diff --git a/SOURCES/samba-4.10-redhat.patch b/SOURCES/samba-4.10-redhat.patch index 9fcade9..81724cd 100644 --- a/SOURCES/samba-4.10-redhat.patch +++ b/SOURCES/samba-4.10-redhat.patch @@ -1,7 +1,7 @@ From 9aa816f5017bd38cbb9af2af5a7c385647e4f76d Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Tue, 7 Jan 2020 19:25:53 +0200 -Subject: [PATCH 01/45] s3-rpcserver: fix security level check for +Subject: [PATCH 01/48] s3-rpcserver: fix security level check for DsRGetForestTrustInformation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -80,13 +80,13 @@ index d799ba4feef..87613b99fde 100644 } -- -2.29.2 +2.30.2 From e71fddb9ad5275a222d96bdcee06571a9a8c73c8 Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Wed, 27 May 2020 16:50:45 +0200 -Subject: [PATCH 02/45] Add a test to check dNSHostName with netbios aliases +Subject: [PATCH 02/48] Add a test to check dNSHostName with netbios aliases BUG: https://bugzilla.samba.org/show_bug.cgi?id=14396 @@ -132,13 +132,13 @@ index 95c0cf76f90..6073ea972f9 100755 # Test createcomputer option of 'net ads join' # -- -2.29.2 +2.30.2 From e80e373485818eb7faebf5c9aae10d82fbc4e2e2 Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Wed, 27 May 2020 15:52:46 +0200 -Subject: [PATCH 03/45] Fix accidental overwrite of dnsHostName by the last +Subject: [PATCH 03/48] Fix accidental overwrite of dnsHostName by the last netbios alias BUG: https://bugzilla.samba.org/show_bug.cgi?id=14396 @@ -186,13 +186,13 @@ index 9d4f656ffec..a31011b0ff8 100644 status = ADS_ERROR_LDAP(LDAP_NO_MEMORY); goto done; -- -2.29.2 +2.30.2 From 7ca5f9b2956ec41777837a7e14800a4345505ed6 Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Thu, 24 Oct 2019 19:04:51 +0300 -Subject: [PATCH 04/45] Refactor ads_keytab_add_entry() to make it iterable +Subject: [PATCH 04/48] Refactor ads_keytab_add_entry() to make it iterable so we can more easily add msDS-AdditionalDnsHostName entries. @@ -453,13 +453,13 @@ index 97d5535041c..0f450a09df5 100644 out: SAFE_FREE(salt_princ_s); -- -2.29.2 +2.30.2 From 087d6dd4c4f25860643ab5920a1b2c0c70e5551b Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Wed, 27 May 2020 17:55:12 +0200 -Subject: [PATCH 05/45] Add a test for msDS-AdditionalDnsHostName entries in +Subject: [PATCH 05/48] Add a test for msDS-AdditionalDnsHostName entries in keytab BUG: https://bugzilla.samba.org/show_bug.cgi?id=14396 @@ -501,13 +501,13 @@ index 6073ea972f9..a40b477a173 100755 testit "leave" $VALGRIND $net_tool ads leave -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1` -- -2.29.2 +2.30.2 From 1ae32dddad89cdb75ae2c8fb3e7378ce6f5ad6af Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Wed, 27 May 2020 15:36:28 +0200 -Subject: [PATCH 06/45] Add msDS-AdditionalDnsHostName entries to the keytab +Subject: [PATCH 06/48] Add msDS-AdditionalDnsHostName entries to the keytab BUG: https://bugzilla.samba.org/show_bug.cgi?id=14396 @@ -648,13 +648,13 @@ index db2b72ab1b5..02a628ee0e6 100644 { LDAPMessage *res = NULL; -- -2.29.2 +2.30.2 From 939b9265a533393189ef3c513e77b2cb009a51d5 Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Wed, 27 May 2020 15:54:12 +0200 -Subject: [PATCH 07/45] Add net-ads-join dnshostname=fqdn option +Subject: [PATCH 07/48] Add net-ads-join dnshostname=fqdn option BUG: https://bugzilla.samba.org/show_bug.cgi?id=14396 @@ -794,13 +794,13 @@ index a40b477a173..85257f445d8 100755 exit $failed -- -2.29.2 +2.30.2 From 25a6679a5260dafde7a7d2aed9bfe43eaf083b1c Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 16 Sep 2020 16:04:57 +0200 -Subject: [PATCH 08/45] CVE-2020-1472(ZeroLogon): libcli/auth: add +Subject: [PATCH 08/48] CVE-2020-1472(ZeroLogon): libcli/auth: add netlogon_creds_random_challenge() It's good to have just a single isolated function that will generate @@ -851,13 +851,13 @@ index 82febe74440..82797d453ed 100644 void netlogon_creds_des_decrypt_LMKey(struct netlogon_creds_CredentialState *creds, struct netr_LMSessionKey *key); void netlogon_creds_des_encrypt(struct netlogon_creds_CredentialState *creds, struct samr_Password *pass); -- -2.29.2 +2.30.2 From 1e8ad7efe35d8b79fef387ff709d6a499565c39a Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 16 Sep 2020 16:07:30 +0200 -Subject: [PATCH 09/45] CVE-2020-1472(ZeroLogon): s4:torture/rpc: make use of +Subject: [PATCH 09/48] CVE-2020-1472(ZeroLogon): s4:torture/rpc: make use of netlogon_creds_random_challenge() This will avoid getting flakey tests once our server starts to @@ -1007,13 +1007,13 @@ index 026d86d50e4..e11014922f8 100644 torture_assert_ntstatus_ok(tctx, dcerpc_netr_ServerReqChallenge_r(b, tctx, &r), "ServerReqChallenge"); -- -2.29.2 +2.30.2 From 74ee204ad4647d0d7a2097124652cbcd43406c7d Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 16 Sep 2020 16:08:38 +0200 -Subject: [PATCH 10/45] CVE-2020-1472(ZeroLogon): libcli/auth: make use of +Subject: [PATCH 10/48] CVE-2020-1472(ZeroLogon): libcli/auth: make use of netlogon_creds_random_challenge() in netlogon_creds_cli.c This will avoid getting rejected by the server if we generate @@ -1041,13 +1041,13 @@ index 817d2cd041a..0f6ca11ff96 100644 subreq = dcerpc_netr_ServerReqChallenge_send(state, state->ev, state->binding_handle, -- -2.29.2 +2.30.2 From 10196846d019d0e2ccef51f32ddd39fc17ca60aa Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 16 Sep 2020 16:10:53 +0200 -Subject: [PATCH 11/45] CVE-2020-1472(ZeroLogon): s3:rpc_server:netlogon: make +Subject: [PATCH 11/48] CVE-2020-1472(ZeroLogon): s3:rpc_server:netlogon: make use of netlogon_creds_random_challenge() This is not strictly needed, but makes things more clear. @@ -1074,13 +1074,13 @@ index 87613b99fde..86b2f343e82 100644 *r->out.return_credentials = pipe_state->server_challenge; -- -2.29.2 +2.30.2 From 215aca6d11b900ee3cf11568d27bce77e0567653 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 16 Sep 2020 16:10:53 +0200 -Subject: [PATCH 12/45] CVE-2020-1472(ZeroLogon): s4:rpc_server:netlogon: make +Subject: [PATCH 12/48] CVE-2020-1472(ZeroLogon): s4:rpc_server:netlogon: make use of netlogon_creds_random_challenge() This is not strictly needed, but makes things more clear. @@ -1107,13 +1107,13 @@ index 023adfd99e9..de260d8051d 100644 *r->out.return_credentials = pipe_state->server_challenge; -- -2.29.2 +2.30.2 From 4551bf623426e8c543b287807d447feb69bb0f09 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 16 Sep 2020 16:15:26 +0200 -Subject: [PATCH 13/45] CVE-2020-1472(ZeroLogon): libcli/auth: add +Subject: [PATCH 13/48] CVE-2020-1472(ZeroLogon): libcli/auth: add netlogon_creds_is_random_challenge() to avoid weak values This is the check Windows is using, so we won't generate challenges, @@ -1177,13 +1177,13 @@ index 82797d453ed..ad768682b9f 100644 void netlogon_creds_des_encrypt_LMKey(struct netlogon_creds_CredentialState *creds, struct netr_LMSessionKey *key); -- -2.29.2 +2.30.2 From f7e09421ace8fe60c0110770d909800d21ae6c8e Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 16 Sep 2020 16:17:29 +0200 -Subject: [PATCH 14/45] CVE-2020-1472(ZeroLogon): libcli/auth: reject weak +Subject: [PATCH 14/48] CVE-2020-1472(ZeroLogon): libcli/auth: reject weak client challenges in netlogon_creds_server_init() This implements the note from MS-NRPC 3.1.4.1 Session-Key Negotiation: @@ -1262,13 +1262,13 @@ index d319d9b879e..394505d166d 100644 ) -- -2.29.2 +2.30.2 From 6bc86fb69bf50c89a334fd2dcbce6999a2360fb7 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 16 Sep 2020 19:20:25 +0200 -Subject: [PATCH 15/45] CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: +Subject: [PATCH 15/48] CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: protect netr_ServerPasswordSet2 against unencrypted passwords BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497 @@ -1357,13 +1357,13 @@ index de260d8051d..acbf077c6c7 100644 ret = gendb_search(sam_ctx, mem_ctx, NULL, &res, attrs, -- -2.29.2 +2.30.2 From 1f8dec1cbb37f3406d999425590f8a923586ccac Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 16 Sep 2020 12:53:50 -0700 -Subject: [PATCH 16/45] CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: +Subject: [PATCH 16/48] CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: protect netr_ServerPasswordSet2 against unencrypted passwords BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497 @@ -1502,13 +1502,13 @@ index 86b2f343e82..fd9127b386f 100644 p->session_info, p->msg_ctx, -- -2.29.2 +2.30.2 From 2ad269be74481789ded62a3dcb538709c6d6e291 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 16 Sep 2020 10:18:45 +0200 -Subject: [PATCH 17/45] CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: +Subject: [PATCH 17/48] CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: refactor dcesrv_netr_creds_server_step_check() We should debug more details about the failing request. @@ -1585,13 +1585,13 @@ index acbf077c6c7..b4326a4ecaa 100644 /* -- -2.29.2 +2.30.2 From 57941290adb9a2fd4be9aa4a70f879a684b38dfd Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 16 Sep 2020 10:56:53 +0200 -Subject: [PATCH 18/45] CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: +Subject: [PATCH 18/48] CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: support "server require schannel:WORKSTATION$ = no" This allows to add expections for individual workstations, when using "server schannel = yes". @@ -1632,13 +1632,13 @@ index b4326a4ecaa..e7bafb31e83 100644 *creds_out = creds; return NT_STATUS_OK; -- -2.29.2 +2.30.2 From 779b37e825fe406892ff77be18c098d314cd387d Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 17 Sep 2020 13:37:26 +0200 -Subject: [PATCH 19/45] CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: log +Subject: [PATCH 19/48] CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: log warnings about unsecure configurations MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -1759,13 +1759,13 @@ index e7bafb31e83..7668a9eb923 100644 return NT_STATUS_OK; } -- -2.29.2 +2.30.2 From 60b83fbda31c53c592a02f0ed43356a912021021 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Thu, 17 Sep 2020 14:57:22 +0200 -Subject: [PATCH 20/45] CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: +Subject: [PATCH 20/48] CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: refactor dcesrv_netr_creds_server_step_check() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -1860,13 +1860,13 @@ index fd9127b386f..8541571b459 100644 -- -2.29.2 +2.30.2 From c0a188b2696edb8f3ae9f7f56a820b11358bad98 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Thu, 17 Sep 2020 14:23:16 +0200 -Subject: [PATCH 21/45] CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: +Subject: [PATCH 21/48] CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: support "server require schannel:WORKSTATION$ = no" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -1911,13 +1911,13 @@ index 8541571b459..f9b10103bd5 100644 *creds_out = creds; return NT_STATUS_OK; -- -2.29.2 +2.30.2 From c9550b81b55316cf5d667502885fc248a5999fb5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Thu, 17 Sep 2020 14:42:52 +0200 -Subject: [PATCH 22/45] CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: log +Subject: [PATCH 22/48] CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: log warnings about unsecure configurations MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -2039,13 +2039,13 @@ index f9b10103bd5..7f6704adbda 100644 return NT_STATUS_OK; } -- -2.29.2 +2.30.2 From 63f03e2e29e81f890a5d88c726cced6d3e7bbf5d Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 17 Sep 2020 17:27:54 +0200 -Subject: [PATCH 23/45] CVE-2020-1472(ZeroLogon): docs-xml: document 'server +Subject: [PATCH 23/48] CVE-2020-1472(ZeroLogon): docs-xml: document 'server require schannel:COMPUTERACCOUNT' BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497 @@ -2141,13 +2141,13 @@ index 489492d79b1..b682d086f76 100644 + -- -2.29.2 +2.30.2 From 8a40da45b7f4e7a9110daf010383c4fce30bd9b6 Mon Sep 17 00:00:00 2001 From: Gary Lockyer Date: Fri, 18 Sep 2020 12:39:54 +1200 -Subject: [PATCH 24/45] CVE-2020-1472(ZeroLogon): s4 torture rpc: Test empty +Subject: [PATCH 24/48] CVE-2020-1472(ZeroLogon): s4 torture rpc: Test empty machine acct pwd Ensure that an empty machine account password can't be set by @@ -2240,13 +2240,13 @@ index e11014922f8..0ba45f0c1da 100644 /* now try a random password */ password = generate_random_password(tctx, 8, 255); -- -2.29.2 +2.30.2 From 341a448cb69557410fa79dbb8a3d4adbab79d5b6 Mon Sep 17 00:00:00 2001 From: Gary Lockyer Date: Fri, 18 Sep 2020 15:57:34 +1200 -Subject: [PATCH 25/45] CVE-2020-1472(ZeroLogon): s4 torture rpc: repeated +Subject: [PATCH 25/48] CVE-2020-1472(ZeroLogon): s4 torture rpc: repeated bytes in client challenge Ensure that client challenges with the first 5 bytes identical are @@ -2615,13 +2615,13 @@ index 0ba45f0c1da..97c16688bc9 100644 } -- -2.29.2 +2.30.2 From 268303632f79d7395b452172c06b25ad68fe35fb Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 10 Jul 2020 15:09:33 -0700 -Subject: [PATCH 26/45] s4: torture: Add smb2.notify.handle-permissions test. +Subject: [PATCH 26/48] s4: torture: Add smb2.notify.handle-permissions test. Add knownfail entry. @@ -2744,13 +2744,13 @@ index ebb4f8a4f8e..b017491c8fb 100644 suite->description = talloc_strdup(suite, "SMB2-NOTIFY tests"); -- -2.29.2 +2.30.2 From 448d4e99f8883a07589264cfca474c3dff8b5942 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 7 Jul 2020 18:25:23 -0700 -Subject: [PATCH 27/45] s3: smbd: Ensure change notifies can't get set unless +Subject: [PATCH 27/48] s3: smbd: Ensure change notifies can't get set unless the directory handle is open for SEC_DIR_LIST. Remove knownfail entry. @@ -2795,13 +2795,13 @@ index 44c0b09432e..d23c03bce41 100644 DEBUG(1, ("change_notify_create: fsp->notify != NULL, " "fname = %s\n", fsp->fsp_name->base_name)); -- -2.29.2 +2.30.2 From 041c86926999594f13b884522b1d9fcc65f92a52 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 9 Jul 2020 21:49:25 +0200 -Subject: [PATCH 28/45] CVE-2020-14323 winbind: Fix invalid lookupsids DoS +Subject: [PATCH 28/48] CVE-2020-14323 winbind: Fix invalid lookupsids DoS A lookupsids request without extra_data will lead to "state->domain==NULL", which makes winbindd_lookupsids_recv trying to dereference it. @@ -2829,13 +2829,13 @@ index d28b5fa9f01..a289fd86f0f 100644 } if (request->extra_data.data[request->extra_len-1] != '\0') { -- -2.29.2 +2.30.2 From e6e77a3a503f9223ecbc2d32a1d24e20f834659f Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 9 Jul 2020 21:48:57 +0200 -Subject: [PATCH 29/45] CVE-2020-14323 torture4: Add a simple test for invalid +Subject: [PATCH 29/48] CVE-2020-14323 torture4: Add a simple test for invalid lookup_sids winbind call We can't add this test before the fix, add it to knownfail and have the fix @@ -2897,13 +2897,13 @@ index 9745b621ca9..71f248c0d61 100644 suite->description = talloc_strdup(suite, "WINBIND - struct based protocol tests"); -- -2.29.2 +2.30.2 From 2b4763940d1826a2b4e5eaa1e2df338004cd9af0 Mon Sep 17 00:00:00 2001 From: Laurent Menase Date: Wed, 20 May 2020 12:31:53 +0200 -Subject: [PATCH 30/45] winbind: Fix a memleak +Subject: [PATCH 30/48] winbind: Fix a memleak Bug: https://bugzilla.samba.org/show_bug.cgi?id=14388 Signed-off-by: Laurent Menase @@ -2931,13 +2931,13 @@ index 556b4523866..325ba1abd82 100644 } -- -2.29.2 +2.30.2 From accc423a4eb9170ab0dbe4b2ba90ce83790e7a16 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Mon, 17 Aug 2020 13:39:58 +0200 -Subject: [PATCH 31/45] s3:tests: Add test for 'valid users = DOMAIN\%U' +Subject: [PATCH 31/48] s3:tests: Add test for 'valid users = DOMAIN\%U' BUG: https://bugzilla.samba.org/show_bug.cgi?id=14467 @@ -2989,13 +2989,13 @@ index 1a46f11c85d..c813a8f9def 100755 + exit $failed -- -2.29.2 +2.30.2 From 1c594e3734e3ffd2dfc615897ac95792878f2df4 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Mon, 17 Aug 2020 14:12:48 +0200 -Subject: [PATCH 32/45] s3:smbd: Fix %U substitutions if it contains a domain +Subject: [PATCH 32/48] s3:smbd: Fix %U substitutions if it contains a domain name 'valid users = DOMAIN\%U' worked with Samba 3.6 and broke in a newer @@ -3050,13 +3050,13 @@ index 3cbf7f318a2..0705e197975 100644 if (sharename != NULL) { name = talloc_string_sub(mem_ctx, name, "%S", sharename); -- -2.29.2 +2.30.2 From d93ddae23e1b378f771134e93d1b15e61e2278af Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Thu, 9 Jul 2020 11:48:26 +0200 -Subject: [PATCH 33/45] docs: Fix documentation for require_membership_of of +Subject: [PATCH 33/48] docs: Fix documentation for require_membership_of of pam_winbind BUG: https://bugzilla.samba.org/show_bug.cgi?id=14358 @@ -3088,13 +3088,13 @@ index a9a227f1647..a61fb2d58e5 100644 -- -2.29.2 +2.30.2 From c9aea952eb3f8d83701abd6db4d48c8d93a8517a Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Fri, 17 Jul 2020 12:14:16 +0200 -Subject: [PATCH 34/45] docs: Fix documentation for require_membership_of of +Subject: [PATCH 34/48] docs: Fix documentation for require_membership_of of pam_winbind.conf BUG: https://bugzilla.samba.org/show_bug.cgi?id=14358 @@ -3127,13 +3127,13 @@ index fcac1ee7036..d81a0bd6eba 100644 This option only operates during password authentication, and will not restrict access if a password is not required for any reason (such as SSH key-based login). -- -2.29.2 +2.30.2 From b04be6ffd3a1c9eda1f1dc78d60ad7b3a9b7471d Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Thu, 11 Jun 2020 21:05:07 +0300 -Subject: [PATCH 35/45] Fix a typo in recent net man page changes +Subject: [PATCH 35/48] Fix a typo in recent net man page changes BUG: https://bugzilla.samba.org/show_bug.cgi?id=14406 @@ -3158,13 +3158,13 @@ index 69e18df8b6c..9b1d4458acc 100644 -- -2.29.2 +2.30.2 From a5a7dac759c2570861732c68efefb62371a29565 Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Tue, 16 Jun 2020 22:01:49 +0300 -Subject: [PATCH 36/45] selftest: add tests for binary +Subject: [PATCH 36/48] selftest: add tests for binary msDS-AdditionalDnsHostName Like the short names added implicitly by Windows DC. @@ -3236,13 +3236,13 @@ index 85257f445d8..eef4a31a6a7 100755 rm -f $dedicated_keytab_file -- -2.29.2 +2.30.2 From 2769976aaa13474d2b5ee7b58ee17d5824dfa5a2 Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Thu, 11 Jun 2020 16:51:27 +0300 -Subject: [PATCH 37/45] Properly handle msDS-AdditionalDnsHostName returned +Subject: [PATCH 37/48] Properly handle msDS-AdditionalDnsHostName returned from Windows DC Windows DC adds short names for each specified msDS-AdditionalDnsHostName @@ -3330,13 +3330,13 @@ index 02a628ee0e6..2684bba63ec 100644 DEBUG(1, ("Host account for %s does not have msDS-AdditionalDnsHostName.\n", machine_name)); -- -2.29.2 +2.30.2 From 9727953d482a3849d4ac1f40486bc567f6b77067 Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Sat, 20 Jun 2020 17:17:33 +0200 -Subject: [PATCH 38/45] Fix usage of ldap_get_values_len for +Subject: [PATCH 38/48] Fix usage of ldap_get_values_len for msDS-AdditionalDnsHostName BUG: https://bugzilla.samba.org/show_bug.cgi?id=14406 @@ -3372,13 +3372,13 @@ index 2684bba63ec..d1ce9cee2f0 100644 return NULL; } -- -2.29.2 +2.30.2 From ec4cfe786d8c3cb67bb0e9224ae1822902c672d3 Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Tue, 15 Dec 2020 15:17:04 +0100 -Subject: [PATCH 39/45] HACK:s3:winbind: Rely on the domain child for online +Subject: [PATCH 39/48] HACK:s3:winbind: Rely on the domain child for online check --- @@ -3435,13 +3435,13 @@ index 6e3277e5529..35b76a367aa 100644 /* Handle online/offline messages. */ -- -2.29.2 +2.30.2 From 958bed1a1e5c9f334a1859bef14f4fe1657c3e49 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Wed, 9 Sep 2020 16:00:52 +0200 -Subject: [PATCH 40/45] s3:smbd: Use fsp al the talloc memory context +Subject: [PATCH 40/48] s3:smbd: Use fsp al the talloc memory context Somehow the lck pointer gets freed before we call TALLOC_FREE(). @@ -3466,13 +3466,13 @@ index de557f53a20..9a24e331ab1 100644 &mtimespec); -- -2.29.2 +2.30.2 From 2591ae5d6a1dbd71391801b7bdf20bd37c8e8375 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Wed, 3 Feb 2021 12:58:31 +0100 -Subject: [PATCH 41/45] Revert "s3:smbd: Use fsp al the talloc memory context" +Subject: [PATCH 41/48] Revert "s3:smbd: Use fsp al the talloc memory context" This reverts commit 958bed1a1e5c9f334a1859bef14f4fe1657c3e49. --- @@ -3493,13 +3493,13 @@ index 9a24e331ab1..de557f53a20 100644 &mtimespec); -- -2.29.2 +2.30.2 From 2438619ec7ef18816f6b92c87a094851223d2bb1 Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Wed, 22 Jul 2020 22:42:09 -0700 -Subject: [PATCH 42/45] nsswitch/nsstest.c: Avoid nss function conflicts with +Subject: [PATCH 42/48] nsswitch/nsstest.c: Avoid nss function conflicts with glibc nss.h glibc 2.32 will define these varibles [1] which results in conflicts @@ -3596,13 +3596,13 @@ index 6d92806cffc..46f96795f39 100644 static void nss_test_errors(void) -- -2.29.2 +2.30.2 From d5410b038bb3b1d31783c0d825dc933497f6eeaa Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Wed, 3 Feb 2021 10:30:08 +0100 -Subject: [PATCH 43/45] lib:util: Add basic memcache unit test +Subject: [PATCH 43/48] lib:util: Add basic memcache unit test BUG: https://bugzilla.samba.org/show_bug.cgi?id=14625 @@ -3772,13 +3772,13 @@ index e7639c4da27..e3f7d9acb4a 100644 [os.path.join(bindir(), "default/libcli/auth/test_ntlm_check")]) plantestsuite("samba.unittests.test_registry_regfio", "none", -- -2.29.2 +2.30.2 From 7f6661b3c60319073d7fd58906b9a3728f421fed Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Wed, 3 Feb 2021 10:37:12 +0100 -Subject: [PATCH 44/45] lib:util: Add cache oversize test for memcache +Subject: [PATCH 44/48] lib:util: Add cache oversize test for memcache BUG: https://bugzilla.samba.org/show_bug.cgi?id=14625 @@ -3856,13 +3856,13 @@ index 00000000000..0a74ace3003 @@ -0,0 +1 @@ +^samba.unittests.memcache.torture_memcache_add_oversize -- -2.29.2 +2.30.2 From 53c7f00510556aea15b640254934e514c1d88c25 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Tue, 2 Feb 2021 18:10:38 +0100 -Subject: [PATCH 45/45] lib:util: Avoid free'ing our own pointer +Subject: [PATCH 45/48] lib:util: Avoid free'ing our own pointer MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -3932,5 +3932,311 @@ index 0a74ace3003..00000000000 @@ -1 +0,0 @@ -^samba.unittests.memcache.torture_memcache_add_oversize -- -2.29.2 +2.30.2 + + +From 138662453fb421609b4fa30487a53a50c085895f Mon Sep 17 00:00:00 2001 +From: Jeremy Allison +Date: Thu, 5 Nov 2020 15:48:08 -0800 +Subject: [PATCH 46/48] s3: spoolss: Make parameters in call to user_ok_token() + match all other uses. + +We already have p->session_info->unix_info->unix_name, we don't +need to go through a legacy call to uidtoname(p->session_info->unix_token->uid). + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=14568 + +Signed-off-by: Jeremy Allison +Reviewed-by: Andrew Bartlett + +Autobuild-User(master): Andrew Bartlett +Autobuild-Date(master): Mon Nov 9 04:10:45 UTC 2020 on sn-devel-184 + +(cherry picked from commit e5e1759057a767f517bf480a2172a36623df2799) +--- + source3/rpc_server/spoolss/srv_spoolss_nt.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c +index f32b465afb6..c0f1803c2fa 100644 +--- a/source3/rpc_server/spoolss/srv_spoolss_nt.c ++++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c +@@ -1869,7 +1869,8 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p, + return WERR_ACCESS_DENIED; + } + +- if (!user_ok_token(uidtoname(p->session_info->unix_token->uid), NULL, ++ if (!user_ok_token(p->session_info->unix_info->unix_name, ++ p->session_info->info->domain_name, + p->session_info->security_token, snum) || + !W_ERROR_IS_OK(print_access_check(p->session_info, + p->msg_ctx, +-- +2.30.2 + + +From 9550eb620ff23fb9f9414c9de596789aae64aef1 Mon Sep 17 00:00:00 2001 +From: Andreas Schneider +Date: Wed, 11 Nov 2020 13:42:06 +0100 +Subject: [PATCH 47/48] s3:smbd: Fix possible null pointer dereference in + token_contains_name() + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=14572 + +Signed-off-by: Andreas Schneider +Reviewed-by: Alexander Bokovoy + +Autobuild-User(master): Alexander Bokovoy +Autobuild-Date(master): Thu Nov 12 15:13:47 UTC 2020 on sn-devel-184 + +(cherry picked from commit 8036bf9717f83e83c3e4a9cf00fded42e9a5de15) +--- + source3/smbd/share_access.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/source3/smbd/share_access.c b/source3/smbd/share_access.c +index 0705e197975..64276c79fbe 100644 +--- a/source3/smbd/share_access.c ++++ b/source3/smbd/share_access.c +@@ -79,7 +79,7 @@ static bool token_contains_name(TALLOC_CTX *mem_ctx, + enum lsa_SidType type; + + if (username != NULL) { +- size_t domain_len = strlen(domain); ++ size_t domain_len = domain != NULL ? strlen(domain) : 0; + + /* Check if username starts with domain name */ + if (domain_len > 0) { +-- +2.30.2 + + +From 49a19805c6837df04dce449841d011fc67e0a7df Mon Sep 17 00:00:00 2001 +From: Volker Lendecke +Date: Sat, 20 Feb 2021 15:50:12 +0100 +Subject: [PATCH 48/48] passdb: Simplify sids_to_unixids() + +Best reviewed with "git show -b", there's a "continue" statement that +changes subsequent indentation. + +Decouple lookup status of ids from ID_TYPE_NOT_SPECIFIED + +Bug: https://bugzilla.samba.org/show_bug.cgi?id=14571 + +Signed-off-by: Volker Lendecke +Reviewed-by: Jeremy Allison +--- + source3/passdb/lookup_sid.c | 123 +++++++++++++++++++++++++++++------- + 1 file changed, 101 insertions(+), 22 deletions(-) + +diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c +index 1bb15ccb8b4..186ba17fda6 100644 +--- a/source3/passdb/lookup_sid.c ++++ b/source3/passdb/lookup_sid.c +@@ -29,6 +29,7 @@ + #include "../libcli/security/security.h" + #include "lib/winbind_util.h" + #include "../librpc/gen_ndr/idmap.h" ++#include "lib/util/bitmap.h" + + static bool lookup_unix_user_name(const char *name, struct dom_sid *sid) + { +@@ -1247,7 +1248,9 @@ bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids, + { + struct wbcDomainSid *wbc_sids = NULL; + struct wbcUnixId *wbc_ids = NULL; ++ struct bitmap *found = NULL; + uint32_t i, num_not_cached; ++ uint32_t wbc_ids_size = 0; + wbcErr err; + bool ret = false; + +@@ -1255,6 +1258,20 @@ bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids, + if (wbc_sids == NULL) { + return false; + } ++ found = bitmap_talloc(wbc_sids, num_sids); ++ if (found == NULL) { ++ goto fail; ++ } ++ ++ /* ++ * We go through the requested SID array three times. ++ * First time to look for global_sid_Unix_Users ++ * and global_sid_Unix_Groups SIDS, and to look ++ * for mappings cached in the idmap_cache. ++ * ++ * Use bitmap_set() to mark an ids[] array entry as ++ * being mapped. ++ */ + + num_not_cached = 0; + +@@ -1266,17 +1283,20 @@ bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids, + &sids[i], &rid)) { + ids[i].type = ID_TYPE_UID; + ids[i].id = rid; ++ bitmap_set(found, i); + continue; + } + if (sid_peek_check_rid(&global_sid_Unix_Groups, + &sids[i], &rid)) { + ids[i].type = ID_TYPE_GID; + ids[i].id = rid; ++ bitmap_set(found, i); + continue; + } + if (idmap_cache_find_sid2unixid(&sids[i], &ids[i], &expired) + && !expired) + { ++ bitmap_set(found, i); + continue; + } + ids[i].type = ID_TYPE_NOT_SPECIFIED; +@@ -1287,62 +1307,121 @@ bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids, + if (num_not_cached == 0) { + goto done; + } +- wbc_ids = talloc_array(talloc_tos(), struct wbcUnixId, num_not_cached); ++ ++ /* ++ * For the ones that we couldn't map in the loop above, query winbindd ++ * via wbcSidsToUnixIds(). ++ */ ++ ++ wbc_ids_size = num_not_cached; ++ wbc_ids = talloc_array(talloc_tos(), struct wbcUnixId, wbc_ids_size); + if (wbc_ids == NULL) { + goto fail; + } +- for (i=0; i id is a union anyway */ +- ids[i].type = (enum id_type)wbc_ids[num_not_cached].type; +- ids[i].id = wbc_ids[num_not_cached].id.gid; +- break; +- } +- num_not_cached += 1; ++ if (bitmap_query(found, i)) { ++ continue; + } ++ ++ SMB_ASSERT(num_not_cached < wbc_ids_size); ++ ++ switch (wbc_ids[num_not_cached].type) { ++ case WBC_ID_TYPE_UID: ++ ids[i].type = ID_TYPE_UID; ++ ids[i].id = wbc_ids[num_not_cached].id.uid; ++ bitmap_set(found, i); ++ break; ++ case WBC_ID_TYPE_GID: ++ ids[i].type = ID_TYPE_GID; ++ ids[i].id = wbc_ids[num_not_cached].id.gid; ++ bitmap_set(found, i); ++ break; ++ case WBC_ID_TYPE_BOTH: ++ ids[i].type = ID_TYPE_BOTH; ++ ids[i].id = wbc_ids[num_not_cached].id.uid; ++ bitmap_set(found, i); ++ break; ++ case WBC_ID_TYPE_NOT_SPECIFIED: ++ /* ++ * wbcSidsToUnixIds() wasn't able to map this ++ * so we still need to check legacy_sid_to_XXX() ++ * below. Don't mark the bitmap entry ++ * as being found so the final loop knows ++ * to try and map this entry. ++ */ ++ ids[i].type = ID_TYPE_NOT_SPECIFIED; ++ ids[i].id = (uint32_t)-1; ++ break; ++ default: ++ /* ++ * A successful return from wbcSidsToUnixIds() ++ * cannot return anything other than the values ++ * checked for above. Ensure this is so. ++ */ ++ smb_panic(__location__); ++ break; ++ } ++ num_not_cached += 1; + } + ++ /* ++ * Third and final time through the SID array, ++ * try legacy_sid_to_gid()/legacy_sid_to_uid() ++ * for entries we haven't already been able to ++ * map. ++ * ++ * Use bitmap_set() to mark an ids[] array entry as ++ * being mapped. ++ */ ++ + for (i=0; i - 4.10.17-13 +* Mon Apr 26 2021 Andreas Schneider - 4.10.16-15 +- resolves: #1949444 - Fix CVE-2021-20254 + +* Mon Apr 12 2021 Andreas Schneider - 4.10.16-14 +- resolves: #1937867 - Fix possible core dump with printing support +- resolves: #1930747 - Ensure that libwbclient has been updated before + restarting services + +* Wed Feb 03 2021 Andreas Schneider - 4.10.16-13 - related: #1876839 - Fix double crash when requesting share mode lock -* Wed Jan 20 2021 Andreas Schneider - 4.10.17-11 +* Wed Jan 20 2021 Andreas Schneider - 4.10.16-11 - resolves: #1876839 - Fix double crash when requesting share mode lock -* Tue Dec 22 2020 Andreas Schneider - 4.10.17-10 +* Tue Dec 22 2020 Andreas Schneider - 4.10.16-10 - resolves: #1868327 - Fix winbind in trust scenaries with connection issues -* Fri Nov 06 2020 Andreas Schneider - 4.10.17-9 +* Fri Nov 06 2020 Andreas Schneider - 4.10.16-9 - related: #1853272 - Add back missing patch hunks * Mon Nov 02 2020 Andreas Schneider - 4.10.16-8