The branch, v4-17-stable has been updated via 46e771776b2 VERSION: Disable GIT_SNAPSHOT for the 4.17.6 release. via 418af42a77f WHATSNEW: Add release notes for Samba 4.17.6. via ec6a057e690 s3: smbd: Fix fsp/fd leak when looking up a non-existent stream name on a file. via 460bc1897a3 s3: tests: Add new test_stream_dir_rename.sh test. via 1caac94128e s3: provision: Add new streams_xattr_nostrict share - needs "strict rename = no". via bfbb854d746 rpcd: With npa->need_idle_server we can have more than 256 servers via 743d7600fba rpcd: Do blocking connects to local pipes via 32a6eb37fbd rpcd: Increase listening queue via 529e76a51df torture3: test rpc scalability via f07883a09ea librpc: Remove unused sync rpc_transport_np_init() via dbb9cb6bfad librpc: Make rpc_pipe_open_np() public and async via f4556250b87 lib:util: File descriptor being closed repeatedly. via 0b8713e342c vfs_ceph: use fsp_get_pathref_fd in ceph fstatat and close vfs calls via 79c06ede865 mdssvc: fix kMDScopeArray parsing via cee7ecee5ca s4-drsuapi: Give an error that matches windows on destination_dsa_guid lookup failure via c7658589fa5 s4-drsuapi: Clarify role of drs_security_access_check_nc_root() via dee90673865 s4-rpc_server: Pre-check destination_dsa_guid in GetNCChanges for validity via be0cb189202 s4-drsuapi: Use samdb_get_ntds_obj_by_guid() to find RODC in REPL_SECRET via fba94e5d504 s4-dsdb: Require that the NTDS object is an nTDSDSA objectclass via bcb89bd81d4 s4-dsdb: Split samdb_get_ntds_obj_by_guid() out of samdb_is_rodc() via a78c2094ff5 s4-rpc_server/drsuapi: Return correct error code for an invalid DN to EXOP_REPL_OBJ/EXOP_REPL_OBJ via 764702f788c s4-drs: Make drs_ObjectIdentifier_to_dn() safer and able to cope with DummyDN values via 7c32d3d75aa s4-dsdb: rework drs_ObjectIdentifier_to_dn() into drs_ObjectIdentifier_to_dn_and_nc_root() via 85cc464195b s4-rpc_server/drsuapi: Use dsdb_normalise_dn_and_find_nc_root() via 96adf5afc01 s4-dsdb: Add dsdb_normalise_dn_and_find_nc_root() around dsdb_find_nc_root() via deac11ab428 s4-dsdb: Add better debugging to dsdb_objects_have_same_nc() via 4413c277ef0 s4-dsdb: Make dsdb_find_nc_root() first try and use DSDB_CONTROL_CURRENT_PARTITION_OID via 24adeb3ad11 s4-dsdb: Schedule SD propegation only after successful rename via fedd276dbf1 s4-selftest/drs: Confirm GetNCChanges REPL_SECRET works with a DummyDN and real GUID via f6ebb660e54 s4-selftest/drs: Confirm GetNCChanges full replication works with a DummyDN and real GUID via fcc25f6baf8 s4-selftest/drs: Confirm GetNCChanges REPL_OBJ works with a DummyDN and real GUID via b0bbea3fdcd s4-selftest/drs Allow re-run of DRS tests after failed cleanup via 2cb965046b8 s4-selftest/drs Allow some DRS tests to operate against an IP via a81be075983 s4-selftest/drs Add test of expected return code for invaid DNs in GetNCChanges via 00d1f6223f2 s4-dsdb: Add tests of SamDB.get_nc_root() via ddf64adea13 s3/lib: Prevent use after free of messaging_ctdb_fde_ev structs via e12898ff72c VERSION: Bump version up to Samba 4.17.6... from 420b9e67870 VERSION: Disable GIT_SNAPSHOT for the 4.17.5 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-17-stable - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 65 ++++- lib/util/util_file.c | 9 +- python/samba/tests/dsdb.py | 122 +++++++++ selftest/target/Samba3.pm | 5 + source3/lib/messages_ctdb.c | 19 ++ source3/librpc/idl/rpc_host.idl | 2 +- source3/modules/vfs_ceph.c | 7 +- source3/rpc_client/cli_pipe.c | 132 +++++++--- source3/rpc_client/cli_pipe.h | 13 + source3/rpc_client/local_np.c | 14 +- source3/rpc_client/rpc_transport.h | 3 - source3/rpc_client/rpc_transport_np.c | 31 --- source3/rpc_server/mdssvc/mdssvc.c | 6 + source3/rpc_server/rpc_host.c | 2 +- source3/rpc_server/rpc_worker.c | 2 +- source3/script/tests/test_stream_dir_rename.sh | 72 ++++++ source3/selftest/tests.py | 4 + source3/smbd/filename.c | 21 ++ source3/torture/proto.h | 1 + source3/torture/test_rpc_scale.c | 301 ++++++++++++++++++++++ source3/torture/torture.c | 4 + source3/torture/wscript_build | 1 + source4/dsdb/common/dsdb_dn.c | 183 +++++++++++++- source4/dsdb/common/util.c | 335 +++++++++++++++++++++++-- source4/dsdb/samdb/ldb_modules/descriptor.c | 134 +++++++--- source4/rpc_server/drsuapi/drsutil.c | 28 ++- source4/rpc_server/drsuapi/getncchanges.c | 182 +++++++++++--- source4/rpc_server/drsuapi/updaterefs.c | 39 ++- source4/torture/drs/python/drs_base.py | 15 +- source4/torture/drs/python/getnc_exop.py | 169 ++++++++++++- source4/torture/drs/python/getncchanges.py | 52 +++- source4/torture/drs/python/repl_move.py | 11 +- source4/torture/drs/python/repl_rodc.py | 46 ++++ source4/torture/drs/python/repl_schema.py | 9 +- 35 files changed, 1813 insertions(+), 228 deletions(-) create mode 100755 source3/script/tests/test_stream_dir_rename.sh create mode 100644 source3/torture/test_rpc_scale.c Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 604c5f065ca..16716ac7539 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ ######################################################## SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=17 -SAMBA_VERSION_RELEASE=5 +SAMBA_VERSION_RELEASE=6 ######################################################## # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 5eb0a0281c1..865697ce109 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,65 @@ + ============================== + Release Notes for Samba 4.17.6 + March 09, 2023 + ============================== + + +This is the latest stable release of the Samba 4.17 release series. + + +Changes since 4.17.5 +-------------------- + +o Jeremy Allison <j...@samba.org> + * BUG 15314: streams_xattr is creating unexpected locks on folders. + +o Andrew Bartlett <abart...@samba.org> + * BUG 10635: Use of the Azure AD Connect cloud sync tool is now supported for + password hash synchronisation, allowing Samba AD Domains to synchronise + passwords with this popular cloud environment. + +o Ralph Boehme <s...@samba.org> + * BUG 15299: Spotlight doesn't work with latest macOS Ventura. + +o Volker Lendecke <v...@samba.org> + * BUG 15310: New samba-dcerpc architecture does not scale gracefully. + +o John Mulligan <jmulli...@redhat.com> + * BUG 15307: vfs_ceph incorrectly uses fsp_get_io_fd() instead of + fsp_get_pathref_fd() in close and fstat. + +o Noel Power <noel.po...@suse.com> + * BUG 15293: With clustering enabled samba-bgqd can core dump due to use + after free. + +o baixiangcpp <baixiang...@gmail.com> + * BUG 15311: fd_load() function implicitly closes the fd where it should not. + + +####################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical:matrix.org matrix room, or +#samba-technical IRC channel on irc.libera.chat. + + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +Release notes for older releases follow: +---------------------------------------- ============================== Release Notes for Samba 4.17.5 January 26, 2023 @@ -78,8 +140,7 @@ database (https://bugzilla.samba.org/). ====================================================================== -Release notes for older releases follow: ----------------------------------------- +---------------------------------------------------------------------- ============================== Release Notes for Samba 4.17.4 December 15, 2022 diff --git a/lib/util/util_file.c b/lib/util/util_file.c index af90e4a7621..fa5abadedec 100644 --- a/lib/util/util_file.c +++ b/lib/util/util_file.c @@ -175,13 +175,20 @@ _PUBLIC_ char *fd_load(int fd, size_t *psize, size_t maxsize, TALLOC_CTX *mem_ct size_t size = 0; size_t chunk = 1024; int err; + int fd_dup; if (maxsize == 0) { maxsize = SIZE_MAX; } - file = fdopen(fd, "r"); + fd_dup = dup(fd); + if (fd_dup == -1) { + return NULL; + } + + file = fdopen(fd_dup, "r"); if (file == NULL) { + close(fd_dup); return NULL; } diff --git a/python/samba/tests/dsdb.py b/python/samba/tests/dsdb.py index f4f7a705626..6c52994ece7 100644 --- a/python/samba/tests/dsdb.py +++ b/python/samba/tests/dsdb.py @@ -1029,6 +1029,128 @@ class DsdbTests(TestCase): str(part_dn) + "," + str(domain_dn)), self.samdb.normalize_dn_in_domain(part_dn)) +class DsdbNCRootTests(TestCase): + + def setUp(self): + super().setUp() + self.lp = samba.tests.env_loadparm() + self.creds = Credentials() + self.creds.guess(self.lp) + self.session = system_session() + self.samdb = SamDB(session_info=self.session, + credentials=self.creds, + lp=self.lp) + self.remote = False + + # These all use the local mode of operation inside + # dsdb_find_nc_root() using the partitions control + def test_dsdb_dn_nc_root_sid(self): + dom_sid = self.samdb.get_domain_sid() + domain_dn = ldb.Dn(self.samdb, self.samdb.domain_dn()) + dn = ldb.Dn(self.samdb, f"<SID={dom_sid}>") + try: + nc_root = self.samdb.get_nc_root(dn) + except ldb.LdbError as e: + (code, msg) = e.args + self.fail("Got unexpected exception %d - %s " + % (code, msg)) + self.assertEqual(domain_dn, nc_root) + + def test_dsdb_dn_nc_root_admin_sid(self): + dom_sid = self.samdb.get_domain_sid() + domain_dn = ldb.Dn(self.samdb, self.samdb.domain_dn()) + dn = ldb.Dn(self.samdb, f"<SID={dom_sid}-500>") + try: + nc_root = self.samdb.get_nc_root(dn) + except ldb.LdbError as e: + (code, msg) = e.args + self.fail("Got unexpected exception %d - %s " + % (code, msg)) + self.assertEqual(domain_dn, nc_root) + + def test_dsdb_dn_nc_root_users_container(self): + dom_sid = self.samdb.get_domain_sid() + domain_dn = ldb.Dn(self.samdb, self.samdb.domain_dn()) + dn = ldb.Dn(self.samdb, f"CN=Users,{domain_dn}") + try: + nc_root = self.samdb.get_nc_root(dn) + except ldb.LdbError as e: + (code, msg) = e.args + self.fail("Got unexpected exception %d - %s " + % (code, msg)) + self.assertEqual(domain_dn, nc_root) + + def test_dsdb_dn_nc_root_new_dn(self): + dom_sid = self.samdb.get_domain_sid() + domain_dn = ldb.Dn(self.samdb, self.samdb.domain_dn()) + dn = ldb.Dn(self.samdb, f"CN=Xnotexisting,CN=Users,{domain_dn}") + try: + nc_root = self.samdb.get_nc_root(dn) + except ldb.LdbError as e: + (code, msg) = e.args + self.fail("Got unexpected exception %d - %s " + % (code, msg)) + self.assertEqual(domain_dn, nc_root) + + def test_dsdb_dn_nc_root_new_dn_with_guid(self): + domain_dn = ldb.Dn(self.samdb, self.samdb.domain_dn()) + dn = ldb.Dn(self.samdb, f"<GUID=828e3baf-fa02-4d82-ba5d-6f647dab5fd8>;CN=Xnotexisting,CN=Users,{domain_dn}") + try: + nc_root = self.samdb.get_nc_root(dn) + except ldb.LdbError as e: + (code, msg) = e.args + self.fail("Got unexpected exception %d - %s " + % (code, msg)) + self.assertEqual(domain_dn, nc_root) + + def test_dsdb_dn_nc_root_guid(self): + ntds_guid = self.samdb.get_ntds_GUID() + configuration_dn = self.samdb.get_config_basedn() + dn = ldb.Dn(self.samdb, f"<GUID={ntds_guid}>") + try: + nc_root = self.samdb.get_nc_root(dn) + except ldb.LdbError as e: + (code, msg) = e.args + self.fail("Got unexpected exception %d - %s " + % (code, msg)) + self.assertEqual(configuration_dn, nc_root) + + def test_dsdb_dn_nc_root_misleading_to_noexisting_guid(self): + ntds_guid = self.samdb.get_ntds_GUID() + configuration_dn = self.samdb.get_config_basedn() + domain_dn = ldb.Dn(self.samdb, self.samdb.domain_dn()) + dn = ldb.Dn(self.samdb, f"<GUID={ntds_guid}>;CN=Xnotexisting,CN=Users,{domain_dn}") + try: + nc_root = self.samdb.get_nc_root(dn) + except ldb.LdbError as e: + (code, msg) = e.args + self.fail("Got unexpected exception %d - %s " + % (code, msg)) + self.assertEqual(configuration_dn, nc_root) + + def test_dsdb_dn_nc_root_misleading_to_existing_guid(self): + ntds_guid = self.samdb.get_ntds_GUID() + configuration_dn = self.samdb.get_config_basedn() + domain_dn = ldb.Dn(self.samdb, self.samdb.domain_dn()) + dn = ldb.Dn(self.samdb, f"<GUID={ntds_guid}>;{domain_dn}") + try: + nc_root = self.samdb.get_nc_root(dn) + except ldb.LdbError as e: + (code, msg) = e.args + self.fail("Got unexpected exception %d - %s " + % (code, msg)) + self.assertEqual(configuration_dn, nc_root) + +class DsdbRemoteNCRootTests(DsdbNCRootTests): + def setUp(self): + super().setUp() + # Reconnect to the remote LDAP port + self.samdb = SamDB(url="ldap://%s" % samba.tests.env_get_var_value('SERVER'), + session_info=self.session, + credentials=self.get_credentials(), + lp=self.lp) + self.remote = True + class DsdbFullScanTests(TestCase): diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index c22b382a24e..f9c732284c2 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -3434,6 +3434,11 @@ sub provision($$) copy = tmp vfs objects = streams_xattr xattr_tdb +[streams_xattr_nostrict] + copy = tmp + strict rename = no + vfs objects = streams_xattr xattr_tdb + [acl_streams_xattr] copy = tmp vfs objects = acl_xattr streams_xattr fake_acls xattr_tdb diff --git a/source3/lib/messages_ctdb.c b/source3/lib/messages_ctdb.c index 3e784bf7237..d55b53bf601 100644 --- a/source3/lib/messages_ctdb.c +++ b/source3/lib/messages_ctdb.c @@ -76,6 +76,21 @@ static int messaging_ctdb_recv( struct messaging_ctdb_context *global_ctdb_context; +static int global_ctdb_ctx_destructor(struct messaging_ctdb_context *ctx) +{ + if (ctx != NULL) { + struct messaging_ctdb_fde_ev *fde_ev = NULL; + for (fde_ev = ctx->fde_evs; + fde_ev != NULL; + fde_ev = fde_ev->next) { + if (fde_ev->ctx == ctx) { + fde_ev->ctx = NULL; + } + } + } + return 0; +} + int messaging_ctdb_init(const char *sockname, int timeout, uint64_t unique_id, void (*recv_cb)(struct tevent_context *ev, const uint8_t *msg, size_t msg_len, @@ -94,6 +109,10 @@ int messaging_ctdb_init(const char *sockname, int timeout, uint64_t unique_id, if (ctx == NULL) { return ENOMEM; } + + talloc_set_destructor(ctx, + global_ctdb_ctx_destructor); + ctx->recv_cb = recv_cb; ctx->recv_cb_private_data = private_data; diff --git a/source3/librpc/idl/rpc_host.idl b/source3/librpc/idl/rpc_host.idl index 0fc3f9514aa..c8abb6c4379 100644 --- a/source3/librpc/idl/rpc_host.idl +++ b/source3/librpc/idl/rpc_host.idl @@ -66,7 +66,7 @@ interface rpc_host_msg /** * @brief Which of the processes of a helper prog is this from */ - uint8 worker_index; + uint32 worker_index; /** * @brief How many clients this process serves right now diff --git a/source3/modules/vfs_ceph.c b/source3/modules/vfs_ceph.c index 2186bfdb2ce..f6d8f9d2641 100644 --- a/source3/modules/vfs_ceph.c +++ b/source3/modules/vfs_ceph.c @@ -464,7 +464,7 @@ static int cephwrap_close(struct vfs_handle_struct *handle, files_struct *fsp) int result; DBG_DEBUG("[CEPH] close(%p, %p)\n", handle, fsp); - result = ceph_close(handle->data, fsp_get_io_fd(fsp)); + result = ceph_close(handle->data, fsp_get_pathref_fd(fsp)); DBG_DEBUG("[CEPH] close(...) = %d\n", result); WRAP_RETURN(result); @@ -788,9 +788,10 @@ static int cephwrap_fstat(struct vfs_handle_struct *handle, files_struct *fsp, S { int result = -1; struct ceph_statx stx; + int fd = fsp_get_pathref_fd(fsp); - DBG_DEBUG("[CEPH] fstat(%p, %d)\n", handle, fsp_get_io_fd(fsp)); - result = ceph_fstatx(handle->data, fsp_get_io_fd(fsp), &stx, + DBG_DEBUG("[CEPH] fstat(%p, %d)\n", handle, fd); + result = ceph_fstatx(handle->data, fd, &stx, SAMBA_STATX_ATTR_MASK, 0); DBG_DEBUG("[CEPH] fstat(...) = %d\n", result); if (result < 0) { diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 5e26dc1806d..2af68b169af 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -3172,74 +3172,142 @@ static int rpc_pipe_client_np_ref_destructor(struct rpc_pipe_client_np_ref *np_r * ****************************************************************************/ -static NTSTATUS rpc_pipe_open_np(struct cli_state *cli, - const struct ndr_interface_table *table, - struct rpc_pipe_client **presult) -{ +struct rpc_pipe_open_np_state { + struct cli_state *cli; + const struct ndr_interface_table *table; struct rpc_pipe_client *result; - NTSTATUS status; - struct rpc_pipe_client_np_ref *np_ref; +}; + +static void rpc_pipe_open_np_done(struct tevent_req *subreq); - /* sanity check to protect against crashes */ +struct tevent_req *rpc_pipe_open_np_send( + TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct cli_state *cli, + const struct ndr_interface_table *table) +{ + struct tevent_req *req = NULL, *subreq = NULL; + struct rpc_pipe_open_np_state *state = NULL; + struct rpc_pipe_client *result = NULL; - if ( !cli ) { - return NT_STATUS_INVALID_HANDLE; + req = tevent_req_create( + mem_ctx, &state, struct rpc_pipe_open_np_state); + if (req == NULL) { + return NULL; } + state->cli = cli; + state->table = table; - result = talloc_zero(NULL, struct rpc_pipe_client); - if (result == NULL) { - return NT_STATUS_NO_MEMORY; + state->result = talloc_zero(state, struct rpc_pipe_client); + if (tevent_req_nomem(state->result, req)) { + return tevent_req_post(req, ev); } + result = state->result; result->abstract_syntax = table->syntax_id; result->transfer_syntax = ndr_transfer_syntax_ndr; result->desthost = talloc_strdup( result, smbXcli_conn_remote_name(cli->conn)); - if (result->desthost == NULL) { - TALLOC_FREE(result); - return NT_STATUS_NO_MEMORY; + if (tevent_req_nomem(result->desthost, req)) { + return tevent_req_post(req, ev); } result->srv_name_slash = talloc_asprintf_strupper_m( result, "\\\\%s", result->desthost); - if (result->srv_name_slash == NULL) { - TALLOC_FREE(result); - return NT_STATUS_NO_MEMORY; + if (tevent_req_nomem(result->srv_name_slash, req)) { + return tevent_req_post(req, ev); } result->max_xmit_frag = RPC_MAX_PDU_FRAG_LEN; - status = rpc_transport_np_init(result, cli, table, - &result->transport); - if (!NT_STATUS_IS_OK(status)) { - TALLOC_FREE(result); - return status; + subreq = rpc_transport_np_init_send(state, ev, cli, table); + if (tevent_req_nomem(subreq, req)) { + return tevent_req_post(req, ev); + } + tevent_req_set_callback(subreq, rpc_pipe_open_np_done, req); + return req; +} + +static void rpc_pipe_open_np_done(struct tevent_req *subreq) +{ + struct tevent_req *req = tevent_req_callback_data( + subreq, struct tevent_req); + struct rpc_pipe_open_np_state *state = tevent_req_data( + req, struct rpc_pipe_open_np_state); + struct rpc_pipe_client *result = state->result; + struct rpc_pipe_client_np_ref *np_ref = NULL; + NTSTATUS status; + + status = rpc_transport_np_init_recv( + subreq, result, &result->transport); + TALLOC_FREE(subreq); + if (tevent_req_nterror(req, status)) { + return; } result->transport->transport = NCACN_NP; np_ref = talloc(result->transport, struct rpc_pipe_client_np_ref); - if (np_ref == NULL) { - TALLOC_FREE(result); - return NT_STATUS_NO_MEMORY; + if (tevent_req_nomem(np_ref, req)) { + return; } - np_ref->cli = cli; + np_ref->cli = state->cli; np_ref->pipe = result; DLIST_ADD(np_ref->cli->pipe_list, np_ref->pipe); talloc_set_destructor(np_ref, rpc_pipe_client_np_ref_destructor); - result->binding_handle = rpccli_bh_create(result, NULL, table); - if (result->binding_handle == NULL) { - TALLOC_FREE(result); - return NT_STATUS_NO_MEMORY; + result->binding_handle = rpccli_bh_create(result, NULL, state->table); + if (tevent_req_nomem(result->binding_handle, req)) { + return; } - *presult = result; + tevent_req_done(req); +} + +NTSTATUS rpc_pipe_open_np_recv( + struct tevent_req *req, + TALLOC_CTX *mem_ctx, + struct rpc_pipe_client **_result) +{ + struct rpc_pipe_open_np_state *state = tevent_req_data( + req, struct rpc_pipe_open_np_state); + NTSTATUS status; + + if (tevent_req_is_nterror(req, &status)) { + return status; + } + *_result = talloc_move(mem_ctx, &state->result); return NT_STATUS_OK; } +NTSTATUS rpc_pipe_open_np(struct cli_state *cli, + const struct ndr_interface_table *table, + struct rpc_pipe_client **presult) +{ + struct tevent_context *ev = NULL; + struct tevent_req *req = NULL; -- Samba Shared Repository