Karolin Seeger
2018-04-13 08:11:44 UTC
The branch, v4-6-stable has been updated
via c4d44b9 VERSION: Disable GIT_SNAPSHOT for the 4.6.15 release.
via 46be020 WHATSNEW: Add release notes for Samba 4.6.15.
via c90accf torture: Test compound request request counters
via fb602bd s3:smb2_server: correctly maintain request counters for compound requests
via e1c58ec s3: smbd: Unix extensions attempts to change wrong field in fchown call.
via b11b0e0 s3:smbd: map nterror on smb2_flush errorpath
via 24354b0 vfs_glusterfs: Fix the wrong pointer being sent in glfs_fsync_async
via 94d91c9 s3: smbd: Fix possible directory fd leak if the underlying OS doesn't support fdopendir()
via 8f4202e s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error, we don't own it here.
via 0afb85c tests/bind.py: Add a bind test with NTLMSSP with no domain
via 96d9297 s3:cliconnect.c: remove useless ';'
via bb14cec s3:libsmb: allow -U"\administrator" to work
via d71e1a2 Merge tag 'samba-4.6.14' into v4-6-test
via 2d2fb95 VERSION: Bump version up to 4.6.15...
via 85fc0d5 build: fix libceph-common detection
via 903cccc VERSION: Disable GIT_SNAPSHOT for the 4.6.14 release.
via 5cabac8 WHATSNEW: Add release notes for Samba 4.6.14.
via 58c2418 CVE-2018-1057: s4:dsdb/acl: changing dBCSPwd is only allowed with a control
via 03b1513 CVE-2018-1057: s4:dsdb: use DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID
via 96261a0 CVE-2018-1057: s4:dsdb/samdb: define DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID control
via 9e03a09 CVE-2018-1057: s4:dsdb/acl: run password checking only once
via 43863fc CVE-2018-1057: s4/dsdb: correctly detect password resets
via 0c2ef5f CVE-2018-1057: s4:dsdb/acl: add a NULL check for talloc_new() in acl_check_password_rights()
via 2cce162 CVE-2018-1057: s4:dsdb/acl: add check for DSDB_CONTROL_PASSWORD_HASH_VALUES_OID control
via a0e418a CVE-2018-1057: s4:dsdb/acl: check for internal controls before other checks
via 4a8b22c CVE-2018-1057: s4:dsdb/acl: remove unused else branches in acl_check_password_rights()
via ed471f3 CVE-2018-1057: s4:dsdb/acl: only call dsdb_acl_debug() if we checked the acl in acl_check_password_rights()
via a976076 CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for passwordAttr->num_values
via 4b93237 CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for LDB_FLAG_MOD_TYPE
via 1610632 CVE-2018-1057: s4:dsdb/tests: add a test for password change with empty delete
via 5365141 CVE-2018-1050: s3: RPC: spoolss server. Protect against null pointer derefs.
via ae55cfe s3:smbd: Do not crash if we fail to init the session table
via 8fe0589 libsmb: Use smb2 tcon if conn_protocol >= SMB2_02
via 3dadbb3 torture: Add test for channel sequence number handling
via 597aba1 smbXcli: Add "force_channel_sequence"
via 082c08e smbd: Fix channel sequence number checks for long-running requests
via c3bce29 smbd: Remove a "!" from an if-condition for easier readability
via 65992c6 torture4: Fix typos
via dc5dbc6 smbd: Fix a typo
via b726719 s3:smb2_server: allow logoff, close, unlock, cancel and echo on expired sessions
via 7118165 s3:smbd: return the correct error for cancelled SMB2 notifies on expired sessions
via f0e7a7c s4:torture: add smb2.session.expire2 test
via d0c6802 Revert "HEIMDAL:kdc: fix memory leak when decryption AuthorizationData"
via c190c37 Revert "HEIMDAL:kdc: decrypt b->enc_authorization_data in tgs_build_reply()"
via e1a5f80 Revert "HEIMDAL:kdc: if we don't have an authenticator subkey for S4U2Proxy we need to use the additional tickets key"
via 542382a Revert "s4:kdc: fix the principal names in samba_kdc_update_delegation_info_blob"
via fb65808 Revert "HEIMDAL:kdc: let _kdc_encode_reply() use the encryption type based on the server key"
via 4afb9bd Revert "HEIMDAL:hdb: export a hdb_enctype_supported() helper function"
via cb60d1c Revert "s4:kdc: use the strongest possible tgs session key"
via 0cd6906 Revert "TODO s4:kdc: msDS-SupportedEncryptionTypes only on computers"
via 89f27fa Revert "TODO s4:kdc: indicate support for new encryption types by adding empty keys"
via 3a54a04 Revert "HEIMDAL:kdc: use the correct authtime from addtitional ticket for S4U2Proxy tickets"
via 56a40ab samba: Only use async signal-safe functions in signal handler
via 670af37 subnet: Avoid a segfault when renaming subnet objects
via f2e21e6 HEIMDAL:kdc: use the correct authtime from addtitional ticket for S4U2Proxy tickets
via ffda28e TODO s4:kdc: indicate support for new encryption types by adding empty keys
via 075f061 TODO s4:kdc: msDS-SupportedEncryptionTypes only on computers
via 7d0559e s4:kdc: use the strongest possible tgs session key
via 2a7392d HEIMDAL:hdb: export a hdb_enctype_supported() helper function
via 8ac00b0 HEIMDAL:kdc: let _kdc_encode_reply() use the encryption type based on the server key
via 9f3571a s4:kdc: fix the principal names in samba_kdc_update_delegation_info_blob
via 312bf1c HEIMDAL:kdc: if we don't have an authenticator subkey for S4U2Proxy we need to use the additional tickets key
via 3dd52dd HEIMDAL:kdc: decrypt b->enc_authorization_data in tgs_build_reply()
via 9ec1a52 HEIMDAL:kdc: fix memory leak when decryption AuthorizationData
via 2ed8741 VERSION: Bump version up to 4.6.14...
from d64e68a VERSION: Disable GIT_SNAPSHOT for the 4.6.14 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-6-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 81 ++++++-
auth/credentials/tests/bind.py | 26 ++-
libcli/smb/smbXcli_base.c | 15 +-
libcli/smb/smbXcli_base.h | 4 +
python/samba/subnets.py | 33 +++
source3/libads/ldap_utils.c | 9 +
source3/librpc/idl/smbXsrv.idl | 3 +-
source3/libsmb/cliconnect.c | 9 +-
source3/libsmb/clientgen.c | 2 +-
source3/modules/vfs_glusterfs.c | 2 +-
source3/smbd/globals.h | 1 +
source3/smbd/negprot.c | 23 +-
source3/smbd/notify.c | 17 +-
source3/smbd/smb2_flush.c | 2 +-
source3/smbd/smb2_lock.c | 17 ++
source3/smbd/smb2_query_directory.c | 9 +-
source3/smbd/smb2_server.c | 52 ++++-
source3/smbd/trans2.c | 4 +-
source3/wscript | 6 +-
source4/dsdb/samdb/ldb_modules/samldb.c | 8 +-
source4/dsdb/tests/python/sites.py | 45 ++++
source4/libcli/smb2/keepalive.c | 7 +-
source4/smbd/server.c | 4 +-
source4/torture/smb2/compound.c | 77 +++++++
source4/torture/smb2/replay.c | 117 ++++++++++-
source4/torture/smb2/session.c | 362 ++++++++++++++++++++++++++++++++
27 files changed, 884 insertions(+), 53 deletions(-)
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index c516eb7..e657759 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=6
-SAMBA_VERSION_RELEASE=14
+SAMBA_VERSION_RELEASE=15
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index ca1e471..fa673c3 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,79 @@
==============================
+ Release Notes for Samba 4.6.15
+ April 13, 2018
+ ==============================
+
+
+This is the latest stable release of the Samba 4.6 release series.
+
+
+Changes since 4.6.14:
+---------------------
+
+o Jeremy Allison <***@samba.org>
+ * BUG 13244: s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed
+ on error, we don't own it here.
+ * BUG 13270: s3: smbd: Fix possible directory fd leak if the underlying
+ OS doesn't support fdopendir().
+ * BUG 13375: s3: smbd: Unix extensions attempts to change wrong field
+ in fchown call.
+
+o Günther Deschner <***@samba.org>
+ * BUG 13277: build: fix libceph-common detection.
+
+o Poornima G <***@redhat.com>
+ * BUG 13297: vfs_glusterfs: Fix the wrong pointer being sent in
+ glfs_fsync_async.
+
+o Volker Lendecke <***@samba.org>
+ * BUG 13215: Fix smbd panic if the client-supplied channel sequence number
+ wraps.
+ * BUG 13240: samba: Only use async signal-safe functions in signal handler.
+
+o Stefan Metzmacher <***@samba.org>
+ * BUG 13197: SMB2 close/lock/logoff can generate
+ NT_STATUS_NETWORK_SESSION_EXPIRED.
+ * BUG 13206: Fix authentication with an empty string domain ''.
+ * BUG 13215: s3:smb2_server: correctly maintain request counters for
+ compound requests.
+
+o Anton Nefedov
+ * BUG 13338: s3:smbd: Map nterror on smb2_flush errorpath.
+
+o Dan Robertson <***@tripwire.com>
+ * BUG 13310: libsmb: Use smb2 tcon if conn_protocol >= SMB2_02.
+
+o Garming Sam <***@catalyst.net.nz>
+ * BUG 13031: subnet: Avoid a segfault when renaming subnet objects.
+
+o Andreas Schneider <***@samba.org>
+ * BUG 13315: s3:smbd: Do not crash if we fail to init the session table.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+ ==============================
Release Notes for Samba 4.6.14
March 13, 2018
=============================
@@ -36,7 +111,7 @@ o CVE-2018-1057:
https://wiki.samba.org/index.php/CVE-2018-1057
-Changes since 4.6.12:
+Changes since 4.6.13:
---------------------
o Jeremy Allison <***@samba.org>
@@ -71,8 +146,8 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
==============================
Release Notes for Samba 4.6.13
diff --git a/auth/credentials/tests/bind.py b/auth/credentials/tests/bind.py
index 91e493d..4aa4498 100755
--- a/auth/credentials/tests/bind.py
+++ b/auth/credentials/tests/bind.py
@@ -43,6 +43,7 @@ creds_machine = copy.deepcopy(creds)
creds_user1 = copy.deepcopy(creds)
creds_user2 = copy.deepcopy(creds)
creds_user3 = copy.deepcopy(creds)
+creds_user4 = copy.deepcopy(creds)
class BindTests(samba.tests.TestCase):
@@ -64,7 +65,7 @@ class BindTests(samba.tests.TestCase):
self.config_dn = self.info_dc["configurationNamingContext"][0]
self.computer_dn = "CN=centos53,CN=Computers,%s" % self.domain_dn
self.password = "***@ssw0rd"
- self.username = "BindTestUser_" + time.strftime("%s", time.gmtime())
+ self.username = "BindTestUser"
def tearDown(self):
super(BindTests, self).tearDown()
@@ -113,6 +114,7 @@ unicodePwd:: """ + base64.b64encode("\"***@ssw0rd\"".encode('utf-16-le')) + """
expression="(samAccountName=%s)" % self.username)
self.assertEquals(len(ldb_res), 1)
user_dn = ldb_res[0]["dn"]
+ self.addCleanup(delete_force, self.ldb, user_dn)
# do a simple bind and search with the user account in format ***@realm
creds_user1.set_bind_dn(self.username + "@" + creds.get_realm())
@@ -138,5 +140,27 @@ unicodePwd:: """ + base64.b64encode("\"***@ssw0rd\"".encode('utf-16-le')) + """
lp=lp, ldap_only=True)
res = ldb_user3.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
+ def test_user_account_bind_no_domain(self):
+ # create user
+ self.ldb.newuser(username=self.username, password=self.password)
+ ldb_res = self.ldb.search(base=self.domain_dn,
+ scope=SCOPE_SUBTREE,
+ expression="(samAccountName=%s)" % self.username)
+ self.assertEquals(len(ldb_res), 1)
+ user_dn = ldb_res[0]["dn"]
+ self.addCleanup(delete_force, self.ldb, user_dn)
+
+ creds_user4.set_username(self.username)
+ creds_user4.set_password(self.password)
+ creds_user4.set_domain('')
+ creds_user4.set_workstation('')
+ print "BindTest (no domain) with: " + self.username
+ try:
+ ldb_user4 = samba.tests.connect_samdb(host, credentials=creds_user4,
+ lp=lp, ldap_only=True)
+ except:
+ self.fail("Failed to connect without the domain set")
+
+ res = ldb_user4.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
TestProgram(module=__name__, opts=subunitopts)
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index 239e5eb..d1e532d 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -138,6 +138,8 @@ struct smbXcli_conn {
uint8_t io_priority;
+ bool force_channel_sequence;
+
uint8_t preauth_sha512[64];
} smb2;
@@ -532,6 +534,17 @@ const struct GUID *smbXcli_conn_server_guid(struct smbXcli_conn *conn)
return &conn->smb1.server.guid;
}
+bool smbXcli_conn_get_force_channel_sequence(struct smbXcli_conn *conn)
+{
+ return conn->smb2.force_channel_sequence;
+}
+
+void smbXcli_conn_set_force_channel_sequence(struct smbXcli_conn *conn,
+ bool v)
+{
+ conn->smb2.force_channel_sequence = v;
+}
+
struct smbXcli_conn_samba_suicide_state {
struct smbXcli_conn *conn;
struct iovec iov;
@@ -2896,7 +2909,7 @@ struct tevent_req *smb2cli_req_create(TALLOC_CTX *mem_ctx,
uint32_t flags = 0;
uint32_t tid = 0;
uint64_t uid = 0;
- bool use_channel_sequence = false;
+ bool use_channel_sequence = conn->smb2.force_channel_sequence;
uint16_t channel_sequence = 0;
bool use_replay_flag = false;
diff --git a/libcli/smb/smbXcli_base.h b/libcli/smb/smbXcli_base.h
index 2594f07..336b1cb 100644
--- a/libcli/smb/smbXcli_base.h
+++ b/libcli/smb/smbXcli_base.h
@@ -58,6 +58,10 @@ uint16_t smbXcli_conn_max_requests(struct smbXcli_conn *conn);
NTTIME smbXcli_conn_server_system_time(struct smbXcli_conn *conn);
const DATA_BLOB *smbXcli_conn_server_gss_blob(struct smbXcli_conn *conn);
const struct GUID *smbXcli_conn_server_guid(struct smbXcli_conn *conn);
+bool smbXcli_conn_get_force_channel_sequence(struct smbXcli_conn *conn);
+void smbXcli_conn_set_force_channel_sequence(struct smbXcli_conn *conn,
+ bool v);
+
struct tevent_req *smbXcli_conn_samba_suicide_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
diff --git a/python/samba/subnets.py b/python/samba/subnets.py
index e859f06..72eeb0f 100644
--- a/python/samba/subnets.py
+++ b/python/samba/subnets.py
@@ -127,6 +127,39 @@ def delete_subnet(samdb, configDn, subnet_name):
samdb.delete(dnsubnet)
+def rename_subnet(samdb, configDn, subnet_name, new_name):
+ """Rename a subnet.
+
+ :param samdb: A samdb connection
+ :param configDn: The DN of the configuration partition
+ :param subnet_name: Name of the subnet to rename
+ :param new_name: New name for the subnet
+ :return: None
+ :raise SubnetNotFound: if the subnet to be renamed does not exist.
+ :raise SubnetExists: if the subnet to be created already exists.
+ """
+ dnsubnet = ldb.Dn(samdb, "CN=Subnets,CN=Sites")
+ if dnsubnet.add_base(configDn) == False:
+ raise SubnetException("dnsubnet.add_base() failed")
+ if dnsubnet.add_child("CN=X") == False:
+ raise SubnetException("dnsubnet.add_child() failed")
+ dnsubnet.set_component(0, "CN", subnet_name)
+
+ newdnsubnet = ldb.Dn(samdb, str(dnsubnet))
+ newdnsubnet.set_component(0, "CN", new_name)
+ try:
+ samdb.rename(dnsubnet, newdnsubnet)
+ except LdbError as (enum, estr):
+ if enum == ldb.ERR_NO_SUCH_OBJECT:
+ raise SubnetNotFound('Subnet %s does not exist' % subnet)
+ elif enum == ldb.ERR_ENTRY_ALREADY_EXISTS:
+ raise SubnetAlreadyExists('A subnet with the CIDR %s already exists'
+ % new_name)
+ elif enum == ldb.ERR_INVALID_DN_SYNTAX:
+ raise SubnetInvalid("%s is not a valid subnet: %s" % (new_name,
+ estr))
+ else:
+ raise
def set_subnet_site(samdb, configDn, subnet_name, site_name):
"""Assign a subnet to a site.
diff --git a/source3/libads/ldap_utils.c b/source3/libads/ldap_utils.c
index a4adbc0..0c37b06 100644
--- a/source3/libads/ldap_utils.c
+++ b/source3/libads/ldap_utils.c
@@ -105,9 +105,18 @@ static ADS_STATUS ads_do_search_retry_internal(ADS_STRUCT *ads, const char *bind
status = ads_connect(ads);
if (!ADS_ERR_OK(status)) {
+ bool orig_is_mine = ads->is_mine;
+
DEBUG(1,("ads_search_retry: failed to reconnect (%s)\n",
ads_errstr(status)));
+ /*
+ * We need to keep the ads pointer
+ * from being freed here as we don't own it and
+ * callers depend on it being around.
+ */
+ ads->is_mine = false;
ads_destroy(&ads);
+ ads->is_mine = orig_is_mine;
SAFE_FREE(bp);
return status;
}
diff --git a/source3/librpc/idl/smbXsrv.idl b/source3/librpc/idl/smbXsrv.idl
index 1bfa51e..d3f8d30 100644
--- a/source3/librpc/idl/smbXsrv.idl
+++ b/source3/librpc/idl/smbXsrv.idl
@@ -430,7 +430,8 @@ interface smbXsrv
uint32 durable_timeout_msec;
boolean8 durable;
DATA_BLOB backend_cookie;
- hyper channel_sequence;
+ uint16 channel_sequence;
+ hyper channel_generation;
} smbXsrv_open_global0;
typedef union {
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 75bcae4..7f03e8b 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -283,8 +283,9 @@ NTSTATUS cli_session_creds_prepare_krb5(struct cli_state *cli,
auth_requested = cli_credentials_authentication_requested(creds);
if (auth_requested) {
+ errno = 0;
user_principal = cli_credentials_get_principal(creds, frame);
- if (user_principal == NULL) {
+ if (errno != 0) {
TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
@@ -299,6 +300,10 @@ NTSTATUS cli_session_creds_prepare_krb5(struct cli_state *cli,
try_kerberos = true;
}
+ if (user_principal == NULL) {
+ try_kerberos = false;
+ }
+
if (target_hostname == NULL) {
try_kerberos = false;
} else if (is_ipaddress(target_hostname)) {
@@ -1281,7 +1286,7 @@ static struct tevent_req *cli_session_setup_spnego_send(
status = cli_session_creds_prepare_krb5(cli, creds);
if (tevent_req_nterror(req, status)) {
- return tevent_req_post(req, ev);;
+ return tevent_req_post(req, ev);
}
subreq = cli_session_setup_gensec_send(state, ev, cli, creds,
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index e675f95..305f567 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -384,7 +384,7 @@ uint32_t cli_state_set_tid(struct cli_state *cli, uint32_t tid)
uint32_t ret;
if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
ret = smb2cli_tcon_current_id(cli->smb2.tcon);
- smb2cli_tcon_set_id(cli->smb1.tcon, tid);
+ smb2cli_tcon_set_id(cli->smb2.tcon, tid);
} else {
ret = smb1cli_tcon_current_id(cli->smb1.tcon);
smb1cli_tcon_set_id(cli->smb1.tcon, tid);
diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c
index 09e74eb..6200333 100644
--- a/source3/modules/vfs_glusterfs.c
+++ b/source3/modules/vfs_glusterfs.c
@@ -961,7 +961,7 @@ static struct tevent_req *vfs_gluster_fsync_send(struct vfs_handle_struct
PROFILE_TIMESTAMP(&state->start);
ret = glfs_fsync_async(*(glfs_fd_t **)VFS_FETCH_FSP_EXTENSION(handle,
- fsp), aio_glusterfs_done, req);
+ fsp), aio_glusterfs_done, state);
if (ret < 0) {
tevent_req_error(req, -ret);
return tevent_req_post(req, ev);
diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h
index d3b9800..efcf3e9 100644
--- a/source3/smbd/globals.h
+++ b/source3/smbd/globals.h
@@ -733,6 +733,7 @@ struct smbd_smb2_request {
* adapted again in reply.
*/
bool request_counters_updated;
+ uint64_t channel_generation;
/*
* The sub request for async backend calls.
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index 838ff45..96199d3 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -65,6 +65,8 @@ static void reply_lanman1(struct smb_request *req, uint16_t choice)
time_t t = time(NULL);
struct smbXsrv_connection *xconn = req->xconn;
uint16_t raw;
+ NTSTATUS status;
+
if (lp_async_smb_echo_handler()) {
raw = 0;
} else {
@@ -88,7 +90,11 @@ static void reply_lanman1(struct smb_request *req, uint16_t choice)
SSVAL(req->outbuf,smb_vwv11, 8);
}
- smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN1);
+ status = smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN1);
+ if (!NT_STATUS_IS_OK(status)) {
+ reply_nterror(req, status);
+ return;
+ }
/* Reply, SMBlockread, SMBwritelock supported. */
SCVAL(req->outbuf,smb_flg, FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
@@ -115,6 +121,8 @@ static void reply_lanman2(struct smb_request *req, uint16_t choice)
time_t t = time(NULL);
struct smbXsrv_connection *xconn = req->xconn;
uint16_t raw;
+ NTSTATUS status;
+
if (lp_async_smb_echo_handler()) {
raw = 0;
} else {
@@ -140,7 +148,11 @@ static void reply_lanman2(struct smb_request *req, uint16_t choice)
SSVAL(req->outbuf,smb_vwv11, 8);
}
- smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN2);
+ status = smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN2);
+ if (!NT_STATUS_IS_OK(status)) {
+ reply_nterror(req, status);
+ return;
+ }
/* Reply, SMBlockread, SMBwritelock supported. */
SCVAL(req->outbuf,smb_flg,FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
@@ -251,6 +263,7 @@ static void reply_nt1(struct smb_request *req, uint16_t choice)
struct smbXsrv_connection *xconn = req->xconn;
bool signing_desired = false;
bool signing_required = false;
+ NTSTATUS status;
xconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
@@ -328,7 +341,11 @@ static void reply_nt1(struct smb_request *req, uint16_t choice)
SSVAL(req->outbuf,smb_vwv0,choice);
SCVAL(req->outbuf,smb_vwv1,secword);
- smbXsrv_connection_init_tables(xconn, PROTOCOL_NT1);
+ status = smbXsrv_connection_init_tables(xconn, PROTOCOL_NT1);
+ if (!NT_STATUS_IS_OK(status)) {
+ reply_nterror(req, status);
+ return;
+ }
SSVAL(req->outbuf,smb_vwv1+1, lp_max_mux()); /* maxmpx */
SSVAL(req->outbuf,smb_vwv2+1, 1); /* num vcs */
diff --git a/source3/smbd/notify.c b/source3/smbd/notify.c
index f64185d..add5908 100644
--- a/source3/smbd/notify.c
+++ b/source3/smbd/notify.c
@@ -391,12 +391,21 @@ static void smbd_notify_cancel_by_map(struct notify_mid_map *map)
NTSTATUS notify_status = NT_STATUS_CANCELLED;
if (smb2req != NULL) {
+ NTSTATUS sstatus;
+
if (smb2req->session == NULL) {
- notify_status = STATUS_NOTIFY_CLEANUP;
- } else if (!NT_STATUS_IS_OK(smb2req->session->status)) {
- notify_status = STATUS_NOTIFY_CLEANUP;
+ sstatus = NT_STATUS_USER_SESSION_DELETED;
+ } else {
+ sstatus = smb2req->session->status;
}
- if (smb2req->tcon == NULL) {
+
+ if (NT_STATUS_EQUAL(sstatus, NT_STATUS_NETWORK_SESSION_EXPIRED)) {
+ sstatus = NT_STATUS_OK;
+ }
+
+ if (!NT_STATUS_IS_OK(sstatus)) {
+ notify_status = STATUS_NOTIFY_CLEANUP;
+ } else if (smb2req->tcon == NULL) {
notify_status = STATUS_NOTIFY_CLEANUP;
} else if (!NT_STATUS_IS_OK(smb2req->tcon->status)) {
notify_status = STATUS_NOTIFY_CLEANUP;
diff --git a/source3/smbd/smb2_flush.c b/source3/smbd/smb2_flush.c
index d077c62..51584ca 100644
--- a/source3/smbd/smb2_flush.c
+++ b/source3/smbd/smb2_flush.c
@@ -198,7 +198,7 @@ static void smbd_smb2_flush_done(struct tevent_req *subreq)
ret = SMB_VFS_FSYNC_RECV(subreq, &vfs_aio_state);
TALLOC_FREE(subreq);
if (ret == -1) {
- tevent_req_error(req, vfs_aio_state.error);
+ tevent_req_nterror(req, map_nt_error_from_unix(vfs_aio_state.error));
return;
}
tevent_req_done(req);
diff --git a/source3/smbd/smb2_lock.c b/source3/smbd/smb2_lock.c
index 2fcd359..45b833c 100644
--- a/source3/smbd/smb2_lock.c
+++ b/source3/smbd/smb2_lock.c
@@ -98,6 +98,23 @@ NTSTATUS smbd_smb2_request_process_lock(struct smbd_smb2_request *req)
via c4d44b9 VERSION: Disable GIT_SNAPSHOT for the 4.6.15 release.
via 46be020 WHATSNEW: Add release notes for Samba 4.6.15.
via c90accf torture: Test compound request request counters
via fb602bd s3:smb2_server: correctly maintain request counters for compound requests
via e1c58ec s3: smbd: Unix extensions attempts to change wrong field in fchown call.
via b11b0e0 s3:smbd: map nterror on smb2_flush errorpath
via 24354b0 vfs_glusterfs: Fix the wrong pointer being sent in glfs_fsync_async
via 94d91c9 s3: smbd: Fix possible directory fd leak if the underlying OS doesn't support fdopendir()
via 8f4202e s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error, we don't own it here.
via 0afb85c tests/bind.py: Add a bind test with NTLMSSP with no domain
via 96d9297 s3:cliconnect.c: remove useless ';'
via bb14cec s3:libsmb: allow -U"\administrator" to work
via d71e1a2 Merge tag 'samba-4.6.14' into v4-6-test
via 2d2fb95 VERSION: Bump version up to 4.6.15...
via 85fc0d5 build: fix libceph-common detection
via 903cccc VERSION: Disable GIT_SNAPSHOT for the 4.6.14 release.
via 5cabac8 WHATSNEW: Add release notes for Samba 4.6.14.
via 58c2418 CVE-2018-1057: s4:dsdb/acl: changing dBCSPwd is only allowed with a control
via 03b1513 CVE-2018-1057: s4:dsdb: use DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID
via 96261a0 CVE-2018-1057: s4:dsdb/samdb: define DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID control
via 9e03a09 CVE-2018-1057: s4:dsdb/acl: run password checking only once
via 43863fc CVE-2018-1057: s4/dsdb: correctly detect password resets
via 0c2ef5f CVE-2018-1057: s4:dsdb/acl: add a NULL check for talloc_new() in acl_check_password_rights()
via 2cce162 CVE-2018-1057: s4:dsdb/acl: add check for DSDB_CONTROL_PASSWORD_HASH_VALUES_OID control
via a0e418a CVE-2018-1057: s4:dsdb/acl: check for internal controls before other checks
via 4a8b22c CVE-2018-1057: s4:dsdb/acl: remove unused else branches in acl_check_password_rights()
via ed471f3 CVE-2018-1057: s4:dsdb/acl: only call dsdb_acl_debug() if we checked the acl in acl_check_password_rights()
via a976076 CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for passwordAttr->num_values
via 4b93237 CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for LDB_FLAG_MOD_TYPE
via 1610632 CVE-2018-1057: s4:dsdb/tests: add a test for password change with empty delete
via 5365141 CVE-2018-1050: s3: RPC: spoolss server. Protect against null pointer derefs.
via ae55cfe s3:smbd: Do not crash if we fail to init the session table
via 8fe0589 libsmb: Use smb2 tcon if conn_protocol >= SMB2_02
via 3dadbb3 torture: Add test for channel sequence number handling
via 597aba1 smbXcli: Add "force_channel_sequence"
via 082c08e smbd: Fix channel sequence number checks for long-running requests
via c3bce29 smbd: Remove a "!" from an if-condition for easier readability
via 65992c6 torture4: Fix typos
via dc5dbc6 smbd: Fix a typo
via b726719 s3:smb2_server: allow logoff, close, unlock, cancel and echo on expired sessions
via 7118165 s3:smbd: return the correct error for cancelled SMB2 notifies on expired sessions
via f0e7a7c s4:torture: add smb2.session.expire2 test
via d0c6802 Revert "HEIMDAL:kdc: fix memory leak when decryption AuthorizationData"
via c190c37 Revert "HEIMDAL:kdc: decrypt b->enc_authorization_data in tgs_build_reply()"
via e1a5f80 Revert "HEIMDAL:kdc: if we don't have an authenticator subkey for S4U2Proxy we need to use the additional tickets key"
via 542382a Revert "s4:kdc: fix the principal names in samba_kdc_update_delegation_info_blob"
via fb65808 Revert "HEIMDAL:kdc: let _kdc_encode_reply() use the encryption type based on the server key"
via 4afb9bd Revert "HEIMDAL:hdb: export a hdb_enctype_supported() helper function"
via cb60d1c Revert "s4:kdc: use the strongest possible tgs session key"
via 0cd6906 Revert "TODO s4:kdc: msDS-SupportedEncryptionTypes only on computers"
via 89f27fa Revert "TODO s4:kdc: indicate support for new encryption types by adding empty keys"
via 3a54a04 Revert "HEIMDAL:kdc: use the correct authtime from addtitional ticket for S4U2Proxy tickets"
via 56a40ab samba: Only use async signal-safe functions in signal handler
via 670af37 subnet: Avoid a segfault when renaming subnet objects
via f2e21e6 HEIMDAL:kdc: use the correct authtime from addtitional ticket for S4U2Proxy tickets
via ffda28e TODO s4:kdc: indicate support for new encryption types by adding empty keys
via 075f061 TODO s4:kdc: msDS-SupportedEncryptionTypes only on computers
via 7d0559e s4:kdc: use the strongest possible tgs session key
via 2a7392d HEIMDAL:hdb: export a hdb_enctype_supported() helper function
via 8ac00b0 HEIMDAL:kdc: let _kdc_encode_reply() use the encryption type based on the server key
via 9f3571a s4:kdc: fix the principal names in samba_kdc_update_delegation_info_blob
via 312bf1c HEIMDAL:kdc: if we don't have an authenticator subkey for S4U2Proxy we need to use the additional tickets key
via 3dd52dd HEIMDAL:kdc: decrypt b->enc_authorization_data in tgs_build_reply()
via 9ec1a52 HEIMDAL:kdc: fix memory leak when decryption AuthorizationData
via 2ed8741 VERSION: Bump version up to 4.6.14...
from d64e68a VERSION: Disable GIT_SNAPSHOT for the 4.6.14 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-6-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 81 ++++++-
auth/credentials/tests/bind.py | 26 ++-
libcli/smb/smbXcli_base.c | 15 +-
libcli/smb/smbXcli_base.h | 4 +
python/samba/subnets.py | 33 +++
source3/libads/ldap_utils.c | 9 +
source3/librpc/idl/smbXsrv.idl | 3 +-
source3/libsmb/cliconnect.c | 9 +-
source3/libsmb/clientgen.c | 2 +-
source3/modules/vfs_glusterfs.c | 2 +-
source3/smbd/globals.h | 1 +
source3/smbd/negprot.c | 23 +-
source3/smbd/notify.c | 17 +-
source3/smbd/smb2_flush.c | 2 +-
source3/smbd/smb2_lock.c | 17 ++
source3/smbd/smb2_query_directory.c | 9 +-
source3/smbd/smb2_server.c | 52 ++++-
source3/smbd/trans2.c | 4 +-
source3/wscript | 6 +-
source4/dsdb/samdb/ldb_modules/samldb.c | 8 +-
source4/dsdb/tests/python/sites.py | 45 ++++
source4/libcli/smb2/keepalive.c | 7 +-
source4/smbd/server.c | 4 +-
source4/torture/smb2/compound.c | 77 +++++++
source4/torture/smb2/replay.c | 117 ++++++++++-
source4/torture/smb2/session.c | 362 ++++++++++++++++++++++++++++++++
27 files changed, 884 insertions(+), 53 deletions(-)
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index c516eb7..e657759 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=6
-SAMBA_VERSION_RELEASE=14
+SAMBA_VERSION_RELEASE=15
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index ca1e471..fa673c3 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,79 @@
==============================
+ Release Notes for Samba 4.6.15
+ April 13, 2018
+ ==============================
+
+
+This is the latest stable release of the Samba 4.6 release series.
+
+
+Changes since 4.6.14:
+---------------------
+
+o Jeremy Allison <***@samba.org>
+ * BUG 13244: s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed
+ on error, we don't own it here.
+ * BUG 13270: s3: smbd: Fix possible directory fd leak if the underlying
+ OS doesn't support fdopendir().
+ * BUG 13375: s3: smbd: Unix extensions attempts to change wrong field
+ in fchown call.
+
+o Günther Deschner <***@samba.org>
+ * BUG 13277: build: fix libceph-common detection.
+
+o Poornima G <***@redhat.com>
+ * BUG 13297: vfs_glusterfs: Fix the wrong pointer being sent in
+ glfs_fsync_async.
+
+o Volker Lendecke <***@samba.org>
+ * BUG 13215: Fix smbd panic if the client-supplied channel sequence number
+ wraps.
+ * BUG 13240: samba: Only use async signal-safe functions in signal handler.
+
+o Stefan Metzmacher <***@samba.org>
+ * BUG 13197: SMB2 close/lock/logoff can generate
+ NT_STATUS_NETWORK_SESSION_EXPIRED.
+ * BUG 13206: Fix authentication with an empty string domain ''.
+ * BUG 13215: s3:smb2_server: correctly maintain request counters for
+ compound requests.
+
+o Anton Nefedov
+ * BUG 13338: s3:smbd: Map nterror on smb2_flush errorpath.
+
+o Dan Robertson <***@tripwire.com>
+ * BUG 13310: libsmb: Use smb2 tcon if conn_protocol >= SMB2_02.
+
+o Garming Sam <***@catalyst.net.nz>
+ * BUG 13031: subnet: Avoid a segfault when renaming subnet objects.
+
+o Andreas Schneider <***@samba.org>
+ * BUG 13315: s3:smbd: Do not crash if we fail to init the session table.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+ ==============================
Release Notes for Samba 4.6.14
March 13, 2018
=============================
@@ -36,7 +111,7 @@ o CVE-2018-1057:
https://wiki.samba.org/index.php/CVE-2018-1057
-Changes since 4.6.12:
+Changes since 4.6.13:
---------------------
o Jeremy Allison <***@samba.org>
@@ -71,8 +146,8 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
==============================
Release Notes for Samba 4.6.13
diff --git a/auth/credentials/tests/bind.py b/auth/credentials/tests/bind.py
index 91e493d..4aa4498 100755
--- a/auth/credentials/tests/bind.py
+++ b/auth/credentials/tests/bind.py
@@ -43,6 +43,7 @@ creds_machine = copy.deepcopy(creds)
creds_user1 = copy.deepcopy(creds)
creds_user2 = copy.deepcopy(creds)
creds_user3 = copy.deepcopy(creds)
+creds_user4 = copy.deepcopy(creds)
class BindTests(samba.tests.TestCase):
@@ -64,7 +65,7 @@ class BindTests(samba.tests.TestCase):
self.config_dn = self.info_dc["configurationNamingContext"][0]
self.computer_dn = "CN=centos53,CN=Computers,%s" % self.domain_dn
self.password = "***@ssw0rd"
- self.username = "BindTestUser_" + time.strftime("%s", time.gmtime())
+ self.username = "BindTestUser"
def tearDown(self):
super(BindTests, self).tearDown()
@@ -113,6 +114,7 @@ unicodePwd:: """ + base64.b64encode("\"***@ssw0rd\"".encode('utf-16-le')) + """
expression="(samAccountName=%s)" % self.username)
self.assertEquals(len(ldb_res), 1)
user_dn = ldb_res[0]["dn"]
+ self.addCleanup(delete_force, self.ldb, user_dn)
# do a simple bind and search with the user account in format ***@realm
creds_user1.set_bind_dn(self.username + "@" + creds.get_realm())
@@ -138,5 +140,27 @@ unicodePwd:: """ + base64.b64encode("\"***@ssw0rd\"".encode('utf-16-le')) + """
lp=lp, ldap_only=True)
res = ldb_user3.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
+ def test_user_account_bind_no_domain(self):
+ # create user
+ self.ldb.newuser(username=self.username, password=self.password)
+ ldb_res = self.ldb.search(base=self.domain_dn,
+ scope=SCOPE_SUBTREE,
+ expression="(samAccountName=%s)" % self.username)
+ self.assertEquals(len(ldb_res), 1)
+ user_dn = ldb_res[0]["dn"]
+ self.addCleanup(delete_force, self.ldb, user_dn)
+
+ creds_user4.set_username(self.username)
+ creds_user4.set_password(self.password)
+ creds_user4.set_domain('')
+ creds_user4.set_workstation('')
+ print "BindTest (no domain) with: " + self.username
+ try:
+ ldb_user4 = samba.tests.connect_samdb(host, credentials=creds_user4,
+ lp=lp, ldap_only=True)
+ except:
+ self.fail("Failed to connect without the domain set")
+
+ res = ldb_user4.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
TestProgram(module=__name__, opts=subunitopts)
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index 239e5eb..d1e532d 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -138,6 +138,8 @@ struct smbXcli_conn {
uint8_t io_priority;
+ bool force_channel_sequence;
+
uint8_t preauth_sha512[64];
} smb2;
@@ -532,6 +534,17 @@ const struct GUID *smbXcli_conn_server_guid(struct smbXcli_conn *conn)
return &conn->smb1.server.guid;
}
+bool smbXcli_conn_get_force_channel_sequence(struct smbXcli_conn *conn)
+{
+ return conn->smb2.force_channel_sequence;
+}
+
+void smbXcli_conn_set_force_channel_sequence(struct smbXcli_conn *conn,
+ bool v)
+{
+ conn->smb2.force_channel_sequence = v;
+}
+
struct smbXcli_conn_samba_suicide_state {
struct smbXcli_conn *conn;
struct iovec iov;
@@ -2896,7 +2909,7 @@ struct tevent_req *smb2cli_req_create(TALLOC_CTX *mem_ctx,
uint32_t flags = 0;
uint32_t tid = 0;
uint64_t uid = 0;
- bool use_channel_sequence = false;
+ bool use_channel_sequence = conn->smb2.force_channel_sequence;
uint16_t channel_sequence = 0;
bool use_replay_flag = false;
diff --git a/libcli/smb/smbXcli_base.h b/libcli/smb/smbXcli_base.h
index 2594f07..336b1cb 100644
--- a/libcli/smb/smbXcli_base.h
+++ b/libcli/smb/smbXcli_base.h
@@ -58,6 +58,10 @@ uint16_t smbXcli_conn_max_requests(struct smbXcli_conn *conn);
NTTIME smbXcli_conn_server_system_time(struct smbXcli_conn *conn);
const DATA_BLOB *smbXcli_conn_server_gss_blob(struct smbXcli_conn *conn);
const struct GUID *smbXcli_conn_server_guid(struct smbXcli_conn *conn);
+bool smbXcli_conn_get_force_channel_sequence(struct smbXcli_conn *conn);
+void smbXcli_conn_set_force_channel_sequence(struct smbXcli_conn *conn,
+ bool v);
+
struct tevent_req *smbXcli_conn_samba_suicide_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
diff --git a/python/samba/subnets.py b/python/samba/subnets.py
index e859f06..72eeb0f 100644
--- a/python/samba/subnets.py
+++ b/python/samba/subnets.py
@@ -127,6 +127,39 @@ def delete_subnet(samdb, configDn, subnet_name):
samdb.delete(dnsubnet)
+def rename_subnet(samdb, configDn, subnet_name, new_name):
+ """Rename a subnet.
+
+ :param samdb: A samdb connection
+ :param configDn: The DN of the configuration partition
+ :param subnet_name: Name of the subnet to rename
+ :param new_name: New name for the subnet
+ :return: None
+ :raise SubnetNotFound: if the subnet to be renamed does not exist.
+ :raise SubnetExists: if the subnet to be created already exists.
+ """
+ dnsubnet = ldb.Dn(samdb, "CN=Subnets,CN=Sites")
+ if dnsubnet.add_base(configDn) == False:
+ raise SubnetException("dnsubnet.add_base() failed")
+ if dnsubnet.add_child("CN=X") == False:
+ raise SubnetException("dnsubnet.add_child() failed")
+ dnsubnet.set_component(0, "CN", subnet_name)
+
+ newdnsubnet = ldb.Dn(samdb, str(dnsubnet))
+ newdnsubnet.set_component(0, "CN", new_name)
+ try:
+ samdb.rename(dnsubnet, newdnsubnet)
+ except LdbError as (enum, estr):
+ if enum == ldb.ERR_NO_SUCH_OBJECT:
+ raise SubnetNotFound('Subnet %s does not exist' % subnet)
+ elif enum == ldb.ERR_ENTRY_ALREADY_EXISTS:
+ raise SubnetAlreadyExists('A subnet with the CIDR %s already exists'
+ % new_name)
+ elif enum == ldb.ERR_INVALID_DN_SYNTAX:
+ raise SubnetInvalid("%s is not a valid subnet: %s" % (new_name,
+ estr))
+ else:
+ raise
def set_subnet_site(samdb, configDn, subnet_name, site_name):
"""Assign a subnet to a site.
diff --git a/source3/libads/ldap_utils.c b/source3/libads/ldap_utils.c
index a4adbc0..0c37b06 100644
--- a/source3/libads/ldap_utils.c
+++ b/source3/libads/ldap_utils.c
@@ -105,9 +105,18 @@ static ADS_STATUS ads_do_search_retry_internal(ADS_STRUCT *ads, const char *bind
status = ads_connect(ads);
if (!ADS_ERR_OK(status)) {
+ bool orig_is_mine = ads->is_mine;
+
DEBUG(1,("ads_search_retry: failed to reconnect (%s)\n",
ads_errstr(status)));
+ /*
+ * We need to keep the ads pointer
+ * from being freed here as we don't own it and
+ * callers depend on it being around.
+ */
+ ads->is_mine = false;
ads_destroy(&ads);
+ ads->is_mine = orig_is_mine;
SAFE_FREE(bp);
return status;
}
diff --git a/source3/librpc/idl/smbXsrv.idl b/source3/librpc/idl/smbXsrv.idl
index 1bfa51e..d3f8d30 100644
--- a/source3/librpc/idl/smbXsrv.idl
+++ b/source3/librpc/idl/smbXsrv.idl
@@ -430,7 +430,8 @@ interface smbXsrv
uint32 durable_timeout_msec;
boolean8 durable;
DATA_BLOB backend_cookie;
- hyper channel_sequence;
+ uint16 channel_sequence;
+ hyper channel_generation;
} smbXsrv_open_global0;
typedef union {
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 75bcae4..7f03e8b 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -283,8 +283,9 @@ NTSTATUS cli_session_creds_prepare_krb5(struct cli_state *cli,
auth_requested = cli_credentials_authentication_requested(creds);
if (auth_requested) {
+ errno = 0;
user_principal = cli_credentials_get_principal(creds, frame);
- if (user_principal == NULL) {
+ if (errno != 0) {
TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
@@ -299,6 +300,10 @@ NTSTATUS cli_session_creds_prepare_krb5(struct cli_state *cli,
try_kerberos = true;
}
+ if (user_principal == NULL) {
+ try_kerberos = false;
+ }
+
if (target_hostname == NULL) {
try_kerberos = false;
} else if (is_ipaddress(target_hostname)) {
@@ -1281,7 +1286,7 @@ static struct tevent_req *cli_session_setup_spnego_send(
status = cli_session_creds_prepare_krb5(cli, creds);
if (tevent_req_nterror(req, status)) {
- return tevent_req_post(req, ev);;
+ return tevent_req_post(req, ev);
}
subreq = cli_session_setup_gensec_send(state, ev, cli, creds,
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index e675f95..305f567 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -384,7 +384,7 @@ uint32_t cli_state_set_tid(struct cli_state *cli, uint32_t tid)
uint32_t ret;
if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
ret = smb2cli_tcon_current_id(cli->smb2.tcon);
- smb2cli_tcon_set_id(cli->smb1.tcon, tid);
+ smb2cli_tcon_set_id(cli->smb2.tcon, tid);
} else {
ret = smb1cli_tcon_current_id(cli->smb1.tcon);
smb1cli_tcon_set_id(cli->smb1.tcon, tid);
diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c
index 09e74eb..6200333 100644
--- a/source3/modules/vfs_glusterfs.c
+++ b/source3/modules/vfs_glusterfs.c
@@ -961,7 +961,7 @@ static struct tevent_req *vfs_gluster_fsync_send(struct vfs_handle_struct
PROFILE_TIMESTAMP(&state->start);
ret = glfs_fsync_async(*(glfs_fd_t **)VFS_FETCH_FSP_EXTENSION(handle,
- fsp), aio_glusterfs_done, req);
+ fsp), aio_glusterfs_done, state);
if (ret < 0) {
tevent_req_error(req, -ret);
return tevent_req_post(req, ev);
diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h
index d3b9800..efcf3e9 100644
--- a/source3/smbd/globals.h
+++ b/source3/smbd/globals.h
@@ -733,6 +733,7 @@ struct smbd_smb2_request {
* adapted again in reply.
*/
bool request_counters_updated;
+ uint64_t channel_generation;
/*
* The sub request for async backend calls.
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index 838ff45..96199d3 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -65,6 +65,8 @@ static void reply_lanman1(struct smb_request *req, uint16_t choice)
time_t t = time(NULL);
struct smbXsrv_connection *xconn = req->xconn;
uint16_t raw;
+ NTSTATUS status;
+
if (lp_async_smb_echo_handler()) {
raw = 0;
} else {
@@ -88,7 +90,11 @@ static void reply_lanman1(struct smb_request *req, uint16_t choice)
SSVAL(req->outbuf,smb_vwv11, 8);
}
- smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN1);
+ status = smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN1);
+ if (!NT_STATUS_IS_OK(status)) {
+ reply_nterror(req, status);
+ return;
+ }
/* Reply, SMBlockread, SMBwritelock supported. */
SCVAL(req->outbuf,smb_flg, FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
@@ -115,6 +121,8 @@ static void reply_lanman2(struct smb_request *req, uint16_t choice)
time_t t = time(NULL);
struct smbXsrv_connection *xconn = req->xconn;
uint16_t raw;
+ NTSTATUS status;
+
if (lp_async_smb_echo_handler()) {
raw = 0;
} else {
@@ -140,7 +148,11 @@ static void reply_lanman2(struct smb_request *req, uint16_t choice)
SSVAL(req->outbuf,smb_vwv11, 8);
}
- smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN2);
+ status = smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN2);
+ if (!NT_STATUS_IS_OK(status)) {
+ reply_nterror(req, status);
+ return;
+ }
/* Reply, SMBlockread, SMBwritelock supported. */
SCVAL(req->outbuf,smb_flg,FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
@@ -251,6 +263,7 @@ static void reply_nt1(struct smb_request *req, uint16_t choice)
struct smbXsrv_connection *xconn = req->xconn;
bool signing_desired = false;
bool signing_required = false;
+ NTSTATUS status;
xconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
@@ -328,7 +341,11 @@ static void reply_nt1(struct smb_request *req, uint16_t choice)
SSVAL(req->outbuf,smb_vwv0,choice);
SCVAL(req->outbuf,smb_vwv1,secword);
- smbXsrv_connection_init_tables(xconn, PROTOCOL_NT1);
+ status = smbXsrv_connection_init_tables(xconn, PROTOCOL_NT1);
+ if (!NT_STATUS_IS_OK(status)) {
+ reply_nterror(req, status);
+ return;
+ }
SSVAL(req->outbuf,smb_vwv1+1, lp_max_mux()); /* maxmpx */
SSVAL(req->outbuf,smb_vwv2+1, 1); /* num vcs */
diff --git a/source3/smbd/notify.c b/source3/smbd/notify.c
index f64185d..add5908 100644
--- a/source3/smbd/notify.c
+++ b/source3/smbd/notify.c
@@ -391,12 +391,21 @@ static void smbd_notify_cancel_by_map(struct notify_mid_map *map)
NTSTATUS notify_status = NT_STATUS_CANCELLED;
if (smb2req != NULL) {
+ NTSTATUS sstatus;
+
if (smb2req->session == NULL) {
- notify_status = STATUS_NOTIFY_CLEANUP;
- } else if (!NT_STATUS_IS_OK(smb2req->session->status)) {
- notify_status = STATUS_NOTIFY_CLEANUP;
+ sstatus = NT_STATUS_USER_SESSION_DELETED;
+ } else {
+ sstatus = smb2req->session->status;
}
- if (smb2req->tcon == NULL) {
+
+ if (NT_STATUS_EQUAL(sstatus, NT_STATUS_NETWORK_SESSION_EXPIRED)) {
+ sstatus = NT_STATUS_OK;
+ }
+
+ if (!NT_STATUS_IS_OK(sstatus)) {
+ notify_status = STATUS_NOTIFY_CLEANUP;
+ } else if (smb2req->tcon == NULL) {
notify_status = STATUS_NOTIFY_CLEANUP;
} else if (!NT_STATUS_IS_OK(smb2req->tcon->status)) {
notify_status = STATUS_NOTIFY_CLEANUP;
diff --git a/source3/smbd/smb2_flush.c b/source3/smbd/smb2_flush.c
index d077c62..51584ca 100644
--- a/source3/smbd/smb2_flush.c
+++ b/source3/smbd/smb2_flush.c
@@ -198,7 +198,7 @@ static void smbd_smb2_flush_done(struct tevent_req *subreq)
ret = SMB_VFS_FSYNC_RECV(subreq, &vfs_aio_state);
TALLOC_FREE(subreq);
if (ret == -1) {
- tevent_req_error(req, vfs_aio_state.error);
+ tevent_req_nterror(req, map_nt_error_from_unix(vfs_aio_state.error));
return;
}
tevent_req_done(req);
diff --git a/source3/smbd/smb2_lock.c b/source3/smbd/smb2_lock.c
index 2fcd359..45b833c 100644
--- a/source3/smbd/smb2_lock.c
+++ b/source3/smbd/smb2_lock.c
@@ -98,6 +98,23 @@ NTSTATUS smbd_smb2_request_process_lock(struct smbd_smb2_request *req)
--
Samba Shared Repository
Samba Shared Repository