[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 50cbdecf2e2 tests/krb5: Add test requesting a TGT expiring post-2038 via 67811e121fb tests/krb5: Add test requesting a service ticket expiring post-2038 from eb2f3526032 s4:ldap_server: let ldapsrv_call_writev_start use conn_idle_time to limit the time https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 50cbdecf2e276e5f87b9c2d95fd3ca86d11a08e2 Author: Joseph Sutton Date: Thu Oct 20 12:36:44 2022 +1300 tests/krb5: Add test requesting a TGT expiring post-2038 This demonstrates the behaviour of Windows 11 22H2 over Kerberos, which changed to use a year date for a forever timetime in tickets. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15197 Signed-off-by: Joseph Sutton Reviewed-by: Douglas Bagnall Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Thu Oct 20 05:00:23 UTC 2022 on sn-devel-184 commit 67811e121fbef08337675d473390160793544719 Author: Joseph Sutton Date: Tue Oct 4 12:25:08 2022 +1300 tests/krb5: Add test requesting a service ticket expiring post-2038 Windows 11 22H2 performs such requests, with year . The test fails with KDC_ERR_BAD_INTEGRITY on older Heimdal versions, which are unable to verify a checksum over the modified request body (due to a re-encoding failure). REF: https://github.com/heimdal/heimdal/issues/1011 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15197 Signed-off-by: Joseph Sutton Reviewed-by: Douglas Bagnall --- Summary of changes: python/samba/tests/krb5/as_req_tests.py | 13 +++-- python/samba/tests/krb5/kdc_tgs_tests.py | 14 ++ 2 files changed, 25 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/python/samba/tests/krb5/as_req_tests.py b/python/samba/tests/krb5/as_req_tests.py index 6a573947067..6b3b5ad4a22 100755 --- a/python/samba/tests/krb5/as_req_tests.py +++ b/python/samba/tests/krb5/as_req_tests.py @@ -47,7 +47,7 @@ class AsReqBaseTest(KDCBaseTest): expected_cname=None, sname=None, name_type=NT_PRINCIPAL, etypes=None, expected_error=None, expect_edata=None, - kdc_options=None): + kdc_options=None, till=None): user_name = client_creds.get_username() if client_account is None: client_account = user_name @@ -71,7 +71,8 @@ class AsReqBaseTest(KDCBaseTest): expected_sname = sname expected_salt = client_creds.get_salt() -till = self.get_KerberosTime(offset=36000) +if till is None: +till = self.get_KerberosTime(offset=36000) if etypes is None: etypes = client_as_etypes @@ -516,6 +517,14 @@ class AsReqKerberosTests(AsReqBaseTest): sname=wrong_krbtgt_princ, expected_error=KDC_ERR_S_PRINCIPAL_UNKNOWN) +# Test that we can make a request for a ticket expiring post-2038. +def test_future_till(self): +client_creds = self.get_client_creds() + +self._run_as_req_enc_timestamp( +client_creds, +till='0913024805Z') + if __name__ == "__main__": global_asn1_print = False diff --git a/python/samba/tests/krb5/kdc_tgs_tests.py b/python/samba/tests/krb5/kdc_tgs_tests.py index f57df85bfcd..e64135249db 100755 --- a/python/samba/tests/krb5/kdc_tgs_tests.py +++ b/python/samba/tests/krb5/kdc_tgs_tests.py @@ -2334,6 +2334,18 @@ class KdcTgsTests(KDCBaseTest): self._run_tgs(tgt, expected_error=(KDC_ERR_TGT_REVOKED, KDC_ERR_C_PRINCIPAL_UNKNOWN)) +# Test making a TGS request for a ticket expiring post-2038. +def test_tgs_req_future_till(self): +creds = self._get_creds() +tgt = self._get_tgt(creds) + +target_creds = self.get_service_creds() +self._tgs_req( +tgt=tgt, +expected_error=0, +target_creds=target_creds, +till='0913024805Z') + def _modify_renewable(self, enc_part): # Set the renewable flag. enc_part = self.modify_ticket_flag(enc_part, 'renewable', value=True) @@ -2704,6 +2716,7 @@ class KdcTgsTests(KDCBaseTest): sname=None, srealm=None, use_fast=False, + till=None, expect_pac=True, expect_pac_attrs=None, expect_pac_attrs_pac_request=None, @@ -2813,6 +2826,7 @@ class KdcTgsTests(KDCBaseTest): cname=None, realm=srealm,
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via eb2f3526032 s4:ldap_server: let ldapsrv_call_writev_start use conn_idle_time to limit the time via e232ba946f0 lib/tsocket: avoid endless cpu-spinning in tstream_bsd_fde_handler() via 4c7e2b9b60d lib/tsocket: remember the first error as tstream_bsd->error via 29a65da63d7 lib/tsocket: check for errors indicated by poll() before getsockopt(fd, SOL_SOCKET, SO_ERROR) via 9950efd83e1 lib/tsocket: split out tsocket_bsd_error() from tsocket_bsd_pending() via f0fb8b95083 lib/tsocket: Add tests for loop on EAGAIN from fd0c01da1c7 s3: libsmbclient: Fix smbc_stat() to return ENOENT on a non-existent file. https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit eb2f3526032803f34c88ef1619a832a741f71910 Author: Stefan Metzmacher Date: Thu Oct 13 10:17:25 2022 +0200 s4:ldap_server: let ldapsrv_call_writev_start use conn_idle_time to limit the time If the client is not able to receive the results within connections idle time, then we should treat it as dead. It's value is 15 minutes (900 s) by default. In order to limit that further an admin can use 'socket options' and set TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and/or TCP_USER_TIMEOUT to useful values. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15202 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Wed Oct 19 17:13:39 UTC 2022 on sn-devel-184 commit e232ba946f00aac39d67197d9939bc923814479c Author: Stefan Metzmacher Date: Wed Oct 12 17:26:16 2022 +0200 lib/tsocket: avoid endless cpu-spinning in tstream_bsd_fde_handler() There were some reports that strace output an LDAP server socket is in CLOSE_WAIT state, returning EAGAIN for writev over and over (after a call to epoll() each time). In the tstream_bsd code the problem happens when we have a pending writev_send, while there's no readv_send pending. In that case we still ask for TEVENT_FD_READ in order to notice connection errors early, so we try to call writev even if the socket doesn't report TEVENT_FD_WRITE. And there are situations where we do that over and over again. It happens like this with a Linux kernel: tcp_fin() has this: struct tcp_sock *tp = tcp_sk(sk); inet_csk_schedule_ack(sk); sk->sk_shutdown |= RCV_SHUTDOWN; sock_set_flag(sk, SOCK_DONE); switch (sk->sk_state) { case TCP_SYN_RECV: case TCP_ESTABLISHED: /* Move to CLOSE_WAIT */ tcp_set_state(sk, TCP_CLOSE_WAIT); inet_csk_enter_pingpong_mode(sk); break; It means RCV_SHUTDOWN gets set as well as TCP_CLOSE_WAIT, but sk->sk_err is not changed to indicate an error. tcp_sendmsg_locked has this: ... err = -EPIPE; if (sk->sk_err || (sk->sk_shutdown & SEND_SHUTDOWN)) goto do_error; while (msg_data_left(msg)) { int copy = 0; skb = tcp_write_queue_tail(sk); if (skb) copy = size_goal - skb->len; if (copy <= 0 || !tcp_skb_can_collapse_to(skb)) { bool first_skb; new_segment: if (!sk_stream_memory_free(sk)) goto wait_for_space; ... wait_for_space: set_bit(SOCK_NOSPACE, >sk_socket->flags); if (copied) tcp_push(sk, flags & ~MSG_MORE, mss_now, TCP_NAGLE_PUSH, size_goal); err = sk_stream_wait_memory(sk, ); if (err != 0) goto do_error; It means if (sk->sk_err || (sk->sk_shutdown & SEND_SHUTDOWN)) doesn't hit as we only have RCV_SHUTDOWN and sk_stream_wait_memory returns -EAGAIN. tcp_poll has this: if (sk->sk_shutdown & RCV_SHUTDOWN) mask |= EPOLLIN | EPOLLRDNORM | EPOLLRDHUP; So we'll get EPOLLIN | EPOLLRDNORM | EPOLLRDHUP triggering TEVENT_FD_READ and writev/sendmsg keeps getting EAGAIN. So we need to always clear TEVENT_FD_READ if we don't have readable handler in order to avoid burning cpu. But we turn it on again after a timeout of 1 second in order to monitor the error state of the connection. And now that our tsocket_bsd_error() helper checks for POLLRDHUP, we can check if the socket is in an error state before calling the writable handler when
[SCM] Samba Shared Repository - branch v4-17-stable updated
The branch, v4-17-stable has been updated via ed12d43518f VERSION: Disable GIT_SNAPSHOT for the 4.17.1 release. via cda9e1cc60f WHATSNEW: Add release notes for Samba 4.17.1. via 142a771d854 s3: libsmbclient: Fix smbc_stat() to return ENOENT on a non-existent file. via 09ec2b13e7c s4: torture: libsmbclient: Add a torture test to ensure smbc_stat() returns ENOENT on a non-existent file. via 7540755de6a s4:messaging: let imessaging_client_init() use imessaging_init_discard_incoming() via 28c65ce3e92 s3:auth_samba4: make use of imessaging_init_discard_incoming() via 68a0ef3b521 s4:messaging: add imessaging_init_discard_incoming() via 93d6f403e38 s3/utils: check result of talloc_strdup via d5e39d1ba70 s3/utils: Check return of talloc_strdup via fac483e3dad s3/param: Check return of talloc_strdup via ee2858ab4ff s4/lib/registry: Fix use after free with popt 1.19 via 21890fcb526 s3/utils: Fix use after free with popt 1.19 via 3a9733ce71f s3/utils: Fix use after free with popt 1.19 via 1e8652100da s3/utils: Add missing poptFreeContext via 4c03cfd6b67 s3/param: Fix use after free with popt-1.19 via e0ae633216d s3/rpcclient: Duplicate string returned from poptGetArg via a1453f16aea vfs_fruit: add missing calls to tevent_req_received() via 54d4b0f607e s3: VFS: fruit. Implement fsync_send()/fsync_recv(). via 4c6b7983ed5 s4: smbtorture: Add fsync_resource_fork test to fruit tests. via 6d05908e3ca smbXsrv_client: handle NAME_NOT_FOUND from smb2srv_client_connection_{pass,drop}() via 4a44febbc46 smbXsrv_client: make sure we only wait for smb2srv_client_mc_negprot_filter once and only when needed via fd4c80fcc6f smbXsrv_client: call smb2srv_client_connection_{pass,drop}() before dbwrap_watched_watch_send() via abc48aec20a smbXsrv_client: fix a debug message in smbXsrv_client_global_verify_record() via 41e016e41c5 smbXsrv_client: ignore NAME_NOT_FOUND from smb2srv_client_connection_passed via cb27978c461 vfs_glusterfs: Remove special handling of O_CREAT flag via bac9532f0a9 python-drs: Add client-side debug and fallback for GET_ANC via 79283760616 s4-libnet: Add messages to object count mismatch failures via eb939d4b805 selftest: Enable "old Samba" mode regarding GET_ANC/GET_TGT via a64c4a7e04d s4-rpc_server:getncchanges Add "old Samba" mode regarding GET_ANC/GET_TGT via 7bde5d32bf7 selftest: Add tests for GetNCChanges GET_ANC using samba-tool drs clone-dc-database via 6671f6f50c3 selftest: Prepare for "old Samba" mode regarding getncchanges GET_ANC/GET_TGT via 4425351fbff pytest/samba_tool_drs_no_dns: use TestCaseInTempDir.rm_files/.rm_dirs via e80ec63f746 pytest/samba_tool_drs: use TestCaseInTempDir.rm_files/.rm_dirs via 6cc1ac327a0 pytest/samdb: use TestCaseInTempDir.rm_files/.rm_dirs via ad768b1ccac pytest/join: use TestCaseInTempDir.rm_files/dirs via 79b5156ec81 pytest/samdb_api: use TestCaseInTempDir.rm_files via 4486028b86e pytest/downgradedatabase: use TestCaseInTempDir.rm_files via 02ededec938 pytest: add file removal helpers for TestCaseInTempDir via df5d4e48307 s3:auth: Flush the GETPWSID in memory cache for NTLM auth via 7bef45d9304 s3: smbd: Fix memory leak in smbd_server_connection_terminate_done(). via ecf8a66e0cc vfs_gpfs: Protect against timestamps before the Unix epoch via 9364c930fb6 lib: Map ERANGE to NT_STATUS_INTEGER_OVERFLOW via 1b4f782caf1 vfs_gpfs: Prevent mangling of GPFS timestamps after 2106 via bb86d2f3a10 CVE-2021-20251 s3: Ensure bad password count atomic updates for SAMR AES password change via 9aabf78216f CVE-2021-20251 s3:rpc_server: Split change_oem_password() call out of samr_set_password_aes() via 619ffc2a2fb CVE-2021-20251 dsdb/common: Remove transaction logic from samdb_set_password() via 7fe10442b76 CVE-2021-20251 s4-rpc_server: Extend scope of transaction for ChangePasswordUser3 via 7b28bd10803 CVE-2021-20251 s4-rpc_server: Use user privileges for SAMR password change via b8c123d02d0 CVE-2021-20251 s4-rpc_server: Use authsam_search_account() to find the user via 0044f598dd4 s3:rpc_server: Use BURN_STR() to zero password via 3d7a2a3603e lib:replace: Add macro BURN_STR() to zero memory of a string via beb63ae03b7 libcli:auth: Keep passwords from convert_string_talloc() secret via c3d6964fccd lib:util: Check memset_s() error code in talloc_keep_secret_destructor() via 3e54aabd9e3 CVE-2021-20251 s3: Ensure bad password count atomic updates for SAMR password change via 5c8bbe3e74c CVE-2021-20251 s3: ensure bad password count atomic updates via 13efa626188 CVE-2021-20251 s4:auth_winbind: Check return status of
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via b820158 NEWS[4.17.1]: Samba 4.17.1 Available for Download from 72be43b NEWS[4.15.10]: Samba 4.15.10 Available for Download https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit b8201585b11e2b6beaa4af12e72df382884bcba5 Author: Jule Anger Date: Wed Oct 19 14:22:11 2022 +0200 NEWS[4.17.1]: Samba 4.17.1 Available for Download Signed-off-by: Jule Anger --- Summary of changes: history/header_history.html | 1 + history/samba-4.17.1.html| 85 posted_news/20221019-122323.4.17.1.body.html | 13 posted_news/20221019-122323.4.17.1.headline.html | 3 + 4 files changed, 102 insertions(+) create mode 100644 history/samba-4.17.1.html create mode 100644 posted_news/20221019-122323.4.17.1.body.html create mode 100644 posted_news/20221019-122323.4.17.1.headline.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index 840331e..840b27e 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -9,6 +9,7 @@ Release Notes + samba-4.17.1 samba-4.17.0 samba-4.16.5 samba-4.16.4 diff --git a/history/samba-4.17.1.html b/history/samba-4.17.1.html new file mode 100644 index 000..bfcbab4 --- /dev/null +++ b/history/samba-4.17.1.html @@ -0,0 +1,85 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> +http://www.w3.org/1999/xhtml;> + +Samba 4.17.1 - Release Notes + + +Samba 4.17.1 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.17.1.tar.gz;>Samba 4.17.1 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.17.1.tar.asc;>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.17.0-4.17.1.diffs.gz;>Patch (gzipped) against Samba 4.17.0 +https://download.samba.org/pub/samba/patches/samba-4.17.0-4.17.1.diffs.asc;>Signature + + + + == + Release Notes for Samba 4.17.1 + October 19, 2022 + == + + +This is the latest stable release of the Samba 4.17 release series. + + +Changes since 4.17.0 + + +o Jeremy Allison j...@samba.org + * BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented + atomically. + * BUG 15174: smbXsrv_connection_shutdown_send result leaked. + * BUG 15182: Flush on a named stream never completes. + * BUG 15195: Permission denied calling SMBC_getatr when file not exists. + +o Douglas Bagnall douglas.bagn...@catalyst.net.nz + * BUG 15189: Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later + over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC. + * BUG 15191: pytest: add file removal helpers for TestCaseInTempDir. + +o Andrew Bartlett abart...@samba.org + * BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented + atomically. + * BUG 15189: Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later. + over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC. + +o Ralph Boehme s...@samba.org + * BUG 15182: Flush on a named stream never completes. + +o Volker Lendecke v...@samba.org + * BUG 15151: vfs_gpfs silently garbles timestamps year 2106. + +o Gary Lockyer g...@catalyst.net.nz + * BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented + atomically. + +o Stefan Metzmacher me...@samba.org + * BUG 15200: multi-channel socket passing may hit a race if one of the + involved processes already existed. + * BUG 15201: memory leak on temporary of struct imessaging_post_state and + struct tevent_immediate on struct imessaging_context (in + rpcd_spoolss and maybe others). + +o Noel Power noel.po...@suse.com + * BUG 15205: Since popt1.19 various use after free errors using result of + poptGetArg are now exposed. + +o Anoop C S anoo...@samba.org + * BUG 15192: Remove special case for O_CREAT in SMB_VFS_OPENAT from + vfs_glusterfs. + +o Andreas Schneider a...@samba.org + * BUG 15169: GETPWSID in memory cache grows indefinetly with each NTLM auth. + +o Joseph Sutton josephsut...@catalyst.net.nz + * BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented + atomically. + + + + + + diff --git a/posted_news/20221019-122323.4.17.1.body.html b/posted_news/20221019-122323.4.17.1.body.html new file mode 100644 index 000..2fd1909 --- /dev/null +++ b/posted_news/20221019-122323.4.17.1.body.html @@ -0,0 +1,13 @@ + +19 October 2022 +Samba 4.17.1 Available for Download + +This is the first stable re
[SCM] Samba Shared Repository - annotated tag samba-4.17.1 created
The annotated tag, samba-4.17.1 has been created at 41ad24dad0c7d4d0eebe0be6634ee6f033ec0749 (tag) tagging ed12d43518f06b05f69a93ba9b20d768c64124bc (commit) replaces samba-4.17.0 tagged by Jule Anger on Wed Oct 19 14:21:55 2022 +0200 - Log - samba: tag release samba-4.17.1 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmNP6+MACgkQqplEL7aA tiBUBQ//dlQiZ2pjrhKRc21FSUzHiEFUVk1L+3pzeTftt3YF/2e0wysbK1hOzJaD Mz+3rtbRwDmAehE9KjscqPrVpmzVPYr47e3lzZFjeqSjEIcNQyO2mApG1e1Zxur4 ua09Sr98kGXnSiFQO0GwPVTkab7lofvBmkQA9Ngrm3QIH+ZgWC0vQl3vMlbmzgPD gyewI0q8raZpyCo7MJGmrER3mm2vm6fsQSjq0pWo4SlzKj6g+LNnXGz7e2wnMYqk 2CXwcqoBSAlSK66okxU+xDc7Ne9Jfq6HOEqfiim9Ab7QZ0JTvcBy2unQkhTurk63 /vXBQS2aRDA5ZFdR54ou3OpIDNzApa/NbvJwJvf8yP4jx0fhx8yeaiJfxQBG5YiE CQ3xrblFVWBNfG7ZBskq09MdGuMlvW+nJb2/H9h+VlnDEvponovR3wFqH9tfdHlO I6NWsOYVIq+Ppi6u0WoU5mXNG5vKSOA5Kdf0StNP2Hdp5h1/CrPLyN/KtBNCIcGN PbNB326Ey2qaQPolul9nQ9pJli2oG3/x83wMxd9mICg92f3rcB+49S/fEOwxKtYr BDM9u4+I6rrN2rXEXn0zZVAXV5Xj5Qm1+nAPxqdzVr3OWMTYEWnAR5BRss+lA6mX 6CwnxeVXL8hkfZu44nd7wyA7OoZB4xg3Gj2dr9gn3qKdvJJTSBo= =WrEk -END PGP SIGNATURE- Andreas Schneider (1): s3:auth: Flush the GETPWSID in memory cache for NTLM auth Andrew Bartlett (13): CVE-2021-20251 s4-rpc_server: Use authsam_search_account() to find the user CVE-2021-20251 auth4: Reread the user record if a bad password is noticed. CVE-2021-20251 s4 auth: make bad password count increment atomic CVE-2021-20251 auth4: Add missing newline to debug message on PSO read failure CVE-2021-20251 auth4: Split authsam_calculate_lastlogon_sync_interval() out CVE-2021-20251 auth4: Inline samdb_result_effective_badPwdCount() in authsam_logon_success_accounting() CVE-2021-20251 auth4: Avoid reading the database twice by precaculating some variables selftest: Prepare for "old Samba" mode regarding getncchanges GET_ANC/GET_TGT selftest: Add tests for GetNCChanges GET_ANC using samba-tool drs clone-dc-database s4-rpc_server:getncchanges Add "old Samba" mode regarding GET_ANC/GET_TGT selftest: Enable "old Samba" mode regarding GET_ANC/GET_TGT s4-libnet: Add messages to object count mismatch failures python-drs: Add client-side debug and fallback for GET_ANC Anoop C S (1): vfs_glusterfs: Remove special handling of O_CREAT flag Douglas Bagnall (7): pytest: add file removal helpers for TestCaseInTempDir pytest/downgradedatabase: use TestCaseInTempDir.rm_files pytest/samdb_api: use TestCaseInTempDir.rm_files pytest/join: use TestCaseInTempDir.rm_files/dirs pytest/samdb: use TestCaseInTempDir.rm_files/.rm_dirs pytest/samba_tool_drs: use TestCaseInTempDir.rm_files/.rm_dirs pytest/samba_tool_drs_no_dns: use TestCaseInTempDir.rm_files/.rm_dirs Gary Lockyer (4): CVE-2021-20251 auth4: split samdb_result_msds_LockoutObservationWindow() out CVE-2021-20251 s4 auth: Prepare to make bad password count increment atomic CVE-2021-20251 s4 auth test: Unit tests for source4/auth/sam.c CVE-2021-20251 auth4: Return only the result message and free the surrounding result Jeremy Allison (6): CVE-2021-20251 s3: ensure bad password count atomic updates s3: smbd: Fix memory leak in smbd_server_connection_terminate_done(). s4: smbtorture: Add fsync_resource_fork test to fruit tests. s3: VFS: fruit. Implement fsync_send()/fsync_recv(). s4: torture: libsmbclient: Add a torture test to ensure smbc_stat() returns ENOENT on a non-existent file. s3: libsmbclient: Fix smbc_stat() to return ENOENT on a non-existent file. Joseph Sutton (28): s3:rpc_server: Fix typo in error message lib:crypto: Zero auth_tag array in encryption test s4:torture: Zero samr_UserInfo union in password set test lib:crypto: Check for overflow before filling pauth_tag array lib:crypto: Use constant time memory comparison to check HMAC CVE-2021-20251 lib:crypto: Add des_crypt_blob_16() for encrypting data with DES CVE-2021-20251 lib:crypto: Add md4_hash_blob() for hashing data with MD4 CVE-2021-20251 lib:crypto: Add Python functions for AES SAMR password change CVE-2021-20251 tests/krb5: Add tests for password lockout race CVE-2021-20251 auth4: Detect ACCOUNT_LOCKED_OUT error for password change CVE-2021-20251 s4-auth: Pass through error code from badPwdCount update CVE-2021-20251 s4:dsdb: Update bad password count inside transaction CVE-2021-20251 s4:dsdb: Make badPwdCount update atomic CVE-2021-20251 s4:kdc: Move logon success accounting code into existing branch CVE-2021-20251 s4:kdc: Check return status of authsam_logon_success_accounting() CVE-2021-20251 s4:kdc: Check badPwdCount update return status CVE-2021-20251 s4-rpc_server: Check badPwdCount update return status
[SCM] Samba Shared Repository - branch v4-17-test updated
The branch, v4-17-test has been updated via 96e8adf7ae9 VERSION: Bump version up to Samba 4.17.2... via ed12d43518f VERSION: Disable GIT_SNAPSHOT for the 4.17.1 release. via cda9e1cc60f WHATSNEW: Add release notes for Samba 4.17.1. from 142a771d854 s3: libsmbclient: Fix smbc_stat() to return ENOENT on a non-existent file. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-17-test - Log - commit 96e8adf7ae9d69722a3b93525263e928dfd2fc9c Author: Jule Anger Date: Wed Oct 19 14:13:39 2022 +0200 VERSION: Bump version up to Samba 4.17.2... and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger commit ed12d43518f06b05f69a93ba9b20d768c64124bc Author: Jule Anger Date: Wed Oct 19 14:13:18 2022 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.17.1 release. Signed-off-by: Jule Anger commit cda9e1cc60f2c3f3c7f18fe3fd0c5adb86dd5ab0 Author: Jule Anger Date: Wed Oct 19 14:12:49 2022 +0200 WHATSNEW: Add release notes for Samba 4.17.1. Signed-off-by: Jule Anger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 87 2 files changed, 88 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 155edc5e075..8d324fa4c66 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=17 -SAMBA_VERSION_RELEASE=1 +SAMBA_VERSION_RELEASE=2 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 128bf7230b3..307c166a98e 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,90 @@ + == + Release Notes for Samba 4.17.1 + October 19, 2022 + == + + +This is the latest stable release of the Samba 4.17 release series. + + +Changes since 4.17.0 + + +o Jeremy Allison + * BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented + atomically. + * BUG 15174: smbXsrv_connection_shutdown_send result leaked. + * BUG 15182: Flush on a named stream never completes. + * BUG 15195: Permission denied calling SMBC_getatr when file not exists. + +o Douglas Bagnall + * BUG 15189: Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later + over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC. + * BUG 15191: pytest: add file removal helpers for TestCaseInTempDir. + +o Andrew Bartlett + * BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented + atomically. + * BUG 15189: Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later. + over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC. + +o Ralph Boehme + * BUG 15182: Flush on a named stream never completes. + +o Volker Lendecke + * BUG 15151: vfs_gpfs silently garbles timestamps > year 2106. + +o Gary Lockyer + * BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented + atomically. + +o Stefan Metzmacher + * BUG 15200: multi-channel socket passing may hit a race if one of the + involved processes already existed. + * BUG 15201: memory leak on temporary of struct imessaging_post_state and + struct tevent_immediate on struct imessaging_context (in + rpcd_spoolss and maybe others). + +o Noel Power + * BUG 15205: Since popt1.19 various use after free errors using result of + poptGetArg are now exposed. + +o Anoop C S + * BUG 15192: Remove special case for O_CREAT in SMB_VFS_OPENAT from + vfs_glusterfs. + +o Andreas Schneider + * BUG 15169: GETPWSID in memory cache grows indefinetly with each NTLM auth. + +o Joseph Sutton + * BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented + atomically. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical:matrix.org matrix room, or +#samba-technical IRC channel on irc.libera.chat. + + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes
[SCM] Samba Shared Repository - branch v4-17-test updated
The branch, v4-17-test has been updated via 142a771d854 s3: libsmbclient: Fix smbc_stat() to return ENOENT on a non-existent file. via 09ec2b13e7c s4: torture: libsmbclient: Add a torture test to ensure smbc_stat() returns ENOENT on a non-existent file. from 7540755de6a s4:messaging: let imessaging_client_init() use imessaging_init_discard_incoming() https://git.samba.org/?p=samba.git;a=shortlog;h=v4-17-test - Log - commit 142a771d85463216075913695d84530c6cb4ff9e Author: Jeremy Allison Date: Mon Oct 17 13:24:27 2022 -0700 s3: libsmbclient: Fix smbc_stat() to return ENOENT on a non-existent file. Remove knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15195 Signed-off-by: Jeremy Allison Reviewed-by: Pavel Filipenský Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Wed Oct 19 00:13:56 UTC 2022 on sn-devel-184 (cherry picked from commit fd0c01da1c744ae6fd9d8675616d8b6d3531e469) Autobuild-User(v4-17-test): Jule Anger Autobuild-Date(v4-17-test): Wed Oct 19 11:52:24 UTC 2022 on sn-devel-184 commit 09ec2b13e7cccb0beeac6c87a9acd6ea5537d8ed Author: Jeremy Allison Date: Mon Oct 17 13:14:41 2022 -0700 s4: torture: libsmbclient: Add a torture test to ensure smbc_stat() returns ENOENT on a non-existent file. Add knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15195 Signed-off-by: Jeremy Allison Reviewed-by: Pavel Filipenský (cherry picked from commit 9eda432836bfff3d3d4a365a08a5ecb54f0f2e34) --- Summary of changes: source3/libsmb/libsmb_file.c| 34 source4/torture/libsmbclient/libsmbclient.c | 63 + 2 files changed, 89 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/libsmb_file.c b/source3/libsmb/libsmb_file.c index fa301b9fa18..98750754036 100644 --- a/source3/libsmb/libsmb_file.c +++ b/source3/libsmb/libsmb_file.c @@ -464,6 +464,7 @@ SMBC_getatr(SMBCCTX * context, struct timespec access_time_ts = {0}; struct timespec write_time_ts = {0}; struct timespec change_time_ts = {0}; + struct timespec w_time_ts = {0}; time_t write_time = 0; SMB_INO_T ino = 0; struct cli_credentials *creds = NULL; @@ -506,6 +507,7 @@ SMBC_getatr(SMBCCTX * context, } if (!srv->no_pathinfo2) { + bool not_supported_error = false; status = cli_qpathinfo2(targetcli, targetpath, _time_ts, @@ -518,11 +520,21 @@ SMBC_getatr(SMBCCTX * context, if (NT_STATUS_IS_OK(status)) { goto setup_stat; } + if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_LEVEL) || + NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) { + not_supported_error = true; + } + if (!not_supported_error) { + /* "Normal error". Just return it to caller. */ + TALLOC_FREE(frame); + return status; + } } srv->no_pathinfo2 = True; if (!srv->no_pathinfo3) { + bool not_supported_error = false; status = cli_qpathinfo3(targetcli, targetpath, _time_ts, @@ -535,6 +547,15 @@ SMBC_getatr(SMBCCTX * context, if (NT_STATUS_IS_OK(status)) { goto setup_stat; } + if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_LEVEL) || + NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) { + not_supported_error = true; + } + if (!not_supported_error) { + /* "Normal error". Just return it to caller. */ + TALLOC_FREE(frame); + return status; + } } srv->no_pathinfo3 = True; @@ -545,14 +566,11 @@ SMBC_getatr(SMBCCTX * context, } status = cli_getatr(targetcli, targetpath, , , _time); - if (NT_STATUS_IS_OK(status)) { - struct timespec w_time_ts = - convert_time_t_to_timespec(write_time); - - access_time_ts = change_time_ts = write_time_ts = w_time_ts; - - goto setup_stat; + if (!NT_STATUS_IS_OK(status)) { + goto all_failed; } + w_time_ts = convert_time_t_to_timespec(write_time); + access_time_ts = change_time_ts = write_time_ts = w_time_ts; setup_stat: setup_stat(sb, @@ -573,7 +591,7 @@ all_failed:
[SCM] Samba Shared Repository - branch v4-17-test updated
The branch, v4-17-test has been updated via 7540755de6a s4:messaging: let imessaging_client_init() use imessaging_init_discard_incoming() via 28c65ce3e92 s3:auth_samba4: make use of imessaging_init_discard_incoming() via 68a0ef3b521 s4:messaging: add imessaging_init_discard_incoming() from 93d6f403e38 s3/utils: check result of talloc_strdup https://git.samba.org/?p=samba.git;a=shortlog;h=v4-17-test - Log - commit 7540755de6a0fcc8b9b34fdcca777c77b8de9402 Author: Stefan Metzmacher Date: Wed Sep 28 14:27:09 2022 +0200 s4:messaging: let imessaging_client_init() use imessaging_init_discard_incoming() imessaging_client_init() is for temporary stuff only, so we should drop (unexpected) incoming messages unless we expect irpc responses. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15201 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Thu Oct 13 13:32:30 UTC 2022 on sn-devel-184 (cherry picked from commit 266bcedc18efc52e29efde6bad220623a5423e30) Autobuild-User(v4-17-test): Jule Anger Autobuild-Date(v4-17-test): Wed Oct 19 09:51:29 UTC 2022 on sn-devel-184 commit 28c65ce3e923deaa273e4dabd7c6228c803b03c7 Author: Stefan Metzmacher Date: Wed Sep 28 14:14:41 2022 +0200 s3:auth_samba4: make use of imessaging_init_discard_incoming() Otherwise we'll generate a memory leak of imessaging_post_state/ tevent_immediate structures per incoming message! BUG: https://bugzilla.samba.org/show_bug.cgi?id=15201 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme (cherry picked from commit 32df5e4961cf064b72bb496157cc6092126d9b8e) commit 68a0ef3b5215f37c74e7831db36a0b360ee661ca Author: Stefan Metzmacher Date: Wed Sep 28 13:47:13 2022 +0200 s4:messaging: add imessaging_init_discard_incoming() We often create imessaging contexts just for sending messages, but we'll never process incoming messages because a temporary event context was used and we just queue a lot of imessaging_post_state structures with immediate events. With imessaging_init_discard_incoming() we'll discard any incoming messages unless we have pending irpc requests. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15201 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme (cherry picked from commit a120fb1c724dfaed5a99e34aaf979502586f17c0) --- Summary of changes: source3/auth/auth_samba4.c | 8 ++-- source4/lib/messaging/messaging.c | 74 +- source4/lib/messaging/messaging.h | 5 ++ source4/lib/messaging/messaging_internal.h | 9 4 files changed, 90 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/auth/auth_samba4.c b/source3/auth/auth_samba4.c index ff8dc94d296..6c017ef4aa3 100644 --- a/source3/auth/auth_samba4.c +++ b/source3/auth/auth_samba4.c @@ -241,12 +241,12 @@ static NTSTATUS prepare_gensec(const struct auth_context *auth_context, return NT_STATUS_INVALID_SERVER_STATE; } - msg_ctx = imessaging_init(frame, + msg_ctx = imessaging_init_discard_incoming(frame, lp_ctx, *server_id, event_ctx); if (msg_ctx == NULL) { - DEBUG(1, ("imessaging_init failed\n")); + DEBUG(1, ("imessaging_init_discard_incoming failed\n")); TALLOC_FREE(frame); return NT_STATUS_INVALID_SERVER_STATE; } @@ -324,12 +324,12 @@ static NTSTATUS make_auth4_context_s4(const struct auth_context *auth_context, return NT_STATUS_INVALID_SERVER_STATE; } - msg_ctx = imessaging_init(frame, + msg_ctx = imessaging_init_discard_incoming(frame, lp_ctx, *server_id, event_ctx); if (msg_ctx == NULL) { - DEBUG(1, ("imessaging_init failed\n")); + DEBUG(1, ("imessaging_init_discard_incoming failed\n")); TALLOC_FREE(frame); return NT_STATUS_INVALID_SERVER_STATE; } diff --git a/source4/lib/messaging/messaging.c b/source4/lib/messaging/messaging.c index a00c35be0d5..8603c167ad4 100644 --- a/source4/lib/messaging/messaging.c +++ b/source4/lib/messaging/messaging.c @@ -429,6 +429,12 @@ static NTSTATUS imessaging_reinit(struct imessaging_context *msg) TALLOC_FREE(msg->msg_dgm_ref); + if (msg->discard_incoming) { + msg->num_incoming_listeners = 0; + } else { + msg->num_incoming_listeners
[SCM] Samba Shared Repository - branch v4-16-test updated
The branch, v4-16-test has been updated via c28d971b12b s4:messaging: let imessaging_client_init() use imessaging_init_discard_incoming() via 04d0d5a0366 s3:auth_samba4: make use of imessaging_init_discard_incoming() via 6ba44033e38 s4:messaging: add imessaging_init_discard_incoming() via 4d7e31b9816 s3/utils: check result of talloc_strdup via 9a18da112c4 s3/utils: Check return of talloc_strdup via e69d2b3f9d2 s3/param: Check return of talloc_strdup via 7480f9c01d6 s4/lib/registry: Fix use after free with popt 1.19 via 5383d625cbb s3/utils: Fix use after free with popt 1.19 via 4b35fa3f85e s3/utils: Fix use after free with popt 1.19 via 1efcc10c9d4 s3/utils: Add missing poptFreeContext via da11c48d9b6 s3/param: Fix use after free with popt-1.19 via 0503e0df3b6 s3/rpcclient: Duplicate string returned from poptGetArg from 3e0ce4513b0 vfs_fruit: add missing calls to tevent_req_received() https://git.samba.org/?p=samba.git;a=shortlog;h=v4-16-test - Log - commit c28d971b12bab1342d9ad0a8475deef647e5aa1b Author: Stefan Metzmacher Date: Wed Sep 28 14:27:09 2022 +0200 s4:messaging: let imessaging_client_init() use imessaging_init_discard_incoming() imessaging_client_init() is for temporary stuff only, so we should drop (unexpected) incoming messages unless we expect irpc responses. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15201 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Thu Oct 13 13:32:30 UTC 2022 on sn-devel-184 (cherry picked from commit 266bcedc18efc52e29efde6bad220623a5423e30) Autobuild-User(v4-16-test): Jule Anger Autobuild-Date(v4-16-test): Wed Oct 19 09:45:53 UTC 2022 on sn-devel-184 commit 04d0d5a0366ec92a7cafcf56e0cf2c74780c0eed Author: Stefan Metzmacher Date: Wed Sep 28 14:14:41 2022 +0200 s3:auth_samba4: make use of imessaging_init_discard_incoming() Otherwise we'll generate a memory leak of imessaging_post_state/ tevent_immediate structures per incoming message! BUG: https://bugzilla.samba.org/show_bug.cgi?id=15201 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme (cherry picked from commit 32df5e4961cf064b72bb496157cc6092126d9b8e) commit 6ba44033e3869196982e67a8f757f34a5e1f2788 Author: Stefan Metzmacher Date: Wed Sep 28 13:47:13 2022 +0200 s4:messaging: add imessaging_init_discard_incoming() We often create imessaging contexts just for sending messages, but we'll never process incoming messages because a temporary event context was used and we just queue a lot of imessaging_post_state structures with immediate events. With imessaging_init_discard_incoming() we'll discard any incoming messages unless we have pending irpc requests. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15201 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme (cherry picked from commit a120fb1c724dfaed5a99e34aaf979502586f17c0) commit 4d7e31b98162a33702162b00cf40811dfeabe671 Author: Noel Power Date: Mon Oct 17 10:27:31 2022 +0100 s3/utils: check result of talloc_strdup follow to commit 4b15d8c2a5c8547b84e7926fed9890b5676b8bc3 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205 Signed-off-by: Noel Power Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Mon Oct 17 19:49:37 UTC 2022 on sn-devel-184 (cherry picked from commit 0326549a052c22e4929e3760fd5011c35e32fe33) commit 9a18da112c47055fb32291dfcde42f2ccca7aad7 Author: Noel Power Date: Mon Oct 17 10:25:00 2022 +0100 s3/utils: Check return of talloc_strdup followup to e82699fcca3716d9ed0450263fd83f948de8ffbe BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205 Signed-off-by: Noel Power Reviewed-by: Jeremy Allison (cherry picked from commit 972127daddc7a32d23fb84d97102557035b06f5b) commit e69d2b3f9d2c8f38a4d93413d563ad5241d35383 Author: Noel Power Date: Mon Oct 17 10:17:34 2022 +0100 s3/param: Check return of talloc_strdup followup to commit ff003fc87b8164610dfd6572347c05308c4b2fd7 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205 Signed-off-by: Noel Power Reviewed-by: Jeremy Allison (cherry picked from commit 19eb88bc53e481327bbd437b0c145d5765c6dcec) commit 7480f9c01d6449e071784b04ea1f8e2a18906d75 Author: Noel Power Date: Fri Oct 14 11:53:53 2022 +0100 s4/lib/registry: Fix use after free with popt 1.19 popt1.19 fixes a leak that exposes a use as free, make sure we duplicate return of poptGetArg if poptFreeContext is called before we use it. ==6357== Command: ./bin/regpatch file