Wed Aug 29 04:24:46 2018 +0200
s3:vfs: fix valgrind warning in SMB_VFS_{PREAD,PWRITE,FSYNC}_RECV()
tevent_req_received() destroys 'state', so we need helper variables
to hold the return value.
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
Autobuild-User(master): Stefan Metzmacher
Autobuild-Date(master): Tue Sep 4 10:45:10 CEST 2018 on sn-devel-144
---
Summary of changes:
source3/smbd/vfs.c | 12 +---
1 file changed, 9 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c
index 2687e35..a6c49cf 100644
--- a/source3/smbd/vfs.c
+++ b/source3/smbd/vfs.c
@@ -2579,14 +2579,16 @@ ssize_t SMB_VFS_PREAD_RECV(struct tevent_req *req,
{
struct smb_vfs_call_pread_state *state = tevent_req_data(
req, struct smb_vfs_call_pread_state);
+ ssize_t retval;
if (tevent_req_is_unix_error(req, &vfs_aio_state->error)) {
tevent_req_received(req);
return -1;
}
*vfs_aio_state = state->vfs_aio_state;
+ retval = state->retval;
tevent_req_received(req);
- return state->retval;
+ return retval;
}
ssize_t smb_vfs_call_pwrite(struct vfs_handle_struct *handle,
@@ -2653,14 +2655,16 @@ ssize_t SMB_VFS_PWRITE_RECV(struct tevent_req *req,
{
struct smb_vfs_call_pwrite_state *state = tevent_req_data(
req, struct smb_vfs_call_pwrite_state);
+ ssize_t retval;
if (tevent_req_is_unix_error(req, &vfs_aio_state->error)) {
tevent_req_received(req);
return -1;
}
*vfs_aio_state = state->vfs_aio_state;
+ retval = state->retval;
tevent_req_received(req);
- return state->retval;
+ return retval;
}
off_t smb_vfs_call_lseek(struct vfs_handle_struct *handle,
@@ -2748,14 +2752,16 @@ int SMB_VFS_FSYNC_RECV(struct tevent_req *req, struct
vfs_aio_state *vfs_aio_sta
{
struct smb_vfs_call_fsync_state *state = tevent_req_data(
req, struct smb_vfs_call_fsync_state);
+ ssize_t retval;
if (tevent_req_is_unix_error(req, &vfs_aio_state->error)) {
tevent_req_received(req);
return -1;
}
*vfs_aio_state = state->vfs_aio_state;
+ retval = state->retval;
tevent_req_received(req);
- return state->retval;
+ return retval;
}
/*
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-9-stable updated
The branch, v4-9-stable has been updated via ba2ef7f VERISON: Disable GIT_SNAPSHOT for 4.9.0rc3 release. via 6f1fdf9 WHATSNEW: Add release notes for Samba 4.9.0rc3. via bf3bb82 libsmb: Fix CID 1438243 Unchecked return value via 601eb6b libsmb: Fix CID 1438244 Unsigned compared against 0 via 33c7d3c smbd: Fix CID 1438245 Dereference before null check via 0eaef7e smbd: Fix CID 1438246 Unchecked return value via e30cf1a smbd: Align integer types via 2d5c574 ctdb: add expiry test for ctdb_mutex_ceph_rados_helper via 37b4e0b ctdb_mutex_ceph_rados_helper: fix deadlock via lock renewals via 2849d57 ctdb_mutex_ceph_rados_helper: rename timer_ev to ppid_timer_ev via 5f3548b ctdb_mutex_ceph_rados_helper: use talloc destructor for cleanup via eae828b ctdb_mutex_ceph_rados_helper: Set SIGINT signal handler via 609109d ctdb/build: link ctdb_mutex_ceph_rados_helper against ceph-common via b09fdd0 s3: tests: smbclient. Regression test to ensure we get NT_STATUS_DIRECTORY_NOT_EMPTY on rmdir. via 921a5bb s4/torture: Add new test for DELETE_ON_CLOSE on non-empty directories via 81b0d5c s3/libsmb: Explicitly set delete_on_close token for rmdir via 7ed470b cracknames: Fix DoS (NULL pointer de-ref) when not servicePrincipalName is set on a user via 4a2880b libsmb: Harden smbc_readdir_internal() against returns from malicious servers. via 61e34a2 libsmb: Ensure smbc_urlencode() can't overwrite passed in buffer. via 4897bf3 CVE-2018-10919 tests: Add extra test for dirsync deleted object corner-case via 52b5ed8 CVE-2018-10919 acl_read: Fix unauthorized attribute access via searches via a5cd47d CVE-2018-10919 acl_read: Flip the logic in the dirsync check via 4c201d0 CVE-2018-10919 acl_read: Small refactor to aclread_callback() via 0395055 CVE-2018-10919 acl_read: Split access_mask logic out into helper function via 605a7f3 CVE-2018-10919 security: Fix checking of object-specific CONTROL_ACCESS rights via 9c9f50b CVE-2018-10919 tests: test ldap searches for non-existent attributes. via e2574d0 CVE-2018-10919 tests: Add test case for object visibility with limited rights via 10a2c8d CVE-2018-10919 tests: Add tests for guessing confidential attributes via 17b7206 CVE-2018-10919 security: Add more comments to the object-specific access checks via 5bcbf5a CVE-2018-10919 security: Move object-specific access checks into separate function via 164766b CVE-2018-1140 dns: Add a test to trigger the LDB casefolding issue on invalid chars via e2d6ad5 Release LDB 1.4.2 for CVE-2018-1140 via bf988ac CVE-2018-1140 ldb: Add tests for search add and rename with a bad dn= DN via dc2898f CVE-2018-1140 ldb_tdb: Check for DN validity in add, rename and search via 8fed2cc CVE-2018-1140 ldb_tdb: Ensure the dn in distinguishedName= is valid before use via 504cff7 CVE-2018-1140 ldb: Check for ldb_dn_get_casefold() failure in ldb_sqlite via 31a001f CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in ltdb_index_dn_attr() via 3e89172 CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it is disabled via "ntlm auth". via e2b2c00 CVE-2018-1139 selftest: verify whether ntlmv1 can be used via SMB1 when it is disabled. via 48f5dbd CVE-2018-1139 s3-utils: use enum ntlm_auth_level in ntlm_password_check(). via d171f8d CVE-2018-1139 libcli/auth: fix debug messages in hash_password_check() via 3579ac4 CVE-2018-1139 libcli/auth: Add initial tests for ntlm_password_check() via 7751937 s3/smbd: Ensure quota code is only called when quota support detected via 31e07eb Shorten description in vfs_linux_xfs_sgid manual via 1a0d142 s3:waf: Install eventlogadm to /usr/sbin via b1558f1 systemd: Only start smb when network interfaces are up via 39dc0db ctdb-eventd: Fix CID 1438155 via ec22496 ctdb: Fix a cut&paste error via b0c0a19 s3/utils: fix regression where specifying -Unetbios/root works via 134f17c s3/smbd: allow set quota for non root user (when built with --enable-selftest) via 951722d s3/script/tests: Add simple (smb1 & smb2) get/set/list tests for smbcquotas via a9d0df4 s3/script/test: modify existing smbcquota test to use SMB2 in addition to SMB1. via b65c3de s3/smbd: smb2 server implementation for query get/set info. via 046d3a3 s3/smbd: adjust smb1 server to use idl structs and generated ndr push/pull funcs via bdfcecc s3/libsmb: adjust smb2 code for new idl structs & generated ndr push/pull funcs. via 0ccd34a s3/libsmb: adjust smb1 cli code to use idl structs and ndr push/pull funcs. via 59bb7dd librpc/idl Add some query [getset]info quota related structures
[SCM] Samba Shared Repository - annotated tag ldb-1.3.6 created
The annotated tag, ldb-1.3.6 has been created at 2c866ba7a203f49983aadb7f2880c0475fb22daf (tag) tagging 6b37dea927f4bfc98919282215004def7891687b (commit) replaces samba-4.8.4 tagged by Stefan Metzmacher on Thu Aug 23 15:52:44 2018 +0200 - Log - ldb: tag release ldb-1.3.6 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlt+vCwACgkQR5ORYRMI QCWZNQgAqHW5rHg3atFgTSCZPrK7N2yJOPQ+85wSxt0lOQEXMbc6DGIWMynUssmE 3VBr3a4OzBza1Q6xECOBPlcbTeuJAcIDJZRSvNaNVBQpWm1YRXpkTYYjWNQUiV2O K38UFRo2MIIeUc2S74sz6HPLglvIQb1A/v3rR+rGF8vJdm3PIe9QAGJ2a83xeisj qgpY2oc2/z4bBWnjEOk6rwSelNb3iDORS231iTrMF9+UzwDbDDZ6I6+fFGCgw1b/ TGQwoz1nz1yAiIvJiId9zkMYPcc46D1L8HIwjqU6Ci6Hk0VuBmaLDgVcrROEc3p7 UjEktVKUJsL3YLlNYEHPWgaVZ55QEw== =feam -END PGP SIGNATURE- Alexander Bokovoy (2): tests/auth_log: Permit SMB2 service description if empty binding is used for kerberos authentication samba-tool trust: support discovery via netr_GetDcName Amitay Isaacs (16): replace: Add test for sin6_len in sockaddr_in6 structure ctdb-common: Use sin6_len only if the structure supports it ctdb: Fix build on AIX tdb: Fix build on AIX ctdb-common: Use correct return type for tevent_queue_add_entry wafsamba: Add strict option to CHECK_CODE wafsamba: Be strict when checking __attribute__ features socket_wrapper: Be strict when checking __attribute__ features nss_wrapper: Be strict when checking __attribute__ features pam_wrapper: Be strict when checking __attribute__ features resolv_wrapper: Be strict when checking __attribute__ features uid_wrapper: Be strict when checking __attribute__ features socket_wrapper: Add missing dependency on tirpc ctdb-pmda: Use modified API in pcp library 4.0 ctdb-tests: Avoid segfault by initializing logging ctdb-tests: Avoid segfault by initializing logging Andreas Schneider (4): krb5_plugin: Install plugins to krb5 modules dir krb5_plugin: Move krb5 locator plugin to krb5_plugin subdir docs: Move winbind_krb5_locator manpage to volume 8 docs: Add manpage for winbind_krb5_localauth.8 Andrew Bartlett (3): ldb: Refuse to build Samba against a newer minor version of ldb ldb: Fix missing NULL terminator in ldb_mod_op_test testsuite ldb: Release LDB 1.3.6 Anoop C S (2): s3/libsmb: Explicitly set delete_on_close token for rmdir s4/torture: Add new test for DELETE_ON_CLOSE on non-empty directories Bailey Berro (1): libsmbclient: Initialize written in cli_splice_fallback() David Disseldorp (7): vfs_ceph: don't lie about flock support docs/vfs_ceph: add CTDB_SAMBA_SKIP_SHARE_CHECK=yes caveat ctdb/build: link ctdb_mutex_ceph_rados_helper against ceph-common ctdb_mutex_ceph_rados_helper: use talloc destructor for cleanup ctdb_mutex_ceph_rados_helper: rename timer_ev to ppid_timer_ev ctdb_mutex_ceph_rados_helper: fix deadlock via lock renewals ctdb: add expiry test for ctdb_mutex_ceph_rados_helper Gary Lockyer (2): dns wildcards: tests to confirm BUG 13536 dns wildcards: fix BUG 13536 Jeremy Allison (10): python: pysmbd: Additional error path leak fix. libsmbclient: Initialize written value before use. s3: torture: Test SMB1 cli_splice() fallback path when doing a non-full file splice. s3: libsmbclient: Fix cli_splice() fallback when reading less than a complete file. s3: smbd: Fix Linux sendfile() for SMB2. Ensure we don't spin on EAGAIN. s3: smbd: Fix Solaris sendfile() for SMB2. Ensure we don't spin on EAGAIN. s3: smbd: Fix HPUX sendfile() for SMB2. Ensure we don't spin on EAGAIN. s3: smbd: Fix FreeBSD sendfile() for SMB2. Ensure we don't spin on EAGAIN. s3: smbd: Fix AIX sendfile() for SMB2. Ensure we don't spin on EAGAIN. s3: tests: smbclient. Regression test to ensure we get NT_STATUS_DIRECTORY_NOT_EMPTY on rmdir. Justin Stephenson (2): s3:client: Add --quiet option to smbclient s3:tests: Add test for smbclient --quiet Karolin Seeger (3): VERSION: Bump version up to 4.8.4... Merge tag 'samba-4.8.4' into v4-8-test VERSION: Bump version up to 4.8.5. Martin Schwenke (7): ctdb-client: Fix typo where CTDB_BROADCAST_ALL is repeated ctdb-tests: Add check for non-lmaster node status in integration tests ctdb-tests: Add a simple test for database traverses ctdb-server: Rename CTDB_BROADCAST_VNNMAP -> CTDB_BROADCAST_ACTIVE ctdb-docs: Fix the documentation for VNN map ctdb-tests: Switch fake_ctdbd to use ctdb_get_peer_pid() ctdb-daemon: Only consider client ID for local database attach Noel Power (13): s3/lib: Fix misleading typo in debug message s3/libsmb: Avoid potential smbpanic calling parse_user_quota_list.
[SCM] Samba Shared Repository - annotated tag ldb-1.5.1 created
The annotated tag, ldb-1.5.1 has been created at 46e75c1db906219c5b53f67d2ee5d88521b4f732 (tag) tagging bdbb9422c0430d74c3173822257e23a9dfb2713e (commit) replaces ldb-1.5.0 tagged by Stefan Metzmacher on Thu Aug 16 10:44:25 2018 +0200 - Log - ldb: tag release ldb-1.5.1 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlt1OWkACgkQR5ORYRMI QCUPSQf/R5JPqOfkhfXuNaG69HFHzhuZ2KutZVoCYDnT9S/n53TfDJ6HowOoxYNp Ni9H5i63CncdWr0+Zc5TAb5mAQ+9lCnT5EDvZY77dvAsgmGeSstPslt/WFNBtzIm VJx4i7DJECR3VNalAY+PsfaLqiqsb/USw/Sqs4JLhOxxOLclHjIhcdIPWwFPXNg4 1XfM44yHE60kAYUcnngbswJhZ4tlWmxqXzqz6+wk5TYW0LBcNEwHOQisLB8TOVc6 ELpCzKb4oDadyMGC3ybd4etW1EHd1cdFqvRipQAcXcVtWLKoKXgXhq43ySHuRPJl nYty0+1nBSWXvwClqUMRmPEUtQNMFQ== =FOjL -END PGP SIGNATURE- Andreas Schneider (1): s3:libads: Free addr before we free the context Andrej Gessel (2): fix mem leak in ltdb_index_dn_base_dn and ltdb_search_indexed fix mem leak in ldbsearch Andrew Bartlett (5): cracknames: Fix DoS (NULL pointer de-ref) when not servicePrincipalName is set on a user ldb_tdb: Remove pointless check of ldb_dn_is_valid() ldb: Add new function ldb_dn_add_child_val() ldb: extend API tests ldb: Release LDB 1.5.1 Gary Lockyer (1): CVE-2018-10919 tests: test ldap searches for non-existent attributes. Jeremy Allison (2): libsmb: Ensure smbc_urlencode() can't overwrite passed in buffer. libsmb: Harden smbc_readdir_internal() against returns from malicious servers. Joe Guo (1): ldb: no need to call del_transaction in ldb_transaction_commit Kai Blin (1): CVE-2018-1140 dns: Add a test to trigger the LDB casefolding issue on invalid chars Tim Beale (10): CVE-2018-10919 security: Move object-specific access checks into separate function CVE-2018-10919 security: Add more comments to the object-specific access checks CVE-2018-10919 tests: Add tests for guessing confidential attributes CVE-2018-10919 tests: Add test case for object visibility with limited rights CVE-2018-10919 security: Fix checking of object-specific CONTROL_ACCESS rights CVE-2018-10919 acl_read: Split access_mask logic out into helper function CVE-2018-10919 acl_read: Small refactor to aclread_callback() CVE-2018-10919 acl_read: Flip the logic in the dirsync check CVE-2018-10919 acl_read: Fix unauthorized attribute access via searches CVE-2018-10919 tests: Add extra test for dirsync deleted object corner-case Timur I. Bakeyev (1): ldb tests: fix assertion on wrong pointer --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag ldb-1.4.2 created
The annotated tag, ldb-1.4.2 has been created at 826a35bd813bc4a830ae1ecefe145d379bda0c39 (tag) tagging e2d6ad5147e0bf5869e94eb60c49c385e91eba5d (commit) replaces samba-4.9.0rc2 tagged by Stefan Metzmacher on Tue Aug 14 21:25:13 2018 +0200 - Log - ldb: tag release ldb-1.4.2 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAltzLJkACgkQR5ORYRMI QCXOfwf/VbfN80BCJW0nCaed1cm2ndqViv6oqhivKiJT0p0UgRtVNiGOqhZXAhq0 Up3x9ckRZhQHflUo/L5zOG/BLWJh6nWCDesVPOofpYoaI0T02soImmF2naFsXUrR e6JHItyTw6dUDFY1I1vZzuBYb+GthuZfIHnbtCjuHqrUrhZS3YubJphNuD+dHNuS mG2U7TkfZvyI1DlP+QHIWyWuzxCEP7b4vMyhsOZVOabxuhRK/rUVhNak19yNeE3I /4PYK3QoOzZgKH6hTTSSPfytLkAA3IeDirgf4bDFovA5xOair7aiU17G3UNSg8gu l24fMK2shap8Ao8HKWgSl6gQWzzUZQ== =Dlfg -END PGP SIGNATURE- Amitay Isaacs (1): ctdb-eventd: Fix CID 1438155 Andreas Schneider (1): s3:waf: Install eventlogadm to /usr/sbin Andrej Gessel (1): CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in ltdb_index_dn_attr() Andrew Bartlett (6): CVE-2018-1139 libcli/auth: Add initial tests for ntlm_password_check() CVE-2018-1140 ldb: Check for ldb_dn_get_casefold() failure in ldb_sqlite CVE-2018-1140 ldb_tdb: Ensure the dn in distinguishedName= is valid before use CVE-2018-1140 ldb_tdb: Check for DN validity in add, rename and search CVE-2018-1140 ldb: Add tests for search add and rename with a bad dn= DN Release LDB 1.4.2 for CVE-2018-1140 Günther Deschner (5): s3-tldap: do not install test_tldap CVE-2018-1139 libcli/auth: fix debug messages in hash_password_check() CVE-2018-1139 s3-utils: use enum ntlm_auth_level in ntlm_password_check(). CVE-2018-1139 selftest: verify whether ntlmv1 can be used via SMB1 when it is disabled. CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it is disabled via "ntlm auth". Justin Stephenson (1): Shorten description in vfs_linux_xfs_sgid manual Karolin Seeger (1): VERSION: Bump version up to 4.9.0rc3... Noel Power (13): s3/lib: Fix misleading typo in debug message s3/libsmb: Avoid potential smbpanic calling parse_user_quota_list. s3/smbd: Don't stat when doing a quota operation (as it's a fake file) librpc/idl Add some query [getset]info quota related structures s3/libsmb: adjust smb1 cli code to use idl structs and ndr push/pull funcs. s3/libsmb: adjust smb2 code for new idl structs & generated ndr push/pull funcs. s3/smbd: adjust smb1 server to use idl structs and generated ndr push/pull funcs s3/smbd: smb2 server implementation for query get/set info. s3/script/test: modify existing smbcquota test to use SMB2 in addition to SMB1. s3/script/tests: Add simple (smb1 & smb2) get/set/list tests for smbcquotas s3/smbd: allow set quota for non root user (when built with --enable-selftest) s3/utils: fix regression where specifying -Unetbios/root works s3/smbd: Ensure quota code is only called when quota support detected Oleksandr Natalenko (1): systemd: Only start smb when network interfaces are up Volker Lendecke (1): ctdb: Fix a cut&paste error --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via bf3bb82 libsmb: Fix CID 1438243 Unchecked return value via 601eb6b libsmb: Fix CID 1438244 Unsigned compared against 0 via 33c7d3c smbd: Fix CID 1438245 Dereference before null check via 0eaef7e smbd: Fix CID 1438246 Unchecked return value via e30cf1a smbd: Align integer types via 2d5c574 ctdb: add expiry test for ctdb_mutex_ceph_rados_helper via 37b4e0b ctdb_mutex_ceph_rados_helper: fix deadlock via lock renewals via 2849d57 ctdb_mutex_ceph_rados_helper: rename timer_ev to ppid_timer_ev via 5f3548b ctdb_mutex_ceph_rados_helper: use talloc destructor for cleanup via eae828b ctdb_mutex_ceph_rados_helper: Set SIGINT signal handler via 609109d ctdb/build: link ctdb_mutex_ceph_rados_helper against ceph-common via b09fdd0 s3: tests: smbclient. Regression test to ensure we get NT_STATUS_DIRECTORY_NOT_EMPTY on rmdir. via 921a5bb s4/torture: Add new test for DELETE_ON_CLOSE on non-empty directories via 81b0d5c s3/libsmb: Explicitly set delete_on_close token for rmdir via 7ed470b cracknames: Fix DoS (NULL pointer de-ref) when not servicePrincipalName is set on a user via 4a2880b libsmb: Harden smbc_readdir_internal() against returns from malicious servers. via 61e34a2 libsmb: Ensure smbc_urlencode() can't overwrite passed in buffer. via 4897bf3 CVE-2018-10919 tests: Add extra test for dirsync deleted object corner-case via 52b5ed8 CVE-2018-10919 acl_read: Fix unauthorized attribute access via searches via a5cd47d CVE-2018-10919 acl_read: Flip the logic in the dirsync check via 4c201d0 CVE-2018-10919 acl_read: Small refactor to aclread_callback() via 0395055 CVE-2018-10919 acl_read: Split access_mask logic out into helper function via 605a7f3 CVE-2018-10919 security: Fix checking of object-specific CONTROL_ACCESS rights via 9c9f50b CVE-2018-10919 tests: test ldap searches for non-existent attributes. via e2574d0 CVE-2018-10919 tests: Add test case for object visibility with limited rights via 10a2c8d CVE-2018-10919 tests: Add tests for guessing confidential attributes via 17b7206 CVE-2018-10919 security: Add more comments to the object-specific access checks via 5bcbf5a CVE-2018-10919 security: Move object-specific access checks into separate function via 164766b CVE-2018-1140 dns: Add a test to trigger the LDB casefolding issue on invalid chars via e2d6ad5 Release LDB 1.4.2 for CVE-2018-1140 via bf988ac CVE-2018-1140 ldb: Add tests for search add and rename with a bad dn= DN via dc2898f CVE-2018-1140 ldb_tdb: Check for DN validity in add, rename and search via 8fed2cc CVE-2018-1140 ldb_tdb: Ensure the dn in distinguishedName= is valid before use via 504cff7 CVE-2018-1140 ldb: Check for ldb_dn_get_casefold() failure in ldb_sqlite via 31a001f CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in ltdb_index_dn_attr() via 3e89172 CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it is disabled via "ntlm auth". via e2b2c00 CVE-2018-1139 selftest: verify whether ntlmv1 can be used via SMB1 when it is disabled. via 48f5dbd CVE-2018-1139 s3-utils: use enum ntlm_auth_level in ntlm_password_check(). via d171f8d CVE-2018-1139 libcli/auth: fix debug messages in hash_password_check() via 3579ac4 CVE-2018-1139 libcli/auth: Add initial tests for ntlm_password_check() from 7751937 s3/smbd: Ensure quota code is only called when quota support detected https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit bf3bb82d8a7e31950f01a3508787a8e6951ea9a4 Author: Volker Lendecke Date: Wed Aug 8 10:14:26 2018 +0200 libsmb: Fix CID 1438243 Unchecked return value BUG: https://bugzilla.samba.org/show_bug.cgi?id=13553 Signed-off-by: Volker Lendecke Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Wed Aug 8 23:10:22 CEST 2018 on sn-devel-144 Autobuild-User(v4-9-test): Stefan Metzmacher Autobuild-Date(v4-9-test): Tue Aug 14 20:49:09 CEST 2018 on sn-devel-144 commit 601eb6bc3fa5b44841bdbc31f31c42f21feb0982 Author: Volker Lendecke Date: Wed Aug 8 10:08:38 2018 +0200 libsmb: Fix CID 1438244 Unsigned compared against 0 ndr_size_dom_sid returns a size_t, so that can't be <0. Also, the only case that ndr_size_dom_sid returns 0 is a NULL sid pointer. ndr_size_dom_sid can reasonably be assumed to not overflow, the number of sub-auths is a uint8. That times 4 plus 8 always fits into a size_t. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13553 Signed-off-by: Volker Lendecke Reviewed-by:
[SCM] Samba Shared Repository - annotated tag ldb-1.5.0 created
The annotated tag, ldb-1.5.0 has been created at 505c6917218418b34bff8567126552e58e0c2e49 (tag) tagging b7f0ee93f58e663bb8fc0b39985aa49b254582d9 (commit) replaces samba-4.9.0rc1 tagged by Stefan Metzmacher on Tue Aug 14 17:34:50 2018 +0200 - Log - ldb: tag release ldb-1.5.0 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlty9poACgkQR5ORYRMI QCUtxQf/dOtUFhflHWWWrnrKaJbbGQ8DMF+ZO/JDEgGA1T6KgZsFZ3mxFEcbiOHN X+qfvL/+iZuOXs0umc6kHXOowFT7zOs1FqGvGwOY2kgYaShj9eFkMjqy32Xg2N1p 5+N4wm+8+G9A/A1wkmvmAgYiaHtO1y9azb1XLGj2ijYiT9yUXYAtviZdBDbwenlq oK46GZskRw8OtYj5N+9v+3+njAJ1o7cfocCrYuNQA+r3qu5YhiAvzQZtGrnnwtPu n4dkZ+TQRoFZHri19PnfhV7S8pwwe0zfkutKCji/EvCvkFLSqTVrRBWmevUQSGiS VwSL00NMdFjJZ1Esvx4lbEWejF9qHg== =TKe6 -END PGP SIGNATURE- Aaron Haslett (5): tdb: adding readonly locks mode to tdbbackup tool tdb: test for readonly locks mode on tdbbackup command netcmd: domain backup offline command netcmd: domain backup offline command - offline test with ldapcmp selftest: offline backup restore target Alexander Bokovoy (6): wafsamba/samba_abi: always hide ABI symbols which must be local s4-dns_server: Only build dns server Python code for AD DC s4-dsdb: only build dsdb Python modules for AD DC python/samba/tests: make sure samba.tests can be imported without SamDB tests/auth_log: Permit SMB2 service description if empty binding is used for kerberos authentication samba-tool trust: support discovery via netr_GetDcName Amitay Isaacs (27): popt: Check for headers only if building in-tree version popt: Add check for iconv library ctdb-tests: Add errno matching utility ctdb-tests: Add required_error() to match on error codes ctdb-common: Switch to ETIMEDOUT from ETIME ctdb-event: Switch to ETIMEDOUT instead of ETIME ctdb-daemon: Switch to using ETIMEDOUT instead of ETIME ctdb-client: Switch to ETIMEDOUT instead of ETIME ctdb-tests: Add ps output filter for freebsd ctdb-tests: Add signal code matching utility ctdb-tests: Use sigcode to match signals ctdb-tests: Porting tests should ignore unsupported features ctdb-common: Add line based I/O ctdb-protocol: Avoid fgets in ctdb_connection_list_read ctdb-common: Add fd argument to ctdb_connection_list_read() ctdb-tests: Do not try to match pstree output in eventd tests ctdb-tests: Simplify pattern matching for ctime output ctdb-scripts: date "+%N" is non-portable ctdb-tests: Use portable wc -c instead of stat -c "%s" ctdb-tests: Replace md5sum with posix cksum ctdb-tests: Use errcode to translate ETIMEDOUT ctdb-tests: Fix a typo ctdb-tests: Strip all spaces from od output ctdb-common: Fix the TCP packet length check ctdb-eventd: Fix CID 1438155 dlz-bind: Add support for BIND 9.12.x provision: Add support for BIND 9.12.x Andreas Schneider (11): s3:waf: Install eventlogadm to /usr/sbin lib: Add support to parse MS Catalog files wbinfo: Free memory when we leave wbinfo_dsgetdcname() s3:passdb: Don't leak memory on error in fetch_ldap_pw() s3:utils: Do not overflow the destination buffer in net_idmap_restore() s3:utils: Do not leak memory in new_user() s4:lib: Fix a possible fd leak in gp_get_file() s3:client: Avoid a possible fd leak in do_get() s3:libads: Fix memory leaks in ads_krb5_chg_password() s3:registry: Fix possible memory leak in _reg_perfcount_multi_sz_from_tdb() s3:winbind: Fix memory leak in nss_init() Andrej Gessel (1): CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in ltdb_index_dn_attr() Andrew Bartlett (7): autobuild: Test with and without building bundled popt CVE-2018-1139 libcli/auth: Add initial tests for ntlm_password_check() CVE-2018-1140 ldb: Check for ldb_dn_get_casefold() failure in ldb_sqlite CVE-2018-1140 ldb_tdb: Ensure the dn in distinguishedName= is valid before use CVE-2018-1140 ldb_tdb: Check for DN validity in add, rename and search CVE-2018-1140 ldb: Add tests for search add and rename with a bad dn= DN Release LDB 1.5.0 for CVE-2018-1140 Anoop C S (4): s3/locking: Fix assertion check on lock reference count s3/locking: Corrections and improvements to inline comments s3/libsmb: Explicitly set delete_on_close token for rmdir s4/torture: Add new test for DELETE_ON_CLOSE on non-empty directories Björn Jacke (1): docs: mention that the echo handler is for SMB1 only Christof Schmitt (1): selftest: Load time_audit and full_audit modules for all tests David Disseldorp (8): s3: torture: adjust SMB1 cli_splice() test sizes dbwrap: determine basename once instead of three times docs/kerneloplocks: drop I
[SCM] Samba Shared Repository - annotated tag ldb-1.3.5 created
The annotated tag, ldb-1.3.5 has been created at fe1a5a7a9f4589018ec7e1e3c943eb074e43cb41 (tag) tagging 5ad366eb3db510d7e2dd54a7a796180416dea315 (commit) replaces samba-4.8.3 tagged by Stefan Metzmacher on Tue Aug 14 10:54:14 2018 +0200 - Log - ldb: tag release ldb-1.3.5 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAltymLYACgkQR5ORYRMI QCV5AQf/WFx3qiDLXylbs5V+Nrw7SxECQGasy/cTZ1og6iNkL6jJpSoc3aX3/0fo 3k+XCnVbHYFCazzIpHb6C5qPREHWFcMvbH3m2vUwMdCqVsYgDGXVa55dQNMx99HH RZeWyFPfUJF4+ph4f1wJyGeqFSSlhxyHGQml07y6y9FGOav/79DRx3isx08rgIOo 9k9bcOtjxubQuC8/V7GNppDPyxblAydWe2IVb8LTjoSYQIBNfXB8lKWi575JkdJP 17K1aHjTAzGhuGoOcIQ+zz0jOzJtd4UHat4QKsa80s6OJcWmMPPjMqKnOU7ZgpHr kdbiK3s/ln2o4U79vh9OVcyJcOckSw== =OXOR -END PGP SIGNATURE- Andrej Gessel (1): CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in ltdb_index_dn_attr() Andrew Bartlett (7): CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when not servicePrincipalName is set on a user CVE-2018-1139 libcli/auth: Add initial tests for ntlm_password_check() CVE-2018-1140 ldb: Check for ldb_dn_get_casefold() failure in ldb_sqlite CVE-2018-1140 ldb_tdb: Ensure the dn in distinguishedName= is valid before use CVE-2018-1140 ldb_tdb: Check for DN validity in add, rename and search CVE-2018-1140 ldb: Add tests for search add and rename with a bad dn= DN ldb: Release LDB 1.3.5 for CVE-2018-1140 Douglas Bagnall (1): selftest/tests.py: remove always-needed, never-set with_cmocka flag Gary Lockyer (1): CVE-2018-10919 tests: test ldap searches for non-existent attributes. Günther Deschner (4): CVE-2018-1139 libcli/auth: fix debug messages in hash_password_check() CVE-2018-1139 s3-utils: use enum ntlm_auth_level in ntlm_password_check(). CVE-2018-1139 selftest: verify whether ntlmv1 can be used via SMB1 when it is disabled. CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it is disabled via "ntlm auth". Jeremy Allison (2): CVE-2018-10858: libsmb: Ensure smbc_urlencode() can't overwrite passed in buffer. CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against returns from malicious servers. Karolin Seeger (1): VERSION: Bump version up to 4.8.4... Tim Beale (10): CVE-2018-10919 security: Move object-specific access checks into separate function CVE-2018-10919 security: Add more comments to the object-specific access checks CVE-2018-10919 tests: Add tests for guessing confidential attributes CVE-2018-10919 tests: Add test case for object visibility with limited rights CVE-2018-10919 security: Fix checking of object-specific CONTROL_ACCESS rights CVE-2018-10919 acl_read: Split access_mask logic out into helper function CVE-2018-10919 acl_read: Small refactor to aclread_callback() CVE-2018-10919 acl_read: Flip the logic in the dirsync check CVE-2018-10919 acl_read: Fix unauthorized attribute access via searches CVE-2018-10919 tests: Add extra test for dirsync deleted object corner-case --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via 516a440 s3: vfs: bump to version 39, Samba 4.9 will ship with that from ef0cae1 VERSION: Bump version up to 4.9.0rc2... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit 516a440b156e7ec586256067427efbe99fd9bc1a Author: Ralph Boehme Date: Tue Mar 13 16:17:27 2018 +0100 s3: vfs: bump to version 39, Samba 4.9 will ship with that Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher (cherry picked from commit b2ae22a310c07da61ca5d57cba1b403851e928d9) Autobuild-User(v4-9-test): Stefan Metzmacher Autobuild-Date(v4-9-test): Thu Jul 26 21:24:08 CEST 2018 on sn-devel-144 --- Summary of changes: source3/include/vfs.h | 1 + 1 file changed, 1 insertion(+) Changeset truncated at 500 lines: diff --git a/source3/include/vfs.h b/source3/include/vfs.h index 4e5b787..8e2cbc3 100644 --- a/source3/include/vfs.h +++ b/source3/include/vfs.h @@ -245,6 +245,7 @@ /* Version 37 - Rename SMB_VFS_STRICT_LOCK to SMB_VFS_STRICT_LOCK_CHECK */ /* Version 38 - Remove SMB_VFS_INIT_SEARCH_OP */ +/* Bump to version 39, Samba 4.9 will ship with that */ /* Version 39 - Remove SMB_VFS_FSYNC Only implement async versions. */ /* Version 39 - Remove SMB_VFS_READ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 4e711d1 smbd: don't client->connections without checking client !=
NULL first in exit_server_common()
from 5ab0b4a examples/VFS/skel_transparent: make vfs_fn_pointers static
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 4e711d18c8e9953aca2ca64179c3d0b305a41c62
Author: Ralph Boehme
Date: Wed Jul 25 20:02:23 2018 +0200
smbd: don't client->connections without checking client != NULL first in
exit_server_common()
exit_server_common() can be called also in smbd processes without a
smbXsrv_client structure, e.g. the parent or some background tasks.
Signed-off-by: Ralph Boehme
Reviewed-by: Stefan Metzmacher
Autobuild-User(master): Stefan Metzmacher
Autobuild-Date(master): Thu Jul 26 01:29:38 CEST 2018 on sn-devel-144
---
Summary of changes:
source3/smbd/server_exit.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/server_exit.c b/source3/smbd/server_exit.c
index 149cd86..cc8ea18 100644
--- a/source3/smbd/server_exit.c
+++ b/source3/smbd/server_exit.c
@@ -96,6 +96,7 @@ static void exit_server_common(enum server_exit_reason how,
if (client != NULL) {
sconn = client->sconn;
+ xconn = client->connections;
}
if (!exit_firsttime)
@@ -108,7 +109,7 @@ static void exit_server_common(enum server_exit_reason how,
/*
* Here we typically have just one connection
*/
- for (xconn = client->connections; xconn != NULL; xconn = xconn_next) {
+ for (; xconn != NULL; xconn = xconn_next) {
xconn_next = xconn->next;
DLIST_REMOVE(client->connections, xconn);
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 5ab0b4a examples/VFS/skel_transparent: make vfs_fn_pointers static
via f37f8cc examples/VFS/skel_opaque: make vfs_fn_pointers static
via 53d7822 examples/VFS/skel_opaque: fix a likely a copy/paste error
via bd79564 s3:modules: add vfs_not_implemented module
via cd37bad vfs_aio_pthread: use event context and threadpool from
user_vfs_evg
via 2dd95c1 s3: vfs: add user_vfs_evg to connection_struct
via 1251a53 s3: vfs: add smb_vfs_ev_glue
via 0c97226 smbd: introduce sconn->sync_thread_pool
via 2be7518 smbd: rename sconn->pool to sconn->raw_thread_pool
via 0e900d6 smbd: add missing DO_PROFILE_INC(disconnect) to
smbd_server_connection_terminate_ex()
via 8d4792e smbd: disconnect/destroy all connections before calling
smbXsrv_session_logoff_all()
via 9848727 smbd: only pass struct smbXsrv_client to
smbXsrv_session_logoff_all()
via 5cb94ca smbd: only pass struct smbXsrv_client to
smb1srv_tcon_disconnect_all()
via 3fd1a41 pthreadpool: add a missing include
from a5e02f7 lib audit_logging: add _WARN_UNUSED_RESULT_
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 5ab0b4af9edbd50c0c7747840f9b3aca9cb01da8
Author: Stefan Metzmacher
Date: Wed Jul 25 12:30:37 2018 +0200
examples/VFS/skel_transparent: make vfs_fn_pointers static
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
Autobuild-User(master): Stefan Metzmacher
Autobuild-Date(master): Wed Jul 25 20:44:12 CEST 2018 on sn-devel-144
commit f37f8cca3ba70db326caabc27397719bca6fcc68
Author: Ralph Boehme
Date: Wed Jul 25 15:47:37 2018 +0200
examples/VFS/skel_opaque: make vfs_fn_pointers static
Signed-off-by: Ralph Boehme
Reviewed-by: Stefan Metzmacher
commit 53d78225ffd81e24fe00a013f7497851965c8171
Author: Ralph Boehme
Date: Wed Jul 25 15:45:44 2018 +0200
examples/VFS/skel_opaque: fix a likely a copy/paste error
This line was probably copied over from skel_transparent.c, remove it.
Signed-off-by: Ralph Boehme
Reviewed-by: Stefan Metzmacher
commit bd79564af10052e5b7bf4c446118b6eeb1b1e589
Author: Stefan Metzmacher
Date: Wed Jul 25 12:26:05 2018 +0200
s3:modules: add vfs_not_implemented module
This provides helper functions, which can be used by other modules,
if they don't implement a specific function.
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
commit cd37badc02b3e56f974168b28447444cd54ee541
Author: Ralph Boehme
Date: Fri Jul 13 16:48:19 2018 +0200
vfs_aio_pthread: use event context and threadpool from user_vfs_evg
Or the root glue in case we're already root.
Pair-Programmed-With: Stefan Metzmacher
Signed-off-by: Stefan Metzmacher
Signed-off-by: Ralph Boehme
commit 2dd95c1c38b9e1ce32d3d1081b6ec177910087a4
Author: Ralph Boehme
Date: Thu Jul 5 13:09:53 2018 +0200
s3: vfs: add user_vfs_evg to connection_struct
This will be used to in order to pass down the
impersonation magic from the SMB layer through
the SMB_VFS layer.
This includes the following options:
smbd:force sync user path safe threadpool
smbd:force sync user chdir safe threadpool
smbd:force sync root path safe threadpool
smbd:force sync root chdir safe threadpool
They can be used in order to test the non linux code
path on linux, once we get code that makes full use
of the new infrastructure.
Pair-Programmed-With: Stefan Metzmacher
Signed-off-by: Stefan Metzmacher
Signed-off-by: Ralph Boehme
commit 1251a536df4b1df58d9ddacab03d3ebe6f4e5b60
Author: Ralph Boehme
Date: Sun Jul 8 16:28:02 2018 +0200
s3: vfs: add smb_vfs_ev_glue
This adds VFS helper functions and that work on a struct smb_vfs_ev_glue
object which bundles two event contexts and a few threadpools.
This will be used to streamline the use of impersonating wrappers
in the SMB_VFS.
Notice the verbose comments in source3/smbd/vfs.c.
This will allow us to introduce path based async operations
to the SMB_VFS layer.
Pair-Programmed-With: Stefan Metzmacher
Signed-off-by: Stefan Metzmacher
Signed-off-by: Ralph Boehme
commit 0c97226356f2ba5f01a58d361371055caf11e2a7
Author: Stefan Metzmacher
Date: Tue Jul 24 10:56:34 2018 +0200
smbd: introduce sconn->sync_thread_pool
This just simulates a threadpool, but executes the
job functions inline (blocking) in the main thread.
This will be used to work arround some OS limitations,
e.g. if per thread credentials or per thread working directory
are not supported.
Signed-off-by: Stefan Metzmacher
Reviewed-by:
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 1e78cb5 s3: vfs: bump to version 40, Samba 4.10 will ship with that via b2ae22a s3: vfs: bump to version 39, Samba 4.9 will ship with that via 55097f7 s3: vfs: add missing tevent_req_received() to SMB_VFS_FSYNC_RECV() via d769e9e s3: vfs: add missing tevent_req_received() to SMB_VFS_PWRITE_RECV() via 83f01b0 s3: vfs: add missing tevent_req_received() to SMB_VFS_PREAD_RECV() via 27bb2cb vfs_default: fix async fsync idle/busy time profiling via 580ff20 s3: libsmb: use smb2cli_conn_max_trans_size() in cli_smb2_list() via 76c68bc s4: libcli/smb2: calculate correct credit charge for finds via 7d1de8b s3: lib/xattr_tdb: fix listing xattrs via 1bc92d1 vfs_default: call smb_vfs_assert_all_fns() via 42e99ec examples/VFS/skel_transparent: call smb_vfs_assert_all_fns() via 829fdf1 examples/VFS/skel_transparent: add missing durable handle functions via 68b8e5a examples/VFS/skel_transparent: add missing audit_file_fn via f9db9ae examples/VFS/skel_opaque: call smb_vfs_assert_all_fns() via d163353 examples/VFS/skel_opaque: add missing durable handle functions via b294c7c examples/VFS/skel_opaque: add missing audit_file_fn via 010bbe5 autobuild: add some basic tests for the all static build from 7d40f60 winbind: Move variable declarations close to their use https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1e78cb57f663fa3592655d9b8dfa25ae9a81ff7d Author: Ralph Boehme Date: Tue Mar 13 16:17:27 2018 +0100 s3: vfs: bump to version 40, Samba 4.10 will ship with that Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Wed Jul 25 03:23:44 CEST 2018 on sn-devel-144 commit b2ae22a310c07da61ca5d57cba1b403851e928d9 Author: Ralph Boehme Date: Tue Mar 13 16:17:27 2018 +0100 s3: vfs: bump to version 39, Samba 4.9 will ship with that Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit 55097f7d1d836471363011a8777224af0c772905 Author: Ralph Boehme Date: Thu Jul 12 14:44:40 2018 +0200 s3: vfs: add missing tevent_req_received() to SMB_VFS_FSYNC_RECV() Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit d769e9ea4087dc8e7224f440db6801e0a8a2d801 Author: Ralph Boehme Date: Thu Jul 12 14:44:27 2018 +0200 s3: vfs: add missing tevent_req_received() to SMB_VFS_PWRITE_RECV() Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit 83f01b0212cbdd9af88a46a8f1c5c27626e63537 Author: Ralph Boehme Date: Thu Jul 12 14:43:55 2018 +0200 s3: vfs: add missing tevent_req_received() to SMB_VFS_PREAD_RECV() Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit 27bb2cbc2ed6e5f3309a4abb1d7f74e3c4a21830 Author: Ralph Boehme Date: Wed Jun 20 10:54:04 2018 +0200 vfs_default: fix async fsync idle/busy time profiling Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit 580ff206431969dc2924d520053b956b7169ca07 Author: Ralph Boehme Date: Tue Mar 20 15:27:44 2018 +0100 s3: libsmb: use smb2cli_conn_max_trans_size() in cli_smb2_list() Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit 76c68bc20f06e3e6244ef1a6b0d4b43be8ebea42 Author: Ralph Boehme Date: Thu Mar 22 10:07:49 2018 +0100 s4: libcli/smb2: calculate correct credit charge for finds Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit 7d1de8bd48c0ea1e0ddd9f103d6fb1c7c3855c93 Author: Ralph Boehme Date: Thu Jun 28 21:47:54 2018 +0200 s3: lib/xattr_tdb: fix listing xattrs If there's no record in the xattr.tdb, dbwrap_fetch() will return NT_STATUS_NOT_FOUND. That should not result in an error in callers of xattr_tdb_load_attrs(). Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit 1bc92d1090cb26b66c84e46b76411e6481869866 Author: Stefan Metzmacher Date: Mon Jul 23 09:14:36 2018 +0200 vfs_default: call smb_vfs_assert_all_fns() This module needs to implement every call. Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit 42e99ec331dd667f145389683d7a0d8d310a8275 Author: Stefan Metzmacher Date: Mon Jul 23 09:02:52 2018 +0200 examples/VFS/skel_transparent: call smb_vfs_assert_all_fns() This template should always include all calls. Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme commit 829fdf10303fed8ed0e972cc2391bc88eebb3bb6 Author: Ralph Boehme Date: Tue Jul 24 22:03:01 2018 +0200 examples/VFS/skel_transparent: add missing durable handle functions Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher c
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 3eee52b pthreadpool: allocate glue->tctx on glue as memory context.
via 2575642 pthreadpool: maintain a global list of orphaned
pthreadpool_tevent_jobs
via fa070d9 pthreadpool: make use of pthreadpool_stop() in
pthreadpool_tevent_destructor()
via 791c051 pthreadpool: add pthreadpool_tevent_job_cancel()
via 245d684 pthreadpool: split out pthreadpool_tevent_job from
pthreadpool_tevent_job_state
via cdbad90 pthreadpool: let pthreadpool_tevent_job_send() fail with an
invalid pool
via f19552e pthreadpool: split out a pthreadpool_stop() from
pthreadpool_destroy()
via 5976841 pthreadpool: don't process further jobs when shutting down
via 4e54543 pthreadpool: add pthreadpool_cancel_job()
via e4dfd3d pthreadpool: add pthreadpool_tevent_max_threads() and
pthreadpool_tevent_queued_jobs()
via 505d298 pthreadpool: add pthreadpool_max_threads() and
pthreadpool_queued_jobs() helpers
via 76474a6 pthreadpool: expand test_create() to check unlimited, sync
and one thread pool
via f1dac71 pthreadpool: fix helgrind error in pthreadpool_free()
via c9f54db pthreadpool: use talloc_zero() in tests_cmocka.c
setup_pthreadpool_tevent()
via e45d33e pthreadpool: use strict sync processing only with
max_threads=0
via 03830a3 pthreadpool: consitently use unlock_res for
pthread_mutex_unlock() in pthreadpool_add_job()
via 65faef9 s3:messages: explicitly use max_thread=unlimited for
pthreadpool_tevent_init() in messaging_dgm_init()
via 53a9f3c pthreadpool: explicitly use max_thread=unlimited for
pthreadpool_tevent_init() tests
via 5e723bc pthreadpool: use unsigned for num_idle, num_threads and
max_threads
via 19e4a08 pthreadpool: correctly handle
pthreadpool_tevent_register_ev() failures
via c310647 smbd: remove unused change_to_root_user() from
brl_timeout_fn()
via d0b1f96 smbd: remove unused change_to_root_user() from
smbd_sig_hup_handler()
via e37e41b smbd: avoid explicit change_to_user() in
defer_rename_done() already done by impersonation
via 1b804f7 smbd: implement
smbd_impersonate_{conn_vuid,conn_sess,root,guest}_create() wrappers
via 0dcaa07 smbd: make use of
smbd_impersonate_{conn_vuid,conn_sess,root,guest}_create() wrappers
via 5285966 smbd: add simple noop
smbd_impersonate_{conn_vuid,conn_sess,root,guest}_create() wrappers
via 23319ef smbd: add smbd_impersonate_debug_create() helper
via 7b5a47b smbd: add [un]become_guest() helper functions
from 710ce1c WHATSNEW: Start release notes for Samba 4.10.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 3eee52b44daa8544e1c1fb609f901a3a96b29b25
Author: Stefan Metzmacher
Date: Fri Jun 22 17:11:53 2018 +0200
pthreadpool: allocate glue->tctx on glue as memory context.
This means it will go aways together with glue and thte event context.
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
Autobuild-User(master): Stefan Metzmacher
Autobuild-Date(master): Thu Jul 12 17:18:01 CEST 2018 on sn-devel-144
commit 25756425aaf5465e56ea809cd415b6a387848919
Author: Stefan Metzmacher
Date: Wed Jun 20 13:38:19 2018 +0200
pthreadpool: maintain a global list of orphaned pthreadpool_tevent_jobs
Instead of leaking the memory forever, we retry the cleanup,
if other pthreadpool_tevent_*() functions are used.
pthreadpool_tevent_cleanup_orphaned_jobs() could also be called
by external callers.
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
commit fa070d90074629cb8262bc4e2a6ceef57a9fbd5c
Author: Stefan Metzmacher
Date: Wed Apr 25 20:25:21 2018 +0200
pthreadpool: make use of pthreadpool_stop() in
pthreadpool_tevent_destructor()
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
commit 791c05144ee9296024cc0fdebe4afeaaf67e26bc
Author: Stefan Metzmacher
Date: Wed Apr 25 14:43:22 2018 +0200
pthreadpool: add pthreadpool_tevent_job_cancel()
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
commit 245d684d28dab630f3d47ff61006a1fe3e5eeefa
Author: Stefan Metzmacher
Date: Fri Jun 22 01:39:47 2018 +0200
pthreadpool: split out pthreadpool_tevent_job from
pthreadpool_tevent_job_state
This makes it much easier to handle orphaned jobs,
we either wait for the immediate tevent to trigger
or we just keep leaking the memory.
The next commits will improve this further.
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
commit cdbad9041b8afd3f0436fbeb5d6b50f9f1ada60d
Author: Stefan Metzmacher
Date: Fri Apr 20 15:07:08 2018 +0200
pthreadpool: let pthreadpool_tevent_job_send() fail with an invalid pool
[SCM] Samba Shared Repository - annotated tag ldb-1.4.1 created
The annotated tag, ldb-1.4.1 has been created at 17acc22526716af4c1f173c95626682003a72cc9 (tag) tagging 3eecdbcc38dbe084b285c9720443d819304f7b97 (commit) replaces talloc-2.1.14 tagged by Stefan Metzmacher on Thu Jul 12 07:55:32 2018 +0200 - Log - ldb: tag release ldb-1.4.1 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAltG7VQACgkQR5ORYRMI QCXxpQf8CL4/3SUOVGkcmRB7BOTEN3g/228BpNFKFFj7xlM4grF+6zTDupsnlLs2 jKPwS61Ulq2LvWOBNfw4tjRT1d0h9HdK672/fPja3tT8bcwF9F5QVcMO/+XrZH+d lNJ52kwS1upFU0pQnPAiuQ+9x9u6MBSWp+TGBufzpWTDBuicL9EeDVjL7Q7V2lqt bNKANMroR6405JRDKvUa4Pw31PXMqnRbP5vLCnFYllxKncYP/M95fh7kVjVZLLgm TmFHrE+sz13Sc5qsmWDtHLwrN5KUlR5/QDQh9oiFoVcAVoSpWfJus6kxsEVaQtQi aBL/tD2m2WQ0OcJkjRfVEr0XUPVMTA== =kowD -END PGP SIGNATURE- Stefan Metzmacher (1): ldb: version 1.4.1 --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag talloc-2.1.14 created
The annotated tag, talloc-2.1.14 has been created at ccc62a47c22f4b3007ae22e7a47e45904bf3e4e2 (tag) tagging df858ec17e1d86ac983f0e74f7b80fbac64cab30 (commit) replaces tdb-1.3.16 tagged by Stefan Metzmacher on Thu Jul 12 07:54:48 2018 +0200 - Log - talloc: tag release talloc-2.1.14 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAltG7SgACgkQR5ORYRMI QCVYcAgAgVAqHAms+Vt0fOH2bidFH7eRIjg/By2Oms6vapKiOoDcKRIGvfc6xfYo /IEtmaddQ+qy28lMzTlmcKkXv+2/3HmcGLC0GBsf90ySEtVuIt36A70p1hY45kTM 6yNIlrak8z+Q5nFhFdKp7d5DNfH/uIxMB1GWIUeuIFgEr0TAb5fYrc1JEirAtcGv 9tBWVSYOrPnSAm7zQGdzgI3/IuDaam/UHqIRxZa2zgGvl+FKcKJEC27zn5l4dZ2Y bMk1zciHDrzX6/qVdu4jQRTisLZEqRnU908WPromhrOEB3yOXqSzPnMZoRZNdcGJ jsjZL8T0sK44FOSywfuSaCEZ69lD2A== =H6AE -END PGP SIGNATURE- Stefan Metzmacher (1): talloc: version 2.1.14 --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag tdb-1.3.16 created
The annotated tag, tdb-1.3.16 has been created
at 1830c1e4027572713cbafe276d0ececebf040417 (tag)
tagging b9efc5a628007f84c650789027385faaace913e8 (commit)
replaces tevent-0.9.37
tagged by Stefan Metzmacher
on Thu Jul 12 07:54:09 2018 +0200
- Log -
tdb: tag release tdb-1.3.16
-BEGIN PGP SIGNATURE-
iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAltG7QEACgkQR5ORYRMI
QCV/Nwf/Z+nLu6X45Wk4xol6qwHirEvfSTKq+mSTCBNoxeEgBuN4mhH98MuLG5W8
Nq4M7m1ZwNrKWXN7oxkvdcltSg2OCQVuyi1Kgalwiv3nuchhCkAOCFBVRZfxZJGF
gjVnthsrOU0hp/CnauZWTQL3E/MwLGVDpzukkmDz588SDeFUer54KKRT4Mk1UsDx
7S464XgWjNZV00CcRxJRtQljv3GW033CPJdhLLVTyvoKW9Q3QSgzf9mUYIjnx5Q0
ef5zkPgkHBd2yMom3BK+Bq5Dz8pn3IF2WsNuOuwjOsdy/Rsmhm834qBfrD/0brWv
BykVzS5rmrfQE54vt8IL3MToCmM9gg==
=sxcB
-END PGP SIGNATURE-
Aaron Haslett (12):
dns: record aging tests
rpc dns: setting timestamp to 0 on RPC processed records
rpc dns: reading zone properties from LDB
rpc dns: reset dword aging related zone properties
dns: moving name_equal func into common
dns: server side implementation of record aging
dns: custom match rule for DNS records to be tombstoned
dns: Use ldb.SCOPE_SUBTREE in ldap_get_records() routine in tests/dns.py
dns: dns record scavenging function (without task)
dns+kcc: adding dns scavenging to kcc periodic run
dns: update tool changed for scavenging
dns: static records
Andrew Bartlett (11):
WHATSNEW: Add entry for "Dynamic DNS record scavenging support"
docs: Explain that "max xmit" is SMB1 only
WHATSNEW: Fix spelling
selftest: Add tests for samba.auth.admin_session()
python: Add samba.auth.session_info_fill_unix()
tests/posixacl: Test with and without filling in the unix_token
WHATSNEW: document sysvolreset improvement
WHATSNEW: Explain that Jansson is requied for AD DC, mention
--without-json-audit
docs: Remove mention of --without-json-audit from the AD DC
ldb: Ban ldb 1.4.x with Samba 4.8 and earlier
ldb: Refuse to build Samba against a newer minor version of ldb
Bob Campbell (1):
python/tests: check setting values on dnsRecord attributes
Gary Lockyer (5):
smb.conf: add dns_zone_scavenging
dns: Reformat DNS with clang-format
tests dns: fix rpc null byte test
tests dns: dns.py remove flake8 warnings
tests dns: dns_base.py remove flake8 warnings
Joe Guo (16):
pysmbd: add session_info arg to get_conn_tos
pysmbd: add session_info arg to py_smbd_set_nt_acl
smbd/msdfs: add null check for session_info.unix_info
smbd/posix_acls: reuse secutiry token from session info if exist
ntacls: reuse predefined SECURITY_SECINFO_FLAGS
ntacls: add session_info arg to setntacl and pass down to set_nt_acl api
provision/setsysvolacl: build session_info and pass down to setntacl
provision/setsysvolacl: create helper function to simplify code
tests/posixacl: rm commented code
tests/posixacl: define global DOM_SID to make code DRY
tests/posixacl: define global ACL to make code DRY
tests/posixacl: remove unused imports
tests/posixacl: use assertRaises to simplify code
tests/posixacl: rm duplicated test
tests/posixacl: move setUp and tearDown to top
tests/posixacl: derive a new testcase to run same tests with session
Stefan Metzmacher (7):
s3:messages: protect against usage of wrapper tevent_context objects for
messaging
s3:messages: allow messaging_{dgm,ctdb}_register_tevent_context() to use
wrapper tevent_context
s3:messages: allow messaging_dgm_ref() to use wrapper tevent_context
s3:messages: allow messaging_filtered_read_send() to use wrapper
tevent_context
s4:messaging: allow imessaging_post_handler() to free the messaging
context from a handler
s4:messaging: make sure only imessaging_client_init() can be used with a
wrapper tevent_context wrapper
tdb: version 1.3.16
Timur I. Bakeyev (1):
WHATSNEW: Add note about defaults changes for the vfs_full_audit and
acceptance of all syslog facilities for all audit modules.
Volker Lendecke (5):
lib: Multi-line a long line in wscript_build
lib: Add tevent_req_profile helpers
torture: Test tevent_req_profile
winbindd: Convert process_request() to tevent_req
winbindd: Do request profiling
---
--
Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag tevent-0.9.37 created
The annotated tag, tevent-0.9.37 has been created at d4347fecc1529d308abe71a609fcc74a502bfe6c (tag) tagging f4fe3f77669875070cd7ba4a28ad33f6a058f105 (commit) replaces ldb-1.4.0 tagged by Stefan Metzmacher on Thu Jul 12 07:53:02 2018 +0200 - Log - tevent: tag release tevent-0.9.37 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAltG7L4ACgkQR5ORYRMI QCW0qAf/ZH8gFDxajI7ZwkN2mpeEpw1ZtBppvxX9dd2BTt3QTL8YkIFfCXtj3Ac5 Y4PU67FdmlYhe5QGUDDo8gYMqoH1La79Wnd4YYH1+sUwHX2cPqp7dQ3jNmBhwwAu WkdmebwlhP/vm0LBlDlBv4w7m6m3EPP4KYte8aiqbhMvA78BvaZnt8Lt6rtPCjWN Y57nZYForN3iXix7nxCd8ilRCC8+lRy/Xp3dPJ0DqvivgRRrPyC9/8vT5xUCa7Mp KO03YVz6oQqXfgOvOYKAMSnamoD764qRDMwMwiRR/xwXfJfcglkSKQ8/rFIAVENn opLN+eeVN9zlEKVdeWzc7k2SqqxDCA== =Jd04 -END PGP SIGNATURE- Aaron Haslett (6): samba: read backup date field on init and fail if present param: Add non-global smb.cfg option (support 2 different smb.confs) join: Pipe through dns_backend option for clones netcmd: domain backup online command netcmd: domain backup restore command tests: Add tests for the domain backup online/restore commands Amit Kumar (1): MAN: Adding entry for net ads lookup Amitay Isaacs (47): ctdb-common: Simplify process registration using linked list ctdb-common: Do not initialize run_proc inside run_event ctdb-common: Rename run_event_script_list to run_event_list ctdb-common: Return script_list for zero scripts ctdb-common: Improve error handling in run_event ctdb-common: Reset running state on failure ctdb-common: Add support to run events through failure ctdb-common: Correctly handle conf->reload() replace: Add test for sin6_len in sockaddr_in6 structure ctdb-common: Use sin6_len only if the structure supports it ctdb-build: Add checks for raw pkt handling support ctdb-build: Add ipv6 headers check for packet details ctdb: Fix build on AIX tdb: Fix build on AIX ctdb-common: Use correct return type for tevent_queue_add_entry ctdb-tests: Avoid segfault by initializing logging ctdb-daemon: Avoid closing stdin when running in interactive mode ctdb-daemon: Set environment variable if running in interactive mode wafsamba: Add strict option to CHECK_CODE wafsamba: Be strict when checking __attribute__ features socket_wrapper: Be strict when checking __attribute__ features replace: Be strict when checking __attribute__ features nss_wrapper: Be strict when checking __attribute__ features pam_wrapper: Be strict when checking __attribute__ features resolv_wrapper: Be strict when checking __attribute__ features uid_wrapper: Be strict when checking __attribute__ features ctdb-protocol: Separate protocol-basic subsystem ctdb-build: Add ctdb prefix to build target ctdb-tests: Separate testing code for basic data types ctdb-common: Add client pid to connect callback in sock_daemon ctdb-event: Add event daemon protocol ctdb-event: Add event daemon implementation ctdb-event: Add event daemon client code ctdb-event: Add event daemon client tool ctdb-tests: Rename eventd testsuite to ctdb_eventd ctdb-event: Add tests for event daemon ctdb-daemon: Switch to starting new event daemon ctdb-tools: Switch to using new event daemon tool ctdb-tests: Remove tests for old event daemon ctdb-daemon: Remove old event daemon ctdb-tools: Remove old event daemon tool ctdb-client: Remove client code for old event daemon ctdb-protocol: Remove protocol for old event daemon ctdb-daemon: Add client code to talk to new event daemon ctdb-tests: Switch to using new event daemon ctdb-common: Fix CID 437606 ctdb-tests: Avoid segfault by initializing logging Andreas Schneider (14): testparm: Remove warning from the last century samdb: Fix build error with gcc8 s3:registry: Fix buffer truncation issues issues with gcc8 s3:smbget: Fix buffer truncation issues with gcc8 s3:winbind: Fix regression introduced with bso #12851 krb5_plugin: Add winbind localauth plugin for MIT Kerberos krb5_plugin: Install plugins to krb5 modules dir krb5_plugin: Move krb5 locator plugin to krb5_plugin subdir docs: Move winbind_krb5_locator manpage to volume 8 docs: Add manpage for winbind_krb5_localauth.8 nsswitch: Add tests to lookup user via getpwnam s3:winbind: Do not lookup local system accounts in AD nsswitch: Use a swtich in the wbinfo test to lookup users winbind_krb5_localauth: Fix a compiler warning Andrej Gessel (3): Fix several mem leaks in ldb_index ldb_search ldb_tdb ldb: check return values check return value before using key_values Andrew Bartlett (33): selftest: M
[SCM] Samba Shared Repository - annotated tag ldb-1.3.4 created
The annotated tag, ldb-1.3.4 has been created at 92c2eab8320300bf8f1ef8f97781791b38836f07 (tag) tagging e25631d6be56374b69209afafda0fc4485bc8b54 (commit) replaces samba-4.8.2 tagged by Stefan Metzmacher on Tue Jun 26 21:12:19 2018 +0200 - Log - ldb: tag release ldb-1.3.4 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAlsykBMACgkQR5ORYRMI QCUG1QgAxRFAL79USfUGLPbr+JHPazvpGjA/DV98Z85SsolZ3cP8FOhIPYBiuwfN qRfjNkkV41k7DB0EXMFwtKinfhzo990WP101oxXByLS5GNAl/HzPZah20ICL0B71 T6vIMs4yhdxVO4eN55KrpFnjSSWENuUEvAalrWKi6h6kSPPXzDNtDqgOy0ppxkrH cpgLodyZTX75Ww0qzN3xEtgiBMRWqGyF+Diq6unvkdMmer3LPpXazeLJsSrNHjSi MaZ3IgJqMFZZ3yj//sucZSKw8R3zxJOQX3ILBUSow9R8Yzy0xmeb0c7gNKWrFZZF EIVLZ23maGy4bYiBUOvdj7k6TY6SeQ== =lLqR -END PGP SIGNATURE- Andreas Schneider (24): selftest: Make sure we have correct group mappings nsswitch: Add a test looking up the user using the upn nsswitch: Add a test looking up domain sid nsswitch: Lookup the domain in tests with the wb seperator selftest: Add a user with a different userPrincipalName nsswitch:tests: Add test for wbinfo --user-info winbind: Remove unused function parse_domain_user_talloc() winbind: Fix UPN handling in parse_domain_user() winbind: Fix UPN handling in canonicalize_username() s3:utils: Do not segfault on error in DoDNSUpdate() lib:util: Fix string check in mkdir_p() s4:torture: Use strlcpy() in gen_name() s3:lib: Use memcpy() in escape_ldap_string() s3:passdb: Fix size of ascii_p16 s3:winbind: Fix uninitialzed variable warning lib:util: Fix parameter aliasing in tfork test lib:util: Fix size types in debug.c s4:ntvfs: Fix string copy of share_name lib: Fix array size in audit_logging krb5_plugin: Add winbind localauth plugin for MIT Kerberos s3:registry: Fix buffer truncation issues issues with gcc8 s3:smbget: Fix buffer truncation issues with gcc8 s3:winbind: Fix regression introduced with bso #12851 samdb: Fix build error with gcc8 Andrej Gessel (3): ldb: check return values check return value before using key_values Fix several mem leaks in ldb_index ldb_search ldb_tdb Andrew Bartlett (12): s3-lib: Remove support for libexc for IRIX backtraces lib/util: Log PANIC before calling pacic action just like s3 lib/util: Move log_stack_trace() to common code lib/util: Call log_stack_trace() in smb_panic_default() ldb: Save a copy of the index result before calling the callbacks. ldb: Indicate that the ltdb_dn_list_sort() in list_union is a bit subtle. ldb: Explain why an entry can vanish from the index ldb: One-level search was incorrectly falling back to full DB scan ldb: Add tests for when we should expect a full scan ldb_tdb: Use mem_ctx and so avoid leak onto long-term memory on duplicated add. .gitlab-ci.yml: Adapt to current GitLab CI setup ldb: version 1.3.4 Christof Schmitt (6): selftest: Add dfq_cache share with 'dfree cache time' set selftest: Add test for 'dfree cache' memcache: Add new cache type for dfree information smbd: Cache dfree information based on query path smbd: Flush dfree memcache on service reload krb5_wrap: fix keep_old_entries logic for older kerberos libraries Günther Deschner (6): s4-heimdal: Fix the format-truncation errors. s3-winbindd: use fill_domain_username_talloc() in winbind. s3-winbindd: remove unused fill_domain_username() s3-printing: fix format-truncation in print_queue_update() s4-torture: fix format-truncation warning in smb2 session tests. s3-utils: fix format-truncation in smbpasswd Jeffrey Altman (1): heimdal: lib/krb5: do not fail set_config_files due to parse error Jeremy Allison (5): s3: smbd: Fix SMB2-FLUSH against directories. s3: smbtorture: Add new SMB2-DIR-FSYNC test to show behavior of FSYNC on directories. s3: torture: Add DELETE-PRINT test. s3: smbd: printing: Re-implement delete-on-close semantics for print files missing since 3.5.x. python: Fix talloc frame use in make_simple_acl(). Karolin Seeger (2): VERSION: Bump version up to 4.8.3... bla Lukas Slebodnik (1): ldb: Fix memory leak on module context Ralph Boehme (2): s4:torture/smb2: new test for interaction between chown and SD flags s3:smbd: fix interaction between chown and SD flags Stefan Metzmacher (4): winbind: Pass upn unmodified to lookup names auth/ntlmssp: add ntlmssp_client:ldap_style_send_seal option s4:selftest: run test_ldb_simple.sh with more auth options auth/ntlmssp: fix handling of GENSEC_FEATURE_LDAP_STYLE as a server Volker Lendecke (1): libgpo: Fix the
[SCM] Samba Shared Repository - branch master updated
df5e459 s3:lib: add caching to set_current_user_info()
from 5d4f229 s4-dsdb: fix the build of audit_util.c
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log ---------
commit 721fbbfa7001b2788602106101f0407483894322
Author: Stefan Metzmacher
Date: Thu Mar 22 10:54:41 2018 +0100
smbd: remove unused smbd_server_connection->ev_ctx
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
Autobuild-User(master): Stefan Metzmacher
Autobuild-Date(master): Mon Jun 18 11:46:36 CEST 2018 on sn-devel-144
commit 894e5001c747ce765dad5517778dda55d7d1f4d9
Author: Stefan Metzmacher
Date: Thu Mar 22 10:54:41 2018 +0100
smbd: add an effective {smb,smbd_smb2}_request->ev_ctx that holds the event
context used for the request processing
In future this will an impersonation wrapper tevent_context based on the
user session.
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
commit f2df8be16be9dccd3d10ec060f1efbe5007a28c6
Author: Stefan Metzmacher
Date: Thu Mar 22 10:54:41 2018 +0100
smbd: add an effective connection_struct->user_ev_ctx that holds the event
context used for the current user
This will be filled with an impersonation wrapper in the next commits.
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
commit c835ffa72ddfd2431d22909148913b50f0d829d1
Author: Stefan Metzmacher
Date: Thu Mar 22 10:54:41 2018 +0100
smbd: use sconn->root_ev_ctx for smbd_sig_{term,hup}_handler()
They already call change_to_root_user(), which can be removed
later.
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
commit 182991c26c8149c79b13a277b9822efc49fd1df0
Author: Stefan Metzmacher
Date: Thu Mar 22 10:54:41 2018 +0100
smbd: use sconn->root_ev_ctx for brl_timeout_fn()
This already calls change_to_root_user(), which can be removed
later.
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
commit 146938217ed1ab9a7a9f38c055fec5513cbd5c4d
Author: Stefan Metzmacher
Date: Thu Mar 22 10:54:41 2018 +0100
smbd: add smbd_server_connection->{root,guest}_ev_ctx pointer
For now these are just the same as smbd_server_connection->ev_ctx,
but this will change in future and we'll use impersonation wrappers.
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
commit f5f9b719741465c7be3de20a6a69ec106ecc4568
Author: Stefan Metzmacher
Date: Thu Mar 22 10:54:41 2018 +0100
smbd: use raw_ev_ctx to clear the MSG_SMB_CONF_UPDATED registration
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
commit dc517b20f60a156d73fdd551557eb1d4366dfdeb
Author: Stefan Metzmacher
Date: Thu Mar 22 10:54:41 2018 +0100
smbd: explain that/why we use the raw tevent_context for
linux_oplock_signal_handler()
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
commit 1d5210b615035e46b90758ac7aa4ceec9174bee5
Author: Stefan Metzmacher
Date: Thu Mar 22 10:54:41 2018 +0100
smbd: explain that/why we use the raw tevent_context for do_break_to_none()
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
commit e73eaa3c8004d3d8aff316cdb26b0bef85eceaca
Author: Stefan Metzmacher
Date: Thu Mar 22 10:54:41 2018 +0100
smbd: explain that/why we use the raw tevent_context for
oplock_timeout_handler()
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
commit 52f098d38da72d6eff3c4cac61487da897a8651c
Author: Stefan Metzmacher
Date: Thu Mar 22 10:54:41 2018 +0100
smbd: explain that/why we use the raw tevent_context for
lease_timeout_handler()
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
commit 7cfafaf190643eb28fc95d21a02a4e5e529e16d1
Author: Stefan Metzmacher
Date: Thu Mar 22 10:54:41 2018 +0100
smbd: explain that/why we use the raw tevent_context for
update_write_time_handler()
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
commit b0af5715b0a7592a9728e0b76f653b9ab6228708
Author: Stefan Metzmacher
Date: Thu Mar 22 10:54:41 2018 +0100
vfs_glusterfs: explain that/why we use the raw tevent_context in
init_gluster_aio()
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
commit 6114f9545fa856717220658e87f2a60f6767b7f4
Author: Stefan Metzmacher
Date: Thu Mar 22 10:54:41 2018 +0100
smbd: add smbd_server_connection->raw_ev_ctx pointer
This will replace smbd_server_connection->ev_ctx in the next commits.
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
commit c059f0ae729a47883362a1ba01b530b3d743bc45
Author: Stefan Metzmacher
Date: Thu Mar 22 10:54:41 2018 +0100
smbd: use req->xconn->client->raw_ev_ctx for
schedule_deferred_open_message_smb(
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 5ef6775 smbd: don't call change_to_root_user() before
change_to_guest()
via 9393d95 smbd: remove useless allow_access() check for AS_GUEST
via 51407b9 smbd: split out a fsp_flush_write_time_update() function
from update_write_time_handler()
via 553df61 smbd: make smbd_setup_sig_{term,hup}_handler() static
via 55b1b55 vfs_glusterfs: use tevent_req_defer_callback() in order to
use the correct event context
via efce558 smbd: call samba_tevent_context_init() within
create_conn_struct_as_root()
via ee8ea5c smbd: use pconn = talloc_move(ctx, &conn) in
create_conn_struct_as_root()
via d156483 smbd: remove unused create_conn_struct() function
via b5302c6 smbd: let create_conn_struct_tos() use
create_conn_struct_as_root() directly
via b71362b vfstest: make use of create_conn_struct_tos()
via cdb875f smbd: remove unused create_conn_struct_cwd() function
via 240c47c printing: convert delete_driver_files() to use
create_conn_struct_tos_cwd()
via ae32a26 printing: convert move_driver_to_download_area() to use
create_conn_struct_tos_cwd()
via 76297c3 printing: convert get_correct_cversion() to use
create_conn_struct_tos_cwd()
via e56bb42 printing: add an explicit talloc_stackframe() to
delete_driver_files()
via a2ad24f printing: add an explicit talloc_stackframe() to
move_driver_to_download_area()
via bad43d3 printing: add an explicit talloc_stackframe() to
get_correct_cversion()
via 7d493ea printing: add more 'const' to read only input pointers
via 498830c s3:rpc_server/srvsvc: _srvsvc_NetSetFileSecurity
form_junctions() to use create_conn_struct_tos_cwd()
via f9860b6 s3:rpc_server/srvsvc: _srvsvc_NetGetFileSecurity() to use
create_conn_struct_tos_cwd()
via 185d471 s3:rpc_server/srvsvc: add an explicit talloc_stackframe()
to _srvsvc_NetSetFileSecurity()
via 44e3c03 s3:rpc_server/srvsvc: add an explicit talloc_stackframe()
to _srvsvc_NetGetFileSecurity()
via 36d3de0 smbd: convert form_junctions() to use
create_conn_struct_tos_cwd()
via bcb4d42 smbd: convert count_dfs_links() to use
create_conn_struct_tos_cwd()
via 73e5d47 smbd: convert get_referred_path() to use
create_conn_struct_tos_cwd()
via 42610e0 smbd: convert junction_to_local_path() to use
create_conn_struct_tos_cwd()
via 2401e25 smbd: add an explicit talloc_stackframe() to
form_junctions()
via 15ea2c1 smbd: add an explicit talloc_stackframe() to
count_dfs_links()
via e3837d3 smbd: add an explicit talloc_stackframe() to
get_referred_path()
via a9f5dcd smbd: add an explicit talloc_stackframe() to
{create,remove}_msdfs_link()
via ac922eb s3:rpc_server/fss: make use of create_conn_struct_tos()
via 7983c70 s3:rpc_server/fss: use talloc_stackframe() for temporary
memory
via 96ac5a8 smbd: make use of create_conn_struct_tos() in
get_nt_acl_no_snum()
via 1566766 pysmbd: make use of create_conn_struct_tos()
via 67ea594 pysmbd: remove explicit talloc_stackframe() from get_conn()
and name it get_conn_tos()
via 539f51f pysmbd: fix some talloc_stackframe() memory leaks and clean
up the frame hierarchy in make_simple_acl().
via 7ef67df pysmbd: consitently use talloc_stackframe() for temporary
memory
via cbde2e3 pysmbd: remove useless explicit conn_free() from
set_nt_acl_conn()
via 66bc2c4 smbd: add create_conn_struct_tos[_cwd]() helper functions
via ebae5e0 printing: remove unused arguments from
delete_and_reload_printers()
via 72bd688 printing: remove unused arguments from load_printers()
from d33c355 CID 1416475: possibly dereferencing NULL in fruit_pread_meta
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 5ef6775919e83fdae66385db8d1579fa259602f1
Author: Stefan Metzmacher
Date: Wed May 23 14:26:37 2018 +0200
smbd: don't call change_to_root_user() before change_to_guest()
This is just an optimization and it makes it clearer
that calling change_to_root_user() just before change_to_guest()
is useless and confusing.
We call change_to_guest() before set_current_service() now,
but that has no impact as we pass 'do_chdir=false'
as AS_GUEST is never mixed with AS_USER or DO_CHDIR.
Signed-off-by: Stefan Metzmacher
Reviewed-by: Jeremy Allison
Autobuild-User(master): Stefan Metzmacher
Autobuild-Date(master): Thu Jun 14 23:38:55 CEST 2018 on sn-devel-144
commit 9393d95f22276a5374f991746d48050fe0be47c5
Author: Stefan Metzmacher
Date: Wed May 23 14:23:17 2018 +0200
smbd: remove useless allow_access() check for AS_GUEST
We already call allow_access() when we accept the con
[SCM] Samba Shared Repository - annotated tag ldb-1.4.0 created
The annotated tag, ldb-1.4.0 has been created
at 7558352d92528cb3d7d92c0a05e18ee48fb262d5 (tag)
tagging 4e2eb5660a11cea215d39495844aa76ffb5a1a2e (commit)
replaces talloc-2.1.13
tagged by Stefan Metzmacher
on Wed May 30 15:30:34 2018 +0200
- Log -
ldb: tag release ldb-1.4.0
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQEcBAABAgAGBQJbDqd6AAoJEEeTkWETCEAlqGcH/j3s431HObSY3N0MHs45J+eq
fHOF9cnRTLtLu98Tr9bkh4zc73LH6rZSSHPxpQh2DqpLlkYQU/PuX9Dg+SmfcxpQ
8eQTPrKpCqHLsiDYZ0qKP1h6fjedNdbqt070QKMimVXQc5YWrW9Su2+k1ao+Z/5u
Ws8ING9c7YTZxLnalWadpBttcSU2GBhX3YdBsw10RHNw6MSrTp0saB4BXKdc1y/d
EUYjieyReuc1ll9ikIAY9fiAzgyoIPb5ipVImGqSUHINI00wrBbW+g2P7a6CzKtC
H/3qztZhPd1m9yw1aFLv1iagBa5Q/biEsP4OaHL5fwxDcnhz72vE/pb2ROwfj6A=
=CMYJ
-END PGP SIGNATURE-
Aaron Haslett (5):
ldb: removing prior secret from logs
samdb rid: clear cache to prevent old ntds_guid
devel: removing unused code from chgkrbtgtpass
auth: keytab invalidation test
auth: keytab invalidation fix
Amitay Isaacs (20):
ctdb-client: Remove ununsed functions from old client code
ctdb-build: Drop unnessary dependency on ctdb-client
ctdb-daemon: Move ctdb_client.c to server/ subdir
ctdb-build: Rename ctdb-client2 subsystem to ctdb-client
third_party: Update popt to 1.16 release
ctdb-packaging: Package all helpers using wildcard
ctdb-common: Add command line processing abstraction
ctdb-common: Add utility code to get various paths
ctdb-common: Add path tool
ctdb-tests: Setup $CTDB_BASE/{run,var} directories
util: Add tini to samba-util-core
ctdb-common: Add config file parsing code
ctdb-common: Add config options tool
ctdb-common: Refactor log backend parsing code
ctdb-common: Add a function to validate logging specification
ctdb-tools: Add logging config options to config tool
ctdb-common: Fix CID 1435599
ctdb-event: Add event daemon config file options
ctdb-tools: Add event daemon config options to config tool
socket_wrapper: Add missing dependency on tirpc
Andreas Schneider (35):
wafsamba: Add '-Werror=strict-overflow -Wstrict-overflow=2' to the
developer build
s3:passdb: Do not return OK if we don't have pinfo set up
s3:smbspool: Fix cmdline argument handling
selftest: Make sure we have correct group mappings
nsswitch: Add a test looking up the user using the upn
nsswitch: Add a test looking up domain sid
nsswitch: Lookup the domain in tests with the wb seperator
selftest: Add a user with a different userPrincipalName
nsswitch:tests: Add test for wbinfo --user-info
winbind: Remove unused function parse_domain_user_talloc()
winbind: Fix UPN handling in parse_domain_user()
winbind: Fix UPN handling in canonicalize_username()
s4:dsdb:tests: Add return code check
s3:winbind: Initialize validation_level in winbind_dual_SamLogon()
s3:modules: Initialize pointers in vfs_virusfilter
s4:torture: Make sure variable is initialized in oplock test
libcli: Fix coverity warning in smb2cli_notify_send()
s3:smbd: Fix converity warning with _smb_setlen_large()
ctdb: Check return values of tevent_req_set_endtime()
s3:libsmbclient: Use const for setting and getting strings
s4:torture: Do not leak memory in libsmbclient test
s4:torture: Do not leak file descriptor in smb2 oplock test
s3:utils: Do not segfault on error in DoDNSUpdate()
s3:winbind: Add sanity check when closing fd
s3:winbind: Check if we have an open file descriptor
lib:util: Fix string check in mkdir_p()
s4:torture: Use strlcpy() in gen_name()
s3:lib: Use memcpy() in escape_ldap_string()
s3:passdb: Fix size of ascii_p16
s3:winbind: Fix uninitialzed variable warning
lib:util: Fix parameter aliasing in tfork test
lib:util: Fix size types in debug.c
s4:ntvfs: Fix string copy of share_name
lib: Fix array size in audit_logging
s3:utils: Remove double error check
Andrew Bartlett (88):
ldb: Fix missing NULL terminator in ldb_mod_op_test testsuite
samba-tool domain classicupgrade: Do not mix python-samdb transactions
and passdb modifications
ldb: Ignore these tests in mdb test mode
ldb: Allow GUID index mode to be tested on TDB
ldb_tdb: A more robust check for if we can fit the index string in
provision: Set @INDEXLIST first when building dummy sam.ldb
samba-tool: Escape username and computername in ldb search filter
samba-tool: Use same method for removing trailing $ as elsewhere in the
tool
s3-lib: Remove support for libexc for IRIX backtraces
lib/util: Log PANIC before calling pacic action just like s3
lib/util: Move log_stack_trace() to common code
lib/util: Call log_s
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via e9b638c autobuild: cover the Gentoo case with python disabled all
down the stack
via 95c117f Make ldb configuration --disable-python work as intended
via 4c354cd torture: Give extra information on WINBINDD_SHOW_SEQUENCE
failure
from a9084dc s3:utils: Remove double error check
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit e9b638c43f006bd48158f21fc9b598c61d615499
Author: Andrew Bartlett
Date: Thu May 10 09:09:56 2018 +1200
autobuild: cover the Gentoo case with python disabled all down the stack
Signed-off-by: Andrew Bartlett
Reviewed-by: Stefan Metzmacher
Autobuild-User(master): Stefan Metzmacher
Autobuild-Date(master): Fri May 25 13:07:47 CEST 2018 on sn-devel-144
commit 95c117ff1114122aad367adab6c738b835a7c3d3
Author: Timur I. Bakeyev
Date: Fri May 18 10:10:50 2018 +0800
Make ldb configuration --disable-python work as intended
Signed-off-by: Timur I. Bakeyev
Reviewed-by: Andrew Bartlett
Reviewed-by: Stefan Metzmacher
commit 4c354cd551715e98b9d016be6f1c6bc02a931192
Author: Andrew Bartlett
Date: Thu May 24 13:49:11 2018 +1200
torture: Give extra information on WINBINDD_SHOW_SEQUENCE failure
Signed-off-by: Andrew Bartlett
Reviewed-by: Stefan Metzmacher
---
Summary of changes:
lib/ldb/wscript| 13 ++---
script/autobuild.py| 32
source4/torture/winbind/struct_based.c | 22 +-
3 files changed, 55 insertions(+), 12 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/ldb/wscript b/lib/ldb/wscript
index dfca1bc..412bd4f 100644
--- a/lib/ldb/wscript
+++ b/lib/ldb/wscript
@@ -201,9 +201,15 @@ def build(bld):
bld.RECURSE('lib/tdb')
if bld.env.standalone_ldb:
+if not 'PACKAGE_VERSION' in bld.env:
+bld.env.PACKAGE_VERSION = VERSION
+bld.env.PKGCONFIGDIR = '${LIBDIR}/pkgconfig'
private_library = False
else:
private_library = True
+# we're not currently linking against the ldap libs, but ldb.pc.in
+# has @LDAP_LIBS@
+bld.env.LDAP_LIBS = ''
LDB_MAP_SRC = bld.SUBDIR('ldb_map',
'ldb_map.c ldb_map_inbound.c ldb_map_outbound.c')
@@ -224,13 +230,6 @@ def build(bld):
if bld.PYTHON_BUILD_IS_ENABLED():
if not bld.CONFIG_SET('USING_SYSTEM_PYLDB_UTIL'):
for env in bld.gen_python_environments(['PKGCONFIGDIR']):
-# we're not currently linking against the ldap libs, but
ldb.pc.in
-# has @LDAP_LIBS@
-bld.env.LDAP_LIBS = ''
-
-if not 'PACKAGE_VERSION' in bld.env:
-bld.env.PACKAGE_VERSION = VERSION
-bld.env.PKGCONFIGDIR = '${LIBDIR}/pkgconfig'
name = bld.pyembed_libname('pyldb-util')
bld.SAMBA_LIBRARY(name,
diff --git a/script/autobuild.py b/script/autobuild.py
index 2d71b5e..429d644 100755
--- a/script/autobuild.py
+++ b/script/autobuild.py
@@ -80,9 +80,10 @@ samba_configure_params = " --picky-developer ${PREFIX}
${EXTRA_PYTHON} --with-pr
samba_libs_envvars = "PYTHONPATH=${PYTHON_PREFIX}/site-packages:$PYTHONPATH"
samba_libs_envvars += "
PKG_CONFIG_PATH=$PKG_CONFIG_PATH:${PREFIX_DIR}/lib/pkgconfig"
samba_libs_envvars += " ADDITIONAL_CFLAGS='-Wmissing-prototypes'"
-samba_libs_configure_base = samba_libs_envvars + " ./configure --abi-check
--enable-debug --picky-developer -C ${PREFIX} ${EXTRA_PYTHON}"
-samba_libs_configure_libs = samba_libs_configure_base + "
--bundled-libraries=cmocka,NONE"
-samba_libs_configure_samba = samba_libs_configure_base + "
--bundled-libraries=!talloc,!pytalloc-util,!tdb,!pytdb,!ldb,!pyldb,!pyldb-util,!tevent,!pytevent"
+samba_libs_configure_base = samba_libs_envvars + " ./configure --abi-check
--enable-debug --picky-developer -C ${PREFIX}"
+samba_libs_configure_libs = samba_libs_configure_base + "
--bundled-libraries=cmocka,NONE ${EXTRA_PYTHON}"
+samba_libs_configure_bundled_libs = "
--bundled-libraries=!talloc,!pytalloc-util,!tdb,!pytdb,!ldb,!pyldb,!pyldb-util,!tevent,!pytevent"
+samba_libs_configure_samba = samba_libs_configure_base +
samba_libs_configure_bundled_libs + " ${EXTRA_PYTHON}"
if os.environ.get("AUTOBUILD_NO_EXTRA_PYTHON", "0") == "1":
extra_python = ""
@@ -274,7 +275,30 @@ tasks = {
("make", "make -j", "text/plain"),
[Bug 1717790] Re: libibverbs should come from the rdma-core source package
This seems to be fixed in bionic ** Changed in: libibverbs (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1717790 Title: libibverbs should come from the rdma-core source package To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libibverbs/+bug/1717790/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[SCM] Samba Shared Repository - annotated tag ldb-1.3.3 created
The annotated tag, ldb-1.3.3 has been created at f5897ce28b4dacf9414467cc352690d47863f715 (tag) tagging bf0a6646108bd447c05f099a7f345cf2a3bda070 (commit) replaces samba-4.8.1 tagged by Stefan Metzmacher on Wed May 2 21:38:55 2018 +0200 - Log - ldb: tag release ldb-1.3.3 -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAABAgAGBQJa6hPPAAoJEEeTkWETCEAlYbEH+wcYUTlF9AZSd5VLa/mndkwX v7BoxBsT/FNu4GucvBUpsvLHUIIwM6kTIlmIWN6EOAi6B/SEx+hRiiyBYu16QSXC zKAbZRospDbCngydIfLJ7UZIDzlXxjFEjvCNceB1UvTuEFSpWoC9rhwofYBviwJj sCeTb4nvHlHtDwkUDJF3xzBqTh93RH7ISMk2gz7E9HBIrUbTuzed84YFgflNLq06 L4iP80FDS+Xz3H3VT53bwDAVZfiLVSpuDlCJZPAELgJ3/WkGjtfqzGu5bkiQ68Cu lVTtcJUBrfj00HiRUpv7sCy3ZvUXNGgRLVOcUAx7hR8bPvpsR5ioxe2JdMiCIk4= =ZFOX -END PGP SIGNATURE- Andrew Bartlett (3): ldb_tdb: Ensure we can not commit an index that is corrupt due to partial re-index ldb: Add test to show a reindex failure must not leave the DB corrupt ldb: Release ldb 1.3.3 Gary Lockyer (3): ldb_tdb: Do not fail in GUID index mode if there is a duplicate attribute ldb_tdb: Add tests for truncated index keys lib ldb tests: Prepare to run api and index test on tdb and lmdb Karolin Seeger (1): VERSION: Bump version up to 4.8.2... --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-8-test updated
The branch, v4-8-test has been updated
via 13f23ec nsswitch: fix memory leak in winbind_open_pipe_sock() when
the privileged pipe is not accessable.
via bf0a664 ldb: Release ldb 1.3.3
via 21e10ff ldb: Add test to show a reindex failure must not leave the
DB corrupt
via 89ce0d9 lib ldb tests: Prepare to run api and index test on tdb and
lmdb
via 7f70fcd ldb_tdb: Ensure we can not commit an index that is corrupt
due to partial re-index
via 3f15f1c ldb_tdb: Add tests for truncated index keys
via b1ac094 ldb_tdb: Do not fail in GUID index mode if there is a
duplicate attribute
from f1bf8d7 VERSION: Bump version up to 4.8.2...
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-test
- Log -
commit 13f23ec11ef3c932b0cb2000613dfbc6dd14554b
Author: Stefan Metzmacher
Date: Tue Apr 24 10:59:05 2018 +0200
nsswitch: fix memory leak in winbind_open_pipe_sock() when the privileged
pipe is not accessable.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13400
Signed-off-by: Stefan Metzmacher
Reviewed-by: Volker Lendecke
(cherry picked from commit ffe970007bf934955f72ec2d73bf8f94a2b796eb)
Autobuild-User(v4-8-test): Stefan Metzmacher
Autobuild-Date(v4-8-test): Wed May 2 18:56:45 CEST 2018 on sn-devel-144
commit bf0a6646108bd447c05f099a7f345cf2a3bda070
Author: Andrew Bartlett
Date: Mon Apr 30 11:15:55 2018 +1200
ldb: Release ldb 1.3.3
* Fix failure to upgrade to the GUID index DB format
* Add tests for GUID index behaviour
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13306
Signed-off-by: Andrew Bartlett
Reviewed-by: Stefan Metzmacher
commit 21e10ff3d46814c170ed9b35e341f3c6a72406ef
Author: Andrew Bartlett
Date: Mon Mar 26 16:07:45 2018 +1300
ldb: Add test to show a reindex failure must not leave the DB corrupt
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13335
Signed-off-by: Andrew Bartlett
Reviewed-by: Gary Lockyer
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Thu Apr 5 07:53:10 CEST 2018 on sn-devel-144
(cherry picked from commit 653a0a1ba932fc0cc567253f3e153b2928505ba2)
commit 89ce0d90f70140b28a3cf6fa15e4fc6e803b5495
Author: Gary Lockyer
Date: Tue Mar 6 09:13:31 2018 +1300
lib ldb tests: Prepare to run api and index test on tdb and lmdb
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13335
Signed-off-by: Gary Lockyer
Reviewed-by: Andrew Bartlett
(cherry picked from commit 06d9566ef7005588de18c5a1d07a5b9cd179d17b)
commit 7f70fcd8baa82ae13ce1a29fc493643bbe29c6b7
Author: Andrew Bartlett
Date: Mon Mar 26 16:01:13 2018 +1300
ldb_tdb: Ensure we can not commit an index that is corrupt due to partial
re-index
The re-index traverse can abort part-way though and we need to ensure
that the transaction is never committed as that will leave an un-useable db.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13335
Signed-off-by: Andrew Bartlett
Reviewed-by: Gary Lockyer
(cherry picked from commit e481e4f30f4dc540f6f129b4f2faea48ee195673)
commit 3f15f1c63b994066e4ea9bc5e407c1d182511918
Author: Gary Lockyer
Date: Wed Feb 21 15:12:40 2018 +1300
ldb_tdb: Add tests for truncated index keys
Tests for the index truncation code as well as the GUID index
format in general.
Covers truncation of both the DN and equality search keys.
Signed-off-by: Gary Lockyer
Reviewed-by: Douglas Bagnall
Reviewed-by: Andrew Bartlett
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Sat Mar 3 09:58:40 CET 2018 on sn-devel-144
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13335
(cherry picked into 4.8 and cut down to operate without truncated
index values from master commit 4c0c888b571d4c21ab267024178353925a8c087c
by Andrew Bartlett)
commit b1ac0944146705ed13a89b0d0ac1b4656641c170
Author: Gary Lockyer
Date: Wed Feb 28 11:47:22 2018 +1300
ldb_tdb: Do not fail in GUID index mode if there is a duplicate attribute
It is not the job of the index code to enforce this, but do give a
a warning given it has been detected.
However, now that we do allow it, we must never return the same
object twice to the caller, so filter for it in ltdb_index_filter().
The GUID list is sorted, which makes this cheap to handle, thankfully.
Signed-off-by: Gary Lockyer
Reviewed-by: Douglas Bagnall
Reviewed-by: Andrew Bartlett
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13335
(cherry picked from commit 5c1504b94d1417894176811f18c5d450de22cfd2)
---
Summary of changes:
lib/ldb/ABI/{ldb-1.3.2.sigs => ldb-1.3.3.sigs} |0
...b-util.
[SCM] Samba Shared Repository - branch v4-7-test updated
The branch, v4-7-test has been updated
via d6ac540 nsswitch: fix memory leak in winbind_open_pipe_sock() when
the privileged pipe is not accessable.
from 825aea7 s4:rpc_server: fix call_id truncation in
dcesrv_find_fragmented_call()
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test
- Log -
commit d6ac5408f7c4d2fc0bb648a302bc012b725bec41
Author: Stefan Metzmacher
Date: Tue Apr 24 10:59:05 2018 +0200
nsswitch: fix memory leak in winbind_open_pipe_sock() when the privileged
pipe is not accessable.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13400
Signed-off-by: Stefan Metzmacher
Reviewed-by: Volker Lendecke
(cherry picked from commit ffe970007bf934955f72ec2d73bf8f94a2b796eb)
Autobuild-User(v4-7-test): Stefan Metzmacher
Autobuild-Date(v4-7-test): Wed May 2 15:36:48 CEST 2018 on sn-devel-144
---
Summary of changes:
nsswitch/wb_common.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/nsswitch/wb_common.c b/nsswitch/wb_common.c
index 262181a..336092b 100644
--- a/nsswitch/wb_common.c
+++ b/nsswitch/wb_common.c
@@ -420,14 +420,14 @@ static int winbind_open_pipe_sock(struct winbindd_context
*ctx,
ctx->winbindd_fd = fd;
ctx->is_privileged = 1;
}
+
+ SAFE_FREE(response.extra_data.data);
}
if ((need_priv != 0) && (ctx->is_privileged == 0)) {
return -1;
}
- SAFE_FREE(response.extra_data.data);
-
return ctx->winbindd_fd;
#else
return -1;
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 8e5cc97 s3:messages: improve tevent_create_immediate recycling
via dfb712a s3:messages: check tevent_fd_get_flags() == 0 before using
stale event context pointer
via fdcc162 s3:messages: check reg->refcount == 0 before accessing
other elements
from 0b04258 winbind: Remove an unused struct declaration
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 8e5cc9732bb99df912bfd0fa09f7c14068f09874
Author: Ralph Boehme
Date: Tue Mar 27 16:04:58 2018 +0200
s3:messages: improve tevent_create_immediate recycling
We should create the immediate event at the beginning
were we have a chance to return an error, rather than
ignoring a failure later.
As a side effect this also reuses the immediate event
after the refcount went to 0 and up again.
Pair-Programmed-With: Stefan Metzmacher
Signed-off-by: Ralph Boehme
Signed-off-by: Stefan Metzmacher
Reviewed-by: Volker Lendecke
Autobuild-User(master): Stefan Metzmacher
Autobuild-Date(master): Tue Apr 24 14:30:20 CEST 2018 on sn-devel-144
commit dfb712a03c2bd36641506ae9cfce1a0820e1a329
Author: Ralph Boehme
Date: Tue Mar 27 15:27:32 2018 +0200
s3:messages: check tevent_fd_get_flags() == 0 before using stale event
context pointer
If the event context got deleted, tevent_fd_get_flags() will return 0
for the stale fde. In that case we should not use fde_ev->ev anymore.
Pair-Programmed-With: Stefan Metzmacher
Signed-off-by: Ralph Boehme
Signed-off-by: Stefan Metzmacher
Reviewed-by: Volker Lendecke
commit fdcc1622082eaea3fc03c0346a56afbbff88e6d1
Author: Ralph Boehme
Date: Tue Mar 27 16:05:30 2018 +0200
s3:messages: check reg->refcount == 0 before accessing other elements
Pair-Programmed-With: Stefan Metzmacher
Signed-off-by: Ralph Boehme
Signed-off-by: Stefan Metzmacher
Reviewed-by: Volker Lendecke
---
Summary of changes:
source3/lib/messages.c | 63 +
source3/lib/messages_ctdb.c | 14 --
source3/lib/messages_dgm.c | 14 --
3 files changed, 70 insertions(+), 21 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/lib/messages.c b/source3/lib/messages.c
index 5a31f34..82a1778 100644
--- a/source3/lib/messages.c
+++ b/source3/lib/messages.c
@@ -192,19 +192,34 @@ static bool messaging_register_event_context(struct
messaging_context *ctx,
for (i=0; ievent_contexts[i];
- if (reg->ev == ev) {
- reg->refcount += 1;
- return true;
- }
if (reg->refcount == 0) {
if (reg->ev != NULL) {
abort();
}
free_reg = reg;
+ /*
+* We continue here and may find another
+* free_req, but the important thing is
+* that we continue to search for an
+* existing registration in the loop.
+*/
+ continue;
+ }
+
+ if (reg->ev == ev) {
+ reg->refcount += 1;
+ return true;
}
}
if (free_reg == NULL) {
+ struct tevent_immediate *im = NULL;
+
+ im = tevent_create_immediate(ctx);
+ if (im == NULL) {
+ return false;
+ }
+
tmp = talloc_realloc(ctx, ctx->event_contexts,
struct messaging_registered_ev,
num_event_contexts+1);
@@ -214,9 +229,14 @@ static bool messaging_register_event_context(struct
messaging_context *ctx,
ctx->event_contexts = tmp;
free_reg = &ctx->event_contexts[num_event_contexts];
+ free_reg->im = talloc_move(ctx->event_contexts, &im);
}
- *free_reg = (struct messaging_registered_ev) { .ev = ev, .refcount = 1
};
+ /*
+* free_reg->im might be cached
+*/
+ free_reg->ev = ev;
+ free_reg->refcount = 1;
return true;
}
@@ -231,14 +251,25 @@ static bool messaging_deregister_event_context(struct
messaging_context *ctx,
for (i=0; ievent_contexts[i];
+ if (reg->refcount == 0) {
+ continue;
+ }
+
if (reg->ev == ev) {
- if (reg->refcount == 0) {
- return false;
- }
[Bug 1761737] Re: [bionic] samba PANIC, INTERNAL ERROR: Signal 11
Can someone try what happens with https://attachments.samba.org/attachment.cgi?id=14155 together with "kerberos method = secrets and keytab"? I'd guess it should behave like "system keytab" or "dedicated keytab", but it would be good to have this verified. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1761737 Title: [bionic] samba PANIC, INTERNAL ERROR: Signal 11 To manage notifications about this bug go to: https://bugs.launchpad.net/samba/+bug/1761737/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1761737] Re: [bionic] samba PANIC, INTERNAL ERROR: Signal 11
I just noticed https://bugzilla.samba.org/show_bug.cgi?id=13376 and closed https://bugzilla.samba.org/show_bug.cgi?id=13393 again... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1761737 Title: [bionic] samba PANIC, INTERNAL ERROR: Signal 11 To manage notifications about this bug go to: https://bugs.launchpad.net/samba/+bug/1761737/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1761737] Re: [bionic] samba PANIC, INTERNAL ERROR: Signal 11
This is https://bugzilla.samba.org/show_bug.cgi?id=13393 Does changing 'secrets and keytab' to 'keytab' help? ** Bug watch added: Samba Bugzilla #13393 https://bugzilla.samba.org/show_bug.cgi?id=13393 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1761737 Title: [bionic] samba PANIC, INTERNAL ERROR: Signal 11 To manage notifications about this bug go to: https://bugs.launchpad.net/samba/+bug/1761737/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[SCM] Samba Shared Repository - branch v4-7-test updated
The branch, v4-7-test has been updated
via 5a2066f torture: Test compound request request counters
via bb15458 s3:smb2_server: correctly maintain request counters for
compound requests
from 686b2ba winbindd: Do not ignore domain in the LOOKUPNAME request
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test
- Log -
commit 5a2066f5ca52d8f1421139f27112183952070a05
Author: Volker Lendecke
Date: Wed Apr 11 15:11:10 2018 +0200
torture: Test compound request request counters
This will send an unfixed smbd into the
SMB_ASSERT(op->request_count > 0);
in smbd_smb2_request_reply_update_counts
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13215
Signed-off-by: Volker Lendecke
Reviewed-by: Stefan Metzmacher
Autobuild-User(master): Volker Lendecke
Autobuild-Date(master): Thu Apr 12 14:38:39 CEST 2018 on sn-devel-144
(cherry picked from commit 40edd1bc273f664d5567ef5be169033899acee1f)
Autobuild-User(v4-7-test): Stefan Metzmacher
Autobuild-Date(v4-7-test): Fri Apr 13 22:48:05 CEST 2018 on sn-devel-144
commit bb15458485e48ce173e54186f1b54aef2e852544
Author: Stefan Metzmacher
Date: Wed Apr 11 12:14:59 2018 +0200
s3:smb2_server: correctly maintain request counters for compound requests
If a session expires during a compound request chain,
we exit smbd_smb2_request_dispatch() with
'return smbd_smb2_request_error(req, ...)' before
calling smbd_smb2_request_dispatch_update_counts().
As req->request_counters_updated was only reset
within smbd_smb2_request_dispatch_update_counts(),
smbd_smb2_request_reply_update_counts() was called
twice on the same request, which triggers
SMB_ASSERT(op->request_count > 0);
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13215
Signed-off-by: Stefan Metzmacher
Reviewed-by: Volker Lendecke
(cherry picked from commit 87e25cd1e45bfe57292b62ffc44ddafc01c61ca0)
---
Summary of changes:
source3/smbd/smb2_server.c | 6 +++-
source4/torture/smb2/compound.c | 77 +
2 files changed, 82 insertions(+), 1 deletion(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index ee03a8e..177e5ff 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -2180,7 +2180,7 @@ static NTSTATUS smbd_smb2_request_dispatch_update_counts(
bool update_open = false;
NTSTATUS status = NT_STATUS_OK;
- req->request_counters_updated = false;
+ SMB_ASSERT(!req->request_counters_updated);
if (xconn->protocol < PROTOCOL_SMB2_22) {
return NT_STATUS_OK;
@@ -2315,6 +2315,8 @@ NTSTATUS smbd_smb2_request_dispatch(struct
smbd_smb2_request *req)
DO_PROFILE_INC(request);
+ SMB_ASSERT(!req->request_counters_updated);
+
/* TODO: verify more things */
flags = IVAL(inhdr, SMB2_HDR_FLAGS);
@@ -2755,6 +2757,8 @@ static void smbd_smb2_request_reply_update_counts(struct
smbd_smb2_request *req)
return;
}
+ req->request_counters_updated = false;
+
if (xconn->protocol < PROTOCOL_SMB2_22) {
return;
}
diff --git a/source4/torture/smb2/compound.c b/source4/torture/smb2/compound.c
index c592308..d2d4d7e 100644
--- a/source4/torture/smb2/compound.c
+++ b/source4/torture/smb2/compound.c
@@ -1030,6 +1030,81 @@ done:
return ret;
}
+static bool test_compound_invalid4(struct torture_context *tctx,
+ struct smb2_tree *tree)
+{
+ struct smb2_create cr;
+ struct smb2_read rd;
+ NTSTATUS status;
+ const char *fname = "compound_invalid4.dat";
+ struct smb2_close cl;
+ bool ret = true;
+ bool ok;
+ struct smb2_request *req[2];
+
+ smb2_transport_credits_ask_num(tree->session->transport, 2);
+
+ smb2_util_unlink(tree, fname);
+
+ ZERO_STRUCT(cr);
+ cr.in.security_flags = 0x00;
+ cr.in.oplock_level= 0;
+ cr.in.impersonation_level = NTCREATEX_IMPERSONATION_IMPERSONATION;
+ cr.in.create_flags= 0x;
+ cr.in.reserved= 0x;
+ cr.in.desired_access = SEC_RIGHTS_FILE_ALL;
+ cr.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+ cr.in.share_access= NTCREATEX_SHARE_ACCESS_READ |
+ NTCREATEX_SHARE_ACCESS_WRITE |
+ NTCREATEX_SHARE_ACCESS_DELETE;
+ cr.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+ cr.in.create_options = NTCREATEX_OPTIONS_SEQUENTIAL_ONLY |
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via b8f7167 libdgram: Fix an error path memleak
via 8b770e6 libnbt: Align data types
via 5fea3e3 libnbt: Add an explicit "mem_ctx" to name_request_send
from ce63db2 traffic_relay: bulk port print to modern py3 style
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit b8f71674742a45c296b6ef6a69be3870c4ddf61c
Author: Volker Lendecke
Date: Sun Feb 25 13:00:39 2018 +0100
libdgram: Fix an error path memleak
Signed-off-by: Volker Lendecke
Reviewed-by: Stefan Metzmacher
Autobuild-User(master): Stefan Metzmacher
Autobuild-Date(master): Fri Apr 13 21:04:28 CEST 2018 on sn-devel-144
commit 8b770e646aa28e6ef36647f42b97a8330203bbd0
Author: Volker Lendecke
Date: Thu Apr 12 20:40:32 2018 +0200
libnbt: Align data types
ARRAY_SIZE returns size_t
Signed-off-by: Volker Lendecke
Reviewed-by: Stefan Metzmacher
commit 5fea3e3f23cf75e111b9043ddad8a93aad6c06bf
Author: Volker Lendecke
Date: Sun Feb 4 12:16:14 2018 +
libnbt: Add an explicit "mem_ctx" to name_request_send
Implicitly hanging requests off nbtsock is too inflexible for future use
Signed-off-by: Volker Lendecke
Reviewed-by: Stefan Metzmacher
---
Summary of changes:
libcli/nbt/namequery.c | 4 ++--
libcli/nbt/namerefresh.c| 2 +-
libcli/nbt/nameregister.c | 2 +-
libcli/nbt/namerelease.c| 2 +-
libcli/nbt/nbt_proto.h | 3 ++-
libcli/nbt/nbtsocket.c | 7 ---
source4/libcli/dgram/mailslot.c | 1 +
7 files changed, 12 insertions(+), 9 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/nbt/namequery.c b/libcli/nbt/namequery.c
index e344235..49ab10c 100644
--- a/libcli/nbt/namequery.c
+++ b/libcli/nbt/namequery.c
@@ -56,7 +56,7 @@ _PUBLIC_ struct nbt_name_request *nbt_name_query_send(struct
nbt_name_socket *nb
dest = socket_address_from_strings(packet, nbtsock->sock->backend_name,
io->in.dest_addr, io->in.dest_port);
if (dest == NULL) goto failed;
- req = nbt_name_request_send(nbtsock, dest, packet,
+ req = nbt_name_request_send(nbtsock, nbtsock, dest, packet,
io->in.timeout, io->in.retries, false);
if (req == NULL) goto failed;
@@ -160,7 +160,7 @@ _PUBLIC_ struct nbt_name_request
*nbt_name_status_send(struct nbt_name_socket *n
dest = socket_address_from_strings(packet, nbtsock->sock->backend_name,
io->in.dest_addr, io->in.dest_port);
if (dest == NULL) goto failed;
- req = nbt_name_request_send(nbtsock, dest, packet,
+ req = nbt_name_request_send(nbtsock, nbtsock, dest, packet,
io->in.timeout, io->in.retries, false);
if (req == NULL) goto failed;
diff --git a/libcli/nbt/namerefresh.c b/libcli/nbt/namerefresh.c
index b525356..b3aef76 100644
--- a/libcli/nbt/namerefresh.c
+++ b/libcli/nbt/namerefresh.c
@@ -72,7 +72,7 @@ struct nbt_name_request *nbt_name_refresh_send(struct
nbt_name_socket *nbtsock,
nbtsock->sock->backend_name,
io->in.dest_addr, io->in.dest_port);
if (dest == NULL) goto failed;
- req = nbt_name_request_send(nbtsock, dest, packet,
+ req = nbt_name_request_send(nbtsock, nbtsock, dest, packet,
io->in.timeout, io->in.retries, false);
if (req == NULL) goto failed;
diff --git a/libcli/nbt/nameregister.c b/libcli/nbt/nameregister.c
index ff5418c..8e8271d 100644
--- a/libcli/nbt/nameregister.c
+++ b/libcli/nbt/nameregister.c
@@ -80,7 +80,7 @@ struct nbt_name_request *nbt_name_register_send(struct
nbt_name_socket *nbtsock,
dest = socket_address_from_strings(packet, nbtsock->sock->backend_name,
io->in.dest_addr, io->in.dest_port);
if (dest == NULL) goto failed;
- req = nbt_name_request_send(nbtsock, dest, packet,
+ req = nbt_name_request_send(nbtsock, nbtsock, dest, packet,
io->in.timeout, io->in.retries, false);
if (req == NULL) goto failed;
diff --git a/libcli/nbt/namerelease.c b/libcli/nbt/namerelease.c
index 8f46981..68c8252 100644
--- a/libcli/nbt/namerelease.c
+++ b/libcli/nbt/namerelease.c
@@ -69,7 +69,7 @@ _PUBLIC_ struct nbt_name_request
*nbt_name_release_send(struct nbt_name_socket *
dest = socket_address_from_strings(packet, nbtsock->sock->backend_name,
io->in.dest_addr, io->in.dest_port);
[SCM] Samba Shared Repository - branch v4-8-test updated
The branch, v4-8-test has been updated
via 7e01028 torture: Test compound request request counters
via de39857 s3:smb2_server: correctly maintain request counters for
compound requests
from bb5526d winbindd: Do not ignore domain in the LOOKUPNAME request
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-test
- Log -
commit 7e010280ade0834638c58ca7c60ed2f0ff78c112
Author: Volker Lendecke
Date: Wed Apr 11 15:11:10 2018 +0200
torture: Test compound request request counters
This will send an unfixed smbd into the
SMB_ASSERT(op->request_count > 0);
in smbd_smb2_request_reply_update_counts
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13215
Signed-off-by: Volker Lendecke
Reviewed-by: Stefan Metzmacher
Autobuild-User(master): Volker Lendecke
Autobuild-Date(master): Thu Apr 12 14:38:39 CEST 2018 on sn-devel-144
(cherry picked from commit 40edd1bc273f664d5567ef5be169033899acee1f)
Autobuild-User(v4-8-test): Stefan Metzmacher
Autobuild-Date(v4-8-test): Thu Apr 12 22:55:22 CEST 2018 on sn-devel-144
commit de398573fe753a347cba35666fcf84b30a3307f7
Author: Stefan Metzmacher
Date: Wed Apr 11 12:14:59 2018 +0200
s3:smb2_server: correctly maintain request counters for compound requests
If a session expires during a compound request chain,
we exit smbd_smb2_request_dispatch() with
'return smbd_smb2_request_error(req, ...)' before
calling smbd_smb2_request_dispatch_update_counts().
As req->request_counters_updated was only reset
within smbd_smb2_request_dispatch_update_counts(),
smbd_smb2_request_reply_update_counts() was called
twice on the same request, which triggers
SMB_ASSERT(op->request_count > 0);
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13215
Signed-off-by: Stefan Metzmacher
Reviewed-by: Volker Lendecke
(cherry picked from commit 87e25cd1e45bfe57292b62ffc44ddafc01c61ca0)
---
Summary of changes:
source3/smbd/smb2_server.c | 6 +++-
source4/torture/smb2/compound.c | 77 +
2 files changed, 82 insertions(+), 1 deletion(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index ee03a8e..177e5ff 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -2180,7 +2180,7 @@ static NTSTATUS smbd_smb2_request_dispatch_update_counts(
bool update_open = false;
NTSTATUS status = NT_STATUS_OK;
- req->request_counters_updated = false;
+ SMB_ASSERT(!req->request_counters_updated);
if (xconn->protocol < PROTOCOL_SMB2_22) {
return NT_STATUS_OK;
@@ -2315,6 +2315,8 @@ NTSTATUS smbd_smb2_request_dispatch(struct
smbd_smb2_request *req)
DO_PROFILE_INC(request);
+ SMB_ASSERT(!req->request_counters_updated);
+
/* TODO: verify more things */
flags = IVAL(inhdr, SMB2_HDR_FLAGS);
@@ -2755,6 +2757,8 @@ static void smbd_smb2_request_reply_update_counts(struct
smbd_smb2_request *req)
return;
}
+ req->request_counters_updated = false;
+
if (xconn->protocol < PROTOCOL_SMB2_22) {
return;
}
diff --git a/source4/torture/smb2/compound.c b/source4/torture/smb2/compound.c
index c592308..d2d4d7e 100644
--- a/source4/torture/smb2/compound.c
+++ b/source4/torture/smb2/compound.c
@@ -1030,6 +1030,81 @@ done:
return ret;
}
+static bool test_compound_invalid4(struct torture_context *tctx,
+ struct smb2_tree *tree)
+{
+ struct smb2_create cr;
+ struct smb2_read rd;
+ NTSTATUS status;
+ const char *fname = "compound_invalid4.dat";
+ struct smb2_close cl;
+ bool ret = true;
+ bool ok;
+ struct smb2_request *req[2];
+
+ smb2_transport_credits_ask_num(tree->session->transport, 2);
+
+ smb2_util_unlink(tree, fname);
+
+ ZERO_STRUCT(cr);
+ cr.in.security_flags = 0x00;
+ cr.in.oplock_level= 0;
+ cr.in.impersonation_level = NTCREATEX_IMPERSONATION_IMPERSONATION;
+ cr.in.create_flags= 0x;
+ cr.in.reserved= 0x;
+ cr.in.desired_access = SEC_RIGHTS_FILE_ALL;
+ cr.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+ cr.in.share_access= NTCREATEX_SHARE_ACCESS_READ |
+ NTCREATEX_SHARE_ACCESS_WRITE |
+ NTCREATEX_SHARE_ACCESS_DELETE;
+ cr.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+ cr.in.create_options = NTCREATEX_OPTIONS_SEQUENTIAL_ONLY |
[SCM] Samba Shared Repository - branch v4-6-test updated
The branch, v4-6-test has been updated
via c90accf torture: Test compound request request counters
via fb602bd s3:smb2_server: correctly maintain request counters for
compound requests
from e1c58ec s3: smbd: Unix extensions attempts to change wrong field in
fchown call.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-6-test
- Log -
commit c90accf0275d17fb237ea01e7477d741ed8123bd
Author: Volker Lendecke
Date: Wed Apr 11 15:11:10 2018 +0200
torture: Test compound request request counters
This will send an unfixed smbd into the
SMB_ASSERT(op->request_count > 0);
in smbd_smb2_request_reply_update_counts
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13215
Signed-off-by: Volker Lendecke
Reviewed-by: Stefan Metzmacher
Autobuild-User(master): Volker Lendecke
Autobuild-Date(master): Thu Apr 12 14:38:39 CEST 2018 on sn-devel-144
(cherry picked from commit 40edd1bc273f664d5567ef5be169033899acee1f)
Autobuild-User(v4-6-test): Stefan Metzmacher
Autobuild-Date(v4-6-test): Thu Apr 12 21:56:31 CEST 2018 on sn-devel-144
commit fb602bddc4f968310b958f5fd06eb8857a39
Author: Stefan Metzmacher
Date: Wed Apr 11 12:14:59 2018 +0200
s3:smb2_server: correctly maintain request counters for compound requests
If a session expires during a compound request chain,
we exit smbd_smb2_request_dispatch() with
'return smbd_smb2_request_error(req, ...)' before
calling smbd_smb2_request_dispatch_update_counts().
As req->request_counters_updated was only reset
within smbd_smb2_request_dispatch_update_counts(),
smbd_smb2_request_reply_update_counts() was called
twice on the same request, which triggers
SMB_ASSERT(op->request_count > 0);
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13215
Signed-off-by: Stefan Metzmacher
Reviewed-by: Volker Lendecke
(cherry picked from commit 87e25cd1e45bfe57292b62ffc44ddafc01c61ca0)
---
Summary of changes:
source3/smbd/smb2_server.c | 6 +++-
source4/torture/smb2/compound.c | 77 +
2 files changed, 82 insertions(+), 1 deletion(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index 573f5f6..23eb4b6 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -2148,7 +2148,7 @@ static NTSTATUS smbd_smb2_request_dispatch_update_counts(
bool update_open = false;
NTSTATUS status = NT_STATUS_OK;
- req->request_counters_updated = false;
+ SMB_ASSERT(!req->request_counters_updated);
if (xconn->protocol < PROTOCOL_SMB2_22) {
return NT_STATUS_OK;
@@ -2283,6 +2283,8 @@ NTSTATUS smbd_smb2_request_dispatch(struct
smbd_smb2_request *req)
DO_PROFILE_INC(request);
+ SMB_ASSERT(!req->request_counters_updated);
+
/* TODO: verify more things */
flags = IVAL(inhdr, SMB2_HDR_FLAGS);
@@ -2722,6 +2724,8 @@ static void smbd_smb2_request_reply_update_counts(struct
smbd_smb2_request *req)
return;
}
+ req->request_counters_updated = false;
+
if (xconn->protocol < PROTOCOL_SMB2_22) {
return;
}
diff --git a/source4/torture/smb2/compound.c b/source4/torture/smb2/compound.c
index 1856054..da95479 100644
--- a/source4/torture/smb2/compound.c
+++ b/source4/torture/smb2/compound.c
@@ -1030,6 +1030,81 @@ done:
return ret;
}
+static bool test_compound_invalid4(struct torture_context *tctx,
+ struct smb2_tree *tree)
+{
+ struct smb2_create cr;
+ struct smb2_read rd;
+ NTSTATUS status;
+ const char *fname = "compound_invalid4.dat";
+ struct smb2_close cl;
+ bool ret = true;
+ bool ok;
+ struct smb2_request *req[2];
+
+ smb2_transport_credits_ask_num(tree->session->transport, 2);
+
+ smb2_util_unlink(tree, fname);
+
+ ZERO_STRUCT(cr);
+ cr.in.security_flags = 0x00;
+ cr.in.oplock_level= 0;
+ cr.in.impersonation_level = NTCREATEX_IMPERSONATION_IMPERSONATION;
+ cr.in.create_flags= 0x;
+ cr.in.reserved= 0x;
+ cr.in.desired_access = SEC_RIGHTS_FILE_ALL;
+ cr.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+ cr.in.share_access= NTCREATEX_SHARE_ACCESS_READ |
+ NTCREATEX_SHARE_ACCESS_WRITE |
+ NTCREATEX_SHARE_ACCESS_DELETE;
+ cr.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
+ cr.in.create_options = NTCREATEX_OPTIONS_SEQUENTIAL_ONLY |
[SCM] Samba Shared Repository - annotated tag talloc-2.1.13 created
The annotated tag, talloc-2.1.13 has been created
at c13a723cb67863d57da4ef71cb9d15c6623b7c36 (tag)
tagging d48b62326a5256fabdcbdd97cc71c44527672527 (commit)
replaces talloc-2.1.12
tagged by Stefan Metzmacher
on Thu Apr 5 23:05:08 2018 +0200
- Log -
talloc: tag release talloc-2.1.13
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQEcBAABAgAGBQJaxo+EAAoJEEeTkWETCEAlFbgIAKsUuhlbo+hS9pvf1l1AGaLQ
cnICcGQOOxrFPRVpG89XGU+jvSvlI2dseQL3WOR6+hWk+c2hKvxhPa5QNZCY2NeP
WVLqmUx4gvUM8W1l7y+FRmdOr/FHKAtYgd6oDxZLu6Vt7ccX5WJAlICG6nP94H0u
SIdjB2APoeyYvpNiOlcV50SI/4aJG2cMz+Fgmo+KZeWKYW7Yl3TpOkB7n4VilQrN
wW23x0vCSr0XuhOH6j54HDxiwadpDPVBdNH/nKO/X7/qSmbWQI54zvOWCN4wazMO
nOl5kxnXYzWrdyfeGP3f3uznU5QE2LMy5B8DBZEMArJLAgU+/YJQJ7nQCnhTkgQ=
=zJZ0
-END PGP SIGNATURE-
Amitay Isaacs (15):
ctdb-client: Do not try to allocate 0 sized record
ctdb-client: Add missing initialization of tevent_context
ctdb-tests: Convert database map to a linked list in fake_ctdbd
ctdb-tests: Add dbdir option for creating databases in fake_ctdbd
ctdb-tests: Implement database attach control in fake_ctdbd
ctdb-tests: Add database attach tests
ctdb-tests: Use seqnum from tdb if available in fake_ctdbd
ctdb-tests: Add req_call processing in fake_ctdbd
ctdb-tests: Add volatile database tests
ctdb-tests: Implement transaction control in fake_ctdbd
ctdb-tests: Add persistent database tests
ctdb-tests: Implement traverse control in fake_ctdbd
ctdb-tests: Add database traverse tests
ctdb-tests: Add debug messages for unimplemented functions
ctdb-scripts: Drop "net serverid wipe" from 50.samba event script
Andreas Schneider (25):
s3:printing: Fix size check in get_file_version()
s3:lib: Fix size types in ms_fnmatch()
s3:lib: Fix size types in tldap_find_first_star()
lib:param: Fix the size type in lp_do_parameter_parametric()
s3:lib: Fix probably a copy&paste error in namemap_cache_set_sid2name()
third_party: Update pam_wrapper to version 1.0.6
ldb: Add test for ldb_qsort()
ldb: Fix overflow checks
third_party: Fix size type in cmocka
lib:util: Fix size types in fgets_slash()
s4:registry: Fix size type and loop
s4:client: Fix size types and loop
heimdal: Fix size types and array access
s4:torture: Fix size types in torture_create_procs()
s3:smbd: Fix size types in reply_negprot()
s3:printing: Fix size types
s3:spoolss: Fix size types
s3:client: Fix size types
s3:torture: Fix size types in make_nonstd_fd()
s3:modules: Update getdate.y to work with newer bison versions
s3:modules: Generate new getdate.c with bison
wafsamba: Add missing cflags_end argument to SAMBA_MODULE
replace: Check for -Wno-strict-overflow
s3:modules: Set -Wno-strict-overflow for getdate if supported
wafsamba: Add missing cflags_end argument to SAMBA_BINARY
Andrew Bartlett (35):
autobuild: Move defaulttasks to one-per-line
travis-ci: Only un-shallow for PIDL
travis-ci: Use Gold linker for faster builds
libsmb: Use the same #ifdef for is_our_primary_domain() as the only caller
s3-libnet: move rpc_join label into HAVE_ADS block with only caller
selftest: Align cleanup of tmpkpasswdscript with scripts that use it
selftest: Ensure tmpkpasswdscript is always under $PREFIX
autobuild: Move "none" environment to samba-none-env
winbindd: Add a cache of the samr and lsa handles for the passdb domain
winbindd: Do re-connect if the RPC call fails in the passdb case
winbindd: Use talloc_zero_array for consistency with other
winbindd_domain allocators
gitlab-ci: Create swap space to work around the 2G image
autobuild: Run nt4_dc and nt4_member tests in parallel
travis-ci: Run new samba-nt4 environment
gitlab-ci: Add samba-nt4 environment to the CI
selftest: Do not run smb2.notify against nt4_dc and ad_dc
autobuild: Run all "ad_dc" environment tests in samba-ad-dc
autobuild: Remove fileserver tests from the main build
selftest: Move base.delaywrite tests to fileserver environment
Move smbtorture3 tests to fileserver environment
autobuild: Try and test different configure options for new environments
selftest: Move slower base.deny1 and base.deny2 to fileserver environment
selftest: Move samba.tests.samba_tool{.dnscmd,.sites} to chgdcpass
gitlab-ci: Set shared and private tags to allow builds that need ext4 to
pass
autobuild: Split up the build further with samba-ad-dc-2
gitlab: Run fileserver tests on "private" not "shared"
autobuild: Run all envs that depend on ad_dc in the ad_dc job
selftest: Do not run raw.notify, smb2.oplock and raw.oplock twice
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via d48b623 talloc: version 2.1.13
via 03124c8 talloc: use atexit() again instead of a library destructor
from 707af5b selftest: enable py3 for samba.tests.blackbox.ndrdump
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit d48b62326a5256fabdcbdd97cc71c44527672527
Author: Stefan Metzmacher
Date: Tue Apr 3 13:46:20 2018 +0200
talloc: version 2.1.13
* Use atexit() again instead of a library destructor
(bug #13366)
Signed-off-by: Stefan Metzmacher
Reviewed-by: Andreas Schneider
Autobuild-User(master): Stefan Metzmacher
Autobuild-Date(master): Thu Apr 5 15:53:16 CEST 2018 on sn-devel-144
commit 03124c85f1141f1e57398e526f38798b6f1fa741
Author: Stefan Metzmacher
Date: Tue Apr 3 13:13:01 2018 +0200
talloc: use atexit() again instead of a library destructor
The change for https://bugzilla.samba.org/show_bug.cgi?id=7587
("talloc_autofree_context() in shared libraries and plugins is a bad idea
on FreeBSD")
(ommit 41b6810ba01f44537f470c806adb8686e1a39c48)
causes the following for sssd on Linux:
Stack trace of thread 19667:
#0 0x7f2cab91ff6b __GI_raise (libc.so.6)
#1 0x7f2cab90a5c1 __GI_abort (libc.so.6)
#2 0x7f2cab90a491 __assert_fail_base (libc.so.6)
#3 0x7f2cab9186e2 __GI___assert_fail (libc.so.6)
#4 0x7f2cb10aaca5 k5_mutex_lock (libkrb5.so.3)
#5 0x7f2cb10ab790 k5_mutex_lock (libkrb5.so.3)
#6 0x7f2cb10ab8f5 profile_free_file (libkrb5.so.3)
#7 0x7f2cb10ab983 profile_close_file (libkrb5.so.3)
#8 0x7f2cb10af249 profile_release (libkrb5.so.3)
#9 0x7f2cb10a06c7 k5_os_free_context (libkrb5.so.3)
#10 0x7f2cb1075a9a krb5_free_context (libkrb5.so.3)
#11 0x55cea7cb2dd1 kcm_data_destructor (sssd_kcm)
#12 0x7f2cac153e96 _tc_free_internal (libtalloc.so.2)
#13 0x7f2cac1537b0 _tc_free_internal (libtalloc.so.2)
#14 0x7f2cac1537b0 _tc_free_internal (libtalloc.so.2)
#15 0x7f2cac1537b0 _tc_free_internal (libtalloc.so.2)
#16 0x7f2cac1537b0 _tc_free_internal (libtalloc.so.2)
#17 0x7f2cac14e648 _talloc_free (libtalloc.so.2)
#18 0x7f2cac14c480 talloc_lib_fini (libtalloc.so.2)
#19 0x7f2cb151da96 _dl_fini (ld-linux-x86-64.so.2)
#20 0x7f2cab9226bc __run_exit_handlers (libc.so.6)
#21 0x7f2cab9227ec __GI_exit (libc.so.6)
#22 0x7f2cb030dc61 orderly_shutdown (libsss_util.so)
#23 0x7f2cac365a46 tevent_common_check_signal (libtevent.so.0)
#24 0x7f2cac367975 epoll_event_loop_once (libtevent.so.0)
#25 0x7f2cac365dab std_event_loop_once (libtevent.so.0)
#26 0x7f2cac362098 _tevent_loop_once (libtevent.so.0)
#27 0x7f2cac3622eb tevent_common_loop_wait (libtevent.so.0)
#28 0x7f2cac365d3b std_event_loop_wait (libtevent.so.0)
#29 0x7f2cb030eb37 server_loop (libsss_util.so)
#30 0x55cea7cb29f4 main (sssd_kcm)
#31 0x7f2cab90c1eb __libc_start_main (libc.so.6)
#32 0x55cea7cb2c7a _start (sssd_kcm)
We still only register one atexit handler instead of multiple ones
like in talloc 2.1.11, but avoids using a library destructor.
Bug #7587 seems to be fixed by not using talloc_autofree_context()
within samba.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13366
Signed-off-by: Stefan Metzmacher
Reviewed-by: Andreas Schneider
---
Summary of changes:
.../{pytalloc-util-2.1.9.sigs => pytalloc-util-2.1.13.sigs} | 0
...loc-util.py3-2.1.9.sigs => pytalloc-util.py3-2.1.13.sigs} | 0
lib/talloc/ABI/{talloc-2.1.9.sigs => talloc-2.1.13.sigs} | 0
lib/talloc/talloc.c | 12 ++--
lib/talloc/wscript | 2 +-
5 files changed, 3 insertions(+), 11 deletions(-)
copy lib/talloc/ABI/{pytalloc-util-2.1.9.sigs => pytalloc-util-2.1.13.sigs}
(100%)
copy lib/talloc/ABI/{pytalloc-util.py3-2.1.9.sigs =>
pytalloc-util.py3-2.1.13.sigs} (100%)
copy lib/talloc/ABI/{talloc-2.1.9.sigs => talloc-2.1.13.sigs} (100%)
Changeset truncated at 500 lines:
diff --git a/lib/talloc/ABI/pytalloc-util-2.1.9.sigs
b/lib/talloc/ABI/pytalloc-util-2.1.13.sigs
similarity index 100%
copy from lib/talloc/ABI/pytalloc-util-2.1.9.sigs
copy to lib/talloc/ABI/pytalloc-util-2.1.13.sigs
diff --git a/lib/talloc/ABI/pytalloc-util.py3-2.1.9.sigs
b/lib/talloc/ABI/pytalloc-util.py3-2.1.13.sigs
similarity index 100%
copy from lib/talloc/ABI/pytalloc-util.py3-2.1.9.sigs
copy to lib/talloc/ABI/pytalloc-util.
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 702665c s3:modules: fix the build of vfs_aixacl2.c
via 666dda9 ldb/tests: avoid 'return void_function();' which isn't
portable
via 7ae77db lib/crypto: avoid 'return void_function();' which isn't
portable
via 74278a7 s3:modules: make virusfilter_io_connect_path() more portable
via fb7b67a s3:modules: fix the picky-developer build of
vfs_virusfilter.c on FreeBSD 11
via dc16024 nsswitch: fix the developer build of nsswitch/wins.c on
freebsd 11
via d5be3b3 nsswitch: add some const to _nss_winbind_initgroups_dyn()
prototype
via b8c30ab nsswitch: maintain prototypes for the linux based functions
only once
via 329a229 lib/replace: define __[u]intptr_t_defined if we prove an
replacement
via f2ff61c lib/util: remove unused '#include ' from
tests/tfork.c
from 6b75d2c ctdb-scripts: Drop "net serverid wipe" from 50.samba event
script
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 702665cc52d5dc05ae636519e1ffe9c296f5ef77
Author: Stefan Metzmacher
Date: Wed Mar 21 07:48:16 2018 +0100
s3:modules: fix the build of vfs_aixacl2.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13345
Signed-off-by: Stefan Metzmacher
Reviewed-by: Björn Jacke
Autobuild-User(master): Stefan Metzmacher
Autobuild-Date(master): Tue Apr 3 20:18:58 CEST 2018 on sn-devel-144
commit 666dda907b7f190b2dff1f2639bd2518240b9fb2
Author: Stefan Metzmacher
Date: Wed Mar 21 07:33:16 2018 +0100
ldb/tests: avoid 'return void_function();' which isn't portable
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13343
Signed-off-by: Stefan Metzmacher
Reviewed-by: Björn Jacke
commit 7ae77db3b29ef08e1f74aa413049b995a598a5dd
Author: Stefan Metzmacher
Date: Wed Mar 21 07:33:16 2018 +0100
lib/crypto: avoid 'return void_function();' which isn't portable
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13343
Signed-off-by: Stefan Metzmacher
Reviewed-by: Björn Jacke
commit 74278a70389e2479d80ec5c88b01a09c141e8d39
Author: Stefan Metzmacher
Date: Wed Mar 21 07:25:11 2018 +0100
s3:modules: make virusfilter_io_connect_path() more portable
We have existing utility functions to prepare a socket.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13343
Signed-off-by: Stefan Metzmacher
Reviewed-by: Björn Jacke
commit fb7b67af984812784756574df4f0fb55d472181b
Author: Stefan Metzmacher
Date: Tue Mar 20 12:10:01 2018 +0100
s3:modules: fix the picky-developer build of vfs_virusfilter.c on FreeBSD 11
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13344
Signed-off-by: Stefan Metzmacher
Reviewed-by: Björn Jacke
commit dc160247d13e2c63574a7e7ec7720fc4c690483b
Author: Stefan Metzmacher
Date: Sat Oct 21 14:15:12 2017 +0200
nsswitch: fix the developer build of nsswitch/wins.c on freebsd 11
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13344
Signed-off-by: Stefan Metzmacher
Reviewed-by: Björn Jacke
commit d5be3b3279162005d9ebea2eda71d455e4c48739
Author: Stefan Metzmacher
Date: Sat Oct 21 14:14:34 2017 +0200
nsswitch: add some const to _nss_winbind_initgroups_dyn() prototype
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13344
Signed-off-by: Stefan Metzmacher
Reviewed-by: Björn Jacke
commit b8c30abb02f461f16af4da83eecd173993974dc1
Author: Stefan Metzmacher
Date: Sat Oct 21 14:08:15 2017 +0200
nsswitch: maintain prototypes for the linux based functions only once
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13344
Signed-off-by: Stefan Metzmacher
Reviewed-by: Björn Jacke
commit 329a229af3c3c9475b9254ca68c413ec18fa3b71
Author: Stefan Metzmacher
Date: Tue Mar 20 21:46:12 2018 +0100
lib/replace: define __[u]intptr_t_defined if we prove an replacement
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13344
Signed-off-by: Stefan Metzmacher
Reviewed-by: Björn Jacke
commit f2ff61ce9e8ab56d8a69fce29c9f214d5d98f89e
Author: Stefan Metzmacher
Date: Tue Mar 20 16:49:30 2018 +0100
lib/util: remove unused '#include ' from tests/tfork.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13342
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
---
Summary of changes:
lib/crypto/aes.c| 10 ++
lib/ldb/tests/ldb_mod_op_test.c | 8
lib/replace/replace.h | 2 ++
lib/util/tests/tfork.c | 1 -
nsswitch/winbind_nss.h | 6 ++
nsswitch/winbind_nss_freebsd.c | 19 --
[SCM] Samba Shared Repository - annotated tag talloc-2.1.12 created
The annotated tag, talloc-2.1.12 has been created at 52933e59df9c5ca06a5cce1ab85034b27d7f45c6 (tag) tagging 80f9ec016496087bca06d3c34b6f687f0dc145ac (commit) replaces ldb-1.3.2 tagged by Stefan Metzmacher on Thu Mar 22 07:25:36 2018 +0100 - Log - talloc: tag release talloc-2.1.12 -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAABAgAGBQJas0xgAAoJEEeTkWETCEAlnVIIAL+jaVruICy/3ELvm7qie2Tc waIwZxPDEob+99PgYZ7EUxRqZKXotSrfaoh4bl4x+XDfxiOg8ZXb4Dn6WB0lMZDG PthnxTBNT3luG9cSlV088hagxxVdvj8A2+9ey2x/nJyxf4ftUnJF5alKHQyQ60uB O+nAN+MSaUm8RCrj+q/cHvkOVJ1IR0B2a7YXyJF0UD3FyqIrO2RK+vJML4MDDuWv FPQqHfEOau0uNZecfM41NyBYI8VL7E+aLVfBSoxxZnErklwgPgshcdMbu7CkkEvl dPiS6uF7J2JOZcMvy2sr2jysyaUooYgfn6NdP2SJ3ocK9bjVfPGmr8AQMQqZmoQ= =Brv4 -END PGP SIGNATURE- Amitay Isaacs (8): ctdb-pmda: Use modified API in pcp library 4.0 ctdb-ib: Avoid fall through case statements ctdb-client: Client code should never free the client context ctdb-tools: Wait for ctdb daemon to go away in shutdown ctdb-tools: Drop ipiface command from ctdb tool ctdb-common: Drop unused function ctdb_sys_find_ifname() ctdb-tools: Event script commands cannot be run without daemon ctdb-tools: Fix documentation for ctdb ping command Andreas Schneider (105): s4:lib:com: Fix function declartions lib:texpect: Avoid some compiler warnings lib:replace: Add FALL_THROUGH support lib:replace: Add FALL_THROUGH statements in strptime.c lib:ldb: Add FALL_THROUGH statements in common/ldb_dn.c lib:ldb: Add FALL_THROUGH statements in ldb_map/ldb_map_inbound.c lib:ldb: Add FALL_THROUGH statements in ldb_map/ldb_map.c lib:ldb: Add FALL_THROUGH statements in ldb_map/ldb_map_outbound.c lib:param: Add FALL_THROUGH statements in loadparm.c lib:util: Add FALL_THROUGH statements in substitute.c lib:util: Add FALL_THROUGH statements in charset/charset_macosxfs.c lib:util: Add FALL_THROUGH statements in util_file.c s3:lib: Add FALL_THROUGH statements in substitute_generic.c s3:lib: Add FALL_THROUGH statements in util_path.c s3:lib: Add FALL_THROUGH statements in util_str.c lib:tdb: Add FALL_THROUGH statements in hash.c lib:tdb: Add FALL_THROUGH statements in tdbtool.c lib:tdb: Add FALL_THROUGH statements in common/summary.c libgpo: Add FALL_THROUGH statements in gpo_sec.c librpc:ndr: Add FALL_THROUGH statements in ndr_cab.c s3:auth: Add FALL_THROUGH statements in auth_sam.c s3:auth: Add FALL_THROUGH statements in pampass.c s3:lib: Add FALL_THROUGH statements in cbuf.c s3:lib: Add FALL_THROUGH statements in sysacls.c s3:lib: Add FALL_THROUGH statements in util_sd.c s3:libsmb: Add FALL_THROUGH statements in dsgetdcname.c s3:modules: Add FALL_THROUGH statements in vfs_acl_common.c s3:smbd: Add FALL_THROUGH statements in nttrans.c s3:smbd: Add FALL_THROUGH statements in trans2.c s3:utils: Add FALL_THROUGH statements in regedit.c s3:utils: Add FALL_THROUGH statements in net_conf.c s3:utils: Add FALL_THROUGH statements in net_rpc_conf.c s3:rpc_server: Add FALL_THROUGH statements in rpc_server.c s4:samdb: Add FALL_THROUGH statements in cracknames.c s4:samdb: Add FALL_THROUGH statements in linked_attributes.c s4:auth: Add FALL_THROUGH statements in auth_util.c s4:auth: Add FALL_THROUGH statements in auth_sam.c s4:auth: Add FALL_THROUGH statements in gensec_krb5.c s4:rpc_server: Add FALL_THROUGH statements in dcesrv_srvsvc.c s4:torture: Add FALL_THROUGH statements in basic/misc.c s4:torture: Add FALL_THROUGH statements in rpc/spoolss.c auth:credentials: Add FALL_THROUGH statements in credentials_secrets.c auth:gensec: Add FALL_THROUGH statements in spnego.c nsswitch: Add FALL_THROUGH statements in pam_winbind.c s3:libnet: Add FALL_THROUGH statements in libnet_join.c s3:modules: Add FALL_THROUGH statements in getdate.c s3:lsa: Add FALL_THROUGH statements in srv_lsa_nt.c s3:rpcclient: Add FALL_THROUGH statements in rpcclient.c s3:smbd: Add FALL_THROUGH statements in reply.c s3:utils: Add FALL_THROUGH statements in net_registry_check.c s3:utils: Add FALL_THROUGH statements in ntlm_auth.c s3:winbindd: Add FALL_THROUGH statements in idmap_autorid.c s4:dsdb: Add FALL_THROUGH statements in password_hash.c s4:lib: Add FALL_THROUGH statements in http.c s3:spoolss: Remove incorrect fall through comment in srv_spoolss_nt.c libsmb: Remove incorrect fall through comment in trusts_util.c third_party: Update pam_wrapper to version 1.0.5 third_party: Add missing config.h in libpamtest auth:credentials: Add FALL_THROUGH statements in credentials.c auth:credentials: Avoid an 'else' branch wafsa
[SCM] Samba Shared Repository - branch v4-8-test updated
The branch, v4-8-test has been updated
via cbbb6ef s3:auth: make use of make_{server,session}_info_anonymous()
via f9d850d s3:rpc_server: make use of make_session_info_anonymous()
via a6ecafa s3:auth: add make_{server,session}_info_anonymous()
via 07091cd s3:auth: pass the whole auth_session_info from
copy_session_info_serverinfo_guest() to create_local_token()
via e811adb s3:auth: base make_new_session_info_system() on
auth_system_user_info_dc() and auth3_create_session_info()
via 59cf56e s3:auth: add auth3_user_info_dc_add_hints() and
auth3_session_info_create()
via df9ae9d auth: add auth_user_info_copy() function
via 05fad28 s3:auth: remove static from finalize_local_nt_token()
via aee3318 s3:auth: pass AUTH_SESSION_INFO_* flags to
finalize_local_nt_token()
via 3adb292 s3:auth: don't try to expand system or anonymous tokens in
finalize_local_nt_token()
via 2c148eb s3:auth: add add_builtin_guests() handling to
finalize_local_nt_token()
via 8557994 s3:auth: only call secrets_fetch_domain_sid() once in
finalize_local_nt_token()
via 03b4684 s3:passdb: handle dom_sid=NULL in
create_builtin_{users,administrators}()
via 253f0d1 s3:auth: move add_local_groups() out of
finalize_local_nt_token()
via 88c8499 s3:auth: add the "Unix Groups" sid for the primary gid
via a67e3d0 s3:auth: remove unused auth_serversupplied_info->system
via abffcb8 libcli/security: only announce a session as GUEST if
'Builtin\Guests' is there without 'Authenticated User'
via 8227b0a s3:selftest: run SMB2-ANONYMOUS
via ebc2137 s3:torture: add SMB2-ANONYMOUS which asserts no GUEST bit
for anonymous
from 5d36aa6 VERSION: Bump version up to 4.8.1...
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-test
- Log -
commit cbbb6ef5c2b41bb46972fabc08c55134098ac29b
Author: Stefan Metzmacher
Date: Fri Mar 2 14:40:19 2018 +0100
s3:auth: make use of make_{server,session}_info_anonymous()
It's important to have them separated from
make_{server,session}_info_guest(),
because there's a fundamental difference between anonymous (the client
requested
no authentication) and guest (the server lies about the authentication
failure).
When it's really an anonymous connection, we should reflect that in the
resulting session info.
This should fix a problem where Windows 10 tries to join
a Samba hosted NT4 domain and has SMB2/3 enabled.
We no longer return SMB_SETUP_GUEST or SMB2_SESSION_FLAG_IS_GUEST
for true anonymous connections.
The commit message from a few commit before shows the resulting
auth_session_info change.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Fri Mar 16 03:03:31 CET 2018 on sn-devel-144
(cherry picked from commit 1957bf11f127fc08c6622999cadc7dd580ac7d3b)
Autobuild-User(v4-8-test): Stefan Metzmacher
Autobuild-Date(v4-8-test): Wed Mar 21 02:29:57 CET 2018 on sn-devel-144
commit f9d850d3d1b803143bee807ebba218b7f14aaef0
Author: Stefan Metzmacher
Date: Fri Mar 2 14:40:19 2018 +0100
s3:rpc_server: make use of make_session_info_anonymous()
For unauthenticated connections we should default to a
session info with an anonymous nt token.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
(cherry picked from commit 0ee9a550944034718ea188b277cca4b6fc5fbc5c)
commit a6ecafa7189938b77c11faf8e1026cb8c02256b8
Author: Stefan Metzmacher
Date: Fri Mar 2 14:39:44 2018 +0100
s3:auth: add make_{server,session}_info_anonymous()
It's important to have them separated from
make_{server,session}_info_guest(),
because there's a fundamental difference between anonymous (the client
requested
no authentication) and guest (the server lies about the authentication
failure).
The following is the difference between guest and anonymous token:
security_token: struct security_token
-num_sids : 0x000a (10)
-sids: ARRAY(10)
-sids :
S-1-5-21-3793881525-3372187982-3724979742-501
-sids :
S-1-5-21-3793881525-3372187982-3724979742-514
-sids : S-1-22-2-65534
-sids : S-1-22-2-65533
+num_sids : 0x0009 (9)
+sids: ARRAY(9)
+s
[SCM] Samba Shared Repository - branch v4-7-test updated
The branch, v4-7-test has been updated
via 7a49112 s4:auth_sam: allow logons with an empty domain name
via 7ea5588 tests/bind.py: Add a bind test with NTLMSSP with no domain
via 35c8220 tests/py_creds: Add a SamLogonEx test with an empty string
domain
via 04cc893 s3:cliconnect.c: remove useless ';'
via 4c087a0 s3:libsmb: allow -U"\administrator" to work
via 6c1dde6 s3:auth: make use of make_{server,session}_info_anonymous()
via 47b1336 s3:rpc_server: make use of make_session_info_anonymous()
via 8f69498 s3:auth: add make_{server,session}_info_anonymous()
via c3fdc61 s3:auth: pass the whole auth_session_info from
copy_session_info_serverinfo_guest() to create_local_token()
via 1902652 s3:auth: base make_new_session_info_system() on
auth_system_user_info_dc() and auth3_create_session_info()
via b8c518d s3:auth: add auth3_user_info_dc_add_hints() and
auth3_session_info_create()
via 104de61 auth: add auth_user_info_copy() function
via 8b5253e s3:auth: remove static from finalize_local_nt_token()
via 627a86b s3:auth: pass AUTH_SESSION_INFO_* flags to
finalize_local_nt_token()
via ecee945 s3:auth: don't try to expand system or anonymous tokens in
finalize_local_nt_token()
via 7687d26 s3:auth: add add_builtin_guests() handling to
finalize_local_nt_token()
via e0e4aa1 s3:auth: only call secrets_fetch_domain_sid() once in
finalize_local_nt_token()
via c1f61c0 s3:passdb: handle dom_sid=NULL in
create_builtin_{users,administrators}()
via 85097b1 s3:auth: move add_local_groups() out of
finalize_local_nt_token()
via 1258f28 s3:auth: add the "Unix Groups" sid for the primary gid
via b991dca s3:auth: remove unused auth_serversupplied_info->system
via ff7a8e4 libcli/security: only announce a session as GUEST if
'Builtin\Guests' is there without 'Authenticated User'
via e39a5bd s3:selftest: run SMB2-ANONYMOUS
via 23d1850 s3:torture: add SMB2-ANONYMOUS which asserts no GUEST bit
for anonymous
from 17977a9 Merge tag 'samba-4.7.6' into v4-7-test
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test
- Log -----
commit 7a49112b5077381383d9d6c2b5356e6208dceaf0
Author: Stefan Metzmacher
Date: Tue Jan 9 08:54:11 2018 +0100
s4:auth_sam: allow logons with an empty domain name
It turns out that an empty domain name maps to the local SAM.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206
Signed-off-by: Stefan Metzmacher
Reviewed-by: Andrew Bartlett
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Fri Feb 23 04:08:26 CET 2018 on sn-devel-144
(cherry picked from commit 57762229da971e837b923f09ca01bad6151f9419)
Autobuild-User(v4-7-test): Stefan Metzmacher
Autobuild-Date(v4-7-test): Tue Mar 20 21:51:18 CET 2018 on sn-devel-144
commit 7ea5588d089b5b97f307c71aa4de78fe0aa2441b
Author: Garming Sam
Date: Mon Jan 8 16:34:02 2018 +1300
tests/bind.py: Add a bind test with NTLMSSP with no domain
Confirmed to pass against Windows 2012 R2.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206
Signed-off-by: Garming Sam
Reviewed-by: Andrew Bartlett
Reviewed-by: Stefan Metzmacher
(cherry picked from commit 2e49a9ebf5bffbeadca03517b4a21bca24c0)
commit 35c8220990a2671443ca6b9f457efd72a427be9e
Author: Garming Sam
Date: Mon Jan 8 13:36:59 2018 +1300
tests/py_creds: Add a SamLogonEx test with an empty string domain
This test passes against 4.6, but failed against 4.7.5 and master.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206
Signed-off-by: Garming Sam
Reviewed-by: Andrew Bartlett
Reviewed-by: Stefan Metzmacher
(cherry picked from commit 5c625eae3f54e8de434de26e9f6a0f2fde557c18)
commit 04cc8936c3f90bf3bbb05bce25c55212c8f0823b
Author: Stefan Metzmacher
Date: Tue Jan 9 08:57:05 2018 +0100
s3:cliconnect.c: remove useless ';'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206
Signed-off-by: Stefan Metzmacher
Reviewed-by: Andrew Bartlett
(cherry picked from commit e039e9b0d2a16b21ace019b028e5c8244486b8a3)
commit 4c087a0e9e8ffd797e810f7dc21d630fd6833eed
Author: Stefan Metzmacher
Date: Tue Jan 9 08:55:48 2018 +0100
s3:libsmb: allow -U"\\administrator" to work
cli_credentials_get_principal() returns NULL in that case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206
Signed-off-by: Stefan Metzmacher
Reviewed-by: Andrew Bartlett
(cherry picked from commit 0786a65cabb92a812cf1c692d0d26914f74a6f87)
commit 6c1dde631da2f5b41682210eca40f9d363168696
Author: Stefan Metzmacher
Date: Fri Mar 2 14:40:19 2018 +0100
[SCM] Samba Shared Repository - branch v4-6-test updated
The branch, v4-6-test has been updated
via 0afb85c tests/bind.py: Add a bind test with NTLMSSP with no domain
via 96d9297 s3:cliconnect.c: remove useless ';'
via bb14cec s3:libsmb: allow -U"\administrator" to work
from d71e1a2 Merge tag 'samba-4.6.14' into v4-6-test
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-6-test
- Log -
commit 0afb85c28f3932ef952abbbe10c20340e51ca90d
Author: Garming Sam
Date: Mon Jan 8 16:34:02 2018 +1300
tests/bind.py: Add a bind test with NTLMSSP with no domain
Confirmed to pass against Windows 2012 R2.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206
Signed-off-by: Garming Sam
Reviewed-by: Andrew Bartlett
Reviewed-by: Stefan Metzmacher
(cherry picked from commit 2e49a9ebf5bffbeadca03517b4a21bca24c0)
Autobuild-User(v4-6-test): Stefan Metzmacher
Autobuild-Date(v4-6-test): Tue Mar 20 21:20:00 CET 2018 on sn-devel-144
commit 96d9297a98d86000ec776049d84305ad9371efcc
Author: Stefan Metzmacher
Date: Tue Jan 9 08:57:05 2018 +0100
s3:cliconnect.c: remove useless ';'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206
Signed-off-by: Stefan Metzmacher
Reviewed-by: Andrew Bartlett
(cherry picked from commit e039e9b0d2a16b21ace019b028e5c8244486b8a3)
commit bb14cec6160bf9249fe2eb997ff48ad1408885d3
Author: Stefan Metzmacher
Date: Tue Jan 9 08:55:48 2018 +0100
s3:libsmb: allow -U"\\administrator" to work
cli_credentials_get_principal() returns NULL in that case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206
Signed-off-by: Stefan Metzmacher
Reviewed-by: Andrew Bartlett
(cherry picked from commit 0786a65cabb92a812cf1c692d0d26914f74a6f87)
---
Summary of changes:
auth/credentials/tests/bind.py | 26 +-
source3/libsmb/cliconnect.c| 9 +++--
2 files changed, 32 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/auth/credentials/tests/bind.py b/auth/credentials/tests/bind.py
index 91e493d..4aa4498 100755
--- a/auth/credentials/tests/bind.py
+++ b/auth/credentials/tests/bind.py
@@ -43,6 +43,7 @@ creds_machine = copy.deepcopy(creds)
creds_user1 = copy.deepcopy(creds)
creds_user2 = copy.deepcopy(creds)
creds_user3 = copy.deepcopy(creds)
+creds_user4 = copy.deepcopy(creds)
class BindTests(samba.tests.TestCase):
@@ -64,7 +65,7 @@ class BindTests(samba.tests.TestCase):
self.config_dn = self.info_dc["configurationNamingContext"][0]
self.computer_dn = "CN=centos53,CN=Computers,%s" % self.domain_dn
self.password = "P@ssw0rd"
-self.username = "BindTestUser_" + time.strftime("%s", time.gmtime())
+self.username = "BindTestUser"
def tearDown(self):
super(BindTests, self).tearDown()
@@ -113,6 +114,7 @@ unicodePwd:: """ +
base64.b64encode("\"P@ssw0rd\"".encode('utf-16-le')) + """
expression="(samAccountName=%s)" %
self.username)
self.assertEquals(len(ldb_res), 1)
user_dn = ldb_res[0]["dn"]
+self.addCleanup(delete_force, self.ldb, user_dn)
# do a simple bind and search with the user account in format
user@realm
creds_user1.set_bind_dn(self.username + "@" + creds.get_realm())
@@ -138,5 +140,27 @@ unicodePwd:: """ +
base64.b64encode("\"P@ssw0rd\"".encode('utf-16-le')) + """
lp=lp, ldap_only=True)
res = ldb_user3.search(base="", expression="", scope=SCOPE_BASE,
attrs=["*"])
+def test_user_account_bind_no_domain(self):
+# create user
+self.ldb.newuser(username=self.username, password=self.password)
+ldb_res = self.ldb.search(base=self.domain_dn,
+ scope=SCOPE_SUBTREE,
+ expression="(samAccountName=%s)" %
self.username)
+self.assertEquals(len(ldb_res), 1)
+user_dn = ldb_res[0]["dn"]
+self.addCleanup(delete_force, self.ldb, user_dn)
+
+creds_user4.set_username(self.username)
+creds_user4.set_password(self.password)
+creds_user4.set_domain('')
+creds_user4.set_workstation('')
+print "BindTest (no domain) with: " + self.username
+try:
+ldb_user4 = samba.tests.connect_samdb(host,
credentials=creds_user4,
+ lp=lp, ldap_only=True)
+except:
+
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via da39e74 libcli/security: fix some SID values in comments
via 3056e24 test_smbclient_s3.sh: force LANG=C during test_utimes()
from 0361748 wbinfo: Improve the wording for --online-status
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit da39e74c3909f1c260b4899ea835e789044aaa56
Author: Stefan Metzmacher
Date: Tue Mar 6 16:38:30 2018 +0100
libcli/security: fix some SID values in comments
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
Autobuild-User(master): Stefan Metzmacher
Autobuild-Date(master): Fri Mar 16 19:47:15 CET 2018 on sn-devel-144
commit 3056e24a4bee545b94847265ec8ab3b228ce5f89
Author: Stefan Metzmacher
Date: Wed Mar 7 11:19:54 2018 +0100
test_smbclient_s3.sh: force LANG=C during test_utimes()
This makes the test independent from the developers environment.
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
---
Summary of changes:
libcli/security/util_sid.c| 6 +++---
source3/script/tests/test_smbclient_s3.sh | 8
2 files changed, 11 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/security/util_sid.c b/libcli/security/util_sid.c
index 4e4a8fa..af04dff 100644
--- a/libcli/security/util_sid.c
+++ b/libcli/security/util_sid.c
@@ -34,10 +34,10 @@
*/
-/* S-1 */
+/* S-1-1 */
const struct dom_sid global_sid_World_Domain = /* Everyone
domain */
{ 1, 0, {0,0,0,0,0,1}, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
-/* S-1-1 */
+/* S-1-1-0 */
const struct dom_sid global_sid_World = /* Everyone */
{ 1, 1, {0,0,0,0,0,1}, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
/* S-1-2 */
@@ -52,7 +52,7 @@ const struct dom_sid global_sid_NT_Authority =
/* NT Authority */
/* S-1-5-18 */
const struct dom_sid global_sid_System = /* System */
{ 1, 1, {0,0,0,0,0,5}, {18,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
-/* S-1-0 */
+/* S-1-0-0 */
const struct dom_sid global_sid_NULL = /* NULL sid */
{ 1, 1, {0,0,0,0,0,0}, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
/* S-1-5-11 */
diff --git a/source3/script/tests/test_smbclient_s3.sh
b/source3/script/tests/test_smbclient_s3.sh
index db77eb1..03f7b27 100755
--- a/source3/script/tests/test_smbclient_s3.sh
+++ b/source3/script/tests/test_smbclient_s3.sh
@@ -1422,6 +1422,9 @@ test_utimes()
saved_TZ="$TZ"
TZ=UTC
export TZ
+saved_LANG="$LANG"
+LANG=C
+export LANG
cat > $tmpfile <
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via c41895b CVE-2018-1050: s3: RPC: spoolss server. Protect against null pointer derefs. via 50e7788 CVE-2018-1057: s4:dsdb/acl: changing dBCSPwd is only allowed with a control via c804568 CVE-2018-1057: s4:dsdb: use DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID via ab7dc21 CVE-2018-1057: s4:dsdb/samdb: define DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID control via 407a34c CVE-2018-1057: s4:dsdb/acl: run password checking only once via 3e6621f CVE-2018-1057: s4/dsdb: correctly detect password resets via 9dd7dd9 CVE-2018-1057: s4:dsdb/acl: add a NULL check for talloc_new() in acl_check_password_rights() via 766ab4c CVE-2018-1057: s4:dsdb/acl: add check for DSDB_CONTROL_PASSWORD_HASH_VALUES_OID control via 0e15ce1 CVE-2018-1057: s4:dsdb/acl: check for internal controls before other checks via 39e689a CVE-2018-1057: s4:dsdb/acl: remove unused else branches in acl_check_password_rights() via 2fea9ee CVE-2018-1057: s4:dsdb/acl: only call dsdb_acl_debug() if we checked the acl in acl_check_password_rights() via c653e51 CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for passwordAttr->num_values via b23bf04 CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for LDB_FLAG_MOD_TYPE via fbd1647 CVE-2018-1057: s4:dsdb/tests: add a test for password change with empty delete from 614f5a0 README.Coding: codify line splitting on function calls https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c41895be8222199ffe69749e32afc9946517f63f Author: Jeremy Allison Date: Tue Jan 2 15:56:03 2018 -0800 CVE-2018-1050: s3: RPC: spoolss server. Protect against null pointer derefs. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11343 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Tue Mar 13 16:06:10 CET 2018 on sn-devel-144 commit 50e7788603b97104fe116a07ab14a1d1148f4405 Author: Ralph Boehme Date: Thu Feb 15 23:11:38 2018 +0100 CVE-2018-1057: s4:dsdb/acl: changing dBCSPwd is only allowed with a control This is not strictly needed to fig bug 13272, but it makes sense to also fix this while fixing the overall ACL checking logic. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit c80456855197f9fe9ef497a7fc94504c28445343 Author: Ralph Boehme Date: Fri Feb 16 15:38:19 2018 +0100 CVE-2018-1057: s4:dsdb: use DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID This is used to pass information about which password change operation (change or reset) the acl module validated, down to the password_hash module. It's very important that both modules treat the request identical. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit ab7dc210e9aedc1222055822ff296e4a67cfb27b Author: Ralph Boehme Date: Fri Feb 16 15:30:13 2018 +0100 CVE-2018-1057: s4:dsdb/samdb: define DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID control Will be used to pass "user password change" vs "password reset" from the ACL to the password_hash module, ensuring both modules treat the request identical. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit 407a34c73fcd666c22776bbc4aa56d02c0683463 Author: Ralph Boehme Date: Wed Feb 14 19:15:49 2018 +0100 CVE-2018-1057: s4:dsdb/acl: run password checking only once This is needed, because a later commit will let the acl module add a control to the change request msg and we must ensure that this is only done once. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit 3e6621fe58014f19477633b1c0b54288550f0e87 Author: Ralph Boehme Date: Thu Feb 22 10:54:37 2018 +0100 CVE-2018-1057: s4/dsdb: correctly detect password resets This change ensures we correctly treat the following LDIF dn: cn=testuser,cn=users,... changetype: modify delete: userPassword add: userPassword userPassword: thatsAcomplPASS1 as a password reset. Because delete and add element counts are both one, the ACL module wrongly treated this as a password change request. For a password change we need at least one value to delete and one value to add. This patch ensures we correctly check attributes and their values. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272 Signed-off-by: Ralph Boehme Reviewed-by
[SCM] Samba Shared Repository - branch v4-8-test updated
The branch, v4-8-test has been updated via 03e63dd CVE-2018-1050: s3: RPC: spoolss server. Protect against null pointer derefs. via 87b10d3 CVE-2018-1057: s4:dsdb/acl: changing dBCSPwd is only allowed with a control via 5c957af CVE-2018-1057: s4:dsdb: use DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID via 6335660 CVE-2018-1057: s4:dsdb/samdb: define DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID control via f8ff72d CVE-2018-1057: s4:dsdb/acl: run password checking only once via 4e30547 CVE-2018-1057: s4/dsdb: correctly detect password resets via bd39608 CVE-2018-1057: s4:dsdb/acl: add a NULL check for talloc_new() in acl_check_password_rights() via b152db9 CVE-2018-1057: s4:dsdb/acl: add check for DSDB_CONTROL_PASSWORD_HASH_VALUES_OID control via 93e11c7 CVE-2018-1057: s4:dsdb/acl: check for internal controls before other checks via 9e7dc49 CVE-2018-1057: s4:dsdb/acl: remove unused else branches in acl_check_password_rights() via be3c583 CVE-2018-1057: s4:dsdb/acl: only call dsdb_acl_debug() if we checked the acl in acl_check_password_rights() via 9a3f754 CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for passwordAttr->num_values via 231ed98 CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for LDB_FLAG_MOD_TYPE via ccb38e9 CVE-2018-1057: s4:dsdb/tests: add a test for password change with empty delete from 60c7969 WHATSNEW: Domain member setups require winbindd https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-test - Log - commit 03e63dd9841085ee16993d74dff4e62957298bbd Author: Jeremy Allison Date: Tue Jan 2 15:56:03 2018 -0800 CVE-2018-1050: s3: RPC: spoolss server. Protect against null pointer derefs. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11343 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(v4-8-test): Stefan Metzmacher Autobuild-Date(v4-8-test): Tue Mar 13 15:58:25 CET 2018 on sn-devel-144 commit 87b10d37533950abf793f64b43542632b3cb40ae Author: Ralph Boehme Date: Thu Feb 15 23:11:38 2018 +0100 CVE-2018-1057: s4:dsdb/acl: changing dBCSPwd is only allowed with a control This is not strictly needed to fig bug 13272, but it makes sense to also fix this while fixing the overall ACL checking logic. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit 5c957af090354f678a75cb59861a3a61ef24333e Author: Ralph Boehme Date: Fri Feb 16 15:38:19 2018 +0100 CVE-2018-1057: s4:dsdb: use DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID This is used to pass information about which password change operation (change or reset) the acl module validated, down to the password_hash module. It's very important that both modules treat the request identical. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit 6335660ea218fe59f461658db0be364b8b58b4ca Author: Ralph Boehme Date: Fri Feb 16 15:30:13 2018 +0100 CVE-2018-1057: s4:dsdb/samdb: define DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID control Will be used to pass "user password change" vs "password reset" from the ACL to the password_hash module, ensuring both modules treat the request identical. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit f8ff72d75bef5552eb00852a3012db44261d423f Author: Ralph Boehme Date: Wed Feb 14 19:15:49 2018 +0100 CVE-2018-1057: s4:dsdb/acl: run password checking only once This is needed, because a later commit will let the acl module add a control to the change request msg and we must ensure that this is only done once. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher commit 4e30547371cf9e38cd7a219dd43c9bc5c7a2a7fb Author: Ralph Boehme Date: Thu Feb 22 10:54:37 2018 +0100 CVE-2018-1057: s4/dsdb: correctly detect password resets This change ensures we correctly treat the following LDIF dn: cn=testuser,cn=users,... changetype: modify delete: userPassword add: userPassword userPassword: thatsAcomplPASS1 as a password reset. Because delete and add element counts are both one, the ACL module wrongly treated this as a password change request. For a password change we need at least one value to delete and one value to add. This patch ensures we correctly check attributes and their values. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272 Signed-off-by: Ralph Boehme Reviewed-by
[SCM] Samba Shared Repository - branch v4-7-test updated
The branch, v4-7-test has been updated via 17977a9 Merge tag 'samba-4.7.6' into v4-7-test via 5cfa947 VERSION: Disable GIT_SNAPSHOT for the 4.7.6 release. via 4119137 WHATSNEW: Add release notes for Samba 4.7.6. via 11fbafc CVE-2018-1057: s4:dsdb/acl: changing dBCSPwd is only allowed with a control via 86b41e9 CVE-2018-1057: s4:dsdb: use DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID via f11f3cc CVE-2018-1057: s4:dsdb/samdb: define DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID control via 32d65d8 CVE-2018-1057: s4:dsdb/acl: run password checking only once via 946bab0 CVE-2018-1057: s4/dsdb: correctly detect password resets via bb2ab8e CVE-2018-1057: s4:dsdb/acl: add a NULL check for talloc_new() in acl_check_password_rights() via a6221ea CVE-2018-1057: s4:dsdb/acl: add check for DSDB_CONTROL_PASSWORD_HASH_VALUES_OID control via 32384ea CVE-2018-1057: s4:dsdb/acl: check for internal controls before other checks via 31088fa CVE-2018-1057: s4:dsdb/acl: remove unused else branches in acl_check_password_rights() via 50eb427 CVE-2018-1057: s4:dsdb/acl: only call dsdb_acl_debug() if we checked the acl in acl_check_password_rights() via e2acd0d CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for passwordAttr->num_values via 5ad58a9 CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for LDB_FLAG_MOD_TYPE via d8de52b CVE-2018-1057: s4:dsdb/tests: add a test for password change with empty delete via 9f9db58 CVE-2018-1050: s3: RPC: spoolss server. Protect against null pointer derefs. via a572eed VERSION: Bump version up to 4.7.6... from cc04ea1 VERSION: Bump version up to 4.7.7. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test - Log - commit 17977a918f97309f2d2d2aeaa162766f36342478 Merge: cc04ea1 5cfa947 Author: Stefan Metzmacher Date: Tue Mar 13 11:11:29 2018 +0100 Merge tag 'samba-4.7.6' into v4-7-test samba: tag release samba-4.7.6 --- Summary of changes: Changeset truncated at 500 lines: -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-6-test updated
The branch, v4-6-test has been updated via d71e1a2 Merge tag 'samba-4.6.14' into v4-6-test via d64e68a VERSION: Disable GIT_SNAPSHOT for the 4.6.14 release. via 7d6f329 WHATSNEW: Add release notes for Samba 4.6.14. via 8300e8e CVE-2018-1057: s4:dsdb/acl: changing dBCSPwd is only allowed with a control via c1de637 CVE-2018-1057: s4:dsdb: use DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID via 06032bf CVE-2018-1057: s4:dsdb/samdb: define DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID control via aee3832 CVE-2018-1057: s4:dsdb/acl: run password checking only once via c8aa8ff CVE-2018-1057: s4/dsdb: correctly detect password resets via 7f4fef0 CVE-2018-1057: s4:dsdb/acl: add a NULL check for talloc_new() in acl_check_password_rights() via 39aa58a CVE-2018-1057: s4:dsdb/acl: add check for DSDB_CONTROL_PASSWORD_HASH_VALUES_OID control via ddf8122 CVE-2018-1057: s4:dsdb/acl: check for internal controls before other checks via 67ad3bf CVE-2018-1057: s4:dsdb/acl: remove unused else branches in acl_check_password_rights() via a529401 CVE-2018-1057: s4:dsdb/acl: only call dsdb_acl_debug() if we checked the acl in acl_check_password_rights() via 09eed84 CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for passwordAttr->num_values via 116c4e3 CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for LDB_FLAG_MOD_TYPE via 429a17f CVE-2018-1057: s4:dsdb/tests: add a test for password change with empty delete via 189d129 CVE-2018-1050: s3: RPC: spoolss server. Protect against null pointer derefs. via 24df683b VERSION: Bump version up to 4.6.14... from 2d2fb95 VERSION: Bump version up to 4.6.15... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-6-test - Log - commit d71e1a2bf4b28442022002bf0a27ba5b0b8dbe45 Merge: 2d2fb95 d64e68a Author: Stefan Metzmacher Date: Tue Mar 13 11:11:55 2018 +0100 Merge tag 'samba-4.6.14' into v4-6-test samba: tag release samba-4.6.14 --- Summary of changes: Changeset truncated at 500 lines: -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-5-stable updated
The branch, v4-5-stable has been updated via cfb28f6 VERSION: Disable GIT_SNAPSHOT for the 4.6.16 release. via 6e98de0 Merge tag 'samba-4.5.16' into v4-5-test via 8376a89 VERSION: Bump version up to 4.5.16. via 829fa02 Merge tag 'samba-4.5.15' into v4-5-test via 3ad2444 python: use communicate to fix Popen deadlock via d433c7f blackbox tests: method to check specific exit codes via aba4994 VERSION: Bump version up to 4.5.15... via f84484a Merge tag 'samba-4.5.14' into v4-5-test from 4b43ad8 VERSION: Disable GIT_SNAPSHOT for the 4.6.16 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-5-stable - Log - commit cfb28f69529c0f71c026096eb75d44370964c6df Author: Karolin Seeger Date: Mon Mar 12 13:10:30 2018 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.6.16 release. CVE-2018-1050 (Denial of Service Attack on external print server.) CVE-2018-1057 (Authenticated users can change other users' password.) Signed-off-by: Karolin Seeger commit 6e98de015870fd5e0461f985d11ce6baabce5d99 Merge: 8376a89 4b43ad8 Author: Stefan Metzmacher Date: Tue Mar 13 11:00:06 2018 +0100 Merge tag 'samba-4.5.16' into v4-5-test samba: tag release samba-4.5.16 commit 8376a89e40b82c0b4b365b8daf155159f59945cb Author: Karolin Seeger Date: Wed Nov 22 09:04:28 2017 +0100 VERSION: Bump version up to 4.5.16. Signed-off-by: Karolin Seeger commit 829fa020f5f06b2d6496d37a064bccf166a3ecf9 Merge: 3ad2444 f333815 Author: Karolin Seeger Date: Wed Nov 22 09:03:52 2017 +0100 Merge tag 'samba-4.5.15' into v4-5-test samba: tag release samba-4.5.15 commit 3ad244462a075874f4740d58b42a2a5f082e3f1d Author: Joe Guo Date: Fri Sep 15 16:13:26 2017 +1200 python: use communicate to fix Popen deadlock `Popen.wait()` will deadlock when using stdout=PIPE and/or stderr=PIPE and the child process generates large output to a pipe such that it blocks waiting for the OS pipe buffer to accept more data. Use communicate() to avoid that. Signed-off-by: Joe Guo Reviewed-by: Douglas Bagnall Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Thu Oct 19 09:27:16 CEST 2017 on sn-devel-144 (cherry picked from commit 5dc773a5b00834c7a53130a73a48f49048bd55e8) Autobuild-User(v4-5-test): Stefan Metzmacher Autobuild-Date(v4-5-test): Tue Nov 14 14:35:22 CET 2017 on sn-devel-144 commit d433c7f455e9ccb03c96bad2984c7cab3ef28628 Author: Gary Lockyer Date: Wed Aug 16 13:52:25 2017 +1200 blackbox tests: method to check specific exit codes Signed-off-by: Gary Lockyer Reviewed-by: Douglas Bagnall Reviewed-by: Garming Sam (cherry picked from commit 74ebcf6dfc84b6aab6838fa99e12808eb6b913d9) commit aba4994bd071bdef8c623632ee248cb99d68ed05 Author: Karolin Seeger Date: Wed Sep 20 13:03:53 2017 +0200 VERSION: Bump version up to 4.5.15... and re-enable GIT_SNAPSHOTS. Signed-off-by: Karolin Seeger commit f84484ac9dc52062cefd0ab055670985d394588d Merge: 5c645ed f261c9a Author: Karolin Seeger Date: Wed Sep 20 13:03:09 2017 +0200 Merge tag 'samba-4.5.14' into v4-5-test samba: tag release samba-4.5.14 --- Summary of changes: Changeset truncated at 500 lines: -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-5-test updated
The branch, v4-5-test has been updated via cfb28f6 VERSION: Disable GIT_SNAPSHOT for the 4.6.16 release. from 6e98de0 Merge tag 'samba-4.5.16' into v4-5-test https://git.samba.org/?p=samba.git;a=shortlog;h=v4-5-test - Log - commit cfb28f69529c0f71c026096eb75d44370964c6df Author: Karolin Seeger Date: Mon Mar 12 13:10:30 2018 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.6.16 release. CVE-2018-1050 (Denial of Service Attack on external print server.) CVE-2018-1057 (Authenticated users can change other users' password.) Signed-off-by: Karolin Seeger --- Summary of changes: VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 2142867..ffb776e 100644 --- a/VERSION +++ b/VERSION @@ -99,7 +99,7 @@ SAMBA_VERSION_RC_RELEASE= # e.g. SAMBA_VERSION_IS_SVN_SNAPSHOT=yes # # -> "3.0.0-SVN-build-199" # -SAMBA_VERSION_IS_GIT_SNAPSHOT=yes +SAMBA_VERSION_IS_GIT_SNAPSHOT=no # This is for specifying a release nickname# -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-5-test updated
The branch, v4-5-test has been updated via 6e98de0 Merge tag 'samba-4.5.16' into v4-5-test via 4b43ad8 VERSION: Disable GIT_SNAPSHOT for the 4.6.16 release. via 3e0aa75 WHATSNEW: Add release notes for Samba 4.6.16. via 3663981 CVE-2018-1057: s4:dsdb/acl: changing dBCSPwd is only allowed with a control via e5b8c81 CVE-2018-1057: s4:dsdb: use DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID via 4adcba5 CVE-2018-1057: s4:dsdb/samdb: define DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID control via bb43ab0 CVE-2018-1057: s4:dsdb/acl: run password checking only once via 67fa44a CVE-2018-1057: s4/dsdb: correctly detect password resets via 6c980a0 CVE-2018-1057: s4:dsdb/acl: add a NULL check for talloc_new() in acl_check_password_rights() via 54c363e CVE-2018-1057: s4:dsdb/acl: add check for DSDB_CONTROL_PASSWORD_HASH_VALUES_OID control via 6d5caff CVE-2018-1057: s4:dsdb/acl: check for internal controls before other checks via 99f46aa CVE-2018-1057: s4:dsdb/acl: remove unused else branches in acl_check_password_rights() via d552abe CVE-2018-1057: s4:dsdb/acl: only call dsdb_acl_debug() if we checked the acl in acl_check_password_rights() via abf925c CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for passwordAttr->num_values via 7eabe3d CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for LDB_FLAG_MOD_TYPE via e577464 CVE-2018-1057: s4:dsdb/tests: add a test for password change with empty delete via dff5d43 CVE-2018-1050: s3: RPC: spoolss server. Protect against null pointer derefs. via 64b6a9f VERSION: Re-enable GIT_SNAPSHOT. via f3ec20f VERSION: Bump version up to 4.5.16. from 8376a89 VERSION: Bump version up to 4.5.16. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-5-test - Log - commit 6e98de015870fd5e0461f985d11ce6baabce5d99 Merge: 8376a89 4b43ad8 Author: Stefan Metzmacher Date: Tue Mar 13 11:00:06 2018 +0100 Merge tag 'samba-4.5.16' into v4-5-test samba: tag release samba-4.5.16 --- Summary of changes: WHATSNEW.txt | 80 +- source3/rpc_server/spoolss/srv_spoolss_nt.c| 13 +++ source4/dsdb/samdb/ldb_modules/acl.c | 146 ++--- source4/dsdb/samdb/ldb_modules/password_hash.c | 45 ++-- source4/dsdb/samdb/samdb.h | 9 ++ source4/dsdb/tests/python/passwords.py | 49 + source4/libcli/ldap/ldap_controls.c| 1 + source4/setup/schema_samba4.ldif | 2 + 8 files changed, 320 insertions(+), 25 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index b245e30..a204a54 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,80 @@ == + Release Notes for Samba 4.5.16 + March 13, 2018 + == + + +This is a security release in order to address the following defects: + +o CVE-2018-1050 (Denial of Service Attack on external print server.) +o CVE-2018-1057 (Authenticated users can change other users' password.) + + +=== +Details +=== + +o CVE-2018-1050: + All versions of Samba from 4.0.0 onwards are vulnerable to a denial of + service attack when the RPC spoolss service is configured to be run as + an external daemon. Missing input sanitization checks on some of the + input parameters to spoolss RPC calls could cause the print spooler + service to crash. + + There is no known vulnerability associated with this error, merely a + denial of service. If the RPC spoolss service is left by default as an + internal service, all a client can do is crash its own authenticated + connection. + +o CVE-2018-1057: + On a Samba 4 AD DC the LDAP server in all versions of Samba from + 4.0.0 onwards incorrectly validates permissions to modify passwords + over LDAP allowing authenticated users to change any other users' + passwords, including administrative users. + + Possible workarounds are described at a dedicated page in the Samba wiki: + https://wiki.samba.org/index.php/CVE-2018-1057 + + +Changes since 4.5.15: +- + +o Jeremy Allison + * BUG 11343: CVE-2018-1050: Codenomicon crashes in spoolss server code. + +o Ralph Boehme + * BUG 13272: CVE-2018-1057: Unprivileged user can change any user (and admin) + password. + +o Stefan Metzmacher + * BUG 13272: CVE-2018-1057: Unprivileged user can change any user (and admin) + password. + + +### +Reporting bugs & Development Discussion +### + +Ple
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 1e77789 Add backports for CVE-2018-1057 on top of 4.3.13 and 4.4.16 via de29a97 redirect outdated https://www.samba.org/samba/patches/ to https://www.samba.org/samba/history/security.html from 52725a6 Fix typos. https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 1e77789ef43cfbf79ade5526c8602cd2391c1c44 Author: Stefan Metzmacher Date: Tue Mar 13 10:51:40 2018 +0100 Add backports for CVE-2018-1057 on top of 4.3.13 and 4.4.16 Signed-off-by: Stefan Metzmacher commit de29a9719794542e51a4615d5e451996f338af6e Author: Stefan Metzmacher Date: Tue Mar 13 10:51:10 2018 +0100 redirect outdated https://www.samba.org/samba/patches/ to https://www.samba.org/samba/history/security.html Signed-off-by: Stefan Metzmacher --- Summary of changes: history/security.html | 4 +++ patches/index.html| 95 --- 2 files changed, 10 insertions(+), 89 deletions(-) Changeset truncated at 500 lines: diff --git a/history/security.html b/history/security.html index d81359a..4321668 100755 --- a/history/security.html +++ b/history/security.html @@ -29,6 +29,10 @@ link to full release notes for each release. patch for Samba 4.6.13 patch for Samba 4.5.15 + + patch for Samba 4.4.16 (only CVE-2018-1057) + + patch for Samba 4.3.13 (only CVE-2018-1057) Numerous CVEs. Please see the announcements for details. please refer to the advisories diff --git a/patches/index.html b/patches/index.html index 1be34e6..9ee2a0b 100755 --- a/patches/index.html +++ b/patches/index.html @@ -1,92 +1,9 @@ - Samba - opening windows to a wider world - +You are being redirected... -Patches for Recent or Unsupported Releases + -In order to better support the Samba community, this page - contains recommended patches for the most recent production - releases. These patches have been integrated into the - main Samba development trees for the next version of Samba. - - -Follow these instructions for applying patches: -$ tar zxvf samba-3.x.y.tar.gz -$ cd samba-3.x.y -$ patch -p1 < "downloaded_patch_file" -$ cd source - - -Or use the http://savannah.nongnu.org/projects/quilt";>quilt -tool to apply all patches to a known series. For example: - -$ tar zxvf samba-3.0.24.tar.gz -$ cd samba-3.0.24 -$ wget http://www.samba.org/samba/patches/fetch-patches>http://www.samba.org/samba/patches/fetch-patches -$ sh ./fetch-patches 3.0.24 -$ quilt push -a -$ cd source - - -build Samba as normal - -Please note that in some cases it will be necessary to regenerate - the configure script by executing autogen.sh located in the - source/ directory. In all cases, it is best to do a clean build - after applying any patches. - - - - - -Samba 3.0.37 - - - -PatchDescription - - -Allow non-ASCII netbios names -Push the domain and netbios name into the DOS charset. - - - - - - - -Samba 3.2.15 - - - -PatchDescription - - -BUG 6606 -Fix file corruption using smbclient with NT4 server. - - -BUG 6776 -Fix core dump when running overlapping Byte Lock test. - - - - - -Samba 3.3.14 - - - -PatchDescription - - -BUG 7715 -Setting Samba Write Cache Size Can Cause File Corruption. - - - - - - - - + + + + -- Samba Website Repository
