[SCM] Samba Shared Repository - branch v4-19-test updated
The branch, v4-19-test has been updated
via f3acbab97f0 dcerpc.idl: fix definitions for DCERPC_PKT_CO_CANCEL
and DCERPC_PKT_ORPHANED payload
via b9e48047ad1 librpc/rpc: let dcerpc_read_ncacn_packet_next_vector()
handle fragments without any payload
via a436b0d1630 s4:torture/ndr: add tests for DCERPC_PKT_CO_CANCEL and
DCERPC_PKT_ORPHANED
from 4f52e4468d1 VERSION: Bump version up to Samba 4.19.0rc3...
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-19-test
- Log -
commit f3acbab97f00aa4047d6730fd328400e4fb06c49
Author: Stefan Metzmacher
Date: Fri Aug 4 14:03:43 2023 +0200
dcerpc.idl: fix definitions for DCERPC_PKT_CO_CANCEL and
DCERPC_PKT_ORPHANED payload
It seems commit 259129e8f4bc8cacd1850eba3f6551134835d079 was partly just
fantasy...
Windows clients just use 16 bytes for DCERPC_PKT_CO_CANCEL and
DCERPC_PKT_ORPHANED pdus.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15446
Signed-off-by: Stefan Metzmacher
Reviewed-by: Volker Lendecke
Autobuild-User(master): Volker Lendecke
Autobuild-Date(master): Tue Aug 8 08:57:46 UTC 2023 on atb-devel-224
(cherry picked from commit 9ec22e680249cfde06fb1a0a34fcc94d1f47002d)
Autobuild-User(v4-19-test): Jule Anger
Autobuild-Date(v4-19-test): Tue Aug 8 14:22:06 UTC 2023 on atb-devel-224
commit b9e48047ad1e60f0e30ebb3b26921a7ca3054f71
Author: Stefan Metzmacher
Date: Mon Aug 7 16:16:27 2023 +0200
librpc/rpc: let dcerpc_read_ncacn_packet_next_vector() handle fragments
without any payload
DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED don't have any payload by
default. In order to receive them via dcerpc_read_ncacn_packet_send/recv
we need to allow fragments with frag_len == DCERPC_NCACN_PAYLOAD_OFFSET.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15446
Signed-off-by: Stefan Metzmacher
Reviewed-by: Volker Lendecke
(cherry picked from commit 5c724a3e156ae734e4d187bf9639d895bb011834)
commit a436b0d163019f43b10ce0c16bcc7210f7df9f1a
Author: Stefan Metzmacher
Date: Fri Aug 4 13:57:12 2023 +0200
s4:torture/ndr: add tests for DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED
The PDUs were generated by Windows clients.
And we fail to parse them currently.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15446
Signed-off-by: Stefan Metzmacher
Reviewed-by: Volker Lendecke
(cherry picked from commit c37adb762640b7df9731d6a60edce808aa8787f8)
---
Summary of changes:
librpc/idl/dcerpc.idl | 2 -
librpc/rpc/dcerpc_util.c | 9 ++-
source4/torture/ndr/dcerpc.c | 148 ++
source4/torture/ndr/ndr.c | 1 +
source4/torture/wscript_build | 1 +
5 files changed, 157 insertions(+), 4 deletions(-)
create mode 100644 source4/torture/ndr/dcerpc.c
Changeset truncated at 500 lines:
diff --git a/librpc/idl/dcerpc.idl b/librpc/idl/dcerpc.idl
index bbb17f0b8c4..1850526042c 100644
--- a/librpc/idl/dcerpc.idl
+++ b/librpc/idl/dcerpc.idl
@@ -276,12 +276,10 @@ interface dcerpc
} dcerpc_auth3;
typedef [public] struct {
- [value(0)]uint32_pad;
[flag(NDR_REMAINING)] DATA_BLOB auth_info;
} dcerpc_orphaned;
typedef [public] struct {
- [value(0)]uint32_pad;
[flag(NDR_REMAINING)] DATA_BLOB auth_info;
} dcerpc_co_cancel;
diff --git a/librpc/rpc/dcerpc_util.c b/librpc/rpc/dcerpc_util.c
index 0ecb2bff1fa..a3a734b0c09 100644
--- a/librpc/rpc/dcerpc_util.c
+++ b/librpc/rpc/dcerpc_util.c
@@ -565,9 +565,14 @@ static int dcerpc_read_ncacn_packet_next_vector(struct
tstream_context *stream,
ofs = state->buffer.length;
- if (frag_len < ofs) {
+ if (frag_len <= ofs) {
/*
-* something is wrong, let the caller deal with it
+* With frag_len == ofs, we are done, this is likely
+* a DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED
+* without any payload.
+*
+* Otherwise it's a broken packet and we
+* let the caller deal with it.
*/
*_vector = NULL;
*_count = 0;
diff --git a/source4/torture/ndr/dcerpc.c b/source4/torture/ndr/dcerpc.c
new file mode 100644
index 000..459817d4951
--- /dev/null
+++ b/source4/torture/ndr/dcerpc.c
@@ -0,0 +1,148 @@
+/*
+ Unix SMB/CIFS implementation.
+ test suite for dcerpc ndr operations
+
+ Copyright (C) Stefan Metzmacher 2023
+
+ This program is free software; you can redistribute it and/or modify
+ it under
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f348b84fbcf s3:smbd: fix multichannel connection passing race via 50d61e53002 s3:smbd: always clear filter_subreq in smb2srv_client_mc_negprot_next() via 4028d658290 s4:torture/smb2: add smb2.multichannel.bugs.bug_15346 via 2b93058be3f s4:torture/smb2: make it possible to pass existing_conn to smb2_connect_ext() via dc5a500f0a7 s4:torture/smb2: let us have a common torture_smb2_con_share() via ade663ee6ca s4:torture/smb2: let torture_smb2_con_sopt() use smb2_connect() from 9ec22e68024 dcerpc.idl: fix definitions for DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED payload https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f348b84fbcf203ab1ba92840cf7aecd55dbf9aa0 Author: Stefan Metzmacher Date: Thu Aug 3 15:45:45 2023 +0200 s3:smbd: fix multichannel connection passing race If a client opens multiple connection with the same client guid in parallel, our connection passing is likely to hit a race. Assume we have 3 processes: smbdA: This process already handles all connections for a given client guid smbdB: This just received a new connection with an SMB2 neprot for the same client guid smbdC: This also received a new connection with an SMB2 neprot for the same client guid Now both smbdB and smbdC send a MSG_SMBXSRV_CONNECTION_PASS message to smbdA. These messages contain the socket fd for each connection. While waiting for a MSG_SMBXSRV_CONNECTION_PASSED message from smbdA, both smbdB and smbdC watch the smbXcli_client.tdb record for changes (that also verifies smbdA stays alive). Once one of them say smbdB received the MSG_SMBXSRV_CONNECTION_PASSED message, the dbwrap_watch logic will wakeup smbdC in order to let it recheck the smbXcli_client.tdb record in order to handle the case where smbdA died or deleted its record. Now smbdC rechecks the smbXcli_client.tdb record, but it was not woken because of a problem with smbdA. It meant that smbdC sends a MSG_SMBXSRV_CONNECTION_PASS message including the socket fd again. As a result smbdA got the socket fd from smbdC twice (or even more), and creates two (or more) smbXsrv_connection structures for the same low level tcp connection. And it also sends more than one SMB2 negprot response. Depending on the tevent logic, it will use different smbXsrv_connection structures to process incoming requests. And this will almost immediately result in errors. The typicall error is: smb2_validate_sequence_number: smb2_validate_sequence_number: bad message_id 2 (sequence id 2) (granted = 1, low = 1, range = 1) But other errors would also be possible. The detail that leads to the long delays on the client side is that our smbd_server_connection_terminate_ex() code will close only the fd of a single smbXsrv_connection, but the refcount on the socket fd in the kernel is still not 0, so the tcp connection is still alive... Now we remember the server_id of the process that we send the MSG_SMBXSRV_CONNECTION_PASS message to. And just keep watching the smbXcli_client.tdb record if the server_id don't change. As we just need more patience to wait for the MSG_SMBXSRV_CONNECTION_PASSED message. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Tue Aug 8 13:59:58 UTC 2023 on atb-devel-224 commit 50d61e5300250922bf36bb699306f82dff6a00b9 Author: Stefan Metzmacher Date: Thu Aug 3 15:34:29 2023 +0200 s3:smbd: always clear filter_subreq in smb2srv_client_mc_negprot_next() Commit 5d66d5b84f87267243dcd5223210906ce589af91 introduced a 'verify_again:' target, if we ever hit that, we would leak the existing filter_subreq. Moving it just above a possible messaging_filtered_read_send() will allow us to only clear it if we actually create a new request. That will help us in the next commits. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider commit 4028d6582907cf582730ceec56872d8584ad02e6 Author: Stefan Metzmacher Date: Fri Aug 4 17:16:14 2023 +0200 s4:torture/smb2: add smb2.multichannel.bugs.bug_15346 This demonstrates the race quite easily against Samba and works fine against Windows Server 2022. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider commit 2b93058be3f6e5eaee239ad3b0e707c62089d18e Author: Stefan Metzmacher Date: Mon Aug 7 12:22:43
[SCM] Samba Shared Repository - branch v4-17-test updated
The branch, v4-17-test has been updated
via 3a0ae0c6f01 dcerpc.idl: fix definitions for DCERPC_PKT_CO_CANCEL
and DCERPC_PKT_ORPHANED payload
via 4233de9bd48 librpc/rpc: let dcerpc_read_ncacn_packet_next_vector()
handle fragments without any payload
via 95bb8115a37 s4:torture/ndr: add tests for DCERPC_PKT_CO_CANCEL and
DCERPC_PKT_ORPHANED
via f99fec49e25 vfs_aio_pthread: fix segfault if samba-tool ntacl get
via 3a6964d0265 vfs_aio_pthread: don't crash without a pthreadpool
from 10f3fafc6f4 s3/modules: Fix DFS links when widelinks = yes
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-17-test
- Log -
commit 3a0ae0c6f0195eead91cc20d27ed227c63c7441e
Author: Stefan Metzmacher
Date: Fri Aug 4 14:03:43 2023 +0200
dcerpc.idl: fix definitions for DCERPC_PKT_CO_CANCEL and
DCERPC_PKT_ORPHANED payload
It seems commit 259129e8f4bc8cacd1850eba3f6551134835d079 was partly just
fantasy...
Windows clients just use 16 bytes for DCERPC_PKT_CO_CANCEL and
DCERPC_PKT_ORPHANED pdus.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15446
Signed-off-by: Stefan Metzmacher
Reviewed-by: Volker Lendecke
Autobuild-User(master): Volker Lendecke
Autobuild-Date(master): Tue Aug 8 08:57:46 UTC 2023 on atb-devel-224
(cherry picked from commit 9ec22e680249cfde06fb1a0a34fcc94d1f47002d)
Autobuild-User(v4-17-test): Jule Anger
Autobuild-Date(v4-17-test): Tue Aug 8 13:39:40 UTC 2023 on sn-devel-184
commit 4233de9bd485f45dc44b19fc6fd7221c6bb9e2e0
Author: Stefan Metzmacher
Date: Mon Aug 7 16:16:27 2023 +0200
librpc/rpc: let dcerpc_read_ncacn_packet_next_vector() handle fragments
without any payload
DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED don't have any payload by
default. In order to receive them via dcerpc_read_ncacn_packet_send/recv
we need to allow fragments with frag_len == DCERPC_NCACN_PAYLOAD_OFFSET.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15446
Signed-off-by: Stefan Metzmacher
Reviewed-by: Volker Lendecke
(cherry picked from commit 5c724a3e156ae734e4d187bf9639d895bb011834)
commit 95bb8115a370e7d33222d1cb94959e69eae5d1d5
Author: Stefan Metzmacher
Date: Fri Aug 4 13:57:12 2023 +0200
s4:torture/ndr: add tests for DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED
The PDUs were generated by Windows clients.
And we fail to parse them currently.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15446
Signed-off-by: Stefan Metzmacher
Reviewed-by: Volker Lendecke
(cherry picked from commit c37adb762640b7df9731d6a60edce808aa8787f8)
commit f99fec49e25a1e54667286415c1a016c2116f42c
Author: Jones Syue
Date: Wed Aug 2 09:48:40 2023 +0800
vfs_aio_pthread: fix segfault if samba-tool ntacl get
If configured as AD DC and aio_pthread appended into 'vfs objects'[1],
run these commands would get segfault:
1. sudo samba-tool ntacl get .
2. sudo net vfs getntacl sysvol .
gdb said it goes through aio_pthread_openat_fn() @ vfs_aio_pthread.c[2],
and the fsp->conn->sconn->client is null (0x0).
'sconn->client' memory is allocated when a new connection is accpeted:
smbd_accept_connection > smbd_process > smbXsrv_client_create
While running local commands looks like it would not go through
smbXsrv_client_create so the 'client' is null, segfault might happen.
We should not dereference 'client->server_multi_channel_enabled',
if 'client' is null.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15441
[1] smb.conf example, samba-4.18.5, ubuntu 22.04.2
[global]
dns forwarder = 127.0.0.53
netbios name = U22-JONES-88X1
realm = U22-JONES-88X1.X88X1.JONES
server role = active directory domain controller
workgroup = X88X1
idmap_ldb:use rfc2307 = yes
vfs objects = dfs_samba4 acl_xattr aio_pthread
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[netlogon]
path = /var/lib/samba/sysvol/u22-jones-88x1.x88x1.jones/scripts
read only = No
[2] gdb
(gdb) run /usr/local/samba/bin/samba-tool ntacl get .
Starting program: /usr/local/Python3/bin/python3
/usr/local/samba/bin/samba-tool ntacl get .
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
0x7fffd0eb809e in aio_pthread_openat_fn (handle=0x8d5cc0,
dirfsp=0x8c3070, smb_fname=0x18ab4f0, fsp=0x1af3550, flags=196608, mode=0)
at ../../source3/modules/vfs_aio_pthread.c:467
warning: Source file is more recent than executable.
467 if (fsp->conn->sconn->client->server_multi_channel_enabled)
{
(gdb) bt
[SCM] Samba Shared Repository - branch v4-18-test updated
The branch, v4-18-test has been updated via 1b3197ff477 dcerpc.idl: fix definitions for DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED payload via 30f317cfb09 librpc/rpc: let dcerpc_read_ncacn_packet_next_vector() handle fragments without any payload via f2604db12b0 s4:torture/ndr: add tests for DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED via bace04c3c5c vfs_aio_pthread: fix segfault if samba-tool ntacl get via cf7a0c9d754 vfs_aio_pthread: don't crash without a pthreadpool from e911424161d lib/cmdline: Also redact --newpassword in samba_cmdline_burn() https://git.samba.org/?p=samba.git;a=shortlog;h=v4-18-test - Log - commit 1b3197ff477714239eca42722cc368c366827327 Author: Stefan Metzmacher Date: Fri Aug 4 14:03:43 2023 +0200 dcerpc.idl: fix definitions for DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED payload It seems commit 259129e8f4bc8cacd1850eba3f6551134835d079 was partly just fantasy... Windows clients just use 16 bytes for DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED pdus. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15446 Signed-off-by: Stefan Metzmacher Reviewed-by: Volker Lendecke Autobuild-User(master): Volker Lendecke Autobuild-Date(master): Tue Aug 8 08:57:46 UTC 2023 on atb-devel-224 (cherry picked from commit 9ec22e680249cfde06fb1a0a34fcc94d1f47002d) Autobuild-User(v4-18-test): Jule Anger Autobuild-Date(v4-18-test): Tue Aug 8 12:56:30 UTC 2023 on atb-devel-224 commit 30f317cfb094db05abd3bd368806304be30f232b Author: Stefan Metzmacher Date: Mon Aug 7 16:16:27 2023 +0200 librpc/rpc: let dcerpc_read_ncacn_packet_next_vector() handle fragments without any payload DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED don't have any payload by default. In order to receive them via dcerpc_read_ncacn_packet_send/recv we need to allow fragments with frag_len == DCERPC_NCACN_PAYLOAD_OFFSET. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15446 Signed-off-by: Stefan Metzmacher Reviewed-by: Volker Lendecke (cherry picked from commit 5c724a3e156ae734e4d187bf9639d895bb011834) commit f2604db12b0a5da6ad3b28d4a0257ec1dd4a37fc Author: Stefan Metzmacher Date: Fri Aug 4 13:57:12 2023 +0200 s4:torture/ndr: add tests for DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED The PDUs were generated by Windows clients. And we fail to parse them currently. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15446 Signed-off-by: Stefan Metzmacher Reviewed-by: Volker Lendecke (cherry picked from commit c37adb762640b7df9731d6a60edce808aa8787f8) commit bace04c3c5c3bd3b345e2e5bf06f522745be2024 Author: Jones Syue Date: Wed Aug 2 09:48:40 2023 +0800 vfs_aio_pthread: fix segfault if samba-tool ntacl get If configured as AD DC and aio_pthread appended into 'vfs objects'[1], run these commands would get segfault: 1. sudo samba-tool ntacl get . 2. sudo net vfs getntacl sysvol . gdb said it goes through aio_pthread_openat_fn() @ vfs_aio_pthread.c[2], and the fsp->conn->sconn->client is null (0x0). 'sconn->client' memory is allocated when a new connection is accpeted: smbd_accept_connection > smbd_process > smbXsrv_client_create While running local commands looks like it would not go through smbXsrv_client_create so the 'client' is null, segfault might happen. We should not dereference 'client->server_multi_channel_enabled', if 'client' is null. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15441 [1] smb.conf example, samba-4.18.5, ubuntu 22.04.2 [global] dns forwarder = 127.0.0.53 netbios name = U22-JONES-88X1 realm = U22-JONES-88X1.X88X1.JONES server role = active directory domain controller workgroup = X88X1 idmap_ldb:use rfc2307 = yes vfs objects = dfs_samba4 acl_xattr aio_pthread [sysvol] path = /var/lib/samba/sysvol read only = No [netlogon] path = /var/lib/samba/sysvol/u22-jones-88x1.x88x1.jones/scripts read only = No [2] gdb (gdb) run /usr/local/samba/bin/samba-tool ntacl get . Starting program: /usr/local/Python3/bin/python3 /usr/local/samba/bin/samba-tool ntacl get . [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/libthread_db.so.1". Program received signal SIGSEGV, Segmentation fault. 0x7fffd0eb809e in aio_pthread_openat_fn (handle=0x8d5cc0, dirfsp=0x8c3070, smb_fname=0x18ab4f0, fsp=0x1af3550, flags=196608, mode=0) at ../../source3/modules/vfs_aio_pthread.c:467 warning: Source file is more recent than executable. 467 if (fsp->conn->sconn->client->server_multi_channel_enabled)
[SCM] pam wrapper repository - annotated tag pam_wrapper-1.1.5 created
The annotated tag, pam_wrapper-1.1.5 has been created at cc0ce1901340340b49e9490f7ec0294bb40e6c2c (tag) tagging b223df9f35e750811f812c8cfb85bc81c196102e (commit) replaces pam_wrapper-1.1.4 tagged by Andreas Schneider on Tue Aug 8 11:17:03 2023 +0200 - Log - pam_wrapper-1.1.5 * Fixed building with Python 3.12 * Removed Python 2 support -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAmTSCCIACgkQfuD8TcwB Tj2HlhAAovAg2bZu2W8A1Ft55KVUgtF5SOoU/1TZMw8XorDn8elIdx1oQeGm7Zpe kSrwunjTtck0bqp6EGsw55z1wFFzWK/yDoGrsc/L201T9mHcZe7m6/WlqZodSnyL Yz7qf/1WjtI5p7c4F4dm4mMDBYoUH5StSjt9x/BLMtlPChVkqiWt8nps38y33FUM 15FOBEZe/hRsEaBZShsZC0QzdDG4vU3NRth2+tGshoy/ZCvLni8TbKYD8DFtrhba 47FBprfnq95q3t2Pce3G2gr7f+56VSNkkmwduPE6i8DBN80vnpY0Mkc70Xa58UIb tF8JrLnxCttOFEhK1HP/B4VAEMHnk+6+N3aZ9sGbN7IlwOV7fJM+XZ9rIbX9hpAb rmLyTvtbPGvkWB6RWcNto3SBzy+3gc1k3uS2LMUnEPE/KoAm9uQBOTBtzUAvOCcz F0/F2bTa5b/5Surv77qzMZSYjwKxaq+NbXWLoeFyJOc/fdYr3D0vZWWD0tapbU2+ pwcrWtQDVuP3YKR7TfMlwl31nI3u1KYBzH60rHKFQluXLZtjptmdJ9XCKBCZg1ZL DXo3GUwVIq083gD9gXepiLziGyjpFrlU+4Bba97iWJWKqBVZsefz/ve60ehRgcST CjDeMBEV+2RTX5OEhnP6U0rGaZmMM7IFSjifZdWe+fbr6/IdjtU= =3VtC -END PGP SIGNATURE- Andreas Schneider (8): gitlab-ci: Fix indentation found by yamllint gitlab-ci: Change the obj-dir so it doesn't create problems gitlab-ci: Introduce test stages Drop support for Python 2 cmake: Drop FindCMocka.cmake Module cmake: Fix cmocka >= 1.1.6 find_package() in CONFIG mode cmake: Remove -Werror=declaration-after-statement Bump version to 1.1.5 --- -- pam wrapper repository
[SCM] pam wrapper repository - branch master updated
The branch, master has been updated
via b223df9 Bump version to 1.1.5
from 39d9af8 cmake: Remove -Werror=declaration-after-statement
https://git.samba.org/?p=pam_wrapper.git;a=shortlog;h=master
- Log -
commit b223df9f35e750811f812c8cfb85bc81c196102e
Author: Andreas Schneider
Date: Mon Jul 17 14:50:14 2023 +0200
Bump version to 1.1.5
Signed-off-by: Andreas Schneider
Reviewed-by: Stefan Metzmacher
---
Summary of changes:
CHANGELOG | 4
CMakeLists.txt | 4 ++--
2 files changed, 6 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/CHANGELOG b/CHANGELOG
index 608f45b..5e2da7c 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,10 @@
ChangeLog
==
+version 1.1.5 (released 2023-08-08)
+ * Fixed building with Python 3.12
+ * Removed Python 2 support
+
version 1.1.4 (released 2020-10-28)
* NOTE: pam_wrapper stopped working with the latest OpenPAM on FreeBSD 12.
Help is needed to add back support.
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 37dff75..7b01937 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -11,7 +11,7 @@ list(APPEND CMAKE_MODULE_PATH
"${CMAKE_CURRENT_SOURCE_DIR}/cmake/Modules")
include(DefineCMakeDefaults)
include(DefineCompilerFlags)
-project(pam_wrapper VERSION 1.1.4 LANGUAGES C)
+project(pam_wrapper VERSION 1.1.5 LANGUAGES C)
# global needed variables
set(APPLICATION_NAME ${PROJECT_NAME})
@@ -25,7 +25,7 @@ set(APPLICATION_NAME ${PROJECT_NAME})
# Increment PATCH.
set(LIBRARY_VERSION_MAJOR 0)
set(LIBRARY_VERSION_MINOR 0)
-set(LIBRARY_VERSION_PATCH 7)
+set(LIBRARY_VERSION_PATCH 8)
set(LIBRARY_VERSION
"${LIBRARY_VERSION_MAJOR}.${LIBRARY_VERSION_MINOR}.${LIBRARY_VERSION_PATCH}")
set(LIBRARY_SOVERSION ${LIBRARY_VERSION_MAJOR})
--
pam wrapper repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 9ec22e68024 dcerpc.idl: fix definitions for DCERPC_PKT_CO_CANCEL
and DCERPC_PKT_ORPHANED payload
via 5c724a3e156 librpc/rpc: let dcerpc_read_ncacn_packet_next_vector()
handle fragments without any payload
via c37adb76264 s4:torture/ndr: add tests for DCERPC_PKT_CO_CANCEL and
DCERPC_PKT_ORPHANED
from 269738d6ce4 lib/replace: fix strlcat/strlcpy compile for Honggfuzz
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 9ec22e680249cfde06fb1a0a34fcc94d1f47002d
Author: Stefan Metzmacher
Date: Fri Aug 4 14:03:43 2023 +0200
dcerpc.idl: fix definitions for DCERPC_PKT_CO_CANCEL and
DCERPC_PKT_ORPHANED payload
It seems commit 259129e8f4bc8cacd1850eba3f6551134835d079 was partly just
fantasy...
Windows clients just use 16 bytes for DCERPC_PKT_CO_CANCEL and
DCERPC_PKT_ORPHANED pdus.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15446
Signed-off-by: Stefan Metzmacher
Reviewed-by: Volker Lendecke
Autobuild-User(master): Volker Lendecke
Autobuild-Date(master): Tue Aug 8 08:57:46 UTC 2023 on atb-devel-224
commit 5c724a3e156ae734e4d187bf9639d895bb011834
Author: Stefan Metzmacher
Date: Mon Aug 7 16:16:27 2023 +0200
librpc/rpc: let dcerpc_read_ncacn_packet_next_vector() handle fragments
without any payload
DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED don't have any payload by
default. In order to receive them via dcerpc_read_ncacn_packet_send/recv
we need to allow fragments with frag_len == DCERPC_NCACN_PAYLOAD_OFFSET.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15446
Signed-off-by: Stefan Metzmacher
Reviewed-by: Volker Lendecke
commit c37adb762640b7df9731d6a60edce808aa8787f8
Author: Stefan Metzmacher
Date: Fri Aug 4 13:57:12 2023 +0200
s4:torture/ndr: add tests for DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED
The PDUs were generated by Windows clients.
And we fail to parse them currently.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15446
Signed-off-by: Stefan Metzmacher
Reviewed-by: Volker Lendecke
---
Summary of changes:
librpc/idl/dcerpc.idl | 2 -
librpc/rpc/dcerpc_util.c | 9 ++-
source4/torture/ndr/dcerpc.c | 148 ++
source4/torture/ndr/ndr.c | 1 +
source4/torture/wscript_build | 1 +
5 files changed, 157 insertions(+), 4 deletions(-)
create mode 100644 source4/torture/ndr/dcerpc.c
Changeset truncated at 500 lines:
diff --git a/librpc/idl/dcerpc.idl b/librpc/idl/dcerpc.idl
index bbb17f0b8c4..1850526042c 100644
--- a/librpc/idl/dcerpc.idl
+++ b/librpc/idl/dcerpc.idl
@@ -276,12 +276,10 @@ interface dcerpc
} dcerpc_auth3;
typedef [public] struct {
- [value(0)]uint32_pad;
[flag(NDR_REMAINING)] DATA_BLOB auth_info;
} dcerpc_orphaned;
typedef [public] struct {
- [value(0)]uint32_pad;
[flag(NDR_REMAINING)] DATA_BLOB auth_info;
} dcerpc_co_cancel;
diff --git a/librpc/rpc/dcerpc_util.c b/librpc/rpc/dcerpc_util.c
index 0ecb2bff1fa..a3a734b0c09 100644
--- a/librpc/rpc/dcerpc_util.c
+++ b/librpc/rpc/dcerpc_util.c
@@ -565,9 +565,14 @@ static int dcerpc_read_ncacn_packet_next_vector(struct
tstream_context *stream,
ofs = state->buffer.length;
- if (frag_len < ofs) {
+ if (frag_len <= ofs) {
/*
-* something is wrong, let the caller deal with it
+* With frag_len == ofs, we are done, this is likely
+* a DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED
+* without any payload.
+*
+* Otherwise it's a broken packet and we
+* let the caller deal with it.
*/
*_vector = NULL;
*_count = 0;
diff --git a/source4/torture/ndr/dcerpc.c b/source4/torture/ndr/dcerpc.c
new file mode 100644
index 000..459817d4951
--- /dev/null
+++ b/source4/torture/ndr/dcerpc.c
@@ -0,0 +1,148 @@
+/*
+ Unix SMB/CIFS implementation.
+ test suite for dcerpc ndr operations
+
+ Copyright (C) Stefan Metzmacher 2023
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A
[SCM] UID Wrapper Repository - branch master updated
The branch, master has been updated
via c8bf3ae tests: Fix fake socket_wrapper_syscall_valid()
from 850f24c cmake: Fix cmocka >= 1.1.6 find_package() in CONFIG mode
https://git.samba.org/?p=uid_wrapper.git;a=shortlog;h=master
- Log -
commit c8bf3ae675b47726d65e83e3abf62cafa93b12e6
Author: Andreas Schneider
Date: Mon Aug 7 14:22:54 2023 +0200
tests: Fix fake socket_wrapper_syscall_valid()
We want to return errno = ENOSYS in socket_wrapper_syscall_va(). However if
we
do not handle __FAKE_SOCKET_WRAPPER_SYSCALL_NO+1 then we will call
libc_syscall() for __FAKE_SOCKET_WRAPPER_SYSCALL_NO+1.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15445
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15448
Signed-off-by: Andreas Schneider
Reviewed-by: Stefan Metzmacher
---
Summary of changes:
tests/uwrap_fake_socket_wrapper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Changeset truncated at 500 lines:
diff --git a/tests/uwrap_fake_socket_wrapper.c
b/tests/uwrap_fake_socket_wrapper.c
index 657873a..0472b45 100644
--- a/tests/uwrap_fake_socket_wrapper.c
+++ b/tests/uwrap_fake_socket_wrapper.c
@@ -23,7 +23,7 @@
/* simulate socket_wrapper hooks */
bool socket_wrapper_syscall_valid(long int sysno)
{
- if (sysno == __FAKE_SOCKET_WRAPPER_SYSCALL_NO) {
+ if (sysno >= __FAKE_SOCKET_WRAPPER_SYSCALL_NO) {
return true;
}
--
UID Wrapper Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 40f156b NEWS[4.19.0rc2]: Samba 4.19.0rc2 Available for Download from 855f970 security: fix security table https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 40f156b1fd21748c03323ab6f35e00fa7c103a81 Author: Jule Anger Date: Tue Aug 8 09:17:01 2023 +0200 NEWS[4.19.0rc2]: Samba 4.19.0rc2 Available for Download Signed-off-by: Jule Anger --- Summary of changes: posted_news/20230808-071952.4.19.0rc2.body.html | 12 posted_news/20230808-071952.4.19.0rc2.headline.html | 3 +++ 2 files changed, 15 insertions(+) create mode 100644 posted_news/20230808-071952.4.19.0rc2.body.html create mode 100644 posted_news/20230808-071952.4.19.0rc2.headline.html Changeset truncated at 500 lines: diff --git a/posted_news/20230808-071952.4.19.0rc2.body.html b/posted_news/20230808-071952.4.19.0rc2.body.html new file mode 100644 index 000..0b8e658 --- /dev/null +++ b/posted_news/20230808-071952.4.19.0rc2.body.html @@ -0,0 +1,12 @@ + +08 August 2023 +Samba 4.19.0rc2 Available for Download + +This is the second release candidate of the upcoming Samba 4.19 release series. + + +The uncompressed tarball has been signed using GnuPG (ID AA99442FB680B620). +The source code can be https://download.samba.org/pub/samba/rc/samba-4.19.0rc2.tar.gz;>downloaded now. +See https://download.samba.org/pub/samba/rc/samba-4.19.0rc2.WHATSNEW.txt;>the release notes for more info. + + diff --git a/posted_news/20230808-071952.4.19.0rc2.headline.html b/posted_news/20230808-071952.4.19.0rc2.headline.html new file mode 100644 index 000..2118307 --- /dev/null +++ b/posted_news/20230808-071952.4.19.0rc2.headline.html @@ -0,0 +1,3 @@ + + 08 August 2023 Samba 4.19.0rc2 Available for Download + -- Samba Website Repository
[SCM] Samba Shared Repository - branch v4-19-stable updated
The branch, v4-19-stable has been updated via e7330e360e1 VERSION: Disable GIT_SNAPSHOT for the 4.19.0rc2 release. via 19e9735c072 WHATSNEW: Add release notes for Samba 4.19.0rc2. via 9a87e2061dc third_party/heimdal: Import lorikeet-heimdal-202308030152 (commit 2a036a6fd80833799316b8a85623cdea3a1135df) via 1231268c219 s3/modules: Fix DFS links when widelinks = yes via 368b3e6102b s3/modules: Add flag indicating if connected share is a dfs share via ece48278912 sefltest: Add new regression test dfs with widelinks = yes via d59392056e7 selftest: Add new dfs share (with widelinks enabled) via e7f91e1d22b vfs_aio_pthread: fix segfault if samba-tool ntacl get via 68db9b7390b dsdb: Use samdb_system_container_dn() in pdb_samba_dsdb_*() via bffe1f5720e dsdb: Use samdb_system_container_dn() in dsdb_trust_*() via 4cd7ead4e6b s4-rpc_server/backupkey: Use samdb_system_container_dn() in get_lsa_secret() via 4f1156f138d s4-rpc_server/backupkey: Use samdb_system_container_dn() in set_lsa_secret() via 2f1502a70d8 s4-rpc_server/netlogon: Use samdb_system_container_dn() in fill_trusted_domains_array() via 9cb4754d0c4 s4-rpc_server/lsa: Use samdb_system_container_dn() in dcesrv_lsa_get_policy_state() via 66605c7c765 dsdb: Use samdb_get_system_container_dn() to get Password Settings Container via 3493671ce74 dsdb: Use samdb_system_container_dn() in samldb.c via 37094ba8e53 dsdb: Add new function samdb_system_container_dn() via e5ea3562b39 Bug #9959: Don't search for CN=System via b4f10979d86 For Bug #9959: local talloc frame for next commit via 3bab56a7db6 VERSION: Bump version up to Samba 4.19.0rc2... from 4f12024cafa VERSION: Disable GIT_SNAPSHOT for the Samba 4.19.0rc1 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-19-stable - Log - --- Summary of changes: VERSION| 2 +- WHATSNEW.txt | 23 - selftest/target/Samba3.pm | 5 ++ source3/modules/vfs_aio_pthread.c | 3 +- source3/modules/vfs_widelinks.c| 30 ++-- source3/passdb/pdb_samba_dsdb.c| 12 +++-- source3/script/tests/test_bug15435_widelink_dfs.sh | 28 +++ source3/selftest/tests.py | 10 source4/dsdb/common/util.c | 19 source4/dsdb/common/util_trusts.c | 21 ++--- source4/dsdb/samdb/ldb_modules/operational.c | 22 + source4/dsdb/samdb/ldb_modules/samldb.c| 7 +-- source4/rpc_server/backupkey/dcesrv_backupkey.c| 54 +- source4/rpc_server/lsa/lsa_init.c | 7 ++- source4/rpc_server/netlogon/dcerpc_netlogon.c | 8 ++-- third_party/heimdal/kdc/pkinit.c | 4 +- 16 files changed, 168 insertions(+), 87 deletions(-) create mode 100755 source3/script/tests/test_bug15435_widelink_dfs.sh Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 285ff9b821a..3aded533ec5 100644 --- a/VERSION +++ b/VERSION @@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=1 +SAMBA_VERSION_RC_RELEASE=2 # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 44e7edc2263..59a6dcc41a9 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,7 +1,7 @@ Release Announcements = -This is the first release candidate of Samba 4.19. This is *not* +This is the second release candidate of Samba 4.19. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. @@ -235,6 +235,27 @@ smb.conf changes directory name cache size Removed +CHANGES SINCE 4.19.0rc1 +=== + +o Andrew Bartlett + * BUG 9959: Windows client join fails if a second container CN=System exists +somewhere. + +o Noel Power + * BUG 15435: regression DFS not working with widelinks = true. + +o Arvid Requate + * BUG 9959: Windows client join fails if a second container CN=System exists +somewhere. + +o Joseph Sutton + * BUG 15443: Heimdal fails to build on 32-bit FreeBSD. + +o Jones Syue + * BUG 15441: samba-tool ntacl get segfault if aio_pthread appended. + + KNOWN ISSUES diff --git a/selftest/target/Samba3.pm
[SCM] Samba Shared Repository - annotated tag samba-4.19.0rc2 created
The annotated tag, samba-4.19.0rc2 has been created at dbb68c14a5c4ed1ca889227f8582746d97b814ef (tag) tagging e7330e360e15e8ebdbf5cdee2cfb7c0ce476a9cc (commit) replaces samba-4.19.0rc1 tagged by Jule Anger on Tue Aug 8 09:16:33 2023 +0200 - Log - samba: tag release samba-4.19.0rc2 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmTR69IACgkQqplEL7aA tiD/zA//ekTiLD7v455dARkcIkdGHL9KgAN9tWUgJXKXGVCeSbMaJ5FSGig1PvTK lkD2+E6vWTQ90uGdcYsW8kljHZfbQJIhOymClaMCgz+dxOsPGsfqbN6GqOYJiIWC dsEYdlyZ4v96snlJ0vCh4XmzdT8+42lczbc5myk5KL9cNTSwPY+JTiIm2fbIxJA0 FyMFTqjNTbVeN0G8n0ZcZzkcY3ZdYQIzUUg/Qrmk7rmSQkbGYf6FQcB65/gvTDKQ yC2hOZ4om6ArJFcAy7rCw6H/BVxBKUFm3SzOyFl5BgHRg6FyvFTHvKRU4EB6FlzV EthXzKuJHTnhKRC2xQgsA3s7tCxkBiJYSDIS3djO518d75xIXn+xPheZt7rd0kRg 3YbbWEEzFwxq/f7SxIVaKlO8JLxdWOqHvF5IEgB0CWx8+DB9Ddc0zODQWUl6n3xj 6HSmX98Z34sCeCMnj5gKarOLBugWRZXnJREZbXtl4cPCu88LVCLUWy1O0VO5LLTR iw74yZIavKcOjmd0dPbyJi5fBvOIOM7jfg0vOv5FZ2iaaV2BA4xmmYQ3xPkqSfCd Yk6j9I8Ca4Q2zghTWHlpcoTb0oviK41/9xmH9STMey/bmQbCwcQxV6IMwXunu8pA ZGJG4PT/lNOj4Dw1W8+JyLGWeXZEo5lASJP+XcCjQF7mhRwy04s= =vtEP -END PGP SIGNATURE- Andrew Bartlett (9): dsdb: Add new function samdb_system_container_dn() dsdb: Use samdb_system_container_dn() in samldb.c dsdb: Use samdb_get_system_container_dn() to get Password Settings Container s4-rpc_server/lsa: Use samdb_system_container_dn() in dcesrv_lsa_get_policy_state() s4-rpc_server/netlogon: Use samdb_system_container_dn() in fill_trusted_domains_array() s4-rpc_server/backupkey: Use samdb_system_container_dn() in set_lsa_secret() s4-rpc_server/backupkey: Use samdb_system_container_dn() in get_lsa_secret() dsdb: Use samdb_system_container_dn() in dsdb_trust_*() dsdb: Use samdb_system_container_dn() in pdb_samba_dsdb_*() Arvid Requate (2): For Bug #9959: local talloc frame for next commit Bug #9959: Don't search for CN=System Jones Syue (1): vfs_aio_pthread: fix segfault if samba-tool ntacl get Joseph Sutton (1): third_party/heimdal: Import lorikeet-heimdal-202308030152 (commit 2a036a6fd80833799316b8a85623cdea3a1135df) Jule Anger (3): VERSION: Bump version up to Samba 4.19.0rc2... WHATSNEW: Add release notes for Samba 4.19.0rc2. VERSION: Disable GIT_SNAPSHOT for the 4.19.0rc2 release. Noel Power (4): selftest: Add new dfs share (with widelinks enabled) sefltest: Add new regression test dfs with widelinks = yes s3/modules: Add flag indicating if connected share is a dfs share s3/modules: Fix DFS links when widelinks = yes --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-19-test updated
The branch, v4-19-test has been updated via 4f52e4468d1 VERSION: Bump version up to Samba 4.19.0rc3... via e7330e360e1 VERSION: Disable GIT_SNAPSHOT for the 4.19.0rc2 release. via 19e9735c072 WHATSNEW: Add release notes for Samba 4.19.0rc2. from 9a87e2061dc third_party/heimdal: Import lorikeet-heimdal-202308030152 (commit 2a036a6fd80833799316b8a85623cdea3a1135df) https://git.samba.org/?p=samba.git;a=shortlog;h=v4-19-test - Log - commit 4f52e4468d1628774e6cff5358603401b60b82fa Author: Jule Anger Date: Tue Aug 8 09:13:27 2023 +0200 VERSION: Bump version up to Samba 4.19.0rc3... and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger commit e7330e360e15e8ebdbf5cdee2cfb7c0ce476a9cc Author: Jule Anger Date: Tue Aug 8 09:12:57 2023 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.19.0rc2 release. Signed-off-by: Jule Anger commit 19e9735c072572c1692df0b0c638c27221d109ea Author: Jule Anger Date: Tue Aug 8 09:11:57 2023 +0200 WHATSNEW: Add release notes for Samba 4.19.0rc2. Signed-off-by: Jule Anger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 23 ++- 2 files changed, 23 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 29157444b35..02de2837bdc 100644 --- a/VERSION +++ b/VERSION @@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=2 +SAMBA_VERSION_RC_RELEASE=3 # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 44e7edc2263..59a6dcc41a9 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,7 +1,7 @@ Release Announcements = -This is the first release candidate of Samba 4.19. This is *not* +This is the second release candidate of Samba 4.19. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. @@ -235,6 +235,27 @@ smb.conf changes directory name cache size Removed +CHANGES SINCE 4.19.0rc1 +=== + +o Andrew Bartlett + * BUG 9959: Windows client join fails if a second container CN=System exists +somewhere. + +o Noel Power + * BUG 15435: regression DFS not working with widelinks = true. + +o Arvid Requate + * BUG 9959: Windows client join fails if a second container CN=System exists +somewhere. + +o Joseph Sutton + * BUG 15443: Heimdal fails to build on 32-bit FreeBSD. + +o Jones Syue + * BUG 15441: samba-tool ntacl get segfault if aio_pthread appended. + + KNOWN ISSUES -- Samba Shared Repository
