1
0
mirror of https://github.com/samba-team/samba.git synced 2025-03-14 00:58:38 +03:00

124602 Commits

Author SHA1 Message Date
Stefan Metzmacher
f31a64c133 ldb: version 2.3.0
o BUG #14595: CVE-2020-27840: Heap corruption via crafted DN strings.
o BUG #14655: CVE-2021-20277: Out of bounds read in AD DC LDAP server.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Karolin Seeger <kseeger@samba.org>
ldb-2.3.0
2021-03-24 10:23:06 +01:00
Karolin Seeger
ed4a04eca5 VERSION: Disable GIT_SNAPSHOT for the 4.14.1 release.
o BUG #14595: CVE-2020-27840: Heap corruption via crafted DN strings.
o BUG #14655: CVE-2021-20277: Out of bounds read in AD DC LDAP server.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
samba-4.14.1
2021-03-23 09:29:08 +01:00
Karolin Seeger
94b42a3a39 WHATSNEW: Add release notes for Samba 4.14.1.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
2021-03-23 09:28:00 +01:00
Douglas Bagnall
2d82f0e1b8 CVE-2020-27840: pytests: move Dn.validate test to ldb
We had the test in the Samba Python segfault suite because
a) the signal catching infrastructure was there, and
b) the ldb tests lack Samba's knownfail mechanism, which allowed us to
   assert the failure.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14595

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-03-19 08:52:23 +01:00
Douglas Bagnall
f89767bea7 CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode
A DN string with lots of trailing space can cause ldb_dn_explode() to
put a zero byte in the wrong place in the heap.

When a DN string has a value represented with trailing spaces,
like this

     "CN=foo   ,DC=bar"

the whitespace is supposed to be ignored. We keep track of this in the
`t` pointer, which is NULL when we are not walking through trailing
spaces, and points to the first space when we are. We are walking with
the `p` pointer, writing the value to `d`, and keeping the length in
`l`.

     "CN=foo   ,DC= "       ==>       "foo   "
            ^  ^                             ^
            t  p                             d
                                       --l---

The value is finished when we encounter a comma or the end of the
string. If `t` is not NULL at that point, we assume there are trailing
spaces and wind `d and `l` back by the correct amount. Then we switch
to expecting an attribute name (e.g. "CN"), until we get to an "=",
which puts us back into looking for a value.

Unfortunately, we forget to immediately tell `t` that we'd finished
the last value, we can end up like this:

     "CN=foo   ,DC= "       ==>        ""
            ^      ^                    ^
            t      p                    d
                                        l=0

where `p` is pointing to a new value that contains only spaces, while
`t` is still referring to the old value. `p` notices the value ends,
and we subtract `p - t` from `d`:

     "CN=foo   ,DC= "       ==>  ?     ""
            ^       ^            ^
            t       p            d
                                      l ~= SIZE_MAX - 8

At that point `d` wants to terminate its string with a '\0', but
instead it terminates someone else's byte. This does not crash if the
number of trailing spaces is small, as `d` will point into a previous
value (a copy of "foo" in this example). Corrupting that value will
ultimately not matter, as we will soon try to allocate a buffer `l`
long, which will be greater than the available memory and the whole
operation will fail properly.

However, with more spaces, `d` will point into memory before the
beginning of the allocated buffer, with the exact offset depending on
the length of the earlier attributes and the number of spaces.

What about a longer DN with more attributes? For example,
"CN=foo     ,DC= ,DC=example,DC=com" -- since `d` has moved out of
bounds, won't we continue to use it and write more DN values into
mystery memory? Fortunately not, because the aforementioned allocation
of `l` bytes must happen first, and `l` is now huge. The allocation
happens in a talloc_memdup(), which is by default restricted to
allocating 256MB.

So this allows a person who controls a string parsed by ldb_dn_explode
to corrupt heap memory by placing a single zero byte at a chosen
offset before the allocated buffer.

An LDAP bind request can send a string DN as a username. This DN is
necessarily parsed before the password is checked, so an attacker does
not need proper credentials. The attacker can easily cause a denial of
service and we cannot rule out more subtle attacks.

The immediate solution is to reset `t` to NULL when a comma is
encountered, indicating that we are no longer looking at trailing
whitespace.

Found with the help of Honggfuzz.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14595

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-03-19 08:52:23 +01:00
Douglas Bagnall
c82bea2b72 CVE-2020-27840: pytests:segfault: add ldb.Dn validate test
ldb.Dn.validate wraps ldb_dn_explode.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14595

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-03-19 08:52:23 +01:00
Douglas Bagnall
fab6b79b77 CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds
For a string that had N spaces at the beginning, we would
try to move N bytes beyond the end of the string.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14655

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

(cherry-picked from commit for master)
2021-03-19 08:51:01 +01:00
Andrew Bartlett
50e44877c3 CVE-2021-20277 ldb: Remove tests from ldb_match_test that do not pass
This reverts some of the backport of 33a95a1e75b85e9795c4490b78ead2162e2a1f47

This is done here rather than squashed in the cherry-pick of the expanded testsuite
because it allows this commit to be simply reverted for the backport of bug 14044
if this lands first, or to be dropped if bug 14044 lands first.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14655

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2021-03-19 08:51:01 +01:00
Douglas Bagnall
1d966cb12e CVE-2021-20277 ldb tests: ldb_match tests with extra spaces
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14655

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry-picked from commit for master)
2021-03-19 08:51:01 +01:00
Douglas Bagnall
ff12bd2fa1 ldb: add tests for ldb_wildcard_compare
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14044

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

(cherry-picked from commit 33a95a1e75b85e9795c4490b78ead2162e2a1f47)
2021-03-19 08:51:01 +01:00
Karolin Seeger
72ca2fb73a VERSION: Bump version up to 4.14.1...
and-re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit 3fa3608e8f00df81ae7504f26459b42da069d322)
2021-03-19 08:49:01 +01:00
Karolin Seeger
9b49519cae VERSION: Bump version up to 4.14.0...
and disable GIT_SNAPSHOT for the release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
samba-4.14.0
2021-03-09 13:30:50 +01:00
Karolin Seeger
d42d46964b WHATSNEW: Add release notes for Samba 4.14.0.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
2021-03-09 13:27:49 +01:00
Karolin Seeger
fc0c01be97 Revert "wscript: use --as-needed only if tested successfully"
This reverts commit 4d1ed9c319deac5cba1682611dcefdf002cb9d48.
2021-03-09 09:18:16 +01:00
Volker Lendecke
f912b8f600 g_lock: Fix uninitalized variable reads
If dbwrap_watched_watch_recv() returns IO_TIMEOUT, "blockerdead" might
be an uninitialized non-false, and further down we'll remove the wrong
exclusive locker.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14636
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Mar  5 11:22:07 UTC 2021 on sn-devel-184

(cherry picked from commit 654c18a244f060d81280493a324b98602a69dbbf)

Autobuild-User(v4-14-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-14-test): Mon Mar  8 10:58:06 UTC 2021 on sn-devel-184
2021-03-08 10:58:06 +00:00
Volker Lendecke
0226430620 locking: Fix an uninitialized variable read
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14636
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 84b634c613352fc1da8e1525d72597c526d534d2)
2021-03-08 09:47:48 +00:00
Trever L. Adams
1c02f82ec6 s3:modules:vfs_virusfilter: Recent talloc changes cause infinite start-up failure
Recent talloc changes cause the current check for failure to allocate to be incorrectly triggered.

This patch checks to see if the original parameter to be checked for NULL if the talloc returns NULL. This allows for rapid passing in the ca

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14634
RN: Fix failure of vfs_virusfilter starting due to talloc changes

Signed-off-by: Trever L. Adams" <trever.adams@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
(cherry picked from commit 5a92810082c9a9d2833946ae0d83ce05a6bde597)

Autobuild-User(v4-14-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-14-test): Fri Mar  5 14:25:49 UTC 2021 on sn-devel-184
2021-03-05 14:25:49 +00:00
Björn Jacke
4d1ed9c319 wscript: use --as-needed only if tested successfully
Some OSes like Solaris based OmiOS don't support this.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14288

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 996560191ac6bd603901dcd6c0de5d239e019ef4)
2021-03-05 13:17:23 +00:00
Peter Eriksson
1fb83efd7d s3: VFS: nfs4_acls. Add missing TALLOC_FREE(frame) in error path.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14648

Signed-off-by: Peter Eriksson <pen@lysator.liu.se>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>

Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Thu Feb 25 20:46:02 UTC 2021 on sn-devel-184

(cherry picked from commit 3d91fe071a29e2e0c54a10ba081a46cb5c324585)

Autobuild-User(v4-14-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-14-test): Wed Mar  3 10:12:36 UTC 2021 on sn-devel-184
2021-03-03 10:12:36 +00:00
Karolin Seeger
cf6df7285f WHATSNEW: Remove some old stuff.
Signed-off-by: Karolin Seeger <kseeger@samba.org>

Autobuild-User(v4-14-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-14-test): Mon Mar  1 20:35:12 UTC 2021 on sn-devel-184
2021-03-01 20:35:12 +00:00
Karolin Seeger
31defeed80 VERSION: Bump version up to 4.14.0rc5...
and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
2021-03-01 10:27:24 +01:00
Karolin Seeger
205891fc5a VERSION: Disable GIT_SNAPSHOT for the 4.14.0rc4 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
samba-4.14.0rc4
2021-03-01 10:27:13 +01:00
Karolin Seeger
93b47d319c WHATSNEW: Add release notes for Samba 4.14.0rc4.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
2021-03-01 10:25:19 +01:00
Ralph Boehme
9baa3dddd0 smbd: don't overwrite _mode if neither a msdfs symlink nor get_dosmode is requested
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14629

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit d78964c40b5ca5ee0658c46d492b3dcd6f6b4b94)

Autobuild-User(v4-14-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-14-test): Fri Feb 26 10:00:59 UTC 2021 on sn-devel-184
2021-02-26 10:00:59 +00:00
Ralph Boehme
c19d3eacc2 CI: verify a symlink has FILE_ATTRIBUTE_NORMAL set
Not that it really makes sense to set FILE_ATTRIBUTE_NORMAL for symlinks in
POSIX client context, but that's what we had before 4.14.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14629

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 5572ae296e720a00ab438d7b50cfc458af631f69)
2021-02-26 08:50:41 +00:00
Ralph Boehme
cc3c704a84 vfs_aixacl: fix regression from f4c2f867f035fcbe3d547d5635d058b0aec7636a
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14620

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Jan 26 20:05:39 UTC 2021 on sn-devel-184

(cherry picked from commit 7114150f43751ab869323b91da83705b1e1ab465)
2021-02-26 08:50:41 +00:00
Ralph Boehme
72dcae2f56 vfs: restore platform specific POSIX sys_acl_set_file() functions
92b149954237a445594c993b79a860c63113d54b removed SMB_VFS_SYS_ACL_SET_FILE() and
all the VFS module implementations. But sys_acl_set_file() in vfs_default calls
into sys_acl_set_file() in sysacls.c which calls back into platform specific
modules.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14619

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Jan 28 15:21:02 UTC 2021 on sn-devel-184

(cherry picked from commit c8c2aef0ac613849d641e39193448f3e512caccf)
2021-02-26 08:50:40 +00:00
Jeremy Allison
51577d22ef smbd: In conn_force_tdis_done() when forcing a connection closed force a full reload of services.
Prevents reload_services() caching the fact it might be
called multiple times in a row.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14604

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit e4c8cd0781aef2a29bb4db1314c9fcd4f6edcecd)
2021-02-26 08:50:40 +00:00
Andrew Bartlett
42dbd31f73 dbcheck: Check Deleted Objects and reduce noise in reports about expired tombstones
These reports (about recently deleted objects)
create concern about a perfectly normal part of DB operation.

We must not operate on objects that are expired or we might reanimate them,
but we must fix "Deleted Objects" if it is wrong (mostly it is set as being
deleted in 9999, but in alpha19 we got this wrong).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14593

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Feb  3 05:29:11 UTC 2021 on sn-devel-184

(cherry picked from commit da627106cdbf8d375b25fa3338a717447f3dbb6e)

Autobuild-User(v4-14-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-14-test): Mon Feb 22 12:00:43 UTC 2021 on sn-devel-184
2021-02-22 12:00:43 +00:00
Andrew Bartlett
b3cd04c103 selftest: Confirm that we fix any errors on the Deleted Objects container itself
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14593

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 1ec1c35a3ae422720df491f5555c9bc787c9944c)
2021-02-22 10:53:26 +00:00
Ralph Boehme
1f520ec35e printing: use correct error out in get_correct_cversion() when openat_pathref_fsp() fails
Fixes a regression introduced by a74f0af1a91fe0bbc68e4d41d65f43ec383ae8bf: if
there's no existing file, openat_pathref_fsp() will fail with
NT_STATUS_OBJECT_NAME_NOT_FOUND which must be handled the same way it is done by
the SMB_VFS_CREATE_FILE() call below.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14635
RN: Printerdriver upload 4.14rc1 not working

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Feb 17 19:53:00 UTC 2021 on sn-devel-184

(cherry picked from commit 718f7b1a84f1c6eb35d52232a8573370f45add56)
2021-02-22 10:53:26 +00:00
Ralph Boehme
b30a1950e2 printing: use correct error out in file_version_is_newer() when openat_pathref_fsp() fails
Fixes a regression introduced by ef5e913bca584f0232d5bfff14df4ccba2dda35c: if
there's no existing file, openat_pathref_fsp() will fail with
NT_STATUS_OBJECT_NAME_NOT_FOUND which must be handled the same way it is done by
the SMB_VFS_CREATE_FILE() call below.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14635

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 70063c523bff5e471eac2b011b243c5aa0c4bee1)
2021-02-22 10:53:26 +00:00
Ralph Boehme
5b1a5b776a printing: use correct error out in file_version_is_newer() when openat_pathref_fsp() fails
Fixes a regression introduced by cbe25e1777d0c43c21e8acc2cea79fd03fdaf2ea: if
there's no existing file, openat_pathref_fsp() will fail with
NT_STATUS_OBJECT_NAME_NOT_FOUND which must be handled the same way it is done by
the SMB_VFS_CREATE_FILE() call below.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14635

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 8c1fd86db873f0326faf1cefa731a03709f8ac7f)
2021-02-22 10:53:26 +00:00
Karolin Seeger
d339556659 VERSION: Bump version up to 4.14.0rc4...
and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
2021-02-18 09:57:15 +01:00
Karolin Seeger
0490e756e1 VERSION: Bump version up to 4.14.0rc3.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
samba-4.14.0rc3
2021-02-18 09:56:00 +01:00
Karolin Seeger
486f38219b WHATSNEW: Add release notes for Samba 4.14.0rc3.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
2021-02-18 09:55:28 +01:00
Björn Jacke
dedae24065 classicupgrade: treat old never expires value right
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14624

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Feb 10 15:06:49 UTC 2021 on sn-devel-184

(cherry picked from commit df75d82c9de6977c466ee9f01886cb012a9c5fef)

Autobuild-User(v4-14-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-14-test): Tue Feb 16 18:27:20 UTC 2021 on sn-devel-184
2021-02-16 18:27:20 +00:00
Stefan Metzmacher
ecb41890f1 s3:pysmbd: fix fd leak in py_smbd_create_file()
Various 'samba-tool domain backup' commands use this and will
fail if there's over ~1000 files in the sysvol folder.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13898

Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit d8fa464a2dfb11df4e1db4ebffe8bd28ff118c75)
2021-02-16 17:16:40 +00:00
Paul Wise
a6f228f675 HEIMDAL: krb5_storage_free(NULL) should work
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12505

Signed-off-by: Paul Wise <pabs3@bonedaddy.net>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Original-author: Nicolas Williams <nico@twosigma.com>
(cherry-picked from heimdal commit b3db07d5f0e03f6a1a0a392e70f9675e19a6d6af)
(cherry picked from commit f9ed4f7028a5ed29026ac8ef1b47b63755ba98f8)
2021-02-16 17:16:40 +00:00
Andreas Schneider
938b89616a lib:util: Avoid free'ing our own pointer
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14625

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 0bdbe50fac680be3fe21043246b8c75005611351)

Autobuild-User(v4-14-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-14-test): Tue Feb  9 13:31:03 UTC 2021 on sn-devel-184
2021-02-09 13:31:03 +00:00
Andreas Schneider
27d93c8d46 lib:util: Add cache oversize test for memcache
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14625

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 00543ab3b29e3fbfe8314e51919629803e14ede6)
2021-02-09 12:27:16 +00:00
Andreas Schneider
805b8be949 lib:util: Add basic memcache unit test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14625

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit bebbf621d6052f797c5cf19a2a9bbc13e699d3f0)
2021-02-09 12:27:16 +00:00
Karolin Seeger
ea2f9ebf78 VERSION: Bump version up to Samba 4.14.0rc3...
and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
2021-02-04 09:22:53 +01:00
Karolin Seeger
3b1235240f VERSION: Disable GIT_SNAPSHOT for the 4.14.0rc2 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
samba-4.14.0rc2
2021-02-04 09:22:08 +01:00
Karolin Seeger
c07d538a4b WHATSNEW: Add release notes for Samba 4.14.0rc2.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
2021-02-04 09:21:42 +01:00
Jeremy Allison
df0dd2ae00 s3: libsmb: cli_state_save_tcon(). Don't deepcopy tcon struct when temporarily swapping out a connection on a cli_state.
This used to make a deep copy of either
cli->smb2.tcon or cli->smb1.tcon, but this leaves
the original tcon pointer in place which will then get
TALLOC_FREE()'d when the new tree connection is made on
this cli_state.

As there may be pipes open on the old tree connection with
talloc'ed state allocated using the original tcon pointer as a
talloc parent we can't deep copy and then free this pointer
as that will fire the destructors on the pipe memory and
mark them as not connected.

This call is used to temporarily swap out a tcon pointer
(whilst keeping existing pipes open) to allow a new tcon
on the same cli_state and all users correctly call
cli_state_restore_tcon() once they are finished with
the new tree connection.

Just return the existing pointer and set the old value to NULL.
We know we MUST be calling cli_state_restore_tcon() below
to restore the original tcon tree connection pointer before
closing the session.

Remove the knownfail.d entry.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13992

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Feb  2 21:05:25 UTC 2021 on sn-devel-184

(cherry picked from commit 4f80f5f9046b64a9e5e0503b1cb54f1492c4faec)

Autobuild-User(v4-14-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-14-test): Wed Feb  3 22:32:58 UTC 2021 on sn-devel-184
2021-02-03 22:32:58 +00:00
Jeremy Allison
b6a9277bea s3: torture: Change the SMB1-only UID-REGRESSION-TEST to do an explicit copy of the tcon struct in use.
For this test only, explicitly copy the SMB1 tcon struct,
don't use cli_state_save_tcon()//cli_state_restore_tcon()
as these calls will soon change to just manipulate the pointer
to avoid TALLOC_FREE() on the tcon struct which calls
destructors on child pipe data.

In SMB1 this test calls cli_tdis() twice with an invalid
vuid and expects the SMB1 tcon struct to be preserved
across the calls.

SMB1 cli_tdis() frees cli->smb1.tcon so we must put back
a deep copy into cli->smb1.tcon to be able to safely call
cli_tdis() again.

This is a test-only hack. Real client code
uses cli_state_save_tcon()/cli_state_restore_tcon()
if it needs to temporarily swap out the active
tcon on a client connection.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13992

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit e93e6108837eff0cebad8dc26d055c0e1386093a)
2021-02-03 21:23:55 +00:00
Jeremy Allison
b6183a479c s3: smbtorture3: Ensure run_tcon_test() always replaces any saved tcon and shuts down correctly even in error paths.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13992

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit f9ca91bd293e9f2710c4449c5d4f5d016a066049)
2021-02-03 21:23:55 +00:00
Jeremy Allison
55294ccdec s3: smbtorture3: Ensure we *always* replace the saved saved_tcon even in an error condition.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13992

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit dc701959cad7bf15aa47cad6451212606520f67f)
2021-02-03 21:23:55 +00:00
Jeremy Allison
7125792f0e s3: libsmb: Ensure we disconnect the temporary SMB1 tcon pointer on failure to set up encryption.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13992

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit faba89ad59eaa189f325be17377645862080a965)
2021-02-03 21:23:55 +00:00