[SCM] Samba Shared Repository - branch v4-10-stable updated
Karolin Seeger
kseeger at samba.org
Mon May 25 08:34:15 UTC 2020
The branch, v4-10-stable has been updated
via ee766dffdd8 VERSION: Disable GIT_SNAPSHOT for the 4.10.16 release.
via 896ca7047c5 WHATSNEW: Add release notes for Samba 4.10.16.
via 55a3861260c s3: lib: Paranoia around use of snprintf copying into a fixed-size buffer from a getenv() pointer.
via 54151c2d84e s3:gencache: Allow to open gencache as read-only
via 55f91b59309 lib:util: Add test for path_expand_tilde()
via 452e543ca5f lib:util: Add path_expand_tilde()
via 134c109094b docs-xml: Fix usernames in pam_winbind manpages
via f441f026b66 lib:util: Fix smbclient -l basename dir
via 3566d8826f1 Add a test for smbclient -l basename
via 198e810bc28 testprogs: Add 'net ads join createupn' test also verifying the keytab
via f798edaea3c s3:libads: Fix ads_get_upn()
via 3bff6f6ad28 libsmb: Protect cli_oem_change_password() from rprcnt<2
via c25c2fc665f libsmb: Protect cli_RNetServerEnum against rprcnt<6
via bfe436e4c80 libsmb: Protect cli_RNetShareEnum() against rprcnt<6
via 70d390656b6 libsmb: Fix indentation in cli_RNetShareEnum()
via ad2c619133d libsmb: Don't try to find posix stat info in SMBC_getatr()
via 5998d32ab73 VERSION: Bump version up to 4.10.16.
via e1addc5cdd8 Merge tag 'samba-4.10.15' into v4-10-test
via 53ea67687d3 VERSION: Bump verison up to 4.10.15...
from b98108ff760 VERSION: Disable GIT_SNAPSHOT for the 4.10.15 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 55 +++++++-
docs-xml/manpages/pam_winbind.8.xml | 4 +-
docs-xml/manpages/pam_winbind.conf.5.xml | 4 +-
lib/util/debug.c | 8 +-
lib/util/tests/test_util_paths.c | 127 +++++++++++++++++
lib/util/util_paths.c | 76 +++++++++++
lib/util/util_paths.h | 9 ++
lib/util/wscript_build | 6 +
selftest/tests.py | 2 +
source3/include/libsmb_internal.h | 1 -
source3/lib/gencache.c | 63 ++++++++-
source3/libads/ldap.c | 1 +
source3/libsmb/clirap.c | 151 ++++++++++++---------
source3/libsmb/libsmb_file.c | 20 ---
source3/libsmb/libsmb_server.c | 9 --
.../script/tests/test_smbclient_log_basename.sh | 36 +++++
source3/selftest/tests.py | 3 +
testprogs/blackbox/test_net_ads.sh | 17 +++
19 files changed, 489 insertions(+), 105 deletions(-)
create mode 100644 lib/util/tests/test_util_paths.c
create mode 100755 source3/script/tests/test_smbclient_log_basename.sh
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index c183a16b2fa..5e391d3a25c 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=10
-SAMBA_VERSION_RELEASE=15
+SAMBA_VERSION_RELEASE=16
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 2d2c7ff2043..f644038694c 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,54 @@
+ ===============================
+ Release Notes for Samba 4.10.16
+ May 25, 2020
+ ===============================
+
+
+This is the last stable release of the Samba 4.10 release series.
+
+
+Changes since 4.10.15
+---------------------
+
+o Jeremy Allison <jra at samba.org>
+ * s3: lib: Paranoia around use of snprintf copying into a fixed-size buffer
+ from a getenv() pointer.
+
+o Amit Kumar <amitkuma at redhat.com>
+ * BUG 14345: lib:util: Fix smbclient -l basename dir.
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 14366: Malicous SMB1 server can crash libsmbclient.
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 14336: s3:libads: Fix ads_get_upn().
+ * BUG 14358: docs-xml: Fix usernames in pam_winbind manpages.
+ * BUG 14370: Client tools are not able to read gencache anymore since 4.10.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
===============================
Release Notes for Samba 4.10.15
April 28, 2020
@@ -56,8 +107,8 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
===============================
Release Notes for Samba 4.10.14
diff --git a/docs-xml/manpages/pam_winbind.8.xml b/docs-xml/manpages/pam_winbind.8.xml
index b8af5b54c58..a9a227f1647 100644
--- a/docs-xml/manpages/pam_winbind.8.xml
+++ b/docs-xml/manpages/pam_winbind.8.xml
@@ -83,8 +83,8 @@
<listitem><para>
If this option is set, pam_winbind will only succeed if the user is a member of the given SID or NAME. A SID
can be either a group-SID, an alias-SID or even an user-SID. It is also possible to give a NAME instead of the
- SID. That name must have the form: <parameter>MYDOMAIN\\mygroup</parameter> or
- <parameter>MYDOMAIN\\myuser</parameter>. pam_winbind will, in that case, lookup the SID internally. Note that
+ SID. That name must have the form: <parameter>MYDOMAIN\mygroup</parameter> or
+ <parameter>MYDOMAIN\myuser</parameter>. pam_winbind will, in that case, lookup the SID internally. Note that
NAME may not contain any spaces. It is thus recommended to only use SIDs. You can verify the list of SIDs a
user is a member of with <command>wbinfo --user-sids=SID</command>.
</para>
diff --git a/docs-xml/manpages/pam_winbind.conf.5.xml b/docs-xml/manpages/pam_winbind.conf.5.xml
index 537007ba2fa..fcac1ee7036 100644
--- a/docs-xml/manpages/pam_winbind.conf.5.xml
+++ b/docs-xml/manpages/pam_winbind.conf.5.xml
@@ -68,8 +68,8 @@
<listitem><para>
If this option is set, pam_winbind will only succeed if the user is a member of the given SID or NAME. A SID
can be either a group-SID, an alias-SID or even an user-SID. It is also possible to give a NAME instead of the
- SID. That name must have the form: <parameter>MYDOMAIN\\mygroup</parameter> or
- <parameter>MYDOMAIN\\myuser</parameter>. pam_winbind will, in that case, lookup the SID internally. Note that
+ SID. That name must have the form: <parameter>MYDOMAIN\mygroup</parameter> or
+ <parameter>MYDOMAIN\myuser</parameter>. pam_winbind will, in that case, lookup the SID internally. Note that
NAME may not contain any spaces. It is thus recommended to only use SIDs. You can verify the list of SIDs a
user is a member of with <command>wbinfo --user-sids=SID</command>. This setting is empty by default.
</para>
diff --git a/lib/util/debug.c b/lib/util/debug.c
index 38df787c658..bddea59ad77 100644
--- a/lib/util/debug.c
+++ b/lib/util/debug.c
@@ -1132,9 +1132,15 @@ bool reopen_logs_internal(void)
dbgc_config[DBGC_ALL].fd = 2;
return true;
- case DEBUG_FILE:
+ case DEBUG_FILE: {
+ struct debug_backend *b = debug_find_backend("file");
+
+ if (b != NULL) {
+ b->log_level = dbgc_config[DBGC_ALL].loglevel;
+ }
break;
}
+ }
oldumask = umask( 022 );
diff --git a/lib/util/tests/test_util_paths.c b/lib/util/tests/test_util_paths.c
new file mode 100644
index 00000000000..b89abf0aea1
--- /dev/null
+++ b/lib/util/tests/test_util_paths.c
@@ -0,0 +1,127 @@
+/*
+ * Unix SMB/CIFS implementation.
+ *
+ * Copyright (C) 2020 Andreas Schneider <asn at samba.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <setjmp.h>
+#include <cmocka.h>
+
+#include <talloc.h>
+
+#include "lib/replace/replace.h"
+#include "lib/util/util_paths.c"
+
+static int setup(void **state)
+{
+ TALLOC_CTX *mem_ctx = talloc_new(NULL);
+
+ assert_non_null(mem_ctx);
+ *state = mem_ctx;
+
+ return 0;
+}
+
+static int teardown(void **state)
+{
+ TALLOC_CTX *mem_ctx = *state;
+ TALLOC_FREE(mem_ctx);
+
+ return 0;
+}
+
+static void test_get_user_home_dir(void **state)
+{
+ TALLOC_CTX *mem_ctx = *state;
+ struct passwd *pwd = getpwuid(getuid());
+ char *user;
+
+ user = get_user_home_dir(mem_ctx);
+ assert_non_null(user);
+ assert_string_equal(user, pwd->pw_dir);
+
+ TALLOC_FREE(user);
+}
+
+static void test_path_expand_tilde(void **state)
+{
+ TALLOC_CTX *mem_ctx = *state;
+ char h[256] = {0};
+ char *d = NULL;
+ const char *user = NULL;
+ char *home = NULL;
+
+ user = getenv("USER");
+ if (user == NULL){
+ user = getenv("LOGNAME");
+ }
+
+ /* In certain CIs there no such variables */
+ if (user == NULL) {
+ struct passwd *pw = getpwuid(getuid());
+ if (pw){
+ user = pw->pw_name;
+ }
+ }
+
+ home = getenv("HOME");
+ assert_non_null(home);
+ snprintf(h, sizeof(h), "%s/.cache", home);
+
+ d = path_expand_tilde(mem_ctx, "~/.cache");
+ assert_non_null(d);
+ assert_string_equal(d, h);
+ TALLOC_FREE(d);
+
+ snprintf(h, sizeof(h), "%s/.cache/X~", home);
+ d = path_expand_tilde(mem_ctx, "~/.cache/X~");
+ assert_string_equal(d, h);
+ TALLOC_FREE(d);
+
+ d = path_expand_tilde(mem_ctx, "/guru/meditation");
+ assert_non_null(d);
+ assert_string_equal(d, "/guru/meditation");
+ TALLOC_FREE(d);
+
+ snprintf(h, sizeof(h), "~%s/.cache", user);
+ d = path_expand_tilde(mem_ctx, h);
+ assert_non_null(d);
+
+ snprintf(h, sizeof(h), "%s/.cache", home);
+ assert_string_equal(d, h);
+ TALLOC_FREE(d);
+}
+
+int main(int argc, char *argv[])
+{
+ int rc;
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test(test_get_user_home_dir),
+ cmocka_unit_test(test_path_expand_tilde),
+ };
+
+ if (argc == 2) {
+ cmocka_set_test_filter(argv[1]);
+ }
+ cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
+
+ rc = cmocka_run_group_tests(tests, setup, teardown);
+
+ return rc;
+}
diff --git a/lib/util/util_paths.c b/lib/util/util_paths.c
index 0473557dfc6..c0ee5c32c30 100644
--- a/lib/util/util_paths.c
+++ b/lib/util/util_paths.c
@@ -6,6 +6,7 @@
Copyright (C) Simo Sorce 2001
Copyright (C) Jim McDonough <jmcd at us.ibm.com> 2003
Copyright (C) James Peach 2006
+ Copyright (c) 2020 Andreas Schneider <asn at samba.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -24,6 +25,7 @@
#include "includes.h"
#include "dynconfig/dynconfig.h"
#include "lib/util/util_paths.h"
+#include "system/passwd.h"
/**
* @brief Returns an absolute path to a file in the Samba modules directory.
@@ -62,3 +64,77 @@ const char *shlib_ext(void)
return get_dyn_SHLIBEXT();
}
+static char *get_user_home_dir(TALLOC_CTX *mem_ctx)
+{
+ struct passwd pwd = {0};
+ struct passwd *pwdbuf = NULL;
+ char buf[NSS_BUFLEN_PASSWD] = {0};
+ int rc;
+
+ rc = getpwuid_r(getuid(), &pwd, buf, NSS_BUFLEN_PASSWD, &pwdbuf);
+ if (rc != 0 || pwdbuf == NULL ) {
+ int len_written;
+ const char *szPath = getenv("HOME");
+ if (szPath == NULL) {
+ return NULL;
+ }
+ len_written = snprintf(buf, sizeof(buf), "%s", szPath);
+ if (len_written >= sizeof(buf) || len_written < 0) {
+ /* Output was truncated or an error. */
+ return NULL;
+ }
+ return talloc_strdup(mem_ctx, buf);
+ }
+
+ return talloc_strdup(mem_ctx, pwd.pw_dir);
+}
+
+char *path_expand_tilde(TALLOC_CTX *mem_ctx, const char *d)
+{
+ char *h = NULL, *r = NULL;
+ const char *p = NULL;
+ struct stat sb = {0};
+ int rc;
+
+ if (d[0] != '~') {
+ return talloc_strdup(mem_ctx, d);
+ }
+ d++;
+
+ /* handle ~user/path */
+ p = strchr(d, '/');
+ if (p != NULL && p > d) {
+ struct passwd *pw;
+ size_t s = p - d;
+ char u[128];
+
+ if (s >= sizeof(u)) {
+ return NULL;
+ }
+ memcpy(u, d, s);
+ u[s] = '\0';
+
+ pw = getpwnam(u);
+ if (pw == NULL) {
+ return NULL;
+ }
+ h = talloc_strdup(mem_ctx, pw->pw_dir);
+ } else {
+ p = d;
+ h = get_user_home_dir(mem_ctx);
+ }
+ if (h == NULL) {
+ return NULL;
+ }
+
+ rc = stat(h, &sb);
+ if (rc != 0) {
+ TALLOC_FREE(h);
+ return NULL;
+ }
+
+ r = talloc_asprintf(mem_ctx, "%s%s", h, p);
+ TALLOC_FREE(h);
+
+ return r;
+}
diff --git a/lib/util/util_paths.h b/lib/util/util_paths.h
index 80e8aaac6e9..cf34f691e5f 100644
--- a/lib/util/util_paths.h
+++ b/lib/util/util_paths.h
@@ -51,4 +51,13 @@ char *data_path(TALLOC_CTX *mem_ctx, const char *name);
**/
const char *shlib_ext(void);
+/**
+ * @brief Expand a directory starting with a tilde '~'
+ *
+ * @param[in] d The directory to expand.
+ *
+ * @return The expanded directory, NULL on error.
+ */
+char *path_expand_tilde(TALLOC_CTX *mem_ctx, const char *d);
+
#endif
diff --git a/lib/util/wscript_build b/lib/util/wscript_build
index c6188ede58d..fd3027eff77 100644
--- a/lib/util/wscript_build
+++ b/lib/util/wscript_build
@@ -250,3 +250,9 @@ else:
deps='cmocka replace samba-util',
local_include=False,
install=False)
+
+ bld.SAMBA_BINARY('test_util_paths',
+ source='tests/test_util_paths.c',
+ deps='cmocka replace talloc samba-util',
+ local_include=False,
+ install=False)
diff --git a/selftest/tests.py b/selftest/tests.py
index 5d7d8eebeda..e7639c4da27 100644
--- a/selftest/tests.py
+++ b/selftest/tests.py
@@ -252,6 +252,8 @@ plantestsuite("samba.unittests.kerberos", "none",
[os.path.join(bindir(), "test_kerberos")])
plantestsuite("samba.unittests.ms_fnmatch", "none",
[os.path.join(bindir(), "default/lib/util/test_ms_fnmatch")])
+plantestsuite("samba.unittests.util_paths", "none",
+ [os.path.join(bindir(), "default/lib/util/test_util_paths")])
plantestsuite("samba.unittests.ntlm_check", "none",
[os.path.join(bindir(), "default/libcli/auth/test_ntlm_check")])
plantestsuite("samba.unittests.test_registry_regfio", "none",
diff --git a/source3/include/libsmb_internal.h b/source3/include/libsmb_internal.h
index af56df58792..edd19c7c15b 100644
--- a/source3/include/libsmb_internal.h
+++ b/source3/include/libsmb_internal.h
@@ -76,7 +76,6 @@ typedef struct DOS_ATTR_DESC {
struct _SMBCSRV {
struct cli_state *cli;
dev_t dev;
- bool try_posixinfo;
bool no_pathinfo;
bool no_pathinfo2;
bool no_pathinfo3;
diff --git a/source3/lib/gencache.c b/source3/lib/gencache.c
index 9ad85bbf55f..896bf50cbd7 100644
--- a/source3/lib/gencache.c
+++ b/source3/lib/gencache.c
@@ -29,10 +29,13 @@
#include "tdb_wrap/tdb_wrap.h"
#include "zlib.h"
#include "lib/util/strv.h"
+#include "lib/util/util_paths.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_TDB
+#define GENCACHE_USER_PATH "~/.cache/samba/gencache.tdb"
+
static struct tdb_wrap *cache;
/**
@@ -68,6 +71,7 @@ static bool gencache_init(void)
{
char* cache_fname = NULL;
int open_flags = O_RDWR|O_CREAT;
+ int tdb_flags = TDB_INCOMPATIBLE_HASH|TDB_NOSYNC|TDB_MUTEX_LOCKING;
int hash_size;
/* skip file open if it's already opened */
@@ -85,10 +89,63 @@ static bool gencache_init(void)
DEBUG(5, ("Opening cache file at %s\n", cache_fname));
cache = tdb_wrap_open(NULL, cache_fname, hash_size,
- TDB_INCOMPATIBLE_HASH|
- TDB_NOSYNC|
- TDB_MUTEX_LOCKING,
+ tdb_flags,
open_flags, 0644);
+ /*
+ * Allow client tools to create a gencache in the home directory
+ * as a normal user.
+ */
+ if (cache == NULL && errno == EACCES && geteuid() != 0) {
+ char *cache_dname = NULL, *tmp = NULL;
+ bool ok;
+
+ TALLOC_FREE(cache_fname);
+
+ cache_fname = path_expand_tilde(talloc_tos(),
+ GENCACHE_USER_PATH);
+ if (cache_fname == NULL) {
+ DBG_ERR("Failed to expand path: %s\n",
+ GENCACHE_USER_PATH);
+ return false;
+ }
+
+ tmp = talloc_strdup(talloc_tos(), cache_fname);
+ if (tmp == NULL) {
+ DBG_ERR("No memory!\n");
+ TALLOC_FREE(cache_fname);
+ return false;
+ }
+
+ cache_dname = dirname(tmp);
+ if (cache_dname == NULL) {
+ DBG_ERR("Invalid path: %s\n", cache_fname);
+ TALLOC_FREE(tmp);
+ TALLOC_FREE(cache_fname);
+ return false;
+ }
+
+ ok = directory_create_or_exist(cache_dname, 0700);
+ if (!ok) {
+ DBG_ERR("Failed to create directory: %s - %s\n",
+ cache_dname, strerror(errno));
+ TALLOC_FREE(tmp);
+ TALLOC_FREE(cache_fname);
+ return false;
+ }
+ TALLOC_FREE(tmp);
+
--
Samba Shared Repository
More information about the samba-cvs
mailing list