summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* CVE-2020-10700: ldb: Bump version up to 2.0.10.ldb-2.0.10Karolin Seeger2020-04-213-1/+286
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14331 Signed-off-by: Karolin Seeger <kseeger@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* CVE-2020-10700: dsdb: Do not permit the ASQ control for the GUID search in ↵Andrew Bartlett2020-04-212-6/+13
| | | | | | | | | | | | | | | paged_results ASQ is a very strange control and a BASE search can return multiple results that are NOT the requested DN, but the DNs pointed to by it! Thanks to Andrei Popa <andrei.popa@next-gen.ro> for finding, reporting and working with us to diagnose this issue! BUG: https://bugzilla.samba.org/show_bug.cgi?id=14331 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* CVE-2020-10700: ldb: Always use ldb_next_request() in ASQ moduleAndrew Bartlett2020-04-211-9/+3
| | | | | | | | | | | | | | | We want to keep going down the module stack, and not start from the top again. ASQ is above the ACL modules, but below paged_results and we do not wish to re-trigger that work. Thanks to Andrei Popa <andrei.popa@next-gen.ro> for finding, reporting and working with us to diagnose this issue! BUG: https://bugzilla.samba.org/show_bug.cgi?id=14331 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* CVE-2020-10700: dsdb: Add test for ASQ and ASQ in combination with paged_resultsAndrew Bartlett2020-04-213-0/+173
| | | | | | | | | | Thanks to Andrei Popa <andrei.popa@next-gen.ro> for finding, reporting and working with us to diagnose this issue! BUG: https://bugzilla.samba.org/show_bug.cgi?id=14331 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* VERSION: Bump version up to 4.11.8...Karolin Seeger2020-04-211-2/+2
| | | | | | | and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger <kseeger@samba.org> (cherry picked from commit 46e19f9f40258855d84e747bcb02019262e72057)
* VERSION: Disable GIT_SNAPSHOT for the 4.11.7 release.samba-4.11.7Karolin Seeger2020-03-101-1/+1
| | | | Signed-off-by: Karolin Seeger <kseeger@samba.org>
* WHATSNEW: Add release notes for Samba 4.11.7.Karolin Seeger2020-03-101-2/+66
| | | | Signed-off-by: Karolin Seeger <kseeger@samba.org>
* selftest: Test behaviour of DNS scavenge with an existing dNSTombstoned valueAndrew Bartlett2020-02-261-0/+39
| | | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14258 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Feb 6 16:24:25 UTC 2020 on sn-devel-184 (cherry picked from commit c8e3c78d4f2a6f3e122fe458aa6835772290a700) Autobuild-User(v4-11-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-11-test): Wed Feb 26 13:53:10 UTC 2020 on sn-devel-184
* dsdb: Correctly handle memory in objectclass_attrsAndrew Bartlett2020-02-261-1/+16
| | | | | | | | | | | | | | | el->values is caller-provided memory that should be thought of as constant, it should not be assumed to be a talloc context. Otherwise, if the caller gives constant memory or a stack pointer we will get an abort() in talloc when it expects a talloc magic in the memory preceeding the el->values. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14258 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 3657bbc21182d764ddfcd603025f24ec240fd263)
* ldb: version 2.0.9ldb-2.0.9Andrew Bartlett2020-02-263-1/+286
| | | | | | | | | | * Bug 14270: Samba 4.11 and later give incorrect results for SCOPE_ONE searches Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(v4-11-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-11-test): Wed Feb 26 10:08:45 UTC 2020 on sn-devel-184
* ldb: Add tests aimed at the SCOPE_ONELEVEL bug in particularAndrew Bartlett2020-02-261-0/+8
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14270 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 0b8ab0200805127e36eeb2affe561f3aee59604a)
* ldb: Fix search with scope ONE and small result setsAndrew Bartlett2020-02-261-9/+12
| | | | | | | | | | | | | | | | | | | | This changes the LDB behaviour in the combination of a SCOPE_ONE search and an index returning less than 10 results. After b6b5b5fe355fee2a4096e9214831cb88c7a2a4c6 the list->strict flag became set to false in all cases, rather than being left to the value set by the caller. This changes the ldb_kv_index_dn_one() code to force strict mode on success instead. Thanks to Marcus Granér, ICEYE Oy for reporting. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14270 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 3c7261c43da491b57f50e0e64d7050d85c6b973e)
* ldb: Ensure @IDXONE modes is tested in ldb.python (apy.py) testsAndrew Bartlett2020-02-261-1/+68
| | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit ec34a7095705592279647c5046a000e0bf052d1a)
* ldb: Add tests aimed at the SCOPE_ONELEVEL particularAndrew Bartlett2020-02-261-0/+171
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14270 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 167676973b7f1db563da04d54e8ce5668034081c)
* ldb: Add tests for one-level indexes in conjunction with other indexesAndrew Bartlett2020-02-261-0/+251
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14270 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 17bd63dbea7f6e6358f81f0ac5b9392b2321bb32)
* smbd: Separate aio_pthread indicator from normal EINTRVolker Lendecke2020-02-253-13/+28
| | | | | | | | | | | | | | | | | | | | | | | According to Posix and the Linux open(2) manpage, the open-syscall can return EINTR. If that happens, core smbd saw this as an indication that aio_pthread's open function was doing its job. With a real EINTR without aio_pthread this meant we ended up in a server_exit after 20 seconds, because there was nobody to do the retry. EINTR is mapped to NT_STATUS_RETRY. Handle this by just retrying after a second. Bug: https://bugzilla.samba.org/show_bug.cgi?id=14285 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Feb 20 22:14:25 UTC 2020 on sn-devel-184 (cherry picked from commit aebe427b77b5315eb5d2b05b8c72824ca0389723) Autobuild-User(v4-11-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-11-test): Tue Feb 25 22:24:54 UTC 2020 on sn-devel-184
* lib: Map EINPROGRESS->NT_STATUS_MORE_PROCESSING_REQUIREDVolker Lendecke2020-02-251-0/+1
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=14285 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 4a943d842a51674425f0c4019f823ef0a9d09f49)
* test: Show that smbd does not handle EINTR from open() correctlyVolker Lendecke2020-02-253-0/+76
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=14285 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 7bbba73b30f06304e9a2ad48e853d9ec8171dd30)
* test: Intercept open in vfs_error_injectVolker Lendecke2020-02-251-0/+17
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=14285 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 305204a241b74c599f4f6a064cac6608afd9c893)
* wafsamba: Do not use 'rU' as the 'U' is deprecated in Python 3.9Andreas Schneider2020-02-251-1/+1
| | | | | | | | | | | | | | | | | | | | See https://docs.python.org/3.9/whatsnew/3.9.html#changes-in-the-python-api "open(), io.open(), codecs.open() and fileinput.FileInput no longer accept 'U' (“universal newline”) in the file mode. This flag was deprecated since Python 3.3. In Python 3, the “universal newline” is used by default when a file is open in text mode. The newline parameter of open() controls how universal newlines works." BUG: https://bugzilla.samba.org/show_bug.cgi?id=14266 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Feb 6 07:30:13 UTC 2020 on sn-devel-184 (cherry picked from commit 52722746a5eb40c309ba59f78bd8e3d897417bdc)
* s3: VFS: full_audit. Use system session_info if called from a temporary ↵Jeremy Allison2020-02-211-4/+16
| | | | | | | | | | | share definition. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14283 Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User(v4-11-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-11-test): Fri Feb 21 09:20:14 UTC 2020 on sn-devel-184
* auth: Fix CID 1458418 Null pointer dereferences (REVERSE_INULL)Volker Lendecke2020-02-191-1/+2
| | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit ef0350221e194a3dd3350eab02b38baeb32d8fd3) Autobuild-User(v4-11-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-11-test): Wed Feb 19 06:19:13 UTC 2020 on sn-devel-184
* auth: Fix CID 1458420 Null pointer dereferences (REVERSE_INULL)Volker Lendecke2020-02-191-1/+2
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 503fc8f2ba662ecbec0788bd1710440464dc5cfd)
* ctdb-tcp: Make error handling for outbound connection consistentMartin Schwenke2020-02-171-19/+17
| | | | | | | | | | | | | | | | | | | | | | | | | If we can't bind the local end of an outgoing connection then something has gone wrong. Retrying is better than failing into a zombie state. The interface might come back up and/or the address my be reconfigured. While here, do the same thing for the other (potentially transient) failures. The unknown address family failure is special but just handle it via a retry. Technically it can't happen because the node address parsing can only return values with address family AF_INET or AF_INET6. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14274 RN: Retry inter-node TCP connections on more transient failures Reported-by: 耿纪超 <gengjichao@jd.com> Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com> (cherry picked from commit a40fc709cc972dadb40efbf1394b10fae3cfcc07) Autobuild-User(v4-11-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-11-test): Mon Feb 17 13:13:01 UTC 2020 on sn-devel-184
* winbindd: handling missing idmap in getgrgid()Stefan Metzmacher2020-02-111-0/+4
| | | | | | | | | | | | | | | | | | | | A similar hunk was added via commit 89f753c1fc824fef29aebb7d783ab7e09cd1f04e ("winbind: Use xids2sids in getpwuid"), but it was missing in commit e2dda192e7f8b65a5f02120be56cf0f07d03679f ("winbind: Use xids2sids in getgrgid") BUG: https://bugzilla.samba.org/show_bug.cgi?id=14265 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Feb 5 17:56:58 UTC 2020 on sn-devel-184 (cherry picked from commit 4d0bda9467ac3f45f85f48a281cdb173ce1064eb) Autobuild-User(v4-11-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-11-test): Tue Feb 11 13:08:14 UTC 2020 on sn-devel-184
* s3:auth_sam: map an empty domain or '.' to the local SAM nameStefan Metzmacher2020-02-113-3/+41
| | | | | | | | | | | | | | | When a domain member gets an empty domain name or '.', it should not forward the authentication to domain controllers of the primary domain. But we need to keep passing UPN account names with an empty domain to the DCs as a domain member. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 590df382bea44eec2dbfd2a28c659b0a29188bca)
* s3:selftest: test authentication with an empty userdomain and upn namesStefan Metzmacher2020-02-112-0/+15
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit a9eeea6ef78cc44c8423c7125fa1376921060018)
* s3:auth_sam: introduce effective_domain helper variablesStefan Metzmacher2020-02-111-7/+9
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit a63e2a312c761093fedb09bd234b6736485a930a)
* s3:auth_sam: make sure we never handle empty usernamesStefan Metzmacher2020-02-111-0/+18
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 01b8374e7942141e7f6cbdec7623c981a008e4c1)
* s3:auth_sam: unify the debug messages of all auth_sam*_auth() functionsStefan Metzmacher2020-02-111-1/+8
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 72ef8d3a52c1ab07c079a4c014ba8ac7bff528f7)
* s3:auth_sam: replace confusing FALL_THROUGH; with break;Stefan Metzmacher2020-02-111-2/+2
| | | | | | | | | | | There's no real logic change here, but is makes it easier to understand. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 85b168c6dac88f5065c0ec6e925937439f2c12ed)
* script/release.sh: Don't use quotations any longer.Karolin Seeger2020-02-041-26/+0
| | | | | | | | | | | | | Signed-off-by: Karolin Seeger <kseeger@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Karolin Seeger <kseeger@samba.org> Autobuild-Date(master): Mon Feb 3 12:45:39 UTC 2020 on sn-devel-184 (cherry picked from commit f699df32cdbae4fbc585c259828029c74163323b) Autobuild-User(v4-11-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-11-test): Tue Feb 4 11:53:54 UTC 2020 on sn-devel-184
* s4:torture: Skip the deltest20 as user rootAndreas Schneider2020-01-311-0/+4
| | | | | | | | | | | | | | | | | The test is meant to be run as a user and not root. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14257 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Jan 30 16:54:33 UTC 2020 on sn-devel-184 (cherry picked from commit 677bc1b18420e717154dc73f632044239ac3ff9e) Autobuild-User(v4-11-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-11-test): Fri Jan 31 12:31:10 UTC 2020 on sn-devel-184
* lib:util: Log mkdir error on correct debug levelsAndreas Schneider2020-01-311-2/+5
| | | | | | | | | | | | | | | | | For smbd we want an error and for smbclient we only want it in NOTICE debug level. The default log level of smbclient is log level 1 so we need notice to not spam the user. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14253 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Mon Jan 27 15:55:24 UTC 2020 on sn-devel-184 (cherry picked from commit 0ad6a243b259d284064c0c5abcc7d430d55be7e1)
* s3: lib: nmblib. Clean up and harden nmb packet processing.Jeremy Allison2020-01-311-4/+8
| | | | | | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14239 OSS-FUZZ: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20156 OSS-FUZZ: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20157 Credit to oss-fuzz. No security implications. Signed-off-by: Jeremy Allison <jra@samba.org> Pair programmed with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Jan 21 23:33:41 UTC 2020 on sn-devel-184 (cherry picked from commit ad236bb7590e423b4c69fe6028f2f3495977f48b)
* VERSION: Bump version up to 4.11.7...Karolin Seeger2020-01-281-2/+2
| | | | | | and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger <kseeger@samba.org>
* VERSION: Disable GIT_SNAPSHOT for the 4.11.6 release.samba-4.11.6Karolin Seeger2020-01-281-1/+1
| | | | Signed-off-by: Karolin Seeger <kseeger@samba.org>
* WHATSNEW: Add release notes for Samba 4.11.6.Karolin Seeger2020-01-281-2/+74
| | | | Signed-off-by: Karolin Seeger <kseeger@samba.org>
* smbd: Fix the build with clangVolker Lendecke2020-01-271-1/+1
| | | | | | | | | | | | | | clang correctly complains that "close_fsp" is used uninitialized if "get_posix_fsp" fails and we end up in "goto out;". BUG: https://bugzilla.samba.org/show_bug.cgi?id=14251 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit a8a1ca3f83dce6d725392989cbc97271cbf52f4a) Autobuild-User(v4-11-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-11-test): Mon Jan 27 10:53:50 UTC 2020 on sn-devel-184
* script/release.sh: make it possible to run from a git worktreeStefan Metzmacher2020-01-211-2/+9
| | | | | | | | | | .git is a regular file in that case. Also check that script/release.sh is present as a relative path to ensure we're called from the expected location. Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 648f94d2031c6e758bdf54089d1e710c265ca732)
* VERSION: Bump version up to 4.11.6.Karolin Seeger2020-01-211-1/+1
| | | | Signed-off-by: Karolin Seeger <kseeger@samba.org>
* Merge tag 'samba-4.11.5' into v4-11-testKarolin Seeger2020-01-219-171/+751
|\ | | | | | | samba: tag release samba-4.11.5
| * VERSION: Disable GIT_SNAPSHOT for the 4.11.5 release.samba-4.11.5Karolin Seeger2020-01-141-1/+1
| | | | | | | | | | | | | | | | | | | | o CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD Directory not automatic. o CVE-2019-14907: Crash after failed character conversion at log level 3 or above. o CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC. Signed-off-by: Karolin Seeger <kseeger@samba.org>
| * WHATSNEW: Add release notes for Samba 4.11.5.Karolin Seeger2020-01-141-2/+74
| | | | | | | | | | | | | | | | | | | | o CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD Directory not automatic. o CVE-2019-14907: Crash after failed character conversion at log level 3 or above. o CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC. Signed-off-by: Karolin Seeger <kseeger@samba.org>
| * CVE-2019-19344 kcc dns scavenging: Fix use after free in ↵Gary Lockyer2020-01-081-9/+42
| | | | | | | | | | | | | | | | | | | | | | | | | | | | dns_tombstone_records_zone ldb_msg_add_empty reallocates the underlying element array, leaving old_el pointing to freed memory. This patch takes two defensive copies of the ldb message, and performs the updates on them rather than the ldb messages in the result. Bug: https://bugzilla.samba.org/show_bug.cgi?id=14050 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
| * CVE-2019-14907 lib/util: Do not print the failed to convert string into the logsAndrew Bartlett2020-01-081-18/+20
| | | | | | | | | | | | | | | | | | | | The string may be in another charset, or may be sensitive and certainly may not be terminated. It is not safe to just print. Found by Robert Święcki using a fuzzer he wrote for smbd. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14208 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
| * CVE-2019-14902 dsdb: Change basis of descriptor module deferred processing ↵Andrew Bartlett2020-01-085-154/+156
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | to be GUIDs We can not process on the basis of a DN, as the DN may have changed in a rename, not only that this module can see, but also from repl_meta_data below. Therefore remove all the complex tree-based change processing, leaving only a tree-based sort of the possible objects to be changed, and a single stopped_dn variable containing the DN to stop processing below (after a no-op change). BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
| * CVE-2019-14902 repl_meta_data: Set renamed = true (and so do SD inheritance) ↵Andrew Bartlett2020-01-082-1/+13
| | | | | | | | | | | | | | | | | | | | | | after any rename Previously if there was a conflict, but the incoming object would still win, this was not marked as a rename, and so inheritence was not done. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
| * CVE-2019-14902 repl_meta_data: Fix issue where inherited Security ↵Andrew Bartlett2020-01-082-2/+21
| | | | | | | | | | | | | | | | Descriptors were not replicated. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
| * CVE-2019-14902 repl_meta_data: schedule SD propagation to a renamed DNAndrew Bartlett2020-01-081-1/+16
| | | | | | | | | | | | | | | | We need to check the SD of the parent if we rename, it is not the same as an incoming SD change. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
View Lorry Controller Status