summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* WHATSNEW: Add release notes for Samba 4.13.7.samba-4.13.7Karolin Seeger2021-03-241-2/+62
| | | | Signed-off-by: Karolin Seeger <kseeger@samba.org>
* VERSION: Bump version for Samba 4.13.7 release.Stefan Metzmacher2021-03-241-1/+1
| | | | | | | | | | | | o BUG #14595: CVE-2020-27840: Heap corruption via crafted DN strings. o BUG #14655: CVE-2021-20277: Out of bounds read in AD DC LDAP server. Note this is exactly the same as 4.13.6, except that it has a dependency on ldb version 2.2.1, which is needed if someone builds against a system libldb. Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Karolin Seeger <kseeger@samba.org>
* ldb: version 2.2.1ldb-2.2.1Stefan Metzmacher2021-03-243-1/+287
| | | | | | | | o BUG #14595: CVE-2020-27840: Heap corruption via crafted DN strings. o BUG #14655: CVE-2021-20277: Out of bounds read in AD DC LDAP server. Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Karolin Seeger <kseeger@samba.org>
* VERSION: Disable GIT_SNAPSHOT for the 4.13.6 release.samba-4.13.6Karolin Seeger2021-03-191-1/+1
| | | | | | | o BUG #14595: CVE-2020-27840: Heap corruption via crafted DN strings. o BUG #14655: CVE-2021-20277: Out of bounds read in AD DC LDAP server. Signed-off-by: Karolin Seeger <kseeger@samba.org>
* WHATSNEW: Add release notes for Samba 4.13.6.Karolin Seeger2021-03-191-2/+65
| | | | Signed-off-by: Karolin Seeger <kseeger@samba.org>
* CVE-2020-27840: pytests: move Dn.validate test to ldbDouglas Bagnall2021-03-193-6/+46
| | | | | | | | | | | | We had the test in the Samba Python segfault suite because a) the signal catching infrastructure was there, and b) the ldb tests lack Samba's knownfail mechanism, which allowed us to assert the failure. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14595 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explodeDouglas Bagnall2021-03-192-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A DN string with lots of trailing space can cause ldb_dn_explode() to put a zero byte in the wrong place in the heap. When a DN string has a value represented with trailing spaces, like this "CN=foo ,DC=bar" the whitespace is supposed to be ignored. We keep track of this in the `t` pointer, which is NULL when we are not walking through trailing spaces, and points to the first space when we are. We are walking with the `p` pointer, writing the value to `d`, and keeping the length in `l`. "CN=foo ,DC= " ==> "foo " ^ ^ ^ t p d --l--- The value is finished when we encounter a comma or the end of the string. If `t` is not NULL at that point, we assume there are trailing spaces and wind `d and `l` back by the correct amount. Then we switch to expecting an attribute name (e.g. "CN"), until we get to an "=", which puts us back into looking for a value. Unfortunately, we forget to immediately tell `t` that we'd finished the last value, we can end up like this: "CN=foo ,DC= " ==> "" ^ ^ ^ t p d l=0 where `p` is pointing to a new value that contains only spaces, while `t` is still referring to the old value. `p` notices the value ends, and we subtract `p - t` from `d`: "CN=foo ,DC= " ==> ? "" ^ ^ ^ t p d l ~= SIZE_MAX - 8 At that point `d` wants to terminate its string with a '\0', but instead it terminates someone else's byte. This does not crash if the number of trailing spaces is small, as `d` will point into a previous value (a copy of "foo" in this example). Corrupting that value will ultimately not matter, as we will soon try to allocate a buffer `l` long, which will be greater than the available memory and the whole operation will fail properly. However, with more spaces, `d` will point into memory before the beginning of the allocated buffer, with the exact offset depending on the length of the earlier attributes and the number of spaces. What about a longer DN with more attributes? For example, "CN=foo ,DC= ,DC=example,DC=com" -- since `d` has moved out of bounds, won't we continue to use it and write more DN values into mystery memory? Fortunately not, because the aforementioned allocation of `l` bytes must happen first, and `l` is now huge. The allocation happens in a talloc_memdup(), which is by default restricted to allocating 256MB. So this allows a person who controls a string parsed by ldb_dn_explode to corrupt heap memory by placing a single zero byte at a chosen offset before the allocated buffer. An LDAP bind request can send a string DN as a username. This DN is necessarily parsed before the password is checked, so an attacker does not need proper credentials. The attacker can easily cause a denial of service and we cannot rule out more subtle attacks. The immediate solution is to reset `t` to NULL when a comma is encountered, indicating that we are no longer looking at trailing whitespace. Found with the help of Honggfuzz. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14595 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2020-27840: pytests:segfault: add ldb.Dn validate testDouglas Bagnall2021-03-192-0/+7
| | | | | | | | | ldb.Dn.validate wraps ldb_dn_explode. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14595 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2021-20277 ldb/attrib_handlers casefold: stay in boundsDouglas Bagnall2021-03-191-1/+1
| | | | | | | | | | | | For a string that had N spaces at the beginning, we would try to move N bytes beyond the end of the string. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14655 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry-picked from commit for master)
* CVE-2021-20277 ldb: Remove tests from ldb_match_test that do not passAndrew Bartlett2021-03-191-2/+0
| | | | | | | | | | | | | This reverts some of the backport of 33a95a1e75b85e9795c4490b78ead2162e2a1f47 This is done here rather than squashed in the cherry-pick of the expanded testsuite because it allows this commit to be simply reverted for the backport of bug 14044 if this lands first, or to be dropped if bug 14044 lands first. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14655 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* CVE-2021-20277 ldb tests: ldb_match tests with extra spacesDouglas Bagnall2021-03-191-1/+7
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14655 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry-picked from commit for master)
* ldb: add tests for ldb_wildcard_compareDouglas Bagnall2021-03-191-10/+124
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14044 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Björn Jacke <bjacke@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry-picked from commit 33a95a1e75b85e9795c4490b78ead2162e2a1f47)
* VERSION: Bump version up to 4.13.6...Karolin Seeger2021-03-191-2/+2
| | | | | | | and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger <kseeger@samba.org> (cherry picked from commit b30c0416390ce4151a6bf97ea44e18e9d668e596)
* VERSION: Disable GIT_SNAPSHOT for the 4.13.5 release.samba-4.13.5Karolin Seeger2021-03-091-1/+1
| | | | Signed-off-by: Karolin Seeger <kseeger@samba.org>
* Revert "wscript: use --as-needed only if tested successfully"Karolin Seeger2021-03-091-2/+1
| | | | This reverts commit eebf510fbd8847077c7bec72a1cda674b5a02714.
* WHATSNEW: Add release notes for Samba 4.13.5.Karolin Seeger2021-03-091-2/+77
| | | | Signed-off-by: Karolin Seeger <kseeger@samba.org>
* g_lock: Fix uninitalized variable readsVolker Lendecke2021-03-081-2/+2
| | | | | | | | | | | | | | | | | | If dbwrap_watched_watch_recv() returns IO_TIMEOUT, "blockerdead" might be an uninitialized non-false, and further down we'll remove the wrong exclusive locker. Bug: https://bugzilla.samba.org/show_bug.cgi?id=14636 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri Mar 5 11:22:07 UTC 2021 on sn-devel-184 (cherry picked from commit 654c18a244f060d81280493a324b98602a69dbbf) Autobuild-User(v4-13-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-13-test): Mon Mar 8 09:47:35 UTC 2021 on sn-devel-184
* locking: Fix an uninitialized variable readVolker Lendecke2021-03-081-1/+1
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=14636 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 84b634c613352fc1da8e1525d72597c526d534d2)
* s3:modules:vfs_virusfilter: Recent talloc changes cause infinite start-up ↵Trever L. Adams2021-03-051-67/+90
| | | | | | | | | | | | | | | | | | | failure Recent talloc changes cause the current check for failure to allocate to be incorrectly triggered. This patch checks to see if the original parameter to be checked for NULL if the talloc returns NULL. This allows for rapid passing in the ca BUG: https://bugzilla.samba.org/show_bug.cgi?id=14634 RN: Fix failure of vfs_virusfilter starting due to talloc changes Signed-off-by: Trever L. Adams" <trever.adams@gmail.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <noel.power@suse.com> (cherry picked from commit 5a92810082c9a9d2833946ae0d83ce05a6bde597) Autobuild-User(v4-13-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-13-test): Fri Mar 5 12:18:56 UTC 2021 on sn-devel-184
* wscript: use --as-needed only if tested successfullyBjörn Jacke2021-03-051-1/+2
| | | | | | | | | | Some OSes like Solaris based OmiOS don't support this. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14288 Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 996560191ac6bd603901dcd6c0de5d239e019ef4)
* s3: VFS: nfs4_acls. Add missing TALLOC_FREE(frame) in error path.Peter Eriksson2021-03-031-0/+1
| | | | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14648 Signed-off-by: Peter Eriksson <pen@lysator.liu.se> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Mulder <dmulder@samba.org> Autobuild-User(master): David Mulder <dmulder@samba.org> Autobuild-Date(master): Thu Feb 25 20:46:02 UTC 2021 on sn-devel-184 (cherry picked from commit 3d91fe071a29e2e0c54a10ba081a46cb5c324585) Autobuild-User(v4-13-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-13-test): Wed Mar 3 09:08:34 UTC 2021 on sn-devel-184
* script/autobuild.py: let cleanup() ignore errors from rmdir_force() by defaultStefan Metzmacher2021-03-031-3/+12
| | | | | | | | | | | | | | | It's not useful to generate a python backtrace from within the cleanup code. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14628 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 9883ac45939f253a63f3ff312fc3912c5f02cdac) Autobuild-User(v4-14-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-14-test): Tue Feb 2 10:29:44 UTC 2021 on sn-devel-184 (cherry picked from commit cc1568be4d4250390a9ad03c84f5e260fc7acffd)
* script/autobuild.py: split out a rmdir_force() helper functionStefan Metzmacher2021-03-031-7/+18
| | | | | | | | | | | | That also tries to re-add write permissions before removing. In future we'll have jobs changing there directory to read-only. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14628 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 7a5df2deaaf62a7edd7c64251f75ab15abe94c07) (cherry picked from commit c933135969be29072971f96481b05f499fd48b57)
* selftest: make/use a copy of GNUPGHOMEStefan Metzmacher2021-03-033-1/+36
| | | | | | | | | | | That makes it possible to run tests from a read only source tree. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14628 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 86343125a55d184c15aa94cd01f4c8893a5a0917) (cherry picked from commit c1a4cb97d1d71b974eed2ecb5f34bb1425f36294)
* s4:selftest: use plansmbtorture4testsuite() for 'rpc.echo'Stefan Metzmacher2021-03-031-1/+2
| | | | | | | | | | | | | This makes sure "--basedir=$SELFTEST_TMPDIR" is passed to smbtorture. Tests should not create files in the build nor the source directory! BUG: https://bugzilla.samba.org/show_bug.cgi?id=14628 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit d06f2c22d726a5ec7bd804d89154ee272ab1a679) (cherry picked from commit 81b36b389cb01eca9b2f0a2a452d290e21f31394)
* s3:selftest: run test_smbclient_tarmode.pl with a fixed subdirectory nameStefan Metzmacher2021-03-031-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | $PREFIX is the the value from --with-selftest-prefix. The result of the test should not depend on --with-selftest-prefix, the 'long_path' test in particular. If the path is to long smbclient (via libarchive) will only put the full path into a PAX HEADER as 'path' keyword, that's fine in general, modern tools handle it just fine. But Perl's Archive::Tar don't handle it and only seems truncated file names. I have a fix for Archive::Tar, see: https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=c75037d0a06a96cdaca3f3b20a6d237e768b075b But finishing that is a task for another day, for now I just want to remove the dependency to --with-selftest-prefix. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14628 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit e0d9b656452ba6277cdc7f0abb2a06d3d284ef3a) (cherry picked from commit 3eba14718dd6269fe1657de15a2f47c848b60518)
* selftest/Samba4: allow get_cmd_env_vars() to take an overwrite dictionaryStefan Metzmacher2021-03-031-22/+45
| | | | | | | | | | | | This way we can use it on even in some special cases, where we combine variables from multiple environments. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14628 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 568c7d38debaa5ccd90d6ea33c683de512de7005) (cherry picked from commit f1c7967b568034da2707ccc4bd1f64358d55eacc)
* selftest/Samba4: correctly pass KRB5CCNAME to provisionStefan Metzmacher2021-03-031-1/+1
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14628 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit dce0bdc39ebb01ef4f5e35af0552451cfc29fd1b) (cherry picked from commit 85800df90358f3a76b6b86f8414582178fe50946)
* selftest/Samba4: make more use of get_cmd_env_vars()Stefan Metzmacher2021-03-031-82/+19
| | | | | | | | | | | | This simplifies the code a lot and makes it much easier to add new environment variables in future. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14628 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 15b39160406c3ef49c5f074793d3a55b3bf12e0e) (cherry picked from commit 9d5f5e821cbe23cc2e64f201e7409aaec4b50387)
* selftest:Samba4: avoid File::Path 'make_path' in setup_dns_hub_internal()Stefan Metzmacher2021-03-031-2/+5
| | | | | | | | | | | | | While spliting the build and test stages I hit strange permission problems, when a parent directory is missing, which can be avoided by using plain mkdir() on each level. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14628 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 719eccd445e9cc56a1c2988c4deeb39d301bcbff) (cherry picked from commit 56c2c0f651e1c038ecf87a14a7dbe478e5e58d8d)
* selftest: allow a prefix under /m/username/Stefan Metzmacher2021-03-031-1/+1
| | | | | | | | | | | | We only want to match/replace only a '.' pathname component not any single character pathname compoment! BUG: https://bugzilla.samba.org/show_bug.cgi?id=14628 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 02301222386f2f08631d48d6e88c03cd1439325d) (cherry picked from commit f480161b754aade6c1af2d05f3ce742466b28026)
* Makefile: add support for 'make testonly'Stefan Metzmacher2021-03-031-0/+3
| | | | | | | | | | | | | | That skips any attempt to recompile before running the tests. Some times that's useful for debugging and we'll use it to split the build and test stages in autobuild and gitlab-ci later. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14628 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 1e4714940211b10ae6574770f15b7c6ed95f5f59) (cherry picked from commit 9fed2749c039164794faadef71aa83cfd360d130)
* s3: fix fcntl waf configure checkRalph Boehme2021-02-261-5/+5
| | | | | | | | | | | | | | | | RN: Fix fcntl waf configure check BUG: https://bugzilla.samba.org/show_bug.cgi?id=14503 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Mon Sep 21 07:26:54 UTC 2020 on sn-devel-184 (cherry picked from commit 454ccd986b61799908a6898a55d0480911f15306) Autobuild-User(v4-13-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-13-test): Fri Feb 26 10:57:20 UTC 2021 on sn-devel-184
* smbd: In conn_force_tdis_done() when forcing a connection closed force a ↵Jeremy Allison2021-02-261-1/+9
| | | | | | | | | | | | | | | | full reload of services. Prevents reload_services() caching the fact it might be called multiple times in a row. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14604 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit e4c8cd0781aef2a29bb4db1314c9fcd4f6edcecd) Autobuild-User(v4-13-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-13-test): Fri Feb 26 08:50:23 UTC 2021 on sn-devel-184
* dbcheck: Check Deleted Objects and reduce noise in reports about expired ↵Andrew Bartlett2021-02-224-12/+33
| | | | | | | | | | | | | | | | | | | | | | | | tombstones These reports (about recently deleted objects) create concern about a perfectly normal part of DB operation. We must not operate on objects that are expired or we might reanimate them, but we must fix "Deleted Objects" if it is wrong (mostly it is set as being deleted in 9999, but in alpha19 we got this wrong). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14593 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Feb 3 05:29:11 UTC 2021 on sn-devel-184 (cherry picked from commit da627106cdbf8d375b25fa3338a717447f3dbb6e) Autobuild-User(v4-13-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-13-test): Mon Feb 22 12:58:04 UTC 2021 on sn-devel-184
* selftest: Confirm that we fix any errors on the Deleted Objects container itselfAndrew Bartlett2021-02-222-0/+14
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14593 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> (cherry picked from commit 1ec1c35a3ae422720df491f5555c9bc787c9944c)
* classicupgrade: treat old never expires value rightBjörn Jacke2021-02-161-1/+1
| | | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14624 Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Feb 10 15:06:49 UTC 2021 on sn-devel-184 (cherry picked from commit df75d82c9de6977c466ee9f01886cb012a9c5fef) Autobuild-User(v4-13-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-13-test): Tue Feb 16 17:16:21 UTC 2021 on sn-devel-184
* s3:pysmbd: fix fd leak in py_smbd_create_file()Stefan Metzmacher2021-02-161-0/+3
| | | | | | | | | | Various 'samba-tool domain backup' commands use this and will fail if there's over ~1000 files in the sysvol folder. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13898 Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit d8fa464a2dfb11df4e1db4ebffe8bd28ff118c75)
* HEIMDAL: krb5_storage_free(NULL) should workPaul Wise2021-02-161-0/+2
| | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12505 Signed-off-by: Paul Wise <pabs3@bonedaddy.net> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Original-author: Nicolas Williams <nico@twosigma.com> (cherry-picked from heimdal commit b3db07d5f0e03f6a1a0a392e70f9675e19a6d6af) (cherry picked from commit f9ed4f7028a5ed29026ac8ef1b47b63755ba98f8)
* lib:util: Avoid free'ing our own pointerAndreas Schneider2021-02-082-5/+15
| | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14625 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 0bdbe50fac680be3fe21043246b8c75005611351) Autobuild-User(v4-13-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-13-test): Mon Feb 8 11:42:58 UTC 2021 on sn-devel-184
* lib:util: Add cache oversize test for memcacheAndreas Schneider2021-02-082-0/+40
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14625 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 00543ab3b29e3fbfe8314e51919629803e14ede6)
* lib:util: Add basic memcache unit testAndreas Schneider2021-02-083-1/+131
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14625 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit bebbf621d6052f797c5cf19a2a9bbc13e699d3f0)
* s3: libsmb: Add missing cli_tdis() in error path if encryption setup failed ↵Jeremy Allison2021-02-081-0/+1
| | | | | | | | on temp proxy connection. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13992 Signed-off-by: Jeremy Allison <jra@samba.org>
* s3: libsmb: cli_state_save_tcon(). Don't deepcopy tcon struct when ↵Jeremy Allison2021-02-032-4/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | temporarily swapping out a connection on a cli_state. This used to make a deep copy of either cli->smb2.tcon or cli->smb1.tcon, but this leaves the original tcon pointer in place which will then get TALLOC_FREE()'d when the new tree connection is made on this cli_state. As there may be pipes open on the old tree connection with talloc'ed state allocated using the original tcon pointer as a talloc parent we can't deep copy and then free this pointer as that will fire the destructors on the pipe memory and mark them as not connected. This call is used to temporarily swap out a tcon pointer (whilst keeping existing pipes open) to allow a new tcon on the same cli_state and all users correctly call cli_state_restore_tcon() once they are finished with the new tree connection. Just return the existing pointer and set the old value to NULL. We know we MUST be calling cli_state_restore_tcon() below to restore the original tcon tree connection pointer before closing the session. Remove the knownfail.d entry. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13992 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Feb 2 21:05:25 UTC 2021 on sn-devel-184 (cherry picked from commit 4f80f5f9046b64a9e5e0503b1cb54f1492c4faec) Autobuild-User(v4-13-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-13-test): Wed Feb 3 21:23:36 UTC 2021 on sn-devel-184
* s3: torture: Change the SMB1-only UID-REGRESSION-TEST to do an explicit copy ↵Jeremy Allison2021-02-031-5/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | of the tcon struct in use. For this test only, explicitly copy the SMB1 tcon struct, don't use cli_state_save_tcon()//cli_state_restore_tcon() as these calls will soon change to just manipulate the pointer to avoid TALLOC_FREE() on the tcon struct which calls destructors on child pipe data. In SMB1 this test calls cli_tdis() twice with an invalid vuid and expects the SMB1 tcon struct to be preserved across the calls. SMB1 cli_tdis() frees cli->smb1.tcon so we must put back a deep copy into cli->smb1.tcon to be able to safely call cli_tdis() again. This is a test-only hack. Real client code uses cli_state_save_tcon()/cli_state_restore_tcon() if it needs to temporarily swap out the active tcon on a client connection. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13992 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit e93e6108837eff0cebad8dc26d055c0e1386093a)
* s3: smbtorture3: Ensure run_tcon_test() always replaces any saved tcon and ↵Jeremy Allison2021-02-031-0/+5
| | | | | | | | | | shuts down correctly even in error paths. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13992 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit f9ca91bd293e9f2710c4449c5d4f5d016a066049)
* s3: smbtorture3: Ensure we *always* replace the saved saved_tcon even in an ↵Jeremy Allison2021-02-031-1/+1
| | | | | | | | | | error condition. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13992 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit dc701959cad7bf15aa47cad6451212606520f67f)
* s3: tests: Add regression test for bug 13992.Jeremy Allison2021-02-032-0/+22
| | | | | | | | | | | | | | | | Subtle extra test. Mark as knownfail for now. '^ user1$' must appear MORE THAN ONCE, as it can read more than one share. The previous test found user1, but only once as the bug only allows reading the security descriptor for one share, and we were unlucky that the first share security descriptor returned allows user1 to read from it. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13992 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 068f4a977f0539f790809d580bf22d2362032e3d)
* smbd: use fsp->conn->session_info for the initial delete-on-close tokenRalph Boehme2021-02-012-22/+4
| | | | | | | | | | | | | | | | | | There's a correctly set up session_info at fsp->conn->session_info, we can just use that. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14617 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Jan 26 04:04:14 UTC 2021 on sn-devel-184 (cherry picked from commit e06f86bbd93d024c70016e1adcf833db85742aca) Autobuild-User(v4-13-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-13-test): Mon Feb 1 08:47:05 UTC 2021 on sn-devel-184
* selftest: add a test that verifies unlink works when "force user" is setRalph Boehme2021-02-013-0/+46
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14617 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit aa1f09cda0a097617e34dd0a8b1b0acc7a37bca8)
View Lorry Controller Status