summaryrefslogtreecommitdiff
path: root/source4
Commit message (Collapse)AuthorAgeFilesLines
* torture: Demonstrate the invalid lock order panicVolker Lendecke2018-08-231-0/+89
| | | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13584 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Aug 21 02:33:05 CEST 2018 on sn-devel-144 (cherry picked from commit ec3c37ee53f21d8c0e80b1d3b3d7e95a4ac8e0bc) Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-7-test): Thu Aug 23 15:48:56 CEST 2018 on sn-devel-144
* Merge tag 'samba-4.7.9' into v4-7-testKarolin Seeger2018-08-147-35/+1447
|\ | | | | | | samba: tag release samba-4.7.9
| * CVE-2018-10919 tests: Add extra test for dirsync deleted object corner-caseTim Beale2018-08-111-26/+131
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The acl_read.c code contains a special case to allow dirsync to work-around having insufficient access rights. We had a concern that the dirsync module could leak sensitive information for deleted objects. This patch adds a test-case to prove whether or not this is happening. The new test case is similar to the existing dirsync test except: - We make the confidential attribute also preserve-on-delete, so it hangs around for deleted objcts. Because the attributes now persist across test case runs, I've used a different attribute to normal. (Technically, the dirsync search expressions are now specific enough that the regular attribute could be used, but it would make things quite fragile if someone tried to add a new test case). - To handle searching for deleted objects, the search expressions are now more complicated. Currently dirsync adds an extra-filter to the '!' searches to exclude deleted objects, i.e. samaccountname matches the test-objects AND the object is not deleted. We now extend this to include deleted objects with lastKnownParent equal to the test OU. The search expression matches either case so that we can use the same expression throughout the test (regardless of whether the object is deleted yet or not). This test proves that the dirsync corner-case does not actually leak sensitive information on Samba. This is due to a bug in the dirsync code - when the buggy line is removed, this new test promptly fails. Test also passes against Windows. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
| * CVE-2018-10919 acl_read: Fix unauthorized attribute access via searchesTim Beale2018-08-111-0/+247
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A user that doesn't have access to view an attribute can still guess the attribute's value via repeated LDAP searches. This affects confidential attributes, as well as ACLs applied to an object/attribute to deny access. Currently the code will hide objects if the attribute filter contains an attribute they are not authorized to see. However, the code still returns objects as results if confidential attribute is in the search expression itself, but not in the attribute filter. To fix this problem we have to check the access rights on the attributes in the search-tree, as well as the attributes returned in the message. Points of note: - I've preserved the existing dirsync logic (the dirsync module code suppresses the result as long as the replPropertyMetaData attribute is removed). However, there doesn't appear to be any test that highlights that this functionality is required for dirsync. - To avoid this fix breaking the acl.py tests, we need to still permit searches like 'objectClass=*', even though we don't have Read Property access rights for the objectClass attribute. The logic that Windows uses does not appear to be clearly documented, so I've made a best guess that seems to mirror Windows behaviour. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
| * CVE-2018-10919 acl_read: Flip the logic in the dirsync checkTim Beale2018-08-111-10/+7
| | | | | | | | | | | | | | | | | | This better reflects the special case we're making for dirsync, and gets rid of a 'if-else' clause. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
| * CVE-2018-10919 acl_read: Small refactor to aclread_callback()Tim Beale2018-08-111-14/+17
| | | | | | | | | | | | | | | | | | Flip the dirsync check (to avoid a double negative), and use a helper boolean variable. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
| * CVE-2018-10919 acl_read: Split access_mask logic out into helper functionTim Beale2018-08-111-19/+35
| | | | | | | | | | | | | | | | So we can re-use the same logic laster for checking the search-ops. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
| * CVE-2018-10919 tests: test ldap searches for non-existent attributes.Gary Lockyer2018-08-111-0/+9
| | | | | | | | | | | | | | | | | | It is perfectly legal to search LDAP for an attribute that is not part of the schema. That part of the query should simply not match. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
| * CVE-2018-10919 tests: Add test case for object visibility with limited rightsTim Beale2018-08-111-0/+68
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently Samba is a bit disclosive with LDB_OP_PRESENT (i.e. attribute=*) searches compared to Windows. All the acl.py tests are based on objectClass=* searches, where Windows will happily tell a user about objects they have List Contents rights, but not Read Property rights for. However, if you change the attribute being searched for, suddenly the objects are no longer visible on Windows (whereas they are on Samba). This is a problem, because Samba can tell you about which objects have confidential attributes, which in itself could be disclosive. This patch adds a acl.py test-case that highlights this behaviour. The test passes against Windows but fails against Samba. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
| * CVE-2018-10919 tests: Add tests for guessing confidential attributesTim Beale2018-08-112-0/+923
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds tests that assert that a confidential attribute cannot be guessed by an unprivileged user through wildcard DB searches. The tests basically consist of a set of DB searches/assertions that get run for: - basic searches against a confidential attribute - confidential attributes that get overridden by giving access to the user via an ACE (run against a variety of ACEs) - protecting a non-confidential attribute via an ACL that denies read- access (run against a variety of ACEs) - querying confidential attributes via the dirsync controls These tests all pass when run against a Windows Dc and all fail against a Samba DC. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
| * CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when not ↵Andrew Bartlett2018-08-112-1/+45
| | | | | | | | | | | | | | | | | | | | | | | | | | | | servicePrincipalName is set on a user This regression was introduced in Samba 4.7 by bug 12842 and in master git commit eb2e77970e41c1cb62c041877565e939c78ff52d. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13552 CVE-2018-10918: Denial of Service Attack on AD DC DRSUAPI server. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* | dns wildcards: fix BUG 13536Gary Lockyer2018-07-281-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | The current position in the dns name was not advanced past the '.' character Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Jul 20 04:40:31 CEST 2018 on sn-devel-144 (cherry picked from commit cef1b31cd1f33074e8ab6de52aa0fb74e9b57a9f)
* | s4: torture: run test_durable_v2_open_reopen2_lease() in a subdirectoryRalph Boehme2018-07-281-2/+9
| | | | | | | | | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=13535 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 725319743f1f2de934cbde477ca84430f5b2b4b4)
* | s4:librpc: autonegotiate SMB1/2/3Stefan Metzmacher2018-07-281-139/+120
| | | | | | | | | | | | | | | | | | | | | | | | Windows Server 1709 defaults to SMB2 and does not have SMB1 enabled. When establishing trust, samba-tool does not specify SMB protocol version and fail by default. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> (cherry picked from commit 4422f7382aad3090cb959ade030a02bf4fef81ac)
* | s4:libcli: add smb_connect_nego_{send,recv}()Stefan Metzmacher2018-07-283-5/+246
| | | | | | | | | | | | | | | | | | | | | | This can be used to create a connection up to a negotiated smbXcli_conn. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> (cherry picked from commit e4910f35eab008a41cfcac3d97b3647c721ac679)
* | s4:libcli: allow a fallback to NTLMSSP if SPNEGO is not supported locallyStefan Metzmacher2018-07-281-5/+30
| | | | | | | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> (cherry picked from commit 5188454bdce80f6e2bfc45deca18bd1b7289a7a6)
* | s4:libcli: add fallback_to_anonymous to smb2_connect_send()Stefan Metzmacher2018-07-282-0/+33
| | | | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> (cherry picked from commit ca000d8901e6acb8a7c59d26d4f75c9d92bafece)
* | s4:libcli: allow passing an already negotiated connection to smb2_connect_send()Stefan Metzmacher2018-07-282-0/+22
| | | | | | | | | | | | | | | | | | | | It will just do the session setup and tree connect steps. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> (cherry picked from commit f20e607c15b4c8ae56ade5d7e68d832542a2cd5e)
* | s4:libcli: split out smb2_connect_session_start()Stefan Metzmacher2018-07-281-4/+12
| | | | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> (cherry picked from commit 5ad5b81b6ef601596583b4ad7d6a14241fa99a71)
* | s4:libcli: add smb2_transport_raw_init()Stefan Metzmacher2018-07-281-0/+35
| | | | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> (cherry picked from commit ce2248c4b5aad2d00155a2e77b3e6340ce824979)
* | s4:libcli: allow passing an already negotiated connection to ↵Stefan Metzmacher2018-07-284-10/+41
| | | | | | | | | | | | | | | | | | | | | | | | smb_composite_connect() It will just do the session setup and tree connect steps. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> (cherry picked from commit 2b68f9b8b0dd944fa89b9e0037886ddd4fb4e5f9)
* | s4:libcli: use talloc_zero() for struct smb_composite_connect in fetchfile.cStefan Metzmacher2018-07-281-1/+1
| | | | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> (cherry picked from commit 87d73397f9a9dee8fa0055a2ff08244b2c85e120)
* | s4:libcli: add smbcli_transport_raw_init()Stefan Metzmacher2018-07-281-0/+44
| | | | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> (cherry picked from commit b7e99c2571e31971a6d7f1898e7458c16dc1031e)
* | s4:libcli: split out smb_raw_negotiate_fill_transport()Stefan Metzmacher2018-07-281-30/+44
| | | | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> (cherry picked from commit 17b12a9b9a9dfd859679de77aa0c7ffbc782f1bc)
* | s4:torture/vfs/fruit: adjust test testing basefile rename to expect failureRalph Boehme2018-07-121-21/+4
| | | | | | | | | | | | | | | | | | | | | | Renaming a basefile that has open streams must fail with NT_STATUS_ACCESS_DENIED. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13451 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit f166207fc0344b51879d863857055ab7ff36a09b)
* | s4:torture/smb2/streams: try to rename basefile while is has open streamsRalph Boehme2018-07-121-0/+82
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This tests the following: - create a file with a stream - open the the stream and keep it open - on a second connection, try to rename the basefile, this should fail with NT_STATUS_ACCESS_DENIED Bug: https://bugzilla.samba.org/show_bug.cgi?id=13451 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 00d19bdab15102083b8ba395ede161824c898be1)
* | s4:torture: test setting EOF of a stream to 0 with enabled AAPL extensionsRalph Boehme2018-07-121-0/+197
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | macOS SMB server uses xattrs as storage backend for streams, directly exposing xattr get/set characteristics. Setting EOF on a stream to 0 just deletes the xattr as macOS doesn't support 0-byte sized xattrs. Note that this does not apply to the AFP_AfpInfo and AFP_Resource streams, they have even stranger semantics and we have other tests for those. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13441 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit cf5d471544f0cb0d072e4af1ee36798580d32897)
* | s4:torture/vfs/fruit: decrease large resource fork size in test from 1 GB to ↵Ralph Boehme2018-07-121-2/+2
| | | | | | | | | | | | | | | | | | | | | | 64 MB 64 MB is a more realistic value and lets the test pass on FreeBSD with fruit:resource=stream and vfs_streams_xattr. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 2729b4329af0ad0b6a8bd188450b8abd76670d8a)
* | s4:kcc: Add a NULL check before qsort()Andreas Schneider2018-06-271-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ../source4/dsdb/kcc/kcc_topology.c: In function ‘kcctpl_get_all_bridgehead_dcs.constprop’: ../source4/dsdb/kcc/kcc_topology.c:1330:3: error: argument 1 null where non-null expected [-Werror=nonnull] qsort(bridgeheads.data, bridgeheads.count, ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-7-test): Wed Jun 27 14:52:13 CEST 2018 on sn-devel-144
* | samdb: Fix build error with gcc8Andreas Schneider2018-06-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ../source4/dsdb/samdb/ldb_modules/samldb.c: In function ‘samldb_add’: ../source4/dsdb/samdb/ldb_modules/samldb.c:424:6: error: ‘found’ may be used uninitialized in this function [-Werror=maybe-uninitialized] if (found) { ^ ../source4/dsdb/samdb/ldb_modules/samldb.c:348:11: note: ‘found’ was declared here bool ok, found; ^~~~~ BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> (cherry picked from commit 76828876faa3cd463023e323983df0be597c7361)
* | s4:ntvfs: Fix string copy of share_nameAndreas Schneider2018-06-271-2/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | ../source4/ntvfs/ipc/rap_server.c:70:3: error: ‘strncpy’ specified bound 13 equals destination size [-Werror=stringop-truncation] strncpy((char *)r->out.info[j].info1.share_name, ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ snames[i], ~~~~~~~~~~ sizeof(r->out.info[0].info1.share_name)); ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> (cherry picked from commit 609ef35c12900bbd5ecaa557f7b5d71b5784a103)
* | s4:torture: Use strlcpy() in gen_name()Andreas Schneider2018-06-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ../source4/torture/basic/mangle_test.c: In function ‘gen_name’: ../source4/torture/basic/mangle_test.c:148:3: error: ‘strncpy’ output truncated before terminating nul copying 5 bytes from a string of the same length [-Werror=stringop-truncation] strncpy(p, "ABCDE", 5); ^~~~~~~~~~~~~~~~~~~~~~ BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> (cherry picked from commit 7a00d90d668f53914ffe035c41a5e79e60b51521)
* | s4-torture: fix format-truncation warning in smb2 session tests.Günther Deschner2018-06-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ../source4/torture/smb2/session.c: In function ‘test_session_reauth5’: ../source4/torture/smb2/session.c:645:36: error: ‘\file.dat’ directive output may be truncated writing 9 bytes into a region of size between 1 and 256 [-Werror=format-truncation=] snprintf(fname, sizeof(fname), "%s\\file.dat", dname); ^~~~~~~~~~ ../source4/torture/smb2/session.c:645:2: note: ‘snprintf’ output between 10 and 265 bytes into a destination of size 256 snprintf(fname, sizeof(fname), "%s\\file.dat", dname); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ../source4/torture/smb2/session.c:696:38: error: ‘\file2.dat’ directive output may be truncated writing 10 bytes into a region of size between 1 and 256 [-Werror=format-truncation=] snprintf(fname2, sizeof(fname2), "%s\\file2.dat", dname); ^~~~~~~~~~~ ../source4/torture/smb2/session.c:696:2: note: ‘snprintf’ output between 11 and 266 bytes into a destination of size 256 snprintf(fname2, sizeof(fname2), "%s\\file2.dat", dname); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ cc1: some warnings being treated as errors BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437 Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 5729898248041794ffdd0b769332e015baf12cce)
* | heimdal: lib/krb5: do not fail set_config_files due to parse errorJeffrey Altman2018-06-252-3/+4
|/ | | | | | | | | | | | | | | | | | | | | | | | Follow Apple's lead and do not fail krb5_set_config_files() simply because one of the files in the profile list fails to parse correctly. Doing so can lead to hard to find failures and could lead to an end user shooting themselves in the foot and no longer be able to login to their system to fix it. Parse as many of the files as we can. Only fail krb5_set_config_files() if init_context_from_config_file() fails. Change-Id: I122664c6d707a5f926643808ba414bf4f681f8b8 Cherry-pick of Heimdal commit b7cf5e7caf9b270f4d4151d2690177b11a7a1bdf BUG: https://bugzilla.samba.org/show_bug.cgi?id=11573 Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Alexander Bokovoy <ab@samba.org> (cherry picked from commit f05a1554b770c6a2c905170347bfb41157f4aa78) Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-7-test): Mon Jun 25 17:16:50 CEST 2018 on sn-devel-144
* s4-heimdal: Fix the format-truncation errors.Günther Deschner2018-06-191-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ../source4/heimdal/lib/com_err/compile_et.c: In function ‘generate_h’: ../source4/heimdal/lib/com_err/compile_et.c:138:33: error: ‘%s’ directive output may be truncated writing up to 127 bytes into a region of size 126 [-Werror=format-truncation=] snprintf(fn, sizeof(fn), "__%s__", hfn); ^~ ~~~ ../source4/heimdal/lib/com_err/compile_et.c:138:5: note: ‘snprintf’ output between 5 and 132 bytes into a destination of size 128 snprintf(fn, sizeof(fn), "__%s__", hfn); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ../source4/heimdal/lib/com_err/compile_et.c: In function ‘main’: ../source4/heimdal/lib/com_err/compile_et.c:234:35: error: ‘.h’ directive output may be truncated writing 2 bytes into a region of size between 1 and 128 [-Werror=format-truncation=] snprintf(hfn, sizeof(hfn), "%s.h", Basename); ^~ ../source4/heimdal/lib/com_err/compile_et.c:234:5: note: ‘snprintf’ output between 3 and 130 bytes into a destination of size 128 snprintf(hfn, sizeof(hfn), "%s.h", Basename); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ../source4/heimdal/lib/com_err/compile_et.c:235:35: error: ‘.c’ directive output may be truncated writing 2 bytes into a region of size between 1 and 128 [-Werror=format-truncation=] snprintf(cfn, sizeof(cfn), "%s.c", Basename); ^~ ../source4/heimdal/lib/com_err/compile_et.c:235:5: note: ‘snprintf’ output between 3 and 130 bytes into a destination of size 128 snprintf(cfn, sizeof(cfn), "%s.c", Basename); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ cc1: some warnings being treated as errors BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437 Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Jun 8 13:23:51 CEST 2018 on sn-devel-144
* s4:selftest: run test_ldb_simple.sh with more auth optionsStefan Metzmacher2018-06-041-0/+7
| | | | | | | | | | | This demonstrates the broken GENSEC_FEATURE_LDAP_STYLE handling in our LDAP server. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13427 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit fc1c5bd3be2c3f90eab2f31e43cf053f7ff13782)
* s4:torture/smb2: new test for interaction between chown and SD flagsRalph Boehme2018-05-241-0/+278
| | | | | | | | | | This passes against Windows, but fails against Samba. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13432 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 12f6d56c4814fca64e0e3c636018e70d71ad0be5)
* s4:rpc_server: fix call_id truncation in dcesrv_find_fragmented_call()Stefan Metzmacher2018-04-251-1/+1
| | | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13289 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Wed Feb 21 19:02:56 CET 2018 on sn-devel-144 (cherry picked from commit 5d113f80944f2e1d2a7e80f73aea7a4cfdfbd140) Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-7-test): Wed Apr 25 13:15:10 CEST 2018 on sn-devel-144
* lib: tevent: Use system <tevent.h>, not internal header path (except in ↵Jeremy Allison2018-04-203-3/+3
| | | | | | | | | self-test). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (similar to commit bee22f187cfca26da13efb4cc980a705ec252a21)
* torture: Test compound request request countersVolker Lendecke2018-04-131-0/+77
| | | | | | | | | | | | | | | | | | | | This will send an unfixed smbd into the SMB_ASSERT(op->request_count > 0); in smbd_smb2_request_reply_update_counts BUG: https://bugzilla.samba.org/show_bug.cgi?id=13215 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Thu Apr 12 14:38:39 CEST 2018 on sn-devel-144 (cherry picked from commit 40edd1bc273f664d5567ef5be169033899acee1f) Autobuild-User(v4-7-test): Stefan Metzmacher <metze@samba.org> Autobuild-Date(v4-7-test): Fri Apr 13 22:48:05 CEST 2018 on sn-devel-144
* dsdb: Fix CID 1034966 Uninitialized scalar variableVolker Lendecke2018-04-101-0/+1
| | | | | | | | | | | | "continue" in a do-while loop jumps to the "while"-check, so "id_exists" needs to be initialized by that point. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13367 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 925d1f23291c4bdbc832977b2b4577964b8301c8)
* s4: torture: Test all combinations of directory open with existing directory ↵Jeremy Allison2018-04-041-0/+66
| | | | | | | | | | | | | | | | | to ensure behavior is the same. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13358 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Mar 29 23:13:42 CEST 2018 on sn-devel-144 (cherry picked from commit c98cd0f25edaae7558f18fd331e2fef3aabb61f2) Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-7-test): Wed Apr 4 16:56:29 CEST 2018 on sn-devel-144
* s4: torture: Test all combinations of directory create to ensure behavior is ↵Jeremy Allison2018-04-041-0/+65
| | | | | | | | | | the same. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13358 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE> (cherry picked from commit fd9084336e7e86ccec83141d880fd7c336c23b6c)
* s4: torture: Test all combinations of file open with existing file to ensure ↵Jeremy Allison2018-04-041-0/+68
| | | | | | | | | | behavior is the same. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13358 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE> (cherry picked from commit 820b35bb1ceb445eb3659b67eedfb0a2f5b2f976)
* s4: torture: Test all combinations of file create to ensure behavior is the ↵Jeremy Allison2018-04-041-24/+33
| | | | | | | | | | same. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13358 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE> (cherry picked from commit 22fe8dcb77565495886244e88bb0433363d1f80a)
* s4: torture: Ensure a failed file create doesn't create the file.Jeremy Allison2018-04-041-0/+27
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13358 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE> (cherry picked from commit 53cdf7a9a18ed547eade4c3cdd80d286058e440d)
* s4: vfs: fruit tests: Add regression test for dealing with NFS ACE entries.Jeremy Allison2018-03-221-0/+171
| | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13319 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Mar 17 04:04:32 CET 2018 on sn-devel-144 (cherry picked from commit a6054c01c29c2507e0d5a6aa110fee4fd5c5eeb9)
* s4:auth_sam: allow logons with an empty domain nameStefan Metzmacher2018-03-201-6/+10
| | | | | | | | | | | | | | | | | It turns out that an empty domain name maps to the local SAM. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Feb 23 04:08:26 CET 2018 on sn-devel-144 (cherry picked from commit 57762229da971e837b923f09ca01bad6151f9419) Autobuild-User(v4-7-test): Stefan Metzmacher <metze@samba.org> Autobuild-Date(v4-7-test): Tue Mar 20 21:51:18 CET 2018 on sn-devel-144
* CVE-2018-1057: s4:dsdb/acl: changing dBCSPwd is only allowed with a controlRalph Boehme2018-03-131-1/+10
| | | | | | | | | | This is not strictly needed to fig bug 13272, but it makes sense to also fix this while fixing the overall ACL checking logic. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* CVE-2018-1057: s4:dsdb: use DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OIDRalph Boehme2018-03-132-4/+67
| | | | | | | | | | | | This is used to pass information about which password change operation (change or reset) the acl module validated, down to the password_hash module. It's very important that both modules treat the request identical. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
View Lorry Controller Status