From 848ca4f68d306440271cfd1c7fdaa12042cc5b9a Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Apr 12 2016 17:32:16 +0000 Subject: import samba-4.2.10-6.el7_2 --- diff --git a/.gitignore b/.gitignore index cc0a52b..c73d00b 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/samba-4.2.3.tar.xz +SOURCES/samba-4.2.10.tar.xz diff --git a/.samba.metadata b/.samba.metadata index e9f61cc..c7c6b4f 100644 --- a/.samba.metadata +++ b/.samba.metadata @@ -1 +1 @@ -a60c3eb82b235415d3bc19c3497261922ff73b8d SOURCES/samba-4.2.3.tar.xz +764564720be36081414c4632710bc0fba6d5b1d0 SOURCES/samba-4.2.10.tar.xz diff --git a/SOURCES/CVE-2015-7560-v4-2.patch b/SOURCES/CVE-2015-7560-v4-2.patch deleted file mode 100644 index 687ee8a..0000000 --- a/SOURCES/CVE-2015-7560-v4-2.patch +++ /dev/null @@ -1,1144 +0,0 @@ -From a91cf9a5648184d39aa87e06d484b3d533aeefdb Mon Sep 17 00:00:00 2001 -From: Jeremy Allison -Date: Tue, 5 Jan 2016 11:18:12 -0800 -Subject: [PATCH 01/12] CVE-2015-7560: s3: smbd: Add refuse_symlink() function - that can be used to prevent operations on a symlink. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 - -Signed-off-by: Jeremy Allison -Reviewed-by: Volker Lendecke ---- - source3/smbd/trans2.c | 28 ++++++++++++++++++++++++++++ - 1 file changed, 28 insertions(+) - -diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c -index 41e1bb1..b9865fd 100644 ---- a/source3/smbd/trans2.c -+++ b/source3/smbd/trans2.c -@@ -54,6 +54,34 @@ static char *store_file_unix_basic_info2(connection_struct *conn, - files_struct *fsp, - const SMB_STRUCT_STAT *psbuf); - -+/**************************************************************************** -+ Check if an open file handle or pathname is a symlink. -+****************************************************************************/ -+ -+static NTSTATUS refuse_symlink(connection_struct *conn, -+ const files_struct *fsp, -+ const char *name) -+{ -+ SMB_STRUCT_STAT sbuf; -+ const SMB_STRUCT_STAT *pst = NULL; -+ -+ if (fsp) { -+ pst = &fsp->fsp_name->st; -+ } else { -+ int ret = vfs_stat_smb_basename(conn, -+ name, -+ &sbuf); -+ if (ret == -1) { -+ return map_nt_error_from_unix(errno); -+ } -+ pst = &sbuf; -+ } -+ if (S_ISLNK(pst->st_ex_mode)) { -+ return NT_STATUS_ACCESS_DENIED; -+ } -+ return NT_STATUS_OK; -+} -+ - /******************************************************************** - The canonical "check access" based on object handle or path function. - ********************************************************************/ --- -1.9.1 - - -From cd950ca41df5076c8622cdf9be0e0db165b992f1 Mon Sep 17 00:00:00 2001 -From: Jeremy Allison -Date: Tue, 5 Jan 2016 10:38:28 -0800 -Subject: [PATCH 02/12] CVE-2015-7560: s3: smbd: Refuse to get an ACL from a - POSIX file handle on a symlink. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 - -Signed-off-by: Jeremy Allison -Reviewed-by: Volker Lendecke ---- - source3/smbd/nttrans.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c -index 4423a44..8113909 100644 ---- a/source3/smbd/nttrans.c -+++ b/source3/smbd/nttrans.c -@@ -1905,6 +1905,13 @@ NTSTATUS smbd_do_query_security_desc(connection_struct *conn, - return NT_STATUS_ACCESS_DENIED; - } - -+ if (S_ISLNK(fsp->fsp_name->st.st_ex_mode)) { -+ DEBUG(10, ("ACL get on symlink %s denied.\n", -+ fsp_str_dbg(fsp))); -+ TALLOC_FREE(frame); -+ return NT_STATUS_ACCESS_DENIED; -+ } -+ - if (security_info_wanted & (SECINFO_DACL|SECINFO_OWNER| - SECINFO_GROUP|SECINFO_SACL)) { - /* Don't return SECINFO_LABEL if anything else was --- -1.9.1 - - -From b95ded07aec97c31c69f49f691d5f90fdee40f92 Mon Sep 17 00:00:00 2001 -From: Jeremy Allison -Date: Tue, 5 Jan 2016 10:52:50 -0800 -Subject: [PATCH 03/12] CVE-2015-7560: s3: smbd: Refuse to set an ACL from a - POSIX file handle on a symlink. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 - -Signed-off-by: Jeremy Allison -Reviewed-by: Volker Lendecke ---- - source3/smbd/nttrans.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c -index 8113909..372d420 100644 ---- a/source3/smbd/nttrans.c -+++ b/source3/smbd/nttrans.c -@@ -875,6 +875,12 @@ NTSTATUS set_sd(files_struct *fsp, struct security_descriptor *psd, - return NT_STATUS_OK; - } - -+ if (S_ISLNK(fsp->fsp_name->st.st_ex_mode)) { -+ DEBUG(10, ("ACL set on symlink %s denied.\n", -+ fsp_str_dbg(fsp))); -+ return NT_STATUS_ACCESS_DENIED; -+ } -+ - if (psd->owner_sid == NULL) { - security_info_sent &= ~SECINFO_OWNER; - } --- -1.9.1 - - -From 35abb608ce57efea1bc197b7d65f9347f9533f23 Mon Sep 17 00:00:00 2001 -From: Jeremy Allison -Date: Tue, 5 Jan 2016 11:22:12 -0800 -Subject: [PATCH 04/12] CVE-2015-7560: s3: smbd: Refuse to set a POSIX ACL on a - symlink. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 - -Signed-off-by: Jeremy Allison -Reviewed-by: Volker Lendecke ---- - source3/smbd/trans2.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c -index b9865fd..a5eeda8 100644 ---- a/source3/smbd/trans2.c -+++ b/source3/smbd/trans2.c -@@ -6745,6 +6745,7 @@ static NTSTATUS smb_set_posix_acl(connection_struct *conn, - uint16 num_def_acls; - bool valid_file_acls = True; - bool valid_def_acls = True; -+ NTSTATUS status; - - if (total_data < SMB_POSIX_ACL_HEADER_SIZE) { - return NT_STATUS_INVALID_PARAMETER; -@@ -6772,6 +6773,11 @@ static NTSTATUS smb_set_posix_acl(connection_struct *conn, - return NT_STATUS_INVALID_PARAMETER; - } - -+ status = refuse_symlink(conn, fsp, smb_fname->base_name); -+ if (!NT_STATUS_IS_OK(status)) { -+ return status; -+ } -+ - DEBUG(10,("smb_set_posix_acl: file %s num_file_acls = %u, num_def_acls = %u\n", - smb_fname ? smb_fname_str_dbg(smb_fname) : fsp_str_dbg(fsp), - (unsigned int)num_file_acls, --- -1.9.1 - - -From 95c3bf9102440cf299312acc0d0a89afebf0474e Mon Sep 17 00:00:00 2001 -From: Jeremy Allison -Date: Tue, 5 Jan 2016 11:24:36 -0800 -Subject: [PATCH 05/12] CVE-2015-7560: s3: smbd: Refuse to get a POSIX ACL on a - symlink. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 - -Signed-off-by: Jeremy Allison -Reviewed-by: Volker Lendecke ---- - source3/smbd/trans2.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c -index a5eeda8..8ea49f1e 100644 ---- a/source3/smbd/trans2.c -+++ b/source3/smbd/trans2.c -@@ -5248,6 +5248,13 @@ NTSTATUS smbd_do_qfilepathinfo(connection_struct *conn, - uint16 num_file_acls = 0; - uint16 num_def_acls = 0; - -+ status = refuse_symlink(conn, -+ fsp, -+ smb_fname->base_name); -+ if (!NT_STATUS_IS_OK(status)) { -+ return status; -+ } -+ - if (fsp && fsp->fh->fd != -1) { - file_acl = SMB_VFS_SYS_ACL_GET_FD(fsp, - talloc_tos()); --- -1.9.1 - - -From c7ea0914d3b4a3deaf31a742c6edf4c6e7a91939 Mon Sep 17 00:00:00 2001 -From: Jeremy Allison -Date: Tue, 5 Jan 2016 11:05:48 -0800 -Subject: [PATCH 06/12] CVE-2015-7560: s3: smbd: Set return values early, - allows removal of code duplication. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 - -Signed-off-by: Jeremy Allison -Reviewed-by: Volker Lendecke ---- - source3/smbd/trans2.c | 13 +++++-------- - 1 file changed, 5 insertions(+), 8 deletions(-) - -diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c -index 8ea49f1e..35a0ba2 100644 ---- a/source3/smbd/trans2.c -+++ b/source3/smbd/trans2.c -@@ -238,11 +238,12 @@ NTSTATUS get_ea_names_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn, - size_t num_names; - ssize_t sizeret = -1; - -+ if (pnames) { -+ *pnames = NULL; -+ } -+ *pnum_names = 0; -+ - if (!lp_ea_support(SNUM(conn))) { -- if (pnames) { -- *pnames = NULL; -- } -- *pnum_names = 0; - return NT_STATUS_OK; - } - -@@ -292,10 +293,6 @@ NTSTATUS get_ea_names_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn, - - if (sizeret == 0) { - TALLOC_FREE(names); -- if (pnames) { -- *pnames = NULL; -- } -- *pnum_names = 0; - return NT_STATUS_OK; - } - --- -1.9.1 - - -From 142a3050ec9875501b4f5693792d133bc5c3331a Mon Sep 17 00:00:00 2001 -From: Jeremy Allison -Date: Tue, 5 Jan 2016 11:29:38 -0800 -Subject: [PATCH 07/12] CVE-2015-7560: s3: smbd: Silently return no EA's - available on a symlink. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 - -Signed-off-by: Jeremy Allison -Reviewed-by: Volker Lendecke ---- - source3/smbd/trans2.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c -index 35a0ba2..29e28bd 100644 ---- a/source3/smbd/trans2.c -+++ b/source3/smbd/trans2.c -@@ -237,6 +237,7 @@ NTSTATUS get_ea_names_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn, - char **names, **tmp; - size_t num_names; - ssize_t sizeret = -1; -+ NTSTATUS status; - - if (pnames) { - *pnames = NULL; -@@ -247,6 +248,14 @@ NTSTATUS get_ea_names_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn, - return NT_STATUS_OK; - } - -+ status = refuse_symlink(conn, fsp, fname); -+ if (!NT_STATUS_IS_OK(status)) { -+ /* -+ * Just return no EA's on a symlink. -+ */ -+ return NT_STATUS_OK; -+ } -+ - /* - * TALLOC the result early to get the talloc hierarchy right. - */ --- -1.9.1 - - -From 08cf63d886b2f59f94a749089b73599330cee0e7 Mon Sep 17 00:00:00 2001 -From: Jeremy Allison -Date: Tue, 5 Jan 2016 11:33:48 -0800 -Subject: [PATCH 08/12] CVE-2015-7560: s3: smbd: Refuse to set EA's on a - symlink. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 - -Signed-off-by: Jeremy Allison -Reviewed-by: Volker Lendecke ---- - source3/smbd/trans2.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c -index 29e28bd..aaaa5f4 100644 ---- a/source3/smbd/trans2.c -+++ b/source3/smbd/trans2.c -@@ -659,6 +659,11 @@ NTSTATUS set_ea(connection_struct *conn, files_struct *fsp, - return NT_STATUS_EAS_NOT_SUPPORTED; - } - -+ status = refuse_symlink(conn, fsp, smb_fname->base_name); -+ if (!NT_STATUS_IS_OK(status)) { -+ return status; -+ } -+ - status = check_access(conn, fsp, smb_fname, FILE_WRITE_EA); - if (!NT_STATUS_IS_OK(status)) { - return status; --- -1.9.1 - - -From 259fec336cee663044d7e107a3dfce6264f20e84 Mon Sep 17 00:00:00 2001 -From: Jeremy Allison -Date: Wed, 6 Jan 2016 17:17:24 -0800 -Subject: [PATCH 09/12] CVE-2015-7560: s3: libsmb: Rename cli_posix_getfaclXX() - functions to cli_posix_getacl() as they operate on pathnames. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 - -Signed-off-by: Jeremy Allison -Reviewed-by: Volker Lendecke ---- - source3/client/client.c | 2 +- - source3/libsmb/clifile.c | 30 +++++++++++++++--------------- - source3/libsmb/proto.h | 6 +++--- - 3 files changed, 19 insertions(+), 19 deletions(-) - -diff --git a/source3/client/client.c b/source3/client/client.c -index 67cc359..a8e5338 100644 ---- a/source3/client/client.c -+++ b/source3/client/client.c -@@ -3376,7 +3376,7 @@ static int cmd_getfacl(void) - return 1; - } - -- status = cli_posix_getfacl(targetcli, targetname, ctx, &rb_size, &retbuf); -+ status = cli_posix_getacl(targetcli, targetname, ctx, &rb_size, &retbuf); - if (!NT_STATUS_IS_OK(status)) { - d_printf("%s getfacl file %s\n", - nt_errstr(status), src); -diff --git a/source3/libsmb/clifile.c b/source3/libsmb/clifile.c -index 61cb8b5..ff646e4 100644 ---- a/source3/libsmb/clifile.c -+++ b/source3/libsmb/clifile.c -@@ -590,25 +590,25 @@ NTSTATUS cli_posix_hardlink(struct cli_state *cli, - } - - /**************************************************************************** -- Do a POSIX getfacl (UNIX extensions). -+ Do a POSIX getacl - pathname based ACL get (UNIX extensions). - ****************************************************************************/ - --struct getfacl_state { -+struct getacl_state { - uint32_t num_data; - uint8_t *data; - }; - --static void cli_posix_getfacl_done(struct tevent_req *subreq); -+static void cli_posix_getacl_done(struct tevent_req *subreq); - --struct tevent_req *cli_posix_getfacl_send(TALLOC_CTX *mem_ctx, -+struct tevent_req *cli_posix_getacl_send(TALLOC_CTX *mem_ctx, - struct tevent_context *ev, - struct cli_state *cli, - const char *fname) - { - struct tevent_req *req = NULL, *subreq = NULL; -- struct getfacl_state *state = NULL; -+ struct getacl_state *state = NULL; - -- req = tevent_req_create(mem_ctx, &state, struct getfacl_state); -+ req = tevent_req_create(mem_ctx, &state, struct getacl_state); - if (req == NULL) { - return NULL; - } -@@ -617,16 +617,16 @@ struct tevent_req *cli_posix_getfacl_send(TALLOC_CTX *mem_ctx, - if (tevent_req_nomem(subreq, req)) { - return tevent_req_post(req, ev); - } -- tevent_req_set_callback(subreq, cli_posix_getfacl_done, req); -+ tevent_req_set_callback(subreq, cli_posix_getacl_done, req); - return req; - } - --static void cli_posix_getfacl_done(struct tevent_req *subreq) -+static void cli_posix_getacl_done(struct tevent_req *subreq) - { - struct tevent_req *req = tevent_req_callback_data( - subreq, struct tevent_req); -- struct getfacl_state *state = tevent_req_data( -- req, struct getfacl_state); -+ struct getacl_state *state = tevent_req_data( -+ req, struct getacl_state); - NTSTATUS status; - - status = cli_qpathinfo_recv(subreq, state, &state->data, -@@ -638,12 +638,12 @@ static void cli_posix_getfacl_done(struct tevent_req *subreq) - tevent_req_done(req); - } - --NTSTATUS cli_posix_getfacl_recv(struct tevent_req *req, -+NTSTATUS cli_posix_getacl_recv(struct tevent_req *req, - TALLOC_CTX *mem_ctx, - size_t *prb_size, - char **retbuf) - { -- struct getfacl_state *state = tevent_req_data(req, struct getfacl_state); -+ struct getacl_state *state = tevent_req_data(req, struct getacl_state); - NTSTATUS status; - - if (tevent_req_is_nterror(req, &status)) { -@@ -654,7 +654,7 @@ NTSTATUS cli_posix_getfacl_recv(struct tevent_req *req, - return NT_STATUS_OK; - } - --NTSTATUS cli_posix_getfacl(struct cli_state *cli, -+NTSTATUS cli_posix_getacl(struct cli_state *cli, - const char *fname, - TALLOC_CTX *mem_ctx, - size_t *prb_size, -@@ -679,7 +679,7 @@ NTSTATUS cli_posix_getfacl(struct cli_state *cli, - goto fail; - } - -- req = cli_posix_getfacl_send(frame, -+ req = cli_posix_getacl_send(frame, - ev, - cli, - fname); -@@ -693,7 +693,7 @@ NTSTATUS cli_posix_getfacl(struct cli_state *cli, - goto fail; - } - -- status = cli_posix_getfacl_recv(req, mem_ctx, prb_size, retbuf); -+ status = cli_posix_getacl_recv(req, mem_ctx, prb_size, retbuf); - - fail: - TALLOC_FREE(frame); -diff --git a/source3/libsmb/proto.h b/source3/libsmb/proto.h -index 2efb208..f5f35e0 100644 ---- a/source3/libsmb/proto.h -+++ b/source3/libsmb/proto.h -@@ -256,15 +256,15 @@ NTSTATUS cli_posix_hardlink(struct cli_state *cli, - const char *newname); - uint32_t unix_perms_to_wire(mode_t perms); - mode_t wire_perms_to_unix(uint32_t perms); --struct tevent_req *cli_posix_getfacl_send(TALLOC_CTX *mem_ctx, -+struct tevent_req *cli_posix_getacl_send(TALLOC_CTX *mem_ctx, - struct tevent_context *ev, - struct cli_state *cli, - const char *fname); --NTSTATUS cli_posix_getfacl_recv(struct tevent_req *req, -+NTSTATUS cli_posix_getacl_recv(struct tevent_req *req, - TALLOC_CTX *mem_ctx, - size_t *prb_size, - char **retbuf); --NTSTATUS cli_posix_getfacl(struct cli_state *cli, -+NTSTATUS cli_posix_getacl(struct cli_state *cli, - const char *fname, - TALLOC_CTX *mem_ctx, - size_t *prb_size, --- -1.9.1 - - -From d9054880d4bdbcb05c677e494906a26d62afa3a1 Mon Sep 17 00:00:00 2001 -From: Jeremy Allison -Date: Wed, 6 Jan 2016 17:02:52 -0800 -Subject: [PATCH 10/12] CVE-2015-7560: s3: libsmb: Add SMB1-only POSIX - cli_posix_setacl() functions. Needed for tests. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 - -Signed-off-by: Jeremy Allison -Reviewed-by: Volker Lendecke ---- - source3/libsmb/clifile.c | 100 +++++++++++++++++++++++++++++++++++++++++++++++ - source3/libsmb/proto.h | 11 ++++++ - 2 files changed, 111 insertions(+) - -diff --git a/source3/libsmb/clifile.c b/source3/libsmb/clifile.c -index ff646e4..e4480c6 100644 ---- a/source3/libsmb/clifile.c -+++ b/source3/libsmb/clifile.c -@@ -701,6 +701,106 @@ NTSTATUS cli_posix_getacl(struct cli_state *cli, - } - - /**************************************************************************** -+ Do a POSIX setacl - pathname based ACL set (UNIX extensions). -+****************************************************************************/ -+ -+struct setacl_state { -+ uint8_t *data; -+}; -+ -+static void cli_posix_setacl_done(struct tevent_req *subreq); -+ -+struct tevent_req *cli_posix_setacl_send(TALLOC_CTX *mem_ctx, -+ struct tevent_context *ev, -+ struct cli_state *cli, -+ const char *fname, -+ const void *data, -+ size_t num_data) -+{ -+ struct tevent_req *req = NULL, *subreq = NULL; -+ struct setacl_state *state = NULL; -+ -+ req = tevent_req_create(mem_ctx, &state, struct setacl_state); -+ if (req == NULL) { -+ return NULL; -+ } -+ state->data = talloc_memdup(state, data, num_data); -+ if (tevent_req_nomem(state->data, req)) { -+ return tevent_req_post(req, ev); -+ } -+ -+ subreq = cli_setpathinfo_send(state, -+ ev, -+ cli, -+ SMB_SET_POSIX_ACL, -+ fname, -+ state->data, -+ num_data); -+ if (tevent_req_nomem(subreq, req)) { -+ return tevent_req_post(req, ev); -+ } -+ tevent_req_set_callback(subreq, cli_posix_setacl_done, req); -+ return req; -+} -+ -+static void cli_posix_setacl_done(struct tevent_req *subreq) -+{ -+ NTSTATUS status = cli_setpathinfo_recv(subreq); -+ tevent_req_simple_finish_ntstatus(subreq, status); -+} -+ -+NTSTATUS cli_posix_setacl_recv(struct tevent_req *req) -+{ -+ return tevent_req_simple_recv_ntstatus(req); -+} -+ -+NTSTATUS cli_posix_setacl(struct cli_state *cli, -+ const char *fname, -+ const void *acl_buf, -+ size_t acl_buf_size) -+{ -+ TALLOC_CTX *frame = talloc_stackframe(); -+ struct tevent_context *ev = NULL; -+ struct tevent_req *req = NULL; -+ NTSTATUS status = NT_STATUS_OK; -+ -+ if (smbXcli_conn_has_async_calls(cli->conn)) { -+ /* -+ * Can't use sync call while an async call is in flight -+ */ -+ status = NT_STATUS_INVALID_PARAMETER; -+ goto fail; -+ } -+ -+ ev = samba_tevent_context_init(frame); -+ if (ev == NULL) { -+ status = NT_STATUS_NO_MEMORY; -+ goto fail; -+ } -+ -+ req = cli_posix_setacl_send(frame, -+ ev, -+ cli, -+ fname, -+ acl_buf, -+ acl_buf_size); -+ if (req == NULL) { -+ status = NT_STATUS_NO_MEMORY; -+ goto fail; -+ } -+ -+ if (!tevent_req_poll_ntstatus(req, ev, &status)) { -+ goto fail; -+ } -+ -+ status = cli_posix_setacl_recv(req); -+ -+ fail: -+ TALLOC_FREE(frame); -+ return status; -+} -+ -+/**************************************************************************** - Stat a file (UNIX extensions). - ****************************************************************************/ - -diff --git a/source3/libsmb/proto.h b/source3/libsmb/proto.h -index f5f35e0..08dda96 100644 ---- a/source3/libsmb/proto.h -+++ b/source3/libsmb/proto.h -@@ -269,6 +269,17 @@ NTSTATUS cli_posix_getacl(struct cli_state *cli, - TALLOC_CTX *mem_ctx, - size_t *prb_size, - char **retbuf); -+struct tevent_req *cli_posix_setacl_send(TALLOC_CTX *mem_ctx, -+ struct tevent_context *ev, -+ struct cli_state *cli, -+ const char *fname, -+ const void *acl_buf, -+ size_t acl_buf_size); -+NTSTATUS cli_posix_setacl_recv(struct tevent_req *req); -+NTSTATUS cli_posix_setacl(struct cli_state *cli, -+ const char *fname, -+ const void *acl_buf, -+ size_t acl_buf_size); - struct tevent_req *cli_posix_stat_send(TALLOC_CTX *mem_ctx, - struct tevent_context *ev, - struct cli_state *cli, --- -1.9.1 - - -From 5de774189a4e7be050c67d06f450a498d90d4368 Mon Sep 17 00:00:00 2001 -From: Jeremy Allison -Date: Thu, 7 Jan 2016 12:58:34 -0800 -Subject: [PATCH 11/12] CVE-2015-7560: s3: torture3: Add new POSIX-SYMLINK-ACL - test. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 - -Signed-off-by: Jeremy Allison -Reviewed-by: Volker Lendecke ---- - selftest/knownfail | 1 + - source3/selftest/tests.py | 2 +- - source3/torture/torture.c | 198 ++++++++++++++++++++++++++++++++++++++++++++++ - 3 files changed, 200 insertions(+), 1 deletion(-) - -diff --git a/selftest/knownfail b/selftest/knownfail -index fd41263..6696ba3 100644 ---- a/selftest/knownfail -+++ b/selftest/knownfail -@@ -16,6 +16,7 @@ - ^samba3.smbtorture_s3.plain\(dc\).UID-REGRESSION-TEST # Fails against the s4 ntvfs server - ^samba3.smbtorture_s3.plain\(dc\).SHORTNAME-TEST # Fails against the s4 ntvfs server - ^samba3.smbtorture_s3.plain\(dc\).POSIX-APPEND # Fails against the s4 ntvfs server -+^samba3.smbtorture_s3.plain\(ad_dc_ntvfs\).POSIX-SYMLINK-ACL # Fails against the s4 ntvfs server - ^samba3.smbtorture_s3.plain\(dc\).NTTRANS-FSCTL # Fails against the s4 ntvfs server - ^samba3.smbtorture_s3.plain\(dc\).SMB2-NEGPROT # Fails against the s4 ntvfs server - ^samba3.smbtorture_s3.plain\(dc\).BAD-NBT-SESSION # Fails against the s4 ntvfs server -diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py -index 7279927..e66ddbc 100755 ---- a/source3/selftest/tests.py -+++ b/source3/selftest/tests.py -@@ -78,7 +78,7 @@ tests = ["RW1", "RW2", "RW3"] - for t in tests: - plantestsuite("samba3.smbtorture_s3.vfs_aio_fork(simpleserver).%s" % t, "simpleserver", [os.path.join(samba3srcdir, "script/tests/test_smbtorture_s3.sh"), t, '//$SERVER_IP/vfs_aio_fork', '$USERNAME', '$PASSWORD', smbtorture3, "", "-l $LOCAL_PATH"]) - --posix_tests = ["POSIX", "POSIX-APPEND"] -+posix_tests = ["POSIX", "POSIX-APPEND", "POSIX-SYMLINK-ACL"] - - for t in posix_tests: - plantestsuite("samba3.smbtorture_s3.plain(s3dc).%s" % t, "s3dc", [os.path.join(samba3srcdir, "script/tests/test_smbtorture_s3.sh"), t, '//$SERVER_IP/posix_share', '$USERNAME', '$PASSWORD', smbtorture3, "", "-l $LOCAL_PATH"]) -diff --git a/source3/torture/torture.c b/source3/torture/torture.c -index 0b37e5c..6c0ab17 100644 ---- a/source3/torture/torture.c -+++ b/source3/torture/torture.c -@@ -5820,6 +5820,203 @@ static bool run_simple_posix_open_test(int dummy) - return correct; - } - -+/* -+ Test POSIX and Windows ACLs are rejected on symlinks. -+ */ -+static bool run_acl_symlink_test(int dummy) -+{ -+ static struct cli_state *cli; -+ const char *fname = "posix_file"; -+ const char *sname = "posix_symlink"; -+ uint16_t fnum = (uint16_t)-1; -+ bool correct = false; -+ NTSTATUS status; -+ char *posix_acl = NULL; -+ size_t posix_acl_len = 0; -+ char *posix_acl_sym = NULL; -+ size_t posix_acl_len_sym = 0; -+ struct security_descriptor *sd = NULL; -+ struct security_descriptor *sd_sym = NULL; -+ TALLOC_CTX *frame = NULL; -+ -+ frame = talloc_stackframe(); -+ -+ printf("Starting acl symlink test\n"); -+ -+ if (!torture_open_connection(&cli, 0)) { -+ TALLOC_FREE(frame); -+ return false; -+ } -+ -+ smbXcli_conn_set_sockopt(cli->conn, sockops); -+ -+ status = torture_setup_unix_extensions(cli); -+ if (!NT_STATUS_IS_OK(status)) { -+ TALLOC_FREE(frame); -+ return false; -+ } -+ -+ cli_setatr(cli, fname, 0, 0); -+ cli_posix_unlink(cli, fname); -+ cli_setatr(cli, sname, 0, 0); -+ cli_posix_unlink(cli, sname); -+ -+ status = cli_ntcreate(cli, -+ fname, -+ 0, -+ READ_CONTROL_ACCESS, -+ 0, -+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, -+ FILE_CREATE, -+ 0x0, -+ 0x0, -+ &fnum, -+ NULL); -+ -+ if (!NT_STATUS_IS_OK(status)) { -+ printf("cli_ntcreate of %s failed (%s)\n", -+ fname, -+ nt_errstr(status)); -+ goto out; -+ } -+ -+ /* Get the Windows ACL on the file. */ -+ status = cli_query_secdesc(cli, -+ fnum, -+ frame, -+ &sd); -+ if (!NT_STATUS_IS_OK(status)) { -+ printf("cli_query_secdesc failed (%s)\n", -+ nt_errstr(status)); -+ goto out; -+ } -+ -+ /* Get the POSIX ACL on the file. */ -+ status = cli_posix_getacl(cli, -+ fname, -+ frame, -+ &posix_acl_len, -+ &posix_acl); -+ -+ if (!NT_STATUS_IS_OK(status)) { -+ printf("cli_posix_getacl failed (%s)\n", -+ nt_errstr(status)); -+ goto out; -+ } -+ -+ status = cli_close(cli, fnum); -+ if (!NT_STATUS_IS_OK(status)) { -+ printf("close failed (%s)\n", nt_errstr(status)); -+ goto out; -+ } -+ fnum = (uint16_t)-1; -+ -+ /* Now create a symlink. */ -+ status = cli_posix_symlink(cli, fname, sname); -+ if (!NT_STATUS_IS_OK(status)) { -+ printf("cli_posix_symlink of %s -> %s failed (%s)\n", -+ sname, -+ fname, -+ nt_errstr(status)); -+ goto out; -+ } -+ -+ /* Open a handle on the symlink. */ -+ status = cli_ntcreate(cli, -+ sname, -+ 0, -+ READ_CONTROL_ACCESS|SEC_STD_WRITE_DAC, -+ 0, -+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, -+ FILE_OPEN, -+ 0x0, -+ 0x0, -+ &fnum, -+ NULL); -+ -+ if (!NT_STATUS_IS_OK(status)) { -+ printf("cli_posix_open of %s failed (%s)\n", -+ sname, -+ nt_errstr(status)); -+ goto out; -+ } -+ -+ /* Get the Windows ACL on the symlink handle. Should fail */ -+ status = cli_query_secdesc(cli, -+ fnum, -+ frame, -+ &sd_sym); -+ -+ if (!NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { -+ printf("cli_query_secdesc on a symlink gave %s. " -+ "Should be NT_STATUS_ACCESS_DENIED.\n", -+ nt_errstr(status)); -+ goto out; -+ } -+ -+ /* Get the POSIX ACL on the symlink pathname. Should fail. */ -+ status = cli_posix_getacl(cli, -+ sname, -+ frame, -+ &posix_acl_len_sym, -+ &posix_acl_sym); -+ -+ if (!NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { -+ printf("cli_posix_getacl on a symlink gave %s. " -+ "Should be NT_STATUS_ACCESS_DENIED.\n", -+ nt_errstr(status)); -+ goto out; -+ } -+ -+ /* Set the Windows ACL on the symlink handle. Should fail */ -+ status = cli_set_security_descriptor(cli, -+ fnum, -+ SECINFO_DACL, -+ sd); -+ -+ if (!NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { -+ printf("cli_query_secdesc on a symlink gave %s. " -+ "Should be NT_STATUS_ACCESS_DENIED.\n", -+ nt_errstr(status)); -+ goto out; -+ } -+ -+ /* Set the POSIX ACL on the symlink pathname. Should fail. */ -+ status = cli_posix_setacl(cli, -+ sname, -+ posix_acl, -+ posix_acl_len); -+ -+ if (!NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { -+ printf("cli_posix_getacl on a symlink gave %s. " -+ "Should be NT_STATUS_ACCESS_DENIED.\n", -+ nt_errstr(status)); -+ goto out; -+ } -+ -+ printf("ACL symlink test passed\n"); -+ correct = true; -+ -+ out: -+ -+ if (fnum != (uint16_t)-1) { -+ cli_close(cli, fnum); -+ fnum = (uint16_t)-1; -+ } -+ -+ cli_setatr(cli, sname, 0, 0); -+ cli_posix_unlink(cli, sname); -+ cli_setatr(cli, fname, 0, 0); -+ cli_posix_unlink(cli, fname); -+ -+ if (!torture_close_connection(cli)) { -+ correct = false; -+ } -+ -+ TALLOC_FREE(frame); -+ return correct; -+} -+ - - static uint32 open_attrs_table[] = { - FILE_ATTRIBUTE_NORMAL, -@@ -9647,6 +9844,7 @@ static struct { - {"OPEN", run_opentest, 0}, - {"POSIX", run_simple_posix_open_test, 0}, - {"POSIX-APPEND", run_posix_append, 0}, -+ {"POSIX-SYMLINK-ACL", run_acl_symlink_test, 0}, - {"CASE-INSENSITIVE-CREATE", run_case_insensitive_create, 0}, - {"ASYNC-ECHO", run_async_echo, 0}, - { "UID-REGRESSION-TEST", run_uid_regression_test, 0}, --- -1.9.1 - - -From 6149e7297d9279df3b535e72eabbede7bd235925 Mon Sep 17 00:00:00 2001 -From: Jeremy Allison -Date: Thu, 7 Jan 2016 14:26:35 -0800 -Subject: [PATCH 12/12] CVE-2015-7560: s3: torture3: Add new POSIX-SYMLINK-EA - test. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 - -Signed-off-by: Jeremy Allison -Reviewed-by: Volker Lendecke ---- - selftest/knownfail | 1 + - source3/selftest/tests.py | 2 +- - source3/torture/torture.c | 179 ++++++++++++++++++++++++++++++++++++++++++++++ - 3 files changed, 181 insertions(+), 1 deletion(-) - -diff --git a/selftest/knownfail b/selftest/knownfail -index 6696ba3..c919a6a 100644 ---- a/selftest/knownfail -+++ b/selftest/knownfail -@@ -17,6 +17,7 @@ - ^samba3.smbtorture_s3.plain\(dc\).SHORTNAME-TEST # Fails against the s4 ntvfs server - ^samba3.smbtorture_s3.plain\(dc\).POSIX-APPEND # Fails against the s4 ntvfs server - ^samba3.smbtorture_s3.plain\(ad_dc_ntvfs\).POSIX-SYMLINK-ACL # Fails against the s4 ntvfs server -+^samba3.smbtorture_s3.plain\(ad_dc_ntvfs\).POSIX-SYMLINK-EA # Fails against the s4 ntvfs server - ^samba3.smbtorture_s3.plain\(dc\).NTTRANS-FSCTL # Fails against the s4 ntvfs server - ^samba3.smbtorture_s3.plain\(dc\).SMB2-NEGPROT # Fails against the s4 ntvfs server - ^samba3.smbtorture_s3.plain\(dc\).BAD-NBT-SESSION # Fails against the s4 ntvfs server -diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py -index e66ddbc..830753c 100755 ---- a/source3/selftest/tests.py -+++ b/source3/selftest/tests.py -@@ -78,7 +78,7 @@ tests = ["RW1", "RW2", "RW3"] - for t in tests: - plantestsuite("samba3.smbtorture_s3.vfs_aio_fork(simpleserver).%s" % t, "simpleserver", [os.path.join(samba3srcdir, "script/tests/test_smbtorture_s3.sh"), t, '//$SERVER_IP/vfs_aio_fork', '$USERNAME', '$PASSWORD', smbtorture3, "", "-l $LOCAL_PATH"]) - --posix_tests = ["POSIX", "POSIX-APPEND", "POSIX-SYMLINK-ACL"] -+posix_tests = ["POSIX", "POSIX-APPEND", "POSIX-SYMLINK-ACL", "POSIX-SYMLINK-EA"] - - for t in posix_tests: - plantestsuite("samba3.smbtorture_s3.plain(s3dc).%s" % t, "s3dc", [os.path.join(samba3srcdir, "script/tests/test_smbtorture_s3.sh"), t, '//$SERVER_IP/posix_share', '$USERNAME', '$PASSWORD', smbtorture3, "", "-l $LOCAL_PATH"]) -diff --git a/source3/torture/torture.c b/source3/torture/torture.c -index 6c0ab17..34c1a37 100644 ---- a/source3/torture/torture.c -+++ b/source3/torture/torture.c -@@ -6017,6 +6017,183 @@ static bool run_acl_symlink_test(int dummy) - return correct; - } - -+/* -+ Test setting EA's are rejected on symlinks. -+ */ -+static bool run_ea_symlink_test(int dummy) -+{ -+ static struct cli_state *cli; -+ const char *fname = "posix_file_ea"; -+ const char *sname = "posix_symlink_ea"; -+ const char *ea_name = "testea_name"; -+ const char *ea_value = "testea_value"; -+ uint16_t fnum = (uint16_t)-1; -+ bool correct = false; -+ NTSTATUS status; -+ size_t i, num_eas; -+ struct ea_struct *eas = NULL; -+ TALLOC_CTX *frame = NULL; -+ -+ frame = talloc_stackframe(); -+ -+ printf("Starting EA symlink test\n"); -+ -+ if (!torture_open_connection(&cli, 0)) { -+ TALLOC_FREE(frame); -+ return false; -+ } -+ -+ smbXcli_conn_set_sockopt(cli->conn, sockops); -+ -+ status = torture_setup_unix_extensions(cli); -+ if (!NT_STATUS_IS_OK(status)) { -+ TALLOC_FREE(frame); -+ return false; -+ } -+ -+ cli_setatr(cli, fname, 0, 0); -+ cli_posix_unlink(cli, fname); -+ cli_setatr(cli, sname, 0, 0); -+ cli_posix_unlink(cli, sname); -+ -+ status = cli_ntcreate(cli, -+ fname, -+ 0, -+ READ_CONTROL_ACCESS, -+ 0, -+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, -+ FILE_CREATE, -+ 0x0, -+ 0x0, -+ &fnum, -+ NULL); -+ -+ if (!NT_STATUS_IS_OK(status)) { -+ printf("cli_ntcreate of %s failed (%s)\n", -+ fname, -+ nt_errstr(status)); -+ goto out; -+ } -+ -+ status = cli_close(cli, fnum); -+ if (!NT_STATUS_IS_OK(status)) { -+ printf("close failed (%s)\n", -+ nt_errstr(status)); -+ goto out; -+ } -+ fnum = (uint16_t)-1; -+ -+ /* Set an EA on the path. */ -+ status = cli_set_ea_path(cli, -+ fname, -+ ea_name, -+ ea_value, -+ strlen(ea_value)+1); -+ -+ if (!NT_STATUS_IS_OK(status)) { -+ printf("cli_set_ea_path failed (%s)\n", -+ nt_errstr(status)); -+ goto out; -+ } -+ -+ /* Now create a symlink. */ -+ status = cli_posix_symlink(cli, fname, sname); -+ if (!NT_STATUS_IS_OK(status)) { -+ printf("cli_posix_symlink of %s -> %s failed (%s)\n", -+ sname, -+ fname, -+ nt_errstr(status)); -+ goto out; -+ } -+ -+ /* Get the EA list on the path. Should return value set. */ -+ status = cli_get_ea_list_path(cli, -+ fname, -+ frame, -+ &num_eas, -+ &eas); -+ -+ if (!NT_STATUS_IS_OK(status)) { -+ printf("cli_get_ea_list_path failed (%s)\n", -+ nt_errstr(status)); -+ goto out; -+ } -+ -+ /* Ensure the EA we set is there. */ -+ for (i=0; i -Date: Thu, 7 May 2015 14:12:03 +0000 -Subject: [PATCH] auth/credentials: if credentials have principal set, they are - not anonymous anymore - -When dealing with Kerberos, we cannot consider credentials anonymous -if credentials were obtained properly. - -Signed-off: Alexander Bokovoy ---- - auth/credentials/credentials.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c -index 78b5955..b1ccc5a 100644 ---- a/auth/credentials/credentials.c -+++ b/auth/credentials/credentials.c -@@ -921,6 +921,13 @@ _PUBLIC_ bool cli_credentials_is_anonymous(struct cli_credentials *cred) - cred->machine_account_pending_lp_ctx); - } - -+ if (cli_credentials_get_kerberos_state(cred) != CRED_DONT_USE_KERBEROS) { -+ /* if principal is set, it's not anonymous */ -+ if (cred->principal && cred->principal_obtained >= cred->username_obtained) { -+ return false; -+ } -+ } -+ - username = cli_credentials_get_username(cred); - - /* Yes, it is deliberate that we die if we have a NULL pointer --- -2.4.0 - diff --git a/SOURCES/samba-4.2.10-ldap-sasl-win2003.patch b/SOURCES/samba-4.2.10-ldap-sasl-win2003.patch new file mode 100644 index 0000000..379596f --- /dev/null +++ b/SOURCES/samba-4.2.10-ldap-sasl-win2003.patch @@ -0,0 +1,39 @@ +From 7a73e56dfa2ca8569ffdda0b9738516081889523 Mon Sep 17 00:00:00 2001 +From: Stefan Metzmacher +Date: Fri, 8 Apr 2016 10:05:38 +0200 +Subject: [PATCH] s3:libads: sasl wrapped LDAP connections against with + kerberos and arcfour-hmac-md5 + +This fixes a regression in commit 2cb07ba50decdfd6d08271cd2b3d893ff95f5af9 +(s3:libads: make use of ads_sasl_spnego_gensec_bind() for GSS-SPNEGO with Kerberos) +that prevents things like 'net ads join' from working against a Windows 2003 domain. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804 + +Signed-off-by: Stefan Metzmacher +--- + source3/libads/sasl.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c +index 4fcd733..22aa9cf 100644 +--- a/source3/libads/sasl.c ++++ b/source3/libads/sasl.c +@@ -312,7 +312,13 @@ static ADS_STATUS ads_sasl_spnego_gensec_bind(ADS_STRUCT *ads, + ads->ldap.out.max_unwrapped = gensec_max_input_size(auth_generic_state->gensec_security); + + ads->ldap.out.sig_size = max_wrapped - ads->ldap.out.max_unwrapped; +- ads->ldap.in.min_wrapped = ads->ldap.out.sig_size; ++ /* ++ * Note that we have to truncate this to 0x2C ++ * (taken from a capture with LDAP unbind), as the ++ * signature size is not constant for Kerberos with ++ * arcfour-hmac-md5. ++ */ ++ ads->ldap.in.min_wrapped = MIN(ads->ldap.out.sig_size, 0x2C); + ads->ldap.in.max_wrapped = max_wrapped; + status = ads_setup_sasl_wrapping(ads, &ads_sasl_gensec_ops, auth_generic_state->gensec_security); + if (!ADS_ERR_OK(status)) { +-- +1.9.1 + diff --git a/SOURCES/samba-4.2.10-s3-parm-clean-up-defaults-when-removing-global-param.patch b/SOURCES/samba-4.2.10-s3-parm-clean-up-defaults-when-removing-global-param.patch new file mode 100644 index 0000000..272c855 --- /dev/null +++ b/SOURCES/samba-4.2.10-s3-parm-clean-up-defaults-when-removing-global-param.patch @@ -0,0 +1,71 @@ +From 137649fc01e6914bbb86a2f5f16c7e03a2fa132d Mon Sep 17 00:00:00 2001 +From: Alexander Bokovoy +Date: Fri, 22 Jan 2016 11:44:03 +0200 +Subject: [PATCH] s3-parm: clean up defaults when removing global parameters + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=11693 + +When globals are re-initialized, they are cleared and globals' talloc +context is freed. However, parm_table still contains a reference to the +global value in the defaults. This confuses lpcfg_string_free() after +commit 795c543d858b2452f062a02846c2f908fe4cffe4 because it tries to +free already freed pointer which is passed by lp_save_defaults(): + +.... + case P_STRING: + case P_USTRING: + lpcfg_string_set(Globals.ctx, + &parm_table[i].def.svalue, + *(char **)lp_parm_ptr(NULL, &parm_table[i])); +.... + +here &parm_table[i].def.svalue is passed to lpcfg_string_free() but it +is a pointer to a value allocated with previous Globals.ctx which +already was freed. + +This specifically affects registry backend of smb.conf in lp_load_ex() +where init_globals() called explicitly to re-init globals after +lp_save_defaults() if we have registry backend defined. + +Reviewed-by: Uri Simchoni +Signed-off-by: Alexander Bokovoy + +Autobuild-User(master): Uri Simchoni +Autobuild-Date(master): Mon Jan 25 23:58:42 CET 2016 on sn-devel-144 +--- + source3/param/loadparm.c | 17 +++++++++++++++++ + 1 file changed, 17 insertions(+) + +diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c +index 94de252..9bd47dc 100644 +--- a/source3/param/loadparm.c ++++ b/source3/param/loadparm.c +@@ -402,8 +402,25 @@ static void free_parameters_by_snum(int snum) + */ + static void free_global_parameters(void) + { ++ uint32_t i; ++ struct parm_struct *parm; ++ + free_param_opts(&Globals.param_opt); + free_parameters_by_snum(GLOBAL_SECTION_SNUM); ++ ++ /* Reset references in the defaults because the context is going to be freed */ ++ for (i=0; parm_table[i].label; i++) { ++ parm = &parm_table[i]; ++ if ((parm->type == P_STRING) || ++ (parm->type == P_USTRING)) { ++ if ((parm->def.svalue != NULL) && ++ (*(parm->def.svalue) != '\0')) { ++ if (talloc_parent(parm->def.svalue) == Globals.ctx) { ++ parm->def.svalue = NULL; ++ } ++ } ++ } ++ } + TALLOC_FREE(Globals.ctx); + } + +-- +2.5.5 + diff --git a/SOURCES/samba-4.2.10-s3-winbind-make-sure-domain-member-can-talk-to-trust.patch b/SOURCES/samba-4.2.10-s3-winbind-make-sure-domain-member-can-talk-to-trust.patch new file mode 100644 index 0000000..3d092ff --- /dev/null +++ b/SOURCES/samba-4.2.10-s3-winbind-make-sure-domain-member-can-talk-to-trust.patch @@ -0,0 +1,60 @@ +From b89f28556ad0d1caf9cf41c56a0d67440098358f Mon Sep 17 00:00:00 2001 +From: Alexander Bokovoy +Date: Tue, 12 Apr 2016 09:36:12 +0300 +Subject: [PATCH] s3-winbind: make sure domain member can talk to trusted + domains DCs + + Allow cm_connect_netlogon() to talk to trusted domains' DCs when + running in a domain member configuration. + +Signed-off-by: Alexander Bokovoy +--- + source3/winbindd/winbindd_cm.c | 15 +++++++++------ + 1 file changed, 9 insertions(+), 6 deletions(-) + +diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c +index 63175e5..1ef3d17 100644 +--- a/source3/winbindd/winbindd_cm.c ++++ b/source3/winbindd/winbindd_cm.c +@@ -2578,9 +2578,10 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, + anonymous: + + /* Finally fall back to anonymous. */ +- if (lp_winbind_sealed_pipes() || lp_require_strong_key()) { ++ if ((lp_winbind_sealed_pipes() || lp_require_strong_key()) && ++ (IS_DC || domain->primary)) { + status = NT_STATUS_DOWNGRADE_DETECTED; +- DEBUG(1, ("Unwilling to make SAMR connection to domain %s" ++ DEBUG(1, ("Unwilling to make SAMR connection to domain %s " + "without connection level security, " + "must set 'winbind sealed pipes = false' and " + "'require strong key = false' to proceed: %s\n", +@@ -2811,9 +2812,10 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, + + anonymous: + +- if (lp_winbind_sealed_pipes() || lp_require_strong_key()) { ++ if ((lp_winbind_sealed_pipes() || lp_require_strong_key()) && ++ (IS_DC || domain->primary)) { + result = NT_STATUS_DOWNGRADE_DETECTED; +- DEBUG(1, ("Unwilling to make LSA connection to domain %s" ++ DEBUG(1, ("Unwilling to make LSA connection to domain %s " + "without connection level security, " + "must set 'winbind sealed pipes = false' and " + "'require strong key = false' to proceed: %s\n", +@@ -2978,9 +2980,10 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain, + + no_schannel: + if (!(conn->netlogon_flags & NETLOGON_NEG_AUTHENTICATED_RPC)) { +- if (lp_winbind_sealed_pipes() || lp_require_strong_key()) { ++ if ((lp_winbind_sealed_pipes() || lp_require_strong_key()) && ++ (IS_DC || domain->primary)) { + result = NT_STATUS_DOWNGRADE_DETECTED; +- DEBUG(1, ("Unwilling to make connection to domain %s" ++ DEBUG(1, ("Unwilling to make connection to domain %s " + "without connection level security, " + "must set 'winbind sealed pipes = false' and " + "'require strong key = false' to proceed: %s\n", +-- +2.5.5 + diff --git a/SOURCES/samba-4.2.3-fix_dfree_command.patch b/SOURCES/samba-4.2.3-fix_dfree_command.patch deleted file mode 100644 index 6ed3da6..0000000 --- a/SOURCES/samba-4.2.3-fix_dfree_command.patch +++ /dev/null @@ -1,81 +0,0 @@ -From 80d7fe6f06c820253d0c687153a3c781bc55cb0c Mon Sep 17 00:00:00 2001 -From: Andreas Schneider -Date: Fri, 17 Jul 2015 09:35:11 +0200 -Subject: [PATCH] s3-smbd: Leave sys_disk_free() if dfree command is used - -If we have a broken system which reports incorrect sizes we provide the -'dfree command'. This command makes sure Samba gets the correct values. -However after that we call the quota command which then reports the -broken values. The dfree command should take care to provide the correct -values and in case of quota's it should also calculate the quote -correctly. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11403 - -Pair-Programmed-With: Michael Adam -Signed-off-by: Andreas Schneider -Signed-off-by: Michael Adam -Reviewed-by: Ralph Boehme -(cherry picked from commit 48a4d5a4078ff2a66dd753323d6e5d76d34b9828) ---- - source3/smbd/dfree.c | 29 +++++++++++++---------------- - 1 file changed, 13 insertions(+), 16 deletions(-) - -diff --git a/source3/smbd/dfree.c b/source3/smbd/dfree.c -index d02c1bd..09b00f4 100644 ---- a/source3/smbd/dfree.c -+++ b/source3/smbd/dfree.c -@@ -98,7 +98,7 @@ uint64_t sys_disk_free(connection_struct *conn, const char *path, bool small_que - DEBUG (3, ("disk_free: Running command '%s'\n", syscmd)); - - lines = file_lines_pload(syscmd, NULL); -- if (lines) { -+ if (lines != NULL) { - char *line = lines[0]; - - DEBUG (3, ("Read input from dfree, \"%s\"\n", line)); -@@ -122,22 +122,18 @@ uint64_t sys_disk_free(connection_struct *conn, const char *path, bool small_que - *dsize = 2048; - if (!*dfree) - *dfree = 1024; -- } else { -- DEBUG (0, ("disk_free: file_lines_load() failed for " -- "command '%s'. Error was : %s\n", -- syscmd, strerror(errno) )); -- if (sys_fsusage(path, dfree, dsize) != 0) { -- DEBUG (0, ("disk_free: sys_fsusage() failed. Error was : %s\n", -- strerror(errno) )); -- return (uint64_t)-1; -- } -- } -- } else { -- if (sys_fsusage(path, dfree, dsize) != 0) { -- DEBUG (0, ("disk_free: sys_fsusage() failed. Error was : %s\n", -- strerror(errno) )); -- return (uint64_t)-1; -+ -+ goto dfree_done; - } -+ DEBUG (0, ("disk_free: file_lines_load() failed for " -+ "command '%s'. Error was : %s\n", -+ syscmd, strerror(errno) )); -+ } -+ -+ if (sys_fsusage(path, dfree, dsize) != 0) { -+ DEBUG (0, ("disk_free: sys_fsusage() failed. Error was : %s\n", -+ strerror(errno) )); -+ return (uint64_t)-1; - } - - if (disk_quotas(path, &bsize_q, &dfree_q, &dsize_q)) { -@@ -161,6 +157,7 @@ uint64_t sys_disk_free(connection_struct *conn, const char *path, bool small_que - *dfree = MAX(1,*dfree); - } - -+dfree_done: - disk_norm(small_query,bsize,dfree,dsize); - - if ((*bsize) < 1024) { --- -2.4.5 - diff --git a/SOURCES/samba-4.2.3-fix_force_group.patch b/SOURCES/samba-4.2.3-fix_force_group.patch deleted file mode 100644 index 224141d..0000000 --- a/SOURCES/samba-4.2.3-fix_force_group.patch +++ /dev/null @@ -1,65 +0,0 @@ -From ee554fe5bd412d1faa6f59bdf8e8662ce6fb9b1a Mon Sep 17 00:00:00 2001 -From: Justin Maggard -Date: Tue, 21 Jul 2015 15:17:30 -0700 -Subject: [PATCH] s3-passdb: Respect LOOKUP_NAME_GROUP flag in sid lookup. - -Somewhere along the line, a config line like "valid users = @foo" -broke when "foo" also exists as a user. - -user_ok_token() already does the right thing by adding the LOOKUP_NAME_GROUP -flag; but lookup_name() was not respecting that flag, and went ahead and looked -for users anyway. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11320 - -Signed-off-by: Justin Maggard -Reviewed-by: Jeremy Allison -Reviewed-by: Marc Muehlfeld - -Autobuild-User(master): Jeremy Allison -Autobuild-Date(master): Tue Jul 28 21:35:58 CEST 2015 on sn-devel-104 - -(cherry picked from commit dc99d451bf23668d73878847219682fced547622) ---- - source3/passdb/lookup_sid.c | 4 ++-- - source3/passdb/lookup_sid.h | 2 +- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c -index fe07bea..714061e 100644 ---- a/source3/passdb/lookup_sid.c -+++ b/source3/passdb/lookup_sid.c -@@ -120,7 +120,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx, - goto ok; - } - -- if (((flags & LOOKUP_NAME_NO_NSS) == 0) -+ if (((flags & (LOOKUP_NAME_NO_NSS|LOOKUP_NAME_GROUP)) == 0) - && strequal(domain, unix_users_domain_name())) { - if (lookup_unix_user_name(name, &sid)) { - type = SID_NAME_USER; -@@ -293,7 +293,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx, - /* 11. Ok, windows would end here. Samba has two more options: - Unmapped users and unmapped groups */ - -- if (((flags & LOOKUP_NAME_NO_NSS) == 0) -+ if (((flags & (LOOKUP_NAME_NO_NSS|LOOKUP_NAME_GROUP)) == 0) - && lookup_unix_user_name(name, &sid)) { - domain = talloc_strdup(tmp_ctx, unix_users_domain_name()); - type = SID_NAME_USER; -diff --git a/source3/passdb/lookup_sid.h b/source3/passdb/lookup_sid.h -index 872f4ef..8b5edf6 100644 ---- a/source3/passdb/lookup_sid.h -+++ b/source3/passdb/lookup_sid.h -@@ -31,7 +31,7 @@ struct unixid; - #define LOOKUP_NAME_NONE 0x00000000 - #define LOOKUP_NAME_ISOLATED 0x00000001 /* Look up unqualified names */ - #define LOOKUP_NAME_REMOTE 0x00000002 /* Ask others */ --#define LOOKUP_NAME_GROUP 0x00000004 /* (unused) This is a NASTY hack for -+#define LOOKUP_NAME_GROUP 0x00000004 /* This is a NASTY hack for - valid users = @foo where foo also - exists in as user. */ - #define LOOKUP_NAME_NO_NSS 0x00000008 /* no NSS calls to avoid --- -2.5.0.rc2.392.g76e840b - diff --git a/SOURCES/samba-4.2.3-fix_map_to_guest_bad_uid.patch b/SOURCES/samba-4.2.3-fix_map_to_guest_bad_uid.patch deleted file mode 100644 index 7b7a474..0000000 --- a/SOURCES/samba-4.2.3-fix_map_to_guest_bad_uid.patch +++ /dev/null @@ -1,191 +0,0 @@ -From 4438a33e0e3621e9b178620ba0e543069bf85012 Mon Sep 17 00:00:00 2001 -From: Andreas Schneider -Date: Wed, 19 Aug 2015 16:11:47 +0200 -Subject: [PATCH 1/3] s3-auth: Fix 'map to guest = Bad Uid' support - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=9862 - -Signed-off-by: Andreas Schneider -Reviewed-by: Guenther Deschner -(cherry picked from commit 34965d4d98d172e848e2b96fad8a9e0b99288ba7) ---- - source3/auth/auth_util.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c -index 1c2cf80..dcf173d 100644 ---- a/source3/auth/auth_util.c -+++ b/source3/auth/auth_util.c -@@ -1397,6 +1397,14 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, - &username_was_mapped); - - if (!NT_STATUS_IS_OK(nt_status)) { -+ /* Handle 'map to guest = Bad Uid */ -+ if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER) && -+ (lp_security() == SEC_ADS || lp_security() == SEC_DOMAIN) && -+ lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_UID) { -+ DEBUG(2, ("Try to map %s to guest account", -+ nt_username)); -+ return make_server_info_guest(mem_ctx, server_info); -+ } - return nt_status; - } - --- -2.5.0 - - -From e0cfca754ed1c540f3b8a5adcea3bd85aac74930 Mon Sep 17 00:00:00 2001 -From: Andreas Schneider -Date: Wed, 19 Aug 2015 16:24:08 +0200 -Subject: [PATCH 2/3] s3-auth: Pass nt_username to check_account() - -We set nt_username above but do not use it in this function. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=9862 - -Signed-off-by: Andreas Schneider -Reviewed-by: Guenther Deschner -(cherry picked from commit e8c76932e4ac192a00afa3b9731f5921c4b37da6) ---- - source3/auth/auth_util.c | 9 ++++++--- - 1 file changed, 6 insertions(+), 3 deletions(-) - -diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c -index dcf173d..688072e 100644 ---- a/source3/auth/auth_util.c -+++ b/source3/auth/auth_util.c -@@ -1392,9 +1392,12 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, - - /* this call will try to create the user if necessary */ - -- nt_status = check_account(mem_ctx, nt_domain, sent_nt_username, -- &found_username, &pwd, -- &username_was_mapped); -+ nt_status = check_account(mem_ctx, -+ nt_domain, -+ nt_username, -+ &found_username, -+ &pwd, -+ &username_was_mapped); - - if (!NT_STATUS_IS_OK(nt_status)) { - /* Handle 'map to guest = Bad Uid */ --- -2.5.0 - - -From 2b31b935a824d340876af24568c84bab6d4462cc Mon Sep 17 00:00:00 2001 -From: Andreas Schneider -Date: Wed, 19 Aug 2015 16:19:30 +0200 -Subject: [PATCH 3/3] s3-auth: Fix a memory leak in make_server_info_info3() - -We call make_server_info(NULL) and it is possible that we do not free -it, because server_info is not allocated on the memory context we pass -to the function. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=9862 - -Signed-off-by: Andreas Schneider -Reviewed-by: Guenther Deschner -(cherry picked from commit 6363c0232c2238e1a782e9c22ef762e3ff9b7563) ---- - source3/auth/auth_util.c | 35 +++++++++++++++++++++++------------ - 1 file changed, 23 insertions(+), 12 deletions(-) - -diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c -index 688072e..2b355e4 100644 ---- a/source3/auth/auth_util.c -+++ b/source3/auth/auth_util.c -@@ -1349,6 +1349,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, - bool username_was_mapped; - struct passwd *pwd; - struct auth_serversupplied_info *result; -+ TALLOC_CTX *tmp_ctx = talloc_stackframe(); - - /* - Here is where we should check the list of -@@ -1357,15 +1358,17 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, - */ - - if (!sid_compose(&user_sid, info3->base.domain_sid, info3->base.rid)) { -- return NT_STATUS_INVALID_PARAMETER; -+ nt_status = NT_STATUS_INVALID_PARAMETER; -+ goto out; - } - - if (!sid_compose(&group_sid, info3->base.domain_sid, - info3->base.primary_gid)) { -- return NT_STATUS_INVALID_PARAMETER; -+ nt_status = NT_STATUS_INVALID_PARAMETER; -+ goto out; - } - -- nt_username = talloc_strdup(mem_ctx, info3->base.account_name.string); -+ nt_username = talloc_strdup(tmp_ctx, info3->base.account_name.string); - if (!nt_username) { - /* If the server didn't give us one, just use the one we sent - * them */ -@@ -1392,7 +1395,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, - - /* this call will try to create the user if necessary */ - -- nt_status = check_account(mem_ctx, -+ nt_status = check_account(tmp_ctx, - nt_domain, - nt_username, - &found_username, -@@ -1406,15 +1409,19 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, - lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_UID) { - DEBUG(2, ("Try to map %s to guest account", - nt_username)); -- return make_server_info_guest(mem_ctx, server_info); -+ nt_status = make_server_info_guest(tmp_ctx, &result); -+ if (NT_STATUS_IS_OK(nt_status)) { -+ *server_info = talloc_move(mem_ctx, &result); -+ } - } -- return nt_status; -+ goto out; - } - -- result = make_server_info(NULL); -+ result = make_server_info(tmp_ctx); - if (result == NULL) { - DEBUG(4, ("make_server_info failed!\n")); -- return NT_STATUS_NO_MEMORY; -+ nt_status = NT_STATUS_NO_MEMORY; -+ goto out; - } - - result->unix_name = talloc_strdup(result, found_username); -@@ -1422,8 +1429,8 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, - /* copy in the info3 */ - result->info3 = copy_netr_SamInfo3(result, info3); - if (result->info3 == NULL) { -- TALLOC_FREE(result); -- return NT_STATUS_NO_MEMORY; -+ nt_status = NT_STATUS_NO_MEMORY; -+ goto out; - } - - /* Fill in the unix info we found on the way */ -@@ -1453,9 +1460,13 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, - - result->guest = (info3->base.user_flags & NETLOGON_GUEST); - -- *server_info = result; -+ *server_info = talloc_move(mem_ctx, &result); - -- return NT_STATUS_OK; -+ nt_status = NT_STATUS_OK; -+out: -+ talloc_free(tmp_ctx); -+ -+ return nt_status; - } - - /***************************************************************************** --- -2.5.0 - diff --git a/SOURCES/samba-4.2.3-fix_nss_wins.patch b/SOURCES/samba-4.2.3-fix_nss_wins.patch deleted file mode 100644 index 835d988..0000000 --- a/SOURCES/samba-4.2.3-fix_nss_wins.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 5ae47e9173931fedd6b3adb04ff94b772587fa2a Mon Sep 17 00:00:00 2001 -From: Andreas Schneider -Date: Fri, 23 Oct 2015 15:28:23 +0200 -Subject: [PATCH] nss_wins: Use lp_global_no_reinit() - -This avoids that we run into use after free issues when we access memory -allocated on the globals and the global being reinitialized. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11563 - -Signed-off-by: Andreas Schneider -Reviewed-by: Volker Lendecke - -(cherry picked from commit 0abbfb2e4d5bcd847983ef7981840f1eab7b917c) ---- - nsswitch/wins.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/nsswitch/wins.c b/nsswitch/wins.c -index d63968b..6b5c3e2 100644 ---- a/nsswitch/wins.c -+++ b/nsswitch/wins.c -@@ -53,7 +53,7 @@ static void nss_wins_init(void) - - TimeInit(); - setup_logging("nss_wins",False); -- lp_load(get_dyn_CONFIGFILE(),True,False,False,True); -+ lp_load_global_no_reinit(get_dyn_CONFIGFILE()); - load_interfaces(); - } - --- -2.6.2 - diff --git a/SOURCES/samba-4.2.3-fix_smbX_segfault.patch b/SOURCES/samba-4.2.3-fix_smbX_segfault.patch deleted file mode 100644 index fc282fa..0000000 --- a/SOURCES/samba-4.2.3-fix_smbX_segfault.patch +++ /dev/null @@ -1,71 +0,0 @@ -From c638ce839bb7ac754c1cbb61afcc700bac8788fc Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?G=C3=BCnther=20Deschner?= -Date: Wed, 10 Jun 2015 17:07:15 +0200 -Subject: [PATCH] s3-smbd: reset protocol in smbXsrv_connection_init_tables - failure paths. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11373 - -Guenther - -Pair-Programmed-With: Stefan Metzmacher -Pair-Programmed-With: Michael Adam - -Signed-off-by: Guenther Deschner -Signed-off-by: Stefan Metzmacher -Signed-off-by: Michael Adam -Reviewed-by: Andreas Schneider ---- - source3/smbd/process.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/source3/smbd/process.c b/source3/smbd/process.c -index 958c82b..c83f3bc 100644 ---- a/source3/smbd/process.c -+++ b/source3/smbd/process.c -@@ -3464,36 +3464,41 @@ NTSTATUS smbXsrv_connection_init_tables(struct smbXsrv_connection *conn, - { - NTSTATUS status; - -- set_Protocol(protocol); - conn->protocol = protocol; - - if (protocol >= PROTOCOL_SMB2_02) { - status = smb2srv_session_table_init(conn); - if (!NT_STATUS_IS_OK(status)) { -+ conn->protocol = PROTOCOL_NONE; - return status; - } - - status = smb2srv_open_table_init(conn); - if (!NT_STATUS_IS_OK(status)) { -+ conn->protocol = PROTOCOL_NONE; - return status; - } - } else { - status = smb1srv_session_table_init(conn); - if (!NT_STATUS_IS_OK(status)) { -+ conn->protocol = PROTOCOL_NONE; - return status; - } - - status = smb1srv_tcon_table_init(conn); - if (!NT_STATUS_IS_OK(status)) { -+ conn->protocol = PROTOCOL_NONE; - return status; - } - - status = smb1srv_open_table_init(conn); - if (!NT_STATUS_IS_OK(status)) { -+ conn->protocol = PROTOCOL_NONE; - return status; - } - } - -+ set_Protocol(protocol); - return NT_STATUS_OK; - } - --- -2.4.3 - diff --git a/SOURCES/samba-CVE-2015-3223.patch b/SOURCES/samba-CVE-2015-3223.patch deleted file mode 100644 index eebe5e3..0000000 --- a/SOURCES/samba-CVE-2015-3223.patch +++ /dev/null @@ -1,219 +0,0 @@ -From 7a4129ad1075b54e902af703d2582ffb79b99c49 Mon Sep 17 00:00:00 2001 -From: Douglas Bagnall -Date: Tue, 24 Nov 2015 13:47:16 +1300 -Subject: [PATCH 5/9] CVE-2015-5330: Fix handling of unicode near string - endings - -Until now next_codepoint_ext() and next_codepoint_handle_ext() were -using strnlen(str, 5) to determine how much string they should try to -decode. This ended up looking past the end of the string when it was not -null terminated and the final character looked like a multi-byte encoding. -The fix is to let the caller say how long the string can be. - -Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599 - -Signed-off-by: Douglas Bagnall -Pair-programmed-with: Andrew Bartlett -Reviewed-by: Ralph Boehme ---- - lib/util/charset/charset.h | 9 +++++---- - lib/util/charset/codepoints.c | 24 ++++++++++++++++-------- - lib/util/charset/util_str.c | 3 ++- - lib/util/charset/util_unistr.c | 3 ++- - 4 files changed, 25 insertions(+), 14 deletions(-) - -diff --git a/lib/util/charset/charset.h b/lib/util/charset/charset.h -index e4297e4..060f1cf 100644 ---- a/lib/util/charset/charset.h -+++ b/lib/util/charset/charset.h -@@ -171,15 +171,16 @@ smb_iconv_t get_conv_handle(struct smb_iconv_handle *ic, - charset_t from, charset_t to); - const char *charset_name(struct smb_iconv_handle *ic, charset_t ch); - --codepoint_t next_codepoint_ext(const char *str, charset_t src_charset, -- size_t *size); -+codepoint_t next_codepoint_ext(const char *str, size_t len, -+ charset_t src_charset, size_t *size); - codepoint_t next_codepoint(const char *str, size_t *size); - ssize_t push_codepoint(char *str, codepoint_t c); - - /* codepoints */ - codepoint_t next_codepoint_handle_ext(struct smb_iconv_handle *ic, -- const char *str, charset_t src_charset, -- size_t *size); -+ const char *str, size_t len, -+ charset_t src_charset, -+ size_t *size); - codepoint_t next_codepoint_handle(struct smb_iconv_handle *ic, - const char *str, size_t *size); - ssize_t push_codepoint_handle(struct smb_iconv_handle *ic, -diff --git a/lib/util/charset/codepoints.c b/lib/util/charset/codepoints.c -index 0984164..542eeae 100644 ---- a/lib/util/charset/codepoints.c -+++ b/lib/util/charset/codepoints.c -@@ -319,7 +319,8 @@ smb_iconv_t get_conv_handle(struct smb_iconv_handle *ic, - */ - _PUBLIC_ codepoint_t next_codepoint_handle_ext( - struct smb_iconv_handle *ic, -- const char *str, charset_t src_charset, -+ const char *str, size_t len, -+ charset_t src_charset, - size_t *bytes_consumed) - { - /* it cannot occupy more than 4 bytes in UTF16 format */ -@@ -339,7 +340,7 @@ _PUBLIC_ codepoint_t next_codepoint_handle_ext( - * we assume that no multi-byte character can take more than 5 bytes. - * This is OK as we only support codepoints up to 1M (U+100000) - */ -- ilen_orig = strnlen(str, 5); -+ ilen_orig = MIN(len, 5); - ilen = ilen_orig; - - descriptor = get_conv_handle(ic, src_charset, CH_UTF16); -@@ -395,9 +396,16 @@ _PUBLIC_ codepoint_t next_codepoint_handle_ext( - return INVALID_CODEPOINT if the next character cannot be converted - */ - _PUBLIC_ codepoint_t next_codepoint_handle(struct smb_iconv_handle *ic, -- const char *str, size_t *size) -+ const char *str, size_t *size) - { -- return next_codepoint_handle_ext(ic, str, CH_UNIX, size); -+ /* -+ * We assume that no multi-byte character can take more than 5 bytes -+ * thus avoiding walking all the way down a long string. This is OK as -+ * Unicode codepoints only go up to (U+10ffff), which can always be -+ * encoded in 4 bytes or less. -+ */ -+ return next_codepoint_handle_ext(ic, str, strnlen(str, 5), CH_UNIX, -+ size); - } - - /* -@@ -459,11 +467,11 @@ _PUBLIC_ ssize_t push_codepoint_handle(struct smb_iconv_handle *ic, - return 5 - olen; - } - --_PUBLIC_ codepoint_t next_codepoint_ext(const char *str, charset_t src_charset, -- size_t *size) -+_PUBLIC_ codepoint_t next_codepoint_ext(const char *str, size_t len, -+ charset_t src_charset, size_t *size) - { -- return next_codepoint_handle_ext(get_iconv_handle(), str, -- src_charset, size); -+ return next_codepoint_handle_ext(get_iconv_handle(), str, len, -+ src_charset, size); - } - - _PUBLIC_ codepoint_t next_codepoint(const char *str, size_t *size) -diff --git a/lib/util/charset/util_str.c b/lib/util/charset/util_str.c -index d2e6cbb..2653bfc 100644 ---- a/lib/util/charset/util_str.c -+++ b/lib/util/charset/util_str.c -@@ -210,7 +210,8 @@ _PUBLIC_ size_t strlen_m_ext_handle(struct smb_iconv_handle *ic, - - while (*s) { - size_t c_size; -- codepoint_t c = next_codepoint_handle_ext(ic, s, src_charset, &c_size); -+ codepoint_t c = next_codepoint_handle_ext(ic, s, strnlen(s, 5), -+ src_charset, &c_size); - s += c_size; - - switch (dst_charset) { -diff --git a/lib/util/charset/util_unistr.c b/lib/util/charset/util_unistr.c -index e4ae650..f299269 100644 ---- a/lib/util/charset/util_unistr.c -+++ b/lib/util/charset/util_unistr.c -@@ -112,7 +112,8 @@ _PUBLIC_ char *strupper_talloc_n_handle(struct smb_iconv_handle *iconv_handle, - - while (n-- && *src) { - size_t c_size; -- codepoint_t c = next_codepoint_handle(iconv_handle, src, &c_size); -+ codepoint_t c = next_codepoint_handle_ext(iconv_handle, src, n, -+ CH_UNIX, &c_size); - src += c_size; - - c = toupper_m(c); --- -2.5.0 - - -From 382a9146a88b7aac7db4c64519b3da5611c817ef Mon Sep 17 00:00:00 2001 -From: Douglas Bagnall -Date: Tue, 24 Nov 2015 13:49:09 +1300 -Subject: [PATCH 6/9] CVE-2015-5330: strupper_talloc_n_handle(): properly count - characters - -When a codepoint eats more than one byte we really want to know, -especially if the string is not NUL terminated. - -Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599 - -Signed-off-by: Douglas Bagnall -Pair-programmed-with: Andrew Bartlett -Reviewed-by: Ralph Boehme ---- - lib/util/charset/util_unistr.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/lib/util/charset/util_unistr.c b/lib/util/charset/util_unistr.c -index f299269..2cc8718 100644 ---- a/lib/util/charset/util_unistr.c -+++ b/lib/util/charset/util_unistr.c -@@ -110,11 +110,12 @@ _PUBLIC_ char *strupper_talloc_n_handle(struct smb_iconv_handle *iconv_handle, - return NULL; - } - -- while (n-- && *src) { -+ while (n && *src) { - size_t c_size; - codepoint_t c = next_codepoint_handle_ext(iconv_handle, src, n, - CH_UNIX, &c_size); - src += c_size; -+ n -= c_size; - - c = toupper_m(c); - --- -2.5.0 - - -From f317c31922a9ee8ae5ee9c0895a72ee6828d2c81 Mon Sep 17 00:00:00 2001 -From: Douglas Bagnall -Date: Tue, 24 Nov 2015 13:54:09 +1300 -Subject: [PATCH 7/9] CVE-2015-5330: next_codepoint_handle_ext: don't - short-circuit UTF16 low bytes - -UTF16 contains zero bytes when it is encoding ASCII (for example), so we -can't assume the absense of the 0x80 bit means a one byte encoding. No -current callers use UTF16. - -Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599 - -Signed-off-by: Douglas Bagnall -Pair-programmed-with: Andrew Bartlett -Reviewed-by: Ralph Boehme ---- - lib/util/charset/codepoints.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/lib/util/charset/codepoints.c b/lib/util/charset/codepoints.c -index 542eeae..19d084f 100644 ---- a/lib/util/charset/codepoints.c -+++ b/lib/util/charset/codepoints.c -@@ -331,7 +331,10 @@ _PUBLIC_ codepoint_t next_codepoint_handle_ext( - size_t olen; - char *outbuf; - -- if ((str[0] & 0x80) == 0) { -+ -+ if (((str[0] & 0x80) == 0) && (src_charset == CH_DOS || -+ src_charset == CH_UNIX || -+ src_charset == CH_UTF8)) { - *bytes_consumed = 1; - return (codepoint_t)str[0]; - } --- -2.5.0 - - - diff --git a/SOURCES/samba-CVE-2015-5252.patch b/SOURCES/samba-CVE-2015-5252.patch deleted file mode 100644 index d33a3c6..0000000 --- a/SOURCES/samba-CVE-2015-5252.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 5801fe1f6ca8ea03af5b485872097e5c9a1689b4 Mon Sep 17 00:00:00 2001 -From: Jeremy Allison -Date: Thu, 9 Jul 2015 10:58:11 -0700 -Subject: [PATCH] CVE-2015-5252: s3: smbd: Fix symlink verification (file - access outside the share). - -Ensure matching component ends in '/' or '\0'. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11395 - -Signed-off-by: Jeremy Allison -Reviewed-by: Volker Lendecke ---- - source3/smbd/vfs.c | 13 ++++++++++--- - 1 file changed, 10 insertions(+), 3 deletions(-) - -diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c -index 1281322..7138759 100644 ---- a/source3/smbd/vfs.c -+++ b/source3/smbd/vfs.c -@@ -996,6 +996,7 @@ NTSTATUS check_reduced_name_with_privilege(connection_struct *conn, - struct smb_filename *smb_fname_cwd = NULL; - struct privilege_paths *priv_paths = NULL; - int ret; -+ bool matched; - - DEBUG(3,("check_reduced_name_with_privilege [%s] [%s]\n", - fname, -@@ -1090,7 +1091,10 @@ NTSTATUS check_reduced_name_with_privilege(connection_struct *conn, - } - - rootdir_len = strlen(conn_rootdir); -- if (strncmp(conn_rootdir, resolved_name, rootdir_len) != 0) { -+ matched = (strncmp(conn_rootdir, resolved_name, rootdir_len) == 0); -+ -+ if (!matched || (resolved_name[rootdir_len] != '/' && -+ resolved_name[rootdir_len] != '\0')) { - DEBUG(2, ("check_reduced_name_with_privilege: Bad access " - "attempt: %s is a symlink outside the " - "share path\n", -@@ -1230,6 +1234,7 @@ NTSTATUS check_reduced_name(connection_struct *conn, const char *fname) - if (!allow_widelinks || !allow_symlinks) { - const char *conn_rootdir; - size_t rootdir_len; -+ bool matched; - - conn_rootdir = SMB_VFS_CONNECTPATH(conn, fname); - if (conn_rootdir == NULL) { -@@ -1240,8 +1245,10 @@ NTSTATUS check_reduced_name(connection_struct *conn, const char *fname) - } - - rootdir_len = strlen(conn_rootdir); -- if (strncmp(conn_rootdir, resolved_name, -- rootdir_len) != 0) { -+ matched = (strncmp(conn_rootdir, resolved_name, -+ rootdir_len) == 0); -+ if (!matched || (resolved_name[rootdir_len] != '/' && -+ resolved_name[rootdir_len] != '\0')) { - DEBUG(2, ("check_reduced_name: Bad access " - "attempt: %s is a symlink outside the " - "share path\n", fname)); --- -2.5.0 - diff --git a/SOURCES/samba-CVE-2015-5296.patch b/SOURCES/samba-CVE-2015-5296.patch deleted file mode 100644 index 8196104..0000000 --- a/SOURCES/samba-CVE-2015-5296.patch +++ /dev/null @@ -1,175 +0,0 @@ -From 02c216582331ee4bafc6f558c3c7de65d08c655f Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher -Date: Wed, 30 Sep 2015 21:17:02 +0200 -Subject: [PATCH 1/3] CVE-2015-5296: s3:libsmb: force signing when requiring - encryption in do_connect() - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536 - -Signed-off-by: Stefan Metzmacher -Reviewed-by: Jeremy Allison ---- - source3/libsmb/clidfs.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c -index b823370..5dfddee 100644 ---- a/source3/libsmb/clidfs.c -+++ b/source3/libsmb/clidfs.c -@@ -114,6 +114,11 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx, - const char *domain; - NTSTATUS status; - int flags = 0; -+ int signing_state = get_cmdline_auth_info_signing_state(auth_info); -+ -+ if (force_encrypt) { -+ signing_state = SMB_SIGNING_REQUIRED; -+ } - - /* make a copy so we don't modify the global string 'service' */ - servicename = talloc_strdup(ctx,share); -@@ -152,7 +157,7 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx, - - status = cli_connect_nb( - server, NULL, port, name_type, NULL, -- get_cmdline_auth_info_signing_state(auth_info), -+ signing_state, - flags, &c); - - if (!NT_STATUS_IS_OK(status)) { --- -2.5.0 - - -From 9e607c8fd3dfb6091477a34b1bbdfa18526c9f98 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher -Date: Wed, 30 Sep 2015 21:17:02 +0200 -Subject: [PATCH 2/3] CVE-2015-5296: s3:libsmb: force signing when requiring - encryption in SMBC_server_internal() - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536 - -Signed-off-by: Stefan Metzmacher -Reviewed-by: Jeremy Allison ---- - source3/libsmb/libsmb_server.c | 15 ++++++++++++--- - 1 file changed, 12 insertions(+), 3 deletions(-) - -diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_server.c -index 5410099..0a58d8c 100644 ---- a/source3/libsmb/libsmb_server.c -+++ b/source3/libsmb/libsmb_server.c -@@ -273,6 +273,7 @@ SMBC_server_internal(TALLOC_CTX *ctx, - char *newserver, *newshare; - int flags = 0; - struct smbXcli_tcon *tcon = NULL; -+ int signing_state = SMB_SIGNING_DEFAULT; - - ZERO_STRUCT(c); - *in_cache = false; -@@ -439,6 +440,10 @@ SMBC_server_internal(TALLOC_CTX *ctx, - flags |= CLI_FULL_CONNECTION_USE_NT_HASH; - } - -+ if (context->internal->smb_encryption_level != SMBC_ENCRYPTLEVEL_NONE) { -+ signing_state = SMB_SIGNING_REQUIRED; -+ } -+ - if (port == 0) { - if (share == NULL || *share == '\0' || is_ipc) { - /* -@@ -446,7 +451,7 @@ SMBC_server_internal(TALLOC_CTX *ctx, - */ - status = cli_connect_nb(server_n, NULL, NBT_SMB_PORT, 0x20, - smbc_getNetbiosName(context), -- SMB_SIGNING_DEFAULT, flags, &c); -+ signing_state, flags, &c); - } - } - -@@ -456,7 +461,7 @@ SMBC_server_internal(TALLOC_CTX *ctx, - */ - status = cli_connect_nb(server_n, NULL, port, 0x20, - smbc_getNetbiosName(context), -- SMB_SIGNING_DEFAULT, flags, &c); -+ signing_state, flags, &c); - } - - if (!NT_STATUS_IS_OK(status)) { -@@ -745,6 +750,7 @@ SMBC_attr_server(TALLOC_CTX *ctx, - ipc_srv = SMBC_find_server(ctx, context, server, "*IPC$", - pp_workgroup, pp_username, pp_password); - if (!ipc_srv) { -+ int signing_state = SMB_SIGNING_DEFAULT; - - /* We didn't find a cached connection. Get the password */ - if (!*pp_password || (*pp_password)[0] == '\0') { -@@ -766,6 +772,9 @@ SMBC_attr_server(TALLOC_CTX *ctx, - if (smbc_getOptionUseCCache(context)) { - flags |= CLI_FULL_CONNECTION_USE_CCACHE; - } -+ if (context->internal->smb_encryption_level != SMBC_ENCRYPTLEVEL_NONE) { -+ signing_state = SMB_SIGNING_REQUIRED; -+ } - - nt_status = cli_full_connection(&ipc_cli, - lp_netbios_name(), server, -@@ -774,7 +783,7 @@ SMBC_attr_server(TALLOC_CTX *ctx, - *pp_workgroup, - *pp_password, - flags, -- SMB_SIGNING_DEFAULT); -+ signing_state); - if (! NT_STATUS_IS_OK(nt_status)) { - DEBUG(1,("cli_full_connection failed! (%s)\n", - nt_errstr(nt_status))); --- -2.5.0 - - -From 289cbf6636e02c1e5125de990e0b22bbb30a0504 Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher -Date: Wed, 30 Sep 2015 21:23:25 +0200 -Subject: [PATCH 3/3] CVE-2015-5296: libcli/smb: make sure we require signing - when we demand encryption on a session - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536 - -Signed-off-by: Stefan Metzmacher -Reviewed-by: Jeremy Allison ---- - libcli/smb/smbXcli_base.c | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c -index 69599bd..b00afbc 100644 ---- a/libcli/smb/smbXcli_base.c -+++ b/libcli/smb/smbXcli_base.c -@@ -5085,6 +5085,9 @@ uint8_t smb2cli_session_security_mode(struct smbXcli_session *session) - if (conn->mandatory_signing) { - security_mode |= SMB2_NEGOTIATE_SIGNING_REQUIRED; - } -+ if (session->smb2->should_sign) { -+ security_mode |= SMB2_NEGOTIATE_SIGNING_REQUIRED; -+ } - - return security_mode; - } -@@ -5383,6 +5386,14 @@ NTSTATUS smb2cli_session_set_channel_key(struct smbXcli_session *session, - - NTSTATUS smb2cli_session_encryption_on(struct smbXcli_session *session) - { -+ if (!session->smb2->should_sign) { -+ /* -+ * We need required signing on the session -+ * in order to prevent man in the middle attacks. -+ */ -+ return NT_STATUS_INVALID_PARAMETER_MIX; -+ } -+ - if (session->smb2->should_encrypt) { - return NT_STATUS_OK; - } --- -2.5.0 - diff --git a/SOURCES/samba-CVE-2015-5299.patch b/SOURCES/samba-CVE-2015-5299.patch deleted file mode 100644 index 2d9a956..0000000 --- a/SOURCES/samba-CVE-2015-5299.patch +++ /dev/null @@ -1,96 +0,0 @@ -From 9588c4950c9b3dd6c16b899156e6d985c7b43187 Mon Sep 17 00:00:00 2001 -From: Jeremy Allison -Date: Fri, 23 Oct 2015 14:54:31 -0700 -Subject: [PATCH] CVE-2015-5299: s3-shadow-copy2: fix missing access check on - snapdir - -Fix originally from - -https://bugzilla.samba.org/show_bug.cgi?id=11529 - -Signed-off-by: Jeremy Allison -Reviewed-by: David Disseldorp ---- - source3/modules/vfs_shadow_copy2.c | 45 ++++++++++++++++++++++++++++++++++++++ - 1 file changed, 45 insertions(+) - -diff --git a/source3/modules/vfs_shadow_copy2.c b/source3/modules/vfs_shadow_copy2.c -index 439df5d..c5c2015 100644 ---- a/source3/modules/vfs_shadow_copy2.c -+++ b/source3/modules/vfs_shadow_copy2.c -@@ -30,6 +30,7 @@ - */ - - #include "includes.h" -+#include "smbd/smbd.h" - #include "system/filesys.h" - #include "include/ntioctl.h" - #include -@@ -1179,6 +1180,42 @@ static char *have_snapdir(struct vfs_handle_struct *handle, - return NULL; - } - -+static bool check_access_snapdir(struct vfs_handle_struct *handle, -+ const char *path) -+{ -+ struct smb_filename smb_fname; -+ int ret; -+ NTSTATUS status; -+ -+ ZERO_STRUCT(smb_fname); -+ smb_fname.base_name = talloc_asprintf(talloc_tos(), -+ "%s", -+ path); -+ if (smb_fname.base_name == NULL) { -+ return false; -+ } -+ -+ ret = SMB_VFS_NEXT_STAT(handle, &smb_fname); -+ if (ret != 0 || !S_ISDIR(smb_fname.st.st_ex_mode)) { -+ TALLOC_FREE(smb_fname.base_name); -+ return false; -+ } -+ -+ status = smbd_check_access_rights(handle->conn, -+ &smb_fname, -+ false, -+ SEC_DIR_LIST); -+ if (!NT_STATUS_IS_OK(status)) { -+ DEBUG(0,("user does not have list permission " -+ "on snapdir %s\n", -+ smb_fname.base_name)); -+ TALLOC_FREE(smb_fname.base_name); -+ return false; -+ } -+ TALLOC_FREE(smb_fname.base_name); -+ return true; -+} -+ - /** - * Find the snapshot directory (if any) for the given - * filename (which is relative to the share). -@@ -1328,6 +1365,7 @@ static int shadow_copy2_get_shadow_copy_data( - const char *snapdir; - struct dirent *d; - TALLOC_CTX *tmp_ctx = talloc_stackframe(); -+ bool ret; - - snapdir = shadow_copy2_find_snapdir(tmp_ctx, handle, fsp->fsp_name); - if (snapdir == NULL) { -@@ -1337,6 +1375,13 @@ static int shadow_copy2_get_shadow_copy_data( - talloc_free(tmp_ctx); - return -1; - } -+ ret = check_access_snapdir(handle, snapdir); -+ if (!ret) { -+ DEBUG(0,("access denied on listing snapdir %s\n", snapdir)); -+ errno = EACCES; -+ talloc_free(tmp_ctx); -+ return -1; -+ } - - p = SMB_VFS_NEXT_OPENDIR(handle, snapdir, NULL, 0); - --- -2.5.0 - diff --git a/SPECS/samba.spec b/SPECS/samba.spec index 003b3e3..1017055 100644 --- a/SPECS/samba.spec +++ b/SPECS/samba.spec @@ -6,9 +6,9 @@ # ctdb is enabled by default, you can disable it with: --without clustering %bcond_without clustering -%define main_release 12 +%define main_release 6 -%define samba_version 4.2.3 +%define samba_version 4.2.10 %define talloc_version 2.1.2 %define ntdb_version 1.0 %define tdb_version 1.3.4 @@ -109,19 +109,11 @@ Source6: samba.pamd Source200: README.dc Source201: README.downgrade -Patch0: samba-4.2-auth-credentials-if-credentials-have-principal-set-t.patch -Patch1: samba-4.2.3-fix_smbX_segfault.patch -Patch2: samba-4.2.3-fix_dfree_command.patch +Patch1: samba-4.2.10-ldap-sasl-win2003.patch Patch3: samba-4.2.3-document_netbios_length.patch Patch4: samba-4.2.3-fix_net_ads_keytab_segfault.patch -Patch5: samba-4.2.3-fix_force_group.patch -Patch6: samba-4.2.3-fix_map_to_guest_bad_uid.patch -Patch7: samba-4.2.3-fix_nss_wins.patch -Patch8: samba-CVE-2015-3223.patch -Patch9: samba-CVE-2015-5299.patch -Patch10: samba-CVE-2015-5252.patch -Patch11: samba-CVE-2015-5296.patch -Patch12: CVE-2015-7560-v4-2.patch +Patch5: samba-4.2.10-s3-parm-clean-up-defaults-when-removing-global-param.patch +Patch6: samba-4.2.10-s3-winbind-make-sure-domain-member-can-talk-to-trust.patch BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) @@ -694,19 +686,11 @@ and use CTDB instead. %prep %setup -q -n samba-%{version}%{pre_release} -%patch0 -p1 -b .samba-4.2-auth-credentials-if-credentials-have-principal-set-t.patch -%patch1 -p1 -b .samba-4.2.3-fix_smbX_segfault.patch -%patch2 -p1 -b .samba-4.2.3-fix_dfree_command.patch +%patch1 -p1 -b .samba-4.2.10-ldap-sasl-win2003.patch %patch3 -p1 -b .samba-4.2.3-document_netbios_length.patch %patch4 -p1 -b .samba-4.2.3-fix_net_ads_keytab_segfault.patch -%patch5 -p1 -b .samba-4.2.3-fix_force_group.patch -%patch6 -p1 -b .samba-4.2.3-fix_map_to_guest_bad_uid.patch -%patch7 -p1 -b .samba-4.2.3-fix_nss_wins.patch -%patch8 -p1 -b .samba-CVE-2015-3223.patch -%patch9 -p1 -b .samba-CVE-2015-5299.patch -%patch10 -p1 -b .samba-CVE-2015-5252.patch -%patch11 -p1 -b .samba-CVE-2015-5296.patch -%patch12 -p1 -b .CVE-2015-7560-v4-2.patch +%patch5 -p1 -b .samba-4.2.10-s3-parm-clean-up-defaults-when-removing-global-param.patch +%patch6 -p1 -b .samba-4.2.10-s3-winbind-make-sure-domain-member-can-talk-to-trust.patch %build %global _talloc_lib ,talloc,pytalloc,pytalloc-util @@ -881,6 +865,17 @@ install -m 0755 packaging/NetworkManager/30-winbind-systemd \ install -d -m 0755 %{buildroot}%{_libdir}/krb5/plugins/libkrb5 touch %{buildroot}%{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so +%if ! %with_dc +for i in %{_libdir}/samba/libdfs-server-ad-samba4.so \ + %{_libdir}/samba/libdnsserver-common-samba4.so \ + %{_mandir}/man8/samba.8 \ + %{_mandir}/man8/samba-tool.8 \ + %{_libdir}/samba/ldb/ildap.so \ + %{_libdir}/samba/ldb/ldbsamba_extensions.so ; do + rm -f %{buildroot}$i +done +%endif + # This makes the right links, as rpmlint requires that # the ldconfig-created links be recorded in the RPM. /sbin/ldconfig -N -n %{buildroot}%{_libdir} @@ -1357,6 +1352,7 @@ rm -rf %{buildroot} %config(noreplace) %{_sysconfdir}/logrotate.d/samba %attr(0700,root,root) %dir /var/log/samba %attr(0700,root,root) %dir /var/log/samba/old +%attr(0755,root,root) %dir /var/lib/samba %ghost %dir /var/run/samba %ghost %dir /var/run/winbindd %attr(700,root,root) %dir /var/lib/samba/private @@ -1469,11 +1465,6 @@ rm -rf %{buildroot} %{_mandir}/man8/samba-tool.8* %else # with_dc %doc packaging/README.dc -%exclude %{_mandir}/man8/samba.8* -%exclude %{_mandir}/man8/samba-tool.8* -%exclude %{_libdir}/samba/ldb/ildap.so -%exclude %{_libdir}/samba/ldb/ldbsamba_extensions.so - %endif # with_dc ### DC-LIBS @@ -1512,8 +1503,6 @@ rm -rf %{buildroot} %{_libdir}/samba/bind9/dlz_bind9_9.so %else %doc packaging/README.dc-libs -%exclude %{_libdir}/samba/libdfs-server-ad-samba4.so -%exclude %{_libdir}/samba/libdnsserver-common-samba4.so %endif # with_dc ### DEVEL @@ -2003,6 +1992,29 @@ rm -rf %{buildroot} %endif # with_clustering_support %changelog +* Tue Apr 12 2016 Alexander Bokovoy - 4.2.10-6 +- Fix domain member winbind not being able to talk to trusted domains' DCs +- relates: #1322690 + +* Mon Apr 11 2016 Alexander Bokovoy - 4.2.10-5 +- Fix crash in smb.conf processing +- relates: #1322690 + +* Fri Apr 08 2016 Alexander Bokovoy - 4.2.10-4 +- Fix LDAP SASL bind with arcfour-hmac-md5 +- resolves: #1322690 + +* Thu Apr 07 2016 Alexander Bokovoy - 4.2.10-3 +- Make sure the package owns /var/lib/samba and uses it for cache purposes +- resolves: #1322690 + +* Wed Apr 06 2016 Alexander Bokovoy - 4.2.10-2 +- Remove ldb modules and internal libraries for DC when not packaging DC build +- resolves: #1322690 + +* Mon Apr 04 2016 Alexander Bokovoy - 4.2.10-1 +- resolves: #1322690 + * Fri Mar 04 2016 Andreas Schneider - 4.2.3-12 - resolves: #1314672 - Fix CVE-2015-7560