Rebase on 4.7.1-9

samba-4.7-fix_dns_segfault_during_net_ads_join.patch

@@ -0,0 +1,30 @@
+From e3f491fde52c3c7f31b0137125cb0ab1d5721f87 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Thu, 17 May 2018 11:53:18 +0200
+Subject: [PATCH] s3:utils: Do not segfault on error in DoDNSUpdate()
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=13440
+
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Volker Lendecke <vl@samba.org>
+
+(cherry picked from commit cdd98aa1e2116fb97e16718d115ee883fe1bc8ba)
+---
+ source3/utils/net_dns.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/source3/utils/net_dns.c b/source3/utils/net_dns.c
+index d972a5d4bad..9ee856c0059 100644
+--- a/source3/utils/net_dns.c
++++ b/source3/utils/net_dns.c
+@@ -75,6 +75,7 @@ DNS_ERROR DoDNSUpdate(char *pszServerName,
+ 
+ 		if (!ERR_DNS_IS_OK(err)) {
+ 			DEBUG(3,("DoDNSUpdate: failed to probe DNS\n"));
++			goto error;
+ 		}
+ 
+ 		if ((dns_response_code(resp->flags) == DNS_NO_ERROR) &&
+-- 
+2.16.3
+

samba-4.7-fix_segfault_in_NT1_connection_setup.patch

@@ -0,0 +1,105 @@
+From 27bd0925c556ff69ce5db306f513eb4e4e7d4c7e Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Mon, 19 Feb 2018 18:07:50 +0100
+Subject: [PATCH] s3:smbd: Do not crash if we fail to init the session table
+
+This should the following segfault with SMB1:
+
+  #6  sig_fault (sig=<optimized out>) at ../lib/util/fault.c:94
+  #7  <signal handler called>
+  #8  smbXsrv_session_create (conn=conn@entry=0x5654d3512af0, now=now@entry=131594481900356690, _session=_session@entry=0x7ffc93a778e8)
+      at ../source3/smbd/smbXsrv_session.c:1212
+  #9  0x00007f7618aa21ef in reply_sesssetup_and_X (req=req@entry=0x5654d35174b0) at ../source3/smbd/sesssetup.c:961
+  #10 0x00007f7618ae17b0 in switch_message (type=<optimized out>, req=req@entry=0x5654d35174b0) at ../source3/smbd/process.c:1726
+  #11 0x00007f7618ae3550 in construct_reply (deferred_pcd=0x0, encrypted=false, seqnum=0, unread_bytes=0, size=140, inbuf=0x0, xconn=0x5654d35146d0)
+      at ../source3/smbd/process.c:1762
+  #12 process_smb (xconn=xconn@entry=0x5654d3512af0, inbuf=<optimized out>, nread=140, unread_bytes=0, seqnum=0, encrypted=<optimized out>,
+      deferred_pcd=deferred_pcd@entry=0x0) at ../source3/smbd/process.c:2008
+  #13 0x00007f7618ae4c41 in smbd_server_connection_read_handler (xconn=0x5654d3512af0, fd=40) at ../source3/smbd/process.c:2608
+  #14 0x00007f761587eedb in epoll_event_loop_once () from /lib64/libtevent.so.0
+
+Inspection the core shows that:
+  conn->client-session_table is NULL
+  conn->protocol is PROTOCOL_NONE
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=13315
+
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+(cherry picked from commit a89a7146563f2d9eb8bc02f1c090158ee499c878)
+---
+ source3/smbd/negprot.c | 23 ++++++++++++++++++++---
+ 1 file changed, 20 insertions(+), 3 deletions(-)
+
+diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
+index d3f4776076f..70249f7b446 100644
+--- a/source3/smbd/negprot.c
++++ b/source3/smbd/negprot.c
+@@ -65,6 +65,8 @@ static void reply_lanman1(struct smb_request *req, uint16_t choice)
+ 	time_t t = time(NULL);
+ 	struct smbXsrv_connection *xconn = req->xconn;
+ 	uint16_t raw;
++	NTSTATUS status;
++
+ 	if (lp_async_smb_echo_handler()) {
+ 		raw = 0;
+ 	} else {
+@@ -88,7 +90,11 @@ static void reply_lanman1(struct smb_request *req, uint16_t choice)
+ 		SSVAL(req->outbuf,smb_vwv11, 8);
+ 	}
+ 
+-	smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN1);
++	status = smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN1);
++	if (!NT_STATUS_IS_OK(status)) {
++		reply_nterror(req, status);
++		return;
++	}
+ 
+ 	/* Reply, SMBlockread, SMBwritelock supported. */
+ 	SCVAL(req->outbuf,smb_flg, FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
+@@ -115,6 +121,8 @@ static void reply_lanman2(struct smb_request *req, uint16_t choice)
+ 	time_t t = time(NULL);
+ 	struct smbXsrv_connection *xconn = req->xconn;
+ 	uint16_t raw;
++	NTSTATUS status;
++
+ 	if (lp_async_smb_echo_handler()) {
+ 		raw = 0;
+ 	} else {
+@@ -140,7 +148,11 @@ static void reply_lanman2(struct smb_request *req, uint16_t choice)
+ 		SSVAL(req->outbuf,smb_vwv11, 8);
+ 	}
+ 
+-	smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN2);
++	status = smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN2);
++	if (!NT_STATUS_IS_OK(status)) {
++		reply_nterror(req, status);
++		return;
++	}
+ 
+ 	/* Reply, SMBlockread, SMBwritelock supported. */
+ 	SCVAL(req->outbuf,smb_flg,FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
+@@ -260,6 +272,7 @@ static void reply_nt1(struct smb_request *req, uint16_t choice)
+ 	struct smbXsrv_connection *xconn = req->xconn;
+ 	bool signing_desired = false;
+ 	bool signing_required = false;
++	NTSTATUS status;
+ 
+ 	xconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
+ 
+@@ -337,7 +350,11 @@ static void reply_nt1(struct smb_request *req, uint16_t choice)
+ 	SSVAL(req->outbuf,smb_vwv0,choice);
+ 	SCVAL(req->outbuf,smb_vwv1,secword);
+ 
+-	smbXsrv_connection_init_tables(xconn, PROTOCOL_NT1);
++	status = smbXsrv_connection_init_tables(xconn, PROTOCOL_NT1);
++	if (!NT_STATUS_IS_OK(status)) {
++		reply_nterror(req, status);
++		return;
++	}
+ 
+ 	SSVAL(req->outbuf,smb_vwv1+1, lp_max_mux()); /* maxmpx */
+ 	SSVAL(req->outbuf,smb_vwv2+1, 1); /* num vcs */
+-- 
+2.16.2
+

samba-4.7-fix_segfault_in_keytab_handling.patch

@@ -0,0 +1,33 @@
+From 8fb23665ddad8f65a6461c310ed5680d104fd9bf Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Tue, 17 Apr 2018 08:55:23 +0200
+Subject: [PATCH] s3:passdb: Do not return OK if we don't have pinfo set up
+
+This prevents a crash in fill_mem_keytab_from_secrets()
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=13376
+
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Stefan Metzmacher <metze@samba.org>
+
+(cherry picked from commit 99859479fc6e12b2f74ce2dfa83da56d8b8f3d26)
+---
+ source3/passdb/machine_account_secrets.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/source3/passdb/machine_account_secrets.c b/source3/passdb/machine_account_secrets.c
+index 75f31cb04e2..d36fa268a4b 100644
+--- a/source3/passdb/machine_account_secrets.c
++++ b/source3/passdb/machine_account_secrets.c
+@@ -1317,7 +1317,7 @@ NTSTATUS secrets_fetch_or_upgrade_domain_info(const char *domain,
+ 
+ 	last_set_time = secrets_fetch_pass_last_set_time(domain);
+ 	if (last_set_time == 0) {
+-		return NT_STATUS_OK;
++		return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+ 	}
+ 	unix_to_nt_time(&last_set_nt, last_set_time);
+ 
+-- 
+2.16.3
+

samba-4.7-fix_segfault_in_smbclient_dfsgetinfo.patch

@@ -0,0 +1,130 @@
+From 2f6d1b8b5a1643082d93f338b0528b861caeff80 Mon Sep 17 00:00:00 2001
+From: Volker Lendecke <vl@samba.org>
+Date: Wed, 11 Apr 2018 10:42:21 +0200
+Subject: [PATCH] rpc_server: Init local_server_* in
+ make_internal_rpc_pipe_socketpair
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=13370
+Signed-off-by: Volker Lendecke <vl@samba.org>
+Reviewed-by: Stefan Metzmacher <metze@samba.org>
+
+Autobuild-User(master): Volker Lendecke <vl@samba.org>
+Autobuild-Date(master): Wed Apr 11 15:19:19 CEST 2018 on sn-devel-144
+
+(cherry picked from commit 212815969f4a706bc8395e2f6dbf225318ff2ad7)
+---
+ source3/rpc_server/rpc_ncacn_np.c | 31 +++++++++++++++++++++++--------
+ source3/rpc_server/rpc_ncacn_np.h | 18 ++++++++++--------
+ source3/rpc_server/srv_pipe_hnd.c | 18 ++++++++++--------
+ 3 files changed, 43 insertions(+), 24 deletions(-)
+
+diff --git a/source3/rpc_server/rpc_ncacn_np.c b/source3/rpc_server/rpc_ncacn_np.c
+index 0728f54b092..d7e7785248d 100644
+--- a/source3/rpc_server/rpc_ncacn_np.c
++++ b/source3/rpc_server/rpc_ncacn_np.c
+@@ -69,14 +69,16 @@ fail:
+ 	return NULL;
+ }
+ 
+-NTSTATUS make_internal_rpc_pipe_socketpair(TALLOC_CTX *mem_ctx,
+-					   struct tevent_context *ev_ctx,
+-					   struct messaging_context *msg_ctx,
+-					   const char *pipe_name,
+-					   const struct ndr_syntax_id *syntax,
+-					   const struct tsocket_address *remote_address,
+-					   const struct auth_session_info *session_info,
+-					   struct npa_state **pnpa)
++NTSTATUS make_internal_rpc_pipe_socketpair(
++	TALLOC_CTX *mem_ctx,
++	struct tevent_context *ev_ctx,
++	struct messaging_context *msg_ctx,
++	const char *pipe_name,
++	const struct ndr_syntax_id *syntax,
++	const struct tsocket_address *remote_address,
++	const struct tsocket_address *local_address,
++	const struct auth_session_info *session_info,
++	struct npa_state **pnpa)
+ {
+ 	TALLOC_CTX *tmp_ctx = talloc_stackframe();
+ 	struct named_pipe_client *npc;
+@@ -136,6 +138,19 @@ NTSTATUS make_internal_rpc_pipe_socketpair(TALLOC_CTX *mem_ctx,
+ 		goto out;
+ 	}
+ 
++	npc->local_server_addr = tsocket_address_copy(local_address, npc);
++	if (npc->local_server_addr == NULL) {
++		status = NT_STATUS_NO_MEMORY;
++		goto out;
++	}
++
++	npc->local_server_name = tsocket_address_inet_addr_string(
++		npc->local_server_addr, npc);
++	if (npc->local_server_name == NULL) {
++		status = NT_STATUS_NO_MEMORY;
++		goto out;
++	}
++
+ 	npc->session_info = copy_session_info(npc, session_info);
+ 	if (npc->session_info == NULL) {
+ 		status = NT_STATUS_NO_MEMORY;
+diff --git a/source3/rpc_server/rpc_ncacn_np.h b/source3/rpc_server/rpc_ncacn_np.h
+index 03bbd3f8af9..9ba58644ec0 100644
+--- a/source3/rpc_server/rpc_ncacn_np.h
++++ b/source3/rpc_server/rpc_ncacn_np.h
+@@ -44,14 +44,16 @@ NTSTATUS make_external_rpc_pipe(TALLOC_CTX *mem_ctx,
+ 				const struct auth_session_info *session_info,
+ 				struct npa_state **pnpa);
+ 
+-NTSTATUS make_internal_rpc_pipe_socketpair(TALLOC_CTX *mem_ctx,
+-					   struct tevent_context *ev_ctx,
+-					   struct messaging_context *msg_ctx,
+-					   const char *pipe_name,
+-					   const struct ndr_syntax_id *syntax,
+-					   const struct tsocket_address *remote_address,
+-					   const struct auth_session_info *session_info,
+-					   struct npa_state **pnpa);
++NTSTATUS make_internal_rpc_pipe_socketpair(
++	TALLOC_CTX *mem_ctx,
++	struct tevent_context *ev_ctx,
++	struct messaging_context *msg_ctx,
++	const char *pipe_name,
++	const struct ndr_syntax_id *syntax,
++	const struct tsocket_address *remote_address,
++	const struct tsocket_address *local_address,
++	const struct auth_session_info *session_info,
++	struct npa_state **pnpa);
+ 
+ struct np_proxy_state {
+ 	uint16_t file_type;
+diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c
+index f9b7855b40f..baa4ce96334 100644
+--- a/source3/rpc_server/srv_pipe_hnd.c
++++ b/source3/rpc_server/srv_pipe_hnd.c
+@@ -106,14 +106,16 @@ NTSTATUS np_open(TALLOC_CTX *mem_ctx, const char *name,
+ 			return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+ 		}
+ 
+-		status = make_internal_rpc_pipe_socketpair(handle,
+-							   ev_ctx,
+-							   msg_ctx,
+-							   name,
+-							   &syntax,
+-							   remote_client_address,
+-							   session_info,
+-							   &npa);
++		status = make_internal_rpc_pipe_socketpair(
++			handle,
++			ev_ctx,
++			msg_ctx,
++			name,
++			&syntax,
++			remote_client_address,
++			local_server_address,
++			session_info,
++			&npa);
+ 		if (!NT_STATUS_IS_OK(status)) {
+ 			talloc_free(handle);
+ 			return status;
+-- 
+2.11.0
+

samba.spec

@@ -6,7 +6,7 @@
 # ctdb is enabled by default, you can disable it with: --without clustering
 %bcond_without clustering
 
-%define main_release 6
+%define main_release 9
 
 %define samba_version 4.7.1
 %define talloc_version 2.1.9
@@ -82,8 +82,8 @@
 %{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
 
 Name:           samba
-Version:        4.7.1
-Release:        100%{?dist}
+Version:        %{samba_version}
+Release:        %{samba_release}.99.dc
 
 %if 0%{?rhel}
 Epoch:          0
@@ -101,7 +101,7 @@ Summary:        Server and Client software to interoperate with Windows machines
 License:        GPLv3+ and LGPLv3+
 URL:            http://www.samba.org/
 
-# This is a xz recompressed file of https://ftp.samba.org/pub/samba/samba-%{version}%{pre_release}.tar.gz
+# This is a xz recompressed file of https://ftp.samba.org/pub/samba/samba-%%{version}%%{pre_release}.tar.gz
 Source0:        samba-%{version}%{pre_release}.tar.xz
 Source1:        https://ftp.samba.org/pub/samba/samba-%{version}%{pre_release}.tar.asc
 Source2:        gpgkey-52FBC0B86D954B0843324CDC6F33915B6568B7EA.gpg
@@ -124,6 +124,11 @@ Patch4:   samba-4.7-net_ads_keytab_list.patch
 Patch5:   samba-4.7-fix_aesni_intel_support.patch
 Patch6:   samba-4.7-handle_smb_echo_gracefully.patch
 Patch7:   samba-4.7-fix_smb2_client_read_after_free.patch
+Patch8:   samba-4.7-fix_dns_segfault_during_net_ads_join.patch
+Patch9:   samba-4.7-fix_segfault_in_NT1_connection_setup.patch
+Patch10:  samba-4.7-fix_segfault_in_keytab_handling.patch
+Patch11:  samba-4.7-fix_segfault_in_smbclient_dfsgetinfo.patch
+Patch12:  samba-4.7-fix_smb2_anonymous_connections.patch
 
 Requires(pre): /usr/sbin/groupadd
 Requires(post): systemd
@@ -209,11 +214,9 @@ BuildRequires: glusterfs-devel >= 3.4.0.16
 BuildRequires: libcephfs-devel
 %endif
 %if %{with_dc}
-#BuildRequires: gnutls-devel >= 3.4.7
 BuildRequires: gnutls-devel
 # Required by samba-tool to run tests
-#BuildRequires: python2-crypto
-BuildRequires: python-crypto
+BuildRequires: python2-crypto
 %endif
 
 # pidl requirements
@@ -354,11 +357,9 @@ Requires: %{name}-dc-libs = %{samba_depver}
 Requires: %{name}-winbind = %{samba_depver}
 %if %{with_dc}
 # samba-tool requirements, explicitly require python2 right now
-#Requires: python2
-#Requires: python2-%{name} = %{samba_depver}
-#Requires: python2-crypto
-Requires: python
-Requires: python-crypto
+Requires: python2
+Requires: python2-%{name} = %{samba_depver}
+Requires: python2-crypto
 
 ### Note that samba-dc right now cannot be used with Python 3
 ### so we should make sure it does use python2 explicitly
@@ -866,8 +867,6 @@ install -d -m 0755 %{buildroot}/var/run/winbindd
 install -d -m 0755 %{buildroot}/%{_libdir}/samba
 install -d -m 0755 %{buildroot}/%{_libdir}/samba/ldb
 install -d -m 0755 %{buildroot}/%{_libdir}/pkgconfig
-# Dir needed
-install -d -m 0755 %{buildroot}/var/lib/samba/bind-dns
 
 # Move libwbclient.so* into private directory, it cannot be just libdir/samba
 # because samba uses rpath with this directory.
@@ -1662,32 +1661,19 @@ rm -rf %{buildroot}
 %{_libdir}/samba/libdnsserver-common-samba4.so
 %{_libdir}/samba/libdsdb-module-samba4.so
 %{_libdir}/samba/libdsdb-garbage-collect-tombstones-samba4.so
-
 %{_libdir}/samba/libHDB-SAMBA4-samba4.so
-%{_libdir}/samba/libasn1-samba4.so.8
-%{_libdir}/samba/libasn1-samba4.so.8.0.0
-%{_libdir}/samba/libcom_err-samba4.so.0
-%{_libdir}/samba/libcom_err-samba4.so.0.25
-%{_libdir}/samba/libgssapi-samba4.so.2
-%{_libdir}/samba/libgssapi-samba4.so.2.0.0
-%{_libdir}/samba/libhcrypto-samba4.so.5
-%{_libdir}/samba/libhcrypto-samba4.so.5.0.1
-%{_libdir}/samba/libhdb-samba4.so.11
-%{_libdir}/samba/libhdb-samba4.so.11.0.2
-%{_libdir}/samba/libheimbase-samba4.so.1
-%{_libdir}/samba/libheimbase-samba4.so.1.0.0
-%{_libdir}/samba/libheimntlm-samba4.so.1
-%{_libdir}/samba/libheimntlm-samba4.so.1.0.1
-%{_libdir}/samba/libhx509-samba4.so.5
-%{_libdir}/samba/libhx509-samba4.so.5.0.0
-%{_libdir}/samba/libkdc-samba4.so.2
-%{_libdir}/samba/libkdc-samba4.so.2.0.0
-%{_libdir}/samba/libkrb5-samba4.so.26
-%{_libdir}/samba/libkrb5-samba4.so.26.0.0
-%{_libdir}/samba/libroken-samba4.so.19
-%{_libdir}/samba/libroken-samba4.so.19.0.1
-%{_libdir}/samba/libwind-samba4.so.0
-%{_libdir}/samba/libwind-samba4.so.0.0.0
+%{_libdir}/samba/libasn1-samba4.so.8*
+%{_libdir}/samba/libcom_err-samba4.so.0*
+%{_libdir}/samba/libgssapi-samba4.so.2*
+%{_libdir}/samba/libhcrypto-samba4.so.5*
+%{_libdir}/samba/libhdb-samba4.so.11*
+%{_libdir}/samba/libheimbase-samba4.so.1*
+%{_libdir}/samba/libheimntlm-samba4.so.1*
+%{_libdir}/samba/libhx509-samba4.so.5*
+%{_libdir}/samba/libkdc-samba4.so.2*
+%{_libdir}/samba/libkrb5-samba4.so.26*
+%{_libdir}/samba/libroken-samba4.so.19*
+%{_libdir}/samba/libwind-samba4.so.0*
 
 %else
 %doc packaging/README.dc-libs
@@ -3070,9 +3056,20 @@ rm -rf %{buildroot}
 %endif # with_clustering_support
 
 %changelog
-* Mon May 28 2018 Daniel Berteaud <daniel@firewall-services.com> 4.7.1-100
-- Rebase on upstream 4.7.1 (daniel@firewall-services.com)
-- Built with DC support enabled
+* Sat Sep 22 2018 Daniel Berteaud <daniel@firewall-services.com> - 7.7.1-9.99.dc
+- Rebuild with DC support
+
+* Wed Jul 04 2018 Andreas Schneider <asn@redhat.com> - 4.7.1-9
+- related: #1581375 - Remove patch which doesn't fully work
+
+* Mon May 28 2018 Andreas Schneider <asn@redhat.com> - 4.7.1-8
+- resolves: #1582541 - Fix anyoumous and guest handling of SMB2/3
+
+* Wed May 23 2018 Andreas Schneider <asn@redhat.com> - 4.7.1-7
+- resolves: #1581369 - Fix segfault updating dns during 'net ads join'
+- resolves: #1581373 - Fix segfault during NT1 session setup
+- resolves: #1581376 - Fix segfault in keytab handling
+- resolves: #1581377 - Fix segfault in smbclient dfsgetinfo
 
 * Wed Dec 20 2017 Andreas Schneider <asn@redhat.com> - 4.7.1-6
 - resolves: #1476153 - Handle SMB echo responses more gracefully