[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 39ae6a7 FSCTL_GET_SHADOW_COPY_DATA: Don't return 4 extra bytes at end via 101ae20 FSCTL_GET_SHADOW_COPY_DATA: Initialize output array to zero via 7d90c1b s3: smbd : Fix wildcard unlink to fail if we get an error rather than trying to continue. via cc20cef s3: smbd: Remove open_file_fchmod(). via 9b62ae8 s3: smbd: change file_set_dosmode() to use get_file_handle_for_metadata() instead of open_file_fchmod(). via d3b8149 s3: smbd : Ensure file_new doesn't call into smbXsrv_open_create() for INTERNAL_OPEN_ONLY. via 25aacde s3 : smbd : Protect all possible code paths from fsp-op == NULL. via c412f62 byteorder: do not assume PowerPC is big-endian via 92f894d Fix an empty if statement. via a9a345f Minor typo fix in source3/wscript. from 4386827 s3: smbd - smb1 - fix read of deleted memory in reply_writeclose(). http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 39ae6a7f3a36a34e69b896a8248c54fcfe134941 Author: Christof Schmitt christof.schm...@us.ibm.com Date: Mon Aug 5 11:21:59 2013 -0700 FSCTL_GET_SHADOW_COPY_DATA: Don't return 4 extra bytes at end labels_data_count already accounts for the unicode null character at the end of the array. There is no need in adding space for it again. Signed-off-by: Christof Schmitt christof.schm...@us.ibm.com Reviewed-by: Jeremy Allison j...@samba.org Reviewed-by: Simo Sorce i...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Tue Aug 6 04:03:17 CEST 2013 on sn-devel-104 (cherry picked from commit eb50fb8f3bf670bd7d1cf8fd4368ef4a73083696) The last 2 patches address bug #10549 - CVE-2014-0178: Malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response. Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Mon May 19 14:29:18 CEST 2014 on sn-devel-104 commit 101ae20a2f6ef1d79012bae09b965ac7d43d1692 Author: Christof Schmitt christof.schm...@us.ibm.com Date: Mon Aug 5 11:16:22 2013 -0700 FSCTL_GET_SHADOW_COPY_DATA: Initialize output array to zero Otherwise num_volumes and the end marker can return uninitialized data to the client. Signed-off-by: Christof Schmitt christof.schm...@us.ibm.com Reviewed-by: Jeremy Allison j...@samba.org Reviewed-by: Simo Sorce i...@samba.org (cherry picked from commit 30e724cbff1ecd90e5a676831902d1e41ec1b347) commit 7d90c1b0c857614ea6be2685d1f62fa5a7de810f Author: Jeremy Allison j...@samba.org Date: Tue Apr 29 16:59:55 2014 -0700 s3: smbd : Fix wildcard unlink to fail if we get an error rather than trying to continue. This can break smbd if we end up leaving a SHARING_VIOLATION retry record on the queue. Signed-off-by: Jeremy Allison j...@samba.org Fix bug #10577 - SMB1 wildcard unlink fail can leave a retry record on the open retry queue. commit cc20cef310ef60ea66d4a838d602eedbdcf9ffb4 Author: Jeremy Allison j...@samba.org Date: Thu May 1 11:11:20 2014 -0700 s3: smbd: Remove open_file_fchmod(). No longer used (hurrah!). Bug 10564 - Lock order violation and file lost https://bugzilla.samba.org/show_bug.cgi?id=10564 Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Volker Lendecke v...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Fri May 2 23:47:38 CEST 2014 on sn-devel-104 commit 9b62ae8337aaf154c141e9eec016c8a98de0becf Author: Jeremy Allison j...@samba.org Date: Thu May 1 11:07:44 2014 -0700 s3: smbd: change file_set_dosmode() to use get_file_handle_for_metadata() instead of open_file_fchmod(). get_file_handle_for_metadata() is a new function that finds an existing open handle (fsp-fh-fd != -1) for a given dev/ino if there is one available, and uses INTERNAL_OPEN_ONLY with WRITE_DATA access if not. Allows open_file_fchmod() to be removed next. Bug 10564 - Lock order violation and file lost https://bugzilla.samba.org/show_bug.cgi?id=10564 Signed-off-by: Jeremy Allison j...@samba.org Signed-off-by: Volker Lendecke v...@samba.org commit d3b81495c68ae06291929a0f878e3dbe2545cc99 Author: Jeremy Allison j...@samba.org Date: Thu May 1 11:01:03 2014 -0700 s3: smbd : Ensure file_new doesn't call into smbXsrv_open_create() for INTERNAL_OPEN_ONLY. This causes deadlocks which cause smbd to crash if the locking database has already been locked for a compound operation we need to be atomic (as in the file rename case). Ensure INTERNAL_OPEN_ONLY opens are synonymous with req==NULL. INTERNAL_OPEN_ONLY opens leave a NO_OPLOCK record in the share mode database, so they can be detected by
[SCM] Samba Shared Repository - branch v4-1-test updated
The branch, v4-1-test has been updated via dbe2ef7 FSCTL_GET_SHADOW_COPY_DATA: Don't return 4 extra bytes at end via ab51cd9 FSCTL_GET_SHADOW_COPY_DATA: Initialize output array to zero via 3b7b670 s3: smbd : Fix wildcard unlink to fail if we get an error rather than trying to continue. via d514226 s3: smbd: Remove open_file_fchmod(). via 690aab2 s3: smbd: change file_set_dosmode() to use get_file_handle_for_metadata() instead of open_file_fchmod(). via db4743a s3: smbd : Ensure file_new doesn't call into smbXsrv_open_create() for INTERNAL_OPEN_ONLY. via 90871a5 s3 : smbd : Protect all possible code paths from fsp-op == NULL. via 8f0c74e byteorder: do not assume PowerPC is big-endian via 1d255d2 Fix an empty if statement. via a790773 Minor typo fix in source3/wscript. from 15a2d25 s3: smbd - smb1 - fix read of deleted memory in reply_writeclose(). http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-1-test - Log - commit dbe2ef7f66c4c5cde1e1300675fcb78f4de3af70 Author: Christof Schmitt christof.schm...@us.ibm.com Date: Mon Aug 5 11:21:59 2013 -0700 FSCTL_GET_SHADOW_COPY_DATA: Don't return 4 extra bytes at end labels_data_count already accounts for the unicode null character at the end of the array. There is no need in adding space for it again. Signed-off-by: Christof Schmitt christof.schm...@us.ibm.com Reviewed-by: Jeremy Allison j...@samba.org Reviewed-by: Simo Sorce i...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Tue Aug 6 04:03:17 CEST 2013 on sn-devel-104 (cherry picked from commit eb50fb8f3bf670bd7d1cf8fd4368ef4a73083696) The last 2 patches address bug #10549 - CVE-2014-0178: Malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response. Autobuild-User(v4-1-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-1-test): Mon May 19 14:52:47 CEST 2014 on sn-devel-104 commit ab51cd90a077c2938620afedc61e2da21cb509be Author: Christof Schmitt christof.schm...@us.ibm.com Date: Mon Aug 5 11:16:22 2013 -0700 FSCTL_GET_SHADOW_COPY_DATA: Initialize output array to zero Otherwise num_volumes and the end marker can return uninitialized data to the client. Signed-off-by: Christof Schmitt christof.schm...@us.ibm.com Reviewed-by: Jeremy Allison j...@samba.org Reviewed-by: Simo Sorce i...@samba.org (cherry picked from commit 30e724cbff1ecd90e5a676831902d1e41ec1b347) commit 3b7b6707f6bd5ab5344223974b227260d8b4b80f Author: Jeremy Allison j...@samba.org Date: Tue Apr 29 16:59:55 2014 -0700 s3: smbd : Fix wildcard unlink to fail if we get an error rather than trying to continue. This can break smbd if we end up leaving a SHARING_VIOLATION retry record on the queue. Signed-off-by: Jeremy Allison j...@samba.org Fix bug #10577 - SMB1 wildcard unlink fail can leave a retry record on the open retry queue. commit d51422661dcb6e2badd9f35a7654571e3b6216cf Author: Jeremy Allison j...@samba.org Date: Thu May 1 11:11:20 2014 -0700 s3: smbd: Remove open_file_fchmod(). No longer used (hurrah!). Bug 10564 - Lock order violation and file lost https://bugzilla.samba.org/show_bug.cgi?id=10564 Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Volker Lendecke v...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Fri May 2 23:47:38 CEST 2014 on sn-devel-104 commit 690aab23955bb6d69a0def7f77e35a4b713622d4 Author: Jeremy Allison j...@samba.org Date: Thu May 1 11:07:44 2014 -0700 s3: smbd: change file_set_dosmode() to use get_file_handle_for_metadata() instead of open_file_fchmod(). get_file_handle_for_metadata() is a new function that finds an existing open handle (fsp-fh-fd != -1) for a given dev/ino if there is one available, and uses INTERNAL_OPEN_ONLY with WRITE_DATA access if not. Allows open_file_fchmod() to be removed next. Bug 10564 - Lock order violation and file lost https://bugzilla.samba.org/show_bug.cgi?id=10564 Signed-off-by: Jeremy Allison j...@samba.org Signed-off-by: Volker Lendecke v...@samba.org commit db4743a8a17280432cff496dce5b2bc354546973 Author: Jeremy Allison j...@samba.org Date: Thu May 1 11:01:03 2014 -0700 s3: smbd : Ensure file_new doesn't call into smbXsrv_open_create() for INTERNAL_OPEN_ONLY. This causes deadlocks which cause smbd to crash if the locking database has already been locked for a compound operation we need to be atomic (as in the file rename case). Ensure INTERNAL_OPEN_ONLY opens are synonymous with req==NULL. INTERNAL_OPEN_ONLY opens leave a NO_OPLOCK record in the share mode database, so they can be detected by
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e5649ef smbd: fix creation of BUILTIN\{Administrators,Users} when tdbsam:map builtin = false from 93093fa s4-torture: fix some build warnings in rpc samr test. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e5649ef6ee7fe2fd333ffdce3464c45a0cf01c9f Author: Michael Adam ob...@samba.org Date: Sat May 3 02:59:37 2014 +0200 smbd: fix creation of BUILTIN\{Administrators,Users} when tdbsam:map builtin = false In this case, passdb/group mapping is not responsible for the id mapping of the builtins, so the check whether the SID maps to a unix ID is not valid for checking whether the builtin has been created as a proper group. So this patch changes the check to whether we find the builtin in the group mapping database. Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Autobuild-User(master): Andreas Schneider a...@cryptomilk.org Autobuild-Date(master): Mon May 19 16:41:41 CEST 2014 on sn-devel-104 --- Summary of changes: source3/auth/token_util.c | 16 +--- 1 files changed, 13 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c index 82eaaff..8b0174f 100644 --- a/source3/auth/token_util.c +++ b/source3/auth/token_util.c @@ -487,8 +487,8 @@ static NTSTATUS finalize_local_nt_token(struct security_token *result, bool is_guest) { struct dom_sid dom_sid; - gid_t gid; NTSTATUS status; + struct acct_info *info; /* Add any local groups. */ @@ -527,11 +527,18 @@ static NTSTATUS finalize_local_nt_token(struct security_token *result, } } + info = talloc_zero(talloc_tos(), struct acct_info); + if (info == NULL) { + DEBUG(0, (talloc failed!\n)); + return NT_STATUS_NO_MEMORY; + } + /* Deal with the BUILTIN\Administrators group. If the SID can be resolved then assume that the add_aliasmem( S-1-5-32 ) handled it. */ - if (!sid_to_gid(global_sid_Builtin_Administrators, gid)) { + status = pdb_get_aliasinfo(global_sid_Builtin_Administrators, info); + if (!NT_STATUS_IS_OK(status)) { become_root(); if (!secrets_fetch_domain_sid(lp_workgroup(), dom_sid)) { @@ -562,7 +569,8 @@ static NTSTATUS finalize_local_nt_token(struct security_token *result, be resolved then assume that the add_aliasmem( S-1-5-32 ) handled it. */ - if (!sid_to_gid(global_sid_Builtin_Users, gid)) { + status = pdb_get_aliasinfo(global_sid_Builtin_Users, info); + if (!NT_STATUS_IS_OK(status)) { become_root(); if (!secrets_fetch_domain_sid(lp_workgroup(), dom_sid)) { @@ -582,6 +590,8 @@ static NTSTATUS finalize_local_nt_token(struct security_token *result, } } + TALLOC_FREE(info); + /* Deal with local groups */ if (lp_winbind_nested_groups()) { -- Samba Shared Repository
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2014-05-19-1828/flakey.log The samba build logs are available here: http://git.samba.org/autobuild.flakey/2014-05-19-1828/samba.stderr http://git.samba.org/autobuild.flakey/2014-05-19-1828/samba.stdout The top commit at the time of the failure was: commit e5649ef6ee7fe2fd333ffdce3464c45a0cf01c9f Author: Michael Adam ob...@samba.org Date: Sat May 3 02:59:37 2014 +0200 smbd: fix creation of BUILTIN\{Administrators,Users} when tdbsam:map builtin = false In this case, passdb/group mapping is not responsible for the id mapping of the builtins, so the check whether the SID maps to a unix ID is not valid for checking whether the builtin has been created as a proper group. So this patch changes the check to whether we find the builtin in the group mapping database. Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Autobuild-User(master): Andreas Schneider a...@cryptomilk.org Autobuild-Date(master): Mon May 19 16:41:41 CEST 2014 on sn-devel-104
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2014-05-19-2126/flakey.log The samba build logs are available here: http://git.samba.org/autobuild.flakey/2014-05-19-2126/samba.stderr http://git.samba.org/autobuild.flakey/2014-05-19-2126/samba.stdout The top commit at the time of the failure was: commit e5649ef6ee7fe2fd333ffdce3464c45a0cf01c9f Author: Michael Adam ob...@samba.org Date: Sat May 3 02:59:37 2014 +0200 smbd: fix creation of BUILTIN\{Administrators,Users} when tdbsam:map builtin = false In this case, passdb/group mapping is not responsible for the id mapping of the builtins, so the check whether the SID maps to a unix ID is not valid for checking whether the builtin has been created as a proper group. So this patch changes the check to whether we find the builtin in the group mapping database. Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Autobuild-User(master): Andreas Schneider a...@cryptomilk.org Autobuild-Date(master): Mon May 19 16:41:41 CEST 2014 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 392ec4d bug #10609: CVE-2014-0239 Don't reply to replies from e5649ef smbd: fix creation of BUILTIN\{Administrators,Users} when tdbsam:map builtin = false http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 392ec4d241eb19c812cd49ff73bd32b2b09d8533 Author: Kai Blin k...@samba.org Date: Tue May 13 08:13:29 2014 +0200 bug #10609: CVE-2014-0239 Don't reply to replies Due to insufficient input checking, the DNS server will reply to a packet that has the reply bit set. Over UDP, this allows to send a packet with a spoofed sender address and have two servers DOS each other with circular replies. This patch fixes bug #10609 and adds a test to make sure we don't regress. CVE-2014-2039 has been assigned to this issue. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10609 Signed-off-by: Kai Blin k...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Kai Blin k...@samba.org Autobuild-Date(master): Tue May 20 04:15:44 CEST 2014 on sn-devel-104 --- Summary of changes: python/samba/tests/dns.py | 29 + source4/dns_server/dns_server.c |6 ++ 2 files changed, 35 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/python/samba/tests/dns.py b/python/samba/tests/dns.py index 9c0b274..400321f 100644 --- a/python/samba/tests/dns.py +++ b/python/samba/tests/dns.py @@ -833,6 +833,35 @@ class TestInvalidQueries(DNSTest): self.assertEquals(response.answers[0].rdata, os.getenv('SERVER_IP')) +def test_one_a_reply(self): +send a reply instead of a query + +p = self.make_name_packet(dns.DNS_OPCODE_QUERY) +questions = [] + +name = %s.%s % ('fakefakefake', self.get_dns_domain()) +q = self.make_name_question(name, dns.DNS_QTYPE_A, dns.DNS_QCLASS_IN) +print asking for , q.name +questions.append(q) + +self.finish_name_packet(p, questions) +p.operation |= dns.DNS_FLAG_REPLY +s = None +try: +send_packet = ndr.ndr_pack(p) +s = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0) +host=os.getenv('SERVER_IP') +s.connect((host, 53)) +tcp_packet = struct.pack('!H', len(send_packet)) +tcp_packet += send_packet +s.send(tcp_packet, 0) +recv_packet = s.recv(0x + 2, 0) +self.assertEquals(0, len(recv_packet)) +finally: +if s is not None: +s.close() + + if __name__ == __main__: import unittest unittest.main() diff --git a/source4/dns_server/dns_server.c b/source4/dns_server/dns_server.c index 976774d..60ce27c 100644 --- a/source4/dns_server/dns_server.c +++ b/source4/dns_server/dns_server.c @@ -156,6 +156,12 @@ static struct tevent_req *dns_process_send(TALLOC_CTX *mem_ctx, return tevent_req_post(req, ev); } + if (state-in_packet.operation DNS_FLAG_REPLY) { + DEBUG(1, (Won't reply to replies.\n)); + tevent_req_werror(req, WERR_INVALID_PARAM); + return tevent_req_post(req, ev); + } + state-state.flags = state-in_packet.operation; state-state.flags |= DNS_FLAG_REPLY; -- Samba Shared Repository