[SCM] Samba Shared Repository - branch v4-7-stable updated
Karolin Seeger
kseeger at samba.org
Tue Aug 14 07:48:11 UTC 2018
The branch, v4-7-stable has been updated
via 3e5da7e VERSION: Disable GIT_SNAPSHOT for the 4.7.9 release.
via 36ad973 WHATSNEW: Add release notes for Samba 4.7.9.
via 9ff1d90 CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it is disabled via "ntlm auth".
via cd2e11d CVE-2018-1139 selftest: verify whether ntlmv1 can be used via SMB1 when it is disabled.
via 304ad86 CVE-2018-1139 s3-utils: use enum ntlm_auth_level in ntlm_password_check().
via 29f2fe7 CVE-2018-1139 libcli/auth: fix debug messages in hash_password_check()
via a5fe27c CVE-2018-1139 libcli/auth: Add initial tests for ntlm_password_check()
via b2a68d6 selftest/tests.py: remove always-needed, never-set with_cmocka flag
via e0bb0b6 CVE-2018-10919 tests: Add extra test for dirsync deleted object corner-case
via 9b17ce9 CVE-2018-10919 acl_read: Fix unauthorized attribute access via searches
via 717bde3 CVE-2018-10919 acl_read: Flip the logic in the dirsync check
via df6c1db CVE-2018-10919 acl_read: Small refactor to aclread_callback()
via e95c621 CVE-2018-10919 acl_read: Split access_mask logic out into helper function
via ddd6279 CVE-2018-10919 tests: test ldap searches for non-existent attributes.
via 1594cad CVE-2018-10919 security: Fix checking of object-specific CONTROL_ACCESS rights
via 938a55c CVE-2018-10919 tests: Add test case for object visibility with limited rights
via 49920e7 CVE-2018-10919 tests: Add tests for guessing confidential attributes
via 81865e8 CVE-2018-10919 security: Add more comments to the object-specific access checks
via 12f97f9 CVE-2018-10919 security: Move object-specific access checks into separate function
via 49d940f CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when not servicePrincipalName is set on a user
via 011d25d CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against returns from malicious servers.
via 02db55b CVE-2018-10858: libsmb: Ensure smbc_urlencode() can't overwrite passed in buffer.
via 9cf4b08 VERSION: Bump version up to 4.7.9...
via c216a22 VERSION: Disable GIT_SNAPSHOT for the 4.7.8 release.
via 8d6bfb4 WHATSNEW: Add release notes for Samba 4.7.8.
via ca441a0 python: Fix talloc frame use in make_simple_acl().
via 03cfdb0 s3: smbd: printing: Re-implement delete-on-close semantics for print files missing since 3.5.x.
via 1f1edc0 s4-heimdal: Fix the format-truncation errors.
via db362df s3: smbtorture: Add new SMB2-DIR-FSYNC test to show behavior of FSYNC on directories.
via a743be8 s3: smbd: Fix SMB2-FLUSH against directories.
via d3c2cc2 smbd: Flush dfree memcache on service reload
via b310f37 smbd: Cache dfree information based on query path
via bf63e6f memcache: Add new cache type for dfree information
via 5cbb3c3 selftest: Add test for 'dfree cache'
via 9d9d959 selftest: Add dfq_cache share with 'dfree cache time' set
via f156d20 lib/util: Call log_stack_trace() in smb_panic_default()
via 0dc4806 lib/util: Move log_stack_trace() to common code
via 67d037c lib/util: Log PANIC before calling pacic action just like s3
via 8f9be61 s3-lib: Remove support for libexc for IRIX backtraces
via e322613 s3:utils: Do not segfault on error in DoDNSUpdate()
via e8489ae auth/ntlmssp: fix handling of GENSEC_FEATURE_LDAP_STYLE as a server
via 7731ad2 s4:selftest: run test_ldb_simple.sh with more auth options
via 0edc63e auth/ntlmssp: add ntlmssp_client:ldap_style_send_seal option
via 603bc01 s3:smbd: fix interaction between chown and SD flags
via b99d51f s4:torture/smb2: new test for interaction between chown and SD flags
via 6a8939c nsswitch:tests: Add test for wbinfo --user-info
via 0c8b0b0 selftest: Add a user with a different userPrincipalName
via 67dc018 nsswitch: Lookup the domain in tests with the wb seperator
via b3bdf4b nsswitch: Add a test looking up domain sid
via 9fbdbe6 nsswitch: Add a test looking up the user using the upn
via 0f2e271 winbindd: Name<->SID cache is not sequence number based anymore
via a92c5dc winbindd: Move name<->sid cache to gencache
via ea49628 winbindd: Factor out winbindd_domain_init_backend from get_cache()
via 7626db2 net: Parse namemap_cache in "net cache list"
via ccad9a3 lib: Add namemap_cache
via afcffa9 lib: Pass blob instead of &blob to gencache_set_data_blob
via 18664ed lib: Allow parsing a strv from a non-talloc const buf
via 5c5c38b lib: Only call strlen if necessary in strv
via 9d402a9 lib: Pass in "strv_len" to strv_valid_entry
via 4dc19ac s3: VFS: Fix memory leak in vfs_ceph.
via 91edd9c winbindd: Do re-connect if the RPC call fails in the passdb case
via 6a41a0d winbindd: Add a cache of the samr and lsa handles for the passdb domain
via 139743e vfs_ceph: add fake async pwrite/pread send/recv hooks
via bf466d2 s3: libsmbclient: Fix hard-coded connection error return of ETIMEDOUT.
via 989c684 ceph: VFS: Add asynchronous fsync to ceph module, fake using synchronous call.
via 314f0e1 rpc_server: Fix NetSessEnum with stale sessions
via 0797e58 selftest: Add testcase for querying sessions after smbd crash
via cfbcd62 rpcclient: Print number of entries for NetSessEnum
via 1f5faf4 printing: return the same error code as windows does on upload failures
via 6db05c0 s3: tests: Regression test to ensure we can never return a DIRECTORY attribute on a stream.
via 8607fea s3: smbd. Generic fix for incorrect reporting of stream dos attributes on a directory
via db8296b s3: vfs: vfs_streams_xattr: Don't blindly re-use the base file mode bits.
via d4940e6 winbindd: add retry to _winbind_SendToSam
via 4319c43 winbindd: add retry to _winbind_DsrUpdateReadOnlyServerDnsRecords
via 1e6275a winbindd: add retry to _wbint_DsGetDcName
via b7c598d winbindd: add retry to _wbint_LookupSids()
via b0a14aec winbindd: use reset_cm_connection_on_error() instead of dcerpc_binding_handle_is_connected()
via 1b7c16a winbindd: fix logic calling dcerpc_binding_handle_is_connected()
via 76a4df1 winbindd: call dcerpc_binding_handle_is_connected() from reset_cm_connection_on_error()
via 30dd8bc winbindd: force netlogon reauth for certain errors in reset_cm_connection_on_error()
via 5fde0c6 winbindd: call reset_cm_connection_on_error() from reconnect_need_retry()
via 3ef2377 winbindd: make reset_cm_connection_on_error() public
via 406a8f3 winbindd: check for NT_STATUS_IO_DEVICE_ERROR in reset_cm_connection_on_error()
via 4f793f6 winbindd: add and use ldap_reconnect_need_retry() in winbindd_reconnect_ads.c
via bc655b6 winbind: Keep "force_reauth" in invalidate_cm_connection
via 8da9fb5 winbind: Add smbcontrol disconnect-dc
via 91fd11d utils: Add destroy_netlogon_creds_cli
via d6ac540 nsswitch: fix memory leak in winbind_open_pipe_sock() when the privileged pipe is not accessable.
via 825aea7 s4:rpc_server: fix call_id truncation in dcesrv_find_fragmented_call()
via bdfdf93 tests:dcerpc/raw_protocol: reproduce call_id truncation bug
via 7a636de winbindd: initialize type = SID_NAME_UNKNOWN in wb_lookupsids_single_done()
via d1869c6 winbindd: don't split the rid for SID_NAME_DOMAIN sids in wb_lookupsids
via 38af417 s3:passdb: Do not return OK if we don't have pinfo set up
via 7a58eb8 lib/util: remove unused '#include <sys/syscall.h>' from tests/tfork.c
via 5d00889 winbind: Use one queue for all domain children
via 470aa11 winbind: Maintain a binding handle per domain and always go via wb_domain_request_send()
via fe8982b winbind: make choose_domain_child() static
via 8a544c7 winbind: add locator_child_handle() and use it instead of child->binding_handle
via 136c16e winbind: add idmap_child_handle() and use it instead of child->binding_handle
via 128789f winbind: improve wb_domain_request_send() to use wb_dsgetdcname_send() for a foreign domain
via 5bbe243 winbind: use state->{ev,request} in wb_domain_request_send()
via ed83d30 winbind: avoid using fstrcpy(dcname,...) in _dual_init_connection
via bd14266 winbind: cleanup winbindd_cli_state->pwent_state if winbindd_getpwent_recv() returns an error
via e404058 winbind: cleanup winbindd_cli_state->grent_state if winbindd_getgrent_recv() returns an error
via 2594449 winbind: call lp_winbind_enum_{users,groups}() already in set{pw,gr}ent()
via 06c5e07 winbind: protect a pending wb_child_request against a talloc_free()
via dbb72ad winbind: use tevent_queue_wait_send/recv in wb_child_request_*()
via 28680d7 winbind: Improve child selection
via e19b0731 smbclient: Handle ENUM_DIR in "notify" command
via 0c5e24d libsmb: Handle IO_TIMEOUT in cli_smb2_notify properly
via b28593e libsmb: Handle long-running smb2cli_notify
via 3c3746f libsmb: Enable "cli_notify" for SMB2+
via 41666d5 libsmb: Add cli_smb2_notify
via 898297b libsmb: Add smb2cli_notify()
via 8b47aed rpc_server: Init local_server_* in make_internal_rpc_pipe_socketpair
via 80b822b tevent: version 0.9.36
via c2a3333 tevent: add tevent_queue_entry_untrigger()
via 55b8d61 tevent: improve documentation of tevent_queue_add_optimize_empty()
via a588c39 tevent: version 0.9.35
via 5457c2f lib/async_req/async_sock.c set socket close on exec
via b344866 lib/tevent/echo_server.c set socket close on exec
via 7206dfd tevent: Fix typos
via 772ca21 lib: tevent: Minor cleanup. wakeup_fd can always be gotten from the event context.
via bc24206 lib: tevent: Use system <tevent.h>, not internal header path (except in self-test).
via 383f130 libads: Fix the build --without-ads
via 2366b51 VERISON: Bump version up to 4.7.8...
via 41f51e0 WHATSNEW: Fix release date.
via c2df74d Revert "VERISON: Bump version up to 4.7.8..."
via a79aad4 VERISON: Bump version up to 4.7.8...
from 19a46b0 WHATSNEW: Add release notes for Samba 4.7.7.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-stable
- Log -----------------------------------------------------------------
commit 3e5da7e8878a78da96fbdccd05953c791560a6b5
Author: Karolin Seeger <kseeger at samba.org>
Date: Sat Aug 11 22:02:56 2018 +0200
VERSION: Disable GIT_SNAPSHOT for the 4.7.9 release.
o CVE-2018-1139 (Weak authentication protocol allowed.)
o CVE-2018-10858 (Insufficient input validation on client directory
listing in libsmbclient.)
o CVE-2018-10918 (Denial of Service Attack on AD DC DRSUAPI server.)
o CVE-2018-10919 (Confidential attribute disclosure from the AD LDAP
server.)
Signed-off-by: Karolin Seeger <kseeger at samba.org>
commit 36ad97328c8c131428052ce0b399a44408bb4435
Author: Karolin Seeger <kseeger at samba.org>
Date: Sat Aug 11 22:01:50 2018 +0200
WHATSNEW: Add release notes for Samba 4.7.9.
o CVE-2018-1139 (Weak authentication protocol allowed.)
o CVE-2018-10858 (Insufficient input validation on client directory
listing in libsmbclient.)
o CVE-2018-10918 (Denial of Service Attack on AD DC DRSUAPI server.)
o CVE-2018-10919 (Confidential attribute disclosure from the AD LDAP
server.)
Signed-off-by: Karolin Seeger <kseeger at samba.org>
commit 9ff1d906d0945c644b964f2e577547927387ac6e
Author: Günther Deschner <gd at samba.org>
Date: Tue Mar 13 16:56:20 2018 +0100
CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it is disabled via "ntlm auth".
This fixes a regression that came in via 00db3aba6cf9ebaafdf39ee2f9c7ba5ec2281ea0.
Found by Vivek Das <vdas at redhat.com> (Red Hat QE).
In order to demonstrate simply run:
smbclient //server/share -U user%password -mNT1 -c quit \
--option="client ntlmv2 auth"=no \
--option="client use spnego"=no
against a server that uses "ntlm auth = ntlmv2-only" (our default
setting).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13360
CVE-2018-1139: Weak authentication protocol allowed.
Guenther
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit cd2e11d9036782d9bf2ac553285694211cce856c
Author: Günther Deschner <gd at samba.org>
Date: Fri Mar 16 17:25:12 2018 +0100
CVE-2018-1139 selftest: verify whether ntlmv1 can be used via SMB1 when it is disabled.
Right now, this test will succeed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13360
CVE-2018-1139: Weak authentication protocol allowed.
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 304ad864cf81d6064f57b98b7ac6cd2642e9d6d3
Author: Günther Deschner <gd at samba.org>
Date: Wed Mar 14 15:35:01 2018 +0100
CVE-2018-1139 s3-utils: use enum ntlm_auth_level in ntlm_password_check().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13360
CVE-2018-1139: Weak authentication protocol allowed.
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 29f2fe7d072d37644592e1cf6bc069de60c5f607
Author: Günther Deschner <gd at samba.org>
Date: Wed Mar 14 15:36:05 2018 +0100
CVE-2018-1139 libcli/auth: fix debug messages in hash_password_check()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13360
CVE-2018-1139: Weak authentication protocol allowed.
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit a5fe27c10e776ad59288762330ab513439efbfb2
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Jul 27 08:44:24 2018 +1200
CVE-2018-1139 libcli/auth: Add initial tests for ntlm_password_check()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13360
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
commit b2a68d6badbf8ea8662f788c903ebe3f802cea53
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Feb 22 11:54:45 2018 +1300
selftest/tests.py: remove always-needed, never-set with_cmocka flag
We have cmocka in third_party, so we are never without it.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(Backported from commit 33ef0e57a4f08eae5ea06f482374fbc0a1014de6
by Andrew Bartlett)
commit e0bb0b6f74e32a7a0ddd7251f1c305eb38363359
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Wed Aug 1 13:51:42 2018 +1200
CVE-2018-10919 tests: Add extra test for dirsync deleted object corner-case
The acl_read.c code contains a special case to allow dirsync to
work-around having insufficient access rights. We had a concern that
the dirsync module could leak sensitive information for deleted objects.
This patch adds a test-case to prove whether or not this is happening.
The new test case is similar to the existing dirsync test except:
- We make the confidential attribute also preserve-on-delete, so it
hangs around for deleted objcts. Because the attributes now persist
across test case runs, I've used a different attribute to normal.
(Technically, the dirsync search expressions are now specific enough
that the regular attribute could be used, but it would make things
quite fragile if someone tried to add a new test case).
- To handle searching for deleted objects, the search expressions are
now more complicated. Currently dirsync adds an extra-filter to the
'!' searches to exclude deleted objects, i.e. samaccountname matches
the test-objects AND the object is not deleted. We now extend this to
include deleted objects with lastKnownParent equal to the test OU.
The search expression matches either case so that we can use the same
expression throughout the test (regardless of whether the object is
deleted yet or not).
This test proves that the dirsync corner-case does not actually leak
sensitive information on Samba. This is due to a bug in the dirsync
code - when the buggy line is removed, this new test promptly fails.
Test also passes against Windows.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
commit 9b17ce9a1f46e8519302eb6ec72f1104560bf953
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Fri Jul 20 15:42:36 2018 +1200
CVE-2018-10919 acl_read: Fix unauthorized attribute access via searches
A user that doesn't have access to view an attribute can still guess the
attribute's value via repeated LDAP searches. This affects confidential
attributes, as well as ACLs applied to an object/attribute to deny
access.
Currently the code will hide objects if the attribute filter contains an
attribute they are not authorized to see. However, the code still
returns objects as results if confidential attribute is in the search
expression itself, but not in the attribute filter.
To fix this problem we have to check the access rights on the attributes
in the search-tree, as well as the attributes returned in the message.
Points of note:
- I've preserved the existing dirsync logic (the dirsync module code
suppresses the result as long as the replPropertyMetaData attribute is
removed). However, there doesn't appear to be any test that highlights
that this functionality is required for dirsync.
- To avoid this fix breaking the acl.py tests, we need to still permit
searches like 'objectClass=*', even though we don't have Read Property
access rights for the objectClass attribute. The logic that Windows
uses does not appear to be clearly documented, so I've made a best
guess that seems to mirror Windows behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
commit 717bde3288704d501368ca650963e2648d005c55
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Mon Jul 30 16:00:15 2018 +1200
CVE-2018-10919 acl_read: Flip the logic in the dirsync check
This better reflects the special case we're making for dirsync, and gets
rid of a 'if-else' clause.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
commit df6c1dbeb27ab4c7dedc2461a9d20a6b67ffdda4
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Thu Jul 26 12:20:49 2018 +1200
CVE-2018-10919 acl_read: Small refactor to aclread_callback()
Flip the dirsync check (to avoid a double negative), and use a helper
boolean variable.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
commit e95c621a7f243058a24f00a02e25d5edde35565d
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Fri Jul 20 13:52:24 2018 +1200
CVE-2018-10919 acl_read: Split access_mask logic out into helper function
So we can re-use the same logic laster for checking the search-ops.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
commit ddd6279e122405e87770db173234a26c5d81a616
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Fri Aug 3 15:51:28 2018 +1200
CVE-2018-10919 tests: test ldap searches for non-existent attributes.
It is perfectly legal to search LDAP for an attribute that is not part
of the schema. That part of the query should simply not match.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
commit 1594cade555d96461b5b9db9965d8cdf9f5e45e0
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Fri Jul 20 13:01:00 2018 +1200
CVE-2018-10919 security: Fix checking of object-specific CONTROL_ACCESS rights
An 'Object Access Allowed' ACE that assigned 'Control Access' (CR)
rights to a specific attribute would not actually grant access.
What was happening was the remaining_access mask for the object_tree
nodes would be Read Property (RP) + Control Access (CR). The ACE mapped
to the schemaIDGUID for a given attribute, which would end up being a
child node in the tree. So the CR bit was cleared for a child node, but
not the rest of the tree. We would then check the user had the RP access
right, which it did. However, the RP right was cleared for another node
in the tree, which still had the CR bit set in its remaining_access
bitmap, so Samba would not grant access.
Generally, the remaining_access only ever has one bit set, which means
this isn't a problem normally. However, in the Control Access case there
are 2 separate bits being checked, i.e. RP + CR.
One option to fix this problem would be to clear the remaining_access
for the tree instead of just the node. However, the Windows spec is
actually pretty clear on this: if the ACE has a CR right present, then
you can stop any further access checks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
commit 938a55cf348bd95a5a9d940e1894d5a6df3251db
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Tue Jul 31 14:14:20 2018 +1200
CVE-2018-10919 tests: Add test case for object visibility with limited rights
Currently Samba is a bit disclosive with LDB_OP_PRESENT (i.e.
attribute=*) searches compared to Windows.
All the acl.py tests are based on objectClass=* searches, where Windows
will happily tell a user about objects they have List Contents rights,
but not Read Property rights for. However, if you change the attribute
being searched for, suddenly the objects are no longer visible on
Windows (whereas they are on Samba).
This is a problem, because Samba can tell you about which objects have
confidential attributes, which in itself could be disclosive.
This patch adds a acl.py test-case that highlights this behaviour. The
test passes against Windows but fails against Samba.
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
commit 49920e7b218770433708cd5889bbf1f9b51d30c0
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Mon Jul 9 15:57:59 2018 +1200
CVE-2018-10919 tests: Add tests for guessing confidential attributes
Adds tests that assert that a confidential attribute cannot be guessed
by an unprivileged user through wildcard DB searches.
The tests basically consist of a set of DB searches/assertions that
get run for:
- basic searches against a confidential attribute
- confidential attributes that get overridden by giving access to the
user via an ACE (run against a variety of ACEs)
- protecting a non-confidential attribute via an ACL that denies read-
access (run against a variety of ACEs)
- querying confidential attributes via the dirsync controls
These tests all pass when run against a Windows Dc and all fail against
a Samba DC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
commit 81865e8584a0f597650a9df31d49bad3e7549d26
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Fri Jul 20 13:13:50 2018 +1200
CVE-2018-10919 security: Add more comments to the object-specific access checks
Reading the spec and then reading the code makes sense, but we could
comment the code more so it makes sense on its own.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
commit 12f97f9f69d3ace751c9b49f739aecc4e452dd35
Author: Tim Beale <timbeale at catalyst.net.nz>
Date: Thu Jul 19 16:03:36 2018 +1200
CVE-2018-10919 security: Move object-specific access checks into separate function
Object-specific access checks refer to a specific section of the
MS-ADTS, and the code closely matches the spec. We need to extend this
logic to properly handle the Control-Access Right (CR), so it makes
sense to split the logic out into its own function.
This patch just moves the code, and should not alter the logic (apart
from ading in the boolean grant_access return variable.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
commit 49d940f8e335b8af6daf65ac6d3cce45db09ca8e
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Jul 30 14:00:18 2018 +1200
CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when not servicePrincipalName is set on a user
This regression was introduced in Samba 4.7 by bug 12842 and in
master git commit eb2e77970e41c1cb62c041877565e939c78ff52d.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13552
CVE-2018-10918: Denial of Service Attack on AD DC DRSUAPI server.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
commit 011d25d5f653246770fa58b7dcff26740369c6ef
Author: Jeremy Allison <jra at samba.org>
Date: Fri Jun 15 15:08:17 2018 -0700
CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against returns from malicious servers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13453
CVE-2018-10858: Insufficient input validation on client directory
listing in libsmbclient.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 02db55b4074e0ceebb87a75105e8ef79c3dcf032
Author: Jeremy Allison <jra at samba.org>
Date: Fri Jun 15 15:07:17 2018 -0700
CVE-2018-10858: libsmb: Ensure smbc_urlencode() can't overwrite passed in buffer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13453
CVE-2018-10858: Insufficient input validation on client directory
listing in libsmbclient.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 9cf4b08046987b1a9586b3f53d1b08fc0ab5f456
Author: Karolin Seeger <kseeger at samba.org>
Date: Thu Jun 21 09:58:10 2018 +0200
VERSION: Bump version up to 4.7.9...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
(cherry picked from commit 0b9501442285fc17eb508d3d7afac1938850363a)
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 201 +++-
auth/ntlmssp/gensec_ntlmssp_server.c | 19 -
auth/ntlmssp/ntlmssp_client.c | 24 +-
auth/ntlmssp/ntlmssp_server.c | 8 +
lib/async_req/async_connect_send_test.c | 2 +-
lib/async_req/async_sock.c | 1 +
.../ABI/{tevent-0.9.34.sigs => tevent-0.9.35.sigs} | 0
.../ABI/{tevent-0.9.34.sigs => tevent-0.9.36.sigs} | 1 +
lib/tevent/echo_server.c | 1 +
lib/tevent/testsuite.c | 2 +-
lib/tevent/tevent.h | 29 +-
lib/tevent/tevent_internal.h | 1 -
lib/tevent/tevent_queue.c | 13 +
lib/tevent/tevent_threads.c | 4 +-
lib/tevent/wscript | 2 +-
lib/util/fault.c | 107 +-
lib/util/fault.h | 1 +
lib/util/memcache.h | 3 +-
lib/util/strv.c | 50 +-
lib/util/strv.h | 2 +
lib/util/tests/tfork.c | 1 -
lib/util/wscript_configure | 1 +
libcli/auth/ntlm_check.c | 10 +-
libcli/auth/tests/ntlm_check.c | 413 ++++++++
libcli/auth/wscript_build | 13 +
libcli/security/access_check.c | 110 ++-
libcli/smb/smb2cli_notify.c | 214 ++++
libcli/smb/smbXcli_base.h | 26 +
libcli/smb/wscript | 1 +
librpc/idl/messaging.idl | 1 +
nsswitch/tests/test_idmap_nss.sh | 4 +-
nsswitch/tests/test_idmap_rid.sh | 2 +-
nsswitch/tests/test_wbinfo_name_lookup.sh | 13 +-
nsswitch/tests/test_wbinfo_user_info.sh | 83 ++
nsswitch/wb_common.c | 4 +-
python/samba/tests/dcerpc/raw_protocol.py | 2 +-
selftest/knownfail | 4 +-
selftest/knownfail.d/upn_handling | 11 +
selftest/target/Samba3.pm | 10 +
selftest/target/Samba4.pm | 19 +-
selftest/tests.py | 20 +-
source3/client/client.c | 9 +-
source3/include/local.h | 3 -
source3/include/proto.h | 1 -
source3/lib/gencache.c | 12 +-
source3/lib/gencache.h | 2 +-
source3/lib/namemap_cache.c | 323 ++++++
source3/lib/namemap_cache.h | 45 +
source3/lib/util.c | 139 ---
source3/libads/kerberos_keytab.c | 4 +
source3/libsmb/cli_smb2_fnum.c | 101 ++
source3/libsmb/cli_smb2_fnum.h | 5 +
source3/libsmb/clifile.c | 10 +-
source3/libsmb/dsgetdcname.c | 7 +-
source3/libsmb/libsmb_dir.c | 57 +-
source3/libsmb/libsmb_path.c | 9 +-
source3/libsmb/libsmb_server.c | 2 +-
source3/modules/vfs_acl_common.c | 7 +-
source3/modules/vfs_ceph.c | 181 +++-
source3/modules/vfs_streams_xattr.c | 2 +
source3/passdb/machine_account_secrets.c | 2 +-
source3/printing/nt_printing.c | 2 +-
source3/printing/printspoolss.c | 17 +
source3/rpc_server/rpc_ncacn_np.c | 31 +-
source3/rpc_server/rpc_ncacn_np.h | 18 +-
source3/rpc_server/srv_pipe_hnd.c | 18 +-
source3/rpcclient/cmd_srvsvc.c | 2 +
source3/script/tests/test_dfree_quota.sh | 35 +
source3/script/tests/test_rpcclient_netsessenum.sh | 55 ++
source3/script/tests/test_smbclient_s3.sh | 76 ++
source3/selftest/tests.py | 26 +-
source3/smbd/dfree.c | 104 +-
source3/smbd/dosmode.c | 22 +
source3/smbd/proto.h | 1 +
source3/smbd/pysmbd.c | 49 +-
source3/smbd/server_reload.c | 1 +
source3/smbd/session.c | 4 +
source3/smbd/smb2_flush.c | 26 +-
source3/torture/proto.h | 1 +
source3/torture/test_smb2.c | 270 ++++++
source3/torture/torture.c | 5 +-
source3/utils/destroy_netlogon_creds_cli.c | 136 +++
source3/utils/net_cache.c | 19 +
source3/utils/net_dns.c | 1 +
source3/utils/ntlm_auth.c | 6 +-
source3/utils/smbcontrol.c | 14 +
source3/utils/wscript_build | 9 +
source3/winbindd/wb_dsgetdcname.c | 10 +-
source3/winbindd/wb_lookupsids.c | 6 +-
source3/winbindd/wb_sids2xids.c | 6 +-
source3/winbindd/winbindd.c | 4 +
source3/winbindd/winbindd.h | 3 +
source3/winbindd/winbindd_allocate_gid.c | 6 +-
source3/winbindd/winbindd_allocate_uid.c | 6 +-
source3/winbindd/winbindd_cache.c | 352 +++----
source3/winbindd/winbindd_cm.c | 18 +-
source3/winbindd/winbindd_dsgetdcname.c | 6 +-
source3/winbindd/winbindd_dual.c | 306 ++++--
source3/winbindd/winbindd_dual_ndr.c | 61 +-
source3/winbindd/winbindd_dual_srv.c | 141 ++-
source3/winbindd/winbindd_getgrent.c | 9 +-
source3/winbindd/winbindd_getpwent.c | 6 +-
source3/winbindd/winbindd_idmap.c | 5 +
source3/winbindd/winbindd_locator.c | 5 +
source3/winbindd/winbindd_proto.h | 18 +-
source3/winbindd/winbindd_reconnect.c | 8 +-
source3/winbindd/winbindd_reconnect_ads.c | 58 +-
source3/winbindd/winbindd_samr.c | 395 +++++---
source3/winbindd/winbindd_setgrent.c | 5 +
source3/winbindd/winbindd_setpwent.c | 5 +
source3/winbindd/winbindd_util.c | 19 +-
source3/wscript | 2 +-
source3/wscript_build | 1 +
source4/dsdb/samdb/cracknames.c | 8 +-
source4/dsdb/samdb/ldb_modules/acl_read.c | 331 ++++++-
source4/dsdb/tests/python/acl.py | 68 ++
source4/dsdb/tests/python/confidential_attr.py | 1025 ++++++++++++++++++++
source4/dsdb/tests/python/ldap.py | 9 +
source4/heimdal/lib/com_err/compile_et.c | 6 +-
source4/librpc/rpc/dcerpc_roh_channel_in.c | 2 +-
source4/librpc/rpc/dcerpc_roh_channel_out.c | 2 +-
source4/rpc_server/dcerpc_server.c | 2 +-
source4/selftest/tests.py | 10 +
source4/torture/drs/python/cracknames.py | 38 +
source4/torture/smb2/acls.c | 278 ++++++
source4/torture/smb2/rename.c | 2 +-
127 files changed, 5657 insertions(+), 889 deletions(-)
copy lib/tevent/ABI/{tevent-0.9.34.sigs => tevent-0.9.35.sigs} (100%)
copy lib/tevent/ABI/{tevent-0.9.34.sigs => tevent-0.9.36.sigs} (99%)
create mode 100644 libcli/auth/tests/ntlm_check.c
create mode 100644 libcli/smb/smb2cli_notify.c
create mode 100755 nsswitch/tests/test_wbinfo_user_info.sh
create mode 100644 selftest/knownfail.d/upn_handling
create mode 100644 source3/lib/namemap_cache.c
create mode 100644 source3/lib/namemap_cache.h
create mode 100755 source3/script/tests/test_rpcclient_netsessenum.sh
create mode 100644 source3/utils/destroy_netlogon_creds_cli.c
create mode 100755 source4/dsdb/tests/python/confidential_attr.py
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index f9f4813..8348485 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=7
-SAMBA_VERSION_RELEASE=7
+SAMBA_VERSION_RELEASE=9
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 3eea285..c812417 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,6 +1,201 @@
=============================
+ Release Notes for Samba 4.7.9
+ August 14, 2018
+ =============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2018-1139 (Weak authentication protocol allowed.)
+o CVE-2018-10858 (Insufficient input validation on client directory
+ listing in libsmbclient.)
+o CVE-2018-10918 (Denial of Service Attack on AD DC DRSUAPI server.)
+o CVE-2018-10919 (Confidential attribute disclosure from the AD LDAP
+ server.)
+
+
+=======
+Details
+=======
+
+o CVE-2018-1139:
+ Vulnerability that allows authentication via NTLMv1 even if disabled.
+
+o CVE-2018-10858:
+ A malicious server could return a directory entry that could corrupt
+ libsmbclient memory.
+
+o CVE-2018-10918:
+ Missing null pointer checks may crash the Samba AD DC, over the
+ authenticated DRSUAPI RPC service.
+
+o CVE-2018-10919:
+ Missing access control checks allow discovery of confidential attribute
+ values via authenticated LDAP search expressions.
+
+
+Changes since 4.7.8:
+--------------------
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 13453: CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against
+ returns from malicious servers.
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 13552: CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when
+ not servicePrincipalName is set on a user.
+
+o Tim Beale <timbeale at catalyst.net.nz>
+ * BUG 13434: CVE-2018-10919: acl_read: Fix unauthorized attribute access via
+ searches.
+
+o Günther Deschner <gd at samba.org>
+ * BUG 13360: CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it
+ is disabled via "ntlm auth".
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+ =============================
+ Release Notes for Samba 4.7.8
+ June 21, 2018
+ =============================
+
+
+This is the latest stable release of the Samba 4.7 release series.
+
+
+Changes since 4.7.7:
+--------------------
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 13380: s3: smbd: Generic fix for incorrect reporting of stream dos
+ attributes on a directory.
+ * BUG 13412: ceph: VFS: Add asynchronous fsync to ceph module, fake using
+ synchronous call.
+ * BUG 13419: s3: libsmbclient: Fix hard-coded connection error return of
+ ETIMEDOUT.
+ * BUG 13428: s3: smbd: Fix SMB2-FLUSH against directories.
+ * BUG 13457: s3: smbd: printing: Re-implement delete-on-close semantics for
+ print files missing since 3.5.x.
+ * BUG 13474: python: Fix talloc frame use in make_simple_acl().
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 13430: winbindd on the AD DC is slow for passdb queries.
+ * BUG 13454: No Backtrace given by Samba's AD DC by default.
+
+o Ralph Boehme <slow at samba.org>
+ * BUG 13332: winbindd doesn't recover loss of netlogon secure channel in
+ case the peer DC is rebooted.
+ * BUG 13432: s3:smbd: Fix interaction between chown and SD flags.
+
+o Günther Deschner <gd at samba.org>
+ * BUG 13437: s4-heimdal: Fix the format-truncation errors.
+
+o David Disseldorp <ddiss at samba.org>
+ * BUG 13425: vfs_ceph: Add fake async pwrite/pread send/recv hooks.
+
+o Björn Jacke <bjacke at samba.org>
+ * BUG 13395: printing: Return the same error code as Windows does on upload
+ failures.
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 13290: winbind: Improve child selection.
+ * BUG 13292: winbind: Maintain a binding handle per domain and always go via
+ wb_domain_request_send().
+ * BUG 13332: winbindd doesn't recover loss of netlogon secure channel in
+ case the peer DC is rebooted.
+ * BUG 13369: Looking up the user using the UPN results in user name with the
+ REALM instead of the DOMAIN.
+ * BUG 13370: rpc_server: Init local_server_* in
+ make_internal_rpc_pipe_socketpair.
+ * BUG 13382: smbclient: Fix broken notify.
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 13273: libads: Fix the build --without-ads.
+ * BUG 13279: winbindd: Don't split the rid for SID_NAME_DOMAIN sids in
+ wb_lookupsids.
+ * BUG 13280: winbindd: initialize type = SID_NAME_UNKNOWN in
+ wb_lookupsids_single_done().
+ * BUG 13289: s4:rpc_server: Fix call_id truncation in
+ dcesrv_find_fragmented_call().
+ * BUG 13290: A disconnecting winbind client can cause a problem in the
+ winbind parent child communication.
+ * BUG 13291: tevent: version 0.9.36
+ - improve documentation of tevent_queue_add_optimize_empty()
+ - add tevent_queue_entry_untrigger()
+ * BUG 13292: winbind: Use one queue for all domain children.
+ * BUG 13293: Minimize the lifetime of winbindd_cli_state->{pw,gr}ent_state.
+ * BUG 13294: winbind should avoid using fstrcpy(domain->dcname,...) on a
+ char *.
+ * BUG 13295: The winbind parent should find the dc of a foreign domain via
+ the primary domain.
+ * BUG 13400: nsswitch: Fix memory leak in winbind_open_pipe_sock() when the
+ privileged pipe is not accessable.
+ * BUG 13427: Fix broken server side GENSEC_FEATURE_LDAP_STYLE handling
+ (NTLMSSP NTLM2 packet check failed due to invalid signature!).
+
+o Vandana Rungta <vrungta at amazon.com>
+ * BUG 13424: s3: VFS: Fix memory leak in vfs_ceph.
+
+o Christof Schmitt <cs at samba.org>
+ * BUG 13407: rpc_server: Fix NetSessEnum with stale sessions.
+ * BUG 13446: dfree cache returning incorrect data for sub directory mounts.
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 13369: Looking up the user using the UPN results in user name with the
+ REALM instead of the DOMAIN.
+ * BUG 13376: s3:passdb: Do not return OK if we don't have pinfo set up.
+ * BUG 13440: s3:utils: Do not segfault on error in DoDNSUpdate().
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ =============================
Release Notes for Samba 4.7.7
- April 12, 2018
+ April 17, 2018
=============================
@@ -100,8 +295,8 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
=============================
Release Notes for Samba 4.7.6
diff --git a/auth/ntlmssp/gensec_ntlmssp_server.c b/auth/ntlmssp/gensec_ntlmssp_server.c
index 561c7cf..a8ca295 100644
--- a/auth/ntlmssp/gensec_ntlmssp_server.c
+++ b/auth/ntlmssp/gensec_ntlmssp_server.c
@@ -176,25 +176,6 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
- if (gensec_security->want_features & GENSEC_FEATURE_SESSION_KEY) {
- ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
- }
- if (gensec_security->want_features & GENSEC_FEATURE_SIGN) {
- ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
-
- if (gensec_security->want_features & GENSEC_FEATURE_LDAP_STYLE) {
- /*
- * We need to handle NTLMSSP_NEGOTIATE_SIGN as
- * NTLMSSP_NEGOTIATE_SEAL if GENSEC_FEATURE_LDAP_STYLE
- * is requested.
- */
- ntlmssp_state->force_wrap_seal = true;
- }
- }
- if (gensec_security->want_features & GENSEC_FEATURE_SEAL) {
- ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
- ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
- }
if (role == ROLE_STANDALONE) {
ntlmssp_state->server.is_standalone = true;
diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c
index 5edd5f4..6e919cc 100644
--- a/auth/ntlmssp/ntlmssp_client.c
+++ b/auth/ntlmssp/ntlmssp_client.c
@@ -862,13 +862,23 @@ NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security)
* is requested.
*/
ntlmssp_state->force_wrap_seal = true;
- /*
- * We want also work against old Samba servers
- * which didn't had GENSEC_FEATURE_LDAP_STYLE
- * we negotiate SEAL too. We may remove this
- * in a few years. As all servers should have
- * GENSEC_FEATURE_LDAP_STYLE by then.
- */
+ }
+ }
+ if (ntlmssp_state->force_wrap_seal) {
+ bool ret;
+
+ /*
+ * We want also work against old Samba servers
+ * which didn't had GENSEC_FEATURE_LDAP_STYLE
+ * we negotiate SEAL too. We may remove this
+ * in a few years. As all servers should have
+ * GENSEC_FEATURE_LDAP_STYLE by then.
+ */
+ ret = gensec_setting_bool(gensec_security->settings,
+ "ntlmssp_client",
+ "ldap_style_send_seal",
+ true);
+ if (ret) {
ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SEAL;
}
}
diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c
index e17074e..42f72ff 100644
--- a/auth/ntlmssp/ntlmssp_server.c
+++ b/auth/ntlmssp/ntlmssp_server.c
@@ -976,6 +976,14 @@ static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security,
data_blob_free(&ntlmssp_state->challenge_blob);
if (gensec_ntlmssp_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
+ if (gensec_security->want_features & GENSEC_FEATURE_LDAP_STYLE) {
+ /*
+ * We need to handle NTLMSSP_NEGOTIATE_SIGN as
+ * NTLMSSP_NEGOTIATE_SEAL if GENSEC_FEATURE_LDAP_STYLE
+ * is requested.
+ */
+ ntlmssp_state->force_wrap_seal = true;
+ }
nt_status = ntlmssp_sign_init(ntlmssp_state);
}
diff --git a/lib/async_req/async_connect_send_test.c b/lib/async_req/async_connect_send_test.c
index 34ea6b7..d570c60 100644
--- a/lib/async_req/async_connect_send_test.c
+++ b/lib/async_req/async_connect_send_test.c
@@ -17,7 +17,7 @@
*/
#include "replace.h"
-#include "lib/tevent/tevent.h"
+#include <tevent.h>
#include "lib/async_req/async_sock.h"
#include <stdio.h>
#include <string.h>
diff --git a/lib/async_req/async_sock.c b/lib/async_req/async_sock.c
index db3916e..0a8a333 100644
--- a/lib/async_req/async_sock.c
+++ b/lib/async_req/async_sock.c
@@ -738,6 +738,7 @@ static void accept_handler(struct tevent_context *ev, struct tevent_fd *fde,
tevent_req_error(req, errno);
return;
}
+ smb_set_close_on_exec(ret);
state->sock = ret;
tevent_req_done(req);
}
diff --git a/lib/tevent/ABI/tevent-0.9.34.sigs b/lib/tevent/ABI/tevent-0.9.35.sigs
similarity index 100%
copy from lib/tevent/ABI/tevent-0.9.34.sigs
copy to lib/tevent/ABI/tevent-0.9.35.sigs
diff --git a/lib/tevent/ABI/tevent-0.9.34.sigs b/lib/tevent/ABI/tevent-0.9.36.sigs
similarity index 99%
copy from lib/tevent/ABI/tevent-0.9.34.sigs
copy to lib/tevent/ABI/tevent-0.9.36.sigs
index 7a6a236..8a579c8 100644
--- a/lib/tevent/ABI/tevent-0.9.34.sigs
+++ b/lib/tevent/ABI/tevent-0.9.36.sigs
@@ -53,6 +53,7 @@ tevent_num_signals: size_t (void)
tevent_queue_add: bool (struct tevent_queue *, struct tevent_context *, struct tevent_req *, tevent_queue_trigger_fn_t, void *)
tevent_queue_add_entry: struct tevent_queue_entry *(struct tevent_queue *, struct tevent_context *, struct tevent_req *, tevent_queue_trigger_fn_t, void *)
tevent_queue_add_optimize_empty: struct tevent_queue_entry *(struct tevent_queue *, struct tevent_context *, struct tevent_req *, tevent_queue_trigger_fn_t, void *)
+tevent_queue_entry_untrigger: void (struct tevent_queue_entry *)
tevent_queue_length: size_t (struct tevent_queue *)
tevent_queue_running: bool (struct tevent_queue *)
tevent_queue_start: void (struct tevent_queue *)
diff --git a/lib/tevent/echo_server.c b/lib/tevent/echo_server.c
index 6e7f181..f93d8bc 100644
--- a/lib/tevent/echo_server.c
+++ b/lib/tevent/echo_server.c
@@ -118,6 +118,7 @@ static void accept_handler(struct tevent_context *ev, struct tevent_fd *fde,
tevent_req_error(req, errno);
return;
}
+ smb_set_close_on_exec(ret);
state->sock = ret;
tevent_req_done(req);
}
diff --git a/lib/tevent/testsuite.c b/lib/tevent/testsuite.c
index ee29e5b..e508452 100644
--- a/lib/tevent/testsuite.c
+++ b/lib/tevent/testsuite.c
@@ -25,7 +25,7 @@
*/
#include "includes.h"
-#include "lib/tevent/tevent.h"
+#include "tevent.h"
#include "system/filesys.h"
#include "system/select.h"
#include "system/network.h"
diff --git a/lib/tevent/tevent.h b/lib/tevent/tevent.h
index 728cf62..7bb9c61 100644
--- a/lib/tevent/tevent.h
+++ b/lib/tevent/tevent.h
@@ -936,8 +936,8 @@ void tevent_req_set_cancel_fn(struct tevent_req *req, tevent_req_cancel_fn fn);
*
* @param[in] req The request to use.
*
- * @return This function returns true is the request is cancelable,
- * othererwise false is returned.
+ * @return This function returns true if the request is
+ * cancelable, otherwise false is returned.
*
* @note Even if the function returns true, the caller need to wait
* for the function to complete normally.
@@ -1611,6 +1611,9 @@ struct tevent_queue_entry *tevent_queue_add_entry(
* already called tevent_req_notify_callback(), tevent_req_error(),
* tevent_req_done() or a similar function.
*
+ * The trigger function has no chance to see the returned
+ * queue_entry in the optimized case.
+ *
* The request can be removed from the queue by calling talloc_free()
* (or a similar function) on the returned queue entry.
*
@@ -1641,6 +1644,28 @@ struct tevent_queue_entry *tevent_queue_add_optimize_empty(
void *private_data);
/**
+ * @brief Untrigger an already triggered queue entry.
+ *
+ * If a trigger function detects that it needs to remain
+ * in the queue, it needs to call tevent_queue_stop()
+ * followed by tevent_queue_entry_untrigger().
+ *
+ * @note In order to call tevent_queue_entry_untrigger()
+ * the queue must be already stopped and the given queue_entry
+ * must be the first one in the queue! Otherwise it calls abort().
+ *
+ * @note You can't use this together with tevent_queue_add_optimize_empty()
+ * because the trigger function don't have access to the quene entry
+ * in the case of an empty queue.
+ *
+ * @param[in] queue_entry The queue entry to rearm.
+ *
+ * @see tevent_queue_add_entry()
+ * @see tevent_queue_stop()
+ */
+void tevent_queue_entry_untrigger(struct tevent_queue_entry *entry);
+
+/**
* @brief Start a tevent queue.
*
* The queue is started by default.
diff --git a/lib/tevent/tevent_internal.h b/lib/tevent/tevent_internal.h
index 47ea39b..ec3955e 100644
--- a/lib/tevent/tevent_internal.h
+++ b/lib/tevent/tevent_internal.h
@@ -235,7 +235,6 @@ struct tevent_threaded_context {
pthread_mutex_t event_ctx_mutex;
#endif
struct tevent_context *event_ctx;
- int wakeup_fd;
};
struct tevent_debug_ops {
diff --git a/lib/tevent/tevent_queue.c b/lib/tevent/tevent_queue.c
index 5516c6c..9c3973b 100644
--- a/lib/tevent/tevent_queue.c
+++ b/lib/tevent/tevent_queue.c
@@ -266,6 +266,19 @@ struct tevent_queue_entry *tevent_queue_add_optimize_empty(
trigger, private_data, true);
}
+void tevent_queue_entry_untrigger(struct tevent_queue_entry *entry)
+{
+ if (entry->queue->running) {
+ abort();
+ }
+
+ if (entry->queue->list != entry) {
+ abort();
+ }
+
+ entry->triggered = false;
+}
+
void tevent_queue_start(struct tevent_queue *queue)
{
if (queue->running) {
diff --git a/lib/tevent/tevent_threads.c b/lib/tevent/tevent_threads.c
index 2e83f1b..2c6e66b 100644
--- a/lib/tevent/tevent_threads.c
+++ b/lib/tevent/tevent_threads.c
@@ -424,7 +424,6 @@ struct tevent_threaded_context *tevent_threaded_context_create(
return NULL;
}
tctx->event_ctx = ev;
- tctx->wakeup_fd = ev->wakeup_fd;
ret = pthread_mutex_init(&tctx->event_ctx_mutex, NULL);
if (ret != 0) {
@@ -489,14 +488,13 @@ void _tevent_threaded_schedule_immediate(struct tevent_threaded_context *tctx,
}
DLIST_ADD_END(ev->scheduled_immediates, im);
+ wakeup_fd = ev->wakeup_fd;
ret = pthread_mutex_unlock(&ev->scheduled_mutex);
if (ret != 0) {
abort();
}
- wakeup_fd = tctx->wakeup_fd;
-
ret = pthread_mutex_unlock(&tctx->event_ctx_mutex);
--
Samba Shared Repository
More information about the samba-cvs
mailing list