[SCM] Samba Shared Repository - branch v4-17-stable updated
The branch, v4-17-stable has been updated via 1006203e495 Merge tag 'samba-4.17.12' into v4-17-stable via 7ec207cd414 VERSION: Disable GIT_SNAPSHOT for the 4.17.12 release. via a59469b2a87 WHATSNEW: Add release notes for Samba 4.17.12. via 2acdaf9860f CVE-2023-42670 s3-rpc_server: Remove cross-check with "samba" EPM lookup via 51bc79f85a8 CVE-2023-42670 s3-rpc_server: Strictly refuse to start RPC servers in conflict with AD DC via d4d49635247 CVE-2023-42669 s3-rpc_server: Disable rpcecho for consistency with the AD DC via a16b210ec65 CVE-2023-42669 s4-rpc_server: Disable rpcecho server by default via 8f87277b4e9 CVE-2023-4154: Unimplement the original DirSync behaviour without LDAP_DIRSYNC_OBJECT_SECURITY via 4c897f5b854 CVE-2023-4154 dsdb/tests: Extend attribute read DirSync tests via b586f8cc9c7 CVE-2023-4154 dsdb/tests: Add test for SEARCH_FLAG_RODC_ATTRIBUTE behaviour via d30349ac4cf CVE-2023-4154 dsdb/tests: Speed up DirSync test by only checking positive matches once via e0cec7f7908 CVE-2023-4154 dsdb/tests: Check that secret attributes are not visible with DirSync ever. via c18f819f8ce CVE-2023-4154 dsdb/tests: Force the test attribute to be not-confidential at the start via 23b867c70bd CVE-2023-4154 dsdb/tests: Use self.addCleanup() and delete_force() via d7ab8d4c2ea CVE-2023-4154 dsdb/tests: Do not run SimpleDirsyncTests twice via 3de5d8a0116 CVE-2023-4154 libcli/security: add security_descriptor_[s|d]acl_insert() helpers via 3c34a51da12 CVE-2023-4154 libcli/security: prepare security_descriptor_acl_add() to place the ace at a position via 2c7710bd5bc CVE-2023-4154 replace: add ARRAY_INSERT_ELEMENT() helper via 92cf3328a00 CVE-2023-4154 python/samba/ndr: add ndr_deepcopy() helper via ebd421306e7 CVE-2023-4154 py_security: allow idx argument to descriptor.[s|d]acl_add() via d038ac36c13 CVE-2023-4154 python:sd_utils: add dacl_{prepend,append,delete}_aces() helpers via 60baeea804a CVE-2023-4154 python:sd_utils: introduce update_aces_in_dacl() helper via c7fba7218cd CVE-2023-4154 s4-dsdb: Remove DSDB_ACL_CHECKS_DIRSYNC_FLAG via 76091f35016 CVE-2023-4154 s4:dsdb:tests: Fix code spelling via 38d62aa3b2b CVE-2023-4154 s4:dsdb:tests: Refactor confidential attributes test via bea7fd5eadc CVE-2023-4154 dsdb: Remove remaining references to DC_MODE_RETURN_NONE and DC_MODE_RETURN_ALL via d7034c4194a CVE-2023-4154 librpc ndr/py_security: Export ACE deletion functions to python via 8c0be1d17a5 CVE-2023-4154 libcli security_descriptor: Add function to delete a given ace from a security descriptor via 8b26f634372 CVE-2023-4091: smbd: use open_access_mask for access check in open_file() via b08a60160e6 CVE-2023-4091: smbtorture: test overwrite dispositions on read-only file via 4b3e5c2f036 CVE-2023-3961:s3: smbd: Remove the SMB_ASSERT() that crashes on bad pipenames. via 125ce23115b CVE-2023-3961:s3:torture: Add test SMB2-INVALID-PIPENAME to show we allow bad pipenames with unix separators through to the UNIX domain socket code. via e5a1c1cfb0a CVE-2023-3961:s3:smbd: Catch any incoming pipe path that could exit socket_dir. via 1fdc51ffec9 VERSION: Bump version up to Samba 4.17.12... from 0e746c02f6c CVE-2023-42670 s3-rpc_server: Remove cross-check with "samba" EPM lookup https://git.samba.org/?p=samba.git;a=shortlog;h=v4-17-stable - Log - commit 1006203e495dfb7ca2969f113aeffda3ea660d92 Merge: 0e746c02f6c 7ec207cd414 Author: Jule Anger Date: Tue Oct 10 16:54:15 2023 +0200 Merge tag 'samba-4.17.12' into v4-17-stable samba: tag release samba-4.17.12 commit 7ec207cd4146919e4ee88e5522647c169baf6922 Author: Jule Anger Date: Tue Oct 10 10:42:49 2023 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.17.12 release. Signed-off-by: Jule Anger commit a59469b2a87cf297b96dc110714feddaba2a1f86 Author: Jule Anger Date: Tue Oct 10 10:41:53 2023 +0200 WHATSNEW: Add release notes for Samba 4.17.12. Signed-off-by: Jule Anger commit 2acdaf9860f127c179a3d2e2adb18f901854aebf Author: Andrew Bartlett Date: Tue Sep 12 16:23:49 2023 +1200 CVE-2023-42670 s3-rpc_server: Remove cross-check with "samba" EPM lookup We now have ensured that no conflicting services attempt to start so we do not need the runtime lookup and so avoid the risk that the lookup may fail. This means that any duplicates will be noticed early not just in a race condition. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15473 Signed-off-by: Andrew Bartlett commit 51bc79f85a8d63ed5428c2975f60094157dda2e5 Author: Andrew Bartlett Date: Tue Sep 12 12:28:49 2023 +1200 CVE-2023-42670
[SCM] Samba Shared Repository - branch v4-17-stable updated
The branch, v4-17-stable has been updated via 0e746c02f6c CVE-2023-42670 s3-rpc_server: Remove cross-check with "samba" EPM lookup via 08f4f363fa6 CVE-2023-42670 s3-rpc_server: Strictly refuse to start RPC servers in conflict with AD DC via 6ff5eed9c5d CVE-2023-42669 s3-rpc_server: Disable rpcecho for consistency with the AD DC via 9989568b20c CVE-2023-42669 s4-rpc_server: Disable rpcecho server by default via cbd68f39d52 CVE-2023-4154: Unimplement the original DirSync behaviour without LDAP_DIRSYNC_OBJECT_SECURITY via c0d6e6db657 CVE-2023-4154 dsdb/tests: Extend attribute read DirSync tests via 4e5f060cdc3 CVE-2023-4154 dsdb/tests: Add test for SEARCH_FLAG_RODC_ATTRIBUTE behaviour via 4c1f1fe39c6 CVE-2023-4154 dsdb/tests: Speed up DirSync test by only checking positive matches once via 92a4df11b2d CVE-2023-4154 dsdb/tests: Check that secret attributes are not visible with DirSync ever. via 8a9dac9d4e5 CVE-2023-4154 dsdb/tests: Force the test attribute to be not-confidential at the start via 649bccf87ef CVE-2023-4154 dsdb/tests: Use self.addCleanup() and delete_force() via 8de96459777 CVE-2023-4154 dsdb/tests: Do not run SimpleDirsyncTests twice via 68eda471b8f CVE-2023-4154 libcli/security: add security_descriptor_[s|d]acl_insert() helpers via 8b1f1c9f90f CVE-2023-4154 libcli/security: prepare security_descriptor_acl_add() to place the ace at a position via b59a4266f1b CVE-2023-4154 replace: add ARRAY_INSERT_ELEMENT() helper via 22904d2b9dc CVE-2023-4154 python/samba/ndr: add ndr_deepcopy() helper via 4cfec08d7ee CVE-2023-4154 py_security: allow idx argument to descriptor.[s|d]acl_add() via 10c4b6ea09f CVE-2023-4154 python:sd_utils: add dacl_{prepend,append,delete}_aces() helpers via b4849183a68 CVE-2023-4154 python:sd_utils: introduce update_aces_in_dacl() helper via d221d0a7902 CVE-2023-4154 s4-dsdb: Remove DSDB_ACL_CHECKS_DIRSYNC_FLAG via 5313a307148 CVE-2023-4154 s4:dsdb:tests: Fix code spelling via 119ff0ef752 CVE-2023-4154 s4:dsdb:tests: Refactor confidential attributes test via e8b68aa5c9a CVE-2023-4154 dsdb: Remove remaining references to DC_MODE_RETURN_NONE and DC_MODE_RETURN_ALL via bd5213a918e CVE-2023-4154 librpc ndr/py_security: Export ACE deletion functions to python via 25585fda53f CVE-2023-4154 libcli security_descriptor: Add function to delete a given ace from a security descriptor via 347d55084b7 CVE-2023-4091: smbd: use open_access_mask for access check in open_file() via 45051934ffa CVE-2023-4091: smbtorture: test overwrite dispositions on read-only file via f958415a69f CVE-2023-3961:s3: smbd: Remove the SMB_ASSERT() that crashes on bad pipenames. via e6f096c4c8f CVE-2023-3961:s3:torture: Add test SMB2-INVALID-PIPENAME to show we allow bad pipenames with unix separators through to the UNIX domain socket code. via 23199e11545 CVE-2023-3961:s3:smbd: Catch any incoming pipe path that could exit socket_dir. from f3e7be14a36 VERSION: Disable GIT_SNAPSHOT for the 4.17.11 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-17-stable - Log - commit 0e746c02f6cc3b53b941f2b2d9624427020a6890 Author: Andrew Bartlett Date: Tue Sep 12 16:23:49 2023 +1200 CVE-2023-42670 s3-rpc_server: Remove cross-check with "samba" EPM lookup We now have ensured that no conflicting services attempt to start so we do not need the runtime lookup and so avoid the risk that the lookup may fail. This means that any duplicates will be noticed early not just in a race condition. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15473 Signed-off-by: Andrew Bartlett commit 08f4f363fa6e2ee62a6e32db577ee12e26927735 Author: Andrew Bartlett Date: Tue Sep 12 12:28:49 2023 +1200 CVE-2023-42670 s3-rpc_server: Strictly refuse to start RPC servers in conflict with AD DC Just as we refuse to start NETLOGON except on the DC, we must refuse to start all of the RPC services that are provided by the AD DC. Most critically of course this applies to netlogon, lsa and samr. This avoids the supression of these services being the result of a runtime epmapper lookup, as if that fails these services can disrupt service to end users by listening on the same socket as the AD DC servers. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15473 Signed-off-by: Andrew Bartlett commit 6ff5eed9c5dbb5b8b27ef34586e63208e958dc2e Author: Andrew Bartlett Date: Tue Sep 12 19:01:03 2023 +1200 CVE-2023-42669 s3-rpc_server: Disable rpcecho for consistency with the AD DC The rpcecho server in source3 does have samba the sleep() feature that the s4 version has, but the task
[SCM] Samba Shared Repository - branch v4-17-stable updated
The branch, v4-17-stable has been updated via f3e7be14a36 VERSION: Disable GIT_SNAPSHOT for the 4.17.11 release. via 5046314c08d WHATSNEW: Add release notes for Samba 4.17.11. via f8197d6509f mdssvc: better support for search with mdfind from Macs via 1361e545452 vfs_aio_pthread: use SMB_VFS_NEXT_OPENAT() in aio_pthread_openat_fn() via 8d1e4f1d4f1 ctdb-common: Set immediate mode for pcap capture via bb905f04b50 ctdb-common: Replace pcap_open_live() by lower level calls via 74d43dd395b ctdb-common: Improve error handling via ef212b021e5 ctdb-scripts: Add debugging variable CTDB_KILLTCP_DEBUGLEVEL via c5bd0b20ad3 ctdb-common: Support IB in pcap-based capture via 6417651bf4b ctdb-common: Support "any" interface for pcap-based capture via 0f3864d7c59 ctdb-common: Add packet type detection to pcap-based capture via f01d53d8848 ctdb-tools: Improve/add debug via d37c3d14156 ctdb-common: Improve/add debug via 0adfd0cc0f6 ctdb-common: Use pcap_get_selectable_fd() via 8c1314aae60 ctdb-common: Stop a pcap-related crash on error via 98ee0c12578 ctdb-common: Fix a warning in the pcap code via 197f86f9a1c ctdb-common: Do not use raw socket when ENABLE_PCAP is defined via 027c9ef106a ctdb-common: Move a misplaced comment via 188e949fdf6 ctdb-build: Add --enable-pcap configure option via f25b506a73d ctdb-build: Use pcap-config when available via 89231620287 s4-rpc_server/drsupai: Avoid looping with Azure AD Connect by not incrementing temp_highest_usn for the NC root via 4ae4d2ac3b3 s4-rpc_server/drsuapi: Ensure logs show DN for replicated objects, not (null) via ee8dafa103b s4-rpc_server/drsuapi: Update getnc_state to be != NULL via 0a269490b68 s4-rpc_server/drsuapi: Rename ncRoot -> untrusted_ncRoot to avoid misuse via 7c63aa69594 s4-rpc_server/drsuapi: Avoid modification to ncRoot input variable in GetNCChanges via c72b5f25eb0 s4-rpc_server/drsuapi: Fix indentation in GetNCChanges() via 35cdcef4d1a s4-rpc_server/drsuapi: Only keep and invalidate replication cycle state for normal replication via d4927a5dc0c s4-torture/drs: Add test showing that if present in the set the NC root leads and tmp_highest_usn moves via 6452398ed83 s4-torture/drs: Add test demonstrating that a GetNCChanges REPL_OBJ will not reset the replication cookie via 1f5b6ef931c s4-torture/drs: Add a test matching Azure AD Connect REPL_OBJ behaviour via fc282cbdc79 s4-torture/drs: Use addCleanup() in getchanges.py for OU handling via 6442c8c3def s4-torture/drs: Create temp OU with a unique name per test via aa155ccb5fd s4-torture/drs: Save the server dnsname on the DcConnection object via 5bddbe2ca6d s4-rpc_server/drsuapi: Remove rudundant check for valid and non-NULL ncRoot_dn via 957c794891b s4-dsdb: Improve logging for drs_ObjectIdentifier_to_dn_and_nc_root() via f7b1325b819 s4-rpc_server/drsuapi: Improve debug message for drs_ObjectIdentifier_to_dn_and_nc_root() failure via 89dfbd8c858 s4-rpc_server/drsuapi: Improve debugging of invalid DNs via 133ff9c2894 s4-rpc_server/drsuapi: Add tmp_highest_usn tracking to replication log via fca63c10314 s3: smbd: Ensure init_smb1_request() zeros out what the incoming pointer points to. via 4f3d61dc268 s3: torture: Add SMB1-NEGOTIATE-TCON that shows the SMB1 server crashes on the uninitialized req->session. via 098e5f240a5 s3: smbd: init_smb1_request() isn't being passed zero'ed memory from any codepath. via eb95b15b1ba s3: smbd: Add missing 'return;'s in exit paths in reply_exit_done(). via 7da254ffa18 s3: torture: Add a test doing an SMB1 negotiate+exit. via 0dbba5f655f s3: smbd: Ensure all callers to srvstr_pull_req_talloc() pass a zeroed-out dest pointer. via b958e82d0b6 s3: smbd: Uncorrupt the pointer we were using to prove a crash. via 3a123fbbe86 s3: smbd: Ensure srvstr_pull_req_talloc() always NULLs out *dest. via ec8887be3f6 s3: torture: Add SMB1-TRUNCATED-SESSSETUP test. via bce87c64b71 s3: smbd: Deliberately currupt an uninitialized pointer. via 741cc3484e7 mdssvc: Do an early talloc_free() in _mdssvc_open() via 8738efc4042 s3:smbd: fix multichannel connection passing race via f3d5e3add54 s3:smbd: always clear filter_subreq in smb2srv_client_mc_negprot_next() via 534f1363033 s4:torture/smb2: add smb2.multichannel.bugs.bug_15346 via 3c23c7f36c8 s4:torture/smb2: make it possible to pass existing_conn to smb2_connect_ext() via 8c727eef9e3 s4:torture/smb2: let us have a common torture_smb2_con_share() via 65b05090ee4 s4:torture/smb2: let torture_smb2_con_sopt() use smb2_connect() via d167b80dc72 smbXcli: Pass negotiate contexts
[SCM] Samba Shared Repository - branch v4-17-stable updated
The branch, v4-17-stable has been updated via 5eceb0dfb4a VERSION: Disable GIT_SNAPSHOT for the 4.17.10 release. via 1448e347b2f WHATSNEW: Add release notes for Samba 4.17.10. via 56fad90eaef s3:rpc_server:netlogon: generate FAULT_INVALID_TAG for invalid netr_LogonGetCapabilities levels via 55d0a386012 s4:rpc_server:netlogon: generate FAULT_INVALID_TAG for invalid netr_LogonGetCapabilities levels via e14a5c36123 s4:torture/rpc: let rpc.schannel also check netr_LogonGetCapabilities with different levels via 492a52b1c4c netlogon.idl: add support for netr_LogonGetCapabilities response level 2 via 6c1128b1184 CVE-2023-3347: smbd: fix "server signing = mandatory" via a22fcb68918 CVE-2023-3347: smbd: remove comment in smbd_smb2_request_process_negprot() via 95cec0dfa24 CVE-2023-3347: smbd: inline smb2_srv_init_signing() code in srv_init_signing() via e96d5002fc1 CVE-2023-3347: smbd: pass lp_ctx to smb[1|2]_srv_init_signing() via e67b7e5f88e CVE-2023-3347: CI: add a test for server-side mandatory signing via 091b0265fe4 CVE-2023-34968: mdssvc: return a fake share path via a5c570e2629 CVE-2023-34968: mdscli: return share relative paths via cb8313e7bee CVE-2023-34968: mdssvc: introduce an allocating wrapper to sl_pack() via ee428be9c67 CVE-2023-34968: mdssvc: switch to doing an early return via cc593a6ac53 CVE-2023-34968: mdssvc: remove response blob allocation via 449f1280b71 CVE-2023-34968: rpcclient: remove response blob allocation via 353a9ccea6f CVE-2023-34968: smbtorture: remove response blob allocation in mdssvc.c via 0ae6084d1a9 CVE-2023-34968: mdscli: remove response blob allocation via 56a21b3bc8f CVE-2023-34968: mdscli: use correct TALLOC memory context when allocating spotlight_blob via 47a0c1681dd CVE-2023-34968: mdssvc: add missing "kMDSStoreMetaScopes" dict key in slrpc_fetch_properties() via 98b2a013bc7 CVE-2023-34968: mdssvc: cache and reuse stat info in struct sl_inode_path_map via 049c1324564 CVE-2023-34967: mdssvc: add type checking to dalloc_value_for_key() via 7812c56d4cb CVE-2023-34967: CI: add a test for type checking of dalloc_value_for_key() via c77b31f1bcb CVE-2023-34966: mdssvc: harden sl_unpack_loop() via 6e5e5c7f64e CVE-2023-34966: CI: test for sl_unpack_loop() via 53838682570 CVE-2022-2127: ntlm_auth: cap lanman response length value via a3944de6990 CVE-2022-2127: winbindd: Fix WINBINDD_PAM_AUTH_CRAP length checks via d48c42c7d26 VERSION: Bump version up to Samba 4.17.10... from b8598d4b9fb VERSION: Disable GIT_SNAPSHOT for the 4.17.9 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-17-stable - Log - commit 5eceb0dfb4a6490da3e7fc58f4b527b16b934195 Author: Jule Anger Date: Mon Jul 17 21:47:21 2023 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.17.10 release. Signed-off-by: Jule Anger commit 1448e347b2f6c29b484b8c66ce5469c0e11d81f9 Author: Jule Anger Date: Mon Jul 17 21:46:53 2023 +0200 WHATSNEW: Add release notes for Samba 4.17.10. Signed-off-by: Jule Anger commit 56fad90eaef07d11665c35ffc872f34165496076 Author: Stefan Metzmacher Date: Sat Jul 15 16:11:48 2023 +0200 s3:rpc_server:netlogon: generate FAULT_INVALID_TAG for invalid netr_LogonGetCapabilities levels This is important as Windows clients with KB5028166 seem to call netr_LogonGetCapabilities with query_level=2 after a call with query_level=1. An unpatched Windows Server returns DCERPC_NCA_S_FAULT_INVALID_TAG for query_level values other than 1. While Samba tries to return NT_STATUS_NOT_SUPPORTED, but later fails to marshall the response, which results in DCERPC_FAULT_BAD_STUB_DATA instead. Because we don't have any documentation for level 2 yet, we just try to behave like an unpatched server and generate DCERPC_NCA_S_FAULT_INVALID_TAG instead of DCERPC_FAULT_BAD_STUB_DATA. Which allows patched Windows clients to keep working against a Samba DC. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15418 Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Mon Jul 17 07:35:09 UTC 2023 on atb-devel-224 (cherry picked from commit dfeabce44fbb78083fbbb2aa634fc4172cf83db9) commit 55d0a38601236b89871f1a2f2bf7ad36c590f1f4 Author: Stefan Metzmacher Date: Sat Jul 15 16:11:48 2023 +0200 s4:rpc_server:netlogon: generate FAULT_INVALID_TAG for invalid netr_LogonGetCapabilities levels This is important as Windows clients with KB5028166 seem to call netr_LogonGetCapabilities with query_level=2 after a call with query_level=1. An unpatched Windows
[SCM] Samba Shared Repository - branch v4-17-stable updated
The branch, v4-17-stable has been updated via b8598d4b9fb VERSION: Disable GIT_SNAPSHOT for the 4.17.9 release. via 95fd96dbab9 WHATSNEW: Add release notes for Samba 4.17.9. via 65f35a5bf32 s3:winbindd: let winbind_samlogon_retry_loop() fallback to NT_STATUS_NO_LOGON_SERVERS via b5b4fd3ee23 s3:winbindd: make use of reset_cm_connection_on_error() in winbind_samlogon_retry_loop() via 38a9e17d02f s3:winbindd: let winbind_samlogon_retry_loop() always start with authoritative = 1 via 0afed23bcd2 s3:winbindd: make use of reset_cm_connection_on_error() for winbindd_lookup_{names,sids}() via 62507b112e6 s3:winbindd: call reset_cm_connection_on_error() in wb_cache_query_user_list() via 426b6ecca6d smbd: call exit_server_cleanly() to avoid panicking via c366a064c8f pidl: avoid py compile issues with --pidl-developer via 88c24655c79 s3:utils: smbget fix a memory leak via f26b205786e smbclient: Fix fd leak with "showacls;ls" via af55bfe4e99 libsmb: Fix directory listing against old servers via 72149cd8b3b tests: Show that we 100% loop in cli_list_old_recv() via 0a27a04ec05 tests: Make timelimit available to test scripts via 25b75eccea0 s4:dnsserver: Rename dns_name_equal() to samba_dns_name_equal() via dff3946d616 vfs_fruit: add fruit:convert_adouble parameter via a2567c17294 vfs_fruit: just log failing AppleDouble conversion via 4e0850b7afc libadouble: allow FILE_SHARE_DELETE in ad_convert_xattr() via b0e8932b1cf vfs_fruit: never return AFP_Resource stream for directories via ed1979c76c6 vfs_fruit: return ENOENT instead of EISDIR when trying to open AFP_Resource for a directory via f544dc9cc06 CI: add a test for fruit AppleDouble conversion when deletion triggers conversion via e1c3f8328cd rpc_server3: Pass winbind_env_set() state through to rpcd_* via 99f28fecf9d lib: Add security_token_del_npa_flags() helper function via c21560a03c9 rpc: Remove named_pipe_auth_req_info6->need_idle_server via f5323412879 rpc_server3: Use global_sid_Samba_NPA_Flags to pass "need_idle" via 270855cfdb5 named_pipe_auth: Bump info5 to info6 via 61a71886a14 rpc: Add global_sid_Samba_NPA_Flags SID via 9a3ae1d0da7 librpc: Simplify dcerpc_is_transport_encrypted() via 2d1e69dcc6e smbd: Use security_token_count_flag_sids() in open_np_file() via e8094b7913c libcli: Add security_token_count_flag_sids() via 98b8ffdb447 librpc/rpc: allow smb3_sid_parse() to accept modern encryption algorithms via 01d3f58321d VERSION: Bump version up to Samba 4.17.9... from bdd1a7c5f2f VERSION: Disable GIT_SNAPSHOT for the 4.17.8 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-17-stable - Log - --- Summary of changes: VERSION | 2 +- WHATSNEW.txt| 62 +- docs-xml/manpages/vfs_fruit.8.xml | 13 + libcli/named_pipe_auth/npa_tstream.c| 144 +++-- libcli/named_pipe_auth/npa_tstream.h| 4 +- libcli/security/dom_sid.h | 4 + libcli/security/security_token.c| 36 ++ libcli/security/security_token.h| 9 + libcli/security/util_sid.c | 7 + librpc/idl/named_pipe_auth.idl | 9 +- librpc/rpc/dcerpc_helper.c | 32 +- librpc/rpc/dcesrv_core.c| 17 + librpc/rpc/dcesrv_core.h| 1 + pidl/lib/Parse/Pidl/Samba4/Python.pm| 8 +- selftest/selftesthelpers.py | 1 + source3/client/client.c | 1 + source3/include/proto.h | 3 + source3/lib/adouble.c | 2 +- source3/lib/util_sid.c | 34 + source3/librpc/idl/rpc_host.idl | 2 +- source3/libsmb/clilist.c| 6 + source3/modules/vfs_fruit.c | 48 +- source3/rpc_client/local_np.c | 105 ++- source3/rpc_server/rpc_host.c | 115 ++-- source3/rpc_server/rpc_worker.c | 112 ++-- source3/script/tests/test_old_dirlisting.sh | 28 + source3/selftest/tests.py | 6 + source3/smbd/scavenger.c| 2 +- source3/smbd/smb2_pipes.c | 23 +- source3/utils/smbget.c | 1 + source3/winbindd/winbindd_cache.c | 1 + source3/winbindd/winbindd_msrpc.c | 10 +- source3/winbindd/winbindd_pam.c | 67 +- source4/dns_server/dns_crypto.c | 2 +- source4/dns_server/dns_update.c | 4 +- source4/dns_server/dnsserver_common.c | 21 +-
[SCM] Samba Shared Repository - branch v4-17-stable updated
The branch, v4-17-stable has been updated via bdd1a7c5f2f VERSION: Disable GIT_SNAPSHOT for the 4.17.8 release. via 5f8ce6404cf WHATSNEW: Add release notes for Samba 4.17.8. via 05f30cea353 winbind: Fix "wbinfo -u" on a Samba AD DC with >1000 users via 8cf0241459f winbind: Test wbinfo -u with more than 1000 users via 2d5ac37d251 dsgetdcname: do not assume local system uses IPv4 via b026bbe24c1 s3:lib: Do not try to match '.' and '..' directories in is_in_path() via c13b5b7dc89 s3:tests: Add test that veto files works for hidden files via 647c7c75f8f s3:tests: Create a temporary directory for test_veto_files.sh via 65168f33f95 libcli/security: rewrite calculate_inherited_from_parent() via f53ef993ffc shadow_copy2: Fix stream open for streams_depot paths via 8c9945e24b2 streams_depot: Create files when requested via 8011cea58e3 rpcd_mdssvc: initialize POSIX locking via 0c633912732 smbXsrv_tcon: avoid storing temporary (invalid!) records. via fd477e4ff6f net_ads: fill ads->auth.realm from c->creds via 45a264bf5b6 testprogs/blackbox: add test_net_ads_search_server.sh via d8fa74a176e smbd: Fix case normalization in for directories via d7d81510c38 s3: smbd: Fix log spam. Change a normal error message from DBG_ERR (level 0) to DBG_INFO (level 5). via 72d3c4f6799 smbd: Prevent creation of vetoed files via ad60260323c CI: add a test creating a vetoed file via 0fba21c1bfa dsdb/tests: Double number of expressions in large_ldap.py ldap_timeout test via e9e902f7393 dsdb/tests: Move SD modification on class-created objects to classSetUp via 7fe8a7d710d s3: libcli: Refuse to connect to any server with zero values for max_trans_size, max_read_size, max_write_size. via f7e888f78ec tests: Add samba3.blackbox.zero_readsize test. via e2df45934ab dsdb: Avoid ERROR(ldb): uncaught exception - Deleted target CN=NTDS Settings... in join via eaff4ef6162 selftest/drs: Demonstrate ERROR(ldb): uncaught exception - Deleted target CN=NTDS Settings... in join via 3ecdec683b6 CVE-2020-25720 pydsdb: Add AD schema GUID constants via b1c7df203d0 tsocket: Increase tcp_user_timeout max_loops via bf5ccd5a140 idmap_hash: remember new domain sids in idmap_hash_sid_to_id() via f27cff23350 idmap_hash: don't return ID_REQUIRE_TYPE if the domain is known in the netsamlogon cache via 182410af7de idmap_hash: only return ID_REQUIRE_TYPE if we don't know about the domain yet via 13a593254af idmap_hash: return ID_REQUIRE_TYPE only if there's a chance to get a mapping later via e5c9a3597af idmap_hash: split out a idmap_hash_sid_to_id() helper function via da270642918 idmap_hash: split out a idmap_hash_id_to_sid() helper function via 61f3e674076 idmap_hash: mirror the NT_STATUS_NONE_MAPPED/STATUS_SOME_UNMAPPED logic from idmap_autorid via a19fe930199 idmap_hash: we don't need to call idmap_hash_initialize() over an over again via 5a754810dea idmap_hash: remove unused error checks via 1e6eeb8efb2 idmap_hash: fix comments about the algorithm via bac09f85daa idmap_hash: provide ID_TYPE_BOTH mappings also for unixids_to_sids via edc8659b505 idmap_autorid: fix ID_REQUIRE_TYPE for more than one SID for an unknown domain via 148d5ad7698 winbindd: don't call set_domain_online_request() in the idmap child via cb204cfc69b VERSION: Bump version up to Samba 4.17.8... from 2761e60b563 VERSION: Disable GIT_SNAPSHOT for the 4.17.7 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-17-stable - Log - --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 82 +- lib/tsocket/tests/test_tstream.c | 2 +- libcli/security/create_descriptor.c | 247 +- libcli/smb/smbXcli_base.c| 11 + libds/common/flags.h | 14 ++ python/samba/join.py | 19 ++ selftest/target/Samba3.pm| 4 + source3/lib/util.c | 5 + source3/libsmb/dsgetdcname.c | 49 ++-- source3/modules/vfs_shadow_copy2.c | 25 +- source3/modules/vfs_streams_depot.c | 2 +- source3/rpc_server/rpcd_mdssvc.c | 8 + source3/script/tests/test_veto_files.sh | 80 +- source3/script/tests/test_wbinfo_u_large_ad.sh | 28 +++ source3/script/tests/test_zero_readsize.sh | 101 source3/smbd/filename.c | 18 +- source3/smbd/globals.h
[SCM] Samba Shared Repository - branch v4-17-stable updated
The branch, v4-17-stable has been updated via 2761e60b563 VERSION: Disable GIT_SNAPSHOT for the 4.17.7 release. via 68bdc867b87 WHATSNEW: Add release notes for Samba 4.17.7. via 04e5a7eb03a CVE-2023-0922 set default ldap client sasl wrapping to seal via 888c6ae8177 CVE-2023-0225 s4-acl: Don't return early if dNSHostName element has no values via 54691236fc8 CVE-2023-0225 pytest/acl: test deleting dNSHostName as unprivileged user via 307b2e65d51 CVE-2023-0225 CVE-2020-25720 pydsdb: Add dsHeuristics constant definitions via b7af8aa2552 CVE-2023-0225 CVE-2020-25720 s4/dsdb/util: Add functions for dsHeuristics 28, 29 via 6b92716e7f8 CVE-2023-0614 ldb: Release LDB 2.6.2 via 0313aa744f1 CVE-2023-0614 lib/ldb-samba Ensure ACLs are evaluated on SAMBA_LDAP_MATCH_RULE_TRANSITIVE_EVAL / LDAP_MATCHING_RULE_IN_CHAIN via f17179189c6 CVE-2023-0614 lib/ldb-samba: Add test for SAMBA_LDAP_MATCH_RULE_TRANSITIVE_EVAL / LDAP_MATCHING_RULE_IN_CHAIN with and ACL hidden attributes via eaeb3dc461f CVE-2023-0614 dsdb: Add pre-cleanup and self.addCleanup() of OU created in match_rules tests via 07fffb3e906 CVE-2023-0614 dsdb: Add DSDB_MARK_REQ_UNTRUSTED via d148a7dd88d CVE-2023-0614 s4-dsdb: Treat confidential attributes as unindexed via e08188bb984 CVE-2023-0614 ldb: Filter on search base before redacting message via b98f8c1af77 CVE-2023-0614 ldb: Centralise checking for inaccessible matches via bd69d5e9626 CVE-2023-0614 ldb: Use binary search to check whether attribute is secret via 8811e67cb2e CVE-2023-0614 s4-acl: Avoid calling dsdb_module_am_system() if we can help it via c1921f5ae08 CVE-2023-0614 ldb: Prevent disclosure of confidential attributes via 2e3ed6cfd24 CVE-2023-0614 s4-acl: Split out function to set up access checking variables via 1ef01830573 CVE-2023-0614 s4-dsdb: Add samdb_result_dom_sid_buf() via bfab55ebb69 CVE-2023-0614 s4-acl: Split out logic to remove access checking attributes via 64604c41c19 CVE-2023-0614 ldb: Add ldb_parse_tree_get_attr() via efd1cfab96f CVE-2023-0614 tests/krb5: Add test for confidential attributes timing differences via a45fc44c39c CVE-2023-0614 schema_samba4.ldif: Allocate previously added OID via 65249df5259 schema_samba4.ldif: Allocate previously added OIDs via d9a20068a3d CVE-2023-0614 s4:dsdb:tests: Fix search in confidential attributes test via 2ea5bbc269e CVE-2023-0614 s4:dsdb/extended_dn_in: Don't modify a search tree we don't own via 78a7f247dba CVE-2023-0614 ldb: Make use of ldb_filter_attrs_in_place() via 4ed84d8fabe CVE-2023-0614 ldb: Make ldb_filter_attrs_in_place() work in place via ec3737404e6 CVE-2023-0614 ldb: Add function to filter message in place via ddf1ed69d8f CVE-2023-0614 ldb: Add function to add distinguishedName to message via d97e92efafc CVE-2023-0614 ldb: Add function to remove excess capacity from an ldb message via 43746e79f67 CVE-2023-0614 ldb: Add function to take ownership of an ldb message via b4f3aa03e2f CVE-2023-0614 ldb:tests: Ensure all tests are accounted for via 132028692f3 CVE-2023-0614 ldb:tests: Ensure ldb_val data is zero-terminated via 188e9887210 CVE-2023-0614 s4-acl: Use ldb functions for handling inaccessible message elements via cbf8f1c2eb8 CVE-2023-0614 ldb: Add functions for handling inaccessible message elements via 7f98e3abdc4 CVE-2023-0614 s4-acl: Make some parameters const via 9c8bbbf3b57 CVE-2023-0614 s4:dsdb: Use talloc_get_type_abort() more consistently via 50a678be1a6 CVE-2023-0614 libcli/security: Make some parameters const via a8c573012f5 CVE-2023-0614 dsdb: Alter timeout test in large_ldap.py to be slower by matching on large objects via a91fc6e9f1d CVE-2023-0614 selftest: Use setUpClass() to reduce "make test TESTS=large_ldap" time via eb20778b5e6 CVE-2023-0614 lib/ldb: Avoid allocation and memcpy() for every wildcard match candidate via 1b775335f57 VERSION: Bump version up to Samba 4.17.7... from 46e771776b2 VERSION: Disable GIT_SNAPSHOT for the 4.17.6 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-17-stable - Log - commit 2761e60b563891ab2a382d519b3884f31f6f541d Author: Jule Anger Date: Wed Mar 22 10:17:18 2023 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.17.7 release. Signed-off-by: Jule Anger commit 68bdc867b873bce8187aeb3990b95c08a507abda Author: Jule Anger Date: Wed Mar 22 10:13:09 2023 +0100 WHATSNEW: Add release notes for Samba 4.17.7. Signed-off-by: Jule Anger commit 04e5a7eb03a1e913f34d77b7b6c2353b41ef546a Author: Rob van der Linde Date: Mon Feb 27 14:06:23 2023 +1300 CVE-2023-0922 set default ldap
[SCM] Samba Shared Repository - branch v4-17-stable updated
The branch, v4-17-stable has been updated via 46e771776b2 VERSION: Disable GIT_SNAPSHOT for the 4.17.6 release. via 418af42a77f WHATSNEW: Add release notes for Samba 4.17.6. via ec6a057e690 s3: smbd: Fix fsp/fd leak when looking up a non-existent stream name on a file. via 460bc1897a3 s3: tests: Add new test_stream_dir_rename.sh test. via 1caac94128e s3: provision: Add new streams_xattr_nostrict share - needs "strict rename = no". via bfbb854d746 rpcd: With npa->need_idle_server we can have more than 256 servers via 743d7600fba rpcd: Do blocking connects to local pipes via 32a6eb37fbd rpcd: Increase listening queue via 529e76a51df torture3: test rpc scalability via f07883a09ea librpc: Remove unused sync rpc_transport_np_init() via dbb9cb6bfad librpc: Make rpc_pipe_open_np() public and async via f4556250b87 lib:util: File descriptor being closed repeatedly. via 0b8713e342c vfs_ceph: use fsp_get_pathref_fd in ceph fstatat and close vfs calls via 79c06ede865 mdssvc: fix kMDScopeArray parsing via cee7ecee5ca s4-drsuapi: Give an error that matches windows on destination_dsa_guid lookup failure via c7658589fa5 s4-drsuapi: Clarify role of drs_security_access_check_nc_root() via dee90673865 s4-rpc_server: Pre-check destination_dsa_guid in GetNCChanges for validity via be0cb189202 s4-drsuapi: Use samdb_get_ntds_obj_by_guid() to find RODC in REPL_SECRET via fba94e5d504 s4-dsdb: Require that the NTDS object is an nTDSDSA objectclass via bcb89bd81d4 s4-dsdb: Split samdb_get_ntds_obj_by_guid() out of samdb_is_rodc() via a78c2094ff5 s4-rpc_server/drsuapi: Return correct error code for an invalid DN to EXOP_REPL_OBJ/EXOP_REPL_OBJ via 764702f788c s4-drs: Make drs_ObjectIdentifier_to_dn() safer and able to cope with DummyDN values via 7c32d3d75aa s4-dsdb: rework drs_ObjectIdentifier_to_dn() into drs_ObjectIdentifier_to_dn_and_nc_root() via 85cc464195b s4-rpc_server/drsuapi: Use dsdb_normalise_dn_and_find_nc_root() via 96adf5afc01 s4-dsdb: Add dsdb_normalise_dn_and_find_nc_root() around dsdb_find_nc_root() via deac11ab428 s4-dsdb: Add better debugging to dsdb_objects_have_same_nc() via 4413c277ef0 s4-dsdb: Make dsdb_find_nc_root() first try and use DSDB_CONTROL_CURRENT_PARTITION_OID via 24adeb3ad11 s4-dsdb: Schedule SD propegation only after successful rename via fedd276dbf1 s4-selftest/drs: Confirm GetNCChanges REPL_SECRET works with a DummyDN and real GUID via f6ebb660e54 s4-selftest/drs: Confirm GetNCChanges full replication works with a DummyDN and real GUID via fcc25f6baf8 s4-selftest/drs: Confirm GetNCChanges REPL_OBJ works with a DummyDN and real GUID via b0bbea3fdcd s4-selftest/drs Allow re-run of DRS tests after failed cleanup via 2cb965046b8 s4-selftest/drs Allow some DRS tests to operate against an IP via a81be075983 s4-selftest/drs Add test of expected return code for invaid DNs in GetNCChanges via 00d1f6223f2 s4-dsdb: Add tests of SamDB.get_nc_root() via ddf64adea13 s3/lib: Prevent use after free of messaging_ctdb_fde_ev structs via e12898ff72c VERSION: Bump version up to Samba 4.17.6... from 420b9e67870 VERSION: Disable GIT_SNAPSHOT for the 4.17.5 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-17-stable - Log - --- Summary of changes: VERSION| 2 +- WHATSNEW.txt | 65 - lib/util/util_file.c | 9 +- python/samba/tests/dsdb.py | 122 + selftest/target/Samba3.pm | 5 + source3/lib/messages_ctdb.c| 19 ++ source3/librpc/idl/rpc_host.idl| 2 +- source3/modules/vfs_ceph.c | 7 +- source3/rpc_client/cli_pipe.c | 132 +++--- source3/rpc_client/cli_pipe.h | 13 + source3/rpc_client/local_np.c | 14 +- source3/rpc_client/rpc_transport.h | 3 - source3/rpc_client/rpc_transport_np.c | 31 --- source3/rpc_server/mdssvc/mdssvc.c | 6 + source3/rpc_server/rpc_host.c | 2 +- source3/rpc_server/rpc_worker.c| 2 +- source3/script/tests/test_stream_dir_rename.sh | 72 ++ source3/selftest/tests.py | 4 + source3/smbd/filename.c| 21 ++ source3/torture/proto.h| 1 + source3/torture/test_rpc_scale.c | 301 ++ source3/torture/torture.c | 4 + source3/torture/wscript_build
[SCM] Samba Shared Repository - branch v4-17-stable updated
The branch, v4-17-stable has been updated via 420b9e67870 VERSION: Disable GIT_SNAPSHOT for the 4.17.5 release. via c67be713048 WHATSNEW: Add release notes for Samba 4.17.5. via 85331e00b6f lib/replace - add extra check to bsd_attr_list via f0729d7a72d s3: smbd: Always use metadata_fsp() when processing fsctls. via cd3479c64a8 s3: smbd: Add test to show smbd crashes when doing an FSCTL on a named stream handle. via 961eda75a0c s3:auth: call wbcFreeMemory(info) in auth3_generate_session_info_pac() via 0b3fab18954 CVE-2022-38023 s3:rpc_server/netlogon: Avoid unnecessary loadparm_context allocations via d737d6b8e2c CVE-2022-38023 docs-xml/smbdotconf: The "server schannel require seal[:COMPUTERACCOUNT]" options are also honoured by s3 netlogon server. via 67cdc5dec01 CVE-2022-38023 s3:rpc_server/netlogon: Check for global "server schannel require seal" via 03a65b246b5 CVE-2022-38023 s3:rpc_server/netlogon: make sure all _netr_LogonSamLogon*() calls go through dcesrv_netr_check_schannel() via de2e2045bbb CVE-2022-38023 s3:rpc_server/netlogon: Use dcesrv_netr_creds_server_step_check() via 600a91f4bee CVE-2022-38023 s4:rpc_server/netlogon: Move schannel and credentials check functions to librpc via 71185d09ef8 CVE-2022-38023 s4:rpc_server:wscript: Reformat following pycodestyle via 6d31e359fbf CVE-2022-38023 selftest:Samba3: avoid global 'server schannel = auto' via 5a49be37d88 CVE-2022-38023 s3:rpc_server/netlogon: 'server schannel != yes' warning to dcesrv_interface_netlogon_bind via 34a90840448 s3: smbd: Tweak openat_pathref_dirfsp_nosymlink() to NULL out fsp->fsp_name after calling fd_close() on intermediate directories, rather than before. via 669da62d636 selftest: Show vfs_virusscanner crashes when traversing a 2-level directory tree. via 02e63b6d336 s4: libcli: Ignore errors when getting A records after fetching records. via 580cfa72138 s3: smbd: In synthetic_pathref() change DBG_ERR -> DBG_NOTICE to avoid spamming the logs. via 1e94c94ae85 s3: smbd: Cause SMB2_OP_FLUSH to go synchronous in a compound anywhere but the last operation in the list. via 61babd9af83 s3: smbd: Add utility function smbd_smb2_is_last_in_compound(). via 7b4652b8027 s4: torture: Add an async SMB2_OP_FLUSH + SMB2_OP_FLUSH test to smb2.compound_async. via 67d388c71f7 s4: torture: Add an async SMB2_OP_FLUSH + SMB2_OP_CLOSE test to smb2.compound_async. via 7b29d4077d8 nsswitch:libwbclient - fix leak in wbcCtxPingDc2 via 50330f69a07 s3: libsmbclient: Fix smbc_getxattr() to return 0 on success. via a92a0043493 s4: torture: Show return value for smbc_getxattr() is incorrect (returns >0 for success, should return zero). via 0bc115f7570 s3:smbstatus: go to cmdline_messaging_context_free via 69f6517f93b source3/wscript: Remove implicit int and implicit function declarations via fab96048ba5 source3/wscript: Fix detection of major/minor macros via 409dd9b20ea buildtools/wafsamba: Avoid calling lib_func without a prototype via cedb4ff4ca9 s4:lib/messaging: fix interaction between imessaging_context_destructor and irpc_destructor via b1d5552f2e2 s3:rpc_server/srvsvc: make sure we (re-)load all shares as root. via a8934a92f1a selftest: add samba3.blackbox.registry_share via 658a590b353 testprogs: Add testit_grep_count() helper via 33a5ca2f999 s3: smbd: Strip any leading '\' characters if the SMB2 DFS flag is set. via bc05daafbc6 s3:client: Fix a use-after-free issue in smbclient via 0d2acb2e228 s3:script: Improve test_chdir_cache.sh via 72e6fff0e5f s3:params:lp_do_section - protect against NULL deref via 4f47415e248 rpc_server:srvsvc - retrieve share ACL via root context via 0d89084e044 ctdb: Fix a use-after-free in run_proc via 72dcfb4773d VERSION: Bump version up to Samba 4.17.5... from ab48448c650 VERSION: Disable GIT_SNAPSHOT for the 4.17.4 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-17-stable - Log - --- Summary of changes: VERSION| 2 +- WHATSNEW.txt | 85 ++- buildtools/wafsamba/samba_waf18.py | 3 +- ctdb/common/run_proc.c | 5 +- .../security/serverschannelrequireseal.xml | 5 +- lib/replace/xattr.c| 12 + librpc/rpc/server/netlogon/schannel_util.c | 570 + librpc/rpc/server/netlogon/schannel_util.h | 54 ++ librpc/wscript_build | 12 + nsswitch/libwbclient/wbc_pam.c
[SCM] Samba Shared Repository - branch v4-17-stable updated
The branch, v4-17-stable has been updated via ab48448c650 VERSION: Disable GIT_SNAPSHOT for the 4.17.4 release. via f676c903ad5 WHATSNEW: Add release notes for Samba 4.17.4. via 1c7d60ee090 s4:libnet: correctly handle gnutls_pbkdf2() errors via 77fb5b47621 s4:libnet: fix error string for failing samr_ChangePasswordUser4() via 5048d63c92e CVE-2022-37966 python:/tests/krb5: call sys.path.insert(0, "bin/python") before any other imports via 701c98858c9 CVE-2022-37966 samba-tool: add 'domain trust modify' command via dd4832f10a7 CVE-2022-37966 s4:kdc: apply restrictions of "kdc supported enctypes" via 17db57685f6 CVE-2022-37966 param: Add support for new option "kdc supported enctypes" via 428aa9b001d CVE-2022-37966 param: let "kdc default domain supportedenctypes = 0" mean the default via 91be2dbb305 CVE-2022-37966 param: don't explicitly initialize "kdc force enable rc4 weak session keys" to false/"no" via 2d1f56c67e6 CVE-2022-37966 s4:kdc: announce PA-SUPPORTED-ETYPES like windows. via 82739352398 CVE-2022-37966 python:tests/krb5: test much more etype combinations via c642bd9f2e9 CVE-2022-37966 python:tests/krb5: add better PADATA_SUPPORTED_ETYPES assert message via afc05bec7ec CVE-2022-37966 python:tests/krb5: add 'force_nt4_hash' for account creation of KDCBaseTest via d1b65794c8c CVE-2022-37966 python:tests/krb5: ignore empty supplementalCredentials attributes via 0f63356c8bb CVE-2022-37966 python:tests/krb5: allow ticket/supported_etypes to be passed KdcTgsBaseTests._{as,tgs}_req() via 6a4531ad9fb CVE-2022-37966 python:tests/krb5: fix some tests running against Windows 2022 via bf633c58114 CVE-2022-37966 s4:libnet: allow python bindings to force setting an nthash via SAMR level 18 via 9c106afa804 CVE-2022-37966 s4:libnet: add support LIBNET_SET_PASSWORD_SAMR_HANDLE_18 to set nthash only via bf27c7ba92e CVE-2022-37966 s4:libnet: initialize libnet_SetPassword() arguments explicitly to zero by default. via d7efa582a41 CVE-2022-37966 drsuapi.idl: add trustedDomain related ATTID values via 42c12b8c36d CVE-2022-37966 s4:kdc: use the strongest possible keys via ceda758dd73 CVE-2022-37966 s4:pydsdb: add ENC_HMAC_SHA1_96_AES256_SK via e741eac059f CVE-2022-37966 s3:net_ads: let 'net ads enctypes list' pretty print AES256-SK and RESOURCE-SID-COMPRESSION-DISABLED via 96fcd2b2b1f CVE-2022-37966 s3:net_ads: no longer reference des encryption types via 8b9e670c5ce CVE-2022-37966 s3:libnet: no longer reference des encryption types via edccbf1a637 CVE-2022-37966 s3:libads: no longer reference des encryption types via c894010ae87 CVE-2022-37966 lib/krb5_wrap: no longer reference des encryption types via e2e29876b69 CVE-2022-37966 s3:net_ads: remove unused ifdef HAVE_ENCTYPE_AES* via b10529349fb CVE-2022-37966 s3:libnet: remove unused ifdef HAVE_ENCTYPE_AES* via d022b9fa3ae CVE-2022-37966 s3:libads: remove unused ifdef HAVE_ENCTYPE_AES* via 91680bf61f5 CVE-2022-37966 lib/krb5_wrap: remove unused ifdef HAVE_ENCTYPE_AES* via 425dc5a2a09 CVE-2022-37966 system_mitkrb5: require support for aes enctypes via 4ad0303ece5 CVE-2022-37966 wafsamba: add support for CHECK_VARIABLE(mandatory=True) via 5f8854208d7 CVE-2022-37966 s4:kdc: also limit the krbtgt history to their strongest keys via 82f3c2876a8 CVE-2022-37966 kdc: Assume trust objects support AES by default via 71e538e7e03 CVE-2022-37966 kdc: Implement new Kerberos session key behaviour since ENC_HMAC_SHA1_96_AES256_SK was added via 3d85ff9dd57 CVE-2022-37966 selftest: Run S4U tests against FL2003 DC via 64bfe0ef786 CVE-2022-37966 selftest: Add tests for Kerberos session key behaviour since ENC_HMAC_SHA1_96_AES256_SK was added via 123b3c056af CVE-2022-37966 tests/krb5: Test different preauth etypes with Protected Users group via d8cef2fa342 CVE-2022-37966 samba-tool: Declare explicitly RC4 support of trust objects via 42150ff93ba CVE-2022-37966 samba-tool: Fix 'domain trust create' documentation via 350a2e5fda5 CVE-2022-37966 third_party/heimdal: Fix error message typo via ac8a4665a8d CVE-2022-37966 param: Add support for new option "kdc force enable rc4 weak session keys" via 3d276a19e30 CVE-2022-37966 param: Add support for new option "kdc default domain supportedenctypes" via 25918f9c16c CVE-2022-37967 Add new PAC checksum via 6ff9fc58cd3 CVE-2022-37966 HEIMDAL: Look up the server keys to combine with clients etype list to select a session key via 15835e21e84 CVE-2022-37966 tests/krb5: Add a test requesting tickets with various encryption types via 649854b0fad CVE-2022-37966 tests/krb5: Add 'etypes' parameter to _tgs_req() via 4870b9c8e57
[SCM] Samba Shared Repository - branch v4-17-stable updated
The branch, v4-17-stable has been updated via 212ebbf7f4f VERSION: Disable GIT_SNAPSHOT for the 4.17.3 release. via 5e5de5dff5c WHATSNEW: Add release notes for Samba 4.17.3. via 5d845feca47 CVE-2022-42898 third_party/heimdal: PAC parse integer overflows via 0b562285733 VERSION: Bump version up to Samba 4.17.3... from 21f995104c8 VERSION: Disable GIT_SNAPSHOT for the 4.17.2 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-17-stable - Log - commit 212ebbf7f4f30a0555c87e7ed23139fc08415215 Author: Jule Anger Date: Tue Nov 15 08:05:46 2022 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.17.3 release. Signed-off-by: Jule Anger commit 5e5de5dff5c5ae48454fe02cad3e35cbdcea018a Author: Jule Anger Date: Sun Nov 13 18:42:53 2022 +0100 WHATSNEW: Add release notes for Samba 4.17.3. Signed-off-by: Jule Anger commit 5d845feca47822677c9a0e856191b0117f8bb9e4 Author: Joseph Sutton Date: Fri Oct 14 16:45:37 2022 +1300 CVE-2022-42898 third_party/heimdal: PAC parse integer overflows Catch overflows that result from adding PAC_INFO_BUFFER_SIZE. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15203 Heavily edited by committer Nico Williams , original by Joseph Sutton . Signed-off-by: Nico Williams [jsut...@samba.org Zero-initialised header_size in krb5_pac_parse() to avoid a maybe-uninitialized error; added a missing check for ret == 0] --- Summary of changes: VERSION | 2 +- WHATSNEW.txt| 50 ++- third_party/heimdal/lib/krb5/pac.c | 614 +--- third_party/heimdal/lib/krb5/test_pac.c | 48 ++- 4 files changed, 493 insertions(+), 221 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 4af2e6e0518..d11f43b45aa 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=17 -SAMBA_VERSION_RELEASE=2 +SAMBA_VERSION_RELEASE=3 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 9b9d644694d..6a9245050ee 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,50 @@ + == + Release Notes for Samba 4.17.3 + November 15, 2022 + == + + +This is a security release in order to address the following defects: + + +o CVE-2022-42898: Samba's Kerberos libraries and AD DC failed to guard against + integer overflows when parsing a PAC on a 32-bit system, which + allowed an attacker with a forged PAC to corrupt the heap. + https://www.samba.org/samba/security/CVE-2022-42898.html + +Changes since 4.17.2 + +o Joseph Sutton + * BUG 15203: CVE-2022-42898 + +o Nicolas Williams + * BUG 15203: CVE-2022-42898 + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical:matrix.org matrix room, or +#samba-technical IRC channel on irc.libera.chat. + + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + == Release Notes for Samba 4.17.2 October 25, 2022 @@ -46,8 +93,7 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- == Release Notes for Samba 4.17.1 October 19, 2022 diff --git a/third_party/heimdal/lib/krb5/pac.c b/third_party/heimdal/lib/krb5/pac.c index c8f355c8179..c11990a1606 100644 --- a/third_party/heimdal/lib/krb5/pac.c +++ b/third_party/heimdal/lib/krb5/pac.c @@ -37,19 +37,34 @@ #include #include
[SCM] Samba Shared Repository - branch v4-17-stable updated
The branch, v4-17-stable has been updated via 21f995104c8 VERSION: Disable GIT_SNAPSHOT for the 4.17.2 release. via 37fa752e978 WHATSNEW: Add release notes for Samba 4.17.2. via e96d28093ae CVE-2022-3592 smbd: Slightly simplify filename_convert_dirfsp() via ace0ebde325 CVE-2022-3592 lib: add subdir_of() to source3/lib/util_path.c via 4e3e3f9c4fe CVE-2022-3592 torture3: Show that our symlink traversal checks are insecure via 4fbcfb285a9 CVE-2022-3592 smbd: No empty path components in openat_pathref_dirfsp_nosymlink() via 3007e32072f CVE-2022-3437 third_party/heimdal: Pass correct length to _gssapi_verify_pad() via f33f8a515b0 CVE-2022-3437 third_party/heimdal: Check for overflow in _gsskrb5_get_mech() via 0de566954ec CVE-2022-3437 third_party/heimdal: Check buffer length against overflow for DES{,3} unwrap via a0cd16f084d CVE-2022-3437 third_party/heimdal: Check the result of _gsskrb5_get_mech() via c06f2e9ce24 CVE-2022-3437 third_party/heimdal: Avoid undefined behaviour in _gssapi_verify_pad() via 24099e34819 CVE-2022-3437 third_party/heimdal: Don't pass NULL pointers to memcpy() in DES unwrap via abb3f7f1e3e CVE-2022-3437 third_party/heimdal: Use constant-time memcmp() in unwrap_des3() via 2ee62a7c9ff CVE-2022-3437 third_party/heimdal: Use constant-time memcmp() for arcfour unwrap via 846fbd0456a CVE-2022-3437 s4/auth/tests: Add unit tests for unwrap_des3() via d5a06cd54e0 CVE-2022-3437 third_party/heimdal_build: Add gssapi-subsystem subsystem via 16ea178f162 CVE-2022-3437 third_party/heimdal: Remove __func__ compatibility workaround via 96e8adf7ae9 VERSION: Bump version up to Samba 4.17.2... from ed12d43518f VERSION: Disable GIT_SNAPSHOT for the 4.17.1 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-17-stable - Log - commit 21f995104c870cdfbdb0db61e290b2da8bc87ee1 Author: Jule Anger Date: Mon Oct 24 12:50:24 2022 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.17.2 release. Signed-off-by: Jule Anger commit 37fa752e9780aba2102c40e8a256c0d6e3338a93 Author: Jule Anger Date: Mon Oct 24 12:32:18 2022 +0200 WHATSNEW: Add release notes for Samba 4.17.2. Signed-off-by: Jule Anger commit e96d28093ae1b7749a7d7c67133dbd12dc25290b Author: Volker Lendecke Date: Sat Oct 15 13:37:17 2022 +0200 CVE-2022-3592 smbd: Slightly simplify filename_convert_dirfsp() subdir_of() calculates the share-relative rest for us, don't do the strlen(connectpath) calculation twice. subdir_of() also checks that the target properly ends on a directory. With just strncmp a symlink to x->/aa/etc would qualify as in share /a, so a "get x/passwd" leads to a pretty unfortunate result. This is the proper fix for bug 15207, so we need to change the expected error code to OBJECT_PATH_NOT_FOUND Bug: https://bugzilla.samba.org/show_bug.cgi?id=15207 Signed-off-by: Volker Lendecke commit ace0ebde325958995672bb3d476e072ba1358356 Author: Volker Lendecke Date: Sat Oct 15 13:26:48 2022 +0200 CVE-2022-3592 lib: add subdir_of() to source3/lib/util_path.c Bug: https://bugzilla.samba.org/show_bug.cgi?id=15207 Signed-off-by: Volker Lendecke commit 4e3e3f9c4fe24b49c714b1b90f6bf0ba63bf85b0 Author: Volker Lendecke Date: Sat Oct 15 14:09:55 2022 +0200 CVE-2022-3592 torture3: Show that our symlink traversal checks are insecure This test shows that we don't properly check whether symlink targets are inside the exported share. Linking to a/etc makes us loop back into filename_convert_dirfsp_nosymlink() with /etc as a directory name. On Linux systems with openat2(RESOLVE_NO_SYMLINKS) we pass "/etc" directly into that call after some checks for "."/".." as invalid file name components. "/etc" is okay for openat2(), but this test must also succeed on systems without RESOLVE_NO_SYMLINKS (sn-devel-184 for example). On systems without RESOLVE_NO_SYMLINKS split up the path "/etc" into path components, in this case "" and "etc". So we pass "" down to openat(), which correctly fails with ENOENT. Summary: Only with RESOLVE_NO_SYMLINKS we're hit by bug 15207, and this test shows by expecting CONNECTION_DISCONNECTED that we violate the internal assumption of empty path components with an unexpected symlink target, making it testable on systems with and without RESOLVE_NO_SYMLINKS. Bug: https://bugzilla.samba.org/show_bug.cgi?id=15207 Signed-off-by: Volker Lendecke commit 4fbcfb285a923b3d9dbcb4a7c891167628201067 Author: Volker Lendecke Date: Mon Oct 17 18:06:02 2022 +0200 CVE-2022-3592 smbd: No empty path components in openat_pathref_dirfsp_nosymlink() Upper layers must have filtered this, everything else is a bug
[SCM] Samba Shared Repository - branch v4-17-stable updated
The branch, v4-17-stable has been updated via ed12d43518f VERSION: Disable GIT_SNAPSHOT for the 4.17.1 release. via cda9e1cc60f WHATSNEW: Add release notes for Samba 4.17.1. via 142a771d854 s3: libsmbclient: Fix smbc_stat() to return ENOENT on a non-existent file. via 09ec2b13e7c s4: torture: libsmbclient: Add a torture test to ensure smbc_stat() returns ENOENT on a non-existent file. via 7540755de6a s4:messaging: let imessaging_client_init() use imessaging_init_discard_incoming() via 28c65ce3e92 s3:auth_samba4: make use of imessaging_init_discard_incoming() via 68a0ef3b521 s4:messaging: add imessaging_init_discard_incoming() via 93d6f403e38 s3/utils: check result of talloc_strdup via d5e39d1ba70 s3/utils: Check return of talloc_strdup via fac483e3dad s3/param: Check return of talloc_strdup via ee2858ab4ff s4/lib/registry: Fix use after free with popt 1.19 via 21890fcb526 s3/utils: Fix use after free with popt 1.19 via 3a9733ce71f s3/utils: Fix use after free with popt 1.19 via 1e8652100da s3/utils: Add missing poptFreeContext via 4c03cfd6b67 s3/param: Fix use after free with popt-1.19 via e0ae633216d s3/rpcclient: Duplicate string returned from poptGetArg via a1453f16aea vfs_fruit: add missing calls to tevent_req_received() via 54d4b0f607e s3: VFS: fruit. Implement fsync_send()/fsync_recv(). via 4c6b7983ed5 s4: smbtorture: Add fsync_resource_fork test to fruit tests. via 6d05908e3ca smbXsrv_client: handle NAME_NOT_FOUND from smb2srv_client_connection_{pass,drop}() via 4a44febbc46 smbXsrv_client: make sure we only wait for smb2srv_client_mc_negprot_filter once and only when needed via fd4c80fcc6f smbXsrv_client: call smb2srv_client_connection_{pass,drop}() before dbwrap_watched_watch_send() via abc48aec20a smbXsrv_client: fix a debug message in smbXsrv_client_global_verify_record() via 41e016e41c5 smbXsrv_client: ignore NAME_NOT_FOUND from smb2srv_client_connection_passed via cb27978c461 vfs_glusterfs: Remove special handling of O_CREAT flag via bac9532f0a9 python-drs: Add client-side debug and fallback for GET_ANC via 79283760616 s4-libnet: Add messages to object count mismatch failures via eb939d4b805 selftest: Enable "old Samba" mode regarding GET_ANC/GET_TGT via a64c4a7e04d s4-rpc_server:getncchanges Add "old Samba" mode regarding GET_ANC/GET_TGT via 7bde5d32bf7 selftest: Add tests for GetNCChanges GET_ANC using samba-tool drs clone-dc-database via 6671f6f50c3 selftest: Prepare for "old Samba" mode regarding getncchanges GET_ANC/GET_TGT via 4425351fbff pytest/samba_tool_drs_no_dns: use TestCaseInTempDir.rm_files/.rm_dirs via e80ec63f746 pytest/samba_tool_drs: use TestCaseInTempDir.rm_files/.rm_dirs via 6cc1ac327a0 pytest/samdb: use TestCaseInTempDir.rm_files/.rm_dirs via ad768b1ccac pytest/join: use TestCaseInTempDir.rm_files/dirs via 79b5156ec81 pytest/samdb_api: use TestCaseInTempDir.rm_files via 4486028b86e pytest/downgradedatabase: use TestCaseInTempDir.rm_files via 02ededec938 pytest: add file removal helpers for TestCaseInTempDir via df5d4e48307 s3:auth: Flush the GETPWSID in memory cache for NTLM auth via 7bef45d9304 s3: smbd: Fix memory leak in smbd_server_connection_terminate_done(). via ecf8a66e0cc vfs_gpfs: Protect against timestamps before the Unix epoch via 9364c930fb6 lib: Map ERANGE to NT_STATUS_INTEGER_OVERFLOW via 1b4f782caf1 vfs_gpfs: Prevent mangling of GPFS timestamps after 2106 via bb86d2f3a10 CVE-2021-20251 s3: Ensure bad password count atomic updates for SAMR AES password change via 9aabf78216f CVE-2021-20251 s3:rpc_server: Split change_oem_password() call out of samr_set_password_aes() via 619ffc2a2fb CVE-2021-20251 dsdb/common: Remove transaction logic from samdb_set_password() via 7fe10442b76 CVE-2021-20251 s4-rpc_server: Extend scope of transaction for ChangePasswordUser3 via 7b28bd10803 CVE-2021-20251 s4-rpc_server: Use user privileges for SAMR password change via b8c123d02d0 CVE-2021-20251 s4-rpc_server: Use authsam_search_account() to find the user via 0044f598dd4 s3:rpc_server: Use BURN_STR() to zero password via 3d7a2a3603e lib:replace: Add macro BURN_STR() to zero memory of a string via beb63ae03b7 libcli:auth: Keep passwords from convert_string_talloc() secret via c3d6964fccd lib:util: Check memset_s() error code in talloc_keep_secret_destructor() via 3e54aabd9e3 CVE-2021-20251 s3: Ensure bad password count atomic updates for SAMR password change via 5c8bbe3e74c CVE-2021-20251 s3: ensure bad password count atomic updates via 13efa626188 CVE-2021-20251 s4:auth_winbind: Check return status of
[SCM] Samba Shared Repository - branch v4-17-stable updated
The branch, v4-17-stable has been updated via fbec737d9d3 VERSION: Disable GIT_SNAPSHOT for the 4.17.0 release. via c61c79fd8c8 WHATSNEW: Add release notes for Samba 4.17.0. via ef5b28a2585 VERSION: Bump version up to Samba 4.17.0rc6... from 28b356ae82a VERSION: Disable GIT_SNAPSHOT for the 4.17.0rc5 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-17-stable - Log - --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 17 ++--- 2 files changed, 7 insertions(+), 12 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 50344235004..0709d888a3a 100644 --- a/VERSION +++ b/VERSION @@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=5 +SAMBA_VERSION_RC_RELEASE= # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index b060f2e5d09..128bf7230b3 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,16 +1,11 @@ -Release Announcements -= + == + Release Notes for Samba 4.17.0 + September 13, 2022 + == -This is the fifth release candidate of Samba 4.17. This is *not* -intended for production environments and is designed for testing -purposes only. Please report any defects via the Samba bug reporting -system at https://bugzilla.samba.org/. -Samba 4.17 will be the next version of the Samba suite. - - -UPGRADING -= +This is the first stable release of the Samba 4.17 release series. +Please read the release notes carefully before upgrading. NEW FEATURES/CHANGES -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-17-stable updated
The branch, v4-17-stable has been updated via 28b356ae82a VERSION: Disable GIT_SNAPSHOT for the 4.17.0rc5 release. via f83fb43ff93 WHATSNEW: Add release notes for Samba 4.17.0rc5. via 71c94a076ba smbXsrv_client: notify a different node to drop a connection by client guid. via 095ee4ce189 smbXsrv_client: correctly check in negotiate_request.length smbXsrv_client_connection_pass[ed]_* via 64daf27dc73 s3:tests: add test_smbXsrv_client_cross_node.sh via fc52fe99d79 s3:tests: let test_smbXsrv_client_dead_rec.sh cleanup the correct files via ed1d0112616 smbd: Catch streams on non-stream shares via 930380d4746 smbd: return NT_STATUS_OBJECT_NAME_INVALID if a share doesn't support streams via 3139a1063a0 smbtorture: add a test trying to create a stream on share without streams support via f3886349ec3 smbd: implement access checks for SMB2-GETINFO as per MS-SMB2 3.3.5.20.1 via 5fff2048a47 smbtorture: check required access for SMB2-GETINFO via 771aad3baa0 s4/libcli/smb2: avoid using smb2_composite_setpathinfo() in smb2_util_setatr() via 229d55eff3a WHATSNEW: Document new Protected Users group via 8a7551c4ac6 WHATSNEW: add more added/updated parameters via b3e04327601 WHATSNEW: Make MIT Kerberos 1.20 updates clearer via e9c554c0a6a s3/winbindd: Fix bad access to sid array (with debug level >= info) via 3ba0c89f248 VERSION: Bump version up to Samba 4.17.0rc4... from e6294461ad1 VERSION: Disable GIT_SNAPSHOT for the 4.17.0rc4 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-17-stable - Log - --- Summary of changes: VERSION| 2 +- WHATSNEW.txt | 88 ++- librpc/idl/messaging.idl | 1 + selftest/knownfail | 3 +- source3/librpc/idl/smbXsrv.idl | 28 +++ .../script/tests/test_smbXsrv_client_cross_node.sh | 95 .../script/tests/test_smbXsrv_client_dead_rec.sh | 2 +- source3/selftest/tests.py | 9 + source3/smbd/filename.c| 6 + source3/smbd/files.c | 10 +- source3/smbd/open.c| 2 +- source3/smbd/smb2_getinfo.c| 28 +++ source3/smbd/smbXsrv_client.c | 266 +++-- source3/winbindd/wb_lookupusergroups.c | 2 +- source4/libcli/smb2/util.c | 37 ++- source4/selftest/tests.py | 1 + source4/torture/smb2/create.c | 48 source4/torture/smb2/getinfo.c | 147 source4/torture/smb2/oplock.c | 10 +- source4/torture/smb2/smb2.c| 1 + 20 files changed, 734 insertions(+), 52 deletions(-) create mode 100755 source3/script/tests/test_smbXsrv_client_cross_node.sh Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 6dd9eb383e4..50344235004 100644 --- a/VERSION +++ b/VERSION @@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=4 +SAMBA_VERSION_RC_RELEASE=5 # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 3591b8a4306..b060f2e5d09 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,7 +1,7 @@ Release Announcements = -This is the fourth release candidate of Samba 4.17. This is *not* +This is the fifth release candidate of Samba 4.17. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. @@ -68,8 +68,8 @@ even when Samba is configured as --without-smb1-server. This is to ensure maximum compatibility with environments containing old SMB1 servers. -Bronze bit and S4U support with MIT Kerberos 1.20 -- +Bronze bit and S4U support now also with MIT Kerberos 1.20 +-- In 2020 Microsoft Security Response Team received another Kerberos-related report. Eventually, that led to a security update of the CVE-2020-17049, @@ -87,17 +87,24 @@ but 'Bronze Bit' mitigation is provided only with MIT Kerberos 1.20. In addition to fixing the ‘Bronze Bit’ issue, Samba AD DC now fully supports S4U2Self and S4U2Proxy Kerberos extensions. +Note the
[SCM] Samba Shared Repository - branch v4-17-stable updated
The branch, v4-17-stable has been updated via e6294461ad1 VERSION: Disable GIT_SNAPSHOT for the 4.17.0rc4 release. via a7d399a32cd WHATSNEW: Add release notes for Samba 4.17.0rc4. via ffe95221aab vfs_glusterfs: Implement SMB_VFS_FSTATAT via d5831b0f098 vfs_glusterfs: Use glfs_fgetxattr() for SMB_VFS_GET_REAL_FILENAME_AT via 9d11c39a2b8 vfs_glusterfs: Use glfs_readlinkat() for SMB_VFS_READ_DFS_PATHAT via 5e26c570b7c vfs_glusterfs: Use glfs_symlinkat() for SMB_VFS_CREATE_DFS_PATHAT via 5e155ea4505 vfs_glusterfs: Use glfs_mknodat() for SMB_VFS_MKNODAT via 1d74f92deb4 vfs_glusterfs: Use glfs_linkat() for SMB_VFS_LINKAT via 894338eddbb vfs_glusterfs: Use glfs_readlinkat() for SMB_VFS_READLINKAT via 41eb80482b3 vfs_glusterfs: Use glfs_symlinkat() for SMB_VFS_SYMLINKAT via c9b0459a175 vfs_glusterfs: Use glfs_unlinkat() for SMB_VFS_UNLINKAT via 618c868642d vfs_glusterfs: Use glfs_renameat() for SMB_VFS_RENAMEAT via a41e308cf08 vfs_glusterfs: Use glfs_mkdirat() for SMB_VFS_MKDIRAT via e0375100d79 vfs_glusterfs: Use glfs_openat() for SMB_VFS_OPENAT via a8eab509154 source3/wscript: Detect glusterfs-api with *at() calls support via 9f04cb8f58d vfs_glusterfs: Accept fsp with const qualifier via fbd69dab91c VERSION: Bump version up to Samba 4.17.0rc4... from c15dfcca9f5 VERSION: Disable GIT_SNAPSHOT for the 4.17.0rc3 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-17-stable - Log - --- Summary of changes: VERSION | 2 +- WHATSNEW.txt| 9 +- source3/modules/vfs_glusterfs.c | 438 source3/wscript | 4 + 4 files changed, 372 insertions(+), 81 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index beafce89da7..6dd9eb383e4 100644 --- a/VERSION +++ b/VERSION @@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=3 +SAMBA_VERSION_RC_RELEASE=4 # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 63c5fe09a90..3591b8a4306 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,7 +1,7 @@ Release Announcements = -This is the third release candidate of Samba 4.17. This is *not* +This is the fourth release candidate of Samba 4.17. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. @@ -206,6 +206,13 @@ smb.conf changes nt hash store New parameter always volume serial number New parameter -1 +CHANGES SINCE 4.17.0rc3 +=== + +o Anoop C S + * BUG 15157: Make use of glfs_*at() API calls in vfs_glusterfs. + + CHANGES SINCE 4.17.0rc2 === diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c index dd05da0f9bb..e2f9fbd8bd4 100644 --- a/source3/modules/vfs_glusterfs.c +++ b/source3/modules/vfs_glusterfs.c @@ -606,7 +606,7 @@ static uint32_t vfs_gluster_fs_capabilities(struct vfs_handle_struct *handle, } static glfs_fd_t *vfs_gluster_fetch_glfd(struct vfs_handle_struct *handle, -files_struct *fsp) +const files_struct *fsp) { glfs_fd_t **glfd = (glfs_fd_t **)VFS_FETCH_FSP_EXTENSION(handle, fsp); if (glfd == NULL) { @@ -737,9 +737,24 @@ static int vfs_gluster_mkdirat(struct vfs_handle_struct *handle, const struct smb_filename *smb_fname, mode_t mode) { - struct smb_filename *full_fname = NULL; int ret; +#ifdef HAVE_GFAPI_VER_7_11 + glfs_fd_t *pglfd = NULL; + + START_PROFILE(syscall_mkdirat); + + pglfd = vfs_gluster_fetch_glfd(handle, dirfsp); + if (pglfd == NULL) { + END_PROFILE(syscall_mkdirat); + DBG_ERR("Failed to fetch gluster fd\n"); + return -1; + } + + ret = glfs_mkdirat(pglfd, smb_fname->base_name, mode); +#else + struct smb_filename *full_fname = NULL; + START_PROFILE(syscall_mkdirat); full_fname = full_path_from_dirfsp_atname(talloc_tos(), @@ -753,6 +768,7 @@ static int vfs_gluster_mkdirat(struct vfs_handle_struct *handle, ret = glfs_mkdir(handle->data, full_fname->base_name, mode); TALLOC_FREE(full_fname); +#endif
[SCM] Samba Shared Repository - branch v4-17-stable updated
The branch, v4-17-stable has been updated via c15dfcca9f5 VERSION: Disable GIT_SNAPSHOT for the 4.17.0rc3 release. via d9f7e8d41b7 WHATSNEW: Add release notes for Samba 4.17.0rc3. via 4d37152c666 smbd: directly pass fsp to SMB_VFS_FGETXATTR() in fget_ea_dos_attribute() via 25d6dcd8897 smbd: add and use vfs_fget_dos_attributes() via 9df07ee0fa5 smbtorture: add test smb2.stream.attributes2 via 81be412fb01 smbtorture: rename smb2.streams.attributes to smb2.streams.attributes1 via 0d0eff66058 vfs_default: assert all passed in fsp's and names are non-stream type via f2272106f36 vfs_streams_xattr: restrict which fcntl's are allowed on streams via aca819549c3 smbd: skip access checks for stat-opens on streams in open_file() via 7c713f386f3 smbd: use metadata_fsp() in get_acl_group_bits() via 107af8fd98b smbd: ignore request to set the SPARSE attribute on streams via 69742bab667 smbd: use metadata_fsp() with SMB_VFS_FSET_DOS_ATTRIBUTES() via 814fd4e8e89 smbd: use metadata_fsp() with SMB_VFS_FGET_DOS_ATTRIBUTES() via 1434b66f2a1 smbd: use metadata_fsp() with SMB_VFS_FSET_NT_ACL() via ba468a9b416 smbd: use metadata_fsp() with SMB_VFS_FGET_NT_ACL() via ab76ab52c39 CI: add a test trying to delete a stream on a pathref ("stat open") handle via 3994f71f039 vfs_xattr_tdb: add "xattr_tdb:ignore_user_xattr" option via aa85dac1e95 vfs_xattr_tdb: add a module config via bae285ed702 vfs_xattr_tdb: move close_xattr_db() via f23ef830bc7 smdb: use fsp_is_alternate_stream() in open_file() via 721ea813b54 waf: Fix SO version number of libsamba-errors via fbcb8db069c WHATSNEW: document new volume serial number smb.conf parameter via 0b15ebced78 s3:smbd: let delay_for_oplock_fn() only call leases_db_get() once via cb63afbda1b s3:smbd: lease_match_break_fn() only needs leases_db_get() once via e764e40ad55 s3:smbd: inline fsp_lease_type_is_exclusive() logic into contend_level2_oplocks_begin_default via fa8d19056bd s3:locking: move get_existing_share_mode_lock() to share_mode_lock.[ch] via 411af5fb48c s3:locking: pass lease_key explicitly to set_share_mode() via 6bf37ba4538 s3:smbd: only run validate_oplock_types() with smbd:validate_oplock_types = yes via f207ef33224 s3:g_lock: avoid useless talloc_array(0) in g_lock_dump() via e4538e70cbe s3:g_lock: add some const to the shared array passed via g_lock_dump*() via 208037a7eea lib/util: add unlikely() to SMB_ASSERT() via 76bff90824a s3: smbd: Plumb close_type parameter through close_file_in_loop(), file_close_conn() via 91273a969ab s3: smbd: Add "enum file_close_type close_type" parameter to file_close_conn(). via 5fc9bf0f63c s3: smbd: Add "enum file_close_type close_type" parameter to close_cnum(). via c47b7479e74 s3/smbd: Use after free when iterating smbd_server_connection->connections via 0b33961e71a s3/smbd: Use after free when iterating smbd_server_connection->connections via 0725e1ea851 s3:utils remove documentation of -l as alias for --long via c4c99397c56 s3:smbd: only clear LEASE_READ if there's no read lease is left via 0529214b3cc s4:torture/smb2: add smb2.lease.v[1,2]_bug_15148 via 6ac28f43868 s3:smbd: share_mode_flags_set() takes SMB2_LEASE_* values via e3ee5197a6d libcli/smb: Set error status if 'iov' pointer is NULL via dee2505716d libcli/smb: Ensure we call tevent_req_nterror() on failure via 877287e6b4e VERSION: Bump version up to Samba 4.17.0rc3... from 8e1f74303ee VERSION: Disable GIT_SNAPSHOT for the 4.17.0rc2 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-17-stable - Log - --- Summary of changes: VERSION| 2 +- WHATSNEW.txt | 29 ++- docs-xml/manpages/net.8.xml| 14 +- lib/util/fault.h | 2 +- libcli/smb/smbXcli_base.c | 12 +- libcli/util/wscript_build | 2 +- selftest/knownfail | 4 +- selftest/target/Samba3.pm | 8 + selftest/target/Samba4.pm | 1 + source3/include/g_lock.h | 4 +- source3/include/proto.h| 3 + source3/lib/g_lock.c | 20 +- source3/locking/leases_util.c | 17 -- source3/locking/locking.c | 11 - source3/locking/proto.h| 3 - source3/locking/share_mode_lock.c | 30 ++- source3/locking/share_mode_lock.h | 4 + source3/modules/vfs_default.c | 92 +---
[SCM] Samba Shared Repository - branch v4-17-stable updated
The branch, v4-17-stable has been updated via 8e1f74303ee VERSION: Disable GIT_SNAPSHOT for the 4.17.0rc2 release. via 9e75207d331 WHATSNEW: Add release notes for Samba 4.17.0rc2. via 8b6cea8105c WHATSNEW: SMB Server performance improvements via c027512a612 s3:vfs.h: add comment about VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS via ff46ee6ad51 s3: smbd: Add IS_VETO_PATH checks to openat_pathref_fsp_case_insensitive(). via 9e32b03e1ee s3: smbd: Add IS_VETO_PATH check to openat_pathref_dirfsp_nosymlink(). via 80c090c87b2 s3: tests: Add samba3.blackbox.test_veto_files. via 912ee2c92d4 selftest/Samba3: let nt4_dc* use vfs_default:VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS=no via 783e6e7520c vfs_default: Use openat2(RESOLVE_NO_SYMLINKS) if available via 3ec21a8dd98 vfs_default: prepare O_PATH usage with openat2() via 40476e83899 s3:smbd: let openat_pathref_dirfsp_nosymlink() try VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS first via 5d703111ff2 s3:smbd: let openat_pathref_dirfsp_nosymlink() handle ELOOP similar to ENOTDIR via 4ec4806b35a s3:smbd: let openat_pathref_dirfsp_nosymlink() do a verification loop against . and .. first via 25071a1f4ee vfs: define VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS via b71871a193d lib/replace: let DISABLE_OPATH also undef __NR_openat2 via 4b1f56aa04a lib/replace: add fallback defines for __NR_openat2 via dd18624395d lib/replace: use syscall(__NR_openat2) if available via b9a1441238f lib/replace: always include in replace.c if available via 5326bbac232 lib/replace: add a replacement for openat2() that returns ENOSYS via cc9caffa60e vfs_btrfs: fix include order, includes.h or replace.h should be first via c8c2cbca60b vfs_io_uring: hide a possible definition of struct open_how in liburing/compat.h via efb488977f5 wafsamba: allow cflags for CHECK_TYPE[_IN]() via c2a69553872 s3:tests: add a lot more tests to test_symlink_traversal_smb2.sh via 7b4e11f1554 s3:utils: Fix NULL check via b8a5f41b790 s3:util: Initialize json_object structures so we can call json_free() via fc3f035e368 s3: smbd: Remove unix_convert() and associated functions. via 0ffe593bdab s3: smbd: Remove the old dfs_path_lookup() code. via 37ce01d6ed2 s3: smbd: Switch get_referred_path() over to use the new dfs_path_lookup(). via bd5c6755581 s3: smbd: Add new version of dfs_path_lookup() that uses filename_convert_dirfsp(). via 161324f5758 s3: smbd: Remove dfs_redirect(). via 38740ceea80 s3: smbd: Remove call to dfs_redirect() from filename_convert_dirfsp_nosymlink(). via 66bc141ddfb s3: smbd: Remove call to dfs_redirect() from filename_convert_smb1_search_path(). via d0a9046c80e s3: smbd: In filename_convert_dirfsp_nosymlink(), cope with an MS-DFS link as the terminal component. via 879b42bd6f4 s3: smbd: In filename_convert_dirfsp_nosymlink(), allow a NT_STATUS_PATH_NOT_COVERED error to be returned. via 5f68afbd016 s3: smbd: Allow openat_pathref_dirfsp_nosymlink() to return NT_STATUS_PATH_NOT_COVERED for a DFS link on a DFS share. via 7e9fb8e9fbe s3: smbd: In get create_junction(), make sure check_path_syntax() is called on returned reqpath. via 9a9b953a9d7 s3: smbd: In get referred_path(), make sure check_path_syntax() is called on returned reqpath. via d1ba2845a2a s3: smbd: Add dfs_filename_convert(). Simple wrapper around parse_dfs_path(). via c0f9b5f41e4 s3: smbd: Use helper function msdfs_servicename_matches_connection() in dfs_redirect(). via 74dc7cb556a s3: smbd: Use helper function msdfs_servicename_matches_connection() in parse_dfs_path(). via 0dd880abd96 s3: smbd: Add helper function msdfs_servicename_matches_connection(). via 8ce26e1e4be s3: smbd: Remove definition of struct dfs_path. via 274c8a06b48 s3: smbd: Remove use of 'struct dfs_path'. Not needed for a (hostname, servicename, path) tuple. via 3a944329c31 s3: smbd: Add TALLOC_CTX * parameter to parse_dfs_path(). via 8031584e1eb s3: smbd: Ensure smb2_file_rename_information() uses the SMB2 pathname parsers, not the SMB1 parsers. via 8d09dc16912 s3: smbd: Make sure we have identical check_path_syntax logic in smbd_smb2_create_durable_lease_check(), as for smb2_create. via c940c9eae94 s3: smbd: In smbd_smb2_create_send() call the helper function check_path_syntax_smb2(). via deb009404a5 s3: smbd: Add helper function check_path_syntax_smb2(). via 33d00d7e881 s3: smbd: Add new function check_path_syntax_smb2_msdfs() for SMB2 MSDFS paths. via 496b9b45c38 s3: smbd: Fix cosmetic bug logging pathnames from Linux kernel clients using SMB1 DFS calls. via adcf069e71e s4:torture/smb2: add smb2.bench.echo via 76672394ba5 s4:torture/smb2: teach
[SCM] Samba Shared Repository - branch v4-17-stable updated
The branch, v4-17-stable has been updated via abc2296a670 VERSION: Disable GIT_SNAPSHOT for the Samba 4.17.0rc1 release. via 459107e6efa WHATSNEW: Up to Samba 4.17.0rc1. via 80d069a72c4 s3:tests: Add a test to check json output of smbstatus profile via 803899fdc3c smbstatus: add JSON support for smbstatus --profile via 0ed54cc6078 smbstatus: fix indentation in profile_separator() via 03ed8d3a07c smbstatus: add a method to add profile items to json via 74028253e1c s3:tests: Add a test to check json output of smbstatus via 5d6ed73b38e smbstatus: add JSON support for smbstatus via 78c6740299f smbstatus: add machine readable creation_time to notify via ed1c94be4f6 smbstatus: add server_id to notifies via 8154df9d1f3 smbstatus: add a notifies dictionary via fed1569f03c smbstatus: add file_id information to byte-range locks in json output via c47d9d28f12 smbstatus: add locks to byte-range locked files in json output via eca61089cda smbstatus: add server_id to byte-range locks via dc3b10cda68 smbstatus: add a basic byte-range locks dictionary via 6b6b586b8d5 smbstatus: add service path to byte-range locks via fb809a11712 smbstatus: add machine readable time info to locked files via 43d811adf6c smbstatus: add general caching information about open files to json output via c0620250cf3 smbstatus: add sharemode information about open files to json output via 003684dc678 smbstatus: add server_id to open files dictionary via 1973c3a9ac9 smbstatus: add lease information about open files to json output via 595b0198ec3 smbstatus: add oplock information about open files to json output via dd9dd5bff02 smbstatus: add access mode information about open files to json output via 8d26456742a smbstatus: add opens to files in json output via 27d026aca69 smbstatus: add file_id information about open files to json output via 95712e61b87 smbstatus: add a basic dictionary with open files via 3ec6e7e31d5 smbstatus: add encryption and signing to sessions via fd1bfb79bdb smbstatus: add server_id to sessions via 836fd468c0d smbstatus: add a sessions dictionary via 1abae1c255c smbstatus: add encryption and signing to connections via 143d9392d66 smbstatus: add machine readable time to connections via 7585f8d201f conn_tdb: change type of connections_data.start to NTTIME via 963e1588681 smbstatus: add session_id to connections dictionary via 696975554a9 conn_tdb: add sess_id to struct connections_data via 7d76fe5f443 smbstatus: add server_id to connections via 138befe4391 smbstatus: add a connections dictionary via 05362a27995 smbstatus: add general information to the json output via a64c9078746 smbstatus: add method add_section_to_json via 15fed37afb6 smbstatus: add json items to traverse_struct via f604e4d4cd9 smbstatus: add frame files for json specific methods via b35f13a3d0d smbstatus: use new enum crypto_degree via 92be53754bf smbstatus: add enum to handle partial encryption and signing via cb8a0d9aecd smbstatus: move the output of the content to their own methods via e514bdbc1c7 smbstatus: move the output of the title lines to their own methods via d9c1ff4c2f1 smbstatus: pass the traverse_state to the traverse methods via caae58fad82 smbstatus: add struct traverse_state via 04f1d339c62 smbstatus: use variables in print_share_mode instead of printing directly via 4f21c6fdf90 smbstatus: print errors to stderr instead of stdout via 4ef2d36615e audit_logging: add method to replace the object for a given key with a new object via 6412c39bbfa smbstatus: delete wrong EXCLUSIVE+BATCH oplock via 82d931d23d1 s3: smbd: Oops. DBG_ERR messages I used to debug parse_dfs_path(), should have been DBG_DEBUG. via fb937ddc838 lib/util/access: source3/auth/user_util: Check for INNETGR via e13875601ff nsswitch/wins: Define NETDB_* for other libc's via 7cd87156761 vfs: Add struct vfs_open_how.resolve via 8693a0416b9 smbd: Hand vfs_open_how to openat_pathref_fullname via c3c5e6c3dd2 smbd: Pass vfs_open_how through fd_openat via ccc26364a9e smbd: Pass vfs_open_how through non_widelink_open via 5fc016f2685 vfs: change openat propotype to match linux openat2 via 5aaf38949ab vfs_glusterfs: add missing END_PROFILE(syscall_openat) to vfs_gluster_openat() via 0fdd7e16a1d samba-tool gpo: clean up tmpdir after create via 5750d7a1d05 samba-tool: allow testparm to dump global section only via 1c6e59a7dfc pyparam: expose lpcfg_dump_globals() via e0d96197fdd pytest/netcmd: test samba-tool testparm global section via 5075df4575d s3: smbd: Remove
[SCM] Samba Shared Repository - branch v4-17-stable updated
The branch, v4-17-stable has been updated via 3ddc9344c2f CVE-2022-32742: s3: smbd: Harden the smbreq_bufrem() macro. via a60863458dc CVE-2022-32742: s4: torture: Add raw.write.bad-write test. via 3029d9bf350 CVE-2022-2031 testprogs: Add test for short-lived ticket across an incoming trust via 958f2bce695 CVE-2022-2031 s4:kpasswd: Do not accept TGTs as kpasswd tickets via 0d8995910f9 CVE-2022-2031 s4:auth: Use PAC to determine whether ticket is a TGT via 6a10e890a08 CVE-2022-2031 auth: Add ticket type field to auth_user_info_dc and auth_session_info via fc03cf9f454 CVE-2022-2031 tests/krb5: Add test that we cannot provide a TGT to kpasswd via 52dd9f8f835 CVE-2022-32744 s4:kpasswd: Ensure we pass the kpasswd server principal into krb5_rd_req_ctx() via 484c6980bef CVE-2022-32744 s4:kdc: Modify HDB plugin to only look up kpasswd principal via 2d3bd2d9ab1 s4:kdc: Remove kadmin mode from HDB plugin via 827dc6a61e6 CVE-2022-32744 s4:kdc: Rename keytab_name -> kpasswd_keytab_name via 09e54a7b1d1 CVE-2022-2031 s4:kdc: Don't use strncmp to compare principal components via be239c71687 CVE-2022-2031 tests/krb5: Test truncated forms of server principals via bbad8f1de43 CVE-2022-32744 s4:kdc: Don't allow HDB keytab iteration via ffb599050ae CVE-2022-2031 s4:kdc: Reject tickets during the last two minutes of their life via 018bdbc29db CVE-2022-2031 third_party/heimdal: Add function to get current KDC time via 3e773a3954f CVE-2022-2031 s4:kdc: Limit kpasswd ticket lifetime to two minutes or less via c0282bbbc13 CVE-2022-2031 s4:kdc: Fix canonicalisation of kadmin/changepw principal via 186f0c6e486 CVE-2022-2031 s4:kdc: Refactor samba_kdc_get_entry_principal() via c6d93504911 CVE-2022-2031 s4:kdc: Split out a samba_kdc_get_entry_principal() function via 23a03911a7f CVE-2022-2031 s4:kdc: Implement is_kadmin_changepw() helper function via a8068e32a02 CVE-2022-2031 testprogs: Add kadmin/changepw canonicalization test with MIT kpasswd via d6580f35724 s4:kpasswd: Restructure code for clarity via ce3b7b27a37 CVE-2022-2031 s4:kpasswd: Require an initial ticket via bbfbbb9f648 CVE-2022-2031 gensec_krb5: Add helper function to check if client sent an initial ticket via e0c135e6c14 CVE-2022-2031 s4:kpasswd: Return a kpasswd error code in KRB-ERROR via 4e2e767a78b CVE-2022-2031 lib:krb5_wrap: Generate valid error codes in smb_krb5_mk_error() via f89e5eff5f5 CVE-2022-2031 s4:kpasswd: Don't return AP-REP on failure via 1f7d94b5fce CVE-2022-2031 s4:kpasswd: Correctly generate error strings via 86698b313e7 CVE-2022-2031 tests/krb5: Add tests for kpasswd service via 192d597c2f2 CVE-2022-2031 tests/krb5: Consider kadmin/* principals as TGS for MIT KRB5 >= 1.20 via 4212037a6a3 CVE-2022-32744 selftest: Specify Administrator kvno for Python krb5 tests via 6a2ec50bfdb CVE-2022-2031 tests/krb5: Add kpasswd_exchange() method via 332fd6032a8 CVE-2022-2031 tests/krb5: Allow requesting a TGT to a different sname and realm via 1e80767c1d2 tests/krb5: Add option for creating accounts with expired passwords via 2bb1f40b9a4 tests/krb5: Fix enum typo via 18bd6dafb57 CVE-2022-2031 tests/krb5: Add methods to send and receive generic messages via 888d58f4334 CVE-2022-2031 tests/krb5: Add 'port' parameter to connect() via a5a2fc4259c CVE-2022-2031 tests/krb5: Add methods to create ASN1 kpasswd structures via 48eb3354c5f CVE-2022-2031 tests/krb5: Add new definitions for kpasswd via ebccd0440aa CVE-2022-32744 tests/krb5: Correctly calculate salt for pre-existing accounts via a118881f4fb CVE-2022-2031 tests/krb5: Split out _make_tgs_request() via f152afa74e8 CVE-2022-32744 tests/krb5: Correctly handle specifying account kvno via 714cadfc404 CVE-2022-2031 s4:kpasswd: Add MIT fallback for decoding setpw structure via b423c370b9b CVE-2022-2031 s4:kpasswd: Account for missing target principal via 2872ccc931c CVE-2022-2031 third_party/heimdal: Check generate_pac() return code via 9881491023e CVE-2022-32745 s4/dsdb/util: Correctly copy values into message element via aa728dfcc96 CVE-2022-32745 s4/dsdb/util: Don't call memcpy() with a NULL pointer via 4a31c48057e CVE-2022-32745 s4/dsdb/util: Use correct value for loop count limit via 4ec784e0a91 CVE-2022-32745 s4/dsdb/samldb: Check for empty values array via f4eb4e6478d CVE-2022-32746 ldb: Release LDB 2.6.1 via 0a3aa5f908e CVE-2022-32746 ldb: Make use of functions for appending to an ldb_message via df487eb2d71 CVE-2022-32746 ldb: Add functions for appending to an ldb_message via a2bb5beee82 CVE-2022-32746 ldb: Ensure shallow copy modifications do