Commits on Source (69)
-
Ralph Boehme authored
The parent smdb forwards SIGTERM to its process group in order to kill all children like the scavenger. This happens from a function registered via atexit() which means the signal forwarding is happening very briefly before the main smbd process exits. When exiting the pipe between smbd and scavenger is closed which triggers a file event in the scavenger. However, due to kernel sheduling it is possible that the file descriptor event is received before the signal, where we call exit_server() which call smb_panic() at the end. Change the exit to exit_server_cleanly() and just log this event at level 2 which we already do. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15275 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Jul 5 13:14:08 UTC 2023 on atb-devel-224 (cherry picked from commit 083fe1c2)
36bb9480 -
Stefan Metzmacher authored
Commit 8132edf1 introduced a retry loop arround cldap_multi_netlogon(), but it forgot to reset num_requests to 0 for the retries. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15416 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Wed Jul 5 11:17:43 UTC 2023 on atb-devel-224 (cherry picked from commit 6965e772)
bdaf1b1c -
Stefan Metzmacher authored
This is mostly for consistency, every remote call should call reset_cm_connection_on_error(). Note this is more than a simple invalidate_cm_connection() as it may set domain->conn.netlogon_force_reauth = true. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit cb59fd43)
3b2f3cf8 -
Stefan Metzmacher authored
Note this is more than a simple invalidate_cm_connection() as it may set domain->conn.netlogon_force_reauth = true. This is not strictly needed as the callers call reset_cm_connection_on_error() via reconnect_need_retry(). But it might avoid one roundtrip. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit 4ad5a35a)
156bafb2 -
Stefan Metzmacher authored
Otherwise we could treat a local problem as non-authoritative. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit 0cb6de4b)
12043529 -
Stefan Metzmacher authored
Note this is more than a simple invalidate_cm_connection() as it may set domain->conn.netlogon_force_reauth = true, which is important in order to recover from NT_STATUS_RPC_SEC_PKG_ERROR errors. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit b317b10d)
ddd61699 -
Stefan Metzmacher authored
When we were not able to get a valid response from any DC we should report NT_STATUS_NO_LOGON_SERVERS with authoritative = 1. This matches what windows does. In a chain of transitive trusts the ACCESS_DENIED/authoritative=0 is not propagated, instead NT_STATUS_NO_LOGON_SERVERS/authoritative=1 is passed along the chain if there's no other DC is available. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit 50e771c1) Autobuild-User(v4-18-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-18-test): Thu Jul 6 13:01:55 UTC 2023 on atb-devel-224
9b25d901 -
Jule Anger authored
samba: tag release samba-4.18.5
10828732 -
Jule Anger authored
and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger <janger@samba.org>
9100d5ac -
Günther Deschner authored
It should be possible to call "net offlinejoin provision" as non-root, no access to secrets.tdb required in that case. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15414 Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Wed Jul 5 09:23:22 UTC 2023 on atb-devel-224 (cherry picked from commit bf7fbf7e)
5ac859e9 -
Ralph Boehme authored
This can happen if DELETE-ON-CLOSE is set, but the deletion fails for some reason. The bug was introduced by 1808e5c1. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15417 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Mon Jul 10 21:32:32 UTC 2023 on atb-devel-224 (cherry picked from commit 4da50463) Autobuild-User(v4-18-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-18-test): Wed Jul 19 16:23:17 UTC 2023 on atb-devel-224
96793d42 -
Noel Power authored
The 'data_filter' is far too restrictive, this filter doesn't apply any mode bits to directories which in turn will result in unexpected directory permissions of the amongst others msg.[ls]ock directories. With 'data_filter' and a 'patched' python at best we experience CI failures with samba-ad-back1 & samba-ad-back2 CI jobs due to server startup failures, at worst user/admins will need to adjust directory permissions post backup. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15390 Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit e401ae44) Autobuild-User(v4-18-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-18-test): Mon Jul 24 10:19:13 UTC 2023 on atb-devel-224
14ce7756 -
Pavel Filipenský authored
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15400 Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 2af9c65f)
c052d8bd -
Pavel Filipenský authored
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 8c10f539)
19e110d7 -
Pavel Filipenský authored
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15400 Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Jul 5 20:24:35 UTC 2023 on atb-devel-224 (cherry picked from commit 6f073f25)
aa2af3c0 -
Pavel Filipenský authored
Reported by Red Hat internal coverity BUG: https://bugzilla.samba.org/show_bug.cgi?id=15433 Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org> Autobuild-Date(master): Tue Jul 25 12:08:49 UTC 2023 on atb-devel-224 (cherry picked from commit dd998cc1) Autobuild-User(v4-18-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-18-test): Fri Jul 28 13:37:01 UTC 2023 on atb-devel-224
c1c2a0ec -
Ralph Boehme authored
SLQ_STATE_RESULTS implies that there are already results attached to the slq which is not the case. Instead the backend will start processing from where it left off when it hits the maximum result limit and had set the state to SLQ_STATE_FULL. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15342 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 4149ef97)
160b7dc0 -
Ralph Boehme authored
If a query is still running in the backend and we have no results yet, returning 0 triggers a search termination by the client in latest macOS releases. macOS returns 0x23 in this case. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15342 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 925fefae)
7d5e9f5f -
Ralph Boehme authored
SL_PAGESIZE is the number of entries we want to process per paged search result set. This is different from MAX_SL_RESULTS which ought to be a default maximum value for total number of results returned for a search query. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15342 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 086c2602)
60fdb3ad -
Ralph Boehme authored
This wasn't enforced at all thus a query would return all available matches without limit. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15342 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit d8fa5c8e)
39c2b556 -
Ralph Boehme authored
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15342 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 7f5e4edf)
3036f3cb -
Ralph Boehme authored
Lastest macOS queries additional file metadata per search result, which causes the mashalled paged result set including metadata to exceed the 64 KB result fragment buffer. Lacking fragementation support in mdssvc (it's supported by the protocol), for now just reduce the maximum number of results per search page. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15342 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 724a0518)
590c9164 -
Ralph Boehme authored
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15427 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 9dc66fec)
aa4db8a3 -
Ralph Boehme authored
Did this ever work? Possible just copied over from Netatalk and was always broken... The Mac client expects the timevalue as seconds relative to 2001-01-01 00:00:00 UTC, packed as IEEE float. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15427 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 620ca1e6)
f4a33735 -
Ralph Boehme authored
Mac 10.10 uses kMDItemContentModificationDate instead of kMDItemFSContentChangeDate. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15427 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Jul 26 23:42:44 UTC 2023 on atb-devel-224 (cherry picked from commit c2e83ebe) Autobuild-User(v4-18-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-18-test): Mon Jul 31 09:11:21 UTC 2023 on atb-devel-224
35573c04 -
Arvid Requate authored
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959 Signed-off-by: Arvid Requate <requate@univention.de> [abartlet@samba.org Added additional talloc_free() in failure paths] Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit b6e80733)
3b3b92f5 -
Arvid Requate authored
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959 Signed-off-by: Arvid Requate <requate@univention.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 2d461844)
364730e9 -
Andrew Bartlett authored
This will replace many calls crafting or searching for this DN elsewhere in the code. BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 25b0e110)
c14fbf24 -
Andrew Bartlett authored
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 97b682e0)
820752e3 -
Andrew Bartlett authored
By doing this we use the common samdb_get_system_container_dn() routine and we avoid doing a linerize and parse step on the main DN, instead using the already stored parse of the DN. This is more hygenic. BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 3669caa9)
8e45b202 -
Andrew Bartlett authored
This is now exactly the same actions, but just uses common code to do it. BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 4e18066f)
32704194 -
Andrew Bartlett authored
This is now exactly the same actions, but just uses common code to do it. BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit a900f6aa)
c3595310 -
Andrew Bartlett authored
This is now exactly the same actions, but just uses common code to do it. BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 13eed1e0)
ae64a438 -
Andrew Bartlett authored
This is now exactly the same actions, but just uses common code to do it. BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 9b4f3f3c)
5f908aef -
Andrew Bartlett authored
This is now exactly the same actions, but just uses common code to do it. BUG: https://bugzilla.samba.org/show_bug.cgi?id=9959 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 4250d07e)
da03582f -
Andrew Bartlett authored
This makes more calls to add children, but avoids the cn=system string in the codebase which makes it easier to audit that this is always being built correctly. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Mon Jul 31 07:20:21 UTC 2023 on atb-devel-224 (cherry picked from commit 5571ce96) RN: A second container with name CN=System would disable the operation of the Samba AD DC. Samba now finds the CN=System container by exact DN and not a search. Autobuild-User(v4-18-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-18-test): Tue Aug 1 10:57:04 UTC 2023 on atb-devel-224
ed62f4fa -
Noel Power authored
Adds share (to be used in later test) that has dfs node but additionally has widelinks set to yes BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435 Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit b57cdfd7)
e50f377b -
Noel Power authored
Adds a new test trying to cd into dfs path on share with widelinks enabled, should generate an error (see BUG:) Add a knownfail so CI continues BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435 Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 3d2e9db8)
5db858c1 -
Noel Power authored
Not used yet, will be used in the next commit to avoid testing if the connected share is a dfs one. Pair-Programmed-With: Jeremy Alison <jra@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435 Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 2668dcd0)
e949750d -
Noel Power authored
In openat(), even if we fail to open the file, propagate stat if and only if the object is a link in a DFS share. This allows calling code to further process the link. Also remove knownfail Pair-Programmed-With: Jeremy Alison <jra@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435 Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Jul 29 00:43:52 UTC 2023 on atb-devel-224 (cherry picked from commit 0bf8b25a) Autobuild-User(v4-18-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-18-test): Thu Aug 3 08:44:47 UTC 2023 on atb-devel-224
c40f1619 -
Andrew Bartlett authored
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15289 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> (cherry picked from commit 848fea1a)
7f87d028 -
Andrew Bartlett authored
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15289 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> (cherry picked from commit fd81759e)
2ed39136 -
Andrew Bartlett authored
The returned strings are not owned by python, so need not be const. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15289 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> (cherry picked from commit 5afd206d)
534425ba -
Andrew Bartlett authored
This uses samba_cmdline_burn() to as to have common command line redaction code. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15289 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> (cherry picked from commit 3f9e4558)
8c2c1b54 -
Andrew Bartlett authored
This use avoids having two different methods to match on command-line passwords. We already have a dependency on the setproctitle python module, and this does not change as the (C) libbsd setproctitle() can't be run from within a python module. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15289 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> (cherry picked from commit a53ebc28)
e724909a -
Andrew Bartlett authored
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15289 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> (cherry picked from commit 414b3803)
c11b6d6b -
Andrew Bartlett authored
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15289 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Jul 21 06:16:30 UTC 2023 on atb-devel-224 (cherry picked from commit 76ad44f4) RN: post-exec password redaction for samba-tool is more reliable for fully random passwords as it no longer uses regular expressions containing the password value itself. Autobuild-User(v4-18-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-18-test): Fri Aug 4 08:05:00 UTC 2023 on atb-devel-224
e9114241 -
Stefan Metzmacher authored
During 'samba-tool ntacl sysvolreset' and similar. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15441 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 3694f2ce)
cf7a0c9d -
Jones Syue authored
If configured as AD DC and aio_pthread appended into 'vfs objects'[1], run these commands would get segfault: 1. sudo samba-tool ntacl get . 2. sudo net vfs getntacl sysvol . gdb said it goes through aio_pthread_openat_fn() @ vfs_aio_pthread.c[2], and the fsp->conn->sconn->client is null (0x0). 'sconn->client' memory is allocated when a new connection is accpeted: smbd_accept_connection > smbd_process > smbXsrv_client_create While running local commands looks like it would not go through smbXsrv_client_create so the 'client' is null, segfault might happen. We should not dereference 'client->server_multi_channel_enabled', if 'client' is null. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15441 [1] smb.conf example, samba-4.18.5, ubuntu 22.04.2 [global] dns forwarder = 127.0.0.53 netbios name = U22-JONES-88X1 realm = U22-JONES-88X1.X88X1.JONES server role = active directory domain controller workgroup = X88X1 idmap_ldb:use rfc2307 = yes vfs objects = dfs_samba4 acl_xattr aio_pthread [sysvol] path = /var/lib/samba/sysvol read only = No [netlogon] path = /var/lib/samba/sysvol/u22-jones-88x1.x88x1.jones/scripts read only = No [2] gdb (gdb) run /usr/local/samba/bin/samba-tool ntacl get . Starting program: /usr/local/Python3/bin/python3 /usr/local/samba/bin/samba-tool ntacl get . [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/libthread_db.so.1". Program received signal SIGSEGV, Segmentation fault. 0x00007fffd0eb809e in aio_pthread_openat_fn (handle=0x8d5cc0, dirfsp=0x8c3070, smb_fname=0x18ab4f0, fsp=0x1af3550, flags=196608, mode=0) at ../../source3/modules/vfs_aio_pthread.c:467 warning: Source file is more recent than executable. 467 if (fsp->conn->sconn->client->server_multi_channel_enabled) { (gdb) bt at ../../source3/modules/vfs_aio_pthread.c:467 at ../../source3/smbd/pysmbd.c:320 ---Type <return> to continue, or q <return> to quit--- (gdb) f at ../../source3/modules/vfs_aio_pthread.c:467 467 if (fsp->conn->sconn->client->server_multi_channel_enabled) { (gdb) p fsp->conn->sconn->client $1 = (struct smbXsrv_client *) 0x0 (gdb) Signed-off-by: Jones Syue <jonessyue@qnap.com> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 8f4c1c67)
bace04c3 -
Stefan Metzmacher authored
The PDUs were generated by Windows clients. And we fail to parse them currently. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15446 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit c37adb76)
f2604db1 -
Stefan Metzmacher authored
DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED don't have any payload by default. In order to receive them via dcerpc_read_ncacn_packet_send/recv we need to allow fragments with frag_len == DCERPC_NCACN_PAYLOAD_OFFSET. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15446 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit 5c724a3e)
30f317cf -
Stefan Metzmacher authored
It seems commit 259129e8 was partly just fantasy... Windows clients just use 16 bytes for DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED pdus. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15446 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Tue Aug 8 08:57:46 UTC 2023 on atb-devel-224 (cherry picked from commit 9ec22e68) Autobuild-User(v4-18-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-18-test): Tue Aug 8 12:56:30 UTC 2023 on atb-devel-224
1b3197ff -
Stefan Metzmacher authored
There's no need for smb2_connect_ext(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit ade663ee)
aec49671 -
Stefan Metzmacher authored
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit dc5a500f)
208bece1 -
Stefan Metzmacher authored
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 2b93058b)
76c6234a -
Stefan Metzmacher authored
This demonstrates the race quite easily against Samba and works fine against Windows Server 2022. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 4028d658)
28e68be9 -
Stefan Metzmacher authored
Commit 5d66d5b8 introduced a 'verify_again:' target, if we ever hit that, we would leak the existing filter_subreq. Moving it just above a possible messaging_filtered_read_send() will allow us to only clear it if we actually create a new request. That will help us in the next commits. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 50d61e53)
4dcefc01 -
Stefan Metzmacher authored
If a client opens multiple connection with the same client guid in parallel, our connection passing is likely to hit a race. Assume we have 3 processes: smbdA: This process already handles all connections for a given client guid smbdB: This just received a new connection with an SMB2 neprot for the same client guid smbdC: This also received a new connection with an SMB2 neprot for the same client guid Now both smbdB and smbdC send a MSG_SMBXSRV_CONNECTION_PASS message to smbdA. These messages contain the socket fd for each connection. While waiting for a MSG_SMBXSRV_CONNECTION_PASSED message from smbdA, both smbdB and smbdC watch the smbXcli_client.tdb record for changes (that also verifies smbdA stays alive). Once one of them say smbdB received the MSG_SMBXSRV_CONNECTION_PASSED message, the dbwrap_watch logic will wakeup smbdC in order to let it recheck the smbXcli_client.tdb record in order to handle the case where smbdA died or deleted its record. Now smbdC rechecks the smbXcli_client.tdb record, but it was not woken because of a problem with smbdA. It meant that smbdC sends a MSG_SMBXSRV_CONNECTION_PASS message including the socket fd again. As a result smbdA got the socket fd from smbdC twice (or even more), and creates two (or more) smbXsrv_connection structures for the same low level tcp connection. And it also sends more than one SMB2 negprot response. Depending on the tevent logic, it will use different smbXsrv_connection structures to process incoming requests. And this will almost immediately result in errors. The typicall error is: smb2_validate_sequence_number: smb2_validate_sequence_number: bad message_id 2 (sequence id 2) (granted = 1, low = 1, range = 1) But other errors would also be possible. The detail that leads to the long delays on the client side is that our smbd_server_connection_terminate_ex() code will close only the fd of a single smbXsrv_connection, but the refcount on the socket fd in the kernel is still not 0, so the tcp connection is still alive... Now we remember the server_id of the process that we send the MSG_SMBXSRV_CONNECTION_PASS message to. And just keep watching the smbXcli_client.tdb record if the server_id don't change. As we just need more patience to wait for the MSG_SMBXSRV_CONNECTION_PASSED message. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15346 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Tue Aug 8 13:59:58 UTC 2023 on atb-devel-224 (cherry picked from commit f348b84f) Autobuild-User(v4-18-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-18-test): Fri Aug 11 09:49:53 UTC 2023 on atb-devel-224
cd866f5c -
Jones Syue authored
Environment setup: When macOS Finder connect to a samba server with 'spotlight = yes', macOS would issue mdssvc open (mdssvc.opnum == 0) to samba and it goes through api _mdssvc_open(). After applied 578e434a, (this is reported by jaywei@qnap.com) this line 'talloc_free(path);' is deleted if _mdssvc_open() normal exit, so memory is lazy de-allocate: delayed to smbd_tevent_trace_callback() @ smb2_process.c. [1] Supposed to explicitly free 'path' in _mdssvc_open() @ srv_mdssvc_nt.c[2] just like abnormal exit, do not wait for main loop to free 'path' which is no longer used, this is more consistent while reading source code. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15449 [1] gdb tracing 'path' address 0x56204ccc67e0 to know how it is freed. Breakpoint 2, _tc_free_children_internal (tc=0x56204ccc6780, ptr=0x56204ccc67e0, location=0x7ff430d96410 "../../lib/talloc/talloc.c:1714") at ../../lib/talloc/talloc.c:1656 1656 while (tc->child) { (gdb) bt 0 _tc_free_children_internal (tc=0x56204ccc6780, ptr=0x56204ccc67e0, location=0x7ff430d96410 "../../lib/talloc/talloc.c:1714") at ../../lib/talloc/talloc.c:1656 1 0x00007ff430d92b14 in _tc_free_internal (tc=0x56204ccc6780, location=0x7ff430d96410 "../../lib/talloc/talloc.c:1714") at ../../lib/talloc/talloc.c:1183 2 0x00007ff430d93b71 in _tc_free_children_internal (tc=0x56204ccc6720, ptr=0x56204ccc6780, location=0x7ff430d96410 "../../lib/talloc/talloc.c:1714") at ../../lib/talloc/talloc.c:1668 3 0x00007ff430d93d66 in talloc_free_children (ptr=0x56204ccc6780) at ../../lib/talloc/talloc.c:1714 4 0x00007ff432235aca in talloc_pop (frame=0x56204ccc6780) at ../../lib/util/talloc_stack.c:125 5 0x00007ff430d92959 in _tc_free_internal (tc=0x56204ccc6720, location=0x7ff431f358d0 "../../source3/smbd/process.c:3726") at ../../lib/talloc/talloc.c:1157 6 0x00007ff430d92cd5 in _talloc_free_internal (ptr=0x56204ccc6780, location=0x7ff431f358d0 "../../source3/smbd/process.c:3726") at ../../lib/talloc/talloc.c:1247 7 0x00007ff430d93f96 in _talloc_free (ptr=0x56204ccc6780, location=0x7ff431f358d0 "../../source3/smbd/process.c:3726") at ../../lib/talloc/talloc.c:1791 8 0x00007ff431d81292 in smbd_tevent_trace_callback (point=TEVENT_TRACE_AFTER_LOOP_ONCE, private_data=0x7ffe46591e30) at ../../source3/smbd/process.c:3726 <...cut...> [2] gdb tracing 'path' address 0x55a6d66deed0 to know how it is freed. Breakpoint 2, _tc_free_children_internal (tc=0x55a6d66deed0, ptr=0x55a6d66def30, location=0x7fc4cca84040 "../../source3/rpc_server/mdssvc/srv_mdssvc_nt.c:189") at ../../lib/talloc/talloc.c:1656 1656 while (tc->child) { (gdb) bt 0 _tc_free_children_internal (tc=0x55a6d66deed0, ptr=0x55a6d66def30, location=0x7fc4cca84040 "../../source3/rpc_server/mdssvc/srv_mdssvc_nt.c:189") at ../../lib/talloc/talloc.c:1656 1 0x00007fc4cb892b14 in _tc_free_internal (tc=0x55a6d66deed0, location=0x7fc4cca84040 "../../source3/rpc_server/mdssvc/srv_mdssvc_nt.c:189") at ../../lib/talloc/talloc.c:1183 2 0x00007fc4cb892cd5 in _talloc_free_internal (ptr=0x55a6d66def30, location=0x7fc4cca84040 "../../source3/rpc_server/mdssvc/srv_mdssvc_nt.c:189") at ../../lib/talloc/talloc.c:1247 3 0x00007fc4cb893f96 in _talloc_free (ptr=0x55a6d66def30, location=0x7fc4cca84040 "../../source3/rpc_server/mdssvc/srv_mdssvc_nt.c:189") at ../../lib/talloc/talloc.c:1791 4 0x00007fc4cc9396e4 in _mdssvc_open (p=0x55a6d66d5600, r=0x55a6d66edc60) at ../../source3/rpc_server/mdssvc/srv_mdssvc_nt.c:189 <...cut...> Signed-off-by: Jones Syue <jonessyue@qnap.com> Reviewed-by: Noel Power <npower@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Noel Power <npower@samba.org> Autobuild-Date(master): Mon Aug 14 18:11:37 UTC 2023 on atb-devel-224 (cherry picked from commit 044cb8f9)
9e5f1a30 -
Jeremy Allison authored
We will need this to show smbd crashing in the test code. This will be removed once we're passing the test. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15420 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit e7bf94b4)
8e31fd2d -
Jeremy Allison authored
Shows that we indirect through an uninitialized pointer and the client crashes it's own smbd. Add knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15420 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit 963fd8aa)
6fef9767 -
Jeremy Allison authored
Robert Morris <rtm@lcs.mit.edu> noticed that in the case where srvstr_pull_req_talloc() is being called with buffer remaining == 0, we don't NULL out the destination pointed which is *always* done in the codepaths inside pull_string_talloc(). This prevents a crash in the caller. Remove knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15420 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit 9220c45c)
4c27dfe3 -
Jeremy Allison authored
Rather than restore to uninitialized, set to NULL as per modern coding practices. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15420 Reviewed-by: Volker Lendecke <vl@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit 5bc50d2e)
f025f51a -
Jeremy Allison authored
Now we've fixed srvstr_pull_req_talloc() this isn't strictly needed, but ensuring pointers are initialized is best practice to avoid future bugs. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15420 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Mon Aug 14 15:55:43 UTC 2023 on atb-devel-224 (cherry picked from commit 5379b8d5)
e6c0d4f1 -
Jeremy Allison authored
Robert Morris <rtm@lcs.mit.edu> noticed a missing return in reply_exit_done(). Adds knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15430 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <npower@samba.org> (cherry picked from commit 63895e03)
122afc37 -
Jeremy Allison authored
Remove knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15430 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <npower@samba.org> Autobuild-User(master): Noel Power <npower@samba.org> Autobuild-Date(master): Mon Aug 14 19:52:49 UTC 2023 on atb-devel-224 (cherry picked from commit d79d0508) Autobuild-User(v4-18-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-18-test): Wed Aug 16 11:49:39 UTC 2023 on atb-devel-224
320d6540 -
Jule Anger authored
Signed-off-by: Jule Anger <janger@samba.org>
87e193d9 -
Jule Anger authored
Signed-off-by: Jule Anger <janger@samba.org>
2613f2b2 -
Michael Tokarev authored124758a0
Showing
- VERSION 1 addition, 1 deletionVERSION
- WHATSNEW.txt 81 additions, 2 deletionsWHATSNEW.txt
- lib/cmdline/cmdline.c 15 additions, 2 deletionslib/cmdline/cmdline.c
- lib/cmdline/cmdline.h 3 additions, 1 deletionlib/cmdline/cmdline.h
- librpc/idl/dcerpc.idl 0 additions, 2 deletionslibrpc/idl/dcerpc.idl
- librpc/rpc/dcerpc_util.c 7 additions, 2 deletionslibrpc/rpc/dcerpc_util.c
- python/modules.c 35 additions, 0 deletionspython/modules.c
- python/modules.h 7 additions, 0 deletionspython/modules.h
- python/pyglue.c 60 additions, 0 deletionspython/pyglue.c
- python/samba/getopt.py 20 additions, 49 deletionspython/samba/getopt.py
- python/samba/safe_tarfile.py 1 addition, 1 deletionpython/samba/safe_tarfile.py
- python/samba/tests/blackbox/mdsearch.py 1 addition, 1 deletionpython/samba/tests/blackbox/mdsearch.py
- python/samba/tests/cred_opt.py 10 additions, 4 deletionspython/samba/tests/cred_opt.py
- python/samba/tests/dcerpc/mdssvc.py 3 additions, 3 deletionspython/samba/tests/dcerpc/mdssvc.py
- python/wscript 1 addition, 0 deletionspython/wscript
- selftest/target/Samba3.pm 5 additions, 0 deletionsselftest/target/Samba3.pm
- source3/libads/ldap.c 1 addition, 0 deletionssource3/libads/ldap.c
- source3/libnet/libnet_join.c 8 additions, 0 deletionssource3/libnet/libnet_join.c
- source3/modules/vfs_aio_pthread.c 9 additions, 1 deletionsource3/modules/vfs_aio_pthread.c
- source3/modules/vfs_widelinks.c 27 additions, 3 deletionssource3/modules/vfs_widelinks.c