The branch, v4-3-stable has been updated
via fa51afd VERSION: Disable git snapshots for the 4.3.12 release.
via 5ed0e07 WHATSNEW: Add release notes for Samba 4.3.12.
via 2017335 s3:libads: don't use MEMORY:ads_sasl_spnego_bind nor set
"KRB5CCNAME"
via d4e019f s3:libads: don't use MEMORY:ads_sasl_gssapi_do_bind nor set
"KRB5CCNAME"
via 532fd56 HEIMDAL:lib/krb5: destroy a memory ccache on reinit
via cdc53e7 autobuild: Use cp --recursive --link --archive
via 69ea4ba s3-printing: fix migrate printer code (bug 8618)
via 8e2589e spoolss: Fix caching of printername->sharename
via af851c2 glusterfs: Avoid tevent_internal.h
via a992329 s3: events. Move events.c to util_event.c
via 51cad54 s3: server: s3_tevent_context_init() ->
samba_tevent_context_init()
via 70edf8c s3: winbind: Remove dump_event_list() calls.
via 0d0339b s3: nmbd: Final changeover to stock tevent for nmbd.
via 4212718 s3: nmbd: Change over to using tevent functions from direct
poll.
via 6b134a8 s3: nmbd: Add a talloc_stackframe().
via 928f281 s3: nmbd: Add (currently unused) timeout and fd handlers.
via 9236d1cf s3: nmbd: Now attrs array mirrors fd's array use it in
preference.
via 0918f18 s3: nmbd: Ensure attrs array mirrors fd's array for dns.
via 447b640 s3: nmbd: Add fd, triggered elements to struct
socket_attributes.
via de63f7d s3:nmbd: fix talloc_zero_array() check in nmbd_packets.c
via 2014c08 s3-spoolss: fix winreg_printer_ver_to_qword
via e0c9067 gencache: Bail out of stabilize if we can not get the
allrecord lock
via 0b0574e lib: poll_funcs : poll_funcs_context_slot_find can select
the wrong slot to replace.
via 5eeeeff lib/poll_funcs: free contexts in
poll_funcs_state_destructor()
via 5992c18 vfs_acl_xattr|tdb: enforced settings when ignore system
acls=yes
via e124785 docs: document vfs_acl_xattr|tdb enforced settings
via 26a2321 vfs_shadow_copy: handle non-existant files and wildcards
via 2a4de13 selftest: test listing directories inside snapshots
via dcf7d85 selftest: check file readability in shadow_copy2 test
via d835679 selftest: add content to files created during shadow_copy2
test
via 6a8400e smbd: Reset O_NONBLOCK on open files
via 5bad77f vfs_acl_common: use DBG_LEVEL and remove function prefixes
in DEBUG statements
via 9995be3 s4/torture: tests for vfs_acl_xattr default ACL styles
via 20728fe vfs_acl_common: Windows style default ACL
via 63d0f96 vfs_acl_xattr|tdb: add option to control default ACL style
via f23bb13 vfs_acl_common: check for ignore_system_acls before
fetching filesystem ACL
via eb770f4 vfs_acl_common: move stat stuff to a helper function
via b6519fd vfs_acl_tdb|xattr: use a config handle
via 7a83147 vfs_acl_common: move the ACL blob validation to a helper
function
via 8da9227 vfs_acl_common: simplify ACL logic, cleanup and talloc
hierarchy
via 9d02bf0 vfs_acl_common: remove redundant NULL assignment
via dbe2cf3 vfs_acl_common: rename pdesc_next to psd_fs
via 9c29eb4 vfs_acl_common: rename psd to psd_blob in
get_nt_acl_internal()
via 2a85826 Revert "vfs_acl_xattr: objects without NT ACL xattr"
via dfb366d smbd: allow reading files based on FILE_EXECUTE access right
via 5847f55 smbd: look only at handle readability for COPYCHUNK dest
via 8262a92 s4-smbtorture: pin copychunk exec right behavior
via 0d6240b seltest: allow opening files with arbitrary rights in
smb2.ioctl tests
via f651500 seltest: implicit FILE_READ_DATA non-reporting
via b941e41 s4-selftest: add test for read access check
via 6b1d5dd s4-selftest: add functions which create with desired access
via 8a0458c s4-smbtorture: use standard macros in smb2.read test
via 08a3ca1 s3: oplock: Fix race condition when closing an oplocked
file.
via 508aef7 smbd: oplock: Factor out internals of remove_oplock() into
new remove_oplock_under_lock().
via 0cc4822 smbd: oplock: Fixup debug messages inside remove_oplock().
via 1557d67 gensec/spnego: work around missing server mechListMIC in
SMB servers
via 9871d27 dbcheck: Abandon dbcheck if we get an error during a
transaction
via 5ee8b79 dsdb: Allow missing a mandatory attribute from a dbcheck fix
via ef5dd8e libgpo: Correctly use the 'server' parameter after parsing
it out of the GPO path.
via 927d2fa s3: libsmb: Protect cli_connect_nb_send() from being passed
a NULL hostname and dest_ss.
via d7280b2 script/release.sh: use 8 byte gpg key ids
via 08978cd ldb-samba: Add "secret" as a value to hide in LDIF files
via dfbc2bc samba-tool/ldapcmp: ignore differences of whenChanged
via f927858 script/autobuild.py: include the branch name in the output
via 83dd544 autobuild: fix typo in autobuild success subject line
via 5bf9c4b autobuild: Return the last 50 log lines
via 5b5b848 autobuild: Give a clearer failure message
via 68d13b1 dbwrap_ctdb: treat empty records in ltdb as non-existing
via f7718e4 s4/torture: add a test for ctdb-tombstrone-record deadlock
via dfa1254 smbd: ignore ctdb tombstone records in
fetch_share_mode_unlocked_parser()
via 15bcc4a ctdb-daemon: Fix CID 1125627 Resource leak (RESOURCE_LEAK)
via 09cbfa6 ctdb-common: Fix CID 1125585 Dereference after null check
(FORWARD_NULL)
via 07f7295 ctdb-common: Fix CID 1125583 Dereference after null check
(FORWARD_NULL)
via 49211ba ctdb-common: Fix CID 1125581 Dereference after null check
(FORWARD_NULL)
via 1f47aa8 ctdb-daemon: Fix CID 1363067 Resource leak (RESOURCE_LEAK)
via 6e36080 ctdb-daemon: Fix CID 1363233 Resource leak (RESOURCE_LEAK)
via 5a864c9 ctdb-utils: Fix CID 1297451 Explicit null dereferenced
(FORWARD_NULL)
via 1d33681 ctdb-common: Consistently use strlcpy() on interface names
via e5d0277 ctdb-common: Fix CID 1125553 Buffer not null terminated
(BUFFER_SIZE_WARNING)
via 32b3c96 ctdb-daemon: Fix CID 1364527/8/9: Null pointer dereferences
(NULL_RETURNS)
via 358c3a0 ctdb-scripts: Fix regression in updateip code
via 5282acf async_req: make async_connect_send() "reentrant"
via cf920bc vfs_acl_xattr: objects without NT ACL xattr
via a6939cf s3/smbd: move make_default_filesystem_acl() to
vfs_acl_common.c
via c25f48b smbd/notifyd: use smbd_reinit_after_fork()
via 21145f3 s3-rpc_server/mdssd: use smbd_reinit_after_fork()
via 0d8feb7 selftest: test idmap backend id allocation for unknown SIDS
via 62e7854 selftest: make autorid the default idmap backend in
admember_rfc2307
via ec073871 winbindd: in wb_lookupsids return domain name if we have it
via 953d3dc winbindd/idmap_rfc2307: fix a crash
via 4594f1c s3:mdssvc: older glib2 versions require g_type_init()
via e60d145 ctdb-common: For AF_PACKET socket types, protocol is in
network order
via f02671a s3: smbd: Fix delete operations enumerating streams inside
a file. This must always be done as a Windows operation.
via 7e2f99c s3: smbd: Change lp_set_posix_pathnames() to take a newval
parameter and return the old one.
via ebcbfe7 s4: ldb: Ignore case of "range" in sscanf as we've already
checked for its presence.
via f73f9f1 param: Correct the defaults for "dcerpc endpoint services"
via a47f896 build: Always build eventlog6. This is not a duplicate of
eventlog
via 1139c8f libads: ensure the right ccache is used during spnego bind
via 0bbf381 libads: ensure the right ccache is used during gssapi bind
via e855e44 auth: fix a memory leak in gssapi_get_session_key()
via c7dd545 s3-libads: fix a memory leak in ads_sasl_spnego_bind()
via 640b75e VERSION: Bump version up to 4.3.12...
via f4729ca Merge tag 'samba-4.3.11' into v4-3-test
via 4e4a706 s3-winbind: Fix memory leak with each cached credential
login
via ff9bd2d build: Enable NTVFS file server to be omitted
via 955f41e build: Build less of Samba when building
--without-ntvfs-fileserver
via 58210c0 libutil: Support systemd 230
via 2d36dca s4/torture: add a test for dosmode and hidden files
via 17dc199 s3/smbd: only use stored dos attributes for
open_match_attributes() check
via daa0150 s3/smbd: make get_ea_dos_attribute() public
via 8ecd8a2 s3/smbd: move check for "hide files" to dos_mode_from_name()
via d728bc4 s3/smbd: call dos_mode_from_name after
get_ea_dos_attribute()
via 4683fd1 s3/smbd: add helper func dos_mode_from_name()
via 3e50d12 dcerpc.idl: remove unused DCERPC_NCACN_PAYLOAD_MAX_SIZE
via c08cccc s4:rpc_server: use a variable for the max total reassembled
request payload
via 89bb48b s4:librpc/rpc: allow a total reassembled response payload
of 240 MBytes
via c2d888c dcerpc.idl: add
DCERPC_NCACN_{REQUEST,RESPONSE}_DEFAULT_MAX_SIZE
via 8fc6760 python/tests: add auth_pad test for the dcerpc raw_protocol
test
via a3bb377 s4:rpc_server: generate the correct error when we got an
invalid auth_pad_length on BIND,ALTER,AUTH3
via 85b9f97 librpc/rpc: ignore invalid auth_pad_length values in BIND,
ALTER and AUTH3 pdus
via 00e571f librpc/rpc: let dcerpc_pull_auth_trailer() check that
auth_pad_length fits within the whole pdu.
via 3861e51 librpc/rpc: let dcerpc_pull_auth_trailer() only accept
auth_length!=NULL or auth_data_only=true
via 7aa85a9 s4:librpc/rpc: don't ask for auth_length if we ask for auth
data only
via b643c92 s4:rpc_server: parse auth data only for BIND,ALTER_REQ,AUTH3
via a04a2ce s3: libsmb: Correctly trim a trailing \ character in
cli_smb2_create_fnum_send() when passing a pathname to SMB2 create.
via f5bb81a s4/dns_server: disable signing of DNS-TKEY responses
via c20c7bf s3: docs: Fix "strict rename" doc to match code.
via 932e8cc s3: smbd: Change semantics of strict rename to search the
file open db.
via 7444aaf libnet: ignore realm setting for domain security joins to
AD domains if 'winbind rpc only = true'
via fed3729 s3-libnet: Print error string even on successfuly
completion of libnetjoin.
via 38c27bf s4: torture: Added raw readX test to ensure 'reserved'
fields are zero.
via 13053f3 s3: smbd: In reply_read_and_X() SMB1 server is overwriting
part of the 'reserved' zero fields with reply data length.
via 1c48e82 s3: smbd: Use common function setup_readX_header() in aio
read code.
via f2dfba8 s3: smbd: Make setup_readX_header() externally accessible
via 080bb0f s3: smbd: Remove unused 'req' argument from
setup_readX_header()
via 58c5338 libnet: make Kerberos domain join site-aware
via 5297368 dsgetdcname: fix flag check
via fb45575 dsgetdcname: return an IP address on rediscovery
via 2b18b8b s3: krb5: keytab - The done label can be jumped to with
context == NULL.
via fd1bccc lib: Fix uninitialized read in msghdr_copy
via 55785c9 VERSION: Bump version up to 4.3.11...
from c7bc017 VERSION: Disable git snapshots for the 4.3.11 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-3-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 115 ++-
auth/gensec/spnego.c | 69 +-
auth/kerberos/gssapi_pac.c | 7 +-
ctdb/client/ctdb_client.c | 4 +
ctdb/common/rb_tree.c | 6 +-
ctdb/common/system_linux.c | 14 +-
ctdb/config/events.d/10.interface | 2 +-
ctdb/server/ctdb_daemon.c | 4 +
ctdb/server/ctdb_logging.c | 9 +-
ctdb/server/ctdb_recover.c | 2 +
ctdb/server/ctdbd.c | 4 +
ctdb/utils/ping_pong/ping_pong.c | 4 +-
docs-xml/manpages/vfs_acl_tdb.8.xml | 49 ++
docs-xml/manpages/vfs_acl_xattr.8.xml | 49 ++
.../smbdotconf/protocol/dcerpcendpointservers.xml | 2 +-
docs-xml/smbdotconf/tuning/strictrename.xml | 15 +-
lib/async_req/async_sock.c | 16 +-
lib/ldb-samba/ldif_handlers.c | 2 +-
lib/param/loadparm.c | 2 +-
lib/util/debug.c | 6 +-
libgpo/gpo_fetch.c | 2 +-
librpc/rpc/dcerpc_util.c | 61 ++
nsswitch/tests/test_idmap_nss.sh | 41 ++
python/pyglue.c | 11 +
python/samba/__init__.py | 1 +
python/samba/dbchecker.py | 7 +
python/samba/netcmd/domain.py | 37 +-
python/samba/netcmd/ldapcmp.py | 2 +-
python/samba/tests/dcerpc/raw_protocol.py | 548 +++++++++++++++
script/autobuild.py | 54 +-
script/release.sh | 12 +-
selftest/knownfail | 4 +
selftest/target/Samba3.pm | 19 +
source3/include/includes.h | 4 +-
source3/include/proto.h | 2 +-
source3/include/smb_macros.h | 8 +
source3/include/{event.h => util_event.h} | 16 +-
source3/lib/dbwrap/dbwrap_ctdb.c | 27 +-
source3/lib/events.c | 486 -------------
source3/lib/gencache.c | 2 +-
source3/lib/msghdr.c | 9 +-
source3/lib/poll_funcs/poll_funcs_tevent.c | 17 +-
source3/lib/server_contexts.c | 2 +-
source3/lib/util_event.c | 101 +++
source3/libads/kerberos_keytab.c | 18 +-
source3/libads/sasl.c | 48 +-
source3/libnet/libnet_join.c | 68 ++
source3/libsmb/cli_smb2_fnum.c | 12 +
source3/libsmb/cliconnect.c | 6 +-
source3/libsmb/dsgetdcname.c | 16 +-
source3/locking/share_mode_lock.c | 6 +
source3/modules/vfs_acl_common.c | 775 ++++++++++++++-------
source3/modules/vfs_acl_tdb.c | 28 +
source3/modules/vfs_acl_xattr.c | 28 +
source3/modules/vfs_glusterfs.c | 1 -
source3/modules/vfs_shadow_copy2.c | 31 +-
source3/nmbd/nmbd_packets.c | 162 +++--
source3/param/loadparm.c | 11 +-
source3/printing/nt_printing_migrate.c | 27 +
source3/rpc_client/cli_winreg_spoolss.c | 7 +-
source3/rpc_server/mdssd.c | 4 +-
source3/rpc_server/mdssvc/mdssvc.c | 5 +-
source3/rpc_server/rpc_ncacn_np.c | 8 +-
source3/rpc_server/spoolss/srv_spoolss_nt.c | 4 +-
source3/script/tests/test_shadow_copy.sh | 96 ++-
source3/selftest/tests.py | 10 +-
source3/smbd/aio.c | 9 +-
source3/smbd/close.c | 20 +-
source3/smbd/dir.c | 2 +-
source3/smbd/dosmode.c | 64 +-
source3/smbd/open.c | 43 +-
source3/smbd/oplock.c | 54 +-
source3/smbd/pipes.c | 1 -
source3/smbd/posix_acls.c | 110 ---
source3/smbd/process.c | 4 +-
source3/smbd/proto.h | 11 +-
source3/smbd/reply.c | 22 +-
source3/smbd/server.c | 3 +-
source3/smbd/smb2_glue.c | 16 +
source3/smbd/smb2_ioctl_network_fs.c | 4 +-
source3/smbd/trans2.c | 2 +-
source3/utils/net_ads.c | 5 +
source3/utils/net_rpc.c | 10 +
source3/winbindd/idmap_rfc2307.c | 4 +-
source3/winbindd/wb_lookupsids.c | 30 +-
source3/winbindd/winbindd_cache.c | 8 +-
source3/winbindd/winbindd_dual.c | 5 +-
source3/wscript_build | 2 +-
source4/dns_server/dns_query.c | 1 -
source4/dsdb/samdb/ldb_modules/objectclass_attrs.c | 9 +-
source4/dsdb/samdb/ldb_modules/ranged_results.c | 8 +-
source4/heimdal/lib/krb5/mcache.c | 52 +-
source4/librpc/rpc/dcerpc.c | 8 +-
source4/ntvfs/posix/posix_eadb.c | 81 ++-
source4/ntvfs/posix/wscript_build | 61 +-
source4/ntvfs/wscript_build | 120 ++--
source4/rpc_server/common/server_info.c | 2 +-
source4/rpc_server/dcerpc_server.c | 13 +-
source4/rpc_server/dcesrv_auth.c | 27 +-
source4/rpc_server/wkssvc/dcesrv_wkssvc.c | 1 -
source4/rpc_server/wscript_build | 15 +-
source4/selftest/tests.py | 5 +-
source4/smb_server/service_smb.c | 4 +-
source4/smb_server/smb/wscript_build | 2 +-
source4/smb_server/smb2/wscript_build | 2 +-
source4/smb_server/wscript_build | 6 +-
source4/smbd/server.c | 4 -
source4/torture/raw/read.c | 44 ++
source4/torture/rpc/rpc.c | 2 +-
source4/torture/smb2/dosmode.c | 183 +++++
source4/torture/smb2/getinfo.c | 45 ++
source4/torture/smb2/ioctl.c | 116 ++-
source4/torture/smb2/lock.c | 64 ++
source4/torture/smb2/read.c | 96 ++-
source4/torture/smb2/smb2.c | 1 +
source4/torture/smb2/util.c | 63 +-
source4/torture/smb2/wscript_build | 2 +-
source4/torture/vfs/acl_xattr.c | 314 +++++++++
source4/torture/vfs/vfs.c | 1 +
source4/torture/wscript_build | 16 +-
testprogs/blackbox/dbcheck-oldrelease.sh | 10 +
wscript | 22 +
123 files changed, 3663 insertions(+), 1393 deletions(-)
create mode 100755 nsswitch/tests/test_idmap_nss.sh
rename source3/include/{event.h => util_event.h} (64%)
delete mode 100644 source3/lib/events.c
create mode 100644 source3/lib/util_event.c
create mode 100644 source4/torture/smb2/dosmode.c
create mode 100644 source4/torture/vfs/acl_xattr.c
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index cb1981f..7ea2879 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=3
-SAMBA_VERSION_RELEASE=11
+SAMBA_VERSION_RELEASE=12
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 0eccb25..b03de04 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,115 @@
==============================
+ Release Notes for Samba 4.3.12
+ November 3, 2016
+ ==============================
+
+
+This is the last bug-fix release of Samba 4.3. There will be only security
+updates beyond this point.
+
+Major enhancements in Samba 4.3.12 include:
+
+o Let winbindd discard expired kerberos tickets when built against
+ (internal) heimdal (BUG #12369).
+o REGRESSION: smbd segfaults on startup, tevent context being freed
+ (BUG #12283).
+
+
+Changes since 4.3.11:
+--------------------
+
+o Jeremy Allison <[email protected]>
+ * BUG 11838: s4: ldb: Ignore case of "range" in sscanf as we've already
+ checked for its presence.
+ * BUG 12021: Fix smbd crash (Signal 4) on File Delete.
+ * BUG 12135: libgpo: Correctly use the 'server' parameter after parsing it
+ out of the GPO path.
+ * BUG 12139: s3: oplock: Fix race condition when closing an oplocked file.
+ * BUG 12272: Fix messaging subsystem crash.
+ * BUG 12283: REGRESSION: smbd segfaults on startup, tevent context being
+ freed.
+
+o Andrew Bartlett <[email protected]>
+ * BUG 12025: param: Correct the defaults for "dcerpc endpoint services".
+ * BUG 12026: build: Always build eventlog6.
+ * BUG 12154: ldb-samba: Add "secret" as a value to hide in LDIF files.
+ * BUG 12178: dbcheck: Abandon dbcheck if we get an error during a
+ transaction.
+
+o Björn Baumbach <[email protected]>
+ * BUG 8618: s3-printing: Fix migrate printer code.
+
+o Ralph Boehme <[email protected]>
+ * BUG 11801: Fix crash in mdssvc with older glib2 versions.
+ * BUG 11961: idmap_autorid allocates ids for unknown SIDs from other
+ backends.
+ * BUG 12005: smbd: Ignore ctdb tombstone records in
+ fetch_share_mode_unlocked_parser().
+ * BUG 12016: cleanupd terminates main smbd on exit.
+ * BUG 12028: vfs_acl_xattr: Objects without NT ACL xattr.
+ * BUG 12105: async_req: Make async_connect_send() "reentrant".
+ * BUG 12177: vfs_acl_common: Fix unexpected synthesized default ACL from
+ vfs_acl_xattr.
+ * BUG 12181: vfs_acl_xattr|tdb: Enforced settings when
+ "ignore system acls = yes".
+
+o Günther Deschner <[email protected]>
+ * BUG 12285: s3-spoolss: Fix winreg_printer_ver_to_qword.
+
+o Amitay Isaacs <[email protected]>
+ * BUG 11770: Reset TCP Connections during IP failover.
+
+o Volker Lendecke <[email protected]>
+ * glusterfs: Avoid tevent_internal.h.
+ * BUG 11994: gensec/spnego: Work around missing server mechListMIC in SMB
+ servers.
+ * BUG 12268: smbd: Reset O_NONBLOCK on open files.
+ * BUG 12374: spoolss: Fix caching of printername->sharename.
+ * BUG 12045: gencache: Bail out of stabilize if we can not get the allrecord
+ lock.
+
+o Stefan Metzmacher <[email protected]>
+ * BUG 12007: libads: Ensure the right ccache is used during spnego bind.
+ * BUG 12129: samba-tool/ldapcmp: Ignore differences of whenChanged.
+ * BUG 12283: REGRESSION: smbd segfaults on startup, tevent context being
+ freed.
+ * BUG 12369: Let winbindd discard expired kerberos tickets when built
against
+ (internal) heimdal.
+
+o Martin Schwenke <[email protected]>
+ * BUG 12106: ctdb-scripts: Fix regression in updateip code.
+ * BUG 12110: ctdb-daemon: Fix several Coverity IDs.
+
+o Uri Simchoni <[email protected]>
+ * BUG 12006: auth: Fix a memory leak in gssapi_get_session_key().
+ * BUG 12149: smbd: Allow reading files based on FILE_EXECUTE access right.
+ * BUG 12172: Fix access of snapshot folders via SMB1.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+ ==============================
Release Notes for Samba 4.3.11
July 07, 2016
==============================
@@ -68,8 +179,8 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
==============================
Release Notes for Samba 4.3.10
diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c
index 6a82b5f..bed5cd2 100644
--- a/auth/gensec/spnego.c
+++ b/auth/gensec/spnego.c
@@ -54,9 +54,11 @@ struct spnego_state {
DATA_BLOB mech_types;
size_t num_targs;
+ bool downgraded;
bool mic_requested;
bool needs_mic_sign;
bool needs_mic_check;
+ bool may_skip_mic_check;
bool done_mic_check;
bool simulate_w2k;
@@ -433,6 +435,7 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct
gensec_security *gensec_
* Indicate the downgrade and request a
* mic.
*/
+ spnego_state->downgraded = true;
spnego_state->mic_requested = true;
break;
}
@@ -1077,7 +1080,7 @@ static NTSTATUS gensec_spnego_update(struct
gensec_security *gensec_security, TA
DEBUG(3,("GENSEC SPNEGO: client preferred mech (%s) not
accepted, server wants: %s\n",
gensec_get_name_by_oid(gensec_security,
spnego_state->neg_oid),
gensec_get_name_by_oid(gensec_security,
spnego.negTokenTarg.supportedMech)));
-
+ spnego_state->downgraded = true;
spnego_state->no_response_expected = false;
talloc_free(spnego_state->sub_sec_security);
nt_status = gensec_subcontext_start(spnego_state,
@@ -1134,6 +1137,23 @@ static NTSTATUS gensec_spnego_update(struct
gensec_security *gensec_security, TA
return NT_STATUS_INVALID_PARAMETER;
}
+ if (spnego.negTokenTarg.mechListMIC.length == 0
+ && spnego_state->may_skip_mic_check) {
+ /*
+ * In this case we don't require
+ * a mechListMIC from the server.
+ *
+ * This works around bugs in the Azure
+ * and Apple spnego implementations.
+ *
+ * See
+ *
https://bugzilla.samba.org/show_bug.cgi?id=11994
+ */
+ spnego_state->needs_mic_check = false;
+ nt_status = NT_STATUS_OK;
+ goto client_response;
+ }
+
nt_status =
gensec_check_packet(spnego_state->sub_sec_security,
spnego_state->mech_types.data,
spnego_state->mech_types.length,
@@ -1189,9 +1209,56 @@ static NTSTATUS gensec_spnego_update(struct
gensec_security *gensec_security, TA
*/
new_spnego = false;
}
+
break;
case SPNEGO_ACCEPT_INCOMPLETE:
+ if (spnego.negTokenTarg.mechListMIC.length > 0)
{
+ new_spnego = true;
+ break;
+ }
+
+ if (spnego_state->downgraded) {
+ /*
+ * A downgrade should be protected if
+ * supported
+ */
+ break;
+ }
+
+ /*
+ * The caller may just asked for
+ * GENSEC_FEATURE_SESSION_KEY, this
+ * is only reflected in the want_features.
+ *
+ * As it will imply
+ * gensec_have_features(GENSEC_FEATURE_SIGN)
+ * to return true.
+ */
+ if (gensec_security->want_features &
GENSEC_FEATURE_SIGN) {
+ break;
+ }
+ if (gensec_security->want_features &
GENSEC_FEATURE_SEAL) {
+ break;
+ }
+ /*
+ * Here we're sure our preferred mech was
+ * selected by the server and our caller doesn't
+ * need GENSEC_FEATURE_SIGN nor
+ * GENSEC_FEATURE_SEAL support.
+ *
+ * In this case we don't require
+ * a mechListMIC from the server.
+ *
+ * This works around bugs in the Azure
+ * and Apple spnego implementations.
+ *
+ * See
+ *
https://bugzilla.samba.org/show_bug.cgi?id=11994
+ */
+ spnego_state->may_skip_mic_check = true;
+ break;
+
case SPNEGO_REQUEST_MIC:
if (spnego.negTokenTarg.mechListMIC.length > 0)
{
new_spnego = true;
diff --git a/auth/kerberos/gssapi_pac.c b/auth/kerberos/gssapi_pac.c
index c6fa909..495d2dd 100644
--- a/auth/kerberos/gssapi_pac.c
+++ b/auth/kerberos/gssapi_pac.c
@@ -238,6 +238,7 @@ NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx,
int diflen, i;
const uint8_t *p;
+ *keytype = 0;
if (set->count < 2) {
#ifdef HAVE_GSSKRB5_GET_SUBKEY
@@ -248,10 +249,6 @@ NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx,
if (gss_maj == 0) {
*keytype = KRB5_KEY_TYPE(subkey);
krb5_free_keyblock(NULL /* should be
krb5_context */, subkey);
- } else
-#else
- {
- *keytype = 0;
}
#endif
gss_maj = gss_release_buffer_set(&gss_min, &set);
@@ -262,7 +259,6 @@ NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx,
gse_sesskeytype_oid.elements,
gse_sesskeytype_oid.length) != 0) {
/* Perhaps a non-krb5 session key */
- *keytype = 0;
gss_maj = gss_release_buffer_set(&gss_min, &set);
return NT_STATUS_OK;
}
@@ -272,7 +268,6 @@ NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx,
gss_maj = gss_release_buffer_set(&gss_min, &set);
return NT_STATUS_INVALID_PARAMETER;
}
- *keytype = 0;
for (i = 0; i < diflen; i++) {
*keytype = (*keytype << 7) | (p[i] & 0x7f);
if (i + 1 != diflen && (p[i] & 0x80) == 0) {
diff --git a/ctdb/client/ctdb_client.c b/ctdb/client/ctdb_client.c
index 7bffefe..906d418 100644
--- a/ctdb/client/ctdb_client.c
+++ b/ctdb/client/ctdb_client.c
@@ -4383,6 +4383,10 @@ int switch_from_server_to_client(struct ctdb_context
*ctdb, const char *fmt, ...
/* get a new event context */
ctdb->ev = event_context_init(ctdb);
+ if (ctdb->ev == NULL) {
+ DEBUG(DEBUG_ALERT,("tevent_context_init() failed\n"));
+ exit(1);
+ }
tevent_loop_allow_nesting(ctdb->ev);
/* Connect to main CTDB daemon */
diff --git a/ctdb/common/rb_tree.c b/ctdb/common/rb_tree.c
index 6b131bc..18418f3 100644
--- a/ctdb/common/rb_tree.c
+++ b/ctdb/common/rb_tree.c
@@ -210,21 +210,21 @@ static inline int trbt_get_color_right(trbt_node_t *node)
/* setting a NULL node to black is a nop */
static inline void trbt_set_color(trbt_node_t *node, int color)
{
- if ( (node==NULL) && (color==TRBT_BLACK) ) {
+ if (node == NULL) {
return;
}
node->rb_color = color;
}
static inline void trbt_set_color_left(trbt_node_t *node, int color)
{
- if ( ((node==NULL)||(node->left==NULL)) && (color==TRBT_BLACK) ) {
+ if (node == NULL || node->left == NULL) {
return;
}
node->left->rb_color = color;
}
static inline void trbt_set_color_right(trbt_node_t *node, int color)
{
- if ( ((node==NULL)||(node->right==NULL)) && (color==TRBT_BLACK) ) {
+ if (node == NULL || node->right == NULL) {
return;
}
node->right->rb_color = color;
diff --git a/ctdb/common/system_linux.c b/ctdb/common/system_linux.c
index 2e58853..5995cb2 100644
--- a/ctdb/common/system_linux.c
+++ b/ctdb/common/system_linux.c
@@ -93,7 +93,7 @@ int ctdb_sys_send_arp(const ctdb_sock_addr *addr, const char
*iface)
switch (addr->ip.sin_family) {
case AF_INET:
- s = socket(AF_PACKET, SOCK_RAW, ETHERTYPE_ARP);
+ s = socket(AF_PACKET, SOCK_RAW, 0);
if (s == -1){
DEBUG(DEBUG_CRIT,(__location__ " failed to open raw
socket\n"));
return -1;
@@ -108,7 +108,7 @@ int ctdb_sys_send_arp(const ctdb_sock_addr *addr, const
char *iface)
}
/* get the mac address */
- strncpy(if_hwaddr.ifr_name, iface,
sizeof(if_hwaddr.ifr_name)-1);
+ strlcpy(if_hwaddr.ifr_name, iface, sizeof(if_hwaddr.ifr_name));
ret = ioctl(s, SIOCGIFHWADDR, &if_hwaddr);
if ( ret < 0 ) {
close(s);
@@ -187,14 +187,14 @@ int ctdb_sys_send_arp(const ctdb_sock_addr *addr, const
char *iface)
close(s);
break;
case AF_INET6:
- s = socket(AF_PACKET, SOCK_RAW, ETHERTYPE_ARP);
+ s = socket(AF_PACKET, SOCK_RAW, 0);
if (s == -1){
DEBUG(DEBUG_CRIT,(__location__ " failed to open raw
socket\n"));
return -1;
}
DEBUG(DEBUG_DEBUG, (__location__ " Created SOCKET FD:%d for
sending arp\n", s));
- strncpy(ifr.ifr_name, iface, sizeof(ifr.ifr_name));
+ strlcpy(ifr.ifr_name, iface, sizeof(ifr.ifr_name));
if (ioctl(s, SIOCGIFINDEX, &ifr) < 0) {
DEBUG(DEBUG_CRIT,(__location__ " interface '%s' not
found\n", iface));
close(s);
@@ -202,7 +202,7 @@ int ctdb_sys_send_arp(const ctdb_sock_addr *addr, const
char *iface)
}
/* get the mac address */
- strncpy(if_hwaddr.ifr_name, iface,
sizeof(if_hwaddr.ifr_name)-1);
+ strlcpy(if_hwaddr.ifr_name, iface, sizeof(if_hwaddr.ifr_name));
ret = ioctl(s, SIOCGIFHWADDR, &if_hwaddr);
if ( ret < 0 ) {
close(s);
@@ -447,7 +447,7 @@ int ctdb_sys_open_capture_socket(const char *iface, void
**private_data)
int s;
/* Open a socket to capture all traffic */
- s = socket(AF_PACKET, SOCK_RAW, ETH_P_ALL);
+ s = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
if (s == -1) {
DEBUG(DEBUG_CRIT,(__location__ " failed to open raw socket\n"));
return -1;
@@ -575,7 +575,7 @@ bool ctdb_sys_check_iface_exists(const char *iface)
return true;
}
- strncpy(ifr.ifr_name, iface, sizeof(ifr.ifr_name)-1);
+ strlcpy(ifr.ifr_name, iface, sizeof(ifr.ifr_name));
if (ioctl(s, SIOCGIFINDEX, &ifr) < 0 && errno == ENODEV) {
DEBUG(DEBUG_CRIT,(__location__ " interface '%s' not found\n",
iface));
close(s);
diff --git a/ctdb/config/events.d/10.interface
b/ctdb/config/events.d/10.interface
index acc0fc8..063f091 100755
--- a/ctdb/config/events.d/10.interface
+++ b/ctdb/config/events.d/10.interface
@@ -291,7 +291,7 @@ case "$1" in
_ip=$4
_maskbits=$5
- get_iface_ip_maskbits_family "$_oiface" "$ip" "$maskbits"
+ get_iface_ip_maskbits_family "$_oiface" "$_ip" "$_maskbits"
oiface="$iface"
# we do an extra delete to cope with the script being killed
diff --git a/ctdb/server/ctdb_daemon.c b/ctdb/server/ctdb_daemon.c
index ac2db75..6d7edc2 100644
--- a/ctdb/server/ctdb_daemon.c
+++ b/ctdb/server/ctdb_daemon.c
@@ -1241,6 +1241,10 @@ int ctdb_start_daemon(struct ctdb_context *ctdb, bool
do_fork)
}
ctdb->ev = event_context_init(NULL);
+ if (ctdb->ev == NULL) {
+ DEBUG(DEBUG_ALERT,("tevent_context_init() failed\n"));
+ exit(1);
+ }
tevent_loop_allow_nesting(ctdb->ev);
tevent_set_trace_callback(ctdb->ev, ctdb_tevent_trace, ctdb);
ret = ctdb_init_tevent_logging(ctdb);
diff --git a/ctdb/server/ctdb_logging.c b/ctdb/server/ctdb_logging.c
index 129bdc9..a72d8bf 100644
--- a/ctdb/server/ctdb_logging.c
+++ b/ctdb/server/ctdb_logging.c
@@ -269,9 +269,14 @@ int ctdb_set_child_logging(struct ctdb_context *ctdb)
/* We'll fail if stderr/stdout not already open; it's simpler. */
old_stdout = dup(STDOUT_FILENO);
+ if (old_stdout < 0) {
+ DEBUG(DEBUG_ERR, ("Failed to dup stdout for child logging\n"));
+ return -1;
+ }
old_stderr = dup(STDERR_FILENO);
- if (old_stdout < 0 || old_stderr < 0) {
- DEBUG(DEBUG_ERR, ("Failed to dup stdout/stderr for child
logging\n"));
+ if (old_stderr < 0) {
+ DEBUG(DEBUG_ERR, ("Failed to dup stderr for child logging\n"));
+ close(old_stdout);
return -1;
}
if (dup2(p[1], STDOUT_FILENO) < 0 || dup2(p[1], STDERR_FILENO) < 0) {
diff --git a/ctdb/server/ctdb_recover.c b/ctdb/server/ctdb_recover.c
index 23f793b..1007f9c 100644
--- a/ctdb/server/ctdb_recover.c
+++ b/ctdb/server/ctdb_recover.c
@@ -1008,6 +1008,7 @@ int32_t ctdb_control_try_delete_records(struct
ctdb_context *ctdb, TDB_DATA inda
if (data.dsize < sizeof(struct ctdb_ltdb_header)) {
DEBUG(DEBUG_CRIT,(__location__ " bad ltdb record in
indata\n"));
+ talloc_free(records);
return -1;
}
@@ -1200,6 +1201,7 @@ int32_t ctdb_control_receive_records(struct ctdb_context
*ctdb,
if (data.dsize < sizeof(struct ctdb_ltdb_header)) {
DEBUG(DEBUG_CRIT, (__location__ " bad ltdb record "
"in indata\n"));
+ talloc_free(records);
return -1;
}
diff --git a/ctdb/server/ctdbd.c b/ctdb/server/ctdbd.c
index ec285c0..bb15ea3 100644
--- a/ctdb/server/ctdbd.c
+++ b/ctdb/server/ctdbd.c
@@ -164,6 +164,10 @@ int main(int argc, const char *argv[])
fault_setup();
ev = event_context_init(NULL);
+ if (ev == NULL) {
+ DEBUG(DEBUG_ALERT,("tevent_context_init() failed\n"));
+ exit(1);
+ }
tevent_loop_allow_nesting(ev);
ctdb = ctdb_cmdline_init(ev);
diff --git a/ctdb/utils/ping_pong/ping_pong.c b/ctdb/utils/ping_pong/ping_pong.c
index fdb575d..aec3ff0 100644
--- a/ctdb/utils/ping_pong/ping_pong.c
+++ b/ctdb/utils/ping_pong/ping_pong.c
@@ -141,7 +141,9 @@ static void ping_pong(int fd, int num_locks)
val = (unsigned char *)calloc(num_locks+1, sizeof(unsigned char));
if (val == NULL) {
printf("calloc failed\n");
- munmap(p, num_locks+1);
--
Samba Shared Repository
