Rebase on upstream 4.7.1

tags/samba-4.7.1-99.beta1
Daniel Berteaud 6 years ago
parent eea9c06eb3
commit 690942f67d
  1. 1
      .gitignore
  2. 381
      CVE-2017-12150.patch
  3. 111
      CVE-2017-12151.patch
  4. 141
      CVE-2017-12163.patch
  5. 34
      CVE-2017-7494.patch
  6. 7
      samba-4.6.2.tar.asc
  7. 1
      samba-4.6.2.tar.gz
  8. 72
      samba-4.7-fix_aesni_intel_support.patch
  9. 313
      samba-4.7-fix_samba_with_systemd.patch
  10. 47
      samba-4.7-fix_smb2_client_read_after_free.patch
  11. 165
      samba-4.7-fix_smbclient_volume.patch
  12. 66
      samba-4.7-handle_smb_echo_gracefully.patch
  13. 84
      samba-4.7-net_ads_keytab_list.patch
  14. 6
      samba-4.7.1.tar.asc
  15. 1
      samba-4.7.1.tar.xz
  16. 37
      samba-v4-6-fix-building-with-new-glibc.patch
  17. 1731
      samba-v4-6-fix-cross-realm-refferals.patch
  18. 39
      samba-v4-6-fix-kerberos-debug-message.patch
  19. 293
      samba-v4-6-fix-net-ads-keytab-handling.patch
  20. 245
      samba-v4-6-fix-spoolss-32bit-driver-upload.patch
  21. 211
      samba-v4-6-fix-vfs-expand-msdfs.patch
  22. 74
      samba-v4-6-fix_net_ads_changetrustpw.patch
  23. 194
      samba-v4-6-fix_path_substitutions.patch
  24. 339
      samba-v4-6-fix_smbclient_session_setup_info.patch
  25. 162
      samba-v4-6-fix_smbclient_username_parsing.patch
  26. 227
      samba-v4-6-fix_winbind_child_crash.patch
  27. 76
      samba-v4-6-fix_winbind_normalize_names.patch
  28. 54
      samba-v4.6-credentials-fix-realm.patch
  29. 391
      samba-v4.6-fix_smbpasswd_user_pwd_change.patch
  30. 53
      samba-v4.6-graceful_fsctl_validate_negotiate_info.patch
  31. 543
      samba-v4.6-gss_krb5_import_cred.patch
  32. 179
      samba-v4.6-lib-crypto-implement-samba.crypto-Python-module-for-.patch
  33. 405
      samba-v4.7-config-dynamic-rpc-port-range.patch
  34. 16
      samba.service
  35. 691
      samba.spec
  36. 3
      smb.conf.vendor

1
.gitignore vendored

@ -0,0 +1 @@
samba.spec.mod

@ -1,381 +0,0 @@
From 9fb528332f48de59d70d48686e3af4df70206635 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 29 Aug 2017 17:06:21 +0200
Subject: [PATCH 1/7] CVE-2017-12150: s3:popt_common: don't turn a guessed
username into a specified one
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
Signed-off-by: Stefan Metzmacher <metze@samba.org>
---
source3/include/auth_info.h | 1 +
source3/lib/popt_common.c | 6 +-----
source3/lib/util_cmdline.c | 29 +++++++++++++++++++++++++++++
3 files changed, 31 insertions(+), 5 deletions(-)
diff --git a/source3/include/auth_info.h b/source3/include/auth_info.h
index c6f71ad..8212c27 100644
--- a/source3/include/auth_info.h
+++ b/source3/include/auth_info.h
@@ -29,6 +29,7 @@ void set_cmdline_auth_info_from_file(struct user_auth_info *auth_info,
const char *get_cmdline_auth_info_username(const struct user_auth_info *auth_info);
void set_cmdline_auth_info_username(struct user_auth_info *auth_info,
const char *username);
+void reset_cmdline_auth_info_username(struct user_auth_info *auth_info);
const char *get_cmdline_auth_info_domain(const struct user_auth_info *auth_info);
void set_cmdline_auth_info_domain(struct user_auth_info *auth_info,
const char *domain);
diff --git a/source3/lib/popt_common.c b/source3/lib/popt_common.c
index 9928c70..36b5e92 100644
--- a/source3/lib/popt_common.c
+++ b/source3/lib/popt_common.c
@@ -238,7 +238,6 @@ void popt_common_credentials_set_delay_post(void)
void popt_common_credentials_post(void)
{
struct user_auth_info *auth_info = cmdline_auth_info;
- const char *username = NULL;
if (get_cmdline_auth_info_use_machine_account(auth_info) &&
!set_cmdline_auth_info_machine_account_creds(auth_info))
@@ -259,10 +258,7 @@ void popt_common_credentials_post(void)
* correctly parsed yet. If we have a username we need to set it again
* to run the string parser for the username correctly.
*/
- username = get_cmdline_auth_info_username(auth_info);
- if (username != NULL && username[0] != '\0') {
- set_cmdline_auth_info_username(auth_info, username);
- }
+ reset_cmdline_auth_info_username(auth_info);
}
static void popt_common_credentials_callback(poptContext con,
diff --git a/source3/lib/util_cmdline.c b/source3/lib/util_cmdline.c
index ad51a4f..80142e2 100644
--- a/source3/lib/util_cmdline.c
+++ b/source3/lib/util_cmdline.c
@@ -37,6 +37,7 @@
struct user_auth_info {
struct cli_credentials *creds;
struct loadparm_context *lp_ctx;
+ bool got_username;
bool got_pass;
int signing_state;
bool smb_encrypt;
@@ -93,6 +94,7 @@ void set_cmdline_auth_info_from_file(struct user_auth_info *auth_info,
if (!ok) {
exit(EIO);
}
+ auth_info->got_username = true;
}
const char *get_cmdline_auth_info_username(const struct user_auth_info *auth_info)
@@ -123,11 +125,38 @@ void set_cmdline_auth_info_username(struct user_auth_info *auth_info,
exit(ENOMEM);
}
+ auth_info->got_username = true;
if (strchr_m(username, '%') != NULL) {
auth_info->got_pass = true;
}
}
+void reset_cmdline_auth_info_username(struct user_auth_info *auth_info)
+{
+ const char *username = NULL;
+ const char *new_val = NULL;
+
+ if (!auth_info->got_username) {
+ return;
+ }
+
+ username = cli_credentials_get_username(auth_info->creds);
+ if (username == NULL) {
+ return;
+ }
+ if (username[0] == '\0') {
+ return;
+ }
+
+ cli_credentials_parse_string(auth_info->creds,
+ username,
+ CRED_SPECIFIED);
+ new_val = cli_credentials_get_username(auth_info->creds);
+ if (new_val == NULL) {
+ exit(ENOMEM);
+ }
+}
+
const char *get_cmdline_auth_info_domain(const struct user_auth_info *auth_info)
{
const char *domain = NULL;
--
1.9.1
From 97a7ddff5d327bf5bcc27c8a88b000b3a187a827 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 3 Nov 2016 17:16:43 +0100
Subject: [PATCH 2/7] CVE-2017-12150: s3:lib:
get_cmdline_auth_info_signing_state smb_encrypt SMB_SIGNING_REQUIRED
This is an addition to the fixes for CVE-2015-5296.
It applies to smb2mount -e, smbcacls -e and smbcquotas -e.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
Signed-off-by: Stefan Metzmacher <metze@samba.org>
---
source3/lib/util_cmdline.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/source3/lib/util_cmdline.c b/source3/lib/util_cmdline.c
index 80142e2..90ee67c 100644
--- a/source3/lib/util_cmdline.c
+++ b/source3/lib/util_cmdline.c
@@ -265,6 +265,9 @@ void set_cmdline_auth_info_signing_state_raw(struct user_auth_info *auth_info,
int get_cmdline_auth_info_signing_state(const struct user_auth_info *auth_info)
{
+ if (auth_info->smb_encrypt) {
+ return SMB_SIGNING_REQUIRED;
+ }
return auth_info->signing_state;
}
--
1.9.1
From b760a464ee3d94edeff6eb10a0b08359d6e98099 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 9 Dec 2016 09:26:32 +0100
Subject: [PATCH 3/7] CVE-2017-12150: s3:pylibsmb: make use of
SMB_SIGNING_DEFAULT for 'samba.samba3.libsmb_samba_internal'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
Signed-off-by: Stefan Metzmacher <metze@samba.org>
---
source3/libsmb/pylibsmb.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source3/libsmb/pylibsmb.c b/source3/libsmb/pylibsmb.c
index 59c0998..350c6d4 100644
--- a/source3/libsmb/pylibsmb.c
+++ b/source3/libsmb/pylibsmb.c
@@ -444,7 +444,7 @@ static int py_cli_state_init(struct py_cli_state *self, PyObject *args,
req = cli_full_connection_creds_send(
NULL, self->ev, "myname", host, NULL, 0, share, "?????",
- cli_creds, 0, 0);
+ cli_creds, 0, SMB_SIGNING_DEFAULT);
if (!py_tevent_req_wait_exc(self->ev, req)) {
return -1;
}
--
1.9.1
From f42ffde214c3be1d6ba3afd8fe88a3e04470c4bd Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 12 Dec 2016 05:49:46 +0100
Subject: [PATCH 4/7] CVE-2017-12150: libgpo: make use of SMB_SIGNING_REQUIRED
in gpo_connect_server()
It's important that we use a signed connection to get the GPOs!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
Signed-off-by: Stefan Metzmacher <metze@samba.org>
---
libgpo/gpo_fetch.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libgpo/gpo_fetch.c b/libgpo/gpo_fetch.c
index 836bc23..3740d4e 100644
--- a/libgpo/gpo_fetch.c
+++ b/libgpo/gpo_fetch.c
@@ -133,7 +133,7 @@ static NTSTATUS gpo_connect_server(ADS_STRUCT *ads,
ads->auth.password,
CLI_FULL_CONNECTION_USE_KERBEROS |
CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS,
- Undefined);
+ SMB_SIGNING_REQUIRED);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(10,("check_refresh_gpo: "
"failed to connect: %s\n",
--
1.9.1
From d8c6aceb94ab72991eb538ab5dc388686a177052 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 29 Aug 2017 15:24:14 +0200
Subject: [PATCH 5/7] CVE-2017-12150: auth/credentials:
cli_credentials_authentication_requested() should check for
NTLM_CCACHE/SIGN/SEAL
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
Signed-off-by: Stefan Metzmacher <metze@samba.org>
---
auth/credentials/credentials.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index 06648c7..5e3b5e8 100644
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -25,6 +25,7 @@
#include "librpc/gen_ndr/samr.h" /* for struct samrPassword */
#include "auth/credentials/credentials.h"
#include "auth/credentials/credentials_internal.h"
+#include "auth/gensec/gensec.h"
#include "libcli/auth/libcli_auth.h"
#include "tevent.h"
#include "param/param.h"
@@ -300,6 +301,8 @@ _PUBLIC_ bool cli_credentials_set_principal_callback(struct cli_credentials *cre
_PUBLIC_ bool cli_credentials_authentication_requested(struct cli_credentials *cred)
{
+ uint32_t gensec_features = 0;
+
if (cred->bind_dn) {
return true;
}
@@ -327,6 +330,19 @@ _PUBLIC_ bool cli_credentials_authentication_requested(struct cli_credentials *c
return true;
}
+ gensec_features = cli_credentials_get_gensec_features(cred);
+ if (gensec_features & GENSEC_FEATURE_NTLM_CCACHE) {
+ return true;
+ }
+
+ if (gensec_features & GENSEC_FEATURE_SIGN) {
+ return true;
+ }
+
+ if (gensec_features & GENSEC_FEATURE_SEAL) {
+ return true;
+ }
+
return false;
}
--
1.9.1
From 28f4a8dbd2b82bb8fb9f6224e1641d935766e62a Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 29 Aug 2017 15:35:49 +0200
Subject: [PATCH 6/7] CVE-2017-12150: libcli/smb: add
smbXcli_conn_signing_mandatory()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
Signed-off-by: Stefan Metzmacher <metze@samba.org>
---
libcli/smb/smbXcli_base.c | 5 +++++
libcli/smb/smbXcli_base.h | 1 +
2 files changed, 6 insertions(+)
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index b21d796..239e5eb 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -468,6 +468,11 @@ bool smbXcli_conn_use_unicode(struct smbXcli_conn *conn)
return false;
}
+bool smbXcli_conn_signing_mandatory(struct smbXcli_conn *conn)
+{
+ return conn->mandatory_signing;
+}
+
void smbXcli_conn_set_sockopt(struct smbXcli_conn *conn, const char *options)
{
set_socket_options(conn->sock_fd, options);
diff --git a/libcli/smb/smbXcli_base.h b/libcli/smb/smbXcli_base.h
index e48fc35..2594f07 100644
--- a/libcli/smb/smbXcli_base.h
+++ b/libcli/smb/smbXcli_base.h
@@ -47,6 +47,7 @@ bool smbXcli_conn_dfs_supported(struct smbXcli_conn *conn);
enum protocol_types smbXcli_conn_protocol(struct smbXcli_conn *conn);
bool smbXcli_conn_use_unicode(struct smbXcli_conn *conn);
+bool smbXcli_conn_signing_mandatory(struct smbXcli_conn *conn);
void smbXcli_conn_set_sockopt(struct smbXcli_conn *conn, const char *options);
const struct sockaddr_storage *smbXcli_conn_local_sockaddr(struct smbXcli_conn *conn);
--
1.9.1
From 28506663282a1457708c38c58437e9eb9c0002bf Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 12 Dec 2016 06:07:56 +0100
Subject: [PATCH 7/7] CVE-2017-12150: s3:libsmb: only fallback to anonymous if
authentication was not requested
With forced encryption or required signing we should also don't fallback.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
Signed-off-by: Stefan Metzmacher <metze@samba.org>
---
source3/libsmb/clidfs.c | 16 ++++------------
1 file changed, 4 insertions(+), 12 deletions(-)
diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c
index 75012b2..fdcd665 100644
--- a/source3/libsmb/clidfs.c
+++ b/source3/libsmb/clidfs.c
@@ -26,6 +26,7 @@
#include "trans2.h"
#include "libsmb/nmblib.h"
#include "../libcli/smb/smbXcli_base.h"
+#include "auth/credentials/credentials.h"
/********************************************************************
Important point.
@@ -145,9 +146,6 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx,
char *servicename;
char *sharename;
char *newserver, *newshare;
- const char *username;
- const char *password;
- const char *domain;
NTSTATUS status;
int flags = 0;
int signing_state = get_cmdline_auth_info_signing_state(auth_info);
@@ -225,21 +223,15 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx,
smb2cli_conn_set_max_credits(c->conn, DEFAULT_SMB2_MAX_CREDITS);
}
- username = get_cmdline_auth_info_username(auth_info);
- password = get_cmdline_auth_info_password(auth_info);
- domain = get_cmdline_auth_info_domain(auth_info);
- if ((domain == NULL) || (domain[0] == '\0')) {
- domain = lp_workgroup();
- }
-
creds = get_cmdline_auth_info_creds(auth_info);
status = cli_session_setup_creds(c, creds);
if (!NT_STATUS_IS_OK(status)) {
/* If a password was not supplied then
* try again with a null username. */
- if (password[0] || !username[0] ||
- get_cmdline_auth_info_use_kerberos(auth_info) ||
+ if (force_encrypt || smbXcli_conn_signing_mandatory(c->conn) ||
+ cli_credentials_authentication_requested(creds) ||
+ cli_credentials_is_anonymous(creds) ||
!NT_STATUS_IS_OK(status = cli_session_setup_anon(c)))
{
d_printf("session setup failed: %s\n",
--
1.9.1

@ -1,111 +0,0 @@
From be03c9118e812f93d50c71294fbf9f12bcf2a7f1 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 14 Aug 2017 12:13:18 +0200
Subject: [PATCH 1/2] CVE-2017-12151: s3:libsmb: add
cli_state_is_encryption_on() helper function
This allows to check if the current cli_state uses encryption
(either via unix extentions or via SMB3).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12996
Signed-off-by: Stefan Metzmacher <metze@samba.org>
---
source3/libsmb/clientgen.c | 13 +++++++++++++
source3/libsmb/proto.h | 1 +
2 files changed, 14 insertions(+)
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index bc5c1b1ce3c..3e8523e5ce8 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -339,6 +339,19 @@ uint32_t cli_getpid(struct cli_state *cli)
return cli->smb1.pid;
}
+bool cli_state_is_encryption_on(struct cli_state *cli)
+{
+ if (smbXcli_conn_protocol(cli->conn) < PROTOCOL_SMB2_02) {
+ return smb1cli_conn_encryption_on(cli->conn);
+ }
+
+ if (cli->smb2.tcon == NULL) {
+ return false;
+ }
+
+ return smb2cli_tcon_is_encryption_on(cli->smb2.tcon);
+}
+
bool cli_state_has_tcon(struct cli_state *cli)
{
uint16_t tid = cli_state_get_tid(cli);
diff --git a/source3/libsmb/proto.h b/source3/libsmb/proto.h
index 764f3fc1b12..67fa43e4e4a 100644
--- a/source3/libsmb/proto.h
+++ b/source3/libsmb/proto.h
@@ -195,6 +195,7 @@ const char *cli_state_remote_realm(struct cli_state *cli);
uint16_t cli_state_get_vc_num(struct cli_state *cli);
uint32_t cli_setpid(struct cli_state *cli, uint32_t pid);
uint32_t cli_getpid(struct cli_state *cli);
+bool cli_state_is_encryption_on(struct cli_state *cli);
bool cli_state_has_tcon(struct cli_state *cli);
uint16_t cli_state_get_tid(struct cli_state *cli);
uint16_t cli_state_set_tid(struct cli_state *cli, uint16_t tid);
--
2.13.5
From 16d3c8288ae78a686715c242293691c00ec6d7a5 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Sat, 17 Dec 2016 10:36:49 +0100
Subject: [PATCH 2/2] CVE-2017-12151: s3:libsmb: make use of
cli_state_is_encryption_on()
This will keep enforced encryption across dfs referrals.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12996
Signed-off-by: Stefan Metzmacher <metze@samba.org>
---
source3/libsmb/clidfs.c | 4 ++--
source3/libsmb/libsmb_context.c | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c
index c477d7c6a46..99818a681e3 100644
--- a/source3/libsmb/clidfs.c
+++ b/source3/libsmb/clidfs.c
@@ -980,7 +980,7 @@ NTSTATUS cli_resolve_path(TALLOC_CTX *ctx,
"IPC$",
dfs_auth_info,
false,
- smb1cli_conn_encryption_on(rootcli->conn),
+ cli_state_is_encryption_on(rootcli),
smbXcli_conn_protocol(rootcli->conn),
0,
0x20,
@@ -1038,7 +1038,7 @@ NTSTATUS cli_resolve_path(TALLOC_CTX *ctx,
dfs_refs[count].share,
dfs_auth_info,
false,
- smb1cli_conn_encryption_on(rootcli->conn),
+ cli_state_is_encryption_on(rootcli),
smbXcli_conn_protocol(rootcli->conn),
0,
0x20,
diff --git a/source3/libsmb/libsmb_context.c b/source3/libsmb/libsmb_context.c
index ed6ca2b1b9f..b55cf1e2d15 100644
--- a/source3/libsmb/libsmb_context.c
+++ b/source3/libsmb/libsmb_context.c
@@ -486,7 +486,7 @@ smbc_option_get(SMBCCTX *context,
for (s = context->internal->servers; s; s = s->next) {
num_servers++;
- if (!smb1cli_conn_encryption_on(s->cli->conn)) {
+ if (!cli_state_is_encryption_on(s->cli)) {
return (void *)false;
}
}
--
2.13.5

@ -1,141 +0,0 @@
From 364275d1ae8c55242497e7c8804fb28aa3b73465 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 8 Sep 2017 10:13:14 -0700
Subject: [PATCH] CVE-2017-12163: s3:smbd: Prevent client short SMB1 write from
writing server memory to file.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13020
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
---
source3/smbd/reply.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 50 insertions(+)
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 317143f..7b07078 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -4474,6 +4474,9 @@ void reply_writebraw(struct smb_request *req)
}
/* Ensure we don't write bytes past the end of this packet. */
+ /*
+ * This already protects us against CVE-2017-12163.
+ */
if (data + numtowrite > smb_base(req->inbuf) + smb_len(req->inbuf)) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
error_to_writebrawerr(req);
@@ -4574,6 +4577,11 @@ void reply_writebraw(struct smb_request *req)
exit_server_cleanly("secondary writebraw failed");
}
+ /*
+ * We are not vulnerable to CVE-2017-12163
+ * here as we are guarenteed to have numtowrite
+ * bytes available - we just read from the client.
+ */
nwritten = write_file(req,fsp,buf+4,startpos+nwritten,numtowrite);
if (nwritten == -1) {
TALLOC_FREE(buf);
@@ -4647,6 +4655,7 @@ void reply_writeunlock(struct smb_request *req)
connection_struct *conn = req->conn;
ssize_t nwritten = -1;
size_t numtowrite;
+ size_t remaining;
off_t startpos;
const char *data;
NTSTATUS status = NT_STATUS_OK;
@@ -4679,6 +4688,17 @@ void reply_writeunlock(struct smb_request *req)
startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
data = (const char *)req->buf + 3;
+ /*
+ * Ensure client isn't asking us to write more than
+ * they sent. CVE-2017-12163.
+ */
+ remaining = smbreq_bufrem(req, data);
+ if (numtowrite > remaining) {
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ END_PROFILE(SMBwriteunlock);
+ return;
+ }
+
if (!fsp->print_file && numtowrite > 0) {
init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
(uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
@@ -4756,6 +4776,7 @@ void reply_write(struct smb_request *req)
{
connection_struct *conn = req->conn;
size_t numtowrite;
+ size_t remaining;
ssize_t nwritten = -1;
off_t startpos;
const char *data;
@@ -4796,6 +4817,17 @@ void reply_write(struct smb_request *req)
startpos = IVAL_TO_SMB_OFF_T(req->vwv+2, 0);
data = (const char *)req->buf + 3;
+ /*
+ * Ensure client isn't asking us to write more than
+ * they sent. CVE-2017-12163.
+ */
+ remaining = smbreq_bufrem(req, data);
+ if (numtowrite > remaining) {
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ END_PROFILE(SMBwrite);
+ return;
+ }
+
if (!fsp->print_file) {
init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
(uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
@@ -5018,6 +5050,9 @@ void reply_write_and_X(struct smb_request *req)
goto out;
}
} else {
+ /*
+ * This already protects us against CVE-2017-12163.
+ */
if (smb_doff > smblen || smb_doff + numtowrite < numtowrite ||
smb_doff + numtowrite > smblen) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
@@ -5444,6 +5479,7 @@ void reply_writeclose(struct smb_request *req)
{
connection_struct *conn = req->conn;
size_t numtowrite;
+ size_t remaining;
ssize_t nwritten = -1;
NTSTATUS close_status = NT_STATUS_OK;
off_t startpos;
@@ -5477,6 +5513,17 @@ void reply_writeclose(struct smb_request *req)
mtime = convert_time_t_to_timespec(srv_make_unix_date3(req->vwv+4));
data = (const char *)req->buf + 1;
+ /*
+ * Ensure client isn't asking us to write more than
+ * they sent. CVE-2017-12163.
+ */
+ remaining = smbreq_bufrem(req, data);
+ if (numtowrite > remaining) {
+ reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ END_PROFILE(SMBwriteclose);
+ return;
+ }
+
if (fsp->print_file == NULL) {
init_strict_lock_struct(fsp, (uint64_t)req->smbpid,
(uint64_t)startpos, (uint64_t)numtowrite, WRITE_LOCK,
@@ -6069,6 +6116,9 @@ void reply_printwrite(struct smb_request *req)
numtowrite = SVAL(req->buf, 1);
+ /*
+ * This already protects us against CVE-2017-12163.
+ */
if (req->buflen < numtowrite + 3) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
END_PROFILE(SMBsplwr);
--
1.9.1

@ -1,34 +0,0 @@
From d2bc9f3afe23ee04d237ae9f4511fbe59a27ff54 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Mon, 8 May 2017 21:40:40 +0200
Subject: [PATCH] CVE-2017-7494: rpc_server3: Refuse to open pipe names with /
inside
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12780
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
---
source3/rpc_server/srv_pipe.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 0633b5f..c3f0cd8 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -475,6 +475,11 @@ bool is_known_pipename(const char *pipename, struct ndr_syntax_id *syntax)
{
NTSTATUS status;
+ if (strchr(pipename, '/')) {
+ DEBUG(1, ("Refusing open on pipe %s\n", pipename));
+ return false;
+ }
+
if (lp_disable_spoolss() && strequal(pipename, "spoolss")) {
DEBUG(10, ("refusing spoolss access\n"));
return false;
--
1.9.1

@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQBY3flHbzORW2Vot+oRAmTlAJ9sFlLebbYX3c7rOh1P9btozLmTPQCghScz
DQw3KuAbWCKIgkHcy1zZr2o=
=bIg5
-----END PGP SIGNATURE-----

@ -1 +0,0 @@
.git/annex/objects/75/91/SHA256E-s21097045--927afcc16e444718985e3952de92d34e7b776b9ca0238179d866da18a6441c35.tar.gz/SHA256E-s21097045--927afcc16e444718985e3952de92d34e7b776b9ca0238179d866da18a6441c35.tar.gz

@ -0,0 +1,72 @@
From db7947e144d10c15468991cad50315b70f2609d5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= <bb@sernet.de>
Date: Mon, 4 Dec 2017 10:49:19 +0100
Subject: [PATCH 1/2] third_party: Link th aesni-intel library with -z
noexecstack
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13174
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
---
third_party/aesni-intel/wscript | 3 +++
1 file changed, 3 insertions(+)
diff --git a/third_party/aesni-intel/wscript b/third_party/aesni-intel/wscript
index eb92d6626fe..0ccd9eb1e5b 100644
--- a/third_party/aesni-intel/wscript
+++ b/third_party/aesni-intel/wscript
@@ -12,6 +12,8 @@ def configure(conf):
raise Utils.WafError('--aes-accel=intelaesni selected and non x86_64 CPU')
else:
raise Utils.WafError('--aes-accel=intelaesni selected and compiler rejects -Wp,-E,-lang-asm')
+ if not conf.CHECK_LDFLAGS('-Wl,-z,noexecstack'):
+ raise Utils.WafError('--aes-accel=intelaesni selected and linker rejects -z noexecstack')
def build(bld):
if not bld.CONFIG_SET('HAVE_AESNI_INTEL'):
@@ -20,4 +22,5 @@ def build(bld):
bld.SAMBA_LIBRARY('aesni-intel',
source='aesni-intel_asm.c',
cflags='-Wp,-E,-lang-asm',
+ ldflags='-Wl,-z,noexecstack',
private_library=True)
--
2.15.0
From ded56e00f81614e128301d75e38e4b692a712cc4 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Mon, 4 Dec 2017 11:00:10 +0100
Subject: [PATCH 2/2] third_party: Fix a typo in the option name
Signed-off-by: Andreas Schneider <asn@samba.org>
---
third_party/aesni-intel/wscript | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/third_party/aesni-intel/wscript b/third_party/aesni-intel/wscript
index 0ccd9eb1e5b..f0723a52501 100644
--- a/third_party/aesni-intel/wscript
+++ b/third_party/aesni-intel/wscript
@@ -9,11 +9,11 @@ def configure(conf):
print("Compiling with Intel AES instructions")
conf.DEFINE('HAVE_AESNI_INTEL', 1)
else:
- raise Utils.WafError('--aes-accel=intelaesni selected and non x86_64 CPU')
+ raise Utils.WafError('--accel-aes=intelaesni selected and non x86_64 CPU')
else:
- raise Utils.WafError('--aes-accel=intelaesni selected and compiler rejects -Wp,-E,-lang-asm')
+ raise Utils.WafError('--accel-aes=intelaesni selected and compiler rejects -Wp,-E,-lang-asm')
if not conf.CHECK_LDFLAGS('-Wl,-z,noexecstack'):
- raise Utils.WafError('--aes-accel=intelaesni selected and linker rejects -z noexecstack')
+ raise Utils.WafError('--accel-aes=intelaesni selected and linker rejects -z noexecstack')
def build(bld):
if not bld.CONFIG_SET('HAVE_AESNI_INTEL'):
--
2.15.0

@ -0,0 +1,313 @@
From e696afd2d810fef403c6e5d35a44cc0f22128310 Mon Sep 17 00:00:00 2001
From: Gary Lockyer <gary@catalyst.net.nz>
Date: Mon, 21 Aug 2017 15:12:04 +1200
Subject: [PATCH 1/4] s4/smbd: set the process group.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Set the process group in the samba daemon, the --no-process-group option
allows this to be disabled. The no-process-group option needs to be
disabled in self test.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Sep 18 04:39:50 CEST 2017 on sn-devel-144
---
selftest/target/Samba4.pm | 2 +-
source4/smbd/server.c | 18 +++++++++++++++++-
2 files changed, 18 insertions(+), 2 deletions(-)
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 772f982cb9d..6a1856ef642 100755
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -158,7 +158,7 @@ sub check_or_start($$$)
close($env_vars->{STDIN_PIPE});
open STDIN, ">&", $STDIN_READER or die "can't dup STDIN_READER to STDIN: $!";
- exec(@preargs, Samba::bindir_path($self, "samba"), "-M", $process_model, "-i", "--maximum-runtime=$self->{server_maxtime}", $env_vars->{CONFIGURATION}, @optargs) or die("Unable to start samba: $!");
+ exec(@preargs, Samba::bindir_path($self, "samba"), "-M", $process_model, "-i", "--no-process-group", "--maximum-runtime=$self->{server_maxtime}", $env_vars->{CONFIGURATION}, @optargs) or die("Unable to start samba: $!");
}
$env_vars->{SAMBA_PID} = $pid;
print "DONE ($pid)\n";
diff --git a/source4/smbd/server.c b/source4/smbd/server.c
index a8bad06bed3..ba520e0a8f5 100644
--- a/source4/smbd/server.c
+++ b/source4/smbd/server.c
@@ -341,6 +341,7 @@ static int binary_smbd_main(const char *binary_name,
{
bool opt_daemon = false;
bool opt_interactive = false;
+ bool opt_no_process_group = false;
int opt;
poptContext pc;
#define _MODULE_PROTO(init) extern NTSTATUS init(TALLOC_CTX *);
@@ -356,7 +357,8 @@ static int binary_smbd_main(const char *binary_name,
OPT_DAEMON = 1000,
OPT_INTERACTIVE,
OPT_PROCESS_MODEL,
- OPT_SHOW_BUILD
+ OPT_SHOW_BUILD,
+ OPT_NO_PROCESS_GROUP,
};
struct poptOption long_options[] = {
POPT_AUTOHELP
@@ -371,6 +373,8 @@ static int binary_smbd_main(const char *binary_name,
"till autotermination", "seconds"},
{"show-build", 'b', POPT_ARG_NONE, NULL, OPT_SHOW_BUILD,
"show build info", NULL },
+ {"no-process-group", '\0', POPT_ARG_NONE, NULL,
+ OPT_NO_PROCESS_GROUP, "Don't create a new process group" },
POPT_COMMON_SAMBA
POPT_COMMON_VERSION
{ NULL }
@@ -393,6 +397,9 @@ static int binary_smbd_main(const char *binary_name,
case OPT_SHOW_BUILD:
show_build();
break;
+ case OPT_NO_PROCESS_GROUP:
+ opt_no_process_group = true;
+ break;
default:
fprintf(stderr, "\nInvalid option %s: %s\n\n",
poptBadOption(pc, 0), poptStrerror(opt));
@@ -508,6 +515,15 @@ static int binary_smbd_main(const char *binary_name,
stdin_event_flags = 0;
}
+#if HAVE_SETPGID
+ /*
+ * If we're interactive we want to set our own process group for
+ * signal management, unless --no-process-group specified.
+ */
+ if (opt_interactive && !opt_no_process_group)
+ setpgid((pid_t)0, (pid_t)0);
+#endif
+
/* catch EOF on stdin */
#ifdef SIGTTIN
signal(SIGTTIN, SIG_IGN);
--
2.15.0
From 1e3f38e58d52c7424831855c8db63c391e0b4b75 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 15 Nov 2017 10:00:52 +0100
Subject: [PATCH 2/4] s4:samba: Do not segfault if we run into issues
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit bfafabfb942668328401a3c89fc55b50dc56c209)
---
source4/smbd/server.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/source4/smbd/server.c b/source4/smbd/server.c
index ba520e0a8f5..406f79593b9 100644
--- a/source4/smbd/server.c
+++ b/source4/smbd/server.c
@@ -100,8 +100,16 @@ static void cleanup_tmp_files(struct loadparm_context *lp_ctx)
{
char *path;
TALLOC_CTX *mem_ctx = talloc_new(NULL);
+ if (mem_ctx == NULL) {
+ exit_daemon("Failed to create memory context",
+ ENOMEM);
+ }
path = smbd_tmp_path(mem_ctx, lp_ctx, NULL);
+ if (path == NULL) {
+ exit_daemon("Failed to cleanup temporary files",
+ EINVAL);
+ }
recursive_delete(path);
talloc_free(mem_ctx);
--
2.15.0
From b7d08eda158ba540dc7ca8755a6a8fdf34e52501 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Fri, 10 Nov 2017 09:18:18 +0100
Subject: [PATCH 3/4] s4:samba: Allow samba daemon to run in foreground
We are passing the no_process_group to become_daemon() that setsid() is
not called. In case we are double forking, we run in SysV daemon mode,
setsid() should be called!
See:
https://www.freedesktop.org/software/systemd/man/daemon.html
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13129
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 8736013dc42c5755b75bbb2e843a290bcd545909)
---
source3/smbd/server.c | 2 +-
source4/smbd/server.c | 13 ++++++++++---
2 files changed, 11 insertions(+), 4 deletions(-)
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 181bcd1e123..252b43190d7 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -1592,7 +1592,7 @@ extern void build_options(bool screen);
struct poptOption long_options[] = {
POPT_AUTOHELP
{"daemon", 'D', POPT_ARG_NONE, NULL, OPT_DAEMON, "Become a daemon (default)" },
- {"interactive", 'i', POPT_ARG_NONE, NULL, OPT_INTERACTIVE, "Run interactive (not a daemon)"},
+ {"interactive", 'i', POPT_ARG_NONE, NULL, OPT_INTERACTIVE, "Run interactive (not a daemon) and log to stdout"},
{"foreground", 'F', POPT_ARG_NONE, NULL, OPT_FORK, "Run daemon in foreground (for daemontools, etc.)" },
{"no-process-group", '\0', POPT_ARG_NONE, NULL, OPT_NO_PROCESS_GROUP, "Don't create a new process group" },
{"log-stdout", 'S', POPT_ARG_NONE, NULL, OPT_LOG_STDOUT, "Log to stdout" },
diff --git a/source4/smbd/server.c b/source4/smbd/server.c
index 406f79593b9..2349d5c7fa0 100644
--- a/source4/smbd/server.c
+++ b/source4/smbd/server.c
@@ -348,6 +348,7 @@ static int binary_smbd_main(const char *binary_name,
const char *argv[])
{
bool opt_daemon = false;
+ bool opt_fork = true;
bool opt_interactive = false;
bool opt_no_process_group = false;
int opt;
@@ -363,6 +364,7 @@ static int binary_smbd_main(const char *binary_name,
struct stat st;
enum {
OPT_DAEMON = 1000,
+ OPT_FOREGROUND,
OPT_INTERACTIVE,
OPT_PROCESS_MODEL,
OPT_SHOW_BUILD,
@@ -372,6 +374,8 @@ static int binary_smbd_main(const char *binary_name,
POPT_AUTOHELP
{"daemon", 'D', POPT_ARG_NONE, NULL, OPT_DAEMON,
"Become a daemon (default)", NULL },
+ {"foreground", 'F', POPT_ARG_NONE, NULL, OPT_FOREGROUND,
+ "Run the daemon in foreground", NULL },
{"interactive", 'i', POPT_ARG_NONE, NULL, OPT_INTERACTIVE,
"Run interactive (not a daemon)", NULL},
{"model", 'M', POPT_ARG_STRING, NULL, OPT_PROCESS_MODEL,
@@ -396,6 +400,9 @@ static int binary_smbd_main(const char *binary_name,
case OPT_DAEMON:
opt_daemon = true;
break;
+ case OPT_FOREGROUND:
+ opt_fork = false;
+ break;
case OPT_INTERACTIVE:
opt_interactive = true;
break;
@@ -422,7 +429,7 @@ static int binary_smbd_main(const char *binary_name,
"not allowed together with -D|--daemon\n\n");
poptPrintUsage(pc, stderr, 0);
return 1;
- } else if (!opt_interactive) {
+ } else if (!opt_interactive && !opt_fork) {
/* default is --daemon */
opt_daemon = true;
}
@@ -458,8 +465,8 @@ static int binary_smbd_main(const char *binary_name,
}
if (opt_daemon) {
- DEBUG(3,("Becoming a daemon.\n"));
- become_daemon(true, false, false);
+ DBG_NOTICE("Becoming a daemon.\n");
+ become_daemon(opt_fork, opt_no_process_group, false);
}
/* Create the memory context to hang everything off. */
--
2.15.0
From 90588e8d08dcf38d97249eb39d87c5eb36f1fcd3 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Fri, 10 Nov 2017 09:32:27 +0100
Subject: [PATCH 4/4] systemd: Start processes in forground and without a
process group
We should not double fork in notify mode or systemd think something
during startup will be wrong and send SIGTERM to the process. So
sometimes the daemon will not start up correctly.
systemd will also handle the process group.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13129
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 8b6f58194da7e849cdb9d20712dff49b17a93a77)
---
packaging/systemd/nmb.service | 2 +-
packaging/systemd/samba.service | 2 +-
packaging/systemd/smb.service | 2 +-
packaging/systemd/winbind.service | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/packaging/systemd/nmb.service b/packaging/systemd/nmb.service
index 992c0cd9d2b..71c93d6088b 100644
--- a/packaging/systemd/nmb.service
+++ b/packaging/systemd/nmb.service
@@ -7,7 +7,7 @@ Type=notify
NotifyAccess=all
PIDFile=/run/nmbd.pid
EnvironmentFile=-/etc/sysconfig/samba
-ExecStart=/usr/sbin/nmbd $NMBDOPTIONS
+ExecStart=/usr/sbin/nmbd --foreground --no-process-group $NMBDOPTIONS
ExecReload=/usr/bin/kill -HUP $MAINPID
LimitCORE=infinity
diff --git a/packaging/systemd/samba.service b/packaging/systemd/samba.service
index 824f89c2030..1b64c3b779d 100644
--- a/packaging/systemd/samba.service
+++ b/packaging/systemd/samba.service
@@ -8,7 +8,7 @@ NotifyAccess=all
PIDFile=/run/samba.pid
LimitNOFILE=16384
EnvironmentFile=-/etc/sysconfig/samba
-ExecStart=/usr/sbin/samba $SAMBAOPTIONS
+ExecStart=/usr/sbin/samba --foreground --no-process-group $SAMBAOPTIONS
ExecReload=/usr/bin/kill -HUP $MAINPID
[Install]
diff --git a/packaging/systemd/smb.service b/packaging/systemd/smb.service
index 6053a5caaa5..adf6684c7d9 100644
--- a/packaging/systemd/smb.service
+++ b/packaging/systemd/smb.service
@@ -8,7 +8,7 @@ NotifyAccess=all
PIDFile=/run/smbd.pid
LimitNOFILE=16384
EnvironmentFile=-/etc/sysconfig/samba
-ExecStart=/usr/sbin/smbd $SMBDOPTIONS
+ExecStart=/usr/sbin/smbd --foreground --no-process-group $SMBDOPTIONS
ExecReload=/usr/bin/kill -HUP $MAINPID
LimitCORE=infinity
diff --git a/packaging/systemd/winbind.service b/packaging/systemd/winbind.service
index c511488166e..46b3797251d 100644
--- a/packaging/systemd/winbind.service
+++ b/packaging/systemd/winbind.service
@@ -7,7 +7,7 @@ Type=notify
NotifyAccess=all
PIDFile=/run/winbindd.pid
EnvironmentFile=-/etc/sysconfig/samba
-ExecStart=/usr/sbin/winbindd "$WINBINDOPTIONS"
+ExecStart=/usr/sbin/winbindd --foreground --no-process-group "$WINBINDOPTIONS"
ExecReload=/usr/bin/kill -HUP $MAINPID
LimitCORE=infinity
--
2.15.0

@ -0,0 +1,47 @@
From a751c29e4ff3fbdf573252b791775fd805cd7759 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 29 Nov 2017 09:21:30 -0800
Subject: [PATCH] s3: libsmb: Fix valgrind read-after-free error in
cli_smb2_close_fnum_recv().
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
cli_smb2_close_fnum_recv() uses tevent_req_simple_recv_ntstatus(req), which
frees req, then uses the state pointer which was owned by req.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13171
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Nov 30 05:47:12 CET 2017 on sn-devel-144
(cherry picked from commit 5c8032b6b8ce4439b3ef8f43a62a419f081eb787)
---
source3/libsmb/cli_smb2_fnum.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/source3/libsmb/cli_smb2_fnum.c b/source3/libsmb/cli_smb2_fnum.c
index 5d46d543002..237e6bb2b54 100644
--- a/source3/libsmb/cli_smb2_fnum.c
+++ b/source3/libsmb/cli_smb2_fnum.c
@@ -449,8 +449,12 @@ NTSTATUS cli_smb2_close_fnum_recv(struct tevent_req *req)
{
struct cli_smb2_close_fnum_state *state = tevent_req_data(
req, struct cli_smb2_close_fnum_state);
- NTSTATUS status = tevent_req_simple_recv_ntstatus(req);
- state->cli->raw_status = status;
+ NTSTATUS status = NT_STATUS_OK;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ state->cli->raw_status = status;
+ }
+ tevent_req_received(req);
return status;
}
--
2.15.0.531.g2ccb3012c9-goog

@ -0,0 +1,165 @@
From b428a334105a28f55b784d284e865b3c42f1f96d Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Tue, 14 Nov 2017 13:52:03 -0800
Subject: [PATCH] s3: libsmb: smbc_statvfs is missing the supporting SMB2
calls.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13138
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit eefc7a27155b70d027b1193187dd435267d863ea)
---
source3/libsmb/cli_smb2_fnum.c | 97 ++++++++++++++++++++++++++++++++++++++++++
source3/libsmb/cli_smb2_fnum.h | 6 +++
source3/libsmb/clifsinfo.c | 9 ++++
3 files changed, 112 insertions(+)
diff --git a/source3/libsmb/cli_smb2_fnum.c b/source3/libsmb/cli_smb2_fnum.c
index a478c41f068..89cb1f479d5 100644
--- a/source3/libsmb/cli_smb2_fnum.c
+++ b/source3/libsmb/cli_smb2_fnum.c
@@ -1992,6 +1992,103 @@ NTSTATUS cli_smb2_dskattr(struct cli_state *cli, const char *path,
return status;
}
+/***************************************************************
+ Wrapper that allows SMB2 to query file system sizes.
+ Synchronous only.
+***************************************************************/
+
+NTSTATUS cli_smb2_get_fs_full_size_info(struct cli_state *cli,
+ uint64_t *total_allocation_units,
+ uint64_t *caller_allocation_units,
+ uint64_t *actual_allocation_units,
+ uint64_t *sectors_per_allocation_unit,
+ uint64_t *bytes_per_sector)
+{
+ NTSTATUS status;
+ uint16_t fnum = 0xffff;
+ DATA_BLOB outbuf = data_blob_null;
+ struct smb2_hnd *ph = NULL;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ if (smbXcli_conn_protocol(cli->conn) < PROTOCOL_SMB2_02) {
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ /* First open the top level directory. */
+ status =
+ cli_smb2_create_fnum(cli, "", 0, /* create_flags */
+ FILE_READ_ATTRIBUTES, /* desired_access */
+ FILE_ATTRIBUTE_DIRECTORY, /* file attributes */
+ FILE_SHARE_READ | FILE_SHARE_WRITE |
+ FILE_SHARE_DELETE, /* share_access */
+ FILE_OPEN, /* create_disposition */
+ FILE_DIRECTORY_FILE, /* create_options */
+ &fnum,
+ NULL);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+
+ status = map_fnum_to_smb2_handle(cli, fnum, &ph);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+
+ /* getinfo on the returned handle with info_type SMB2_GETINFO_FS (2),
+ level 7 (SMB_FS_FULL_SIZE_INFORMATION). */
+
+ status = smb2cli_query_info(cli->conn,
+ cli->timeout,
+ cli->smb2.session,
+ cli->smb2.tcon,
+ SMB2_GETINFO_FS, /* in_info_type */
+ /* in_file_info_class */
+ SMB_FS_FULL_SIZE_INFORMATION - 1000,
+ 0xFFFF, /* in_max_output_length */
+ NULL, /* in_input_buffer */
+ 0, /* in_additional_info */
+ 0, /* in_flags */
+ ph->fid_persistent,
+ ph->fid_volatile,
+ frame,
+ &outbuf);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+
+ if (outbuf.length < 32) {
+ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+ goto fail;
+ }
+
+ *total_allocation_units = BIG_UINT(outbuf.data, 0);
+ *caller_allocation_units = BIG_UINT(outbuf.data, 8);
+ *actual_allocation_units = BIG_UINT(outbuf.data, 16);
+ *sectors_per_allocation_unit = (uint64_t)IVAL(outbuf.data, 24);
+ *bytes_per_sector = (uint64_t)IVAL(outbuf.data, 28);
+
+fail:
+
+ if (fnum != 0xffff) {
+ cli_smb2_close_fnum(cli, fnum);
+ }
+
+ cli->raw_status = status;
+
+ TALLOC_FREE(frame);
+ return status;
+}
+
/***************************************************************
Wrapper that allows SMB2 to query file system attributes.
Synchronous only.
diff --git a/source3/libsmb/cli_smb2_fnum.h b/source3/libsmb/cli_smb2_fnum.h
index 9a709e85d96..c9325b66902 100644
--- a/source3/libsmb/cli_smb2_fnum.h
+++ b/source3/libsmb/cli_smb2_fnum.h
@@ -136,6 +136,12 @@ NTSTATUS cli_smb2_dskattr(struct cli_state *cli,
uint64_t *total,
uint64_t *avail);
NTSTATUS cli_smb2_get_fs_attr_info(struct cli_state *cli, uint32_t *fs_attr);
+NTSTATUS cli_smb2_get_fs_full_size_info(struct cli_state *cli,
+ uint64_t *total_allocation_units,
+ uint64_t *caller_allocation_units,
+ uint64_t *actual_allocation_units,
+ uint64_t *sectors_per_allocation_unit,
+ uint64_t *bytes_per_sector);
NTSTATUS cli_smb2_query_security_descriptor(struct cli_state *cli,
uint16_t fnum,
uint32_t sec_info,
diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c
index 119b1216fb2..46236390022 100644
--- a/source3/libsmb/clifsinfo.c
+++ b/source3/libsmb/clifsinfo.c
@@ -439,6 +439,15 @@ NTSTATUS cli_get_fs_full_size_info(struct cli_state *cli,
uint32_t rdata_count;
NTSTATUS status;
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ return cli_smb2_get_fs_full_size_info(cli,
+ total_allocation_units,
+ caller_allocation_units,
+ actual_allocation_units,
+ sectors_per_allocation_unit,
+ bytes_per_sector);
+ }
+
SSVAL(setup, 0, TRANSACT2_QFSINFO);
SSVAL(param, 0, SMB_FS_FULL_SIZE_INFORMATION);
--
2.15.0.448.gf294e3d99a-goog

@ -0,0 +1,66 @@
From 79381295b788a8196ccbf2ff378268286d7782d5 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 8 Sep 2017 16:20:34 -0700
Subject: [PATCH] libsmbclient: Allow server (NetApp) to return
STATUS_INVALID_PARAMETER from an echo.
It does this if we send a session ID of zero. The server still replied.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13007
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Nov 11 08:44:37 CET 2017 on sn-devel-144
(cherry picked from commit a0f6ea8dec1ab3d19bc93da12a9b0a1c0ccf6142)
---
source3/client/client.c | 8 +++++++-
source3/libsmb/libsmb_server.c | 11 ++++++++++-
2 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/source3/client/client.c b/source3/client/client.c
index b4a6c7d0389..9c57375881d 100644
--- a/source3/client/client.c
+++ b/source3/client/client.c
@@ -5900,7 +5900,13 @@ static void readline_callback(void)
/* Ping the server to keep the connection alive using SMBecho. */
memset(garbage, 0xf0, sizeof(garbage));
status = cli_echo(cli, 1, data_blob_const(garbage, sizeof(garbage)));
- if (NT_STATUS_IS_OK(status)) {
+ if (NT_STATUS_IS_OK(status) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
+ /*
+ * Even if server returns NT_STATUS_INVALID_PARAMETER
+ * it still responded.
+ * BUG: https://bugzilla.samba.org/show_bug.cgi?id=13007
+ */
return;
}
diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_server.c
index b0e5926fa65..2d41f2facf3 100644
--- a/source3/libsmb/libsmb_server.c
+++ b/source3/libsmb/libsmb_server.c
@@ -61,7 +61,16 @@ SMBC_check_server(SMBCCTX * context,
1,
data_blob_const(data, sizeof(data)));
if (!NT_STATUS_IS_OK(status)) {
- return 1;
+ /*
+ * Some NetApp servers return
+ * NT_STATUS_INVALID_PARAMETER.That's OK, they still
+ * replied.
+ * BUG: https://bugzilla.samba.org/show_bug.cgi?id=13007
+ */
+ if (!NT_STATUS_EQUAL(status,
+ NT_STATUS_INVALID_PARAMETER)) {
+ return 1;
+ }
}
server->last_echo_time = now;
}
--
2.15.0.448.gf294e3d99a-goog

@ -0,0 +1,84 @@
From b1f54d6b0a24a91ac3ef8b99b22ff68c2d0ca13d Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power@suse.com>
Date: Thu, 23 Nov 2017 15:55:21 +0000
Subject: [PATCH 1/2] s3:libads: net ads keytab list fails with "Key table name
malformed"
When keytab_name is NULL don't call smb_krb5_kt_open use ads_keytab_open
instead, this function will determine the correct keytab to use.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13166
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 3048ae318fc8b4d1b7663826972306372430a463)
---
source3/libads/kerberos_keytab.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index ff12ec04af6..ffd100c5636 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -639,7 +639,11 @@ int ads_keytab_list(const char *keytab_name)
return ret;
}
- ret = smb_krb5_kt_open(context, keytab_name, False, &keytab);
+ if (keytab_name == NULL) {
+ ret = ads_keytab_open(context, &keytab);
+ } else {
+ ret = smb_krb5_kt_open(context, keytab_name, False, &keytab);
+ }
if (ret) {
DEBUG(1, ("smb_krb5_kt_open failed (%s)\n",
error_message(ret)));
--
2.15.0
From 6e067b990a8cbb0589d3a83e699aa766a6fee939 Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power@suse.com>
Date: Fri, 24 Nov 2017 07:06:27 +0000
Subject: [PATCH 2/2] testprogs: Test net ads keytab list
Test that correct keytab is picked up.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13166
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 4be05c835e9d8b8f13856d592aaf42b40ce397c2)
---
testprogs/blackbox/test_net_ads.sh | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/testprogs/blackbox/test_net_ads.sh b/testprogs/blackbox/test_net_ads.sh
index bbd99b676bd..c5dbaf69ba2 100755
--- a/testprogs/blackbox/test_net_ads.sh
+++ b/testprogs/blackbox/test_net_ads.sh
@@ -46,6 +46,19 @@ testit "testjoin (dedicated keytab)" $VALGRIND $net_tool ads testjoin -kP || fai
testit "changetrustpw (dedicated keytab)" $VALGRIND $net_tool ads changetrustpw || failed=`expr $failed + 1`
testit "leave (dedicated keytab)" $VALGRIND $net_tool ads leave -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1`
+
+# if there is no keytab, try and create it
+if [ ! -f $dedicated_keytab_file ]; then
+ if [ $(command -v ktutil) >/dev/null ]; then
+ printf "addent -password -p $DC_USERNAME@$REALM -k 1 -e rc4-hmac\n$DC_PASSWORD\nwkt $dedicated_keytab_file\n" | ktutil
+ fi
+fi
+
+if [ -f $dedicated_keytab_file ]; then
+ testit "keytab list (dedicated keytab)" $VALGRIND $net_tool ads keytab list --option="kerberosmethod=dedicatedkeytab" --option="dedicatedkeytabfile=$dedicated_keytab_file" || failed=`expr $failed + 1`
+ testit "keytab list keytab specified on cmdline" $VALGRIND $net_tool ads keytab list $dedicated_keytab_file || failed=`expr $failed + 1`
+fi
+
rm -f $dedicated_keytab_file
testit_expect_failure "testjoin(not joined)" $VALGRIND $net_tool ads testjoin -kP || failed=`expr $failed + 1`
--
2.15.0

@ -0,0 +1,6 @@
-----BEGIN PGP SIGNATURE-----
iFwEABECABwFAln7BUkVHHNhbWJhLWJ1Z3NAc2FtYmEub3JnAAoJEG8zkVtlaLfq
uE8AoLwq4CwndlLlfxZ771nZUMjKVQrmAKCMHeFPFaVfKPhVWW37nQxQ3EXeew==
=LZI3
-----END PGP SIGNATURE-----

@ -0,0 +1 @@
.git/annex/objects/6z/WQ/SHA256E-s11099904--6a23ddd7b6ef3f86ca4a1b55776be1f1be596663bb917c0302aea118ac11d7de.tar.xz/SHA256E-s11099904--6a23ddd7b6ef3f86ca4a1b55776be1f1be596663bb917c0302aea118ac11d7de.tar.xz

@ -1,37 +0,0 @@
From 69c97f1806f72a61f194acaaba7f2b919cb91227 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Thu, 5 Jan 2017 09:34:36 +0100
Subject: [PATCH] replace: Include sysmacros.h
In the GNU C Library, "makedev" is defined by <sys/sysmacros.h>. For
historical compatibility, it is currently defined by <sys/types.h> as
well, but it is planned to remove this soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12686
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 0127bdd33b251a52c6ffc44b6cb3b82b16a80741)
---
lib/replace/replace.h | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/lib/replace/replace.h b/lib/replace/replace.h
index c69a069e4b3..1dbeacfff66 100644
--- a/lib/replace/replace.h
+++ b/lib/replace/replace.h
@@ -171,6 +171,10 @@
#include <sys/types.h>
#endif
+#ifdef HAVE_SYS_SYSMACROS_H
+#include <sys/sysmacros.h>
+#endif
+
#ifdef HAVE_SETPROCTITLE_H
#include <setproctitle.h>
#endif
--
2.12.0

File diff suppressed because it is too large Load Diff

@ -1,39 +0,0 @@
From dc05cb5cd01b3264109ddee8d1bc095cd585e09e Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Mon, 20 Mar 2017 16:08:20 +0100
Subject: [PATCH] s3:libsmb: Only print error message if kerberos use is forced
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12704
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
---
source3/libsmb/cliconnect.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 029c3d4760e..93f873079db 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -349,9 +349,15 @@ NTSTATUS cli_session_creds_prepare_krb5(struct cli_state *cli,
0 /* no time correction for now */,
NULL);
if (ret != 0) {
- DEBUG(0, ("Kinit for %s to access %s failed: %s\n",
- user_principal, target_hostname,
- error_message(ret)));
+ int dbglvl = DBGLVL_WARNING;
+
+ if (krb5_state == CRED_MUST_USE_KERBEROS) {
+ dbglvl = DBGLVL_ERR;
+ }
+
+ DEBUG(dbglvl, ("Kinit for %s to access %s failed: %s\n",
+ user_principal, target_hostname,
+ error_message(ret)));
if (krb5_state == CRED_MUST_USE_KERBEROS) {
TALLOC_FREE(frame);
return krb5_to_nt_status(ret);
--
2.12.0

@ -1,293 +0,0 @@
From e73223b0edc62a6e89f68fe5f0a3c56cd14322de Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Mon, 13 Mar 2017 17:30:37 +0100
Subject: [PATCH 1/5] testprogs: Correctly expand shell parameters
The old behaviour is:
for var in $*
do
echo "$var"
done
And you get this:
$ sh test.sh 1 2 '3 4'
1
2
3
4
Changing it to:
for var in "$@"
do
echo "$var"
done
will correctly expand to:
$ sh test.sh 1 2 '3 4'
1
2
3 4
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Mar 15 05:26:17 CET 2017 on sn-devel-144
(cherry picked from commit acad0adc2977ca26df44e5b22d8b8e991177af71)
---
testprogs/blackbox/subunit.sh | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/testprogs/blackbox/subunit.sh b/testprogs/blackbox/subunit.sh
index 0791d775d27..5c81ce20a11 100755
--- a/testprogs/blackbox/subunit.sh
+++ b/testprogs/blackbox/subunit.sh
@@ -78,7 +78,7 @@ subunit_skip_test () {
testit () {
name="$1"
shift
- cmdline="$*"
+ cmdline="$@"
subunit_start_test "$name"
output=`$cmdline 2>&1`
status=$?
@@ -93,7 +93,7 @@ testit () {
testit_expect_failure () {
name="$1"
shift
- cmdline="$*"
+ cmdline="$@"
subunit_start_test "$name"
output=`$cmdline 2>&1`
status=$?
--
2.12.0