Rebase on 4.7.1-9

tags/samba-4.7.1-9.99.dc.beta1
Daniel Berteaud 6 years ago
parent 03eaaa0ae3
commit 1ea2856acd
  1. 30
      samba-4.7-fix_dns_segfault_during_net_ads_join.patch
  2. 105
      samba-4.7-fix_segfault_in_NT1_connection_setup.patch
  3. 33
      samba-4.7-fix_segfault_in_keytab_handling.patch
  4. 130
      samba-4.7-fix_segfault_in_smbclient_dfsgetinfo.patch
  5. 2595
      samba-4.7-fix_smb2_anonymous_connections.patch
  6. 81
      samba.spec

@ -0,0 +1,30 @@
From e3f491fde52c3c7f31b0137125cb0ab1d5721f87 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Thu, 17 May 2018 11:53:18 +0200
Subject: [PATCH] s3:utils: Do not segfault on error in DoDNSUpdate()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13440
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit cdd98aa1e2116fb97e16718d115ee883fe1bc8ba)
---
source3/utils/net_dns.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/source3/utils/net_dns.c b/source3/utils/net_dns.c
index d972a5d4bad..9ee856c0059 100644
--- a/source3/utils/net_dns.c
+++ b/source3/utils/net_dns.c
@@ -75,6 +75,7 @@ DNS_ERROR DoDNSUpdate(char *pszServerName,
if (!ERR_DNS_IS_OK(err)) {
DEBUG(3,("DoDNSUpdate: failed to probe DNS\n"));
+ goto error;
}
if ((dns_response_code(resp->flags) == DNS_NO_ERROR) &&
--
2.16.3

@ -0,0 +1,105 @@
From 27bd0925c556ff69ce5db306f513eb4e4e7d4c7e Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Mon, 19 Feb 2018 18:07:50 +0100
Subject: [PATCH] s3:smbd: Do not crash if we fail to init the session table
This should the following segfault with SMB1:
#6 sig_fault (sig=<optimized out>) at ../lib/util/fault.c:94
#7 <signal handler called>
#8 smbXsrv_session_create (conn=conn@entry=0x5654d3512af0, now=now@entry=131594481900356690, _session=_session@entry=0x7ffc93a778e8)
at ../source3/smbd/smbXsrv_session.c:1212
#9 0x00007f7618aa21ef in reply_sesssetup_and_X (req=req@entry=0x5654d35174b0) at ../source3/smbd/sesssetup.c:961
#10 0x00007f7618ae17b0 in switch_message (type=<optimized out>, req=req@entry=0x5654d35174b0) at ../source3/smbd/process.c:1726
#11 0x00007f7618ae3550 in construct_reply (deferred_pcd=0x0, encrypted=false, seqnum=0, unread_bytes=0, size=140, inbuf=0x0, xconn=0x5654d35146d0)
at ../source3/smbd/process.c:1762
#12 process_smb (xconn=xconn@entry=0x5654d3512af0, inbuf=<optimized out>, nread=140, unread_bytes=0, seqnum=0, encrypted=<optimized out>,
deferred_pcd=deferred_pcd@entry=0x0) at ../source3/smbd/process.c:2008
#13 0x00007f7618ae4c41 in smbd_server_connection_read_handler (xconn=0x5654d3512af0, fd=40) at ../source3/smbd/process.c:2608
#14 0x00007f761587eedb in epoll_event_loop_once () from /lib64/libtevent.so.0
Inspection the core shows that:
conn->client-session_table is NULL
conn->protocol is PROTOCOL_NONE
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13315
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit a89a7146563f2d9eb8bc02f1c090158ee499c878)
---
source3/smbd/negprot.c | 23 ++++++++++++++++++++---
1 file changed, 20 insertions(+), 3 deletions(-)
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index d3f4776076f..70249f7b446 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -65,6 +65,8 @@ static void reply_lanman1(struct smb_request *req, uint16_t choice)
time_t t = time(NULL);
struct smbXsrv_connection *xconn = req->xconn;
uint16_t raw;
+ NTSTATUS status;
+
if (lp_async_smb_echo_handler()) {
raw = 0;
} else {
@@ -88,7 +90,11 @@ static void reply_lanman1(struct smb_request *req, uint16_t choice)
SSVAL(req->outbuf,smb_vwv11, 8);
}
- smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN1);
+ status = smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN1);
+ if (!NT_STATUS_IS_OK(status)) {
+ reply_nterror(req, status);
+ return;
+ }
/* Reply, SMBlockread, SMBwritelock supported. */
SCVAL(req->outbuf,smb_flg, FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
@@ -115,6 +121,8 @@ static void reply_lanman2(struct smb_request *req, uint16_t choice)
time_t t = time(NULL);
struct smbXsrv_connection *xconn = req->xconn;
uint16_t raw;
+ NTSTATUS status;
+
if (lp_async_smb_echo_handler()) {
raw = 0;
} else {
@@ -140,7 +148,11 @@ static void reply_lanman2(struct smb_request *req, uint16_t choice)
SSVAL(req->outbuf,smb_vwv11, 8);
}
- smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN2);
+ status = smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN2);
+ if (!NT_STATUS_IS_OK(status)) {
+ reply_nterror(req, status);
+ return;
+ }
/* Reply, SMBlockread, SMBwritelock supported. */
SCVAL(req->outbuf,smb_flg,FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
@@ -260,6 +272,7 @@ static void reply_nt1(struct smb_request *req, uint16_t choice)
struct smbXsrv_connection *xconn = req->xconn;
bool signing_desired = false;
bool signing_required = false;
+ NTSTATUS status;
xconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
@@ -337,7 +350,11 @@ static void reply_nt1(struct smb_request *req, uint16_t choice)
SSVAL(req->outbuf,smb_vwv0,choice);
SCVAL(req->outbuf,smb_vwv1,secword);
- smbXsrv_connection_init_tables(xconn, PROTOCOL_NT1);
+ status = smbXsrv_connection_init_tables(xconn, PROTOCOL_NT1);
+ if (!NT_STATUS_IS_OK(status)) {
+ reply_nterror(req, status);
+ return;
+ }
SSVAL(req->outbuf,smb_vwv1+1, lp_max_mux()); /* maxmpx */
SSVAL(req->outbuf,smb_vwv2+1, 1); /* num vcs */
--
2.16.2

@ -0,0 +1,33 @@
From 8fb23665ddad8f65a6461c310ed5680d104fd9bf Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 17 Apr 2018 08:55:23 +0200
Subject: [PATCH] s3:passdb: Do not return OK if we don't have pinfo set up
This prevents a crash in fill_mem_keytab_from_secrets()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13376
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 99859479fc6e12b2f74ce2dfa83da56d8b8f3d26)
---
source3/passdb/machine_account_secrets.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source3/passdb/machine_account_secrets.c b/source3/passdb/machine_account_secrets.c
index 75f31cb04e2..d36fa268a4b 100644
--- a/source3/passdb/machine_account_secrets.c
+++ b/source3/passdb/machine_account_secrets.c
@@ -1317,7 +1317,7 @@ NTSTATUS secrets_fetch_or_upgrade_domain_info(const char *domain,
last_set_time = secrets_fetch_pass_last_set_time(domain);
if (last_set_time == 0) {
- return NT_STATUS_OK;
+ return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
}
unix_to_nt_time(&last_set_nt, last_set_time);
--
2.16.3

@ -0,0 +1,130 @@
From 2f6d1b8b5a1643082d93f338b0528b861caeff80 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Wed, 11 Apr 2018 10:42:21 +0200
Subject: [PATCH] rpc_server: Init local_server_* in
make_internal_rpc_pipe_socketpair
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13370
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Apr 11 15:19:19 CEST 2018 on sn-devel-144
(cherry picked from commit 212815969f4a706bc8395e2f6dbf225318ff2ad7)
---
source3/rpc_server/rpc_ncacn_np.c | 31 +++++++++++++++++++++++--------
source3/rpc_server/rpc_ncacn_np.h | 18 ++++++++++--------
source3/rpc_server/srv_pipe_hnd.c | 18 ++++++++++--------
3 files changed, 43 insertions(+), 24 deletions(-)
diff --git a/source3/rpc_server/rpc_ncacn_np.c b/source3/rpc_server/rpc_ncacn_np.c
index 0728f54b092..d7e7785248d 100644
--- a/source3/rpc_server/rpc_ncacn_np.c
+++ b/source3/rpc_server/rpc_ncacn_np.c
@@ -69,14 +69,16 @@ fail:
return NULL;
}
-NTSTATUS make_internal_rpc_pipe_socketpair(TALLOC_CTX *mem_ctx,
- struct tevent_context *ev_ctx,
- struct messaging_context *msg_ctx,
- const char *pipe_name,
- const struct ndr_syntax_id *syntax,
- const struct tsocket_address *remote_address,
- const struct auth_session_info *session_info,
- struct npa_state **pnpa)
+NTSTATUS make_internal_rpc_pipe_socketpair(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev_ctx,
+ struct messaging_context *msg_ctx,
+ const char *pipe_name,
+ const struct ndr_syntax_id *syntax,
+ const struct tsocket_address *remote_address,
+ const struct tsocket_address *local_address,
+ const struct auth_session_info *session_info,
+ struct npa_state **pnpa)
{
TALLOC_CTX *tmp_ctx = talloc_stackframe();
struct named_pipe_client *npc;
@@ -136,6 +138,19 @@ NTSTATUS make_internal_rpc_pipe_socketpair(TALLOC_CTX *mem_ctx,
goto out;
}
+ npc->local_server_addr = tsocket_address_copy(local_address, npc);
+ if (npc->local_server_addr == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto out;
+ }
+
+ npc->local_server_name = tsocket_address_inet_addr_string(
+ npc->local_server_addr, npc);
+ if (npc->local_server_name == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto out;
+ }
+
npc->session_info = copy_session_info(npc, session_info);
if (npc->session_info == NULL) {
status = NT_STATUS_NO_MEMORY;
diff --git a/source3/rpc_server/rpc_ncacn_np.h b/source3/rpc_server/rpc_ncacn_np.h
index 03bbd3f8af9..9ba58644ec0 100644
--- a/source3/rpc_server/rpc_ncacn_np.h
+++ b/source3/rpc_server/rpc_ncacn_np.h
@@ -44,14 +44,16 @@ NTSTATUS make_external_rpc_pipe(TALLOC_CTX *mem_ctx,
const struct auth_session_info *session_info,
struct npa_state **pnpa);
-NTSTATUS make_internal_rpc_pipe_socketpair(TALLOC_CTX *mem_ctx,
- struct tevent_context *ev_ctx,
- struct messaging_context *msg_ctx,
- const char *pipe_name,
- const struct ndr_syntax_id *syntax,
- const struct tsocket_address *remote_address,
- const struct auth_session_info *session_info,
- struct npa_state **pnpa);
+NTSTATUS make_internal_rpc_pipe_socketpair(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev_ctx,
+ struct messaging_context *msg_ctx,
+ const char *pipe_name,
+ const struct ndr_syntax_id *syntax,
+ const struct tsocket_address *remote_address,
+ const struct tsocket_address *local_address,
+ const struct auth_session_info *session_info,
+ struct npa_state **pnpa);
struct np_proxy_state {
uint16_t file_type;
diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c
index f9b7855b40f..baa4ce96334 100644
--- a/source3/rpc_server/srv_pipe_hnd.c
+++ b/source3/rpc_server/srv_pipe_hnd.c
@@ -106,14 +106,16 @@ NTSTATUS np_open(TALLOC_CTX *mem_ctx, const char *name,
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
- status = make_internal_rpc_pipe_socketpair(handle,
- ev_ctx,
- msg_ctx,
- name,
- &syntax,
- remote_client_address,
- session_info,
- &npa);
+ status = make_internal_rpc_pipe_socketpair(
+ handle,
+ ev_ctx,
+ msg_ctx,
+ name,
+ &syntax,
+ remote_client_address,
+ local_server_address,
+ session_info,
+ &npa);
if (!NT_STATUS_IS_OK(status)) {
talloc_free(handle);
return status;
--
2.11.0

File diff suppressed because it is too large Load Diff

@ -6,7 +6,7 @@
# ctdb is enabled by default, you can disable it with: --without clustering
%bcond_without clustering
%define main_release 6
%define main_release 9
%define samba_version 4.7.1
%define talloc_version 2.1.9
@ -82,8 +82,8 @@
%{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
Name: samba
Version: 4.7.1
Release: 100%{?dist}
Version: %{samba_version}
Release: %{samba_release}.99.dc
%if 0%{?rhel}
Epoch: 0
@ -101,7 +101,7 @@ Summary: Server and Client software to interoperate with Windows machines
License: GPLv3+ and LGPLv3+
URL: http://www.samba.org/
# This is a xz recompressed file of https://ftp.samba.org/pub/samba/samba-%{version}%{pre_release}.tar.gz
# This is a xz recompressed file of https://ftp.samba.org/pub/samba/samba-%%{version}%%{pre_release}.tar.gz
Source0: samba-%{version}%{pre_release}.tar.xz
Source1: https://ftp.samba.org/pub/samba/samba-%{version}%{pre_release}.tar.asc
Source2: gpgkey-52FBC0B86D954B0843324CDC6F33915B6568B7EA.gpg
@ -124,6 +124,11 @@ Patch4: samba-4.7-net_ads_keytab_list.patch
Patch5: samba-4.7-fix_aesni_intel_support.patch
Patch6: samba-4.7-handle_smb_echo_gracefully.patch
Patch7: samba-4.7-fix_smb2_client_read_after_free.patch
Patch8: samba-4.7-fix_dns_segfault_during_net_ads_join.patch
Patch9: samba-4.7-fix_segfault_in_NT1_connection_setup.patch
Patch10: samba-4.7-fix_segfault_in_keytab_handling.patch
Patch11: samba-4.7-fix_segfault_in_smbclient_dfsgetinfo.patch
Patch12: samba-4.7-fix_smb2_anonymous_connections.patch
Requires(pre): /usr/sbin/groupadd
Requires(post): systemd
@ -209,11 +214,9 @@ BuildRequires: glusterfs-devel >= 3.4.0.16
BuildRequires: libcephfs-devel
%endif
%if %{with_dc}
#BuildRequires: gnutls-devel >= 3.4.7
BuildRequires: gnutls-devel
# Required by samba-tool to run tests
#BuildRequires: python2-crypto
BuildRequires: python-crypto
BuildRequires: python2-crypto
%endif
# pidl requirements
@ -354,11 +357,9 @@ Requires: %{name}-dc-libs = %{samba_depver}
Requires: %{name}-winbind = %{samba_depver}
%if %{with_dc}
# samba-tool requirements, explicitly require python2 right now
#Requires: python2
#Requires: python2-%{name} = %{samba_depver}
#Requires: python2-crypto
Requires: python
Requires: python-crypto
Requires: python2
Requires: python2-%{name} = %{samba_depver}
Requires: python2-crypto
### Note that samba-dc right now cannot be used with Python 3
### so we should make sure it does use python2 explicitly
@ -866,8 +867,6 @@ install -d -m 0755 %{buildroot}/var/run/winbindd
install -d -m 0755 %{buildroot}/%{_libdir}/samba
install -d -m 0755 %{buildroot}/%{_libdir}/samba/ldb
install -d -m 0755 %{buildroot}/%{_libdir}/pkgconfig
# Dir needed
install -d -m 0755 %{buildroot}/var/lib/samba/bind-dns
# Move libwbclient.so* into private directory, it cannot be just libdir/samba
# because samba uses rpath with this directory.
@ -1662,32 +1661,19 @@ rm -rf %{buildroot}
%{_libdir}/samba/libdnsserver-common-samba4.so
%{_libdir}/samba/libdsdb-module-samba4.so
%{_libdir}/samba/libdsdb-garbage-collect-tombstones-samba4.so
%{_libdir}/samba/libHDB-SAMBA4-samba4.so
%{_libdir}/samba/libasn1-samba4.so.8
%{_libdir}/samba/libasn1-samba4.so.8.0.0
%{_libdir}/samba/libcom_err-samba4.so.0
%{_libdir}/samba/libcom_err-samba4.so.0.25
%{_libdir}/samba/libgssapi-samba4.so.2
%{_libdir}/samba/libgssapi-samba4.so.2.0.0
%{_libdir}/samba/libhcrypto-samba4.so.5
%{_libdir}/samba/libhcrypto-samba4.so.5.0.1
%{_libdir}/samba/libhdb-samba4.so.11
%{_libdir}/samba/libhdb-samba4.so.11.0.2
%{_libdir}/samba/libheimbase-samba4.so.1
%{_libdir}/samba/libheimbase-samba4.so.1.0.0
%{_libdir}/samba/libheimntlm-samba4.so.1
%{_libdir}/samba/libheimntlm-samba4.so.1.0.1
%{_libdir}/samba/libhx509-samba4.so.5
%{_libdir}/samba/libhx509-samba4.so.5.0.0
%{_libdir}/samba/libkdc-samba4.so.2
%{_libdir}/samba/libkdc-samba4.so.2.0.0
%{_libdir}/samba/libkrb5-samba4.so.26
%{_libdir}/samba/libkrb5-samba4.so.26.0.0
%{_libdir}/samba/libroken-samba4.so.19
%{_libdir}/samba/libroken-samba4.so.19.0.1
%{_libdir}/samba/libwind-samba4.so.0
%{_libdir}/samba/libwind-samba4.so.0.0.0
%{_libdir}/samba/libasn1-samba4.so.8*
%{_libdir}/samba/libcom_err-samba4.so.0*
%{_libdir}/samba/libgssapi-samba4.so.2*
%{_libdir}/samba/libhcrypto-samba4.so.5*
%{_libdir}/samba/libhdb-samba4.so.11*
%{_libdir}/samba/libheimbase-samba4.so.1*
%{_libdir}/samba/libheimntlm-samba4.so.1*
%{_libdir}/samba/libhx509-samba4.so.5*
%{_libdir}/samba/libkdc-samba4.so.2*
%{_libdir}/samba/libkrb5-samba4.so.26*
%{_libdir}/samba/libroken-samba4.so.19*
%{_libdir}/samba/libwind-samba4.so.0*
%else
%doc packaging/README.dc-libs
@ -3070,9 +3056,20 @@ rm -rf %{buildroot}
%endif # with_clustering_support
%changelog
* Mon May 28 2018 Daniel Berteaud <daniel@firewall-services.com> 4.7.1-100
- Rebase on upstream 4.7.1 (daniel@firewall-services.com)
- Built with DC support enabled
* Sat Sep 22 2018 Daniel Berteaud <daniel@firewall-services.com> - 7.7.1-9.99.dc
- Rebuild with DC support
* Wed Jul 04 2018 Andreas Schneider <asn@redhat.com> - 4.7.1-9
- related: #1581375 - Remove patch which doesn't fully work
* Mon May 28 2018 Andreas Schneider <asn@redhat.com> - 4.7.1-8
- resolves: #1582541 - Fix anyoumous and guest handling of SMB2/3
* Wed May 23 2018 Andreas Schneider <asn@redhat.com> - 4.7.1-7
- resolves: #1581369 - Fix segfault updating dns during 'net ads join'
- resolves: #1581373 - Fix segfault during NT1 session setup
- resolves: #1581376 - Fix segfault in keytab handling
- resolves: #1581377 - Fix segfault in smbclient dfsgetinfo
* Wed Dec 20 2017 Andreas Schneider <asn@redhat.com> - 4.7.1-6
- resolves: #1476153 - Handle SMB echo responses more gracefully

Loading…
Cancel
Save