Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • lts-team/packages/samba
  • thctlo/samba-lintianfix
  • arnaudr/samba
  • jrwren/samba
  • paride/samba
  • athos/samba
  • henrich/samba
  • cnotin/samba
  • mimi89999/samba
  • samba-team/samba
  • ahasenack/samba
  • jrtc27/samba
  • noel/samba
13 results
Show changes
Commits on Source (11)
samba (2:4.5.16+dfsg-1) UNRELEASED; urgency=medium
* New upstream release
-- Mathieu Parent <sathieu@debian.org> Sat, 29 Dec 2018 22:18:31 +0100
* New upstream release (latest 4.5.x)
- Drop merged patches
* Fix CVE-2018-14629 regression when there're more than 20 records on a non
CNAME record.
* Fix rmdir on non-empty samba directory (Closes: #915248)
* Ignore nmbd start errors when there is no non-loopback interface
(Closes: #893762)
* Ignore nmbd start errors when there is no local IPv4 non-loopback interface
(Closes: #859526)
* s3:ntlm_auth: fix memory leak in manage_gensec_request() (Closes: #919611)
-- Mathieu Parent <sathieu@debian.org> Fri, 18 Jan 2019 07:35:15 +0100
samba (2:4.5.12+dfsg-2+deb9u4) stretch-security; urgency=high
......
......@@ -191,3 +191,284 @@ index bef21f6bdaf..51a86198b54 100644
--
2.11.0
From 6c73a2b3d77115d69f99baa2452d6539c697fc3b Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 28 Nov 2018 15:21:56 +0100
Subject: [PATCH 1/2] CVE-2018-14629 dns: fix CNAME loop prevention using
counter regression
The loop prevention should only be done for CNAME records!
Otherwise we truncate the answer records for A, AAAA or
SRV queries, which is a bad idea if you have more than 20 DCs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600
Signed-off-by: Stefan Metzmacher <metze@samba.org>
---
source4/dns_server/dns_query.c | 29 ++++++++++++++++++++---------
1 file changed, 20 insertions(+), 9 deletions(-)
diff --git a/source4/dns_server/dns_query.c b/source4/dns_server/dns_query.c
index 0c26f9f8fb5..19c4dc32faa 100644
--- a/source4/dns_server/dns_query.c
+++ b/source4/dns_server/dns_query.c
@@ -439,7 +439,8 @@ static struct tevent_req *handle_authoritative_send(
TALLOC_CTX *mem_ctx, struct tevent_context *ev,
struct dns_server *dns, const char *forwarder,
struct dns_name_question *question,
- struct dns_res_rec **answers, struct dns_res_rec **nsrecs);
+ struct dns_res_rec **answers, struct dns_res_rec **nsrecs,
+ size_t cname_depth);
static WERROR handle_authoritative_recv(struct tevent_req *req);
struct handle_dnsrpcrec_state {
@@ -455,7 +456,8 @@ static struct tevent_req *handle_dnsrpcrec_send(
struct dns_server *dns, const char *forwarder,
const struct dns_name_question *question,
struct dnsp_DnssrvRpcRecord *rec,
- struct dns_res_rec **answers, struct dns_res_rec **nsrecs)
+ struct dns_res_rec **answers, struct dns_res_rec **nsrecs,
+ size_t cname_depth)
{
struct tevent_req *req, *subreq;
struct handle_dnsrpcrec_state *state;
@@ -471,7 +473,7 @@ static struct tevent_req *handle_dnsrpcrec_send(
state->answers = answers;
state->nsrecs = nsrecs;
- if (talloc_array_length(*answers) >= MAX_Q_RECURSION_DEPTH) {
+ if (cname_depth >= MAX_Q_RECURSION_DEPTH) {
tevent_req_done(req);
return tevent_req_post(req, ev);
}
@@ -516,7 +518,8 @@ static struct tevent_req *handle_dnsrpcrec_send(
if (dns_authoritative_for_zone(dns, new_q->name)) {
subreq = handle_authoritative_send(
state, ev, dns, forwarder, new_q,
- state->answers, state->nsrecs);
+ state->answers, state->nsrecs,
+ cname_depth + 1);
if (tevent_req_nomem(subreq, req)) {
return tevent_req_post(req, ev);
}
@@ -600,6 +603,8 @@ struct handle_authoritative_state {
struct dns_res_rec **answers;
struct dns_res_rec **nsrecs;
+
+ size_t cname_depth;
};
static void handle_authoritative_done(struct tevent_req *subreq);
@@ -608,7 +613,8 @@ static struct tevent_req *handle_authoritative_send(
TALLOC_CTX *mem_ctx, struct tevent_context *ev,
struct dns_server *dns, const char *forwarder,
struct dns_name_question *question,
- struct dns_res_rec **answers, struct dns_res_rec **nsrecs)
+ struct dns_res_rec **answers, struct dns_res_rec **nsrecs,
+ size_t cname_depth)
{
struct tevent_req *req, *subreq;
struct handle_authoritative_state *state;
@@ -626,6 +632,7 @@ static struct tevent_req *handle_authoritative_send(
state->forwarder = forwarder;
state->answers = answers;
state->nsrecs = nsrecs;
+ state->cname_depth = cname_depth;
werr = dns_name2dn(dns, state, question->name, &dn);
if (tevent_req_werror(req, werr)) {
@@ -647,7 +654,8 @@ static struct tevent_req *handle_authoritative_send(
subreq = handle_dnsrpcrec_send(
state, state->ev, state->dns, state->forwarder,
state->question, &state->recs[state->recs_done],
- state->answers, state->nsrecs);
+ state->answers, state->nsrecs,
+ state->cname_depth);
if (tevent_req_nomem(subreq, req)) {
return tevent_req_post(req, ev);
}
@@ -679,7 +687,8 @@ static void handle_authoritative_done(struct tevent_req *subreq)
subreq = handle_dnsrpcrec_send(
state, state->ev, state->dns, state->forwarder,
state->question, &state->recs[state->recs_done],
- state->answers, state->nsrecs);
+ state->answers, state->nsrecs,
+ state->cname_depth);
if (tevent_req_nomem(subreq, req)) {
return;
}
@@ -1010,7 +1019,8 @@ struct tevent_req *dns_server_process_query_send(
subreq = handle_authoritative_send(
state, ev, dns, (forwarders == NULL ? NULL : forwarders[0]),
- &in->questions[0], &state->answers, &state->nsrecs);
+ &in->questions[0], &state->answers, &state->nsrecs,
+ 0); /* cname_depth */
if (tevent_req_nomem(subreq, req)) {
return tevent_req_post(req, ev);
}
@@ -1112,7 +1122,8 @@ static void dns_server_process_query_got_auth(struct tevent_req *subreq)
subreq = handle_authoritative_send(state, state->ev, state->dns,
state->forwarders->forwarder,
state->question, &state->answers,
- &state->nsrecs);
+ &state->nsrecs,
+ 0); /* cname_depth */
if (tevent_req_nomem(subreq, req)) {
return;
--
2.19.2
From 77fac10d0171b731bce38e5596928b6d618ed4d8 Mon Sep 17 00:00:00 2001
From: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Date: Fri, 30 Nov 2018 18:37:27 +1300
Subject: [PATCH 2/2] CVE-2018-14629: Tests to expose regression from dns cname
loop fix
These tests expose the regression described by Stefan Metzmacher in
discussion on the bugzilla paged linked below.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
---
python/samba/tests/dns.py | 97 +++++++++++++++++++++++++++++++++++++++
selftest/knownfail.d/dns | 14 +++++-
2 files changed, 109 insertions(+), 2 deletions(-)
diff --git a/python/samba/tests/dns.py b/python/samba/tests/dns.py
index 102269c7156..65e4a3b0b3f 100644
--- a/python/samba/tests/dns.py
+++ b/python/samba/tests/dns.py
@@ -918,6 +918,103 @@ class TestComplexQueries(DNSTest):
max_recursion_depth = 20
self.assertEquals(len(response.answers), max_recursion_depth)
+ # Make sure cname limit doesn't count other records. This is a generic
+ # test called in tests below
+ def max_rec_test(self, rtype, rec_gen):
+ name = "limittestrec{0}.{1}".format(rtype, self.get_dns_domain())
+ limit = 20
+ num_recs_to_enter = limit + 5
+
+ for i in range(1, num_recs_to_enter+1):
+ ip = rec_gen(i)
+ self.make_dns_update(name, ip, rtype)
+
+ p = self.make_name_packet(dns.DNS_OPCODE_QUERY)
+ questions = []
+
+ q = self.make_name_question(name,
+ rtype,
+ dns.DNS_QCLASS_IN)
+ questions.append(q)
+ self.finish_name_packet(p, questions)
+
+ response = self.dns_transaction_udp(p, host=self.server_ip)
+
+ self.assertEqual(len(response.answers), num_recs_to_enter)
+
+ def test_record_limit_A(self):
+ def ip4_gen(i):
+ return "127.0.0." + str(i)
+ self.max_rec_test(rtype=dns.DNS_QTYPE_A, rec_gen=ip4_gen)
+
+ def test_record_limit_AAAA(self):
+ def ip6_gen(i):
+ return "AAAA:0:0:0:0:0:0:" + str(i)
+ self.max_rec_test(rtype=dns.DNS_QTYPE_AAAA, rec_gen=ip6_gen)
+
+ def test_record_limit_SRV(self):
+ def srv_gen(i):
+ rec = dns.srv_record()
+ rec.priority = 1
+ rec.weight = 1
+ rec.port = 92
+ rec.target = "srvtestrec" + str(i)
+ return rec
+ self.max_rec_test(rtype=dns.DNS_QTYPE_SRV, rec_gen=srv_gen)
+
+ # Same as test_record_limit_A but with a preceding CNAME follow
+ def test_cname_limit(self):
+ cname1 = "cnamelimittestrec." + self.get_dns_domain()
+ cname2 = "cnamelimittestrec2." + self.get_dns_domain()
+ cname3 = "cnamelimittestrec3." + self.get_dns_domain()
+ ip_prefix = '127.0.0.'
+ limit = 20
+ num_recs_to_enter = limit + 5
+
+ self.make_dns_update(cname1, cname2, dnsp.DNS_TYPE_CNAME)
+ self.make_dns_update(cname2, cname3, dnsp.DNS_TYPE_CNAME)
+ num_arecs_to_enter = num_recs_to_enter - 2
+ for i in range(1, num_arecs_to_enter+1):
+ ip = ip_prefix + str(i)
+ self.make_dns_update(cname3, ip, dns.DNS_QTYPE_A)
+
+ p = self.make_name_packet(dns.DNS_OPCODE_QUERY)
+ questions = []
+
+ q = self.make_name_question(cname1,
+ dns.DNS_QTYPE_A,
+ dns.DNS_QCLASS_IN)
+ questions.append(q)
+ self.finish_name_packet(p, questions)
+
+ response = self.dns_transaction_udp(p, host=self.server_ip)
+
+ self.assertEqual(len(response.answers), num_recs_to_enter)
+
+ # ANY query on cname record shouldn't follow the link
+ def test_cname_any_query(self):
+ cname1 = "cnameanytestrec." + self.get_dns_domain()
+ cname2 = "cnameanytestrec2." + self.get_dns_domain()
+ cname3 = "cnameanytestrec3." + self.get_dns_domain()
+
+ self.make_dns_update(cname1, cname2, dnsp.DNS_TYPE_CNAME)
+ self.make_dns_update(cname2, cname3, dnsp.DNS_TYPE_CNAME)
+
+ p = self.make_name_packet(dns.DNS_OPCODE_QUERY)
+ questions = []
+
+ q = self.make_name_question(cname1,
+ dns.DNS_QTYPE_ALL,
+ dns.DNS_QCLASS_IN)
+ questions.append(q)
+ self.finish_name_packet(p, questions)
+
+ response = self.dns_transaction_udp(p, host=self.server_ip)
+
+ self.assertEqual(len(response.answers), 1)
+ self.assertEqual(response.answers[0].name, cname1)
+ self.assertEqual(response.answers[0].rdata, cname2)
+
class TestInvalidQueries(DNSTest):
diff --git a/selftest/knownfail.d/dns b/selftest/knownfail.d/dns
index 916afc1af85..a9b16eaac2a 100644
--- a/selftest/knownfail.d/dns
+++ b/selftest/knownfail.d/dns
@@ -1,5 +1,15 @@
#
-# rodc and vampire_dc require signed dns updates, so the test setup
-# fails, but the test does run on fl2003dc
+# rodc and vampire_dc require signed dns updates, so these tests' setups
+# fail, but they pass on fl2003dc
^samba.tests.dns.__main__.TestComplexQueries.test_cname_loop\(rodc:local\)
^samba.tests.dns.__main__.TestComplexQueries.test_cname_loop\(vampire_dc:local\)
+^samba.tests.dns.__main__.TestComplexQueries.test_record_limit_A\(rodc:local\)
+^samba.tests.dns.__main__.TestComplexQueries.test_record_limit_A\(vampire_dc:local\)
+^samba.tests.dns.__main__.TestComplexQueries.test_record_limit_AAAA\(rodc:local\)
+^samba.tests.dns.__main__.TestComplexQueries.test_record_limit_AAAA\(vampire_dc:local\)
+^samba.tests.dns.__main__.TestComplexQueries.test_record_limit_SRV\(rodc:local\)
+^samba.tests.dns.__main__.TestComplexQueries.test_record_limit_SRV\(vampire_dc:local\)
+^samba.tests.dns.__main__.TestComplexQueries.test_cname_limit\(vampire_dc:local\)
+^samba.tests.dns.__main__.TestComplexQueries.test_cname_limit\(rodc:local\)
+^samba.tests.dns.__main__.TestComplexQueries.test_cname_any_query\(vampire_dc:local\)
+^samba.tests.dns.__main__.TestComplexQueries.test_cname_any_query\(rodc:local\)
--
2.19.2
From: Anoop C S <anoopcs@redhat.com>
Date: Thu, 9 Aug 2018 12:28:41 +0530
Subject: s3/libsmb: Explicitly set delete_on_close token for rmdir
The current implementation of `rmdir` hopes to get the directory deleted
on closing last open handle when FILE_DELETE_ON_CLOSE is set on it. But
for non-empty directories Windows doesn't error out during an open call.
Following that we internally refuse to set initial delete_on_close while
opening a non-empty directory. This prevents us from trying to delete
the directory when last open handle is closed.
Instead of relying on FILE_DELETE_ON_CLOSE during an open we explicitly
set delete_on_close token on directory handle once it is available. This
ensures that NT_STATUS_DIRECTORY_NOT_EMPTY is returned for `rmdir` on
non-empty directories while closing open directory handle.
Applied-Upstream: https://github.com/samba-team/samba/commit/6b68e3eca631c04d6d57c489daf60f64732fc86d
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13204
Bug-Debian: https://bugs.debian.org/915248
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1795772
diff --git a/source3/libsmb/cli_smb2_fnum.c b/source3/libsmb/cli_smb2_fnum.c
index 237e6bb2b..d4ff8bd28 100644
--- a/source3/libsmb/cli_smb2_fnum.c
+++ b/source3/libsmb/cli_smb2_fnum.c
@@ -682,13 +682,20 @@ NTSTATUS cli_smb2_rmdir(struct cli_state *cli, const char *dname)
FILE_ATTRIBUTE_DIRECTORY, /* file attributes */
FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, /* share_access */
FILE_OPEN, /* create_disposition */
- FILE_DIRECTORY_FILE|FILE_DELETE_ON_CLOSE, /* create_options */
+ FILE_DIRECTORY_FILE, /* create_options */
&fnum,
NULL);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
+
+ status = cli_smb2_delete_on_close(cli, fnum, true);
+ if (!NT_STATUS_IS_OK(status)) {
+ cli_smb2_close_fnum(cli, fnum);
+ return status;
+ }
+
return cli_smb2_close_fnum(cli, fnum);
}
From 1606ab1baf02c8d3797fdc6f347af2c8552996a0 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 4 Apr 2017 11:52:56 +0200
Subject: [PATCH] s3:ntlm_auth: fix memory leak in manage_gensec_request()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12736
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit e999b798c6484de3cddad988406f97fc4cc7af79)
Bug-Debian: https://bugs.debian.org/919611
---
source3/utils/ntlm_auth.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index 84269a139a3..d35e8f050b6 100644
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -1290,6 +1290,8 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
TALLOC_CTX *mem_ctx;
+ mem_ctx = talloc_named(NULL, 0, "manage_gensec_request internal mem_ctx");
+
if (*private1) {
state = (struct gensec_ntlm_state *)*private1;
} else {
@@ -1307,6 +1309,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
if (strlen(buf) < 2) {
DEBUG(1, ("query [%s] invalid", buf));
x_fprintf(x_stdout, "BH Query invalid\n");
+ talloc_free(mem_ctx);
return;
}
@@ -1316,9 +1319,10 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
talloc_free(want_feature_list);
want_feature_list = talloc_strndup(state, buf+3, strlen(buf)-3);
x_fprintf(x_stdout, "OK\n");
+ talloc_free(mem_ctx);
return;
}
- in = base64_decode_data_blob(buf + 3);
+ in = base64_decode_data_blob_talloc(mem_ctx, buf + 3);
} else {
in = data_blob(NULL, 0);
}
@@ -1331,7 +1335,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
} else if ( (strncmp(buf, "OK", 2) == 0)) {
/* Just return BH, like ntlm_auth from Samba 3 does. */
x_fprintf(x_stdout, "BH Command expected\n");
- data_blob_free(&in);
+ talloc_free(mem_ctx);
return;
} else if ( (strncmp(buf, "TT ", 3) != 0) &&
(strncmp(buf, "KK ", 3) != 0) &&
@@ -1343,12 +1347,10 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
(strncmp(buf, "GF", 2) != 0)) {
DEBUG(1, ("SPNEGO request [%s] invalid prefix\n", buf));
x_fprintf(x_stdout, "BH SPNEGO request invalid prefix\n");
- data_blob_free(&in);
+ talloc_free(mem_ctx);
return;
}
- mem_ctx = talloc_named(NULL, 0, "manage_gensec_request internal mem_ctx");
-
/* setup gensec */
if (!(state->gensec_state)) {
switch (stdio_helper_mode) {
@@ -1478,7 +1480,6 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
state->set_password,
CRED_SPECIFIED);
x_fprintf(x_stdout, "OK\n");
- data_blob_free(&in);
talloc_free(mem_ctx);
return;
}
@@ -1510,10 +1511,12 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
neg_flags = gensec_ntlmssp_neg_flags(state->gensec_state);
if (neg_flags == 0) {
x_fprintf(x_stdout, "BH\n");
+ talloc_free(mem_ctx);
return;
}
x_fprintf(x_stdout, "GF 0x%08x\n", neg_flags);
+ talloc_free(mem_ctx);
return;
}
--
2.19.2
......@@ -21,3 +21,5 @@ CVE-2018-10858-4.6.patch
CVE-2018-14629-v4-5.patch
CVE-2018-16841-master.patch
CVE-2018-16851-master.patch
fix-rmdir.patch
s3-ntlm_auth-fix-memory-leak-in-manage_gensec_reques.patch
......@@ -209,7 +209,7 @@ override_dh_installchangelogs:
override_dh_installinit:
ifneq (,$(filter samba, $(shell dh_listpackages)))
dh_installinit -psamba --name smbd
dh_installinit -psamba --name nmbd
dh_installinit -psamba --name nmbd --error-handler nmbd_error_handler
dh_installinit -psamba --name samba-ad-dc
dh_installinit -psamba --noscripts
dh_installinit -psamba --no-start --name reload-smbd
......
......@@ -6,6 +6,23 @@
set -e
nmbd_error_handler() {
if [ -d /sys/class/net/lo ] && ls /sys/class/net | grep -qv ^lo$; then
# https://bugs.debian.org/893762
echo 'WARNING: nmbd failed to start as there is no non-loopback interfaces available.'
echo 'Either add an interface or set "disable netbios = yes" in smb.conf and run "systemctl mask nmbd"'
return 0
elif command -v ip > /dev/null && ip a show | grep '^[[:space:]]*inet ' | grep -vq ' lo$'; then
# https://bugs.debian.org/859526
echo 'WARNING: nmbd failed to start as there is no local IPv4 non-loopback interfaces available.'
echo 'Either add an IPv4 address or set "disable netbios = yes" in smb.conf and run "systemctl mask nmbd"'
return 0
else
echo 'ERROR: nmbd failed to start.'
return 1 # caught by set -e
fi
}
# We generate several files during the postinst, and we don't want
# them to be readable only by root.
umask 022
......
......@@ -918,6 +918,103 @@ class TestComplexQueries(DNSTest):
max_recursion_depth = 20
self.assertEquals(len(response.answers), max_recursion_depth)
# Make sure cname limit doesn't count other records. This is a generic
# test called in tests below
def max_rec_test(self, rtype, rec_gen):
name = "limittestrec{0}.{1}".format(rtype, self.get_dns_domain())
limit = 20
num_recs_to_enter = limit + 5
for i in range(1, num_recs_to_enter+1):
ip = rec_gen(i)
self.make_dns_update(name, ip, rtype)
p = self.make_name_packet(dns.DNS_OPCODE_QUERY)
questions = []
q = self.make_name_question(name,
rtype,
dns.DNS_QCLASS_IN)
questions.append(q)
self.finish_name_packet(p, questions)
response = self.dns_transaction_udp(p, host=self.server_ip)
self.assertEqual(len(response.answers), num_recs_to_enter)
def test_record_limit_A(self):
def ip4_gen(i):
return "127.0.0." + str(i)
self.max_rec_test(rtype=dns.DNS_QTYPE_A, rec_gen=ip4_gen)
def test_record_limit_AAAA(self):
def ip6_gen(i):
return "AAAA:0:0:0:0:0:0:" + str(i)
self.max_rec_test(rtype=dns.DNS_QTYPE_AAAA, rec_gen=ip6_gen)
def test_record_limit_SRV(self):
def srv_gen(i):
rec = dns.srv_record()
rec.priority = 1
rec.weight = 1
rec.port = 92
rec.target = "srvtestrec" + str(i)
return rec
self.max_rec_test(rtype=dns.DNS_QTYPE_SRV, rec_gen=srv_gen)
# Same as test_record_limit_A but with a preceding CNAME follow
def test_cname_limit(self):
cname1 = "cnamelimittestrec." + self.get_dns_domain()
cname2 = "cnamelimittestrec2." + self.get_dns_domain()
cname3 = "cnamelimittestrec3." + self.get_dns_domain()
ip_prefix = '127.0.0.'
limit = 20
num_recs_to_enter = limit + 5
self.make_dns_update(cname1, cname2, dnsp.DNS_TYPE_CNAME)
self.make_dns_update(cname2, cname3, dnsp.DNS_TYPE_CNAME)
num_arecs_to_enter = num_recs_to_enter - 2
for i in range(1, num_arecs_to_enter+1):
ip = ip_prefix + str(i)
self.make_dns_update(cname3, ip, dns.DNS_QTYPE_A)
p = self.make_name_packet(dns.DNS_OPCODE_QUERY)
questions = []
q = self.make_name_question(cname1,
dns.DNS_QTYPE_A,
dns.DNS_QCLASS_IN)
questions.append(q)
self.finish_name_packet(p, questions)
response = self.dns_transaction_udp(p, host=self.server_ip)
self.assertEqual(len(response.answers), num_recs_to_enter)
# ANY query on cname record shouldn't follow the link
def test_cname_any_query(self):
cname1 = "cnameanytestrec." + self.get_dns_domain()
cname2 = "cnameanytestrec2." + self.get_dns_domain()
cname3 = "cnameanytestrec3." + self.get_dns_domain()
self.make_dns_update(cname1, cname2, dnsp.DNS_TYPE_CNAME)
self.make_dns_update(cname2, cname3, dnsp.DNS_TYPE_CNAME)
p = self.make_name_packet(dns.DNS_OPCODE_QUERY)
questions = []
q = self.make_name_question(cname1,
dns.DNS_QTYPE_ALL,
dns.DNS_QCLASS_IN)
questions.append(q)
self.finish_name_packet(p, questions)
response = self.dns_transaction_udp(p, host=self.server_ip)
self.assertEqual(len(response.answers), 1)
self.assertEqual(response.answers[0].name, cname1)
self.assertEqual(response.answers[0].rdata, cname2)
class TestInvalidQueries(DNSTest):
......
#
# rodc and vampire_dc require signed dns updates, so the test setup
# fails, but the test does run on fl2003dc
# rodc and vampire_dc require signed dns updates, so these tests' setups
# fail, but they pass on fl2003dc
^samba.tests.dns.__main__.TestComplexQueries.test_cname_loop\(rodc:local\)
^samba.tests.dns.__main__.TestComplexQueries.test_cname_loop\(vampire_dc:local\)
^samba.tests.dns.__main__.TestComplexQueries.test_record_limit_A\(rodc:local\)
^samba.tests.dns.__main__.TestComplexQueries.test_record_limit_A\(vampire_dc:local\)
^samba.tests.dns.__main__.TestComplexQueries.test_record_limit_AAAA\(rodc:local\)
^samba.tests.dns.__main__.TestComplexQueries.test_record_limit_AAAA\(vampire_dc:local\)
^samba.tests.dns.__main__.TestComplexQueries.test_record_limit_SRV\(rodc:local\)
^samba.tests.dns.__main__.TestComplexQueries.test_record_limit_SRV\(vampire_dc:local\)
^samba.tests.dns.__main__.TestComplexQueries.test_cname_limit\(vampire_dc:local\)
^samba.tests.dns.__main__.TestComplexQueries.test_cname_limit\(rodc:local\)
^samba.tests.dns.__main__.TestComplexQueries.test_cname_any_query\(vampire_dc:local\)
^samba.tests.dns.__main__.TestComplexQueries.test_cname_any_query\(rodc:local\)
......@@ -550,13 +550,20 @@ NTSTATUS cli_smb2_rmdir(struct cli_state *cli, const char *dname)
FILE_ATTRIBUTE_DIRECTORY, /* file attributes */
FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, /* share_access */
FILE_OPEN, /* create_disposition */
FILE_DIRECTORY_FILE|FILE_DELETE_ON_CLOSE, /* create_options */
FILE_DIRECTORY_FILE, /* create_options */
&fnum,
NULL);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
status = cli_smb2_delete_on_close(cli, fnum, true);
if (!NT_STATUS_IS_OK(status)) {
cli_smb2_close_fnum(cli, fnum);
return status;
}
return cli_smb2_close_fnum(cli, fnum);
}
......
......@@ -1290,6 +1290,8 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
TALLOC_CTX *mem_ctx;
mem_ctx = talloc_named(NULL, 0, "manage_gensec_request internal mem_ctx");
if (*private1) {
state = (struct gensec_ntlm_state *)*private1;
} else {
......@@ -1307,6 +1309,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
if (strlen(buf) < 2) {
DEBUG(1, ("query [%s] invalid", buf));
x_fprintf(x_stdout, "BH Query invalid\n");
talloc_free(mem_ctx);
return;
}
......@@ -1316,9 +1319,10 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
talloc_free(want_feature_list);
want_feature_list = talloc_strndup(state, buf+3, strlen(buf)-3);
x_fprintf(x_stdout, "OK\n");
talloc_free(mem_ctx);
return;
}
in = base64_decode_data_blob(buf + 3);
in = base64_decode_data_blob_talloc(mem_ctx, buf + 3);
} else {
in = data_blob(NULL, 0);
}
......@@ -1331,7 +1335,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
} else if ( (strncmp(buf, "OK", 2) == 0)) {
/* Just return BH, like ntlm_auth from Samba 3 does. */
x_fprintf(x_stdout, "BH Command expected\n");
data_blob_free(&in);
talloc_free(mem_ctx);
return;
} else if ( (strncmp(buf, "TT ", 3) != 0) &&
(strncmp(buf, "KK ", 3) != 0) &&
......@@ -1343,12 +1347,10 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
(strncmp(buf, "GF", 2) != 0)) {
DEBUG(1, ("SPNEGO request [%s] invalid prefix\n", buf));
x_fprintf(x_stdout, "BH SPNEGO request invalid prefix\n");
data_blob_free(&in);
talloc_free(mem_ctx);
return;
}
mem_ctx = talloc_named(NULL, 0, "manage_gensec_request internal mem_ctx");
/* setup gensec */
if (!(state->gensec_state)) {
switch (stdio_helper_mode) {
......@@ -1478,7 +1480,6 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
state->set_password,
CRED_SPECIFIED);
x_fprintf(x_stdout, "OK\n");
data_blob_free(&in);
talloc_free(mem_ctx);
return;
}
......@@ -1510,10 +1511,12 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
neg_flags = gensec_ntlmssp_neg_flags(state->gensec_state);
if (neg_flags == 0) {
x_fprintf(x_stdout, "BH\n");
talloc_free(mem_ctx);
return;
}
x_fprintf(x_stdout, "GF 0x%08x\n", neg_flags);
talloc_free(mem_ctx);
return;
}
......
......@@ -439,7 +439,8 @@ static struct tevent_req *handle_authoritative_send(
TALLOC_CTX *mem_ctx, struct tevent_context *ev,
struct dns_server *dns, const char *forwarder,
struct dns_name_question *question,
struct dns_res_rec **answers, struct dns_res_rec **nsrecs);
struct dns_res_rec **answers, struct dns_res_rec **nsrecs,
size_t cname_depth);
static WERROR handle_authoritative_recv(struct tevent_req *req);
struct handle_dnsrpcrec_state {
......@@ -455,7 +456,8 @@ static struct tevent_req *handle_dnsrpcrec_send(
struct dns_server *dns, const char *forwarder,
const struct dns_name_question *question,
struct dnsp_DnssrvRpcRecord *rec,
struct dns_res_rec **answers, struct dns_res_rec **nsrecs)
struct dns_res_rec **answers, struct dns_res_rec **nsrecs,
size_t cname_depth)
{
struct tevent_req *req, *subreq;
struct handle_dnsrpcrec_state *state;
......@@ -471,7 +473,7 @@ static struct tevent_req *handle_dnsrpcrec_send(
state->answers = answers;
state->nsrecs = nsrecs;
if (talloc_array_length(*answers) >= MAX_Q_RECURSION_DEPTH) {
if (cname_depth >= MAX_Q_RECURSION_DEPTH) {
tevent_req_done(req);
return tevent_req_post(req, ev);
}
......@@ -516,7 +518,8 @@ static struct tevent_req *handle_dnsrpcrec_send(
if (dns_authoritative_for_zone(dns, new_q->name)) {
subreq = handle_authoritative_send(
state, ev, dns, forwarder, new_q,
state->answers, state->nsrecs);
state->answers, state->nsrecs,
cname_depth + 1);
if (tevent_req_nomem(subreq, req)) {
return tevent_req_post(req, ev);
}
......@@ -600,6 +603,8 @@ struct handle_authoritative_state {
struct dns_res_rec **answers;
struct dns_res_rec **nsrecs;
size_t cname_depth;
};
static void handle_authoritative_done(struct tevent_req *subreq);
......@@ -608,7 +613,8 @@ static struct tevent_req *handle_authoritative_send(
TALLOC_CTX *mem_ctx, struct tevent_context *ev,
struct dns_server *dns, const char *forwarder,
struct dns_name_question *question,
struct dns_res_rec **answers, struct dns_res_rec **nsrecs)
struct dns_res_rec **answers, struct dns_res_rec **nsrecs,
size_t cname_depth)
{
struct tevent_req *req, *subreq;
struct handle_authoritative_state *state;
......@@ -626,6 +632,7 @@ static struct tevent_req *handle_authoritative_send(
state->forwarder = forwarder;
state->answers = answers;
state->nsrecs = nsrecs;
state->cname_depth = cname_depth;
werr = dns_name2dn(dns, state, question->name, &dn);
if (tevent_req_werror(req, werr)) {
......@@ -647,7 +654,8 @@ static struct tevent_req *handle_authoritative_send(
subreq = handle_dnsrpcrec_send(
state, state->ev, state->dns, state->forwarder,
state->question, &state->recs[state->recs_done],
state->answers, state->nsrecs);
state->answers, state->nsrecs,
state->cname_depth);
if (tevent_req_nomem(subreq, req)) {
return tevent_req_post(req, ev);
}
......@@ -679,7 +687,8 @@ static void handle_authoritative_done(struct tevent_req *subreq)
subreq = handle_dnsrpcrec_send(
state, state->ev, state->dns, state->forwarder,
state->question, &state->recs[state->recs_done],
state->answers, state->nsrecs);
state->answers, state->nsrecs,
state->cname_depth);
if (tevent_req_nomem(subreq, req)) {
return;
}
......@@ -1010,7 +1019,8 @@ struct tevent_req *dns_server_process_query_send(
subreq = handle_authoritative_send(
state, ev, dns, (forwarders == NULL ? NULL : forwarders[0]),
&in->questions[0], &state->answers, &state->nsrecs);
&in->questions[0], &state->answers, &state->nsrecs,
0); /* cname_depth */
if (tevent_req_nomem(subreq, req)) {
return tevent_req_post(req, ev);
}
......@@ -1112,7 +1122,8 @@ static void dns_server_process_query_got_auth(struct tevent_req *subreq)
subreq = handle_authoritative_send(state, state->ev, state->dns,
state->forwarders->forwarder,
state->question, &state->answers,
&state->nsrecs);
&state->nsrecs,
0); /* cname_depth */
if (tevent_req_nomem(subreq, req)) {
return;
......