date:20200515

[SCM] Samba Shared Repository - branch master updated

2020-05-15 Thread Günther Deschner

The branch, master has been updated
   via  dbfc197f65f s4/torture: Unlink test file at the beginning of 
smb2.read.position
  from  04f0c45475d s3:gencache: Allow to open gencache as read-only

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit dbfc197f65f28c7f4e889045d7b04c46c4f6680d
Author: Michael Adam 
Date:   Wed May 13 13:45:11 2020 +0530

s4/torture: Unlink test file at the beginning of smb2.read.position

Pair-Programmed-With: Anoop C S 
Signed-off-by: Michael Adam 
Reviewed-by: Guenther Deschner 

Autobuild-User(master): Günther Deschner 
Autobuild-Date(master): Fri May 15 16:02:47 UTC 2020 on sn-devel-184

---

Summary of changes:
 source4/torture/smb2/read.c | 2 ++
 1 file changed, 2 insertions(+)


Changeset truncated at 500 lines:

diff --git a/source4/torture/smb2/read.c b/source4/torture/smb2/read.c
index b26bc18ddac..2899a491663 100644
--- a/source4/torture/smb2/read.c
+++ b/source4/torture/smb2/read.c
@@ -143,6 +143,8 @@ static bool test_read_position(struct torture_context 
*torture, struct smb2_tree
 
ZERO_STRUCT(buf);
 
+   smb2_util_unlink(tree, FNAME);
+
status = torture_smb2_testfile(tree, FNAME, );
CHECK_STATUS(status, NT_STATUS_OK);
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

2020-05-15 Thread Andreas Schneider

The branch, master has been updated
   via  04f0c45475d s3:gencache: Allow to open gencache as read-only
   via  a15bd5493b6 lib:util: Add test for path_expand_tilde()
   via  15457254be0 lib:util: Add path_expand_tilde()
  from  8b5e7644130 selftest: add python S4U2Self tests including unkeyed 
checksums

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 04f0c45475de383a0be4ca355ab9aa7784e61c27
Author: Andreas Schneider 
Date:   Wed May 6 17:10:51 2020 +0200

s3:gencache: Allow to open gencache as read-only

This allows client tools to access the cache for ready-only operations
as a normal user.

Example:
net ads status

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14370

Signed-off-by: Andreas Schneider 
Reviewed-by: Stefan Metzmacher 

Autobuild-User(master): Andreas Schneider 
Autobuild-Date(master): Fri May 15 14:40:32 UTC 2020 on sn-devel-184

commit a15bd5493b696c66c6803d8ca65bc13f1cfcdf0a
Author: Andreas Schneider 
Date:   Mon May 11 12:50:11 2020 +0200

lib:util: Add test for path_expand_tilde()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14370

Signed-off-by: Andreas Schneider 
Reviewed-by: Stefan Metzmacher 

commit 15457254be0ab1235c327bd305dfeee19b2ea7a1
Author: Andreas Schneider 
Date:   Thu May 7 12:25:24 2020 +0200

lib:util: Add path_expand_tilde()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14370

Signed-off-by: Andreas Schneider 
Reviewed-by: Stefan Metzmacher 

---

Summary of changes:
 lib/util/tests/test_util_paths.c | 127 +++
 lib/util/util_paths.c|  72 ++
 lib/util/util_paths.h|   9 +++
 lib/util/wscript_build   |   6 ++
 selftest/tests.py|   2 +
 source3/lib/gencache.c   |  63 ++-
 6 files changed, 276 insertions(+), 3 deletions(-)
 create mode 100644 lib/util/tests/test_util_paths.c


Changeset truncated at 500 lines:

diff --git a/lib/util/tests/test_util_paths.c b/lib/util/tests/test_util_paths.c
new file mode 100644
index 000..b89abf0aea1
--- /dev/null
+++ b/lib/util/tests/test_util_paths.c
@@ -0,0 +1,127 @@
+/*
+ * Unix SMB/CIFS implementation.
+ *
+ * Copyright (C) 2020  Andreas Schneider 
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see .
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include 
+
+#include "lib/replace/replace.h"
+#include "lib/util/util_paths.c"
+
+static int setup(void **state)
+{
+   TALLOC_CTX *mem_ctx = talloc_new(NULL);
+
+   assert_non_null(mem_ctx);
+   *state = mem_ctx;
+
+   return 0;
+}
+
+static int teardown(void **state)
+{
+   TALLOC_CTX *mem_ctx = *state;
+   TALLOC_FREE(mem_ctx);
+
+return 0;
+}
+
+static void test_get_user_home_dir(void **state)
+{
+   TALLOC_CTX *mem_ctx = *state;
+   struct passwd *pwd = getpwuid(getuid());
+   char *user;
+
+   user = get_user_home_dir(mem_ctx);
+   assert_non_null(user);
+   assert_string_equal(user, pwd->pw_dir);
+
+   TALLOC_FREE(user);
+}
+
+static void test_path_expand_tilde(void **state)
+{
+   TALLOC_CTX *mem_ctx = *state;
+   char h[256] = {0};
+   char *d = NULL;
+   const char *user = NULL;
+   char *home = NULL;
+
+   user = getenv("USER");
+   if (user == NULL){
+   user = getenv("LOGNAME");
+   }
+
+   /* In certain CIs there no such variables */
+   if (user == NULL) {
+   struct passwd *pw = getpwuid(getuid());
+   if (pw){
+   user = pw->pw_name;
+   }
+   }
+
+   home = getenv("HOME");
+   assert_non_null(home);
+   snprintf(h, sizeof(h), "%s/.cache", home);
+
+   d = path_expand_tilde(mem_ctx, "~/.cache");
+   assert_non_null(d);
+   assert_string_equal(d, h);
+   TALLOC_FREE(d);
+
+   snprintf(h, sizeof(h), "%s/.cache/X~", home);
+   d = path_expand_tilde(mem_ctx, "~/.cache/X~");
+   assert_string_equal(d, h);
+   TALLOC_FREE(d);
+
+   d = path_expand_tilde(mem_ctx, "/guru/meditation");
+   assert_non_null(d);
+

[SCM] Samba Shared Repository - branch master updated

2020-05-15 Thread Andrew Bartlett

The branch, master has been updated
   via  8b5e7644130 selftest: add python S4U2Self tests including unkeyed 
checksums
   via  19875a37318 Revert "CVE-2018-16860 selftest: Add test for S4U2Self 
with unkeyed checksum"
   via  b5adc112771 Revert "selftest: mitm-s4u2self: use zlib for 
CRC32_checksum calc"
   via  ce65e8979dd Revert "selftest: allow any kdc error in mitm-s4u2self 
test"
  from  ddd8ae51f8c smb2_server: do async shutdown for pending 
multi-channel requests

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 8b5e7644130146bcc4e5a0dd05da6458a6025dd8
Author: Isaac Boukris 
Date:   Mon May 4 18:09:53 2020 +0200

selftest: add python S4U2Self tests including unkeyed checksums

To test the CRC32 I reverted the unkeyed-checksum fix (43958af1)
and the weak-crypto fix (389d1b97). Note that the unkeyed-md5
still worked even with weak-crypto disabled, and that the
unkeyed-sha1 never worked but I left it anyway.

Signed-off-by: Isaac Boukris 
Reviewed-by: Andrew Bartlett 

Autobuild-User(master): Andrew Bartlett 
Autobuild-Date(master): Fri May 15 12:25:40 UTC 2020 on sn-devel-184

commit 19875a37318a7cd5585572616cf12a775591193f
Author: Isaac Boukris 
Date:   Thu May 7 17:17:12 2020 +0200

Revert "CVE-2018-16860 selftest: Add test for S4U2Self with unkeyed 
checksum"

This reverts commit 5639e973c1f6f1b28b122741763f1d05b47bc2d8.

This is no longer needed as the next commit includes a Python
test for this, without the complexity of being inside krb5.kdc.canon.

Signed-off-by: Isaac Boukris 
Reviewed-by: Andrew Bartlett 

commit b5adc112771f22c2d7c4319063c3e89074c4f4ab
Author: Isaac Boukris 
Date:   Thu May 7 17:17:00 2020 +0200

Revert "selftest: mitm-s4u2self: use zlib for CRC32_checksum calc"

This reverts commit 151f8c0f31d3d17b9418db3793ec14ba7dbf2143.

This allows a clean revert (and so removal) of the test.

Signed-off-by: Isaac Boukris 
Reviewed-by: Andrew Bartlett 

commit ce65e8979dda9774b170db7a9fa7ba458af4cee9
Author: Isaac Boukris 
Date:   Thu May 7 17:16:53 2020 +0200

Revert "selftest: allow any kdc error in mitm-s4u2self test"

This reverts commit a53fa8ffe3e36f7921baf5d31a1052747f90aa7d.

This allows a clean revert (and so removal) of the test.

Signed-off-by: Isaac Boukris 
Reviewed-by: Andrew Bartlett 

---

Summary of changes:
 python/samba/tests/krb5/kcrypto.py |  85 +++
 python/samba/tests/krb5/raw_testcase.py|  23 
 python/samba/tests/krb5/rfc4120.asn1   |   8 ++
 python/samba/tests/krb5/rfc4120_pyasn1.py  |  14 ++-
 .../tests/krb5/{simple_tests.py => s4u_tests.py}   |  58 ---
 python/samba/tests/usage.py|   1 +
 selftest/knownfail |   2 +
 selftest/skip_mit_kdc  |   1 +
 selftest/target/Samba4.pm  |  23 
 source4/selftest/tests.py  |   4 +
 source4/torture/krb5/kdc-canon-heimdal.c   | 116 ++---
 11 files changed, 209 insertions(+), 126 deletions(-)
 copy python/samba/tests/krb5/{simple_tests.py => s4u_tests.py} (73%)


Changeset truncated at 500 lines:

diff --git a/python/samba/tests/krb5/kcrypto.py 
b/python/samba/tests/krb5/kcrypto.py
index ed3c84fa186..2572fa5bab3 100755
--- a/python/samba/tests/krb5/kcrypto.py
+++ b/python/samba/tests/krb5/kcrypto.py
@@ -51,6 +51,7 @@ os.environ["PYTHONUNBUFFERED"] = "1"
 from math import gcd
 from functools import reduce
 from struct import pack, unpack
+from binascii import crc32
 from cryptography.hazmat.primitives import hashes
 from cryptography.hazmat.primitives import hmac
 from cryptography.hazmat.primitives.ciphers import algorithms as ciphers
@@ -533,6 +534,21 @@ class _MD5(_ChecksumProfile):
 return SIMPLE_HASH(text, hashes.MD5)
 
 
+class _SHA1(_ChecksumProfile):
+@classmethod
+def checksum(cls, key, keyusage, text):
+# This is unkeyed!
+return SIMPLE_HASH(text, hashes.SHA1)
+
+
+class _CRC32(_ChecksumProfile):
+@classmethod
+def checksum(cls, key, keyusage, text):
+# This is unkeyed!
+cksum = (~crc32(text, 0x)) & 0x
+return pack('{RESOLV_CONF}\" ";
+   $samba_tool_cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
+   $samba_tool_cmd .= "KRB5CCNAME=\"$ret->{KRB5_CCACHE}\" ";
+   $samba_tool_cmd .= Samba::bindir_path($self, "samba-tool")
+   . " user create --configfile=$ctx->{smb_conf} $srv_account 
$ctx->{password}";
+   unless (system($samba_tool_cmd) == 0) {
+   warn("Unable to add $srv_account user: \n$samba_tool_cmd\n");
+   return undef;
+   }
+
+

[SCM] Samba Shared Repository - branch master updated

2020-05-15 Thread Günther Deschner

The branch, master has been updated
   via  ddd8ae51f8c smb2_server: do async shutdown for pending 
multi-channel requests
   via  a90ac47d88d smbXsrv_session: add a 
smbXsrv_session_disconnect_xconn() helper
   via  de0e6dfdb84 smb2_server: call 
smbXsrv_connection_disconnect_transport() early on network errors
   via  26ba013e279 smb2_server: add and use a function that calculated the 
remaining channels
   via  a87c9a92df6 smb2_server: let smbd_server_connection_terminate_ex() 
call smbXsrv_connection_disconnect_transport()
   via  d8ab88e77f8 s3:smbd: split out 
smbXsrv_connection_disconnect_transport()
   via  0cec96526bf smb2_server: make sure we detect stale 
smbXsrv_connection pointers in smbXsrv_channel_global
   via  2ac0f835458 smb2_server: update inline comment for max channels
   via  e26b55a232b smbXsrv_client: make sure that we store a valid blob
   via  73cc25fa7b1 smbXsrv_client: fix debug message in 
smbXsrv_client_create()
  from  004e7a1fee7 s4/rpc_server/dnsserver: Allow parsing of dnsProperty 
to fail gracefully

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit ddd8ae51f8c7a8f35754d0b281c74cb36e7d6bbd
Author: Stefan Metzmacher 
Date:   Fri Oct 4 14:55:52 2019 +0200

smb2_server: do async shutdown for pending multi-channel requests

We have wait until all pending requests are done before we can
TALLOC_FREE() the connection structure.

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Guenther Deschner 

Autobuild-User(master): Günther Deschner 
Autobuild-Date(master): Fri May 15 10:26:29 UTC 2020 on sn-devel-184

commit a90ac47d88d08dfd396e956f9e24d9fcc0de3c5d
Author: Stefan Metzmacher 
Date:   Fri Oct 4 12:11:00 2019 +0200

smbXsrv_session: add a smbXsrv_session_disconnect_xconn() helper

This removes the connection references from the session channel
array for each session that's used on the connection.

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Guenther Deschner 

commit de0e6dfdb84cfe13b04d6ec7a09b18f001c61db4
Author: Stefan Metzmacher 
Date:   Fri Oct 4 14:56:40 2019 +0200

smb2_server: call smbXsrv_connection_disconnect_transport() early on 
network errors

It's good to remember the first error we got and makes sure we don't try
any further io on the connection.

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Guenther Deschner 

commit 26ba013e279769b39e6bac510cb4b2d6d801ac98
Author: Stefan Metzmacher 
Date:   Fri Oct 4 14:49:59 2019 +0200

smb2_server: add and use a function that calculated the remaining channels

This is useful for debugging, but also simplies the following changes,
where client->connections may hold disconnected connections until
all pending requests are finished.

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Guenther Deschner 

commit a87c9a92df675173fc28404819d8dc0303eb81af
Author: Stefan Metzmacher 
Date:   Fri Oct 4 14:30:17 2019 +0200

smb2_server: let smbd_server_connection_terminate_ex() call 
smbXsrv_connection_disconnect_transport()

If the connection is broken mark it as invalid and close
the socket.

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Guenther Deschner 

commit d8ab88e77f8bbd29d9222348eb4f9a290a4f3694
Author: Stefan Metzmacher 
Date:   Fri Oct 4 14:26:20 2019 +0200

s3:smbd: split out smbXsrv_connection_disconnect_transport()

It's good to have an isolated function that just disconnects the
lower layer transport and remembers the first error status.

This will be used in more placed in the following commits.

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Guenther Deschner 

commit 0cec96526bf4d3209caf36c4a19632ff5d5dd112
Author: Stefan Metzmacher 
Date:   Fri Oct 4 10:02:56 2019 +0200

smb2_server: make sure we detect stale smbXsrv_connection pointers in 
smbXsrv_channel_global

Pointer values can be reused (yes, I hit that during my testing!).
Introduce a channel_id to identify connections and also add
some timestamps to make debugging easier.

This makes smbXsrv_session_find_channel() much more robust.

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Guenther Deschner 

commit 2ac0f8354585ac2cd617d53bfc9678769c8698fc
Author: Günther Deschner 
Date:   Wed Jan 24 17:14:59 2018 +0100

smb2_server: update inline comment for max channels

All Windows versions have the limit of 32 channels.

Signed-off-by: Guenther Deschner 
Signed-off-by: Stefan Metzmacher 

commit e26b55a232b1402b5d42ce0ab9e3d79b4f4319d9
Author: Stefan Metzmacher 
Date:   Thu May 7 06:49:24 2020 -0700

smbXsrv_client: make sure that we store a valid blob

This fixes a regression introduced by
14182350f8397d27d7642dae595dc52691f0acfe
("librpc ndr: ndr_pull_advance check

[SCM] Samba Shared Repository - branch master updated

2020-05-15 Thread Andrew Bartlett

The branch, master has been updated
   via  004e7a1fee7 s4/rpc_server/dnsserver: Allow parsing of dnsProperty 
to fail gracefully
   via  6eb2a48f5a9 selftest: Add test for handling of "short" dnsProperty 
records
   via  87bf1d687fe librpc/idl: Add dnsp_DnsProperty_short
   via  4e08ea2aa3e selftest: Avoid running the slowest of the "none" tests 
in samba-o3
  from  49951b283d9 smbd: Store share_entries in locking.tdb again

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 004e7a1fee766102de302e83f4dc5f4d977aef32
Author: Andrew Bartlett 
Date:   Wed May 13 12:01:05 2020 +1200

s4/rpc_server/dnsserver: Allow parsing of dnsProperty to fail gracefully

On (eg) the

DC=_msdcs.X.Y,CN=MicrosoftDNS,DC=ForestDnsZones,DC=X,DC=Y

record, in domains that have had a Microsoft Windows DC an attribute:

dNSProperty:: AQAAAJIA

00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00  ><
10 92 00 00 00 00 00 00 00  ><
18

We, until samba 4.12, would parse this as:

pull returned Success
dnsp_DnsProperty: struct dnsp_DnsProperty
wDataLength  : 0x (0)
namelength   : 0x (0)
flag : 0x (0)
version  : 0x0001 (1)
id   : DSPROPERTY_ZONE_NS_SERVERS_DA (146)
data : union dnsPropertyData(case 0)
name : 0x (0)
dump OK

However, the wDataLength is 0.  There is not anything in
[MS-DNSP] 2.3.2.1 dnsProperty to describe any special behaviour
for when the id suggests that there is a value, but wDataLength is 0.


https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dnsp/445c7843-e4a1-4222-8c0f-630c230a4c80

We now fail to parse it, because we expect an entry with id 
DSPROPERTY_ZONE_NS_SERVERS_DA
to therefore have a valid DNS_ADDR_ARRAY (section 2.2.3.2.3).

As context we changed it in our commit 
fee5c6a4247aeac71318186bbff7708d25de5912
because of bug https://bugzilla.samba.org/show_bug.cgi?id=14206
which was due to the artificial environment of the fuzzer.

Microsoft advises that Windows also fails to parse this, but
instead of failing the operation, the value is ignored.

Reported by Alex MacCuish.  Many thanks for your assistance in
tracking down the issue.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14310

Signed-off-by: Andrew Bartlett 
Reviewed-by: Douglas Bagnall 

Autobuild-User(master): Andrew Bartlett 
Autobuild-Date(master): Fri May 15 07:29:17 UTC 2020 on sn-devel-184

commit 6eb2a48f5a998b82bb071ef42d00d2f34a2b0ed8
Author: Andrew Bartlett 
Date:   Thu May 14 10:19:45 2020 +1200

selftest: Add test for handling of "short" dnsProperty records

These have been known to be given by Windows DCs that share the same domain
as while invalid, they are not format-checked inbound when set by the DNS
Manager MMC applet over the dnsserver pipe to Windows.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14310

Signed-off-by: Andrew Bartlett 
Reviewed-by: Douglas Bagnall 

commit 87bf1d687fe7b48a7b6d511dfc7f5414db16119c
Author: Andrew Bartlett 
Date:   Thu May 14 10:21:19 2020 +1200

librpc/idl: Add dnsp_DnsProperty_short

This will be used by a test and the DNS server code to parse short 
dnsProperty
records which come from Windows servers.

This example is from the value that caused Samba to fail as it
can not be parsed as a normal dnsp_DnsProperty

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14310

Signed-off-by: Andrew Bartlett 
Reviewed-by: Douglas Bagnall 

commit 4e08ea2aa3ed95398c96792722aecff77547
Author: Andrew Bartlett 
Date:   Fri May 8 23:28:52 2020 +1200

selftest: Avoid running the slowest of the "none" tests in samba-o3

This job is already quite long and these tests are unlikely
to vary between hosts or under the -O3 compile

Signed-off-by: Andrew Bartlett 
Reviewed-by: Volker Lendecke 

---

Summary of changes:
 librpc/idl/dnsp.idl| 16 
 python/samba/tests/blackbox/ndrdump.py | 21 ++
 python/samba/tests/dns.py  | 51 
 script/autobuild.py|  3 +-
 selftest/knownfail.d/dns   |  7 
 selftest/slow-none | 13 ++
 source4/dns_server/dnsserver_common.c  |  9 -
 source4/rpc_server/dnsserver/dnsdb.c   | 72 ++
 8 files changed, 183 insertions(+), 9

[SCM] Samba Shared Repository - branch master updated

[SCM] Samba Shared Repository - branch master updated

[SCM] Samba Shared Repository - branch master updated

[SCM] Samba Shared Repository - branch master updated

[SCM] Samba Shared Repository - branch master updated

5 matches

Site Navigation

Mail list logo

Footer information