[SCM] Samba Shared Repository - branch v4-11-stable updated
Karolin Seeger
kseeger at samba.org
Tue Jun 30 10:13:39 UTC 2020
The branch, v4-11-stable has been updated
via a905508e09e VERSION: Disable GIT_SNAPSHOT for the 4.11.10 release.
via 6fdb3c33990 WHATSNEW: Add release notes for Samba 4.11.10.
via 9e819be438a ldb_ldap: fix off-by-one increment in lldb_add_msg_attr
via 5761f5a199c lib/ldb: add unit test for ldb_ldap internal code
via 0f35dbd96c0 s3: libsmbclient: Finish unifing bad iconv behavior across CORE NT1 SMB2 protocols.
via daddc6956f6 s3: libsmb: In SMB2 return NT_STATUS_INVALID_NETWORK_RESPONSE if name conversion ended up with a NULL filename.
via b8f0a185bba s3: libsmb: In SMB1 old protocol - return NT_STATUS_INVALID_NETWORK_RESPONSE if name conversion ended up with a NULL filename.
via f02467bf688 s3: selftest: Add test_smbclient_iconv.sh to check client behavior on bad name conversion.
via ac45713a18a s3: selftest: Add share definition [bad_iconv] in fileserver.
via d90e5a71c79 winbindd: Fix a use-after-free when winbind clients exit
via d1b03ef8ddc s3: lib: Paranoia around use of snprintf copying into a fixed-size buffer from a getenv() pointer.
via cb50ee7a423 s3:gencache: Allow to open gencache as read-only
via 247e406e985 lib:util: Add test for path_expand_tilde()
via 107526266b2 lib:util: Add path_expand_tilde()
via f47dc8b8f68 docs-xml: Fix usernames in pam_winbind manpages
via f5ee0cc29e4 libsmb: Protect cli_oem_change_password() from rprcnt<2
via e8ffd6244d6 libsmb: Protect cli_RNetServerEnum against rprcnt<6
via 39a3d728a60 libsmb: Protect cli_RNetShareEnum() against rprcnt<6
via f69c9ea345f libsmb: Fix indentation in cli_RNetShareEnum()
via 84362eef4cf vfs_shadow_copy2: implement case canonicalisation in shadow_copy2_get_real_filename()
via 3d60f8ac9fa s3/lib: add is_gmt_token()
via f8805f5db4d smbd: make get_real_filename_full_scan() public
via f23992c09a6 CI: add two tests for shadow_copy2 VFS module
via ecaeedb3183 ldb: Bump version to 2.0.11
via d65f5a1567e lib ldb: lmdb init var before calling mdb_reader_check
via 5fb94e3efc6 lib ldb: lmdb clear stale readers on write txn start
via 9d8ca2233cd ldb tests: Confirm lmdb free list handling
via b6a7b42f9a8 VERSION: Bump version up to 4.11.10...
from 8f72e88335c VERSION: Disable GIT_SNAPSHOT for the 4.11.9 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 63 +-
docs-xml/manpages/pam_winbind.8.xml | 4 +-
docs-xml/manpages/pam_winbind.conf.5.xml | 4 +-
lib/ldb/ABI/{ldb-2.0.10.sigs => ldb-2.0.11.sigs} | 0
...ldb-util-1.1.10.sigs => pyldb-util-2.0.11.sigs} | 0
lib/ldb/ldb_ldap/ldb_ldap.c | 2 -
lib/ldb/ldb_mdb/ldb_mdb.c | 17 +
lib/ldb/tests/ldb_lmdb_free_list_test.c | 661 +++++++++++++++++++++
lib/ldb/tests/lldb_ldap.c | 105 ++++
lib/ldb/wscript | 24 +-
lib/util/tests/test_util_paths.c | 127 ++++
lib/util/util_paths.c | 76 +++
lib/util/util_paths.h | 9 +
lib/util/wscript_build | 5 +
selftest/target/Samba3.pm | 20 +
selftest/tests.py | 2 +
source3/include/proto.h | 1 +
source3/lib/filename_util.c | 19 +
source3/lib/gencache.c | 63 +-
source3/libsmb/cli_smb2_fnum.c | 6 +
source3/libsmb/clilist.c | 10 +-
source3/libsmb/clirap.c | 151 +++--
source3/modules/vfs_shadow_copy2.c | 91 ++-
source3/script/tests/test_shadow_copy.sh | 12 +
source3/script/tests/test_smbclient_iconv.sh | 53 ++
source3/selftest/tests.py | 7 +
source3/smbd/filename.c | 10 +-
source3/smbd/proto.h | 6 +
source3/winbindd/winbindd_dual.c | 28 +-
30 files changed, 1484 insertions(+), 94 deletions(-)
copy lib/ldb/ABI/{ldb-2.0.10.sigs => ldb-2.0.11.sigs} (100%)
copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util-2.0.11.sigs} (100%)
create mode 100644 lib/ldb/tests/ldb_lmdb_free_list_test.c
create mode 100644 lib/ldb/tests/lldb_ldap.c
create mode 100644 lib/util/tests/test_util_paths.c
create mode 100755 source3/script/tests/test_smbclient_iconv.sh
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index c13672ee895..a365113cf15 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=11
-SAMBA_VERSION_RELEASE=9
+SAMBA_VERSION_RELEASE=10
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index e4af7cb4105..c3f04c7993a 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,62 @@
+ ===============================
+ Release Notes for Samba 4.11.10
+ June 30, 2020
+ ===============================
+
+
+This is the latest stable release of the Samba 4.11 release series.
+
+
+Changes since 4.11.9
+--------------------
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 14374: Fix segfault when using SMBC_opendir_ctx() routine for share
+ folder that contains incorrect symbols in any file name.
+
+o Ralph Boehme <slow at samba.org>
+ * BUG 14350: vfs_shadow_copy2 doesn't fail case looking in snapdirseverywhere
+ mode.
+
+o Alexander Bokovoy <ab at samba.org>
+ * BUG 14413: ldb_ldap: Fix off-by-one increment in lldb_add_msg_attr.
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 14366: Malicous SMB1 server can crash libsmbclient.
+ * BUG 14382: winbindd: Fix a use-after-free when winbind clients exit.
+
+o Gary Lockyer <gary at catalyst.net.nz>
+ * BUG 14330: ldb: Bump version to 2.0.11, LMDB databases can grow without
+ bounds.
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 14358: docs-xml: Fix usernames in pam_winbind manpages.
+ * BUG 14370: Client tools are not able to read gencache anymore.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
==============================
Release Notes for Samba 4.11.9
May 05, 2020
@@ -81,8 +140,8 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
==============================
Release Notes for Samba 4.11.8
diff --git a/docs-xml/manpages/pam_winbind.8.xml b/docs-xml/manpages/pam_winbind.8.xml
index b8af5b54c58..a9a227f1647 100644
--- a/docs-xml/manpages/pam_winbind.8.xml
+++ b/docs-xml/manpages/pam_winbind.8.xml
@@ -83,8 +83,8 @@
<listitem><para>
If this option is set, pam_winbind will only succeed if the user is a member of the given SID or NAME. A SID
can be either a group-SID, an alias-SID or even an user-SID. It is also possible to give a NAME instead of the
- SID. That name must have the form: <parameter>MYDOMAIN\\mygroup</parameter> or
- <parameter>MYDOMAIN\\myuser</parameter>. pam_winbind will, in that case, lookup the SID internally. Note that
+ SID. That name must have the form: <parameter>MYDOMAIN\mygroup</parameter> or
+ <parameter>MYDOMAIN\myuser</parameter>. pam_winbind will, in that case, lookup the SID internally. Note that
NAME may not contain any spaces. It is thus recommended to only use SIDs. You can verify the list of SIDs a
user is a member of with <command>wbinfo --user-sids=SID</command>.
</para>
diff --git a/docs-xml/manpages/pam_winbind.conf.5.xml b/docs-xml/manpages/pam_winbind.conf.5.xml
index a5aaa01504d..193a0dc971c 100644
--- a/docs-xml/manpages/pam_winbind.conf.5.xml
+++ b/docs-xml/manpages/pam_winbind.conf.5.xml
@@ -68,8 +68,8 @@
<listitem><para>
If this option is set, pam_winbind will only succeed if the user is a member of the given SID or NAME. A SID
can be either a group-SID, an alias-SID or even an user-SID. It is also possible to give a NAME instead of the
- SID. That name must have the form: <parameter>MYDOMAIN\\mygroup</parameter> or
- <parameter>MYDOMAIN\\myuser</parameter>. pam_winbind will, in that case, lookup the SID internally. Note that
+ SID. That name must have the form: <parameter>MYDOMAIN\mygroup</parameter> or
+ <parameter>MYDOMAIN\myuser</parameter>. pam_winbind will, in that case, lookup the SID internally. Note that
NAME may not contain any spaces. It is thus recommended to only use SIDs. You can verify the list of SIDs a
user is a member of with <command>wbinfo --user-sids=SID</command>. This setting is empty by default.
</para>
diff --git a/lib/ldb/ABI/ldb-2.0.10.sigs b/lib/ldb/ABI/ldb-2.0.11.sigs
similarity index 100%
copy from lib/ldb/ABI/ldb-2.0.10.sigs
copy to lib/ldb/ABI/ldb-2.0.11.sigs
diff --git a/lib/ldb/ABI/pyldb-util-1.1.10.sigs b/lib/ldb/ABI/pyldb-util-2.0.11.sigs
similarity index 100%
copy from lib/ldb/ABI/pyldb-util-1.1.10.sigs
copy to lib/ldb/ABI/pyldb-util-2.0.11.sigs
diff --git a/lib/ldb/ldb_ldap/ldb_ldap.c b/lib/ldb/ldb_ldap/ldb_ldap.c
index d7222997732..0531f8a62ae 100644
--- a/lib/ldb/ldb_ldap/ldb_ldap.c
+++ b/lib/ldb/ldb_ldap/ldb_ldap.c
@@ -176,8 +176,6 @@ static int lldb_add_msg_attr(struct ldb_context *ldb,
el->num_values++;
}
- msg->num_elements++;
-
return 0;
}
diff --git a/lib/ldb/ldb_mdb/ldb_mdb.c b/lib/ldb/ldb_mdb/ldb_mdb.c
index 6c679c214b8..f0a418d07ee 100644
--- a/lib/ldb/ldb_mdb/ldb_mdb.c
+++ b/lib/ldb/ldb_mdb/ldb_mdb.c
@@ -641,6 +641,23 @@ static int lmdb_transaction_start(struct ldb_kv_private *ldb_kv)
return LDB_ERR_PROTOCOL_ERROR;
}
+ /*
+ * Clear out any stale readers
+ */
+ {
+ int stale = 0;
+ mdb_reader_check(lmdb->env, &stale);
+ if (stale > 0) {
+ ldb_debug(
+ lmdb->ldb,
+ LDB_DEBUG_ERROR,
+ "LMDB Stale readers, deleted (%d)",
+ stale);
+ }
+ }
+
+
+
ltx_head = lmdb_private_trans_head(lmdb);
tx_parent = lmdb_trans_get_tx(ltx_head);
diff --git a/lib/ldb/tests/ldb_lmdb_free_list_test.c b/lib/ldb/tests/ldb_lmdb_free_list_test.c
new file mode 100644
index 00000000000..9b295460730
--- /dev/null
+++ b/lib/ldb/tests/ldb_lmdb_free_list_test.c
@@ -0,0 +1,661 @@
+/*
+ * Copyright (C) Catalyst.Net Ltd 2020
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+/*
+ * Tests confirming lmdb's handling of the free space list in the presence
+ * of active and stale readers. A stale reader is a process that opens a
+ * read lock and then exits without releasing the lock.
+ *
+ * lmdb uses MVCC to maintain databased consistency, new copies of updated
+ * records are written to the database. The old entries are only
+ * reused when they are no longer referenced in a read transaction.
+ *
+ * The tests all update a single record multiple times
+ *
+ * If there is a read transaction or a stale reader lmdb will report
+ * out of space.
+ *
+ * If no read transaction and no stale reader, lmdb reclaims space from the
+ * free list.
+ */
+
+/*
+ * from cmocka.c:
+ * These headers or their equivalents should be included prior to
+ * including
+ * this header file.
+ *
+ * #include <stdarg.h>
+ * #include <stddef.h>
+ * #include <setjmp.h>
+ *
+ * This allows test applications to use custom definitions of C standard
+ * library functions and types.
+ *
+ */
+
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <setjmp.h>
+#include <cmocka.h>
+
+#include <errno.h>
+#include <unistd.h>
+#include <talloc.h>
+#include <tevent.h>
+#include <ldb.h>
+#include <ldb_module.h>
+#include <ldb_private.h>
+#include <string.h>
+#include <ctype.h>
+
+#include <sys/wait.h>
+
+#include "ldb_tdb/ldb_tdb.h"
+#include "ldb_key_value/ldb_kv.h"
+
+#define DEFAULT_BE "mdb"
+
+#ifndef TEST_BE
+#define TEST_BE DEFAULT_BE
+#endif /* TEST_BE */
+
+const int RECORD_SIZE = 6144;
+const int ITERATIONS = 3;
+
+struct test_ctx {
+ struct tevent_context *ev;
+ struct ldb_context *ldb;
+
+ const char *dbfile;
+ const char *lockfile; /* lockfile is separate */
+
+ const char *dbpath;
+};
+
+static void unlink_old_db(struct test_ctx *test_ctx)
+{
+ int ret;
+
+ errno = 0;
+ ret = unlink(test_ctx->lockfile);
+ if (ret == -1 && errno != ENOENT) {
+ fail();
+ }
+
+ errno = 0;
+ ret = unlink(test_ctx->dbfile);
+ if (ret == -1 && errno != ENOENT) {
+ fail();
+ }
+}
+
+static int noconn_setup(void **state)
+{
+ struct test_ctx *test_ctx;
+
+ test_ctx = talloc_zero(NULL, struct test_ctx);
+ assert_non_null(test_ctx);
+
+ test_ctx->ev = tevent_context_init(test_ctx);
+ assert_non_null(test_ctx->ev);
+
+ test_ctx->ldb = ldb_init(test_ctx, test_ctx->ev);
+ assert_non_null(test_ctx->ldb);
+
+ test_ctx->dbfile = talloc_strdup(test_ctx, "lmdb_free_list_test.ldb");
+ assert_non_null(test_ctx->dbfile);
+
+ test_ctx->lockfile =
+ talloc_asprintf(test_ctx, "%s-lock", test_ctx->dbfile);
+ assert_non_null(test_ctx->lockfile);
+
+ test_ctx->dbpath =
+ talloc_asprintf(test_ctx, TEST_BE "://%s", test_ctx->dbfile);
+ assert_non_null(test_ctx->dbpath);
+
+ unlink_old_db(test_ctx);
+ *state = test_ctx;
+ return 0;
+}
+
+static int noconn_teardown(void **state)
+{
+ struct test_ctx *test_ctx =
+ talloc_get_type_abort(*state, struct test_ctx);
+
+ unlink_old_db(test_ctx);
+ talloc_free(test_ctx);
+ return 0;
+}
+
+static int setup(void **state)
+{
+ struct test_ctx *test_ctx;
+ int ret;
+ struct ldb_ldif *ldif;
+ const char *index_ldif = "dn: @INDEXLIST\n"
+ "@IDXGUID: objectUUID\n"
+ "@IDX_DN_GUID: GUID\n"
+ "\n";
+ /*
+ * Use a 64KiB DB for this test
+ */
+ const char *options[] = {"lmdb_env_size:65536", NULL};
+
+ noconn_setup((void **)&test_ctx);
+
+ ret = ldb_connect(test_ctx->ldb, test_ctx->dbpath, 0, options);
+ assert_int_equal(ret, 0);
+
+ while ((ldif = ldb_ldif_read_string(test_ctx->ldb, &index_ldif))) {
+ ret = ldb_add(test_ctx->ldb, ldif->msg);
+ assert_int_equal(ret, LDB_SUCCESS);
+ }
+ *state = test_ctx;
+ return 0;
+}
+
+static int teardown(void **state)
+{
+ struct test_ctx *test_ctx =
+ talloc_get_type_abort(*state, struct test_ctx);
+ noconn_teardown((void **)&test_ctx);
+ return 0;
+}
+
+static struct ldb_kv_private *get_ldb_kv(struct ldb_context *ldb)
+{
+ void *data = NULL;
+ struct ldb_kv_private *ldb_kv = NULL;
+
+ data = ldb_module_get_private(ldb->modules);
+ assert_non_null(data);
+
+ ldb_kv = talloc_get_type(data, struct ldb_kv_private);
+ assert_non_null(ldb_kv);
+
+ return ldb_kv;
+}
+
+static int parse(struct ldb_val key, struct ldb_val data, void *private_data)
+{
+ struct ldb_val *read = private_data;
+
+ /* Yes, we leak this. That is OK */
+ read->data = talloc_size(NULL, data.length);
+ assert_non_null(read->data);
+
+ memcpy(read->data, data.data, data.length);
+ read->length = data.length;
+ return LDB_SUCCESS;
+}
+
+/*
+ * This test has the same structure as the test_free_list_read_lock
+ * except the parent process does not keep the read lock open while the
+ * child process is performing an update.
+ */
+static void test_free_list_no_read_lock(void **state)
+{
+ int ret;
+ struct test_ctx *test_ctx =
+ talloc_get_type_abort(*state, struct test_ctx);
+ struct ldb_kv_private *ldb_kv = get_ldb_kv(test_ctx->ldb);
+ struct ldb_val key;
+ struct ldb_val val;
+
+ const char *KEY1 = "KEY01";
+
+ /*
+ * Pipes etc to co-ordinate the processes
+ */
+ int to_child[2];
+ int to_parent[2];
+ char buf[2];
+ pid_t pid;
+ size_t i;
+
+ TALLOC_CTX *tmp_ctx;
+ tmp_ctx = talloc_new(test_ctx);
+ assert_non_null(tmp_ctx);
+
+ ret = pipe(to_child);
+ assert_int_equal(ret, 0);
+ ret = pipe(to_parent);
+ assert_int_equal(ret, 0);
+ /*
+ * Now fork a new process
+ */
+
+ pid = fork();
+ if (pid == 0) {
+ /*
+ * Child process
+ */
+
+ struct ldb_context *ldb = NULL;
+ close(to_child[1]);
+ close(to_parent[0]);
+
+ /*
+ * Wait for the parent to get ready.
+ */
+ ret = read(to_child[0], buf, 2);
+ assert_int_equal(ret, 2);
+
+ ldb = ldb_init(test_ctx, test_ctx->ev);
+ assert_non_null(ldb);
+
+ ret = ldb_connect(ldb, test_ctx->dbpath, 0, NULL);
+ assert_int_equal(ret, LDB_SUCCESS);
+
+ ldb_kv = get_ldb_kv(ldb);
+ assert_non_null(ldb_kv);
+ /*
+ * Add a record to the database
+ */
+ key.data = (uint8_t *)talloc_strdup(tmp_ctx, KEY1);
+ key.length = strlen(KEY1) + 1;
+ val.data = talloc_zero_size(tmp_ctx, RECORD_SIZE);
+ assert_non_null(val.data);
+ memset(val.data, 'x', RECORD_SIZE);
+ val.length = RECORD_SIZE;
+ /*
+ * Do more iterations than when a read lock, stale reader
+ * active to confirm that the space is being re-used.
+ */
+ for (i = 0; i < ITERATIONS * 10; i++) {
+ ret = ldb_kv->kv_ops->begin_write(ldb_kv);
+ assert_int_equal(ret, LDB_SUCCESS);
+
+ ret = ldb_kv->kv_ops->store(ldb_kv, key, val, 0);
+ assert_int_equal(ret, LDB_SUCCESS);
+
+ ret = ldb_kv->kv_ops->finish_write(ldb_kv);
+ assert_int_equal(ret, LDB_SUCCESS);
+ }
+
+ /*
+ * Signal the parent that we've done the updates
+ */
+ ret = write(to_parent[1], "GO", 2);
+ assert_int_equal(ret, 2);
+ exit(0);
+ }
+
+ close(to_child[0]);
+ close(to_parent[1]);
+
+ /*
+ * Begin a read transaction
+ */
+ ret = ldb_kv->kv_ops->lock_read(test_ctx->ldb->modules);
+ assert_int_equal(ret, LDB_SUCCESS);
+
+ /*
+ * Now close it
+ */
+ ret = ldb_kv->kv_ops->unlock_read(test_ctx->ldb->modules);
+ assert_int_equal(ret, LDB_SUCCESS);
+
+ /*
+ * Signal the child process
+ */
+ ret = write(to_child[1], "GO", 2);
+ assert_int_equal(2, ret);
+
+ /*
--
Samba Shared Repository
More information about the samba-cvs
mailing list