The branch, v4-13-stable has been updated via 2119f9f9f66 VERSION: Disable GIT_SNAPSHOT for the 4.13.11 release. via 14acad25bd2 WHATSNEW: Add release notes for Samba 4.13.11. via 20ef0b16ed3 registry: check for running as root in clustering mode via 16fc7a12aca s3/lib/dbwrap: check if global_messaging_context() succeeded via 6be92d44bb7 s3/rpc_server: track the number of policy handles with a talloc destructor via f25f3118593 selftest: add a test for the "deadtime" parameter via 23ce76e94e8 s3:libsmb: start encryption as soon as possible after the session setup via 7c9aabe2dd0 s3: smbd: For FSCTL calls that go async, add the outstanding tevent_reqs to the aio list on the file handle. via aa64f02ca94 configure: Do not put arguments into double quotes via 97c6d6fee8a smbd: return correct timestamps for quota fake file via a3dea8a0d08 smbd: handle fake file handles in dos_mode() via 7ecf1650661 smbtorture: verify attributes on fake quota file handle via 5b58f663724 libcli/smb: allow unexpected padding in SMB2 READ responses via f47e9965c77 libcli/smb: make smb2cli_ioctl_parse_buffer() available as smb2cli_parse_dyn_buffer() via d4d9bc847c5 s3:smbd: implement FSCTL_SMBTORTURE_GLOBAL_READ_RESPONSE_BODY_PADDING8 via 5d98e2f2960 s3:smbd: introduce a body_size variable in smbd_smb2_request_read_done via e38295a091e s4:torture/smb2: add smb2.read.bug14607 test via 6fa28f4eb3a VERSION: Bump version up to Samba 4.13.11... from 85bb95881bb VERSION: Disable GIT_SNAPSHOT for the 4.13.10 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-stable - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 58 ++++++++++++++- configure | 2 +- libcli/smb/smb2cli_ioctl.c | 123 ++++-------------------------- libcli/smb/smb2cli_read.c | 22 +++++- libcli/smb/smbXcli_base.c | 91 +++++++++++++++++++++++ libcli/smb/smbXcli_base.h | 9 +++ libcli/smb/smb_constants.h | 2 + selftest/knownfail | 1 + source3/lib/dbwrap/dbwrap_open.c | 4 + source3/libsmb/clidfs.c | 44 ++++++++--- source3/registry/reg_backend_db.c | 9 +++ source3/rpc_server/rpc_handles.c | 20 ++++- source3/script/tests/test_deadtime.sh | 67 +++++++++++++++++ source3/selftest/tests.py | 4 + source3/smbd/dosmode.c | 20 +++++ source3/smbd/filename.c | 5 ++ source3/smbd/globals.h | 4 + source3/smbd/smb2_ioctl.c | 25 +++++++ source3/smbd/smb2_read.c | 14 +++- source4/torture/smb2/create.c | 63 ++++++++++++++++ source4/torture/smb2/read.c | 136 ++++++++++++++++++++++++++++++++++ 22 files changed, 596 insertions(+), 129 deletions(-) create mode 100755 source3/script/tests/test_deadtime.sh Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index d05f3595233..8ab61a550f0 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ ######################################################## SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=13 -SAMBA_VERSION_RELEASE=10 +SAMBA_VERSION_RELEASE=11 ######################################################## # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index c141d32b62e..4b33797845e 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,58 @@ + =============================== + Release Notes for Samba 4.13.11 + September 07, 2021 + =============================== + + +This is the latest stable release of the Samba 4.13 release series. + + +Changes since 4.13.10 +--------------------- + +o Jeremy Allison <j...@samba.org> + * BUG 14769: smbd panic on force-close share during offload write. + +o Ralph Boehme <s...@samba.org> + * BUG 14731: Fix returned attributes on fake quota file handle and avoid + hitting the VFS. + * BUG 14783: smbd "deadtime" parameter doesn't work anymore. + * BUG 14787: net conf list crashes when run as normal user. + +o Stefan Metzmacher <me...@samba.org> + * BUG 14607: Work around special SMB2 READ response behavior of NetApp Ontap + 7.3.7. + * BUG 14793: Start the SMB encryption as soon as possible. + +o Andreas Schneider <a...@samba.org> + * BUG 14792: Winbind should not start if the socket path for the privileged + pipe is too long. + + +####################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +Release notes for older releases follow: +---------------------------------------- + + =============================== Release Notes for Samba 4.13.10 July 14, 2021 @@ -61,8 +116,7 @@ database (https://bugzilla.samba.org/). ====================================================================== -Release notes for older releases follow: ----------------------------------------- +---------------------------------------------------------------------- ============================== diff --git a/configure b/configure index a6ca50feb47..2b0ffb0dae1 100755 --- a/configure +++ b/configure @@ -13,5 +13,5 @@ export JOBS unset LD_PRELOAD cd . || exit 1 -$PYTHON $WAF configure "$@" || exit 1 +$PYTHON $WAF configure $@ || exit 1 cd $PREVPATH diff --git a/libcli/smb/smb2cli_ioctl.c b/libcli/smb/smb2cli_ioctl.c index f9abcc57bab..d638b281678 100644 --- a/libcli/smb/smb2cli_ioctl.c +++ b/libcli/smb/smb2cli_ioctl.c @@ -160,97 +160,6 @@ struct tevent_req *smb2cli_ioctl_send(TALLOC_CTX *mem_ctx, return req; } -static NTSTATUS smb2cli_ioctl_parse_buffer(uint32_t dyn_offset, - const DATA_BLOB dyn_buffer, - uint32_t min_offset, - uint32_t buffer_offset, - uint32_t buffer_length, - uint32_t max_length, - uint32_t *next_offset, - DATA_BLOB *buffer) -{ - uint32_t offset; - bool oob; - - *buffer = data_blob_null; - *next_offset = dyn_offset; - - if (buffer_offset == 0) { - /* - * If the offset is 0, we better ignore - * the buffer_length field. - */ - return NT_STATUS_OK; - } - - if (buffer_length == 0) { - /* - * If the length is 0, we better ignore - * the buffer_offset field. - */ - return NT_STATUS_OK; - } - - if ((buffer_offset % 8) != 0) { - /* - * The offset needs to be 8 byte aligned. - */ - return NT_STATUS_INVALID_NETWORK_RESPONSE; - } - - /* - * We used to enforce buffer_offset to be - * an exact match of the expected minimum, - * but the NetApp Ontap 7.3.7 SMB server - * gets the padding wrong and aligns the - * input_buffer_offset by a value of 8. - * - * So we just enforce that the offset is - * not lower than the expected value. - */ - SMB_ASSERT(min_offset >= dyn_offset); - if (buffer_offset < min_offset) { - return NT_STATUS_INVALID_NETWORK_RESPONSE; - } - - /* - * Make [input|output]_buffer_offset relative to "dyn_buffer" - */ - offset = buffer_offset - dyn_offset; - oob = smb_buffer_oob(dyn_buffer.length, offset, buffer_length); - if (oob) { - return NT_STATUS_INVALID_NETWORK_RESPONSE; - } - - /* - * Give the caller a hint what we consumed, - * the caller may need to add possible padding. - */ - *next_offset = buffer_offset + buffer_length; - - if (max_length == 0) { - /* - * If max_input_length is 0 we ignore the - * input_buffer_length, because Windows 2008 echos the - * DCERPC request from the requested input_buffer to - * the response input_buffer. - * - * We just use the same logic also for max_output_length... - */ - buffer_length = 0; - } - - if (buffer_length > max_length) { - return NT_STATUS_INVALID_NETWORK_RESPONSE; - } - - *buffer = (DATA_BLOB) { - .data = dyn_buffer.data + offset, - .length = buffer_length, - }; - return NT_STATUS_OK; -} - static void smb2cli_ioctl_done(struct tevent_req *subreq) { struct tevent_req *req = @@ -352,14 +261,14 @@ static void smb2cli_ioctl_done(struct tevent_req *subreq) input_min_offset = dyn_ofs; input_next_offset = dyn_ofs; - error = smb2cli_ioctl_parse_buffer(dyn_ofs, - dyn_buffer, - input_min_offset, - input_buffer_offset, - input_buffer_length, - state->max_input_length, - &input_next_offset, - &state->out_input_buffer); + error = smb2cli_parse_dyn_buffer(dyn_ofs, + dyn_buffer, + input_min_offset, + input_buffer_offset, + input_buffer_length, + state->max_input_length, + &input_next_offset, + &state->out_input_buffer); if (tevent_req_nterror(req, error)) { return; } @@ -370,14 +279,14 @@ static void smb2cli_ioctl_done(struct tevent_req *subreq) */ output_min_offset = NDR_ROUND(input_next_offset, 8); output_next_offset = 0; /* this variable is completely ignored */ - error = smb2cli_ioctl_parse_buffer(dyn_ofs, - dyn_buffer, - output_min_offset, - output_buffer_offset, - output_buffer_length, - state->max_output_length, - &output_next_offset, - &state->out_output_buffer); + error = smb2cli_parse_dyn_buffer(dyn_ofs, + dyn_buffer, + output_min_offset, + output_buffer_offset, + output_buffer_length, + state->max_output_length, + &output_next_offset, + &state->out_output_buffer); if (tevent_req_nterror(req, error)) { return; } diff --git a/libcli/smb/smb2cli_read.c b/libcli/smb/smb2cli_read.c index 8110b65d432..c7f48741b87 100644 --- a/libcli/smb/smb2cli_read.c +++ b/libcli/smb/smb2cli_read.c @@ -90,8 +90,13 @@ static void smb2cli_read_done(struct tevent_req *subreq) tevent_req_data(req, struct smb2cli_read_state); NTSTATUS status; + NTSTATUS error; struct iovec *iov; + const uint8_t dyn_ofs = SMB2_HDR_BODY + 0x10; + DATA_BLOB dyn_buffer = data_blob_null; uint8_t data_offset; + DATA_BLOB data_buffer = data_blob_null; + uint32_t next_offset = 0; /* this variable is completely ignored */ static const struct smb2cli_req_expected_response expected[] = { { .status = STATUS_BUFFER_OVERFLOW, @@ -117,14 +122,23 @@ static void smb2cli_read_done(struct tevent_req *subreq) data_offset = CVAL(iov[1].iov_base, 2); state->data_length = IVAL(iov[1].iov_base, 4); - if ((data_offset != SMB2_HDR_BODY + 16) || - (state->data_length > iov[2].iov_len)) { - tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE); + dyn_buffer = data_blob_const((uint8_t *)iov[2].iov_base, + iov[2].iov_len); + + error = smb2cli_parse_dyn_buffer(dyn_ofs, + dyn_buffer, + dyn_ofs, /* min_offset */ + data_offset, + state->data_length, + dyn_buffer.length, /* max_length */ + &next_offset, + &data_buffer); + if (tevent_req_nterror(req, error)) { return; } state->recv_iov = iov; - state->data = (uint8_t *)iov[2].iov_base; + state->data = data_buffer.data; state->out_valid = true; diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c index 4909797543c..bcb601dde59 100644 --- a/libcli/smb/smbXcli_base.c +++ b/libcli/smb/smbXcli_base.c @@ -6664,3 +6664,94 @@ uint64_t smb2cli_conn_get_mid(struct smbXcli_conn *conn) { return conn->smb2.mid; } + +NTSTATUS smb2cli_parse_dyn_buffer(uint32_t dyn_offset, + const DATA_BLOB dyn_buffer, + uint32_t min_offset, + uint32_t buffer_offset, + uint32_t buffer_length, + uint32_t max_length, + uint32_t *next_offset, + DATA_BLOB *buffer) +{ + uint32_t offset; + bool oob; + + *buffer = data_blob_null; + *next_offset = dyn_offset; + + if (buffer_offset == 0) { + /* + * If the offset is 0, we better ignore + * the buffer_length field. + */ + return NT_STATUS_OK; + } + + if (buffer_length == 0) { + /* + * If the length is 0, we better ignore + * the buffer_offset field. + */ + return NT_STATUS_OK; + } + + if ((buffer_offset % 8) != 0) { + /* + * The offset needs to be 8 byte aligned. + */ + return NT_STATUS_INVALID_NETWORK_RESPONSE; + } + + /* + * We used to enforce buffer_offset to be + * an exact match of the expected minimum, + * but the NetApp Ontap 7.3.7 SMB server + * gets the padding wrong and aligns the + * input_buffer_offset by a value of 8. + * + * So we just enforce that the offset is + * not lower than the expected value. + */ + SMB_ASSERT(min_offset >= dyn_offset); + if (buffer_offset < min_offset) { + return NT_STATUS_INVALID_NETWORK_RESPONSE; + } + + /* + * Make [input|output]_buffer_offset relative to "dyn_buffer" + */ + offset = buffer_offset - dyn_offset; + oob = smb_buffer_oob(dyn_buffer.length, offset, buffer_length); + if (oob) { + return NT_STATUS_INVALID_NETWORK_RESPONSE; + } + + /* + * Give the caller a hint what we consumed, + * the caller may need to add possible padding. + */ + *next_offset = buffer_offset + buffer_length; + + if (max_length == 0) { + /* + * If max_input_length is 0 we ignore the + * input_buffer_length, because Windows 2008 echos the + * DCERPC request from the requested input_buffer to + * the response input_buffer. + * + * We just use the same logic also for max_output_length... + */ + buffer_length = 0; + } + + if (buffer_length > max_length) { + return NT_STATUS_INVALID_NETWORK_RESPONSE; + } + + *buffer = (DATA_BLOB) { + .data = dyn_buffer.data + offset, + .length = buffer_length, + }; + return NT_STATUS_OK; +} diff --git a/libcli/smb/smbXcli_base.h b/libcli/smb/smbXcli_base.h index 2afc7165cd9..4452cd808ea 100644 --- a/libcli/smb/smbXcli_base.h +++ b/libcli/smb/smbXcli_base.h @@ -390,6 +390,15 @@ void smb2cli_conn_set_cc_max_chunks(struct smbXcli_conn *conn, void smb2cli_conn_set_mid(struct smbXcli_conn *conn, uint64_t mid); uint64_t smb2cli_conn_get_mid(struct smbXcli_conn *conn); +NTSTATUS smb2cli_parse_dyn_buffer(uint32_t dyn_offset, + const DATA_BLOB dyn_buffer, + uint32_t min_offset, + uint32_t buffer_offset, + uint32_t buffer_length, + uint32_t max_length, + uint32_t *next_offset, + DATA_BLOB *buffer); + struct tevent_req *smb2cli_req_create(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct smbXcli_conn *conn, diff --git a/libcli/smb/smb_constants.h b/libcli/smb/smb_constants.h index d2345f094e1..af8e7204013 100644 --- a/libcli/smb/smb_constants.h +++ b/libcli/smb/smb_constants.h @@ -591,6 +591,8 @@ enum csc_policy { (FSCTL_SMBTORTURE | FSCTL_ACCESS_WRITE | 0x0000 | FSCTL_METHOD_NEITHER) #define FSCTL_SMBTORTURE_IOCTL_RESPONSE_BODY_PADDING8 \ (FSCTL_SMBTORTURE | FSCTL_ACCESS_WRITE | 0x0010 | FSCTL_METHOD_NEITHER) +#define FSCTL_SMBTORTURE_GLOBAL_READ_RESPONSE_BODY_PADDING8 \ + (FSCTL_SMBTORTURE | FSCTL_ACCESS_WRITE | 0x0020 | FSCTL_METHOD_NEITHER) /* * A few values from [MS-FSCC] 2.1.2.1 Reparse Tags diff --git a/selftest/knownfail b/selftest/knownfail index 4fe503f4cc1..dab0e64c10b 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -144,6 +144,7 @@ ^samba4.raw.acls.*.create_owner_file ^samba4.smb2.create.*.acldir ^samba4.smb2.create.*.impersonation +^samba4.smb2.create.quota-fake-file\(ad_dc_ntvfs\) # not supported by the NTVFS ^samba4.smb2.acls.*.generic ^samba4.smb2.acls.*.inheritflags ^samba4.smb2.acls.*.owner diff --git a/source3/lib/dbwrap/dbwrap_open.c b/source3/lib/dbwrap/dbwrap_open.c index e67341607a4..2c6ce3b7104 100644 --- a/source3/lib/dbwrap/dbwrap_open.c +++ b/source3/lib/dbwrap/dbwrap_open.c @@ -149,6 +149,10 @@ struct db_context *db_open(TALLOC_CTX *mem_ctx, * to be initialized. */ msg_ctx = global_messaging_context(); + if (msg_ctx == NULL) { + DBG_ERR("Failed to initialize messaging\n"); + return NULL; + } conn = messaging_ctdb_connection(); if (conn == NULL) { diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c index 3cc52cc5ac9..2a2509870e3 100644 --- a/source3/libsmb/clidfs.c +++ b/source3/libsmb/clidfs.c @@ -50,6 +50,7 @@ NTSTATUS cli_cm_force_encryption_creds(struct cli_state *c, uint16_t major, minor; uint32_t caplow, caphigh; NTSTATUS status; + bool temp_ipc = false; if (smbXcli_conn_protocol(c->conn) >= PROTOCOL_SMB2_02) { status = smb2cli_session_encryption_on(c->smb2.session); @@ -72,12 +73,26 @@ NTSTATUS cli_cm_force_encryption_creds(struct cli_state *c, return NT_STATUS_NOT_SUPPORTED; } + if (c->smb1.tcon == NULL) { + status = cli_tree_connect_creds(c, "IPC$", "IPC", creds); + if (!NT_STATUS_IS_OK(status)) { + d_printf("Encryption required and " + "can't connect to IPC$ to check " + "UNIX CIFS extensions.\n"); + return NT_STATUS_UNKNOWN_REVISION; + } + temp_ipc = true; + } + status = cli_unix_extensions_version(c, &major, &minor, &caplow, &caphigh); if (!NT_STATUS_IS_OK(status)) { d_printf("Encryption required and " "can't get UNIX CIFS extensions " "version from server.\n"); + if (temp_ipc) { + cli_tdis(c); + } return NT_STATUS_UNKNOWN_REVISION; } @@ -85,6 +100,9 @@ NTSTATUS cli_cm_force_encryption_creds(struct cli_state *c, d_printf("Encryption required and " "share %s doesn't support " "encryption.\n", sharename); + if (temp_ipc) { + cli_tdis(c); + } return NT_STATUS_UNSUPPORTED_COMPRESSION; } @@ -93,9 +111,15 @@ NTSTATUS cli_cm_force_encryption_creds(struct cli_state *c, -- Samba Shared Repository