summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* CVE-2019-14907 lib/util/charset: clang: Fix Value stored to 'reason' is ↵Noel Power2020-01-101-4/+4
| | | | | | | | | | | | | | never read warning Fixes: lib/util/charset/convert_string.c:301:5: warning: Value stored to 'reason' is never read <--[clang] BUG: https://bugzilla.samba.org/show_bug.cgi?id=14208 Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Gary Lockyer gary@catalyst.net.nz (cherry picked from commit add47e288bc80c1bf45765d1588a9fa5998ea677)
* CVE-2019-14902 dsdb: Change basis of descriptor module deferred processing ↵Andrew Bartlett2020-01-105-154/+156
| | | | | | | | | | | | | | | | to be GUIDs We can not process on the basis of a DN, as the DN may have changed in a rename, not only that this module can see, but also from repl_meta_data below. Therefore remove all the complex tree-based change processing, leaving only a tree-based sort of the possible objects to be changed, and a single stopped_dn variable containing the DN to stop processing below (after a no-op change). BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2019-14902 repl_meta_data: Set renamed = true (and so do SD inheritance) ↵Andrew Bartlett2020-01-102-1/+13
| | | | | | | | | | | after any rename Previously if there was a conflict, but the incoming object would still win, this was not marked as a rename, and so inheritence was not done. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2019-14902 repl_meta_data: Fix issue where inherited Security ↵Andrew Bartlett2020-01-102-2/+21
| | | | | | | | Descriptors were not replicated. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2019-14902 repl_meta_data: schedule SD propagation to a renamed DNAndrew Bartlett2020-01-101-1/+16
| | | | | | | | We need to check the SD of the parent if we rename, it is not the same as an incoming SD change. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2019-14902 dsdb: Ensure we honour both change->force_self and ↵Andrew Bartlett2020-01-101-0/+7
| | | | | | | | | | change->force_children If we are renaming a DN we can be in a situation where we need to BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2019-14902 dsdb: Add comments explaining why SD propagation needs to be ↵Andrew Bartlett2020-01-101-0/+7
| | | | | | | | done here BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2019-14902 dsdb: Explain that descriptor_sd_propagation_recursive() is ↵Andrew Bartlett2020-01-101-0/+3
| | | | | | | | | | | proctected by a transaction This means we can trust the DB did not change between the two search requests. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* selftest: Add test to confirm ACL inheritence really happensAndrew Bartlett2020-01-101-21/+94
| | | | | | | | While we have a seperate test (sec_descriptor.py) that confirms inheritance in general we want to lock in these specific patterns as this test covers rename. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2019-14902 selftest: Add test for a special case around replicated renamesAndrew Bartlett2020-01-102-0/+70
| | | | | | | | It appears Samba is currently string-name based in the ACL inheritence code. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2019-14902 selftest: Add test for replication of inherited security ↵Andrew Bartlett2020-01-103-0/+265
| | | | | | | | descriptors BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* VERSION: Bump version up to Samba 4.9.18...Karolin Seeger2020-01-101-2/+2
| | | | | | | and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger <kseeger@samba.org> (cherry picked from commit 5d91d4cdbeb0921257c6f6701cc6f963ab629842)
* VERSION: Disable GIT_SNAPSHOT for the 4.9.17 release.samba-4.9.17Karolin Seeger2019-11-291-1/+1
| | | | | | | | | o CVE-2019-14861: Samba AD DC zone-named record Denial of Service in DNS management server (dnsserver). o CVE-2019-14870: DelegationNotAllowed not being enforced in protocol transition on Samba AD DC. Signed-off-by: Karolin Seeger <kseeger@samba.org>
* WHATSNEW: Add release notes for Samba 4.9.17.Karolin Seeger2019-11-291-2/+64
| | | | | | | | | o CVE-2019-14861: Samba AD DC zone-named record Denial of Service in DNS management server (dnsserver). o CVE-2019-14870: DelegationNotAllowed not being enforced in protocol transition on Samba AD DC. Signed-off-by: Karolin Seeger <kseeger@samba.org>
* CVE-2019-14870: mit-kdc: enforce delegation_not_allowed flagIsaac Boukris2019-11-292-11/+11
| | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14187 Signed-off-by: Isaac Boukris <iboukris@samba.org>
* CVE-2019-14870: heimdal: enforce delegation_not_allowed in S4U2SelfIsaac Boukris2019-11-292-23/+36
| | | | Signed-off-by: Isaac Boukris <iboukris@gmail.com>
* CVE-2019-14870: heimdal: add S4U test for delegation_not_allowedIsaac Boukris2019-11-293-0/+75
| | | | Signed-off-by: Isaac Boukris <iboukris@gmail.com>
* samba-tool: add user-sensitive command to set not-delegated flagIsaac Boukris2019-11-291-0/+59
| | | | Signed-off-by: Isaac Boukris <iboukris@gmail.com>
* s4-torture: Reduce flapping in SambaToolDrsTests.test_samba_tool_replicate_localAndrew Bartlett2019-11-291-1/+2
| | | | | | | | | | This test often flaps in Samba 4.9 (where more tests and DCs run in the environment) with obj_1 being 3. This is quite OK, we just need to see some changes get replicated, not 0 changes. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> (cherry picked from commit 4ae0f9ce0f5ada99cf1d236377e5a1234c879ae3)
* CVE-2019-14861: Test to demonstrate the bugAndrew Bartlett2019-11-291-0/+47
| | | | | | | | | This test does not fail every time, but when it does it casues a segfault which takes out the rpc_server master process, as this hosts the dnsserver pipe. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14138 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2019-14861: s4-rpc/dnsserver: Avoid crash in ldb_qsort() via ↵Andrew Bartlett2019-11-293-27/+17
| | | | | | | | | | | | | | | | | dcesrv_DnssrvEnumRecords) dns_name_compare() had logic to put @ and the top record in the tree being enumerated first, but if a domain had both then this would break the older qsort() implementation in ldb_qsort() and cause a read of memory before the base pointer. By removing this special case (not required as the base pointer is already seperatly located, no matter were it is in the returned records) the crash is avoided. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14138 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2019-14861: s4-rpc_server: Remove special case for @ in dns_build_tree()Andrew Bartlett2019-11-291-4/+5
| | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14138 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2019-14861: s4-rpc/dnsserver: Confirm sort behaviour in ↵Andrew Bartlett2019-11-292-0/+103
| | | | | | | | | | | dcesrv_DnssrvEnumRecords The sort behaviour for child records is not correct in Samba so we add a flapping entry. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14138 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* VERSION: Bump version up to 4.9.17...Karolin Seeger2019-11-291-2/+2
| | | | | | and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger <kseeger@samba.org>
* VERSION: Disable GIT_SNAPSHOT for th 4.9.16 release.samba-4.9.16Karolin Seeger2019-11-261-1/+1
| | | | Signed-off-by: Karolin Seeger <kseeger@samba.org>
* WHATSNEW: Add release notes for Samba 4.9.16.Karolin Seeger2019-11-261-2/+47
| | | | Signed-off-by: Karolin Seeger <kseeger@samba.org>
* Merge tag 'samba-4.9.15' into v4-9-testKarolin Seeger2019-11-269-17/+247
|\ | | | | | | | | samba: tag release samba-4.9.15 Signed-off-by: Karolin Seeger <kseeger@samba.org>
| * VERSION: Disable GIT_SNAPSHOT for the 4.9.15 release.samba-4.9.15Karolin Seeger2019-10-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | * Bug 14071: CVE-2019-10218: Client code can return filenames containing path separators. * Bug 12438: CVE-2019-14833: Samba AD DC check password script does not receive the full password. * Bug 14040: CVE-2019-14847: User with "get changes" permission can crash AD DC LDAP server via dirsync. Signed-off-by: Karolin Seeger <kseeger@samba.org>
| * WHATSNEW: Add release notes for Samba 4.9.15.Karolin Seeger2019-10-241-2/+76
| | | | | | | | | | | | | | | | | | | | | | * Bug 14071: CVE-2019-10218: Client code can return filenames containing path separators. * Bug 12438: CVE-2019-14833: Samba AD DC check password script does not receive the full password. * Bug 14040: CVE-2019-14847: User with "get changes" permission can crash AD DC LDAP server via dirsync. Signed-off-by: Karolin Seeger <kseeger@samba.org>
| * CVE-2019-14847 dsdb: Correct behaviour of ranged_results when combined with ↵Andrew Bartlett2019-10-243-9/+28
| | | | | | | | | | | | | | | | dirsync BUG: https://bugzilla.samba.org/show_bug.cgi?id=14040 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
| * CVE-2019-14847 dsdb: Demonstrate the correct interaction of ranged_results ↵Andrew Bartlett2019-10-242-0/+27
| | | | | | | | | | | | | | | | | | | | | | style attributes and dirsync Incremental results are provided by a flag on the dirsync control, not by changing the attribute name. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14040 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
| * CVE-2019-14847 dsdb/modules/dirsync: ensure attrs exist (CID 1107212)Douglas Bagnall2019-10-241-0/+4
| | | | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14040 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> (cherry picked from commit 23f72c4d712f8d1fec3d67a66d477709d5b0abe2)
| * CVE-2019-14833 dsdb: send full password to check password scriptBjörn Baumbach2019-10-242-7/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | utf8_len represents the number of characters (not bytes) of the password. If the password includes multi-byte characters it is required to write the total number of bytes to the check password script. Otherwise the last bytes of the password string would be ignored. Therefore we rename utf8_len to be clear what it does and does not represent. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12438 Signed-off-by: Björn Baumbach <bb@sernet.de> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
| * CVE-2019-14833: Use utf8 characters in the unacceptable passwordAndrew Bartlett2019-10-242-1/+2
| | | | | | | | | | | | | | This shows that the "check password script" handling has a bug. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12438 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
| * CVE-2019-10218 - s3: libsmb: Protect SMB2 client code from evil server ↵Jeremy Allison2019-10-241-0/+7
| | | | | | | | | | | | | | | | | | | | returned names. Disconnect with NT_STATUS_INVALID_NETWORK_RESPONSE if so. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14071 Signed-off-by: Jeremy Allison <jra@samba.org>
| * CVE-2019-10218 - s3: libsmb: Protect SMB1 client code from evil server ↵Jeremy Allison2019-10-242-0/+78
| | | | | | | | | | | | | | | | | | | | returned names. Disconnect with NT_STATUS_INVALID_NETWORK_RESPONSE if so. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14071 Signed-off-by: Jeremy Allison <jra@samba.org>
| * VERSION: Bump version up to 4.9.15...Karolin Seeger2019-10-241-2/+2
| | | | | | | | | | | | | | and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger <kseeger@samba.org> (cherry picked from commit 5942df0864495dbaea68d2f45b5a6d343f0556ba)
* | ctdb-tcp: Close inflight connecting TCP sockets after forkVolker Lendecke2019-11-201-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit c68b6f96f26 changed the talloc hierarchy such that outgoing TCP sockets while sitting in the async connect() syscall are not freed via ctdb_tcp_shutdown() anymore, they are hanging off a longer-running structure. Free this structure as well. If an outgoing TCP socket leaks into a long-running child process (possibly the recovery daemon), this connection will never be closed as seen by the destination node. Because with recent changes incoming connections will not be accepted as long as any incoming connection is alive, with that socket leak into the recovery daemon we will never again be able to successfully connect to the node that is affected by this leak. Further attempts to connect will be discarded by the destination as long as the recovery daemon keeps this socket alive. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14175 RN: Avoid communication breakdown on node reconnect Signed-off-by: Martin Schwenke <martin@meltin.net> Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Amitay Isaacs <amitay@gmail.com> (cherry picked from commit a6d99d9e5c5bc58e6d56be7a6c1dbc7c8d1a882f) Autobuild-User(v4-9-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-9-test): Wed Nov 20 14:58:33 UTC 2019 on sn-devel-144
* | ctdb-tcp: Drop tracking of file descriptor for incoming connectionsMartin Schwenke2019-11-204-11/+0
| | | | | | | | | | | | | | | | | | | | | | This file descriptor is owned by the incoming queue. It will be closed when the queue is torn down. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14175 Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com> (cherry picked from commit bf47bc18bb8a94231870ef821c0352b7a15c2e28)
* | ctdb-tcp: Avoid orphaning the TCP incoming queueMartin Schwenke2019-11-201-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CTDB's incoming queue handling does not check whether an existing queue exists, so can overwrite the pointer to the queue. This used to be harmless until commit c68b6f96f26664459187ab2fbd56767fb31767e0 changed the read callback to use a parent structure as the callback data. Instead of cleaning up an orphaned queue on disconnect, as before, this will now free the new queue. At first glance it doesn't seem possible that 2 incoming connections from the same node could be processed before the intervening disconnect. However, the incoming connections and disconnect occur on different file descriptors. The queue can become orphaned on node A when the following sequence occurs: 1. Node A comes up 2. Node A accepts an incoming connection from node B 3. Node B processes a timeout before noticing that outgoing the queue is writable 4. Node B tears down the outgoing connection to node A 5. Node B initiates a new connection to node A 6. Node A accepts an incoming connection from node B Node A processes then the disconnect of the old incoming connection from (2) but tears down the new incoming connection from (6). This then occurs until the originally affected node is restarted. However, due to the number of outgoing connection attempts and associated teardowns, this induces the same behaviour on the corresponding incoming queue on all nodes that node A attempts to connect to. Therefore, other nodes become affected and need to be restarted too. As a result, the whole cluster probably needs to be restarted to recover from this situation. The problem can occur any time CTDB is started on a node. The fix is to avoid accepting new incoming connections when a queue for incoming connections is already present. The connecting node will simply retry establishing its outgoing connection. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14175 Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com> (cherry picked from commit d0baad257e511280ff3e5c7372c38c43df841070)
* | ctdb-tcp: Check incoming queue to see if incoming connection is upMartin Schwenke2019-11-201-1/+1
| | | | | | | | | | | | | | | | | | | | | | This makes it consistent with the reverse case. Also, in_fd will soon be removed. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14175 Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com> (cherry picked from commit e62b3a05a874db13a848573d2e2fb1c157393b9c)
* | VERSION: Bump version up to 4.9.16.Karolin Seeger2019-10-291-1/+1
| | | | | | | | Signed-off-by: Karolin Seeger <kseeger@samba.org>
* | VERSION: Bump version up to 4.9.15...Karolin Seeger2019-10-221-2/+2
|/ | | | | | and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger <kseeger@samba.org>
* VERSION: Disable GIT_SNAPSHOT for the 4.9.14 release.samba-4.9.14Karolin Seeger2019-10-221-1/+1
| | | | Signed-off-by: Karolin Seeger <kseeger@samba.org>
* WHATSNEW: Add release notes for Samba 4.9.14.Karolin Seeger2019-10-221-2/+84
| | | | Signed-off-by: Karolin Seeger <kseeger@samba.org>
* spnego: fix server handling of no optimistic exchangeIsaac Boukris2019-10-162-1/+13
| | | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106 Signed-off-by: Isaac Boukris <iboukris@redhat.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Sat Oct 12 15:51:42 UTC 2019 on sn-devel-184 Autobuild-User(v4-9-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-9-test): Wed Oct 16 16:47:14 UTC 2019 on sn-devel-144
* selftest: add tests for no optimistic spnego exchangeIsaac Boukris2019-10-162-0/+5
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106 Signed-off-by: Isaac Boukris <iboukris@redhat.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* spnego: add client option to omit sending an optimistic tokenIsaac Boukris2019-10-161-0/+11
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106 Signed-off-by: Isaac Boukris <iboukris@redhat.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* ctdb-vacuum: Process all records not deleted on a remote nodeAmitay Isaacs2019-10-161-1/+1
| | | | | | | | | | | This currently skips the last record. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14147 RN: Avoid potential data loss during recovery after vacuuming error Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Martin Schwenke <martin@meltin.net> (cherry picked from commit 33f1c9d9654fbdcb99c23f9d23c4bbe2cc596b98)
* fault.c: improve fault_report message text pointing to our wikiBjörn Jacke2019-09-261-1/+5
| | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14139 Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> (cherry picked from commit ec4c5975528f3d3ab9c8813e176c6d1a2f1ca506) Autobuild-User(v4-9-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-9-test): Thu Sep 26 04:30:04 UTC 2019 on sn-devel-144
View Lorry Controller Status