[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 39ae6a7 FSCTL_GET_SHADOW_COPY_DATA: Don't return 4 extra bytes at end via 101ae20 FSCTL_GET_SHADOW_COPY_DATA: Initialize output array to zero via 7d90c1b s3: smbd : Fix wildcard unlink to fail if we get an error rather than trying to continue. via cc20cef s3: smbd: Remove open_file_fchmod(). via 9b62ae8 s3: smbd: change file_set_dosmode() to use get_file_handle_for_metadata() instead of open_file_fchmod(). via d3b8149 s3: smbd : Ensure file_new doesn't call into smbXsrv_open_create() for INTERNAL_OPEN_ONLY. via 25aacde s3 : smbd : Protect all possible code paths from fsp-op == NULL. via c412f62 byteorder: do not assume PowerPC is big-endian via 92f894d Fix an empty if statement. via a9a345f Minor typo fix in source3/wscript. from 4386827 s3: smbd - smb1 - fix read of deleted memory in reply_writeclose(). http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 39ae6a7f3a36a34e69b896a8248c54fcfe134941 Author: Christof Schmitt christof.schm...@us.ibm.com Date: Mon Aug 5 11:21:59 2013 -0700 FSCTL_GET_SHADOW_COPY_DATA: Don't return 4 extra bytes at end labels_data_count already accounts for the unicode null character at the end of the array. There is no need in adding space for it again. Signed-off-by: Christof Schmitt christof.schm...@us.ibm.com Reviewed-by: Jeremy Allison j...@samba.org Reviewed-by: Simo Sorce i...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Tue Aug 6 04:03:17 CEST 2013 on sn-devel-104 (cherry picked from commit eb50fb8f3bf670bd7d1cf8fd4368ef4a73083696) The last 2 patches address bug #10549 - CVE-2014-0178: Malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response. Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Mon May 19 14:29:18 CEST 2014 on sn-devel-104 commit 101ae20a2f6ef1d79012bae09b965ac7d43d1692 Author: Christof Schmitt christof.schm...@us.ibm.com Date: Mon Aug 5 11:16:22 2013 -0700 FSCTL_GET_SHADOW_COPY_DATA: Initialize output array to zero Otherwise num_volumes and the end marker can return uninitialized data to the client. Signed-off-by: Christof Schmitt christof.schm...@us.ibm.com Reviewed-by: Jeremy Allison j...@samba.org Reviewed-by: Simo Sorce i...@samba.org (cherry picked from commit 30e724cbff1ecd90e5a676831902d1e41ec1b347) commit 7d90c1b0c857614ea6be2685d1f62fa5a7de810f Author: Jeremy Allison j...@samba.org Date: Tue Apr 29 16:59:55 2014 -0700 s3: smbd : Fix wildcard unlink to fail if we get an error rather than trying to continue. This can break smbd if we end up leaving a SHARING_VIOLATION retry record on the queue. Signed-off-by: Jeremy Allison j...@samba.org Fix bug #10577 - SMB1 wildcard unlink fail can leave a retry record on the open retry queue. commit cc20cef310ef60ea66d4a838d602eedbdcf9ffb4 Author: Jeremy Allison j...@samba.org Date: Thu May 1 11:11:20 2014 -0700 s3: smbd: Remove open_file_fchmod(). No longer used (hurrah!). Bug 10564 - Lock order violation and file lost https://bugzilla.samba.org/show_bug.cgi?id=10564 Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Volker Lendecke v...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Fri May 2 23:47:38 CEST 2014 on sn-devel-104 commit 9b62ae8337aaf154c141e9eec016c8a98de0becf Author: Jeremy Allison j...@samba.org Date: Thu May 1 11:07:44 2014 -0700 s3: smbd: change file_set_dosmode() to use get_file_handle_for_metadata() instead of open_file_fchmod(). get_file_handle_for_metadata() is a new function that finds an existing open handle (fsp-fh-fd != -1) for a given dev/ino if there is one available, and uses INTERNAL_OPEN_ONLY with WRITE_DATA access if not. Allows open_file_fchmod() to be removed next. Bug 10564 - Lock order violation and file lost https://bugzilla.samba.org/show_bug.cgi?id=10564 Signed-off-by: Jeremy Allison j...@samba.org Signed-off-by: Volker Lendecke v...@samba.org commit d3b81495c68ae06291929a0f878e3dbe2545cc99 Author: Jeremy Allison j...@samba.org Date: Thu May 1 11:01:03 2014 -0700 s3: smbd : Ensure file_new doesn't call into smbXsrv_open_create() for INTERNAL_OPEN_ONLY. This causes deadlocks which cause smbd to crash if the locking database has already been locked for a compound operation we need to be atomic (as in the file rename case). Ensure INTERNAL_OPEN_ONLY opens are synonymous with req==NULL. INTERNAL_OPEN_ONLY opens leave a NO_OPLOCK record in the share mode database, so they can be detected by
[SCM] Samba Shared Repository - branch v4-1-test updated
The branch, v4-1-test has been updated via dbe2ef7 FSCTL_GET_SHADOW_COPY_DATA: Don't return 4 extra bytes at end via ab51cd9 FSCTL_GET_SHADOW_COPY_DATA: Initialize output array to zero via 3b7b670 s3: smbd : Fix wildcard unlink to fail if we get an error rather than trying to continue. via d514226 s3: smbd: Remove open_file_fchmod(). via 690aab2 s3: smbd: change file_set_dosmode() to use get_file_handle_for_metadata() instead of open_file_fchmod(). via db4743a s3: smbd : Ensure file_new doesn't call into smbXsrv_open_create() for INTERNAL_OPEN_ONLY. via 90871a5 s3 : smbd : Protect all possible code paths from fsp-op == NULL. via 8f0c74e byteorder: do not assume PowerPC is big-endian via 1d255d2 Fix an empty if statement. via a790773 Minor typo fix in source3/wscript. from 15a2d25 s3: smbd - smb1 - fix read of deleted memory in reply_writeclose(). http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-1-test - Log - commit dbe2ef7f66c4c5cde1e1300675fcb78f4de3af70 Author: Christof Schmitt christof.schm...@us.ibm.com Date: Mon Aug 5 11:21:59 2013 -0700 FSCTL_GET_SHADOW_COPY_DATA: Don't return 4 extra bytes at end labels_data_count already accounts for the unicode null character at the end of the array. There is no need in adding space for it again. Signed-off-by: Christof Schmitt christof.schm...@us.ibm.com Reviewed-by: Jeremy Allison j...@samba.org Reviewed-by: Simo Sorce i...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Tue Aug 6 04:03:17 CEST 2013 on sn-devel-104 (cherry picked from commit eb50fb8f3bf670bd7d1cf8fd4368ef4a73083696) The last 2 patches address bug #10549 - CVE-2014-0178: Malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response. Autobuild-User(v4-1-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-1-test): Mon May 19 14:52:47 CEST 2014 on sn-devel-104 commit ab51cd90a077c2938620afedc61e2da21cb509be Author: Christof Schmitt christof.schm...@us.ibm.com Date: Mon Aug 5 11:16:22 2013 -0700 FSCTL_GET_SHADOW_COPY_DATA: Initialize output array to zero Otherwise num_volumes and the end marker can return uninitialized data to the client. Signed-off-by: Christof Schmitt christof.schm...@us.ibm.com Reviewed-by: Jeremy Allison j...@samba.org Reviewed-by: Simo Sorce i...@samba.org (cherry picked from commit 30e724cbff1ecd90e5a676831902d1e41ec1b347) commit 3b7b6707f6bd5ab5344223974b227260d8b4b80f Author: Jeremy Allison j...@samba.org Date: Tue Apr 29 16:59:55 2014 -0700 s3: smbd : Fix wildcard unlink to fail if we get an error rather than trying to continue. This can break smbd if we end up leaving a SHARING_VIOLATION retry record on the queue. Signed-off-by: Jeremy Allison j...@samba.org Fix bug #10577 - SMB1 wildcard unlink fail can leave a retry record on the open retry queue. commit d51422661dcb6e2badd9f35a7654571e3b6216cf Author: Jeremy Allison j...@samba.org Date: Thu May 1 11:11:20 2014 -0700 s3: smbd: Remove open_file_fchmod(). No longer used (hurrah!). Bug 10564 - Lock order violation and file lost https://bugzilla.samba.org/show_bug.cgi?id=10564 Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Volker Lendecke v...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Fri May 2 23:47:38 CEST 2014 on sn-devel-104 commit 690aab23955bb6d69a0def7f77e35a4b713622d4 Author: Jeremy Allison j...@samba.org Date: Thu May 1 11:07:44 2014 -0700 s3: smbd: change file_set_dosmode() to use get_file_handle_for_metadata() instead of open_file_fchmod(). get_file_handle_for_metadata() is a new function that finds an existing open handle (fsp-fh-fd != -1) for a given dev/ino if there is one available, and uses INTERNAL_OPEN_ONLY with WRITE_DATA access if not. Allows open_file_fchmod() to be removed next. Bug 10564 - Lock order violation and file lost https://bugzilla.samba.org/show_bug.cgi?id=10564 Signed-off-by: Jeremy Allison j...@samba.org Signed-off-by: Volker Lendecke v...@samba.org commit db4743a8a17280432cff496dce5b2bc354546973 Author: Jeremy Allison j...@samba.org Date: Thu May 1 11:01:03 2014 -0700 s3: smbd : Ensure file_new doesn't call into smbXsrv_open_create() for INTERNAL_OPEN_ONLY. This causes deadlocks which cause smbd to crash if the locking database has already been locked for a compound operation we need to be atomic (as in the file rename case). Ensure INTERNAL_OPEN_ONLY opens are synonymous with req==NULL. INTERNAL_OPEN_ONLY opens leave a NO_OPLOCK record in the share mode database, so they can be detected by
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via e5649ef smbd: fix creation of BUILTIN\{Administrators,Users} when
tdbsam:map builtin = false
from 93093fa s4-torture: fix some build warnings in rpc samr test.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit e5649ef6ee7fe2fd333ffdce3464c45a0cf01c9f
Author: Michael Adam ob...@samba.org
Date: Sat May 3 02:59:37 2014 +0200
smbd: fix creation of BUILTIN\{Administrators,Users} when tdbsam:map
builtin = false
In this case, passdb/group mapping is not responsible for the id mapping
of the builtins, so the check whether the SID maps to a unix ID is not
valid for checking whether the builtin has been created as a proper group.
So this patch changes the check to whether we find the builtin in the group
mapping database.
Signed-off-by: Michael Adam ob...@samba.org
Reviewed-by: Andreas Schneider a...@samba.org
Autobuild-User(master): Andreas Schneider a...@cryptomilk.org
Autobuild-Date(master): Mon May 19 16:41:41 CEST 2014 on sn-devel-104
---
Summary of changes:
source3/auth/token_util.c | 16 +---
1 files changed, 13 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c
index 82eaaff..8b0174f 100644
--- a/source3/auth/token_util.c
+++ b/source3/auth/token_util.c
@@ -487,8 +487,8 @@ static NTSTATUS finalize_local_nt_token(struct
security_token *result,
bool is_guest)
{
struct dom_sid dom_sid;
- gid_t gid;
NTSTATUS status;
+ struct acct_info *info;
/* Add any local groups. */
@@ -527,11 +527,18 @@ static NTSTATUS finalize_local_nt_token(struct
security_token *result,
}
}
+ info = talloc_zero(talloc_tos(), struct acct_info);
+ if (info == NULL) {
+ DEBUG(0, (talloc failed!\n));
+ return NT_STATUS_NO_MEMORY;
+ }
+
/* Deal with the BUILTIN\Administrators group. If the SID can
be resolved then assume that the add_aliasmem( S-1-5-32 )
handled it. */
- if (!sid_to_gid(global_sid_Builtin_Administrators, gid)) {
+ status = pdb_get_aliasinfo(global_sid_Builtin_Administrators, info);
+ if (!NT_STATUS_IS_OK(status)) {
become_root();
if (!secrets_fetch_domain_sid(lp_workgroup(), dom_sid)) {
@@ -562,7 +569,8 @@ static NTSTATUS finalize_local_nt_token(struct
security_token *result,
be resolved then assume that the add_aliasmem( S-1-5-32 )
handled it. */
- if (!sid_to_gid(global_sid_Builtin_Users, gid)) {
+ status = pdb_get_aliasinfo(global_sid_Builtin_Users, info);
+ if (!NT_STATUS_IS_OK(status)) {
become_root();
if (!secrets_fetch_domain_sid(lp_workgroup(), dom_sid)) {
@@ -582,6 +590,8 @@ static NTSTATUS finalize_local_nt_token(struct
security_token *result,
}
}
+ TALLOC_FREE(info);
+
/* Deal with local groups */
if (lp_winbind_nested_groups()) {
--
Samba Shared Repository
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in
the current master tree.
The autobuild log of the failure is available here:
http://git.samba.org/autobuild.flakey/2014-05-19-1828/flakey.log
The samba build logs are available here:
http://git.samba.org/autobuild.flakey/2014-05-19-1828/samba.stderr
http://git.samba.org/autobuild.flakey/2014-05-19-1828/samba.stdout
The top commit at the time of the failure was:
commit e5649ef6ee7fe2fd333ffdce3464c45a0cf01c9f
Author: Michael Adam ob...@samba.org
Date: Sat May 3 02:59:37 2014 +0200
smbd: fix creation of BUILTIN\{Administrators,Users} when tdbsam:map
builtin = false
In this case, passdb/group mapping is not responsible for the id mapping
of the builtins, so the check whether the SID maps to a unix ID is not
valid for checking whether the builtin has been created as a proper group.
So this patch changes the check to whether we find the builtin in the group
mapping database.
Signed-off-by: Michael Adam ob...@samba.org
Reviewed-by: Andreas Schneider a...@samba.org
Autobuild-User(master): Andreas Schneider a...@cryptomilk.org
Autobuild-Date(master): Mon May 19 16:41:41 CEST 2014 on sn-devel-104
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in
the current master tree.
The autobuild log of the failure is available here:
http://git.samba.org/autobuild.flakey/2014-05-19-2126/flakey.log
The samba build logs are available here:
http://git.samba.org/autobuild.flakey/2014-05-19-2126/samba.stderr
http://git.samba.org/autobuild.flakey/2014-05-19-2126/samba.stdout
The top commit at the time of the failure was:
commit e5649ef6ee7fe2fd333ffdce3464c45a0cf01c9f
Author: Michael Adam ob...@samba.org
Date: Sat May 3 02:59:37 2014 +0200
smbd: fix creation of BUILTIN\{Administrators,Users} when tdbsam:map
builtin = false
In this case, passdb/group mapping is not responsible for the id mapping
of the builtins, so the check whether the SID maps to a unix ID is not
valid for checking whether the builtin has been created as a proper group.
So this patch changes the check to whether we find the builtin in the group
mapping database.
Signed-off-by: Michael Adam ob...@samba.org
Reviewed-by: Andreas Schneider a...@samba.org
Autobuild-User(master): Andreas Schneider a...@cryptomilk.org
Autobuild-Date(master): Mon May 19 16:41:41 CEST 2014 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 392ec4d bug #10609: CVE-2014-0239 Don't reply to replies
from e5649ef smbd: fix creation of BUILTIN\{Administrators,Users} when
tdbsam:map builtin = false
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 392ec4d241eb19c812cd49ff73bd32b2b09d8533
Author: Kai Blin k...@samba.org
Date: Tue May 13 08:13:29 2014 +0200
bug #10609: CVE-2014-0239 Don't reply to replies
Due to insufficient input checking, the DNS server will reply to a packet
that
has the reply bit set. Over UDP, this allows to send a packet with a
spoofed
sender address and have two servers DOS each other with circular replies.
This patch fixes bug #10609 and adds a test to make sure we don't regress.
CVE-2014-2039 has been assigned to this issue.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10609
Signed-off-by: Kai Blin k...@samba.org
Reviewed-by: Stefan Metzmacher me...@samba.org
Autobuild-User(master): Kai Blin k...@samba.org
Autobuild-Date(master): Tue May 20 04:15:44 CEST 2014 on sn-devel-104
---
Summary of changes:
python/samba/tests/dns.py | 29 +
source4/dns_server/dns_server.c |6 ++
2 files changed, 35 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/python/samba/tests/dns.py b/python/samba/tests/dns.py
index 9c0b274..400321f 100644
--- a/python/samba/tests/dns.py
+++ b/python/samba/tests/dns.py
@@ -833,6 +833,35 @@ class TestInvalidQueries(DNSTest):
self.assertEquals(response.answers[0].rdata,
os.getenv('SERVER_IP'))
+def test_one_a_reply(self):
+send a reply instead of a query
+
+p = self.make_name_packet(dns.DNS_OPCODE_QUERY)
+questions = []
+
+name = %s.%s % ('fakefakefake', self.get_dns_domain())
+q = self.make_name_question(name, dns.DNS_QTYPE_A, dns.DNS_QCLASS_IN)
+print asking for , q.name
+questions.append(q)
+
+self.finish_name_packet(p, questions)
+p.operation |= dns.DNS_FLAG_REPLY
+s = None
+try:
+send_packet = ndr.ndr_pack(p)
+s = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)
+host=os.getenv('SERVER_IP')
+s.connect((host, 53))
+tcp_packet = struct.pack('!H', len(send_packet))
+tcp_packet += send_packet
+s.send(tcp_packet, 0)
+recv_packet = s.recv(0x + 2, 0)
+self.assertEquals(0, len(recv_packet))
+finally:
+if s is not None:
+s.close()
+
+
if __name__ == __main__:
import unittest
unittest.main()
diff --git a/source4/dns_server/dns_server.c b/source4/dns_server/dns_server.c
index 976774d..60ce27c 100644
--- a/source4/dns_server/dns_server.c
+++ b/source4/dns_server/dns_server.c
@@ -156,6 +156,12 @@ static struct tevent_req *dns_process_send(TALLOC_CTX
*mem_ctx,
return tevent_req_post(req, ev);
}
+ if (state-in_packet.operation DNS_FLAG_REPLY) {
+ DEBUG(1, (Won't reply to replies.\n));
+ tevent_req_werror(req, WERR_INVALID_PARAM);
+ return tevent_req_post(req, ev);
+ }
+
state-state.flags = state-in_packet.operation;
state-state.flags |= DNS_FLAG_REPLY;
--
Samba Shared Repository
