The branch, v4-14-stable has been updated via def81d0a59d VERSION: Disable GIT_SNAPSHOT for the 4.14.3 release. via 794e1610385 WHATSNEW: Add release notes for Samba 4.14.3. via 1cf726dd52f build: Notice if flex is missing at configure time via b74a079a202 s3-iremotewinspool: set the per-request memory context via 12bfc430063 build: Only add -Wl,--as-needed when supported via 0662726974b s3: smbd: fix deferred renames via f5bb7a55018 s4: torture. Add smb2.lease.rename_wait test to reproduce regression in delay rename for lease break code. via e85d111f54f rpc_server3: Fix a memleak for internal pipes via ed30ce7aa0c spools: avoid leaking memory into the callers mem_ctx via 55c76604ca2 pidl: set the per-request memory context in the pidl generator via 051585ef361 smbd: free open_rec state in remove_deferred_open_message_smb2_internal() via ebec84c886e smbd: cancel pending poll open timer in poll_open_done() via da71738e987 smbd: reset dangling watch_req pointer in poll_open_done via 288c7472083 s3:modules:vfs_virusfilter: Recent New_VFS changes break vfs_virusfilter_openat. via a164468a406 samba-gpupdate: Check sysvol download paths in case-insensitive way via 702e0c55989 samba-gpupdate: Test that sysvol paths download in case-insensitive way via 231342faf2f idmap_nss: Do not return SID from unixids_to_sids on type mismatch via 7628a27a96b idmap_rfc2307: Do not return SID from unixids_to_sids on type mismatch via e7b1ee061ea winbind: Only use unixid2sid mapping when module reports ID_MAPPED via 6b8226b7355 smbd: Ensure errno is preserved across fsp destructor via a0862d6d6de third_party: Update socket_wrapper to version 1.3.3 via ed3c83a7f8c third_party: Update socket_wrapper to version 1.3.2 via 6e981465fce VERSION: Bump version up to 4.14.2... via 3dceb3ac569 Merge tag 'samba-4.14.2' into v4-14-test via 3fa3608e8f0 VERSION: Bump version up to 4.14.1... from 5b5f4deb88a WHATSNEW: Add release notes for Samba 4.14.2.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-stable - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 76 +- buildtools/wafsamba/samba_third_party.py | 2 +- pidl/lib/Parse/Pidl/Samba4/NDR/ServerCompat.pm | 2 + python/samba/gpclass.py | 5 +- python/samba/tests/gpo.py | 10 + source3/modules/vfs_virusfilter.c | 8 +- source3/rpc_server/rpc_handles.c | 6 - source3/rpc_server/rpc_ncacn_np.c | 2 +- source3/rpc_server/spoolss/srv_iremotewinspool.c | 2 + source3/rpc_server/spoolss/srv_spoolss_nt.c | 6 +- source3/smbd/files.c | 3 + source3/smbd/open.c | 3 + source3/smbd/smb2_create.c | 1 + source3/smbd/smb2_setinfo.c | 1 + source3/winbindd/idmap_nss.c | 6 +- source3/winbindd/idmap_rfc2307.c | 4 +- source3/winbindd/winbindd_dual_srv.c | 8 +- source3/wscript | 9 - source4/torture/smb2/lease.c | 145 ++ third_party/socket_wrapper/socket_wrapper.c | 1710 ++++++++++++++++++---- third_party/socket_wrapper/socket_wrapper.h | 89 ++ third_party/socket_wrapper/wscript | 8 +- wscript | 19 +- wscript_configure_embedded_heimdal | 3 + 25 files changed, 1802 insertions(+), 328 deletions(-) create mode 100644 third_party/socket_wrapper/socket_wrapper.h Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index a1b3f67bdd1..fbdb45a2349 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ ######################################################## SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=14 -SAMBA_VERSION_RELEASE=2 +SAMBA_VERSION_RELEASE=3 ######################################################## # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 1ef1779c841..71eff9a756c 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,76 @@ + ============================== + Release Notes for Samba 4.14.3 + April 20, 2021 + ============================== + + +This is the latest stable release of the Samba 4.14 release series. + + +Changes since 4.14.2 +-------------------- + +o Trever L. Adams <trever.ad...@gmail.com> + * BUG 14671: s3:modules:vfs_virusfilter: Recent New_VFS changes break + vfs_virusfilter_openat. + +o Andrew Bartlett <abart...@samba.org> + * BUG 14586: build: Notice if flex is missing at configure time. + +o Ralph Boehme <s...@samba.org> + * BUG 14672: Fix smbd panic when two clients open same file. + * BUG 14675: Fix memory leak in the RPC server. + * BUG 14679: s3: smbd: fix deferred renames. + +o Samuel Cabrero <scabr...@samba.org> + * BUG 14675: s3-iremotewinspool: Set the per-request memory context. + +o Volker Lendecke <v...@samba.org> + * BUG 14675: Fix memory leak in the RPC server. + +o Stefan Metzmacher <me...@samba.org> + * BUG 11899: third_party: Update socket_wrapper to version 1.3.2. + * BUG 14640: third_party: Update socket_wrapper to version 1.3.3. + +o David Mulder <dmul...@suse.com> + * BUG 14665: samba-gpupdate: Test that sysvol paths download in + case-insensitive way. + +o Sachin Prabhu <spra...@redhat.com> + * BUG 14662: smbd: Ensure errno is preserved across fsp destructor. + +o Christof Schmitt <c...@samba.org> + * BUG 14663: idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid + conflict. + +o Martin Schwenke <mar...@meltin.net> + * BUG 14288: build: Only add -Wl,--as-needed when supported. + + +####################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +Release notes for older releases follow: +---------------------------------------- + + ============================== Release Notes for Samba 4.14.2 March 24, 2021 @@ -55,8 +128,7 @@ database (https://bugzilla.samba.org/). ====================================================================== -Release notes for older releases follow: ----------------------------------------- +---------------------------------------------------------------------- ============================== diff --git a/buildtools/wafsamba/samba_third_party.py b/buildtools/wafsamba/samba_third_party.py index bc2b21f2a55..1c027cb6870 100644 --- a/buildtools/wafsamba/samba_third_party.py +++ b/buildtools/wafsamba/samba_third_party.py @@ -24,7 +24,7 @@ Build.BuildContext.CHECK_CMOCKA = CHECK_CMOCKA @conf def CHECK_SOCKET_WRAPPER(conf): - return conf.CHECK_BUNDLED_SYSTEM_PKG('socket_wrapper', minversion='1.2.5') + return conf.CHECK_BUNDLED_SYSTEM_PKG('socket_wrapper', minversion='1.3.3') Build.BuildContext.CHECK_SOCKET_WRAPPER = CHECK_SOCKET_WRAPPER @conf diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/ServerCompat.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/ServerCompat.pm index 54feea0a9ef..d1368c3dbca 100644 --- a/pidl/lib/Parse/Pidl/Samba4/NDR/ServerCompat.pm +++ b/pidl/lib/Parse/Pidl/Samba4/NDR/ServerCompat.pm @@ -299,6 +299,7 @@ sub boilerplate_iface($) $self->pidl("/* Update pipes struct opnum */"); $self->pidl("p->opnum = opnum;"); $self->pidl("p->dce_call = dce_call;"); + $self->pidl("p->mem_ctx = mem_ctx;"); $self->pidl("/* Update pipes struct session info */"); $self->pidl("pipe_session_info = p->session_info;"); $self->pidl("p->session_info = dce_call->auth_state->session_info;"); @@ -344,6 +345,7 @@ sub boilerplate_iface($) $self->pidl(""); $self->pidl("p->dce_call = NULL;"); + $self->pidl("p->mem_ctx = NULL;"); $self->pidl("/* Restore session info */"); $self->pidl("p->session_info = pipe_session_info;"); $self->pidl("p->auth.auth_type = 0;"); diff --git a/python/samba/gpclass.py b/python/samba/gpclass.py index 1b29711f245..838ef50ac3c 100644 --- a/python/samba/gpclass.py +++ b/python/samba/gpclass.py @@ -393,8 +393,9 @@ def cache_gpo_dir(conn, cache, sub_dir): def check_safe_path(path): dirs = re.split('/|\\\\', path) - if 'sysvol' in path: - dirs = dirs[dirs.index('sysvol') + 1:] + if 'sysvol' in path.lower(): + ldirs = re.split('/|\\\\', path.lower()) + dirs = dirs[ldirs.index('sysvol') + 1:] if '..' not in dirs: return os.path.join(*dirs) raise OSError(path) diff --git a/python/samba/tests/gpo.py b/python/samba/tests/gpo.py index a0dce8d96d7..0afc2091b3e 100644 --- a/python/samba/tests/gpo.py +++ b/python/samba/tests/gpo.py @@ -181,6 +181,16 @@ class GPOTests(tests.TestCase): self.assertEqual(result, after, 'check_safe_path() didn\'t' ' correctly convert \\ to /') + def test_check_safe_path_typesafe_name(self): + path = '\\\\toady.suse.de\\SysVol\\toady.suse.de\\Policies\\' \ + '{31B2F340-016D-11D2-945F-00C04FB984F9}\\GPT.INI' + expected_path = 'toady.suse.de/Policies/' \ + '{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI' + + result = check_safe_path(path) + self.assertEqual(result, expected_path, + 'check_safe_path unable to detect variable case sysvol components') + def test_gpt_ext_register(self): this_path = os.path.dirname(os.path.realpath(__file__)) samba_path = os.path.realpath(os.path.join(this_path, '../../../')) diff --git a/source3/modules/vfs_virusfilter.c b/source3/modules/vfs_virusfilter.c index c9f5e2bf908..524e7dfbad9 100644 --- a/source3/modules/vfs_virusfilter.c +++ b/source3/modules/vfs_virusfilter.c @@ -1238,11 +1238,7 @@ static int virusfilter_vfs_openat(struct vfs_handle_struct *handle, bool ok1; char *sret = NULL; struct smb_filename *smb_fname = NULL; - - /* - * For now assert this, so SMB_VFS_NEXT_STAT() below works. - */ - SMB_ASSERT(fsp_get_pathref_fd(dirfsp) == AT_FDCWD); + SMB_STRUCT_STAT sbuf = smb_fname_in->st; SMB_VFS_HANDLE_GET_DATA(handle, config, struct virusfilter_config, return -1); @@ -1284,7 +1280,7 @@ static int virusfilter_vfs_openat(struct vfs_handle_struct *handle, goto virusfilter_vfs_open_next; } - ret = SMB_VFS_NEXT_STAT(handle, smb_fname); + ret = SMB_VFS_NEXT_FSTAT(handle, fsp, &sbuf); if (ret != 0) { /* diff --git a/source3/rpc_server/rpc_handles.c b/source3/rpc_server/rpc_handles.c index 45968746440..9ef93231466 100644 --- a/source3/rpc_server/rpc_handles.c +++ b/source3/rpc_server/rpc_handles.c @@ -60,12 +60,6 @@ int make_base_pipes_struct(TALLOC_CTX *mem_ctx, return ENOMEM; } - p->mem_ctx = talloc_named(p, 0, "pipe %s %p", pipe_name, p); - if (!p->mem_ctx) { - talloc_free(p); - return ENOMEM; - } - p->msg_ctx = msg_ctx; p->transport = transport; diff --git a/source3/rpc_server/rpc_ncacn_np.c b/source3/rpc_server/rpc_ncacn_np.c index 9ba271c2479..494b002e714 100644 --- a/source3/rpc_server/rpc_ncacn_np.c +++ b/source3/rpc_server/rpc_ncacn_np.c @@ -476,7 +476,7 @@ static struct tevent_req *rpcint_bh_raw_call_send(TALLOC_CTX *mem_ctx, return tevent_req_post(req, ev); } - state->call = talloc_zero(hs->conn, struct dcesrv_call_state); + state->call = talloc_zero(state, struct dcesrv_call_state); if (tevent_req_nomem(state->call, req)) { return tevent_req_post(req, ev); } diff --git a/source3/rpc_server/spoolss/srv_iremotewinspool.c b/source3/rpc_server/spoolss/srv_iremotewinspool.c index 26b225818f8..d6a983c722a 100644 --- a/source3/rpc_server/spoolss/srv_iremotewinspool.c +++ b/source3/rpc_server/spoolss/srv_iremotewinspool.c @@ -100,6 +100,7 @@ static NTSTATUS iremotewinspool__op_dispatch_internal(struct dcesrv_call_state * /* Update pipes struct opnum */ p->opnum = opnum; p->dce_call = dce_call; + p->mem_ctx = mem_ctx; /* Update pipes struct session info */ pipe_session_info = p->session_info; p->session_info = dce_call->auth_state->session_info; @@ -1238,6 +1239,7 @@ fail: } p->dce_call = NULL; + p->mem_ctx = NULL; /* Restore session info */ p->session_info = pipe_session_info; p->auth.auth_type = 0; diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c index d20c19d5271..24ea7367ec8 100644 --- a/source3/rpc_server/spoolss/srv_spoolss_nt.c +++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c @@ -5731,7 +5731,8 @@ static WERROR construct_printer_driver_info_level(TALLOC_CTX *mem_ctx, } if (pinfo2->drivername == NULL || pinfo2->drivername[0] == '\0') { - return WERR_UNKNOWN_PRINTER_DRIVER; + result = WERR_UNKNOWN_PRINTER_DRIVER; + goto done; } DBG_INFO("Construct printer driver [%s] for [%s]\n", @@ -7023,7 +7024,8 @@ static WERROR update_printer(struct pipes_struct *p, raddr = tsocket_address_inet_addr_string(p->remote_address, p->mem_ctx); if (raddr == NULL) { - return WERR_NOT_ENOUGH_MEMORY; + result = WERR_NOT_ENOUGH_MEMORY; + goto done; } /* add_printer_hook() will call reload_services() */ diff --git a/source3/smbd/files.c b/source3/smbd/files.c index f60d5979f53..d9fd2b8ea86 100644 --- a/source3/smbd/files.c +++ b/source3/smbd/files.c @@ -358,10 +358,12 @@ static int smb_fname_fsp_destructor(struct smb_filename *smb_fname) { struct files_struct *fsp = smb_fname->fsp; NTSTATUS status; + int saved_errno = errno; destroy_fsp_smb_fname_link(&smb_fname->fsp_link); if (fsp == NULL) { + errno = saved_errno; return 0; } @@ -380,6 +382,7 @@ static int smb_fname_fsp_destructor(struct smb_filename *smb_fname) file_free(NULL, fsp); smb_fname->fsp = NULL; + errno = saved_errno; return 0; } diff --git a/source3/smbd/open.c b/source3/smbd/open.c index b82eb2f02b9..87c14bb4367 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -3040,6 +3040,9 @@ static void poll_open_done(struct tevent_req *subreq) status = share_mode_watch_recv(subreq, NULL, NULL); TALLOC_FREE(subreq); + open_rec->watch_req = NULL; + TALLOC_FREE(open_rec->te); + DBG_DEBUG("dbwrap_watched_watch_recv returned %s\n", nt_errstr(status)); diff --git a/source3/smbd/smb2_create.c b/source3/smbd/smb2_create.c index 2dd3745dd32..8ff57c94aa0 100644 --- a/source3/smbd/smb2_create.c +++ b/source3/smbd/smb2_create.c @@ -1714,6 +1714,7 @@ static void remove_deferred_open_message_smb2_internal(struct smbd_smb2_request state->open_was_deferred = false; /* Ensure we don't have any outstanding immediate event. */ TALLOC_FREE(state->im); + TALLOC_FREE(state->open_rec); } void remove_deferred_open_message_smb2( diff --git a/source3/smbd/smb2_setinfo.c b/source3/smbd/smb2_setinfo.c index 646e009a746..e490596a2e0 100644 --- a/source3/smbd/smb2_setinfo.c +++ b/source3/smbd/smb2_setinfo.c @@ -214,6 +214,7 @@ static bool delay_rename_lease_break_fn( return false; } + state->delay = true; break_to = (e_lease_type & ~SMB2_LEASE_HANDLE); send_break_message( diff --git a/source3/winbindd/idmap_nss.c b/source3/winbindd/idmap_nss.c index 9e1efefeb24..da50e2b4aa7 100644 --- a/source3/winbindd/idmap_nss.c +++ b/source3/winbindd/idmap_nss.c @@ -25,6 +25,7 @@ #include "nsswitch/winbind_client.h" #include "idmap.h" #include "lib/winbind_util.h" +#include "libcli/security/dom_sid.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_IDMAP @@ -55,6 +56,7 @@ static NTSTATUS idmap_nss_unixids_to_sids(struct idmap_domain *dom, struct id_ma struct passwd *pw; struct group *gr; const char *name; + struct dom_sid sid; enum lsa_SidType type; bool ret; @@ -86,7 +88,7 @@ static NTSTATUS idmap_nss_unixids_to_sids(struct idmap_domain *dom, struct id_ma the following call will not recurse so this is safe */ (void)winbind_on(); /* Lookup name from PDC using lsa_lookup_names() */ - ret = winbind_lookup_name(dom->name, name, ids[i]->sid, &type); + ret = winbind_lookup_name(dom->name, name, &sid, &type); (void)winbind_off(); if (!ret) { @@ -99,6 +101,7 @@ static NTSTATUS idmap_nss_unixids_to_sids(struct idmap_domain *dom, struct id_ma switch (type) { case SID_NAME_USER: if (ids[i]->xid.type == ID_TYPE_UID) { + sid_copy(ids[i]->sid, &sid); ids[i]->status = ID_MAPPED; } break; @@ -107,6 +110,7 @@ static NTSTATUS idmap_nss_unixids_to_sids(struct idmap_domain *dom, struct id_ma case SID_NAME_ALIAS: case SID_NAME_WKN_GRP: if (ids[i]->xid.type == ID_TYPE_GID) { + sid_copy(ids[i]->sid, &sid); ids[i]->status = ID_MAPPED; } break; diff --git a/source3/winbindd/idmap_rfc2307.c b/source3/winbindd/idmap_rfc2307.c index 05259bf8344..4870ca30485 100644 --- a/source3/winbindd/idmap_rfc2307.c +++ b/source3/winbindd/idmap_rfc2307.c @@ -229,6 +229,7 @@ static void idmap_rfc2307_map_sid_results(struct idmap_rfc2307_context *ctx, for (i = 0; i < count; i++) { char *name; + struct dom_sid sid; enum lsa_SidType lsa_type; struct id_map *map; uint32_t id; @@ -277,7 +278,7 @@ static void idmap_rfc2307_map_sid_results(struct idmap_rfc2307_context *ctx, the following call will not recurse so this is safe */ (void)winbind_on(); /* Lookup name from PDC using lsa_lookup_names() */ - b = winbind_lookup_name(dom_name, name, map->sid, &lsa_type); + b = winbind_lookup_name(dom_name, name, &sid, &lsa_type); (void)winbind_off(); if (!b) { @@ -301,6 +302,7 @@ static void idmap_rfc2307_map_sid_results(struct idmap_rfc2307_context *ctx, } map->status = ID_MAPPED; + sid_copy(map->sid, &sid); } } diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c index ffd7bb957b2..32d11e1fa57 100644 --- a/source3/winbindd/winbindd_dual_srv.c +++ b/source3/winbindd/winbindd_dual_srv.c @@ -283,8 +283,12 @@ NTSTATUS _wbint_UnixIDs2Sids(struct pipes_struct *p, } for (i=0; i<r->in.num_ids; i++) { - r->out.xids[i] = maps[i]->xid; - sid_copy(&r->out.sids[i], maps[i]->sid); + if (maps[i]->status == ID_MAPPED) { + r->out.xids[i] = maps[i]->xid; + sid_copy(&r->out.sids[i], maps[i]->sid); + } else { + r->out.sids[i] = (struct dom_sid) { 0 }; + } } TALLOC_FREE(maps); diff --git a/source3/wscript b/source3/wscript index ba02a3586b9..adc31ce57b8 100644 --- a/source3/wscript +++ b/source3/wscript @@ -1838,15 +1838,6 @@ main() { define=None, on_target=False) - Logs.info("Checking for flex") - conf.find_program('flex', var='FLEX') - if conf.env['FLEX']: - conf.env.FLEXFLAGS = ['-t'] - conf.CHECK_COMMAND('%s --version' % conf.env.FLEX[0], - msg='Using flex version', - define=None, - on_target=False) - with_spotlight_tracker_backend = ( conf.CONFIG_SET('HAVE_TRACKER') and conf.CONFIG_SET('HAVE_GLIB') diff --git a/source4/torture/smb2/lease.c b/source4/torture/smb2/lease.c index d3b8daea310..824db95a4b5 100644 --- a/source4/torture/smb2/lease.c +++ b/source4/torture/smb2/lease.c @@ -3722,6 +3722,148 @@ static bool test_lease_timeout(struct torture_context *tctx, return ret; } +static bool test_lease_rename_wait(struct torture_context *tctx, + struct smb2_tree *tree) +{ + TALLOC_CTX *mem_ctx = talloc_new(tctx); + struct smb2_create io; + struct smb2_lease ls1; + struct smb2_lease ls2; + struct smb2_lease ls3; + struct smb2_handle h1 = {{0}}; + struct smb2_handle h2 = {{0}}; + struct smb2_handle h3 = {{0}}; + union smb_setfileinfo sinfo; + NTSTATUS status; + const char *fname_src = "lease_rename_src.dat"; + const char *fname_dst = "lease_rename_dst.dat"; + bool ret = true; + struct smb2_lease_break_ack ack = {}; + struct smb2_request *rename_req = NULL; + uint32_t caps; + unsigned int i; + + caps = smb2cli_conn_server_capabilities(tree->session->transport->conn); + if (!(caps & SMB2_CAP_LEASING)) { + torture_skip(tctx, "leases are not supported"); + } + + smb2_util_unlink(tree, fname_src); + smb2_util_unlink(tree, fname_dst); + + /* Short timeout for fails. */ + tree->session->transport->options.request_timeout = 15; + + /* Grab a RH lease. */ + smb2_lease_create(&io, + &ls1, + false, + fname_src, + LEASE1, + smb2_util_lease_state("RH")); + status = smb2_create(tree, mem_ctx, &io); + CHECK_STATUS(status, NT_STATUS_OK); + CHECK_CREATED(&io, CREATED, FILE_ATTRIBUTE_ARCHIVE); -- Samba Shared Repository