[SCM] Samba Shared Repository - branch v4-12-stable updated
Karolin Seeger
kseeger at samba.org
Thu Mar 11 11:47:02 UTC 2021
The branch, v4-12-stable has been updated
via f8b775d9620 VERSION: Disable GIT_SNAPSHOT for the 4.12.12 release.
via f0aa59ea0a9 WHATSNEW: Add release notes for Samba 4.12.12.
via 8e1fe1eba3a Revert "wscript: use --as-needed only if tested successfully"
via 5dd17586cd6 g_lock: Fix uninitalized variable reads
via df832cb62c0 locking: Fix an uninitialized variable read
via 88ee4160e88 s3:modules:vfs_virusfilter: Recent talloc changes cause infinite start-up failure
via c63f00801ca wscript: use --as-needed only if tested successfully
via 1c37606163e s3: VFS: nfs4_acls. Add missing TALLOC_FREE(frame) in error path.
via bebe69c3525 script/autobuild.py: let cleanup() ignore errors from rmdir_force() by default
via 00df0473da5 script/autobuild.py: split out a rmdir_force() helper function
via f31f1e75d7f script/autobuild.py: allow write_system_info commands to fail
via a4ab7d474f2 script/autobuild.py: use more portable 'cp -R -a -l'
via 833739c1e8f script/autobuild.py: add support git worktree
via 237a51d926e classicupgrade: treat old never expires value right
via 6382ca85682 s3:pysmbd: fix fd leak in py_smbd_create_file()
via e80ef35f935 HEIMDAL: krb5_storage_free(NULL) should work
via 40e503732dc lib:util: Avoid free'ing our own pointer
via 65b3648c553 lib:util: Add cache oversize test for memcache
via a658dd19627 lib:util: Add basic memcache unit test
via 6e6aa90b87b s3: libsmb: cli_state_save_tcon(). Don't deepcopy tcon struct when temporarily swapping out a connection on a cli_state.
via bab7f2ae28e s3: torture: Change the SMB1-only UID-REGRESSION-TEST to do an explicit copy of the tcon struct in use.
via a19f94c644d s3: smbtorture3: Ensure run_tcon_test() always replaces any saved tcon and shuts down correctly even in error paths.
via 80d2c3e4725 s3: smbtorture3: Ensure we *always* replace the saved saved_tcon even in an error condition.
via a00ff434515 s3: tests: Add regression test for bug 13992.
via 8c846741a45 s3/auth: implement "winbind:ignore domains"
via 7362b5b31cd winbind: check for allowed domains in winbindd_pam_auth_pac_verify()
via 3505998d0a7 winbind: check for allowed domains in winbindd_dual_pam_chauthtok()
via cf410814e25 winbind: check for allowed domains in winbindd_dual_pam_chng_pswd_auth_crap()
via 2a73dfcf27a winbind: check for allowed domains in winbindd_dual_pam_auth_crap()
via 56d9705ca76 winbind: check for allowed domains in winbindd_dual_pam_auth()
via f3c47cdc1d3 winbind: move "winbind:ignore domain" logic to a seperate function
via 6b9669863b8 winbind: handle MSG_SMB_CONF_UPDATED in the winbinds children
via 32c2b3cf610 winbind: set logfile after reloading config
via aaa8dac1550 winbind: move config-reloading code to winbindd_dual.c
via e9700e67719 script/release.sh: always select the GPG key by it's ID
via baea20039ab ReleaseKey: add GnuPG key transition statement for the Samba release key
via 9d4a5c8fe97 script/release.sh: Use new GPG key.
via 50c2ea410b4 s3: smbd: Add call to conn_setup_case_options() to create_conn_struct_as_root().
via d89ccfc1c7d s3: smbd: Factor out setting up case parameters for a share to a function - conn_setup_case_options().
via 7ec45672a30 build: remove smbd_conn private library
via 552548ff00e libcli/smb: allow unexpected padding in SMB2 IOCTL responses
via c0a7b8c7bd2 libcli/smb: split out smb2cli_ioctl_parse_buffer()
via a5efe544353 libcli/smb: Allow smb2cli_validate_negotiate_info_done() to ignore NT_STATUS_INVALID_PARAMETER.
via 2f8b1fb8aec libcli/smb: Change some checks to SMB_ASSERTS
via f972e3a70c2 WHATSNEW: Remove superfluous line.
via 5d5ab7c50ed VERSION: Bump version up to 4.12.12...
from 34813fdbf9a VERSION: Disable GIT_SNAPSHOT for the 4.12.11 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-12-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
GPG_AA99442FB680B620_replaces_6F33915B6568B7EA.txt | 27 +++
VERSION | 2 +-
WHATSNEW.txt | 77 +++++++-
lib/util/memcache.c | 19 +-
lib/util/tests/test_memcache.c | 161 ++++++++++++++++
lib/util/wscript_build | 8 +-
libcli/smb/smb2_signing.c | 9 +-
libcli/smb/smb2cli_ioctl.c | 207 +++++++++++++--------
libcli/smb/smbXcli_base.c | 25 +++
python/samba/upgrade.py | 2 +-
script/autobuild.py | 45 +++--
script/release.sh | 10 +-
selftest/tests.py | 2 +
source3/auth/auth_util.c | 8 +
source3/include/proto.h | 1 +
source3/lib/g_lock.c | 4 +-
source3/lib/util_names.c | 20 ++
source3/libsmb/clientgen.c | 30 ++-
source3/locking/share_mode_lock.c | 2 +-
source3/modules/nfs4_acls.c | 1 +
source3/modules/vfs_virusfilter.c | 157 +++++++++-------
.../tests/test_net_rpc_share_allowedusers.sh | 20 ++
source3/smbd/conn.c | 19 ++
source3/smbd/msdfs.c | 2 +
source3/smbd/proto.h | 1 +
source3/smbd/pysmbd.c | 3 +
source3/smbd/service.c | 11 +-
source3/torture/test_smb2.c | 2 +-
source3/torture/torture.c | 27 ++-
source3/winbindd/winbindd.c | 29 +--
source3/winbindd/winbindd_dual.c | 37 ++++
source3/winbindd/winbindd_pam.c | 44 +++++
source3/winbindd/winbindd_proto.h | 7 +
source3/winbindd/winbindd_util.c | 10 +-
source3/wscript_build | 7 +-
source4/heimdal/lib/krb5/store.c | 2 +
36 files changed, 803 insertions(+), 235 deletions(-)
create mode 100644 GPG_AA99442FB680B620_replaces_6F33915B6568B7EA.txt
create mode 100644 lib/util/tests/test_memcache.c
Changeset truncated at 500 lines:
diff --git a/GPG_AA99442FB680B620_replaces_6F33915B6568B7EA.txt b/GPG_AA99442FB680B620_replaces_6F33915B6568B7EA.txt
new file mode 100644
index 00000000000..8e240bae8db
--- /dev/null
+++ b/GPG_AA99442FB680B620_replaces_6F33915B6568B7EA.txt
@@ -0,0 +1,27 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+The GPG release key for Samba releases changed from:
+
+pub dsa1024/6F33915B6568B7EA 2007-02-04 [SC] [expires: 2021-02-05]
+ Key fingerprint = 52FB C0B8 6D95 4B08 4332 4CDC 6F33 915B 6568 B7EA
+uid [ full ] Samba Distribution Verification Key <samba-bugs at samba.org>
+sub elg2048/9C6ED163DA6DFB44 2007-02-04 [E] [expires: 2021-02-05]
+
+to the following new key:
+
+pub rsa4096/AA99442FB680B620 2020-12-21 [SC] [expires: 2022-12-21]
+ Key fingerprint = 81F5 E283 2BD2 545A 1897 B713 AA99 442F B680 B620
+uid [ultimate] Samba Distribution Verification Key <samba-bugs at samba.org>
+sub rsa4096/97EF9386FBFD4002 2020-12-21 [E] [expires: 2022-12-21]
+
+Starting from Jan 21th 2021, all Samba releases will be signed with the new key.
+
+This document is signed with the old key.
+
+-----BEGIN PGP SIGNATURE-----
+
+iF0EARECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCYAltCQAKCRBvM5FbZWi3
+6ofOAJ491tFEr36jLkf158ueIrDw9zNVtgCbBV3PgocOX5VH57s1NQdBOof+ihw=
+=wf56
+-----END PGP SIGNATURE-----
diff --git a/VERSION b/VERSION
index 2cbc8277d97..01759472dfc 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=12
-SAMBA_VERSION_RELEASE=11
+SAMBA_VERSION_RELEASE=12
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index a5de41e2c75..b1d8d0b411f 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,76 @@
+ ===============================
+ Release Notes for Samba 4.12.12
+ March 11, 2021
+ ===============================
+
+
+This is the latest stable release of the Samba 4.12 release series.
+Please note that this will be the last bugfix release of the Samba 4.12 release
+series. There will be Security Releases only beyond this point.
+
+
+Changes since 4.12.11
+---------------------
+
+o Trever L. Adams <trever.adams at gmail.com>
+ * BUG 14634: s3:modules:vfs_virusfilter: Recent talloc changes cause infinite
+ start-up failure.
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 13992: SAMBA RPC share error.
+ * BUG 14612: s3: smbd: Add call to conn_setup_case_options() to
+ create_conn_struct_as_root().
+
+o Ralph Boehme <slow at samba.org>
+ * BUG 14602: s3/auth: Implement "winbind:ignore domains".
+ * BUG 14612: build: Remove smbd_conn private library.
+
+o Peter Eriksson <pen at lysator.liu.se>
+ * BUG 14648: s3: VFS: nfs4_acls. Add missing TALLOC_FREE(frame) in error
+ path.
+
+o Björn Jacke <bj at sernet.de>
+ * BUG 14624: classicupgrade: Treat old never expires value right.
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 1463: g_lock: Fix uninitalized variable reads.
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 13898: s3:pysmbd: Fix fd leak in py_smbd_create_file().
+ * BUG 14607: Work around special SMB2 IOCTL response behavior of NetApp
+ Ontap 7.3.7.
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 14625: Fix smbd share mode double free crash.
+
+o Paul Wise <pabs3 at bonedaddy.net>
+ * BUG 12505: HEIMDAL: krb5_storage_free(NULL) should work.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+
===============================
Release Notes for Samba 4.12.11
January 14, 2021
@@ -34,7 +107,6 @@ o Ralph Boehme <slow at samba.org>
* BUG 14587: vfs_zfsacl: add missing inherited flag on hidden "magic"
everyone@ ACE.
* BUG 14596: vfs_fruit may close wrong backend fd.
- * BUG 14596: TODO
o Günther Deschner <gd at samba.org>
* BUG 14486: s3-vfs_glusterfs: always disable write-behind translator.
@@ -81,8 +153,7 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
===============================
diff --git a/lib/util/memcache.c b/lib/util/memcache.c
index 1e616bd0e9a..7b0b27eaddb 100644
--- a/lib/util/memcache.c
+++ b/lib/util/memcache.c
@@ -223,14 +223,25 @@ static void memcache_delete_element(struct memcache *cache,
TALLOC_FREE(e);
}
-static void memcache_trim(struct memcache *cache)
+static void memcache_trim(struct memcache *cache, struct memcache_element *e)
{
+ struct memcache_element *tail = NULL;
+
if (cache->max_size == 0) {
return;
}
- while ((cache->size > cache->max_size) && DLIST_TAIL(cache->mru)) {
- memcache_delete_element(cache, DLIST_TAIL(cache->mru));
+ for (tail = DLIST_TAIL(cache->mru);
+ (cache->size > cache->max_size) && (tail != NULL);
+ tail = DLIST_TAIL(cache->mru))
+ {
+ if (tail == e) {
+ tail = DLIST_PREV(tail);
+ if (tail == NULL) {
+ break;
+ }
+ }
+ memcache_delete_element(cache, tail);
}
}
@@ -351,7 +362,7 @@ void memcache_add(struct memcache *cache, enum memcache_number n,
memcpy(&mtv, cache_value.data, sizeof(mtv));
cache->size += mtv.len;
}
- memcache_trim(cache);
+ memcache_trim(cache, e);
}
void memcache_add_talloc(struct memcache *cache, enum memcache_number n,
diff --git a/lib/util/tests/test_memcache.c b/lib/util/tests/test_memcache.c
new file mode 100644
index 00000000000..8a3997817c1
--- /dev/null
+++ b/lib/util/tests/test_memcache.c
@@ -0,0 +1,161 @@
+/*
+ * Unix SMB/CIFS implementation.
+ *
+ * Copyright (C) 2021 Andreas Schneider <asn at samba.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <setjmp.h>
+#include <cmocka.h>
+
+#include "lib/replace/replace.h"
+#include "lib/util/talloc_stack.h"
+#include "lib/util/memcache.h"
+
+static int setup_talloc_context(void **state)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ *state = frame;
+ return 0;
+}
+
+static int teardown_talloc_context(void **state)
+{
+ TALLOC_CTX *frame = *state;
+ TALLOC_FREE(frame);
+ return 0;
+}
+
+static void torture_memcache_init(void **state)
+{
+ TALLOC_CTX *mem_ctx = *state;
+ struct memcache *cache = NULL;
+
+ cache = memcache_init(mem_ctx, 0);
+ assert_non_null(cache);
+
+ TALLOC_FREE(cache);
+
+ cache = memcache_init(mem_ctx, 10);
+ assert_non_null(cache);
+
+ TALLOC_FREE(cache);
+}
+
+static void torture_memcache_add_lookup_delete(void **state)
+{
+ TALLOC_CTX *mem_ctx = *state;
+ struct memcache *cache = NULL;
+ DATA_BLOB key1, key2;
+ char *path1 = NULL, *path2 = NULL;
+
+ cache = memcache_init(mem_ctx, 0);
+ assert_non_null(cache);
+
+ key1 = data_blob_const("key1", 4);
+ path1 = talloc_strdup(mem_ctx, "/tmp/one");
+ assert_non_null(path1);
+
+ key2 = data_blob_const("key2", 4);
+ path2 = talloc_strdup(mem_ctx, "/tmp/two");
+ assert_non_null(path1);
+
+ memcache_add_talloc(cache, GETWD_CACHE, key1, &path1);
+ assert_null(path1);
+
+ memcache_add_talloc(cache, GETWD_CACHE, key2, &path2);
+ assert_null(path2);
+
+ path1 = memcache_lookup_talloc(cache, GETWD_CACHE, key1);
+ assert_non_null(path1);
+ assert_string_equal(path1, "/tmp/one");
+
+ path2 = memcache_lookup_talloc(cache, GETWD_CACHE, key2);
+ assert_non_null(path2);
+ assert_string_equal(path2, "/tmp/two");
+
+ memcache_delete(cache, GETWD_CACHE, key1);
+ path1 = memcache_lookup_talloc(cache, GETWD_CACHE, key1);
+ assert_null(path1);
+
+ memcache_flush(cache, GETWD_CACHE);
+ path2 = memcache_lookup_talloc(cache, GETWD_CACHE, key2);
+ assert_null(path2);
+
+ TALLOC_FREE(path1);
+ TALLOC_FREE(path2);
+ TALLOC_FREE(cache);
+}
+
+static void torture_memcache_add_oversize(void **state)
+{
+ TALLOC_CTX *mem_ctx = *state;
+ struct memcache *cache = NULL;
+ DATA_BLOB key1, key2;
+ char *path1 = NULL, *path2 = NULL;
+
+ cache = memcache_init(mem_ctx, 10);
+ assert_non_null(cache);
+
+ key1 = data_blob_const("key1", 4);
+ path1 = talloc_strdup(mem_ctx, "/tmp/one");
+ assert_non_null(path1);
+
+ key2 = data_blob_const("key2", 4);
+ path2 = talloc_strdup(mem_ctx, "/tmp/two");
+ assert_non_null(path1);
+
+ memcache_add_talloc(cache, GETWD_CACHE, key1, &path1);
+ assert_null(path1);
+
+ memcache_add_talloc(cache, GETWD_CACHE, key2, &path2);
+ assert_null(path2);
+
+ path1 = memcache_lookup_talloc(cache, GETWD_CACHE, key1);
+ assert_null(path1);
+
+ path2 = memcache_lookup_talloc(cache, GETWD_CACHE, key2);
+ assert_non_null(path2);
+ assert_string_equal(path2, "/tmp/two");
+
+ TALLOC_FREE(path1);
+ TALLOC_FREE(path2);
+ TALLOC_FREE(cache);
+}
+
+int main(int argc, char *argv[])
+{
+ int rc;
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test(torture_memcache_init),
+ cmocka_unit_test(torture_memcache_add_lookup_delete),
+ cmocka_unit_test(torture_memcache_add_oversize),
+ };
+
+ if (argc == 2) {
+ cmocka_set_test_filter(argv[1]);
+ }
+ cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
+
+ rc = cmocka_run_group_tests(tests,
+ setup_talloc_context,
+ teardown_talloc_context);
+
+ return rc;
+}
diff --git a/lib/util/wscript_build b/lib/util/wscript_build
index dbd5a6aa76c..b6d9ba77460 100644
--- a/lib/util/wscript_build
+++ b/lib/util/wscript_build
@@ -299,4 +299,10 @@ else:
source='tests/test_util.c',
deps='cmocka replace talloc samba-util',
local_include=False,
- for_selftest=True);
+ for_selftest=True)
+
+ bld.SAMBA_BINARY('test_memcache',
+ source='tests/test_memcache.c',
+ deps='cmocka replace talloc samba-util',
+ local_include=False,
+ for_selftest=True)
diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c
index cc03607d789..230475480c2 100644
--- a/libcli/smb/smb2_signing.c
+++ b/libcli/smb/smb2_signing.c
@@ -189,13 +189,8 @@ NTSTATUS smb2_signing_check_pdu(struct smb2_signing_key *signing_key,
static const uint8_t zero_sig[16] = { 0, };
int i;
- if (count < 2) {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (vector[0].iov_len != SMB2_HDR_BODY) {
- return NT_STATUS_INVALID_PARAMETER;
- }
+ SMB_ASSERT(count >= 2);
+ SMB_ASSERT(vector[0].iov_len == SMB2_HDR_BODY);
hdr = (const uint8_t *)vector[0].iov_base;
diff --git a/libcli/smb/smb2cli_ioctl.c b/libcli/smb/smb2cli_ioctl.c
index 2b572baeb23..f9abcc57bab 100644
--- a/libcli/smb/smb2cli_ioctl.c
+++ b/libcli/smb/smb2cli_ioctl.c
@@ -160,6 +160,97 @@ struct tevent_req *smb2cli_ioctl_send(TALLOC_CTX *mem_ctx,
return req;
}
+static NTSTATUS smb2cli_ioctl_parse_buffer(uint32_t dyn_offset,
+ const DATA_BLOB dyn_buffer,
+ uint32_t min_offset,
+ uint32_t buffer_offset,
+ uint32_t buffer_length,
+ uint32_t max_length,
+ uint32_t *next_offset,
+ DATA_BLOB *buffer)
+{
+ uint32_t offset;
+ bool oob;
+
+ *buffer = data_blob_null;
+ *next_offset = dyn_offset;
+
+ if (buffer_offset == 0) {
+ /*
+ * If the offset is 0, we better ignore
+ * the buffer_length field.
+ */
+ return NT_STATUS_OK;
+ }
+
+ if (buffer_length == 0) {
+ /*
+ * If the length is 0, we better ignore
+ * the buffer_offset field.
+ */
+ return NT_STATUS_OK;
+ }
+
+ if ((buffer_offset % 8) != 0) {
+ /*
+ * The offset needs to be 8 byte aligned.
+ */
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+
+ /*
+ * We used to enforce buffer_offset to be
+ * an exact match of the expected minimum,
+ * but the NetApp Ontap 7.3.7 SMB server
+ * gets the padding wrong and aligns the
+ * input_buffer_offset by a value of 8.
+ *
+ * So we just enforce that the offset is
+ * not lower than the expected value.
+ */
+ SMB_ASSERT(min_offset >= dyn_offset);
+ if (buffer_offset < min_offset) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+
+ /*
+ * Make [input|output]_buffer_offset relative to "dyn_buffer"
+ */
+ offset = buffer_offset - dyn_offset;
+ oob = smb_buffer_oob(dyn_buffer.length, offset, buffer_length);
+ if (oob) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+
+ /*
+ * Give the caller a hint what we consumed,
+ * the caller may need to add possible padding.
+ */
+ *next_offset = buffer_offset + buffer_length;
+
+ if (max_length == 0) {
+ /*
+ * If max_input_length is 0 we ignore the
+ * input_buffer_length, because Windows 2008 echos the
+ * DCERPC request from the requested input_buffer to
+ * the response input_buffer.
+ *
+ * We just use the same logic also for max_output_length...
+ */
+ buffer_length = 0;
+ }
+
+ if (buffer_length > max_length) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+
+ *buffer = (DATA_BLOB) {
+ .data = dyn_buffer.data + offset,
+ .length = buffer_length,
+ };
+ return NT_STATUS_OK;
+}
+
static void smb2cli_ioctl_done(struct tevent_req *subreq)
{
struct tevent_req *req =
@@ -169,15 +260,19 @@ static void smb2cli_ioctl_done(struct tevent_req *subreq)
tevent_req_data(req,
struct smb2cli_ioctl_state);
NTSTATUS status;
+ NTSTATUS error;
struct iovec *iov;
uint8_t *fixed;
- uint8_t *dyn;
--
Samba Shared Repository
More information about the samba-cvs
mailing list