summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* ldb: Bump version to 2.1.3ldb-2.1.3Gary Lockyer2020-05-143-1/+287
| | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14330 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
* lib ldb: lmdb init var before calling mdb_reader_checkGary Lockyer2020-05-141-1/+1
| | | | | | | | | | | | | Initilalise "stale" to zero before passing a pointer to it to mdb_reader_check. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Tue Apr 7 12:29:00 UTC 2020 on sn-devel-184 (cherry picked from commit d1f4002b914efb31aa34a59e7c93d80f3174727c)
* lib ldb: lmdb clear stale readers on write txn startGary Lockyer2020-05-142-1/+23
| | | | | | | | | | | | | | | | | | | | In use process failures and Bind9 shut downs leave stale entries in the lmdb reader table. This can result in lmdb filling it's database file, as the free list can not be reclaimed due to the stale reader. In this fix we call mdb_reader_check at the start of each transaction, to free any stale readers. As the default maximum number of readers is 127, this should not impact on performance to any great extent. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14330 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Mar 31 01:26:07 UTC 2020 on sn-devel-184 (cherry picked from commit 89041a6d18a1d091ea713e6986cac5ca66c2b481)
* ldb tests: Confirm lmdb free list handlingGary Lockyer2020-05-142-1/+663
| | | | | | | | | | | | | | | | | Add cmocka tests to confirm lmdb's handling of the free list. As a result of lmdb's MVCC (Multiversion Concurrency Control) long running read transactions or stale readers (read transactions where the process exited without ending the transaction) can cause the database to run out of space. Items in the free list are only reused when they would not be visible in a read transaction. So long running read transactions prevent entries in the free list being reused, and the database can run out of space. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit fc13304d1575ad6bc6e04cdb3eedf46d3c3678c7)
* lib:util: Fix smbclient -l basename dirAmit Kumar2020-05-142-2/+7
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14345 Pair-Programmed-With: Andreas Schneider <asn@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Amit Kumar <amitkuma@redhat.com> Reviewed-by: Alexander Bokovoy <ab@samba.org> (cherry picked from commit c83ce5f4f99aef94530411ec82cc03e9935b352d)
* Add a test for smbclient -l basenameAmit Kumar2020-05-143-0/+40
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14345 Signed-off-by: Amit Kumar <amitkuma@redhat.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> (cherry picked from commit 2a7fc40fb3f3ca994cecad3e2957433d7a411208)
* s3: pass DCE RPC handle type to create_policy_hndAlexander Bokovoy2020-05-0410-48/+108
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Various RPC services expect policy handles of a specific type. s3 RPC server did not allow to create policy handles with a specific type while actually requiring that policy handle type itself in some places. Make sure we are able to specify the policy on-wire handle type when creating the policy handle. The changes follow s4 DCE RPC server implementation. The original logic to always set on-wire handle type to 0 can be tracked down to commit fdeea341ed1bae670382e45eb731db1b5838ad21 when we didn't really know about differences in on-wire handle types. All but LSA trusted domain RPC calls do not check the on-wire handle type in s3 RPC server. Fixes trusted domain operations when Samba RPC client attempts to call s3 RPC server to perform lsa_lsaRSetForestTrustInformation in FreeIPA. This fix is a pre-requisite for FreeIPA-FreeIPA forest trust. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14359 Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Apr 28 22:55:29 UTC 2020 on sn-devel-184 (cherry picked from commit c7a4578d06427a82ead287f0c5248c1a54cc9336) Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-12-test): Mon May 4 13:06:07 UTC 2020 on sn-devel-184
* dbwrap_watch: Set rec->value_valid while returning nested share_mode_do_locked()Anoop C S2020-05-041-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As reported on samba-technical by Rouven WEILER <Rouven_Weiler@gmx.net>: https://lists.samba.org/archive/samba-technical/2020-April/135116.html Following backtrace was observed with vfs_fruit for time machine backup: [2020/04/10 08:00:38.107917, 0] ../../lib/dbwrap/dbwrap.c:82(dbwrap_record_get_value) PANIC: assert failed at ../../lib/dbwrap/dbwrap.c(82): rec->value_valid [2020/04/10 08:00:38.108499, 0] ../../source3/lib/util.c:830(smb_panic_s3) PANIC (pid 3427): assert failed: rec->value_valid [2020/04/10 08:00:38.109541, 0] ../../lib/util/fault.c:265(log_stack_trace) BACKTRACE: 37 stack frames: #0 /usr/lib/samba/amd64/libsamba-util.so.0.0.1'log_stack_trace+0x26 [0xfffffd7fee51de66] #1 /usr/lib/samba/amd64/libsmbconf.so.0'smb_panic_s3+0x26 [0xfffffd7fedf5a596] #2 /usr/lib/samba/amd64/libsamba-util.so.0.0.1'smb_panic+0x1f [0xfffffd7fee51df3f] #3 /usr/lib/samba/private/amd64/libdbwrap-samba4.so'dbwrap_record_get_value+0x2a [0xfffffd7feccb627a] #4 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'get_share_mode_lock+0x109 [0xfffffd7fee7195c9] #5 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'smbd_contend_level2_oplocks_begin+0xa1 [0xfffffd7fee7f7761] #6 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'brl_lock+0x635 [0xfffffd7fee710f45] #7 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'do_lock_fn+0xa4 [0xfffffd7fee70d534] #8 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'share_mode_do_locked_fn+0x86 [0xfffffd7fee7174b6] #9 /usr/lib/samba/amd64/libsmbconf.so.0'dbwrap_watched_do_locked_fn+0xfa [0xfffffd7fedf622ca] #10 /usr/lib/samba/private/amd64/libdbwrap-samba4.so'db_tdb_do_locked+0x12f [0xfffffd7feccb95cf] #11 /usr/lib/samba/private/amd64/libdbwrap-samba4.so'dbwrap_do_locked+0x48 [0xfffffd7feccb69a8] #12 /usr/lib/samba/amd64/libsmbconf.so.0'dbwrap_watched_do_locked+0x6f [0xfffffd7fedf60d7f] #13 /usr/lib/samba/private/amd64/libdbwrap-samba4.so'dbwrap_do_locked+0x48 [0xfffffd7feccb69a8] #14 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'share_mode_do_locked+0xd2 [0xfffffd7fee719b82] #15 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'do_lock+0xf0 [0xfffffd7fee70dfe0] #16 /usr/lib/samba/amd64/vfs/fruit.so'fruit_create_file+0x7ba [0xfffffd7fe88855aa] #17 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'smbd_smb2_request_process_create+0xa07 [0xfffffd7fee7d3237] #18 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'smbd_smb2_request_dispatch+0xc8f [0xfffffd7fee7c985f] #19 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'smbd_smb2_connection_handler+0x621 [0xfffffd7fee7ca7e1] #20 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'tevent_common_invoke_fd_handler+0x80 [0xfffffd7fecd3a580] #21 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'epoll_event_loop_once+0x22c [0xfffffd7fecd4180c] #22 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'std_event_loop_once+0x40 [0xfffffd7fecd3f8f0] #23 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'_tevent_loop_once+0x95 [0xfffffd7fecd39bd5] #24 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'tevent_common_loop_wait+0x23 [0xfffffd7fecd39e43] #25 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'std_event_loop_wait+0x40 [0xfffffd7fecd3f870] #26 /usr/lib/samba/private/amd64/libsmbd-base-samba4.so'smbd_process+0x777 [0xfffffd7fee7b8677] #27 /usr/lib/samba/sbin/amd64/smbd'smbd_accept_connection+0x189 [0x40d5b9] #28 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'tevent_common_invoke_fd_handler+0x80 [0xfffffd7fecd3a580] #29 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'epoll_event_loop_once+0x22c [0xfffffd7fecd4180c] #30 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'std_event_loop_once+0x40 [0xfffffd7fecd3f8f0] #31 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'_tevent_loop_once+0x95 [0xfffffd7fecd39bd5] #32 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'tevent_common_loop_wait+0x23 [0xfffffd7fecd39e43] #33 /usr/lib/samba/private/amd64/libtevent.so.0.10.2'std_event_loop_wait+0x40 [0xfffffd7fecd3f870] #34 /usr/lib/samba/sbin/amd64/smbd'main+0x1a0f [0x40f9ff] #35 /usr/lib/samba/sbin/amd64/smbd'_start_crt+0x83 [0x408e73] #36 /usr/lib/samba/sbin/amd64/smbd'_start+0x18 [0x408dd8] In this particular nested share_mode_do_locked() invocation, callback comes through dbwrap_watched_do_locked_fn() where it fails to update rec->value_valid which further gets assigned to static_share_mode_record within share_mode_do_locked_fn(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14352 Signed-off-by: Anoop C S <anoopcs@redhat.com> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Tue Apr 21 17:37:43 UTC 2020 on sn-devel-184 (cherry picked from commit 5651fafe9856e69c93dba3efa6253780cf3c10a1)
* libsmb: Don't try to find posix stat info in SMBC_getatr()Volker Lendecke2020-05-043-30/+0
| | | | | | | | | | | | | | | | | This wrongly used "frame" instead of "fname", which can never have worked. A first attempt to fix in 51551e0d53fa6 caused a few followup patches in an attempt to clean up the test failures 51551e0d53fa6 introduced. They were reverted after a few discussions. So rather than changing behaviour, just remove the code that introduced the valgrind error again. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Mar 20 05:06:07 UTC 2020 on sn-devel-184 (cherry picked from commit 39c910fd9cba3caf7414274b678b9eee33d7e20b)
* VERSION: Bump version up to 4.12.3.Karolin Seeger2020-04-281-1/+1
| | | | Signed-off-by: Karolin Seeger <kseeger@samba.org>
* Merge tag 'samba-4.12.2' into v4-12-testKarolin Seeger2020-04-2835-70/+1376
|\ | | | | | | samba: tag release samba-4.12.2
| * VERSION: Disable GIT_SNAPSHOT for the 4.12.2 release.samba-4.12.2Karolin Seeger2020-04-221-1/+1
| | | | | | | | | | | | | | o CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ o CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC Signed-off-by: Karolin Seeger <kseeger@samba.org>
| * WHATSNEW: Add release notes for Samba 4.12.2.Karolin Seeger2020-04-221-2/+63
| | | | | | | | Signed-off-by: Karolin Seeger <kseeger@samba.org>
| * CVE-2020-10704 libcli ldap: Check search request lengths.Gary Lockyer2020-04-223-0/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | Check the search request lengths against the limits passed to ldap_decode. Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
| * CVE-2020-10704: libcli ldap_message: Add search size limits to ldap_decodeGary Lockyer2020-04-2210-11/+80
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add search request size limits to ldap_decode calls. The ldap server uses the smb.conf variable "ldap max search request size" which defaults to 250Kb. For cldap the limit is hard coded as 4096. Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
| * CVE-2020-10704: S4 ldap server: Limit request sizesGary Lockyer2020-04-222-2/+95
| | | | | | | | | | | | | | | | | | | | | | | | | | Check the size of authenticated and anonymous ldap requests and reject them if they exceed the limits in smb.conf Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
| * CVE-2020-10704: smb.conf: Add max ldap request sizesGary Lockyer2020-04-224-0/+44
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add two new smb.conf parameters to control the maximum permitted ldap request size. Adds: ldap max anonymous request size default 250Kb ldap max authenticated request size default 16Mb Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
| * CVE-2020-10704: ldapserver tests: Limit search request sizesGary Lockyer2020-04-223-0/+240
| | | | | | | | | | | | | | | | | | | | | | | | | | Add tests to ensure that overly long (> 256000 bytes) LDAP search requests are rejected. Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
| * CVE-2020-10704: lib util asn1: Check parse tree depthGary Lockyer2020-04-222-2/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | Check the current depth of the parse tree and reject the input if the depth exceeds that passed to asn1_init Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
| * CVE-2020-10704: libcli ldap: test recursion depth in ldap_decode_filter_treeGary Lockyer2020-04-226-0/+290
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Add tests to check that ASN.1 ldap requests with deeply nested elements are rejected. Previously there was no check on the on the depth of nesting and excessive nesting could cause a stack overflow. Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
| * CVE-2020-10704: lib util asn1: Add ASN.1 max tree depthGary Lockyer2020-04-2216-45/+71
| | | | | | | | | | | | | | | | | | | | | | | | | | Add maximum parse tree depth to the call to asn1_init, which will be used to limit the depth of the ASN.1 parse tree. Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
| * CVE-2020-10700: ldb: Bump version up to 2.1.2.ldb-2.1.2Karolin Seeger2020-04-223-1/+287
| | | | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14331 Signed-off-by: Karolin Seeger <kseeger@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
| * CVE-2020-10700: dsdb: Do not permit the ASQ control for the GUID search in ↵Andrew Bartlett2020-04-222-6/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | paged_results ASQ is a very strange control and a BASE search can return multiple results that are NOT the requested DN, but the DNs pointed to by it! Thanks to Andrei Popa <andrei.popa@next-gen.ro> for finding, reporting and working with us to diagnose this issue! BUG: https://bugzilla.samba.org/show_bug.cgi?id=14331 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
| * CVE-2020-10700: ldb: Always use ldb_next_request() in ASQ moduleAndrew Bartlett2020-04-221-9/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We want to keep going down the module stack, and not start from the top again. ASQ is above the ACL modules, but below paged_results and we do not wish to re-trigger that work. Thanks to Andrei Popa <andrei.popa@next-gen.ro> for finding, reporting and working with us to diagnose this issue! BUG: https://bugzilla.samba.org/show_bug.cgi?id=14331 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
| * CVE-2020-10700: dsdb: Add test for ASQ and ASQ in combination with paged_resultsAndrew Bartlett2020-04-223-0/+173
| | | | | | | | | | | | | | | | | | | | Thanks to Andrei Popa <andrei.popa@next-gen.ro> for finding, reporting and working with us to diagnose this issue! BUG: https://bugzilla.samba.org/show_bug.cgi?id=14331 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
| * VERSION: Bump version up to 4.12.2...Karolin Seeger2020-04-221-2/+2
| | | | | | | | | | | | | | and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger <kseeger@samba.org> (cherry picked from commit a3157b958bfd9f1f77014fcfc6ca5ad1f38b0fbf)
* | ctdb: Fix a memleakVolker Lendecke2020-04-211-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=14348 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net> Autobuild-User(master): Martin Schwenke <martins@samba.org> Autobuild-Date(master): Fri Apr 17 08:32:35 UTC 2020 on sn-devel-184 (cherry picked from commit ad4b53f2d95de3d3609f3a23d96602f3dd516705) Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-12-test): Tue Apr 21 12:44:16 UTC 2020 on sn-devel-184
* | s3: VFS: Add cmocka test for vfs_full_audit to make sure all arrays are correct.Jeremy Allison2020-04-173-0/+58
| | | | | | | | | | | | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14343 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> (Back-ported from commit 5e987e2f40e7698de489696d795ebe26b7e75c9b) Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-12-test): Fri Apr 17 10:19:13 UTC 2020 on sn-devel-184
* | s3: VFS: full_audit. Add missing fcntl entry in vfs_op_names[] array.Jeremy Allison2020-04-171-0/+1
| | | | | | | | | | | | | | | | | | | | Found by yannick@in2ip.nl. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14343 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit 977d3c7bab3319725abc418839d581489fd9bbe9)
* | s3/librpc/crypto: Fix double free with unresolved credential cacheNoel Power2020-04-151-4/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We free gse_ctx->k5ctx but then free it again in the talloc dtor. This patch just lets the talloc dtor handle things and removes the extra krb5_free_context Failed to resolve credential cache 'DIR:/run/user/1000/krb5cc'! (No credentials cache found) ==30762== Invalid read of size 8 ==30762== at 0x108100F4: k5_os_free_context (in /usr/lib64/libkrb5.so.3.3) ==30762== by 0x107EA661: krb5_free_context (in /usr/lib64/libkrb5.so.3.3) ==30762== by 0x7945D2E: gse_context_destructor (gse.c:84) ==30762== by 0x645FB49: _tc_free_internal (talloc.c:1157) ==30762== by 0x645FEC5: _talloc_free_internal (talloc.c:1247) ==30762== by 0x646118D: _talloc_free (talloc.c:1789) ==30762== by 0x79462E4: gse_context_init (gse.c:241) ==30762== by 0x794636E: gse_init_client (gse.c:268) ==30762== by 0x7947602: gensec_gse_client_start (gse.c:786) ==30762== by 0xBC87A3A: gensec_start_mech (gensec_start.c:743) ==30762== by 0xBC87BC6: gensec_start_mech_by_ops (gensec_start.c:774) ==30762== by 0xBC8167F: gensec_spnego_client_negTokenInit_step (spnego.c:633) ==30762== Address 0x17259928 is 40 bytes inside a block of size 496 free'd ==30762== at 0x4C2F50B: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==30762== by 0x79462CA: gse_context_init (gse.c:238) ==30762== by 0x794636E: gse_init_client (gse.c:268) ==30762== by 0x7947602: gensec_gse_client_start (gse.c:786) ==30762== by 0xBC87A3A: gensec_start_mech (gensec_start.c:743) ==30762== by 0xBC87BC6: gensec_start_mech_by_ops (gensec_start.c:774) ==30762== by 0xBC8167F: gensec_spnego_client_negTokenInit_step (spnego.c:633) ==30762== by 0xBC813E2: gensec_spnego_client_negTokenInit_start (spnego.c:537) ==30762== by 0xBC84084: gensec_spnego_update_pre (spnego.c:1943) ==30762== by 0xBC83AE5: gensec_spnego_update_send (spnego.c:1741) ==30762== by 0xBC85622: gensec_update_send (gensec.c:449) ==30762== by 0x551BFD0: cli_session_setup_gensec_local_next (cliconnect.c:997) ==30762== Block was alloc'd at ==30762== at 0x4C306B5: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==30762== by 0x107EA7AE: krb5_init_context_profile (in /usr/lib64/libkrb5.so.3.3) ==30762== by 0xB853215: smb_krb5_init_context_common (krb5_samba.c:3597) ==30762== by 0x794615B: gse_context_init (gse.c:209) ==30762== by 0x794636E: gse_init_client (gse.c:268) ==30762== by 0x7947602: gensec_gse_client_start (gse.c:786) ==30762== by 0xBC87A3A: gensec_start_mech (gensec_start.c:743) ==30762== by 0xBC87BC6: gensec_start_mech_by_ops (gensec_start.c:774) ==30762== by 0xBC8167F: gensec_spnego_client_negTokenInit_step (spnego.c:633) ==30762== by 0xBC813E2: gensec_spnego_client_negTokenInit_start (spnego.c:537) ==30762== by 0xBC84084: gensec_spnego_update_pre (spnego.c:1943) ==30762== by 0xBC83AE5: gensec_spnego_update_send (spnego.c:1741) ==30762== BUG: https://bugzilla.samba.org/show_bug.cgi?id=14344 Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Noel Power <npower@samba.org> Autobuild-Date(master): Tue Apr 14 22:55:51 UTC 2020 on sn-devel-184 (cherry picked from commit 34f8ab774d1484b0e60dbdec8ad2a1607ad92122) Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-12-test): Wed Apr 15 13:20:28 UTC 2020 on sn-devel-184
* | mit-kdc: Explicitly reject S4U requestsIsaac Boukris2020-04-151-0/+5
| | | | | | | | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14342 Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Isaac Boukris <iboukris@samba.org> Autobuild-Date(master): Tue Mar 10 14:46:04 UTC 2020 on sn-devel-184
* | selftest: Set KRB5RCACHETYPE to none for selftestAndreas Schneider2020-04-151-0/+1
| | | | | | | | | | | | | | | | | | | | This is required that out tests work with MIT KRB5 1.18. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14342 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
* | Sign and verify PAC with ticket principal instead of canon principalIsaac Boukris2020-04-151-10/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With MIT library 1.18 the KDC no longer set KRB5_KDB_FLAG_CANONICALIZE for enterprise principals which allows us to not canonicalize them (like in Windows / Heimdal). However, it now breaks the PAC signature verification as it was wrongly done using canonical client rather than ticket client name. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14342 Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* | Fix uxsuccess test with new MIT krb5 library 1.18Isaac Boukris2020-04-154-4/+6
| | | | | | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14155 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14342 Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* | Adapt sign_authdata in our KDB module for krb5 v1.18Isaac Boukris2020-04-153-1/+49
| | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14342 Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* | testprogs: Add 'net ads join createupn' test also verifying the keytabAndreas Schneider2020-04-071-0/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14336 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Apr 6 19:09:53 UTC 2020 on sn-devel-184 (cherry picked from commit c4be195da2845be4f64e47883e3c911dedd90e48) Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-12-test): Tue Apr 7 09:36:45 UTC 2020 on sn-devel-184
* | s3:libads: Fix ads_get_upn()Andreas Schneider2020-04-071-0/+1
| | | | | | | | | | | | | | | | | | | | | | This adds the userPrincipalName to ads_find_machine_acct() which fetches the data for us. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14336 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> (cherry picked from commit ec69752cb963ae850568d3f4905d2941e485627e)
* | smbd: let delayed update handler also update on-disk timestampsRalph Boehme2020-04-072-10/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Let delayed update handler also update on-disk timestamps by calling trigger_write_time_update_immediate(). trigger_write_time_update_immediate() sets fsp->update_write_time_on_close to false which prevents updating the write-time on close if there was ever only one write to the file. Besides resetting fsp->update_write_time_on_close and setting the on-disk timestamps trigger_write_time_update_immediate() takes the same steps as the removed code. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14320 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Mar 19 03:05:40 UTC 2020 on sn-devel-184 (cherry picked from commit 81c1a14e3271aeed7ed4fe6311171b19ba963555)
* | smbd: let mark_file_modified() always call trigger_write_time_update()Ralph Boehme2020-04-071-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Preperatory change: the next commit will reset fsp->update_write_time_on_close in the event handler, so this change ensures it gets set again for any subsequent write. This will NOT always result in a write-time update because trigger_write_time_update() has its own only-once logic using the internal variable fsp->update_write_time_triggered. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14320 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 53de2da7acfc24513082190502d93306c12b7434)
* | torture/smb2: delayed timestamp updates test: more then one writeRalph Boehme2020-04-071-0/+116
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Verify a close updates the write-time for subsequent writes after an initial write started the delayed update logic. This covers a scenario that will become relevant with the two subsequent commits. The next commit: smbd: let mark_file_modified() always call trigger_write_time_update() ensures that trigger_write_time_update() is not only called for the first write on a file. Without that preaparatory change, the second commit: smbd: let delayed update handler also update on-disk timestamps alone would cause this test to fail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14320 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 60aecca9a727555847aa1412415c5bbd927df4ff)
* | torture/smb2: delayed timestamp update test: single writeRalph Boehme2020-04-072-0/+87
| | | | | | | | | | | | | | | | | | | | | | | | Verify close only updates write-time when a delayed update is actually pending. This scenario is not covered by basic.delaywrite. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14320 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 58fa7b4fd7b53d3100459a0c9c7ef4ca7481b58a)
* | smbd: remove stat call from mark_file_modified()Ralph Boehme2020-04-071-3/+0
| | | | | | | | | | | | | | | | | | | | | | | | This stat dates back to d03453864ab1bc5fd3b4a3abaf96176a006c102b where the call to trigger_write_time_update() had been to the file IO codepath. It was present there for other reasons: to setup the write-cache based on the file's size. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14320 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 2c19d27113036d607850f370bb9afd62856d671e)
* | s3: tests: Add samba3.blackbox.force-close-shareJeremy Allison2020-04-072-0/+109
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Checks server stays up whilst writing to a force closed share. Uses existing aio_delay_inject share to delay writes while we force close the share. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sun Mar 8 19:34:14 UTC 2020 on sn-devel-184 (cherry picked from commit bb22be08b077b7d5911ccdeb1012f4dea85647e5) (cherry picked from commit 566658d914176c41942e3c6aba404ae369aeb123)
* | smbd: enforce AIO requests drainingJeremy Allison2020-04-071-63/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Assert we have no aio on a close. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Combined squash of commits: (cherry picked from commit 410e7599bd2ae9b35429f60a529bb7c4aa88df25) (cherry picked from commit acb0b01761330864a23932f643f7ad4e3d374634) (cherry picked from commit f94cd10a211e2eae966ba4bd26921556bbe513fc) (cherry picked from commit 0ae4f368c6c8d2c8c7aa34069007a984055df0da) (cherry picked from commit 86dd5a080969e14ab0d131d8cb1054ec624a41ba)
* | s3: smbd: Remove file_close_pid().Jeremy Allison2020-04-072-19/+0
| | | | | | | | | | | | | | | | | | | | The old synchronous reply_exit() was the only user. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 584933439c70af3d2fd047e62a3456c1c2eca45e)
* | s3: smbd: Remove old synchronous SMB1 reply_exit().Jeremy Allison2020-04-071-10/+21
| | | | | | | | | | | | | | | | | | | | SMB1 exit is now fully async. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 1de0daa715f3324e3620ae8152b7fbaeb40ee9d9)
* | s3: smbd: Add async internals of reply_exit().Jeremy Allison2020-04-071-0/+201
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Waits until all aio requests on all fsp's owned by this vuid are finished before returning to the client. Charges the profile time in the done function. Not strictly correct but better than the other SMB1 async code that double-charges profiling in both send and done at the moment. Done this way (commented out) so it is a clean diff and it's clear what is being added. A later commit will remove the old synchronous version. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 8f58feab58afbc7aa214fac2a1728dda68303c6b)
* | s3: smbd: Remove old synchronous SMB1 reply_ulogoffX().Jeremy Allison2020-04-071-27/+21
| | | | | | | | | | | | | | | | | | | | SMB1 user logoff is now fully async. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 446b64ca66591d8ae5b4bf1aabdd46a1e8cb1c1c)
* | s3: smbd: reply_ulogoffX() Update to modern coding standards.Jeremy Allison2020-04-071-2/+2
| | | | | | | | | | | | | | | | | | | | Minimizes the diff in the later commits. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 9cda76ad29db0cfbffa3dbb0764ec5dda24490f9)
* | s3: smbd: In reply_ulogoffX(), replace req -> smb1req.Jeremy Allison2020-04-071-11/+11
| | | | | | | | | | | | | | | | | | | | Minimises the diff in later commits. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 5c073aa01b304f54a0039d9cd9dc74123191eb4b)
View Lorry Controller Status