summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* VERSION: Disable GIT_SNAPSHOT for the 4.17.6 release.samba-4.17.6Jule Anger2023-03-091-1/+1
| | | | Signed-off-by: Jule Anger <janger@samba.org>
* WHATSNEW: Add release notes for Samba 4.17.6.Jule Anger2023-03-091-2/+63
| | | | Signed-off-by: Jule Anger <janger@samba.org>
* s3: smbd: Fix fsp/fd leak when looking up a non-existent stream name on a file.Jeremy Allison2023-03-082-1/+21
| | | | | | | | | | | | | | | | | | | | | | | When open_stream_pathref_fsp() returns NT_STATUS_OBJECT_NAME_NOT_FOUND, smb_fname_rel->fsp has been set to NULL, so we must free base_fsp separately to prevent fd-leaks when opening a stream that doesn't exist. Remove knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15314 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Fri Mar 3 16:37:27 UTC 2023 on atb-devel-224 (cherry picked from commit 3f84a6df4546e0f1e62dfbcd0b823ea29499a787) Autobuild-User(v4-17-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-17-test): Wed Mar 8 10:11:41 UTC 2023 on sn-devel-184
* s3: tests: Add new test_stream_dir_rename.sh test.Jeremy Allison2023-03-083-0/+77
| | | | | | | | | | | | | | Shows we are leaking an fsp/fd if we request a non-existent stream on a file. This then causes rename of a directory containing the file to be denied, as it thinks we have an existing open file below it. Add knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15314 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit c54bec26ad23b0121b2ddfbf04bc81050f27e6e1)
* s3: provision: Add new streams_xattr_nostrict share - needs "strict rename = ↵Jeremy Allison2023-03-081-0/+5
| | | | | | | | | | | | | | no". The bug we're testing for needs "strict rename = no" (the default), but the existing streams_xattr share uses "strict rename = yes" from the [global] section. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15314 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 5a3db5105bd8360b245cd35810002740ccff605c)
* rpcd: With npa->need_idle_server we can have more than 256 serversVolker Lendecke2023-03-072-2/+2
| | | | | | | | | | | | | | | | | | | | Before this patch the worker-status cut the worker index such that samba-dcerpcd could not properly update status of the surplus rpc daemons. This could lead to those daemons to stay around forever, samba-dcerpcd will never notice they are idle and can exit. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15310 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Mon Mar 6 22:35:00 UTC 2023 on atb-devel-224 (cherry picked from commit a1780ed8d1b46e4760319b27a4978e7ce7a1df80) Autobuild-User(v4-17-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-17-test): Tue Mar 7 11:16:46 UTC 2023 on sn-devel-184
* rpcd: Do blocking connects to local pipesVolker Lendecke2023-03-071-1/+13
| | | | | | | | | | | We don't have real async callers yet, and this is the simplest way to fix our missing light-weight deterministic async fallback mechanism. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15310 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 0ab7b84ccbd383bb2f696ce258438d4af57fe6f0)
* rpcd: Increase listening queueVolker Lendecke2023-03-071-1/+1
| | | | | | | | | | Allow more waiters under load. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15310 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit f23eb1b3b728d7a13add8c6614d9992aad2c3653)
* torture3: test rpc scalabilityVolker Lendecke2023-03-074-0/+307
| | | | | | | | | | | | | | | | With smbtorture3 //127.0.0.1/ipc\$ rpc-scale -N 50 -o 1000 I am able to immediately trigger bug 15130. Not running by default, this is a pure load test. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15310 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (back-ported from commit 86e95b57d6848482dc73c624c2e8d2bdb79c1d21)
* librpc: Remove unused sync rpc_transport_np_init()Volker Lendecke2023-03-072-34/+0
| | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit f3ce9970002459a069344ca5519fb91feacb4a6e)
* librpc: Make rpc_pipe_open_np() public and asyncVolker Lendecke2023-03-072-32/+113
| | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 07ebf97a74fb5c0d0504e76c50f3aca8257dab1f)
* lib:util: File descriptor being closed repeatedly.baixiangcpp2023-02-231-1/+8
| | | | | | | | | | | | | | | | | | | | In file_load()/file_lines_load(), the file's fd is obtained using open(), and in fd_load() the fd is converted to a FILE* using fdopen(). However, after fclose(), the fd is closed again using close(). Bug: https://bugzilla.samba.org/show_bug.cgi?id=15311 Signed-off-by: baixiangcpp baixiangcpp@gmail.com Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Thu Feb 16 12:13:05 UTC 2023 on atb-devel-224 (cherry picked from commit 206dcf7d426e9e85c896c54839008e194d9a2824) Autobuild-User(v4-17-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-17-test): Thu Feb 23 13:37:27 UTC 2023 on sn-devel-184
* vfs_ceph: use fsp_get_pathref_fd in ceph fstatat and close vfs callsJohn Mulligan2023-02-151-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Replace fsp_get_io_fd with fsp_get_pathref_fd as these calls do use pathref fsps. fsp_get_io_fd asserts that the fsp is not pathref and asserts (on a debug build) or returns -1 (non debug build). Prior to these changes running ls on the root of the share failed. Logging from the failure case: ``` openat_pathref_fsp: smb_fname [.] openat_pathref_fullname: smb_fname [.] fsp_new: allocated files structure (1 used) file_name_hash: //. hash 0x3dfcc1c2 check_reduced_name: check_reduced_name [.] [/] cephwrap_realpath: [CEPH] realpath(0x55604da9a030, .) = //. check_reduced_name realpath [.] -> [//.] check_reduced_name: . reduced to //. cephwrap_openat: [CEPH] openat(0x55604da9a030, ., 0x55604da81f00, 133120, 0) cephwrap_openat: [CEPH] open(...) = 10 cephwrap_fstat: fsp_get_io_fd: fsp [.] is a path referencing fsp [CEPH] fstat(0x55604da9a030, -1) fsp_get_io_fd: fsp [.] is a path referencing fsp cephwrap_fstat: [CEPH] fstat(...) = -9 fd_openat: name ., flags = 04000 mode = 00, fd = 10. NT_STATUS_INVALID_HANDLE openat_pathref_fullname: Opening pathref for [.] failed: NT_STATUS_INVALID_HANDLE ``` This change also seems to match the recommendations in the `When to use fsp_get_io_fd() or fsp_get_pathref_fd()` section of The_New_VFS.txt document. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15307 Signed-off-by: John Mulligan <jmulligan@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Gunther Deschner <gdeschne@redhat.com> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Mon Feb 13 20:04:38 UTC 2023 on atb-devel-224 (cherry picked from commit 54a8da864071e28eb6297b872dcb57fb9b171f33) Autobuild-User(v4-17-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-17-test): Wed Feb 15 14:21:41 UTC 2023 on sn-devel-184
* mdssvc: fix kMDScopeArray parsingRalph Boehme2023-02-101-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In macOS Ventura marshalling of kMDScopeArray in the "openQueryWithParams" request has changed from string: kMDScopeArray sl_array_t(#1): { string: /foo/bar } to: string: kMDScopeArray sl_array_t(#1): { sl_array_t(#1): { string: /foo/bar } } With this patch we check both encodings. Bug fixed according to user feedback. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15299 RN: Spotlight doesn't work with latest macOS Ventura Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 1dd0cd2f4e644ad43b0e7ee2aaae19799e859585) Autobuild-User(v4-17-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-17-test): Fri Feb 10 10:43:35 UTC 2023 on sn-devel-184
* s4-drsuapi: Give an error that matches windows on destination_dsa_guid ↵Andrew Bartlett2023-02-032-4/+12
| | | | | | | | | | | | | | | | | lookup failure BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Jan 31 13:43:54 UTC 2023 on atb-devel-224 (cherry picked from commit 0f2978bbc0ed5b65d75c20472650a749643312e7) Autobuild-User(v4-17-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-17-test): Fri Feb 3 10:28:42 UTC 2023 on sn-devel-184
* s4-drsuapi: Clarify role of drs_security_access_check_nc_root()Andrew Bartlett2023-02-031-1/+5
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 1838f349c94b878de1740af35351a2e8e0c8cffb)
* s4-rpc_server: Pre-check destination_dsa_guid in GetNCChanges for validityAndrew Bartlett2023-02-032-5/+39
| | | | | | | | | | This allows our new tests to pass as these need to be checked first. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 115a3a10440f44ba11029be5ae3a05534a7b98c0)
* s4-drsuapi: Use samdb_get_ntds_obj_by_guid() to find RODC in REPL_SECRETAndrew Bartlett2023-02-031-3/+9
| | | | | | | | | | | | | We need to find the RODC per the destination_dsa_guid to mark the secrets as having been replicated, and by using samdb_get_ntds_obj_by_guid() we are stricter in the checks, as the RODC has to be the right objectClass (nTDSDSA) and under the CN=Configuration partition. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 09ec6a1db2d3b831548bf7d66475c486be29b1d1)
* s4-dsdb: Require that the NTDS object is an nTDSDSA objectclassAndrew Bartlett2023-02-031-1/+1
| | | | | | | | | | | This should avoid a user being able to specify the GUID of a different type of object. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit adb776149e5ac0eb346992775610627106e1a986)
* s4-dsdb: Split samdb_get_ntds_obj_by_guid() out of samdb_is_rodc()Andrew Bartlett2023-02-031-12/+47
| | | | | | | | | | | This will allow the logic here to be tighened up and shared in the next few commits. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit d5a2af3feae98057ba29de444d308d499d633941)
* s4-rpc_server/drsuapi: Return correct error code for an invalid DN to ↵Andrew Bartlett2023-02-032-2/+14
| | | | | | | | | | EXOP_REPL_OBJ/EXOP_REPL_OBJ BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit cbe18353d8d7b2a35b965e4fc8c895ac497e67e8)
* s4-drs: Make drs_ObjectIdentifier_to_dn() safer and able to cope with ↵Andrew Bartlett2023-02-034-32/+165
| | | | | | | | | | | | | | | | | | DummyDN values We want to totally ignore the string DN if there is a GUID, as clients like "Microsoft Azure AD connect cloud sync" will set a literal "DummyDN" string. RN: Use of the Azure AD Connect cloud sync tool is now supported for password hash synchronisation, allowing Samba AD Domains to synchronise passwords with this popular cloud environment. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 73f3ece8b2b44ac4b3323a08fb969f29bf2b0380)
* s4-dsdb: rework drs_ObjectIdentifier_to_dn() into ↵Andrew Bartlett2023-02-035-33/+133
| | | | | | | | | | | | | | | drs_ObjectIdentifier_to_dn_and_nc_root() This make this funciton the gatekeeper between the wire format and the internal struct ldb_dn, checking if the DN exists and which NC it belongs to along the way, and presenting only a DB-returned DN for internal processing. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit aee2039e63ceeb5e69a0461fb77e0f18278e4dc4)
* s4-rpc_server/drsuapi: Use dsdb_normalise_dn_and_find_nc_root()Andrew Bartlett2023-02-031-3/+9
| | | | | | | | | | | | | This reuses the search done for dsdb_find_nc_root() to normalise the DN. This will allow a GUID-input DN to be compared safely with a RID Manager DN or Naming Context. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit e96dfc74b3ece40fe64a33aa8b8d810b576982bd)
* s4-dsdb: Add dsdb_normalise_dn_and_find_nc_root() around dsdb_find_nc_root()Andrew Bartlett2023-02-031-2/+33
| | | | | | | | | | | | | Reuse the search done for dsdb_find_nc_root() to normalise the DN. This will allow a GUID-input DN to be compared safely with a RID Manager DN or Naming Context. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 8e1122420efd11a91aa1c5d60c0cc8fd9ffaf157)
* s4-dsdb: Add better debugging to dsdb_objects_have_same_nc()Andrew Bartlett2023-02-031-4/+4
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 0f501b2316af6568003e520848c1ec80c286fd36)
* s4-dsdb: Make dsdb_find_nc_root() first try and use ↵Andrew Bartlett2023-02-032-13/+234
| | | | | | | | | | | | | DSDB_CONTROL_CURRENT_PARTITION_OID This allows lookup of a DN with a GUID only or GUID and string, possibly not yet in the database, yet still getting the correct result. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit d0444be4b74bdad6a731bc5fcf86da6142b03539)
* s4-dsdb: Schedule SD propegation only after successful renameAndrew Bartlett2023-02-031-39/+95
| | | | | | | | | | | | | | | | | This avoids needing to anticipate errors that the rename might give while allowing the dsdb_find_nc_root() routine to become stricter. The problem is that dsdb_find_nc_root() will soon do a real search and so fail more often, but these failures will give "wrong" error codes. We do not need to do this work if the operation fails, so put this in the callback. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 7032b86cd5c1456318558ed95f8890e353117ced)
* s4-selftest/drs: Confirm GetNCChanges REPL_SECRET works with a DummyDN and ↵Andrew Bartlett2023-02-033-1/+50
| | | | | | | | | | real GUID BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 7c43388576f768db564aaf15a47d3f9ce5796fb3)
* s4-selftest/drs: Confirm GetNCChanges full replication works with a DummyDN ↵Andrew Bartlett2023-02-032-2/+52
| | | | | | | | | | and real GUID BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 539221dda33f03a1abf5ee5f3153db0fe1a9bfe6)
* s4-selftest/drs: Confirm GetNCChanges REPL_OBJ works with a DummyDN and real ↵Andrew Bartlett2023-02-032-6/+77
| | | | | | | | | | GUID BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 70faccae6d595056174af8d63b3437c9fe3805aa)
* s4-selftest/drs Allow re-run of DRS tests after failed cleanupAndrew Bartlett2023-02-031-1/+2
| | | | | | | | | | Using a random base is a useful start, even if the better solution also includes a self.AddCleanup() BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 3204d1350b21704474e577cb5f3f2439b673c421)
* s4-selftest/drs Allow some DRS tests to operate against an IPAndrew Bartlett2023-02-034-29/+18
| | | | | | | | | | | This is not comprehensive, but makes some manual test runs easier by avoiding the need for DNS names to resolve. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit a150a2dcb1fc7fc7f606838de17ad4d3e6072bda)
* s4-selftest/drs Add test of expected return code for invaid DNs in GetNCChangesAndrew Bartlett2023-02-033-3/+88
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit bee45e6b29b97e0cab19a9c3cf692d9a7585a717)
* s4-dsdb: Add tests of SamDB.get_nc_root()Andrew Bartlett2023-02-032-0/+132
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 2c7bb58703c1fa26782ac6959ea7d81fccf3905c)
* s3/lib: Prevent use after free of messaging_ctdb_fde_ev structsNoel Power2023-01-271-0/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In a cluster setup samba-bgqd async callback cups_pcap_load_async can access messaging_ctdb_fde_ev associated with already destructed global_ctdb_ctx_destructor ==26053== Invalid read of size 8 ==26053== at 0x71692E1: messaging_ctdb_fde_ev_destructor (messages_ctdb.c:181) ==26053== by 0x40B2309: _tc_free_internal (talloc.c:1158) ==26053== by 0x40B3539: _tc_free_children_internal (talloc.c:1669) ==26053== by 0x40B24C4: _tc_free_internal (talloc.c:1184) ==26053== by 0x40B3539: _tc_free_children_internal (talloc.c:1669) ==26053== by 0x40B24C4: _tc_free_internal (talloc.c:1184) ==26053== by 0x40B2685: _talloc_free_internal (talloc.c:1248) ==26053== by 0x40B3963: _talloc_free (talloc.c:1792) ==26053== by 0x4056BCA: tevent_req_received (tevent_req.c:301) ==26053== by 0x405673D: tevent_req_destructor (tevent_req.c:135) ==26053== by 0x40B2309: _tc_free_internal (talloc.c:1158) ==26053== by 0x40B3539: _tc_free_children_internal (talloc.c:1669) ==26053== by 0x40B24C4: _tc_free_internal (talloc.c:1184) ==26053== by 0x40B2685: _talloc_free_internal (talloc.c:1248) ==26053== by 0x40B3963: _talloc_free (talloc.c:1792) ==26053== by 0x1384EF: cups_pcap_load_async (print_cups.c:507) ==26053== by 0x13894B: cups_cache_reload (print_cups.c:602) ==26053== by 0x1373AE: pcap_cache_reload (pcap.c:140) ==26053== by 0x1369D2: register_printing_bq_handlers (queue_process.c:323) ==26053== by 0x122AD6: main (samba-bgqd.c:316) ==26053== Address 0xed64d48 is 120 bytes inside a block of size 128 free'd ==26053== at 0x4C370EB: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==26053== by 0x40B25E1: _tc_free_internal (talloc.c:1222) ==26053== by 0x40B2685: _talloc_free_internal (talloc.c:1248) ==26053== by 0x40B3963: _talloc_free (talloc.c:1792) ==26053== by 0x71691F6: messaging_ctdb_destroy (messages_ctdb.c:141) ==26053== by 0x7169C21: msg_ctdb_ref_destructor (messages_ctdb_ref.c:142) ==26053== by 0x40B2309: _tc_free_internal (talloc.c:1158) ==26053== by 0x40B3539: _tc_free_children_internal (talloc.c:1669) ==26053== by 0x40B24C4: _tc_free_internal (talloc.c:1184) ==26053== by 0x40B2685: _talloc_free_internal (talloc.c:1248) ==26053== by 0x40B3963: _talloc_free (talloc.c:1792) ==26053== by 0x4157380: messaging_reinit (messages.c:646) ==26053== by 0x416C01E: reinit_after_fork (util.c:488) ==26053== by 0x13844C: cups_pcap_load_async (print_cups.c:498) ==26053== by 0x13894B: cups_cache_reload (print_cups.c:602) ==26053== by 0x1373AE: pcap_cache_reload (pcap.c:140) ==26053== by 0x1369D2: register_printing_bq_handlers (queue_process.c:323) ==26053== by 0x122AD6: main (samba-bgqd.c:316) ==26053== Block was alloc'd at ==26053== at 0x4C346A4: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==26053== by 0x40B1989: __talloc_with_prefix (talloc.c:783) ==26053== by 0x40B1B23: __talloc (talloc.c:825) ==26053== by 0x40B1ECC: _talloc_named_const (talloc.c:982) ==26053== by 0x40B49C3: _talloc_zero (talloc.c:2421) ==26053== by 0x7168E68: messaging_ctdb_init (messages_ctdb.c:93) ==26053== by 0x716979D: messaging_ctdb_ref (messages_ctdb_ref.c:75) ==26053== by 0x415702A: messaging_init_internal (messages.c:563) ==26053== by 0x41572FD: messaging_init (messages.c:622) ==26053== by 0x4163ED3: global_messaging_context (global_contexts.c:62) ==26053== by 0x12273B: main (samba-bgqd.c:271) ==26053== Bug: https://bugzilla.samba.org/show_bug.cgi?id=15293 Signed-off-by: Noel Power <npower@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 7a880ef52dfc85ed2f674250b5baf5109f8d4691) Autobuild-User(v4-17-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-17-test): Fri Jan 27 09:45:10 UTC 2023 on sn-devel-184
* VERSION: Bump version up to Samba 4.17.6...Jule Anger2023-01-261-2/+2
| | | | | | and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger <janger@samba.org>
* VERSION: Disable GIT_SNAPSHOT for the 4.17.5 release.samba-4.17.5Jule Anger2023-01-261-1/+1
| | | | Signed-off-by: Jule Anger <janger@samba.org>
* WHATSNEW: Add release notes for Samba 4.17.5.Jule Anger2023-01-261-2/+83
| | | | Signed-off-by: Jule Anger <janger@samba.org>
* lib/replace - add extra check to bsd_attr_listAndrew Walker2023-01-231-0/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | The FreeBSD extattr API may return success and truncated namelist. We need to check for this in bsd_attr_list to ensure that we don't accidentally read off the end of the buffer. In the case of a truncated value, the pascal strings for attr names will reflect the lengths as if the value were not truncated. For example: `58DosStrea` In case of short read we now set error to ERANGE and fail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15271 Signed-off-by: Andrew Walker <awalker@ixsystems.com> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Mon Jan 2 14:27:23 UTC 2023 on sn-devel-184 (cherry picked from commit 01cdc5e00be78a51f0766634cc7fe50de2088203) Autobuild-User(v4-17-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-17-test): Mon Jan 23 10:27:59 UTC 2023 on sn-devel-184
* s3: smbd: Always use metadata_fsp() when processing fsctls.Jeremy Allison2023-01-232-2/+7
| | | | | | | | | | | | | | | | | | Currently all fsctls we implement need the base fsp, not an alternate data stream fsp. We may revisit this later if we implement fsctls that operate on an ADS. Remove knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15236 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Walker <awalker@ixsystems.com> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Mon Nov 14 18:13:31 UTC 2022 on sn-devel-184 (cherry picked from commit fa4eba131b882c3858b28f5fd9864998e19a4510)
* s3: smbd: Add test to show smbd crashes when doing an FSCTL on a named ↵Jeremy Allison2023-01-235-0/+80
| | | | | | | | | | | | stream handle. Add knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15236 Signed-off-by: Andrew Walker <awalker@ixsystems.com> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit abc4495e4591964bb4625c2669a1f84213faab77)
* s3:auth: call wbcFreeMemory(info) in auth3_generate_session_info_pac()Stefan Metzmacher2023-01-231-0/+1
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=15286 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit e27084f5d8c3a151c5d0b266118f0d71b641dc85)
* CVE-2022-38023 s3:rpc_server/netlogon: Avoid unnecessary loadparm_context ↵Samuel Cabrero2023-01-231-19/+2
| | | | | | | | | | | | | | | | | allocations After s3 and s4 rpc servers merge the loadparm_context is available in the dcesrv_context structure. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240 Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Jan 9 15:17:14 UTC 2023 on sn-devel-184 (cherry picked from commit 56837f3d3169a02d0d92bd085d9c8250415ce29b)
* CVE-2022-38023 docs-xml/smbdotconf: The "server schannel require ↵Samuel Cabrero2023-01-231-3/+2
| | | | | | | | | | seal[:COMPUTERACCOUNT]" options are also honoured by s3 netlogon server. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240 Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 02fba22b8c9e9b33ab430555ef45500c45eaa9d1)
* CVE-2022-38023 s3:rpc_server/netlogon: Check for global "server schannel ↵Samuel Cabrero2023-01-231-0/+12
| | | | | | | | | | | | | | require seal" By default we'll now require schannel connections with privacy/sealing/encryption. But we allow exceptions for specific computer/trust accounts. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240 Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit a0b97e262318dc56fe663da89b0ee3172b2e7848)
* CVE-2022-38023 s3:rpc_server/netlogon: make sure all _netr_LogonSamLogon*() ↵Samuel Cabrero2023-01-231-17/+28
| | | | | | | | | | | | calls go through dcesrv_netr_check_schannel() Some checks are also required for _netr_LogonSamLogonEx(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240 Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit ca07f4340ce58a7e940a1123888b7409176412f7)
* CVE-2022-38023 s3:rpc_server/netlogon: Use dcesrv_netr_creds_server_step_check()Samuel Cabrero2023-01-234-165/+58
| | | | | | | | | | After s3 and s4 rpc servers merge we can avoid duplicated code. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240 Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 25300d354c80995997d552581cd91dddaf4bbf48)
* CVE-2022-38023 s4:rpc_server/netlogon: Move schannel and credentials check ↵Samuel Cabrero2023-01-235-546/+644
| | | | | | | | | | | | functions to librpc Will be used later by s3 netlogon server. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240 Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 121e7b0e39478c5291100652ac92c263f406076b)
* CVE-2022-38023 s4:rpc_server:wscript: Reformat following pycodestyleSamuel Cabrero2023-01-231-122/+168
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240 Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit d9e6b490db3ead7e79bb3ff0c1f9ef8ab8bdc65b)
View Lorry Controller Status