packages/samba
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update samba version to 4.15.3

Browse Source
This commit is contained in:
zengwefeng 2022-01-18 11:11:47 +08:00
parent 4eea2fe6bc
commit b68e634a82
27 changed files with 250 additions and 4210 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

91
0001-CVE-2020-14383.patch
View File

@ -1,91 +0,0 @@
From 2632e8ebae826a7305fe7d3948ee28b77d2ffbc0 Mon Sep 17 00:00:00 2001
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Fri, 21 Aug 2020 17:10:22 +1200
Subject: [PATCH] CVE-2020-14383: s4/dns: Ensure variable initialization with
NULL.
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit
Based on patches from Francis Brosnan Blázquez <francis@aspl.es>
and Jeremy Allison <jra@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14472
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12795
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
(based on commit 7afe449e7201be92bed8e53cbb37b74af720ef4e)
---
.../rpc_server/dnsserver/dcerpc_dnsserver.c | 24 ++++++++++---------
1 file changed, 13 insertions(+), 11 deletions(-)
diff --git a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
index b6389f2328a..ec610168266 100644
--- a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
+++ b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
@@ -1759,15 +1759,17 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate,
TALLOC_CTX *tmp_ctx;
char *name;
const char * const attrs[] = { "name", "dnsRecord", NULL };
- struct ldb_result *res;
- struct DNS_RPC_RECORDS_ARRAY *recs;
+ struct ldb_result *res = NULL;
+ struct DNS_RPC_RECORDS_ARRAY *recs = NULL;
char **add_names = NULL;
- char *rname;
+ char *rname = NULL;
const char *preference_name = NULL;
int add_count = 0;
int i, ret, len;
WERROR status;
- struct dns_tree *tree, *base, *node;
+ struct dns_tree *tree = NULL;
+ struct dns_tree *base = NULL;
+ struct dns_tree *node = NULL;
tmp_ctx = talloc_new(mem_ctx);
W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
@@ -1850,9 +1852,9 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate,
}
}
- talloc_free(res);
- talloc_free(tree);
- talloc_free(name);
+ TALLOC_FREE(res);
+ TALLOC_FREE(tree);
+ TALLOC_FREE(name);
/* Add any additional records */
if (select_flag & DNS_RPC_VIEW_ADDITIONAL_DATA) {
@@ -1870,14 +1872,14 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate,
LDB_SCOPE_ONELEVEL, attrs,
"(&(objectClass=dnsNode)(name=%s)(!(dNSTombstoned=TRUE)))",
encoded_name);
- talloc_free(name);
+ TALLOC_FREE(name);
if (ret != LDB_SUCCESS) {
continue;
}
if (res->count == 1) {
break;
} else {
- talloc_free(res);
+ TALLOC_FREE(res);
continue;
}
}
@@ -1892,8 +1894,8 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate,
select_flag, rname,
res->msgs[0], 0, recs,
NULL, NULL);
- talloc_free(rname);
- talloc_free(res);
+ TALLOC_FREE(rname);
+ TALLOC_FREE(res);
if (!W_ERROR_IS_OK(status)) {
talloc_free(tmp_ctx);
return status;
--
2.29.2

59
0002-CVE-2020-14383.patch
View File

@ -1,59 +0,0 @@
From 8e09649351e9e8143b4bd0b76bcbd2cfb4d2f281 Mon Sep 17 00:00:00 2001
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Fri, 21 Aug 2020 17:23:17 +1200
Subject: [PATCH] CVE-2020-14383: s4/dns: do not crash when additional data not
found
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit
Found by Francis Brosnan Blázquez <francis@aspl.es>.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14472
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12795
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Mon Aug 24 00:21:41 UTC 2020 on sn-devel-184
(based on commit df98e7db04c901259dd089e20cd557bdbdeaf379)
---
source4/rpc_server/dnsserver/dcerpc_dnsserver.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
index ec610168266..88efc01f154 100644
--- a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
+++ b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
@@ -1859,8 +1859,8 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate,
/* Add any additional records */
if (select_flag & DNS_RPC_VIEW_ADDITIONAL_DATA) {
for (i=0; i<add_count; i++) {
- struct dnsserver_zone *z2;
-
+ struct dnsserver_zone *z2 = NULL;
+ struct ldb_message *msg = NULL;
/* Search all the available zones for additional name */
for (z2 = dsstate->zones; z2; z2 = z2->next) {
char *encoded_name;
@@ -1877,6 +1877,7 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate,
continue;
}
if (res->count == 1) {
+ msg = res->msgs[0];
break;
} else {
TALLOC_FREE(res);
@@ -1892,7 +1893,7 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate,
}
status = dns_fill_records_array(tmp_ctx, NULL, DNS_TYPE_A,
select_flag, rname,
- res->msgs[0], 0, recs,
+ msg, 0, recs,
NULL, NULL);
TALLOC_FREE(rname);
TALLOC_FREE(res);
--
2.29.2

159
CVE-2020-14318.patch
View File

@ -1,159 +0,0 @@
From 5dd4c789c13035b805fdd2c3a9c38721657b05b3 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Tue, 7 Jul 2020 18:25:23 -0700
Subject: [PATCH] s3: smbd: Ensure change notifies can't get set unless the
directory handle is open for SEC_DIR_LIST.
Remove knownfail entry.
CVE-2020-14318
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14434
Signed-off-by: Jeremy Allison <jra@samba.org>
---
source3/smbd/notify.c | 8 ++++++++
1 files changed, 8 insertions(+)
delete mode 100644 selftest/knownfail.d/smb2_notify_handle_permissions
diff --git a/source3/smbd/notify.c b/source3/smbd/notify.c
index eb6317b7e8a..5f18b5cf794 100644
--- a/source3/smbd/notify.c
+++ b/source3/smbd/notify.c
@@ -289,6 +289,14 @@ NTSTATUS change_notify_create(struct files_struct *fsp,
char fullpath[len+1];
NTSTATUS status = NT_STATUS_NOT_IMPLEMENTED;
+ /*
+ * Setting a changenotify needs READ/LIST access
+ * on the directory handle.
+ */
+ if (!(fsp->access_mask & SEC_DIR_LIST)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
if (fsp->notify != NULL) {
DEBUG(1, ("change_notify_create: fsp->notify != NULL, "
"fname = %s\n", fsp->fsp_name->base_name));
--
2.29.2
From 22528b76ed6eb6251fdf01875aaa955480e7663d Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 10 Jul 2020 15:09:33 -0700
Subject: [PATCH] s4: torture: Add smb2.notify.handle-permissions test.
Add knownfail entry.
CVE-2020-14318
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14434
Signed-off-by: Jeremy Allison <jra@samba.org>
---
source4/torture/smb2/notify.c | 80 +++++++++++++++++++
1 files changed, 80 insertions(+)
create mode 100644 selftest/knownfail.d/smb2_notify_handle_permissions
diff --git a/source4/torture/smb2/notify.c b/source4/torture/smb2/notify.c
index b65c116b75e..6081d394c6e 100644
--- a/source4/torture/smb2/notify.c
+++ b/source4/torture/smb2/notify.c
@@ -2649,6 +2649,83 @@ done:
return ok;
}
+/*
+ Test asking for a change notify on a handle without permissions.
+*/
+
+#define BASEDIR_HPERM BASEDIR "_HPERM"
+
+static bool torture_smb2_notify_handle_permissions(
+ struct torture_context *torture,
+ struct smb2_tree *tree)
+{
+ bool ret = true;
+ NTSTATUS status;
+ union smb_notify notify;
+ union smb_open io;
+ struct smb2_handle h1 = {{0}};
+ struct smb2_request *req;
+
+ smb2_deltree(tree, BASEDIR_HPERM);
+ smb2_util_rmdir(tree, BASEDIR_HPERM);
+
+ torture_comment(torture,
+ "TESTING CHANGE NOTIFY "
+ "ON A HANDLE WITHOUT PERMISSIONS\n");
+
+ /*
+ get a handle on the directory
+ */
+ ZERO_STRUCT(io.smb2);
+ io.generic.level = RAW_OPEN_SMB2;
+ io.smb2.in.create_flags = 0;
+ io.smb2.in.desired_access = SEC_FILE_READ_ATTRIBUTE;
+ io.smb2.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+ io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+ io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ |
+ NTCREATEX_SHARE_ACCESS_WRITE;
+ io.smb2.in.alloc_size = 0;
+ io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+ io.smb2.in.impersonation_level = SMB2_IMPERSONATION_ANONYMOUS;
+ io.smb2.in.security_flags = 0;
+ io.smb2.in.fname = BASEDIR_HPERM;
+
+ status = smb2_create(tree, torture, &io.smb2);
+ CHECK_STATUS(status, NT_STATUS_OK);
+ h1 = io.smb2.out.file.handle;
+
+ /* ask for a change notify,
+ on file or directory name changes */
+ ZERO_STRUCT(notify.smb2);
+ notify.smb2.level = RAW_NOTIFY_SMB2;
+ notify.smb2.in.buffer_size = 1000;
+ notify.smb2.in.completion_filter = FILE_NOTIFY_CHANGE_NAME;
+ notify.smb2.in.file.handle = h1;
+ notify.smb2.in.recursive = true;
+
+ req = smb2_notify_send(tree, &notify.smb2);
+ torture_assert_goto(torture,
+ req != NULL,
+ ret,
+ done,
+ "smb2_notify_send failed\n");
+
+ /*
+ * Cancel it, we don't really want to wait.
+ */
+ smb2_cancel(req);
+ status = smb2_notify_recv(req, torture, &notify.smb2);
+ /* Handle h1 doesn't have permissions for ChangeNotify. */
+ CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED);
+
+done:
+ if (!smb2_util_handle_empty(h1)) {
+ smb2_util_close(tree, h1);
+ }
+ smb2_deltree(tree, BASEDIR_HPERM);
+ return ret;
+}
+
/*
basic testing of SMB2 change notify
*/
@@ -2682,6 +2759,9 @@ struct torture_suite *torture_smb2_notify_init(TALLOC_CTX *ctx)
torture_smb2_notify_rmdir3);
torture_suite_add_2smb2_test(suite, "rmdir4",
torture_smb2_notify_rmdir4);
+ torture_suite_add_1smb2_test(suite,
+ "handle-permissions",
+ torture_smb2_notify_handle_permissions);
suite->description = talloc_strdup(suite, "SMB2-NOTIFY tests");
--
2.29.2

97
CVE-2020-14323.patch
View File

@ -1,97 +0,0 @@
From 595dd9fc4162dd70ad937db8669a0fddbbba9584 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Thu, 9 Jul 2020 21:49:25 +0200
Subject: [PATCH] CVE-2020-14323 winbind: Fix invalid lookupsids DoS
A lookupsids request without extra_data will lead to "state->domain==NULL",
which makes winbindd_lookupsids_recv trying to dereference it.
Reported by Bas Alberts of the GitHub Security Lab Team as GHSL-2020-134
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14436
Signed-off-by: Volker Lendecke <vl@samba.org>
---
source3/winbindd/winbindd_lookupsids.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source3/winbindd/winbindd_lookupsids.c b/source3/winbindd/winbindd_lookupsids.c
index d28b5fa9f01..a289fd86f0f 100644
--- a/source3/winbindd/winbindd_lookupsids.c
+++ b/source3/winbindd/winbindd_lookupsids.c
@@ -47,7 +47,7 @@ struct tevent_req *winbindd_lookupsids_send(TALLOC_CTX *mem_ctx,
DEBUG(3, ("lookupsids\n"));
if (request->extra_len == 0) {
- tevent_req_done(req);
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
return tevent_req_post(req, ev);
}
if (request->extra_data.data[request->extra_len-1] != '\0') {
--
2.29.2
From 0b259a48a70bde4dfd482e0720e593ae5a9c414a Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Thu, 9 Jul 2020 21:48:57 +0200
Subject: [PATCH] CVE-2020-14323 torture4: Add a simple test for invalid
lookup_sids winbind call
We can't add this test before the fix, add it to knownfail and have the fix
remove the knownfail entry again. As this crashes winbind, many tests after
this one will fail.
Reported by Bas Alberts of the GitHub Security Lab Team as GHSL-2020-134
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14436
Signed-off-by: Volker Lendecke <vl@samba.org>
---
source4/torture/winbind/struct_based.c | 27 ++++++++++++++++++++++++++
1 file changed, 27 insertions(+)
diff --git a/source4/torture/winbind/struct_based.c b/source4/torture/winbind/struct_based.c
index 9745b621ca9..71f248c0d61 100644
--- a/source4/torture/winbind/struct_based.c
+++ b/source4/torture/winbind/struct_based.c
@@ -1110,6 +1110,29 @@ static bool torture_winbind_struct_lookup_name_sid(struct torture_context *tortu
return true;
}
+static bool torture_winbind_struct_lookup_sids_invalid(
+ struct torture_context *torture)
+{
+ struct winbindd_request req = {0};
+ struct winbindd_response rep = {0};
+ bool strict = torture_setting_bool(torture, "strict mode", false);
+ bool ok;
+
+ torture_comment(torture,
+ "Running WINBINDD_LOOKUP_SIDS (struct based)\n");
+
+ ok = true;
+ DO_STRUCT_REQ_REP_EXT(WINBINDD_LOOKUPSIDS, &req, &rep,
+ NSS_STATUS_NOTFOUND,
+ strict,
+ ok=false,
+ talloc_asprintf(
+ torture,
+ "invalid lookupsids succeeded"));
+
+ return ok;
+}
+
struct torture_suite *torture_winbind_struct_init(TALLOC_CTX *ctx)
{
struct torture_suite *suite = torture_suite_create(ctx, "struct");
@@ -1132,6 +1155,10 @@ struct torture_suite *torture_winbind_struct_init(TALLOC_CTX *ctx)
torture_suite_add_simple_test(suite, "getpwent", torture_winbind_struct_getpwent);
torture_suite_add_simple_test(suite, "endpwent", torture_winbind_struct_endpwent);
torture_suite_add_simple_test(suite, "lookup_name_sid", torture_winbind_struct_lookup_name_sid);
+ torture_suite_add_simple_test(
+ suite,
+ "lookup_sids_invalid",
+ torture_winbind_struct_lookup_sids_invalid);
suite->description = talloc_strdup(suite, "WINBIND - struct based protocol tests");
--
2.29.2

1842
CVE-2020-1472.patch
View File

File diff suppressed because it is too large Load Diff

257
CVE-2020-27840.patch
View File

@ -1,257 +0,0 @@
From 44ed6c2263c2c969bec4229f99b37d8f2e09dde0 Mon Sep 17 00:00:00 2001
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Thu, 11 Feb 2021 17:05:14 +1300
Subject: [PATCH 1/3] CVE-2020-27840: pytests:segfault: add ldb.Dn validate
test
ldb.Dn.validate wraps ldb_dn_explode.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14595
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
python/samba/tests/segfault.py | 6 ++++++
selftest/knownfail.d/python-segfaults | 1 +
2 files changed, 7 insertions(+)
diff --git a/python/samba/tests/segfault.py b/python/samba/tests/segfault.py
index 07e2d46d56a..70bd5b180e3 100644
--- a/python/samba/tests/segfault.py
+++ b/python/samba/tests/segfault.py
@@ -174,3 +174,9 @@ class SegfaultTests(samba.tests.TestCase):
def test_dcerpc_idl_inline_arrays(self):
"""Inline arrays were incorrectly handled."""
dnsserver.DNS_RPC_SERVER_INFO_DOTNET().pExtensions
+
+ @segfault_detector
+ def test_ldb_dn_explode_crash(self):
+ for i in range(106, 550, 5):
+ dn = ldb.Dn(ldb.Ldb(), "a=b%s,c= " % (' ' * i))
+ dn.validate()
diff --git a/selftest/knownfail.d/python-segfaults b/selftest/knownfail.d/python-segfaults
index 1be0566dcb1..524f7dd013b 100644
--- a/selftest/knownfail.d/python-segfaults
+++ b/selftest/knownfail.d/python-segfaults
@@ -1 +1,2 @@
samba.tests.segfault.samba.tests.segfault.SegfaultTests.test_net_replicate_init__3
+samba.tests.segfault.samba.tests.segfault.SegfaultTests.test_ldb_dn_explode_crash
--
2.25.1
From 5fbc51a2cf77ebd7ca42cd7dda58d5fd0ec5127d Mon Sep 17 00:00:00 2001
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Fri, 11 Dec 2020 16:32:25 +1300
Subject: [PATCH 2/3] CVE-2020-27840 ldb_dn: avoid head corruption in
ldb_dn_explode
A DN string with lots of trailing space can cause ldb_dn_explode() to
put a zero byte in the wrong place in the heap.
When a DN string has a value represented with trailing spaces,
like this
"CN=foo ,DC=bar"
the whitespace is supposed to be ignored. We keep track of this in the
`t` pointer, which is NULL when we are not walking through trailing
spaces, and points to the first space when we are. We are walking with
the `p` pointer, writing the value to `d`, and keeping the length in
`l`.
"CN=foo ,DC= " ==> "foo "
^ ^ ^
t p d
--l---
The value is finished when we encounter a comma or the end of the
string. If `t` is not NULL at that point, we assume there are trailing
spaces and wind `d and `l` back by the correct amount. Then we switch
to expecting an attribute name (e.g. "CN"), until we get to an "=",
which puts us back into looking for a value.
Unfortunately, we forget to immediately tell `t` that we'd finished
the last value, we can end up like this:
"CN=foo ,DC= " ==> ""
^ ^ ^
t p d
l=0
where `p` is pointing to a new value that contains only spaces, while
`t` is still referring to the old value. `p` notices the value ends,
and we subtract `p - t` from `d`:
"CN=foo ,DC= " ==> ? ""
^ ^ ^
t p d
l ~= SIZE_MAX - 8
At that point `d` wants to terminate its string with a '\0', but
instead it terminates someone else's byte. This does not crash if the
number of trailing spaces is small, as `d` will point into a previous
value (a copy of "foo" in this example). Corrupting that value will
ultimately not matter, as we will soon try to allocate a buffer `l`
long, which will be greater than the available memory and the whole
operation will fail properly.
However, with more spaces, `d` will point into memory before the
beginning of the allocated buffer, with the exact offset depending on
the length of the earlier attributes and the number of spaces.
What about a longer DN with more attributes? For example,
"CN=foo ,DC= ,DC=example,DC=com" -- since `d` has moved out of
bounds, won't we continue to use it and write more DN values into
mystery memory? Fortunately not, because the aforementioned allocation
of `l` bytes must happen first, and `l` is now huge. The allocation
happens in a talloc_memdup(), which is by default restricted to
allocating 256MB.
So this allows a person who controls a string parsed by ldb_dn_explode
to corrupt heap memory by placing a single zero byte at a chosen
offset before the allocated buffer.
An LDAP bind request can send a string DN as a username. This DN is
necessarily parsed before the password is checked, so an attacker does
not need proper credentials. The attacker can easily cause a denial of
service and we cannot rule out more subtle attacks.
The immediate solution is to reset `t` to NULL when a comma is
encountered, indicating that we are no longer looking at trailing
whitespace.
Found with the help of Honggfuzz.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14595
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
lib/ldb/common/ldb_dn.c | 1 +
selftest/knownfail.d/python-segfaults | 1 -
2 files changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/ldb/common/ldb_dn.c b/lib/ldb/common/ldb_dn.c
index 83f94e3b913..047244287f5 100644
--- a/lib/ldb/common/ldb_dn.c
+++ b/lib/ldb/common/ldb_dn.c
@@ -570,6 +570,7 @@ static bool ldb_dn_explode(struct ldb_dn *dn)
/* trim back */
d -= (p - t);
l -= (p - t);
+ t = NULL;
}
in_attr = true;
diff --git a/selftest/knownfail.d/python-segfaults b/selftest/knownfail.d/python-segfaults
index 524f7dd013b..1be0566dcb1 100644
--- a/selftest/knownfail.d/python-segfaults
+++ b/selftest/knownfail.d/python-segfaults
@@ -1,2 +1 @@
samba.tests.segfault.samba.tests.segfault.SegfaultTests.test_net_replicate_init__3
-samba.tests.segfault.samba.tests.segfault.SegfaultTests.test_ldb_dn_explode_crash
--
2.25.1
From 90f08c437ce81f2a96ce0740a93aa00e94eb5f16 Mon Sep 17 00:00:00 2001
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Thu, 11 Feb 2021 16:28:43 +1300
Subject: [PATCH 3/3] CVE-2020-27840: pytests: move Dn.validate test to ldb
We had the test in the Samba Python segfault suite because
a) the signal catching infrastructure was there, and
b) the ldb tests lack Samba's knownfail mechanism, which allowed us to
assert the failure.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14595
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
lib/ldb/tests/python/crash.py | 45 ++++++++++++++++++++++++++++++++++
lib/ldb/wscript | 1 +
python/samba/tests/segfault.py | 6 -----
3 files changed, 46 insertions(+), 6 deletions(-)
create mode 100644 lib/ldb/tests/python/crash.py
diff --git a/lib/ldb/tests/python/crash.py b/lib/ldb/tests/python/crash.py
new file mode 100644
index 00000000000..32839814552
--- /dev/null
+++ b/lib/ldb/tests/python/crash.py
@@ -0,0 +1,45 @@
+#!/usr/bin/env python3
+#
+# Tests for crashing functions
+
+import os
+from unittest import TestCase
+import os
+import sys
+import traceback
+
+import ldb
+
+
+def segfault_detector(f):
+ def wrapper(*args, **kwargs):
+ pid = os.fork()
+ if pid == 0:
+ # child, crashing?
+ try:
+ f(*args, **kwargs)
+ except Exception as e:
+ traceback.print_exc()
+ sys.stderr.flush()
+ sys.stdout.flush()
+ os._exit(0)
+
+ # parent, waiting
+ pid2, status = os.waitpid(pid, 0)
+ if os.WIFSIGNALED(status):
+ signal = os.WTERMSIG(status)
+ raise AssertionError("Failed with signal %d" % signal)
+
+ return wrapper
+
+
+class LdbDnCrashTests(TestCase):
+ @segfault_detector
+ def test_ldb_dn_explode_crash(self):
+ for i in range(106, 150):
+ dn = ldb.Dn(ldb.Ldb(), "a=b%s,c= " % (' ' * i))
+ dn.validate()
+
+if __name__ == '__main__':
+ import unittest
+ unittest.TestProgram()
diff --git a/lib/ldb/wscript b/lib/ldb/wscript
index edc3343e827..33265da373a 100644
--- a/lib/ldb/wscript
+++ b/lib/ldb/wscript
@@ -614,6 +614,7 @@ def test(ctx):
os.mkdir(tmp_dir)
pyret = samba_utils.RUN_PYTHON_TESTS(
['tests/python/api.py',
+ 'tests/python/crash.py',
'tests/python/index.py',
'tests/python/repack.py'],
extra_env={'SELFTEST_PREFIX': test_prefix})
diff --git a/python/samba/tests/segfault.py b/python/samba/tests/segfault.py
index 70bd5b180e3..07e2d46d56a 100644
--- a/python/samba/tests/segfault.py
+++ b/python/samba/tests/segfault.py
@@ -174,9 +174,3 @@ class SegfaultTests(samba.tests.TestCase):
def test_dcerpc_idl_inline_arrays(self):
"""Inline arrays were incorrectly handled."""
dnsserver.DNS_RPC_SERVER_INFO_DOTNET().pExtensions
-
- @segfault_detector
- def test_ldb_dn_explode_crash(self):
- for i in range(106, 550, 5):
- dn = ldb.Dn(ldb.Ldb(), "a=b%s,c= " % (' ' * i))
- dn.validate()
--
2.25.1

234
CVE-2021-20254.patch
View File

@ -1,234 +0,0 @@
From 75ad84167f5d2379557ec078d17c9a1c244402fc Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Sat, 20 Feb 2021 15:50:12 +0100
Subject: [PATCH] CVE-2021-20254 passdb: Simplify sids_to_unixids()
Best reviewed with "git show -b", there's a "continue" statement that
changes subsequent indentation.
Decouple lookup status of ids from ID_TYPE_NOT_SPECIFIED
Add comments to explain the use of the three lookup
loops.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14571
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Thu Apr 29 09:55:51 UTC 2021 on sn-devel-184
---
source3/passdb/lookup_sid.c | 123 +++++++++++++++++++++++++++++-------
1 file changed, 101 insertions(+), 22 deletions(-)
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index cf80a300189..0e01467b3cb 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -29,6 +29,7 @@
#include "../libcli/security/security.h"
#include "lib/winbind_util.h"
#include "../librpc/gen_ndr/idmap.h"
+#include "lib/util/bitmap.h"
static bool lookup_unix_user_name(const char *name, struct dom_sid *sid)
{
@@ -1266,7 +1267,9 @@ bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids,
{
struct wbcDomainSid *wbc_sids = NULL;
struct wbcUnixId *wbc_ids = NULL;
+ struct bitmap *found = NULL;
uint32_t i, num_not_cached;
+ uint32_t wbc_ids_size = 0;
wbcErr err;
bool ret = false;
@@ -1274,6 +1277,20 @@ bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids,
if (wbc_sids == NULL) {
return false;
}
+ found = bitmap_talloc(wbc_sids, num_sids);
+ if (found == NULL) {
+ goto fail;
+ }
+
+ /*
+ * We go through the requested SID array three times.
+ * First time to look for global_sid_Unix_Users
+ * and global_sid_Unix_Groups SIDS, and to look
+ * for mappings cached in the idmap_cache.
+ *
+ * Use bitmap_set() to mark an ids[] array entry as
+ * being mapped.
+ */
num_not_cached = 0;
@@ -1285,17 +1302,20 @@ bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids,
&sids[i], &rid)) {
ids[i].type = ID_TYPE_UID;
ids[i].id = rid;
+ bitmap_set(found, i);
continue;
}
if (sid_peek_check_rid(&global_sid_Unix_Groups,
&sids[i], &rid)) {
ids[i].type = ID_TYPE_GID;
ids[i].id = rid;
+ bitmap_set(found, i);
continue;
}
if (idmap_cache_find_sid2unixid(&sids[i], &ids[i], &expired)
&& !expired)
{
+ bitmap_set(found, i);
continue;
}
ids[i].type = ID_TYPE_NOT_SPECIFIED;
@@ -1306,62 +1326,121 @@ bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids,
if (num_not_cached == 0) {
goto done;
}
- wbc_ids = talloc_array(talloc_tos(), struct wbcUnixId, num_not_cached);
+
+ /*
+ * For the ones that we couldn't map in the loop above, query winbindd
+ * via wbcSidsToUnixIds().
+ */
+
+ wbc_ids_size = num_not_cached;
+ wbc_ids = talloc_array(talloc_tos(), struct wbcUnixId, wbc_ids_size);
if (wbc_ids == NULL) {
goto fail;
}
- for (i=0; i<num_not_cached; i++) {
+ for (i=0; i<wbc_ids_size; i++) {
wbc_ids[i].type = WBC_ID_TYPE_NOT_SPECIFIED;
+ wbc_ids[i].id.gid = (uint32_t)-1;
}
- err = wbcSidsToUnixIds(wbc_sids, num_not_cached, wbc_ids);
+ err = wbcSidsToUnixIds(wbc_sids, wbc_ids_size, wbc_ids);
if (!WBC_ERROR_IS_OK(err)) {
DEBUG(10, ("wbcSidsToUnixIds returned %s\n",
wbcErrorString(err)));
}
+ /*
+ * Second time through the SID array, replace
+ * the ids[] entries that wbcSidsToUnixIds() was able to
+ * map.
+ *
+ * Use bitmap_set() to mark an ids[] array entry as
+ * being mapped.
+ */
+
num_not_cached = 0;
for (i=0; i<num_sids; i++) {
- if (ids[i].type == ID_TYPE_NOT_SPECIFIED) {
- switch (wbc_ids[num_not_cached].type) {
- case WBC_ID_TYPE_UID:
- ids[i].type = ID_TYPE_UID;
- ids[i].id = wbc_ids[num_not_cached].id.uid;
- break;
- case WBC_ID_TYPE_GID:
- ids[i].type = ID_TYPE_GID;
- ids[i].id = wbc_ids[num_not_cached].id.gid;
- break;
- default:
- /* The types match, and wbcUnixId -> id is a union anyway */
- ids[i].type = (enum id_type)wbc_ids[num_not_cached].type;
- ids[i].id = wbc_ids[num_not_cached].id.gid;
- break;
- }
- num_not_cached += 1;
+ if (bitmap_query(found, i)) {
+ continue;
+ }
+
+ SMB_ASSERT(num_not_cached < wbc_ids_size);
+
+ switch (wbc_ids[num_not_cached].type) {
+ case WBC_ID_TYPE_UID:
+ ids[i].type = ID_TYPE_UID;
+ ids[i].id = wbc_ids[num_not_cached].id.uid;
+ bitmap_set(found, i);
+ break;
+ case WBC_ID_TYPE_GID:
+ ids[i].type = ID_TYPE_GID;
+ ids[i].id = wbc_ids[num_not_cached].id.gid;
+ bitmap_set(found, i);
+ break;
+ case WBC_ID_TYPE_BOTH:
+ ids[i].type = ID_TYPE_BOTH;
+ ids[i].id = wbc_ids[num_not_cached].id.uid;
+ bitmap_set(found, i);
+ break;
+ case WBC_ID_TYPE_NOT_SPECIFIED:
+ /*
+ * wbcSidsToUnixIds() wasn't able to map this
+ * so we still need to check legacy_sid_to_XXX()
+ * below. Don't mark the bitmap entry
+ * as being found so the final loop knows
+ * to try and map this entry.
+ */
+ ids[i].type = ID_TYPE_NOT_SPECIFIED;
+ ids[i].id = (uint32_t)-1;
+ break;
+ default:
+ /*
+ * A successful return from wbcSidsToUnixIds()
+ * cannot return anything other than the values
+ * checked for above. Ensure this is so.
+ */
+ smb_panic(__location__);
+ break;
}
+ num_not_cached += 1;
}
+ /*
+ * Third and final time through the SID array,
+ * try legacy_sid_to_gid()/legacy_sid_to_uid()
+ * for entries we haven't already been able to
+ * map.
+ *
+ * Use bitmap_set() to mark an ids[] array entry as
+ * being mapped.
+ */
+
for (i=0; i<num_sids; i++) {
- if (ids[i].type != ID_TYPE_NOT_SPECIFIED) {
+ if (bitmap_query(found, i)) {
continue;
}
if (legacy_sid_to_gid(&sids[i], &ids[i].id)) {
ids[i].type = ID_TYPE_GID;
+ bitmap_set(found, i);
continue;
}
if (legacy_sid_to_uid(&sids[i], &ids[i].id)) {
ids[i].type = ID_TYPE_UID;
+ bitmap_set(found, i);
continue;
}
}
done:
+ /*
+ * Pass through the return array for consistency.
+ * Any ids[].id mapped to (uint32_t)-1 must be returned
+ * as ID_TYPE_NOT_SPECIFIED.
+ */
for (i=0; i<num_sids; i++) {
switch(ids[i].type) {
case WBC_ID_TYPE_GID:
case WBC_ID_TYPE_UID:
case WBC_ID_TYPE_BOTH:
- if (ids[i].id == -1) {
+ if (ids[i].id == (uint32_t)-1) {
ids[i].type = ID_TYPE_NOT_SPECIFIED;
}
break;
--
2.25.1

31
CVE-2021-20277.patch
View File

@ -1,31 +0,0 @@
From fab6b79b7724f0b636963be528483e3e946884aa Mon Sep 17 00:00:00 2001
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Tue, 8 Dec 2020 21:32:09 +1300
Subject: [PATCH] CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds
For a string that had N spaces at the beginning, we would
try to move N bytes beyond the end of the string.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14655
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry-picked from commit for master)
---
lib/ldb/common/attrib_handlers.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/ldb/common/attrib_handlers.c b/lib/ldb/common/attrib_handlers.c
index b5212b731596..c6ef5ad477b0 100644
--- a/lib/ldb/common/attrib_handlers.c
+++ b/lib/ldb/common/attrib_handlers.c
@@ -76,7 +76,7 @@ int ldb_handler_fold(struct ldb_context *ldb, void *mem_ctx,
/* remove leading spaces if any */
if (*s == ' ') {
- for (t = s; *s == ' '; s++) ;
+ for (t = s; *s == ' '; s++, l--) ;
/* remove leading spaces by moving down the string */
memmove(t, s, l);

39
backport-CVE-2021-3671.patch
View File

@ -1,39 +0,0 @@
From 0cb4b939f192376bf5e33637863a91a20f74c5a5 Mon Sep 17 00:00:00 2001
From: Luke Howard <lukeh@padl.com>
Date: Fri, 27 Aug 2021 11:42:48 +1000
Subject: [PATCH] CVE-2021-3671 HEIMDAL kdc: validate sname in TGS-REQ
In tgs_build_reply(), validate the server name in the TGS-REQ is present before
dereferencing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
[abartlet@samba.org backported from from Heimdal
commit 04171147948d0a3636bc6374181926f0fb2ec83a via reference
to an earlier patch by Joseph Sutton]
RN: An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ
Reviewed-by: Andreas Schneider <asn@samba.org>
---
source4/heimdal/kdc/krb5tgs.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c
index b76726cdd64..d143eb739eb 100644
--- a/source4/heimdal/kdc/krb5tgs.c
+++ b/source4/heimdal/kdc/krb5tgs.c
@@ -1603,6 +1603,10 @@ tgs_build_reply(krb5_context context,
s = &adtkt.cname;
r = adtkt.crealm;
+ } else if (s == NULL) {
+ ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
+ krb5_set_error_message(context, ret, "No server in request");
+ goto out;
}
_krb5_principalname2krb5_principal(context, &sp, *s, r);
--
GitLab

35
backport-fix-undefined-shift-in-put_res_rec.patch
View File

@ -1,35 +0,0 @@
From 14f56750fcf51a1d6daa14da08b34eb789241a23 Mon Sep 17 00:00:00 2001
From: eaglegai <eaglegai@163.com>
Date: Thu, 28 Oct 2021 21:51:13 +0800
Subject: [PATCH] fix undefined-shift in put_res_rec
fuzz error:
../../source3/libsmb/nmblib.c:451:4: runtime error: left shift of 65312 by 16
places cannot be represented in type 'int'
Author: eaglegai <eaglegai@163.com>
Signed-off-by: eaglegai <eaglegai@163.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct 29 20:29:26 UTC 2021 on sn-devel-184
---
source3/libsmb/nmblib.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source3/libsmb/nmblib.c b/source3/libsmb/nmblib.c
index ff009092bbf..607470f7e4e 100644
--- a/source3/libsmb/nmblib.c
+++ b/source3/libsmb/nmblib.c
@@ -449,7 +449,7 @@ static int put_res_rec(char *buf, size_t buflen, int offset,struct res_rec *recs
if (buf) {
RSSVAL(buf,offset,recs[i].rr_type);
RSSVAL(buf,offset+2,recs[i].rr_class);
- RSIVAL(buf,offset+4,recs[i].ttl);
+ RSIVAL(buf,offset+4,(unsigned int)recs[i].ttl);
RSSVAL(buf,offset+8,recs[i].rdlength);
memcpy(buf+offset+10,recs[i].rdata,recs[i].rdlength);
}
--
GitLab

35
backport-idl-drsuapi_DsaAddressListItem_V1-limit-recursion.patch
View File

@ -1,35 +0,0 @@
From 2f8c3b62266b729b47d5ba25f1966786c1af0e5f Mon Sep 17 00:00:00 2001
From: Gary Lockyer <gary@catalyst.net.nz>
Date: Thu, 30 Jan 2020 08:52:34 +1300
Subject: [PATCH] idl: drsuapi_DsaAddressListItem_V1 limit recursion
Limit number of drsuapi_DsaAddressListItem_V1 elements to 1024
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19820
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14254
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
librpc/idl/drsuapi.idl | 2 +-
1 files changed, 1 insertion(+), 1 deletions(-)
delete mode 100644 selftest/knownfail.d/bug-14254
diff --git a/librpc/idl/drsuapi.idl b/librpc/idl/drsuapi.idl
index 2aaae8dce59..04725276121 100644
--- a/librpc/idl/drsuapi.idl
+++ b/librpc/idl/drsuapi.idl
@@ -1452,7 +1452,7 @@ interface drsuapi
/* list of network names of the DCs
* to which the referral is directed */
typedef struct {
- drsuapi_DsaAddressListItem_V1 *next;
+ [max_recursion(1024)] drsuapi_DsaAddressListItem_V1 *next;
lsa_String *address;
} drsuapi_DsaAddressListItem_V1;
--
GitLab

126
backport-idl-limit-recurion-on-recursive-elements.patch
View File

@ -1,126 +0,0 @@
From 575d39048e3b4f619d65d65303ac809c40c5d495 Mon Sep 17 00:00:00 2001
From: Gary Lockyer <gary@catalyst.net.nz>
Date: Fri, 7 Feb 2020 15:18:45 +1300
Subject: [PATCH] idl: limit recurion on recursive elements
Limit the max_recursion on self recursive definitions in the idl to
20,000. This value is hopefully large eneough to not impact normal
operation, but small eneough to prevent stack over flow issues.
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19820
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14254
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Feb 27 02:29:21 UTC 2020 on sn-devel-184
---
librpc/idl/drsblobs.idl | 2 +-
librpc/idl/drsuapi.idl | 12 ++++++++----
librpc/idl/ioctl.idl | 2 +-
source3/librpc/idl/secrets.idl | 2 +-
source3/librpc/idl/smbXsrv.idl | 2 +-
5 files changed, 12 insertions(+), 8 deletions(-)
diff --git a/librpc/idl/drsblobs.idl b/librpc/idl/drsblobs.idl
index 072546a4369..b096b671c80 100644
--- a/librpc/idl/drsblobs.idl
+++ b/librpc/idl/drsblobs.idl
@@ -579,7 +579,7 @@ interface drsblobs {
} ExtendedErrorParam;
typedef [public] struct {
- ExtendedErrorInfo *next;
+ [max_recursion(20000)] ExtendedErrorInfo *next;
ExtendedErrorComputerName computer_name;
hyper pid;
NTTIME time;
diff --git a/librpc/idl/drsuapi.idl b/librpc/idl/drsuapi.idl
index 04725276121..db00eb8639e 100644
--- a/librpc/idl/drsuapi.idl
+++ b/librpc/idl/drsuapi.idl
@@ -690,7 +690,8 @@ interface drsuapi
} drsuapi_DsReplicaMetaDataCtr;
typedef [public,noprint] struct {
- drsuapi_DsReplicaObjectListItemEx *next_object;
+ [max_recursion(20000)]
+ drsuapi_DsReplicaObjectListItemEx *next_object;
drsuapi_DsReplicaObject object;
boolean32 is_nc_prefix;
GUID *parent_object_guid;
@@ -1308,7 +1309,8 @@ interface drsuapi
/*****************/
/* Function 0x11 */
typedef [public,noprint] struct {
- drsuapi_DsReplicaObjectListItem *next_object;
+ [max_recursion(20000)]
+ drsuapi_DsReplicaObjectListItem *next_object;
drsuapi_DsReplicaObject object;
} drsuapi_DsReplicaObjectListItem;
@@ -1408,7 +1410,8 @@ interface drsuapi
} drsuapi_DsAddEntry_AttrErr_V1;
typedef [noprint] struct {
- drsuapi_DsAddEntry_AttrErrListItem_V1 *next;
+ [max_recursion(20000)]
+ drsuapi_DsAddEntry_AttrErrListItem_V1 *next;
drsuapi_DsAddEntry_AttrErr_V1 err_data;
} drsuapi_DsAddEntry_AttrErrListItem_V1;
@@ -1464,7 +1467,8 @@ interface drsuapi
drsuapi_DsAddEntry_RefType ref_type;
uint16 addr_list_count;
drsuapi_DsaAddressListItem_V1 *addr_list;
- drsuapi_DsAddEntry_RefErrListItem_V1 *next;
+ [max_recursion(20000)]
+ drsuapi_DsAddEntry_RefErrListItem_V1 *next;
boolean32 is_choice_set;
drsuapi_DsAddEntry_ChoiceType choice;
} drsuapi_DsAddEntry_RefErrListItem_V1;
diff --git a/librpc/idl/ioctl.idl b/librpc/idl/ioctl.idl
index ba68fbcb8f6..390e8562f69 100644
--- a/librpc/idl/ioctl.idl
+++ b/librpc/idl/ioctl.idl
@@ -151,7 +151,7 @@ interface netinterface
} fsctl_sockaddr_storage;
typedef [public,relative_base,noprint] struct {
- [relative] fsctl_net_iface_info *next;
+ [relative,max_recursion(20000)] fsctl_net_iface_info *next;
uint32 ifindex;
fsctl_net_iface_capability capability;
[value(0)] uint32 reserved;
diff --git a/source3/librpc/idl/secrets.idl b/source3/librpc/idl/secrets.idl
index 2c06fa6990d..186d925e45e 100644
--- a/source3/librpc/idl/secrets.idl
+++ b/source3/librpc/idl/secrets.idl
@@ -100,7 +100,7 @@ import "misc.idl", "samr.idl", "lsa.idl", "netlogon.idl", "security.idl";
NTTIME password_last_change;
hyper password_changes;
- secrets_domain_info1_change *next_change;
+ [max_recursion(20000)] secrets_domain_info1_change *next_change;
[ref] secrets_domain_info1_password *password;
secrets_domain_info1_password *old_password;
diff --git a/source3/librpc/idl/smbXsrv.idl b/source3/librpc/idl/smbXsrv.idl
index c6ce9c48789..4d9249fb3bb 100644
--- a/source3/librpc/idl/smbXsrv.idl
+++ b/source3/librpc/idl/smbXsrv.idl
@@ -267,7 +267,7 @@ interface smbXsrv
typedef struct {
[ignore] smbXsrv_session_auth0 *prev;
- smbXsrv_session_auth0 *next;
+ [max_recursion(20000)] smbXsrv_session_auth0 *next;
[ignore] smbXsrv_session *session;
[ignore] smbXsrv_connection *connection;
[ignore] gensec_security *gensec;
--
GitLab

300
backport-lib-ldb-Limit-depth-of-ldb_parse_tree.patch
View File

@ -1,300 +0,0 @@
From a699256f438527455aaff6c73c88ee87ac7083ef Mon Sep 17 00:00:00 2001
From: Gary Lockyer <gary@catalyst.net.nz>
Date: Tue, 21 Apr 2020 15:37:40 +1200
Subject: [PATCH] lib ldb: Limit depth of ldb_parse_tree
Limit the number of nested conditionals allowed by ldb_parse tree to
128, to avoid potential stack overflow issues.
Credit Oss-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19508
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Sun May 10 23:21:08 UTC 2020 on sn-devel-184
---
lib/ldb/common/ldb_parse.c | 72 +++++++++++++++++++++++------
lib/ldb/tests/ldb_parse_test.c | 83 +++++++++++++++++++++++++++++++++-
2 files changed, 140 insertions(+), 15 deletions(-)
diff --git a/lib/ldb/common/ldb_parse.c b/lib/ldb/common/ldb_parse.c
index 452c5830ed5..7e15206b168 100644
--- a/lib/ldb/common/ldb_parse.c
+++ b/lib/ldb/common/ldb_parse.c
@@ -43,6 +43,16 @@
#include "ldb_private.h"
#include "system/locale.h"
+/*
+ * Maximum depth of the filter parse tree, the value chosen is small enough to
+ * avoid triggering ASAN stack overflow checks. But large enough to be useful.
+ *
+ * On Windows clients the maximum number of levels of recursion allowed is 100.
+ * In the LDAP server, Windows restricts clients to 512 nested
+ * (eg) OR statements.
+ */
+#define LDB_MAX_PARSE_TREE_DEPTH 128
+
static int ldb_parse_hex2char(const char *x)
{
if (isxdigit(x[0]) && isxdigit(x[1])) {
@@ -231,7 +241,11 @@ static struct ldb_val **ldb_wildcard_decode(TALLOC_CTX *mem_ctx, const char *str
return ret;
}
-static struct ldb_parse_tree *ldb_parse_filter(TALLOC_CTX *mem_ctx, const char **s);
+static struct ldb_parse_tree *ldb_parse_filter(
+ TALLOC_CTX *mem_ctx,
+ const char **s,
+ unsigned depth,
+ unsigned max_depth);
/*
@@ -498,7 +512,11 @@ static struct ldb_parse_tree *ldb_parse_simple(TALLOC_CTX *mem_ctx, const char *
<or> ::= '|' <filterlist>
<filterlist> ::= <filter> | <filter> <filterlist>
*/
-static struct ldb_parse_tree *ldb_parse_filterlist(TALLOC_CTX *mem_ctx, const char **s)
+static struct ldb_parse_tree *ldb_parse_filterlist(
+ TALLOC_CTX *mem_ctx,
+ const char **s,
+ unsigned depth,
+ unsigned max_depth)
{
struct ldb_parse_tree *ret, *next;
enum ldb_parse_op op;
@@ -533,7 +551,8 @@ static struct ldb_parse_tree *ldb_parse_filterlist(TALLOC_CTX *mem_ctx, const ch
return NULL;
}
- ret->u.list.elements[0] = ldb_parse_filter(ret->u.list.elements, &p);
+ ret->u.list.elements[0] =
+ ldb_parse_filter(ret->u.list.elements, &p, depth, max_depth);
if (!ret->u.list.elements[0]) {
talloc_free(ret);
return NULL;
@@ -547,7 +566,8 @@ static struct ldb_parse_tree *ldb_parse_filterlist(TALLOC_CTX *mem_ctx, const ch
break;
}
- next = ldb_parse_filter(ret->u.list.elements, &p);
+ next = ldb_parse_filter(
+ ret->u.list.elements, &p, depth, max_depth);
if (next == NULL) {
/* an invalid filter element */
talloc_free(ret);
@@ -576,7 +596,11 @@ static struct ldb_parse_tree *ldb_parse_filterlist(TALLOC_CTX *mem_ctx, const ch
/*
<not> ::= '!' <filter>
*/
-static struct ldb_parse_tree *ldb_parse_not(TALLOC_CTX *mem_ctx, const char **s)
+static struct ldb_parse_tree *ldb_parse_not(
+ TALLOC_CTX *mem_ctx,
+ const char **s,
+ unsigned depth,
+ unsigned max_depth)
{
struct ldb_parse_tree *ret;
const char *p = *s;
@@ -593,7 +617,7 @@ static struct ldb_parse_tree *ldb_parse_not(TALLOC_CTX *mem_ctx, const char **s)
}
ret->operation = LDB_OP_NOT;
- ret->u.isnot.child = ldb_parse_filter(ret, &p);
+ ret->u.isnot.child = ldb_parse_filter(ret, &p, depth, max_depth);
if (!ret->u.isnot.child) {
talloc_free(ret);
return NULL;
@@ -608,7 +632,11 @@ static struct ldb_parse_tree *ldb_parse_not(TALLOC_CTX *mem_ctx, const char **s)
parse a filtercomp
<filtercomp> ::= <and> | <or> | <not> | <simple>
*/
-static struct ldb_parse_tree *ldb_parse_filtercomp(TALLOC_CTX *mem_ctx, const char **s)
+static struct ldb_parse_tree *ldb_parse_filtercomp(
+ TALLOC_CTX *mem_ctx,
+ const char **s,
+ unsigned depth,
+ unsigned max_depth)
{
struct ldb_parse_tree *ret;
const char *p = *s;
@@ -617,15 +645,15 @@ static struct ldb_parse_tree *ldb_parse_filtercomp(TALLOC_CTX *mem_ctx, const ch
switch (*p) {
case '&':
- ret = ldb_parse_filterlist(mem_ctx, &p);
+ ret = ldb_parse_filterlist(mem_ctx, &p, depth, max_depth);
break;
case '|':
- ret = ldb_parse_filterlist(mem_ctx, &p);
+ ret = ldb_parse_filterlist(mem_ctx, &p, depth, max_depth);
break;
case '!':
- ret = ldb_parse_not(mem_ctx, &p);
+ ret = ldb_parse_not(mem_ctx, &p, depth, max_depth);
break;
case '(':
@@ -641,21 +669,34 @@ static struct ldb_parse_tree *ldb_parse_filtercomp(TALLOC_CTX *mem_ctx, const ch
return ret;
}
-
/*
<filter> ::= '(' <filtercomp> ')'
*/
-static struct ldb_parse_tree *ldb_parse_filter(TALLOC_CTX *mem_ctx, const char **s)
+static struct ldb_parse_tree *ldb_parse_filter(
+ TALLOC_CTX *mem_ctx,
+ const char **s,
+ unsigned depth,
+ unsigned max_depth)
{
struct ldb_parse_tree *ret;
const char *p = *s;
+ /*
+ * Check the depth of the parse tree, and reject the input if
+ * max_depth exceeded. This avoids stack overflow
+ * issues.
+ */
+ if (depth > max_depth) {
+ return NULL;
+ }
+ depth++;
+
if (*p != '(') {
return NULL;
}
p++;
- ret = ldb_parse_filtercomp(mem_ctx, &p);
+ ret = ldb_parse_filtercomp(mem_ctx, &p, depth, max_depth);
if (*p != ')') {
return NULL;
@@ -679,6 +720,8 @@ static struct ldb_parse_tree *ldb_parse_filter(TALLOC_CTX *mem_ctx, const char *
*/
struct ldb_parse_tree *ldb_parse_tree(TALLOC_CTX *mem_ctx, const char *s)
{
+ unsigned depth = 0;
+
while (s && isspace((unsigned char)*s)) s++;
if (s == NULL || *s == 0) {
@@ -686,7 +729,8 @@ struct ldb_parse_tree *ldb_parse_tree(TALLOC_CTX *mem_ctx, const char *s)
}
if (*s == '(') {
- return ldb_parse_filter(mem_ctx, &s);
+ return ldb_parse_filter(
+ mem_ctx, &s, depth, LDB_MAX_PARSE_TREE_DEPTH);
}
return ldb_parse_simple(mem_ctx, &s);
diff --git a/lib/ldb/tests/ldb_parse_test.c b/lib/ldb/tests/ldb_parse_test.c
index a739d7795d1..d7442b954ea 100644
--- a/lib/ldb/tests/ldb_parse_test.c
+++ b/lib/ldb/tests/ldb_parse_test.c
@@ -81,10 +81,91 @@ static void test_parse_filtertype(void **state)
test_roundtrip(ctx, " ", "(|(objectClass=*)(distinguishedName=*))");
}
+/*
+ * Test that a nested query with 128 levels of nesting is accepted
+ */
+static void test_nested_filter_eq_limit(void **state)
+{
+ struct test_ctx *ctx =
+ talloc_get_type_abort(*state, struct test_ctx);
+
+ /*
+ * 128 nested clauses
+ */
+ const char *nested_query = ""
+ "(|(!(|(&(|(|(|(|(|(|(|(|(|(|(|(|"
+ "(|(!(|(&(|(|(|(|(|(|(!(|(!(|(|(|"
+ "(|(!(|(&(|(|(&(|(|(|(|(|(!(!(!(|"
+ "(|(!(|(&(|(|(|(|(|(|(|(|(|(|(|(|"
+ "(|(!(|(&(|(|(|(!(|(|(&(|(|(|(|(|"
+ "(|(!(|(&(|(|(&(|(|(|(|(|(&(&(|(|"
+ "(|(!(|(&(|(|(|(|(|(|(!(|(|(|(|(|"
+ "(|(!(|(&(|(|(!(|(|(|(|(|(|(|(|(|"
+ "(a=b)"
+ "))))))))))))))))"
+ "))))))))))))))))"
+ "))))))))))))))))"
+ "))))))))))))))))"
+ "))))))))))))))))"
+ "))))))))))))))))"
+ "))))))))))))))))"
+ "))))))))))))))))";
+
+ struct ldb_parse_tree *tree = ldb_parse_tree(ctx, nested_query);
+
+ assert_non_null(tree);
+ /*
+ * Check that we get the same query back
+ */
+ test_roundtrip(ctx, nested_query, nested_query);
+}
+
+/*
+ * Test that a nested query with 129 levels of nesting is rejected.
+ */
+static void test_nested_filter_gt_limit(void **state)
+{
+ struct test_ctx *ctx =
+ talloc_get_type_abort(*state, struct test_ctx);
+
+ /*
+ * 129 nested clauses
+ */
+ const char *nested_query = ""
+ "(|(!(|(|(&(|(|(|(|(&(|(|(|(|(|(|"
+ "(|(!(|(|(&(|(|(|(|(|(|(|(|(|(|(|"
+ "(|(!(|(|(&(|(|(!(|(|(|(|(!(|(|(|"
+ "(|(!(|(|(&(|(|(|(|(|(|(|(|(|(|(|"
+ "(|(!(|(|(&(|(|(|(!(&(|(|(|(|(|(|"
+ "(|(!(|(|(&(|(|(|(|(|(|(|(|(|(|(|"
+ "(|(!(|(|(&(|(|(|(|(|(|(|(|(|(|(|"
+ "(|(!(|(|(&(|(|(|(|(|(|(|(|(&(|(|"
+ "(|"
+ "(a=b)"
+ ")"
+ "))))))))))))))))"
+ "))))))))))))))))"
+ "))))))))))))))))"
+ "))))))))))))))))"
+ "))))))))))))))))"
+ "))))))))))))))))"
+ "))))))))))))))))"
+ "))))))))))))))))";
+
+ struct ldb_parse_tree *tree = ldb_parse_tree(ctx, nested_query);
+
+ assert_null(tree);
+}
+
int main(int argc, const char **argv)
{
const struct CMUnitTest tests[] = {
- cmocka_unit_test_setup_teardown(test_parse_filtertype, setup, teardown),
+ cmocka_unit_test_setup_teardown(
+ test_parse_filtertype, setup, teardown),
+ cmocka_unit_test_setup_teardown(
+ test_nested_filter_eq_limit, setup, teardown),
+ cmocka_unit_test_setup_teardown(
+ test_nested_filter_gt_limit, setup, teardown),
};
cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
--
GitLab

208
backport-librpc-ndr-Heap-buffer-overflow-in-lzxpress_decompress.patch
View File

@ -1,208 +0,0 @@
From ae6927e4f08dcea89729d8e54363e98effab6624 Mon Sep 17 00:00:00 2001
From: Gary Lockyer <gary@catalyst.net.nz>
Date: Fri, 24 Jan 2020 10:41:35 +1300
Subject: [PATCH] librpc ndr: Heap-buffer-overflow in lzxpress_decompress
Reproducer for oss-fuzz Issue 20083
Project: samba
Fuzzing Engine: libFuzzer
Fuzz Target: fuzz_ndr_drsuapi_TYPE_OUT
Job Type: libfuzzer_asan_samba
Platform Id: linux
Crash Type: Heap-buffer-overflow READ 1
Crash Address: 0x6040000002fd
Crash State:
lzxpress_decompress
ndr_pull_compression_xpress_chunk
ndr_pull_compression_start
Sanitizer: address (ASAN)
Recommended Security Severity: Medium
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20083
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14236
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
librpc/ndr/libndr.h | 5 +-
librpc/tests/test_ndr.c | 84 ++++++++++++++++++++++++++
librpc/wscript_build | 8 +++
python/samba/tests/blackbox/ndrdump.py | 13 ++++
selftest/knownfail.d/bug-14236 | 1 +
source4/selftest/tests.py | 2 +
6 files changed, 112 insertions(+), 1 deletion(-)
create mode 100644 librpc/tests/test_ndr.c
create mode 100644 selftest/knownfail.d/bug-14236
diff --git a/librpc/ndr/libndr.h b/librpc/ndr/libndr.h
index 58ef517d363..b7cccf3dfc5 100644
--- a/librpc/ndr/libndr.h
+++ b/librpc/ndr/libndr.h
@@ -309,7 +309,10 @@ enum ndr_compression_alg {
} while (0)
#define NDR_PULL_NEED_BYTES(ndr, n) do { \
- if (unlikely((n) > ndr->data_size || ndr->offset + (n) > ndr->data_size)) { \
+ if (unlikely(\
+ (n) > ndr->data_size || \
+ ndr->offset + (n) > ndr->data_size || \
+ ndr->offset + (n) < ndr->offset)) { \
if (ndr->flags & LIBNDR_FLAG_INCOMPLETE_BUFFER) { \
uint32_t _available = ndr->data_size - ndr->offset; \
uint32_t _missing = n - _available; \
diff --git a/librpc/tests/test_ndr.c b/librpc/tests/test_ndr.c
new file mode 100644
index 00000000000..1c074d71023
--- /dev/null
+++ b/librpc/tests/test_ndr.c
@@ -0,0 +1,84 @@
+/*
+ * Tests for librpc ndr functions
+ *
+ * Copyright (C) Catalyst.NET Ltd 2020
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+/*
+ * from cmocka.c:
+ * These headers or their equivalents should be included prior to
+ * including
+ * this header file.
+ *
+ * #include <stdarg.h>
+ * #include <stddef.h>
+ * #include <setjmp.h>
+ *
+ * This allows test applications to use custom definitions of C standard
+ * library functions and types.
+ *
+ */
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <setjmp.h>
+#include <cmocka.h>
+
+#include "librpc/ndr/libndr.h"
+
+/*
+ * Test NDR_PULL_NEED_BYTES integer overflow handling.
+ */
+static enum ndr_err_code wrap_NDR_PULL_NEED_BYTES(
+ struct ndr_pull *ndr,
+ uint32_t bytes) {
+
+ NDR_PULL_NEED_BYTES(ndr, bytes);
+ return NDR_ERR_SUCCESS;
+}
+
+static void test_NDR_PULL_NEED_BYTES(void **state)
+{
+ struct ndr_pull ndr = {0};
+ enum ndr_err_code err;
+
+ ndr.data_size = UINT32_MAX;
+ ndr.offset = UINT32_MAX -1;
+
+ /*
+ * This will not cause an overflow
+ */
+ err = wrap_NDR_PULL_NEED_BYTES(&ndr, 1);
+ assert_int_equal(NDR_ERR_SUCCESS, err);
+
+ /*
+ * This will cause an overflow
+ * and (offset + n) will be less than data_size
+ */
+ err = wrap_NDR_PULL_NEED_BYTES(&ndr, 2);
+ assert_int_equal(NDR_ERR_BUFSIZE, err);
+}
+
+int main(int argc, const char **argv)
+{
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test(test_NDR_PULL_NEED_BYTES),
+ };
+
+ cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
+ return cmocka_run_group_tests(tests, NULL, NULL);
+}
diff --git a/librpc/wscript_build b/librpc/wscript_build
index 5eb78e6010a8..ec8697fbcc58 100644
--- a/librpc/wscript_build
+++ b/librpc/wscript_build
@@ -698,3 +698,11 @@ bld.SAMBA_BINARY('test_ndr_string',
ndr_nbt
''',
for_selftest=True)
+
+bld.SAMBA_BINARY('test_ndr',
+ source='tests/test_ndr.c',
+ deps='''
+ cmocka
+ ndr
+ ''',
+ for_selftest=True)
diff --git a/python/samba/tests/blackbox/ndrdump.py b/python/samba/tests/blackbox/ndrdump.py
index b3c837819b15..205519c3f8a6 100644
--- a/python/samba/tests/blackbox/ndrdump.py
+++ b/python/samba/tests/blackbox/ndrdump.py
@@ -437,3 +437,16 @@ def test_fuzzed_drsuapi_DsGetNCChanges(self):
except BlackboxProcessError as e:
self.fail(e)
self.assertEqual(actual, expected)
+
+ def test_ndrdump_fuzzed_ndr_compression(self):
+ expected = 'pull returned Buffer Size Error'
+ command = (
+ "ndrdump drsuapi 3 out --base64-input "
+ "--input BwAAAAcAAAAGAAAAAwAgICAgICAJAAAAICAgIAkAAAAgIAAA//////8=")
+ try:
+ actual = self.check_exit_code(command, 2)
+ except BlackboxProcessError as e:
+ self.fail(e)
+ # check_output will return bytes
+ # convert expected to bytes for python 3
+ self.assertRegex(actual.decode('utf8'), expected + '$')
diff --git a/selftest/knownfail.d/bug-14236 b/selftest/knownfail.d/bug-14236
new file mode 100644
index 00000000000..64b956997a6
--- /dev/null
+++ b/selftest/knownfail.d/bug-14236
@@ -0,0 +1 @@
+^samba.tests.blackbox.ndrdump.samba.tests.blackbox.ndrdump.NdrDumpTests.test_ndrdump_fuzzed_ndr_compression
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index f570d35dfba..ab2c4f69da0 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -1334,6 +1334,8 @@ plantestsuite("libcli.drsuapi.repl_decrypt", "none",
[os.path.join(bindir(), "test_ldap_message")])
plantestsuite("librpc.ndr.ndr_macros", "none",
[os.path.join(bindir(), "test_ndr_macros")])
+plantestsuite("librpc.ndr.ndr", "none",
+ [os.path.join(bindir(), "test_ndr")])
# process restart and limit tests, these break the environment so need to run
# in their own specific environment
--
GitLab

40
backport-librpc-ndr-NDR_PULL_ALIGN-check-for-unsigned-overflow.patch
View File

@ -1,40 +0,0 @@
From 6d05fb3ea772c3642624ec6e0fb4e8d099bcdb8e Mon Sep 17 00:00:00 2001
From: Gary Lockyer <gary@catalyst.net.nz>
Date: Wed, 22 Jan 2020 14:16:02 +1300
Subject: [PATCH] librpc ndr: NDR_PULL_ALIGN check for unsigned overflow
Handle uint32 overflow in NDR_PULL_ALIGN
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20083
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14236
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
librpc/ndr/libndr.h | 7 +++++++
selftest/knownfail.d/bug-14236 | 1 -
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/librpc/ndr/libndr.h b/librpc/ndr/libndr.h
index b7cccf3dfc5..c2c7e263049 100644
--- a/librpc/ndr/libndr.h
+++ b/librpc/ndr/libndr.h
@@ -331,6 +331,13 @@ enum ndr_compression_alg {
if (unlikely(ndr->flags & LIBNDR_FLAG_PAD_CHECK)) { \
ndr_check_padding(ndr, n); \
} \
+ if(unlikely( \
+ ((ndr->offset + (n-1)) & (~(n-1))) < ndr->offset)) {\
+ return ndr_pull_error( \
+ ndr, \
+ NDR_ERR_BUFSIZE, \
+ "Pull align (overflow) %u", (unsigned)n); \
+ } \
ndr->offset = (ndr->offset + (n-1)) & ~(n-1); \
} \
if (unlikely(ndr->offset > ndr->data_size)) { \
--
GitLab

277
backport-librpc-ndr-add-recursion-check-macros.patch
View File

@ -1,277 +0,0 @@
From ba518a1debbe2dd8231ba2fb9bbb07eef743d86f Mon Sep 17 00:00:00 2001
From: Gary Lockyer <gary@catalyst.net.nz>
Date: Thu, 30 Jan 2020 08:49:07 +1300
Subject: [PATCH] librpc ndr: add recursion check macros
Add macros to check the recursion depth.
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19280
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14254
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
librpc/ndr/libndr.h | 37 ++++++++-
librpc/ndr/ndr.c | 2 +
librpc/tests/test_ndr_macros.c | 138 +++++++++++++++++++++++++++++++++
librpc/wscript_build | 9 +++
source4/selftest/tests.py | 2 +
5 files changed, 187 insertions(+), 1 deletion(-)
create mode 100644 librpc/tests/test_ndr_macros.c
diff --git a/librpc/ndr/libndr.h b/librpc/ndr/libndr.h
index 8d407c40e43..fd87db928ed 100644
--- a/librpc/ndr/libndr.h
+++ b/librpc/ndr/libndr.h
@@ -79,6 +79,14 @@ struct ndr_pull {
/* this is used to ensure we generate unique reference IDs
between request and reply */
uint32_t ptr_count;
+ uint32_t recursion_depth;
+ /*
+ * The global maximum depth for recursion. When set it overrides the
+ * value supplied by the max_recursion idl attribute. This is needed
+ * for fuzzing as ASAN uses a low threshold for stack depth to check
+ * for stack overflow.
+ */
+ uint32_t global_max_recursion;
};
/* structure passed to functions that generate NDR formatted data */
@@ -249,7 +257,9 @@ enum ndr_err_code {
NDR_ERR_UNREAD_BYTES,
NDR_ERR_NDR64,
NDR_ERR_FLAGS,
- NDR_ERR_INCOMPLETE_BUFFER
+ NDR_ERR_INCOMPLETE_BUFFER,
+ NDR_ERR_MAX_RECURSION_EXCEEDED,
+ NDR_ERR_UNDERFLOW
};
#define NDR_ERR_CODE_IS_SUCCESS(x) (x == NDR_ERR_SUCCESS)
@@ -357,6 +367,31 @@ enum ndr_compression_alg {
} \
} while(0)
+#define NDR_RECURSION_CHECK(ndr, d) do { \
+ uint32_t _ndr_min_ = (d); \
+ if (ndr->global_max_recursion && ndr->global_max_recursion < (d)) { \
+ _ndr_min_ = ndr->global_max_recursion; \
+ } \
+ ndr->recursion_depth++; \
+ if (unlikely(ndr->recursion_depth > _ndr_min_)) { \
+ return ndr_pull_error( \
+ ndr, \
+ NDR_ERR_MAX_RECURSION_EXCEEDED, \
+ "Depth of recursion exceeds (%u)", \
+ (unsigned) d); \
+ } \
+} while (0)
+
+#define NDR_RECURSION_UNWIND(ndr) do { \
+ if (unlikely(ndr->recursion_depth == 0)) { \
+ return ndr_pull_error( \
+ ndr, \
+ NDR_ERR_UNDERFLOW, \
+ "ndr_pull.recursion_depth is 0"); \
+ } \
+ ndr->recursion_depth--; \
+} while (0)
+
/* these are used to make the error checking on each element in libndr
less tedious, hopefully making the code more readable */
#define NDR_CHECK(call) do { \
diff --git a/librpc/ndr/ndr.c b/librpc/ndr/ndr.c
index f96a0bca08b..afe22a28602 100644
--- a/librpc/ndr/ndr.c
+++ b/librpc/ndr/ndr.c
@@ -1950,6 +1950,8 @@ static const struct {
{ NDR_ERR_UNREAD_BYTES, "Unread Bytes" },
{ NDR_ERR_NDR64, "NDR64 assertion error" },
{ NDR_ERR_INCOMPLETE_BUFFER, "Incomplete Buffer" },
+ { NDR_ERR_MAX_RECURSION_EXCEEDED, "Maximum Recursion Exceeded" },
+ { NDR_ERR_UNDERFLOW, "Underflow" },
{ 0, NULL }
};
diff --git a/librpc/tests/test_ndr_macros.c b/librpc/tests/test_ndr_macros.c
new file mode 100644
index 00000000000..0cd20d3e8f3
--- /dev/null
+++ b/librpc/tests/test_ndr_macros.c
@@ -0,0 +1,138 @@
+/*
+ * Tests for librpc ndr functions
+ *
+ * Copyright (C) Catalyst.NET Ltd 2020
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+/*
+ * from cmocka.c:
+ * These headers or their equivalents should be included prior to
+ * including
+ * this header file.
+ *
+ * #include <stdarg.h>
+ * #include <stddef.h>
+ * #include <setjmp.h>
+ *
+ * This allows test applications to use custom definitions of C standard
+ * library functions and types.
+ *
+ */
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <setjmp.h>
+#include <cmocka.h>
+
+#include "librpc/ndr/libndr.h"
+
+/*
+ * Test NDR_RECURSION_CHECK.
+ */
+static enum ndr_err_code wrap_NDR_RECURSION_CHECK(
+ struct ndr_pull *ndr,
+ uint32_t bytes) {
+
+ NDR_RECURSION_CHECK(ndr, bytes);
+ return NDR_ERR_SUCCESS;
+}
+
+static void test_NDR_RECURSION_CHECK(void **state)
+{
+ struct ndr_pull ndr = {0};
+ enum ndr_err_code err;
+
+
+ ndr.global_max_recursion = 0;
+ ndr.recursion_depth = 42;
+ err = wrap_NDR_RECURSION_CHECK(&ndr, 43);
+ assert_int_equal(NDR_ERR_SUCCESS, err);
+ assert_int_equal(43, ndr.recursion_depth);
+
+ ndr.global_max_recursion = 0;
+ ndr.recursion_depth = 43;
+ err = wrap_NDR_RECURSION_CHECK(&ndr, 43);
+ assert_int_equal(NDR_ERR_MAX_RECURSION_EXCEEDED, err);
+ assert_int_equal(44, ndr.recursion_depth);
+
+ ndr.global_max_recursion = 0;
+ ndr.recursion_depth = 44;
+ err = wrap_NDR_RECURSION_CHECK(&ndr, 43);
+ assert_int_equal(NDR_ERR_MAX_RECURSION_EXCEEDED, err);
+ assert_int_equal(45, ndr.recursion_depth);
+
+ ndr.global_max_recursion = 5;
+ ndr.recursion_depth = 5;
+ err = wrap_NDR_RECURSION_CHECK(&ndr, 20);
+ assert_int_equal(NDR_ERR_MAX_RECURSION_EXCEEDED, err);
+ assert_int_equal(6, ndr.recursion_depth);
+
+ ndr.global_max_recursion = 5;
+ ndr.recursion_depth = 4;
+ err = wrap_NDR_RECURSION_CHECK(&ndr, 20);
+ assert_int_equal(NDR_ERR_SUCCESS, err);
+ assert_int_equal(5, ndr.recursion_depth);
+
+ ndr.global_max_recursion = 20;
+ ndr.recursion_depth = 5;
+ err = wrap_NDR_RECURSION_CHECK(&ndr, 5);
+ assert_int_equal(NDR_ERR_MAX_RECURSION_EXCEEDED, err);
+ assert_int_equal(6, ndr.recursion_depth);
+
+ ndr.global_max_recursion = 20;
+ ndr.recursion_depth = 4;
+ err = wrap_NDR_RECURSION_CHECK(&ndr, 5);
+ assert_int_equal(NDR_ERR_SUCCESS, err);
+ assert_int_equal(5, ndr.recursion_depth);
+}
+
+/*
+ * Test NDR_RECURSION_RETURN.
+ */
+static enum ndr_err_code wrap_NDR_RECURSION_UNWIND(
+ struct ndr_pull *ndr) {
+
+ NDR_RECURSION_UNWIND(ndr);
+ return NDR_ERR_SUCCESS;
+}
+
+static void test_NDR_RECURSION_UNWIND(void **state)
+{
+ struct ndr_pull ndr = {0};
+ enum ndr_err_code err;
+
+ ndr.recursion_depth = 5;
+ err = wrap_NDR_RECURSION_UNWIND(&ndr);
+ assert_int_equal(NDR_ERR_SUCCESS, err);
+ assert_int_equal(4, ndr.recursion_depth);
+
+ ndr.recursion_depth = 0;
+ err = wrap_NDR_RECURSION_UNWIND(&ndr);
+ assert_int_equal(NDR_ERR_UNDERFLOW, err);
+ assert_int_equal(0, ndr.recursion_depth);
+
+}
+int main(int argc, const char **argv)
+{
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test(test_NDR_RECURSION_CHECK),
+ cmocka_unit_test(test_NDR_RECURSION_UNWIND),
+ };
+
+ cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
+ return cmocka_run_group_tests(tests, NULL, NULL);
+}
diff --git a/librpc/wscript_build b/librpc/wscript_build
index ec8697fbcc5..f0bf7f7785e 100644
--- a/librpc/wscript_build
+++ b/librpc/wscript_build
@@ -690,6 +690,14 @@ bld.SAMBA_SUBSYSTEM('NDR_FSRVP_STATE',
#
# Cmocka tests
#
+bld.SAMBA_BINARY('test_ndr_macros',
+ source='tests/test_ndr_macros.c',
+ deps='''
+ cmocka
+ ndr
+ ''',
+ for_selftest=True)
+
bld.SAMBA_BINARY('test_ndr_string',
source='tests/test_ndr_string.c',
deps='''
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index 5cdb3d27b77..389a142db7d 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -1346,6 +1346,8 @@ plantestsuite("librpc.ndr.ndr_string", "none",
[os.path.join(bindir(), "test_ndr_dns_nbt")])
plantestsuite("libcli.ldap.ldap_message", "none",
[os.path.join(bindir(), "test_ldap_message")])
+plantestsuite("librpc.ndr.ndr_macros", "none",
+ [os.path.join(bindir(), "test_ndr_macros")])
# process restart and limit tests, these break the environment so need to run
# in their own specific environment
--
GitLab

110
backport-lzxpress-add-bounds-checking-to-lzxpress_decompress.patch
View File

@ -1,110 +0,0 @@
From a97c78fb221a2f1aaca2effdb44c51e4f78ddd93 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 7 Nov 2019 10:03:36 +0100
Subject: [PATCH] lzxpress: add bounds checking to lzxpress_decompress()
lzxpress_decompress() would wander past the end of the array in
numerous locations.
Credit to OSS-Fuzz.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14190
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19382
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20083
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22485
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22667
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Sun Aug 9 00:30:26 UTC 2020 on sn-devel-184
---
lib/compression/lzxpress.c | 32 ++++++++++++++++++++++++++++++--
1 file changed, 30 insertions(+), 2 deletions(-)
diff --git a/lib/compression/lzxpress.c b/lib/compression/lzxpress.c
index 024aba4c2ce..d8326304455 100644
--- a/lib/compression/lzxpress.c
+++ b/lib/compression/lzxpress.c
@@ -252,8 +252,24 @@ ssize_t lzxpress_decompress(const uint8_t *input,
offset = 0;
nibble_index = 0;
+#define __CHECK_BYTES(__size, __index, __needed) do { \
+ if (unlikely(__index >= __size)) { \
+ return -1; \
+ } else { \
+ uint32_t __avail = __size - __index; \
+ if (unlikely(__needed > __avail)) { \
+ return -1; \
+ } \
+ } \
+} while(0)
+#define CHECK_INPUT_BYTES(__needed) \
+ __CHECK_BYTES(input_size, input_index, __needed)
+#define CHECK_OUTPUT_BYTES(__needed) \
+ __CHECK_BYTES(max_output_size, output_index, __needed)
+
do {
if (indicator_bit == 0) {
+ CHECK_INPUT_BYTES(4);
indicator = PULL_LE_UINT32(input, input_index);
input_index += sizeof(uint32_t);
indicator_bit = 32;
@@ -266,10 +282,13 @@ ssize_t lzxpress_decompress(const uint8_t *input,
* check whether the 4th bit of the value in indicator is set
*/
if (((indicator >> indicator_bit) & 1) == 0) {
+ CHECK_INPUT_BYTES(1);
+ CHECK_OUTPUT_BYTES(1);
output[output_index] = input[input_index];
input_index += sizeof(uint8_t);
output_index += sizeof(uint8_t);
} else {
+ CHECK_INPUT_BYTES(2);
length = PULL_LE_UINT16(input, input_index);
input_index += sizeof(uint16_t);
offset = length / 8;
@@ -277,6 +296,7 @@ ssize_t lzxpress_decompress(const uint8_t *input,
if (length == 7) {
if (nibble_index == 0) {
+ CHECK_INPUT_BYTES(1);
nibble_index = input_index;
length = input[input_index] % 16;
input_index += sizeof(uint8_t);
@@ -286,9 +306,11 @@ ssize_t lzxpress_decompress(const uint8_t *input,
}
if (length == 15) {
+ CHECK_INPUT_BYTES(1);
length = input[input_index];
input_index += sizeof(uint8_t);
if (length == 255) {
+ CHECK_INPUT_BYTES(2);
length = PULL_LE_UINT16(input, input_index);
input_index += sizeof(uint16_t);
length -= (15 + 7);
@@ -299,10 +321,16 @@ ssize_t lzxpress_decompress(const uint8_t *input,
}
length += 3;
+ if (length == 0) {
+ return -1;
+ }
- do {
- if ((output_index >= max_output_size) || ((offset + 1) > output_index)) break;
+ if (offset >= output_index) {
+ return -1;
+ }
+ CHECK_OUTPUT_BYTES(length);
+ do {
output[output_index] = output[output_index - offset - 1];
output_index += sizeof(uint8_t);
--
GitLab

35
backport-lzxpress-avoid-technically-undefined-shift.patch
View File

@ -1,35 +0,0 @@
From 0c461f3bd589764c496b530f698e313df50667e6 Mon Sep 17 00:00:00 2001
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Thu, 6 Aug 2020 17:17:01 +1200
Subject: [PATCH] lzxpress: avoid technically undefined shift
UBSAN:
runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
Credit to OSS-fuzz.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22283
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Aug 31 22:31:13 UTC 2020 on sn-devel-184
---
lib/compression/lzxpress.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/compression/lzxpress.c b/lib/compression/lzxpress.c
index d8326304455c..3453dd36f2aa 100644
--- a/lib/compression/lzxpress.c
+++ b/lib/compression/lzxpress.c
@@ -180,7 +180,7 @@ ssize_t lzxpress_compress(const uint8_t *uncompressed,
}
}
- indic |= 1 << (32 - ((indic_bit % 32) + 1));
+ indic |= 1U << (32 - ((indic_bit % 32) + 1));
if (best_len > 9) {
if (nibble_index == 0) {

52
backport-pidl-Add-recursive-depth-checks.patch
View File

@ -1,52 +0,0 @@
From 5d323f2a2e36c23a007d93394f25df0f3d30942d Mon Sep 17 00:00:00 2001
From: Gary Lockyer <gary@catalyst.net.nz>
Date: Thu, 30 Jan 2020 08:51:47 +1300
Subject: [PATCH] pidl: Add recursive depth checks.
Add new parameter to elements "max_recursion" and modify pidl to call
NDR_RECURSION_CHECK and NDR_RECURSION_UNWIND for element tagged with
that attribute.
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19820
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14254
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
pidl/lib/Parse/Pidl/NDR.pm | 1 +
pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 7 +++++++
2 files changed, 8 insertions(+)
diff --git a/pidl/lib/Parse/Pidl/NDR.pm b/pidl/lib/Parse/Pidl/NDR.pm
index 44338a1298d8..d17d0b404ed0 100644
--- a/pidl/lib/Parse/Pidl/NDR.pm
+++ b/pidl/lib/Parse/Pidl/NDR.pm
@@ -1101,6 +1101,7 @@ my %property_list = (
"gensize" => ["TYPEDEF", "STRUCT", "UNION"],
"value" => ["ELEMENT"],
"flag" => ["ELEMENT", "TYPEDEF", "STRUCT", "UNION", "ENUM", "BITMAP", "PIPE"],
+ "max_recursion" => ["ELEMENT"],
# generic
"public" => ["FUNCTION", "TYPEDEF", "STRUCT", "UNION", "ENUM", "BITMAP", "PIPE"],
diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm
index 0d58cb5f03d5..119590f66969 100644
--- a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm
+++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm
@@ -993,7 +993,14 @@ sub ParseDataPull($$$$$$$)
$var_name = get_pointer_to($var_name);
+ if (my $depth = has_property($e, "max_recursion")) {
+ my $d = parse_int($depth);
+ $self->pidl("NDR_RECURSION_CHECK($ndr, $d);");
+ }
$self->pidl("NDR_CHECK(".TypeFunctionName("ndr_pull", $l->{DATA_TYPE})."($ndr, $ndr_flags, $var_name));");
+ if (has_property($e, "max_recursion")) {
+ $self->pidl("NDR_RECURSION_UNWIND($ndr);");
+ }
my $pl = GetPrevLevel($e, $l);

38
backport-utils-asn1-avoid-undefined-behaviour.patch
View File

@ -1,38 +0,0 @@
From ed9abf94b3167a1a61b5da163e9b07b06c8a457b Mon Sep 17 00:00:00 2001
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Sun, 6 Sep 2020 09:35:49 +1200
Subject: [PATCH] utils/asn1: avoid undefined behaviour warning
UBSAN does not like an int >= 1<<24 being shifted left.
We check the overflow in the very next line.
Credit to OSS-Fuzz.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25436
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Sep 11 05:05:59 UTC 2020 on sn-devel-184
---
lib/util/asn1.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/lib/util/asn1.c b/lib/util/asn1.c
index 6b1b4bc2877f..9ab9e1b08449 100644
--- a/lib/util/asn1.c
+++ b/lib/util/asn1.c
@@ -1071,7 +1071,11 @@ bool asn1_read_enumerated(struct asn1_data *data, int *v)
if (!asn1_read_uint8(data, &b)) {
return false;
}
- *v = (*v << 8) + b;
+ /*
+ * To please/fool the Undefined Behaviour Sanitizer we cast to
+ * unsigned for the left shift.
+ */
+ *v = ((unsigned int)*v << 8) + b;
}
return asn1_end_tag(data);
}

50
backport-witness-idl-fix-length-calculation-for-witness_IPaddrInfoList.patch
View File

@ -1,50 +0,0 @@
From 8cce23acb9f9bdde8bff3c3a7ffa83361e3a64a6 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 31 Jul 2020 11:27:25 +0200
Subject: [PATCH] witness.idl: fix length calculation for
witness_IPaddrInfoList
If r->num is 0, we should not dereference r->addr.
Using ndr_size_witness_IPaddrInfoList() also make this much simpler
and avoids the magic 12.
Credit Oss-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22175
REF: https://oss-fuzz.com/testcase-detail/5686294157197312
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14452
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
---
librpc/idl/witness.idl | 6 +++---
source4/torture/ndr/witness.c | 24 ------------------------
2 files changed, 3 insertions(+), 27 deletions(-)
diff --git a/librpc/idl/witness.idl b/librpc/idl/witness.idl
index e230a5ea709..652c0e9cb65 100644
--- a/librpc/idl/witness.idl
+++ b/librpc/idl/witness.idl
@@ -98,14 +98,14 @@ interface witness
WITNESS_IPADDR_OFFLINE = 0x10
} witness_IPaddrInfo_flags;
- typedef [flag(NDR_NOALIGN|NDR_LITTLE_ENDIAN),gensize] struct {
+ typedef [flag(NDR_NOALIGN|NDR_LITTLE_ENDIAN)] struct {
witness_IPaddrInfo_flags flags;
[flag(NDR_BIG_ENDIAN)] ipv4address ipv4;
[flag(NDR_BIG_ENDIAN)] ipv6address ipv6;
} witness_IPaddrInfo;
- typedef [flag(NDR_NOALIGN|NDR_LITTLE_ENDIAN)] struct {
- [value(12+(r->num*ndr_size_witness_IPaddrInfo(r->addr, ndr->flags)))] uint32 length;
+ typedef [public,flag(NDR_NOALIGN|NDR_LITTLE_ENDIAN),gensize] struct {
+ [value(ndr_size_witness_IPaddrInfoList(r, ndr->flags))] uint32 length;
[value(0)] uint32 reserved;
uint32 num;
witness_IPaddrInfo addr[num];
--
GitLab

BIN
gpgkey-52FBC0B86D954B0843324CDC6F33915B6568B7EA.gpg
View File

Binary file not shown.

7
samba-4.12.5.tar.asc
View File

@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iHMEABECADMWIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXv3BXhUcc2FtYmEtYnVn
c0BzYW1iYS5vcmcACgkQbzORW2Vot+quPwCcDfpwxTo7ZDrFD768SgWqRmKI/+QA
oJqPMNOtzBJYbxVbKY+OyCqwQ2Zl
=2OtH
-----END PGP SIGNATURE-----

16
samba-4.15.3.tar.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmGww0kACgkQqplEL7aA
tiCzMg/+IzBD53oeYFSSt6V9o1ZhD/7bL425n/7Ea2iLaHkOEQWN3AgKV7h1rdSb
tS/Ys3xUf9LB1ZVkXbu17oWj5pG8aWcp6Ky80uXHycZ5X0/fcHegSU5SIyUfLs0F
d3BXvFWkPIy8H9a55wFTpJte2ofRoFqWUG4MAlOq83ummnmrz0W5j6QcufVIRjWq
hGMbg8Vjk+UEtKNO7fl8iSQ0ZRyXCkBR3biDBtMbvtoluaVkixxwwSPqgDoNXgju
ox2EbVfHLSHc+7Tb30uKQq/mf3uhf6ASIrajNVrXotK1fgpCCKnMLb9qRHEftttY
DwYKQvsrHCw9vYg/xyO2NOBr82mxjE6NBLsV1Kp8pdc4vInmAqOCsQpOuZ0SgO6u
sZk4c5AkfH7pZtHeNtlefiGe8/7ApU6UC6kkXT3mnLBtWKMBte9/NR6ZgCLle7tV
aAx6Io9j/rAeueRRgIK98bzxXSufjtFyNmM+Qr7IXnFHtJNM919ib4pr5DzpGwAc
+FMG0LfmU0XiUXcbw/IZ3AOD2DBwZC58ZezO3alUS8eRqNTP13v3Uhg9F78+eyah
Wbohx05Y4MA1ywtMd8z/dZn97nw3bw+z6fLNC//1Sq1qo1fXipaoSQW1LK9IHeVO
cV7cvd2c16p7NN3Op+34QY7Nc7b1uhtTV3v3tiEQYR/uQx+tyz8=
=fu6B
-----END PGP SIGNATURE-----

BIN
samba-4.12.5.tar.gz → samba-4.15.3.tar.gz
View File

Binary file not shown.

BIN
samba-pubkey_AA99442FB680B620.gpg Normal file
View File

Binary file not shown.

320
samba.spec
View File

@ -3,10 +3,10 @@
%define samba_requires_eq() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version
}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not")
%define talloc_version 2.3.1
%define tdb_version 1.4.3
%define tevent_version 0.10.2
%define ldb_version 2.1.4
%global talloc_version 2.3.3
%global tdb_version 1.4.4
%global tevent_version 0.11.0
%global ldb_version 2.4.1
%undefine _strict_symbol_defs_build
@ -32,7 +32,7 @@
%global with_dc 1
%endif
%global required_mit_krb5 1.18
%global required_mit_krb5 1.19
%global with_clustering_support 0
@ -45,11 +45,11 @@
%global with_vfs_io_uring 0
%global _systemd_extra "Environment=KRB5CCNAME=FILE:/run/samba/krb5cc_samba"
%define samba_depver %{version}-%{release}
%global samba_depver %{version}-%{release}
Name: samba
Version: 4.12.5
Release: 9
Version: 4.15.3
Release: 2
Summary: A suite for Linux to interoperate with Windows
License: GPLv3+ and LGPLv3+
@ -57,7 +57,7 @@ URL: https://www.samba.org
Source0: https://download.samba.org/pub/samba/stable/%{name}-%{version}.tar.gz
Source1: https://download.samba.org/pub/samba/stable/%{name}-%{version}.tar.asc
Source2: gpgkey-52FBC0B86D954B0843324CDC6F33915B6568B7EA.gpg
Source2: samba-pubkey_AA99442FB680B620.gpg
Source3: samba.logrotate
Source4: smb.conf.vendor
Source5: smb.conf.example
@ -66,35 +66,16 @@ Source7: samba.pamd
Source201: README.downgrade
Patch0: CVE-2020-1472.patch
Patch1: 0001-CVE-2020-14383.patch
Patch2: 0002-CVE-2020-14383.patch
Patch3: CVE-2020-14318.patch
Patch4: CVE-2020-14323.patch
Patch5: CVE-2021-20277.patch
Patch6: CVE-2020-27840.patch
Patch7: CVE-2021-20254.patch
Patch8: backport-CVE-2021-3671.patch
Patch9: backport-lzxpress-add-bounds-checking-to-lzxpress_decompress.patch
Patch10: backport-librpc-ndr-NDR_PULL_ALIGN-check-for-unsigned-overflow.patch
Patch11: backport-librpc-ndr-add-recursion-check-macros.patch
Patch12: backport-librpc-ndr-Heap-buffer-overflow-in-lzxpress_decompress.patch
Patch13: backport-pidl-Add-recursive-depth-checks.patch
Patch14: backport-idl-drsuapi_DsaAddressListItem_V1-limit-recursion.patch
Patch15: backport-idl-limit-recurion-on-recursive-elements.patch
Patch16: backport-lib-ldb-Limit-depth-of-ldb_parse_tree.patch
Patch17: backport-witness-idl-fix-length-calculation-for-witness_IPaddrInfoList.patch
Patch18: backport-lzxpress-avoid-technically-undefined-shift.patch
Patch19: backport-utils-asn1-avoid-undefined-behaviour.patch
Patch20: backport-fix-undefined-shift-in-put_res_rec.patch
BuildRequires: avahi-devel bison cups-devel dbus-devel docbook-style-xsl e2fsprogs-devel flex gawk gnupg2 gnutls-devel >= 3.4.7 gpgme-devel
BuildRequires: avahi-devel bison dbus-devel docbook-style-xsl e2fsprogs-devel flex gawk gnupg2 gnutls-devel >= 3.4.7 gpgme-devel
BuildRequires: jansson-devel krb5-devel >= %{required_mit_krb5} libacl-devel libaio-devel libarchive-devel libattr-devel
BuildRequires: libcap-devel libicu-devel libcmocka-devel libnsl2-devel libtirpc-devel libuuid-devel libxslt lmdb ncurses-devel openldap-devel
BuildRequires: libcap-devel libicu-devel libcmocka-devel libtirpc-devel libuuid-devel libxslt lmdb ncurses-devel openldap-devel
BuildRequires: pam-devel perl-interpreter perl-generators perl(Archive::Tar) perl(Test::More) popt-devel python3-devel python3-setuptools quota-devel
BuildRequires: readline-devel rpcgen rpcsvc-proto-devel sed libtasn1-devel libtasn1-tools xfsprogs-devel xz zlib-devel >= 1.2.3
BuildRequires: readline-devel rpcgen rpcsvc-proto-devel sed libtasn1-devel libtasn1-tools xfsprogs-devel xz zlib-devel >= 1.2.3 python3-dns
BuildRequires: gcc
BuildRequires: chrpath
%if %{?openEuler:1}0
BuildRequires: cups-devel
%endif
%if %{with_winexe}
BuildRequires: mingw32-gcc
@ -104,7 +85,7 @@ BuildRequires: mingw64-gcc
BuildRequires: pkgconfig(libsystemd)
%if %{with_vfs_glusterfs}
BuildRequires: glusterfs-api-devel >= 3.4.0.16 glusterfs-devel >= 3.4.0.16
BuildRequires: glusterfs-api-devel >= 3.4.0.16 glusterfs-devel >= 3.4.0.16 libgfapi0
%endif
%if %{with_vfs_cephfs}
@ -112,7 +93,7 @@ BuildRequires: libcephfs-devel
%endif
%if %{with_dc}
BuildRequires: python3-iso8601 bind krb5-server >= %{required_mit_krb5}
BuildRequires: python3-iso8601 bind krb5-server >= %{required_mit_krb5} python3-pyasn1
%endif
BuildRequires: perl(ExtUtils::MakeMaker) perl(FindBin) perl(Parse::Yapp) libtalloc-devel >= %{talloc_version} python3-talloc-devel >= %{talloc_version}
@ -122,7 +103,7 @@ BuildRequires: libtdb-devel >= %{tdb_version} python3-tdb >= %{tdb_version}
BuildRequires: libldb-devel >= %{ldb_version} python3-ldb-devel >= %{ldb_version}
%if %{with testsuite} || %{with_dc}
BuildRequires: ldb-tools tdb-tools python3-gpg python3-markdown
BuildRequires: ldb-tools tdb-tools python3-gpg python3-markdown python3-cryptography
%endif
%if %{with_vfs_io_uring}
@ -203,6 +184,14 @@ Obsoletes: samba4-common < %{samba_depver} %{name}-common-libs
This package contains some common basic files needed by %{name} client
and server.
# ctdb-tests package has been dropped if we do not build the testsuite
%if %with_clustering_support
%if %{without testsuite}
Obsoletes: ctdb-tests < %{samba_depver}
# endif without testsuite
%endif
# endif with clustering support
%endif
%package common-tools
Summary: Tools package for %{name}
@ -495,6 +484,7 @@ projects to store temporary data. If an application is already using TDB for
temporary data it is very easy to convert that application to be cluster aware
and use CTDB instead.
%if %{with testsuite}
### CTDB-TEST
%package -n ctdb-tests
Summary: The test package fors CTDB clustered database
@ -508,6 +498,9 @@ Obsoletes: ctdb-devel < %{samba_depver}
%description -n ctdb-tests
This package contains the test suite for CTDB clustered database.
#endif with testsuite
%endif
#endif with clustering
%endif
%package help
@ -560,6 +553,13 @@ export LDFLAGS="%{__global_ldflags} -fuse-ld=gold"
%configure \
--enable-fhs \
%if %{?openEuler:1}0
--enable-cups \
--enable-iprint \
%else
--disable-cups \
--disable-iprint \
%endif
--with-piddir=/run \
--with-sockets-dir=/run/samba \
--with-modulesdir=%{_libdir}/samba \
@ -624,7 +624,6 @@ install -d -m 0755 %{buildroot}/var/lib/samba/scripts
install -d -m 0755 %{buildroot}/var/lib/samba/sysvol
install -d -m 0755 %{buildroot}/var/lib/samba/winbindd_privileged
install -d -m 0755 %{buildroot}/var/log/samba/old
install -d -m 0755 %{buildroot}/var/spool/samba
install -d -m 0755 %{buildroot}/run/samba
install -d -m 0755 %{buildroot}/run/winbindd
install -d -m 0755 %{buildroot}/%{_libdir}/samba
@ -641,8 +640,9 @@ then
exit -1
fi
%if %{?openEuler:1}0
touch %{buildroot}%{_libexecdir}/samba/cups_backend_smb
%endif
# Install other stuff
install -d -m 0755 %{buildroot}%{_sysconfdir}/logrotate.d
@ -719,7 +719,9 @@ chrpath -d %{buildroot}%{python3_sitearch}/%{name}/samba3/*.so*
chrpath -d %{buildroot}%{python3_sitearch}/%{name}/dcerpc/*.so*
find %{buildroot}%{_libexecdir}/ctdb -type f ! -name ctdb_lvs ! -name ctdb_natgw| xargs chrpath -d
%if %{?openEuler:1}0
chrpath -d %{buildroot}%{_libexecdir}/%{name}/smbspool_krb5_wrapper
%endif
chrpath -d %{buildroot}%{_bindir}/rpcclient
chrpath -d %{buildroot}%{_bindir}/smbclient
chrpath -d %{buildroot}%{_bindir}/regshell
@ -751,7 +753,6 @@ chrpath -d %{buildroot}%{_bindir}/masktest
chrpath -d %{buildroot}%{_bindir}/ndrdump
chrpath -d %{buildroot}%{_bindir}/locktest
chrpath -d %{buildroot}%{_bindir}/gentest
chrpath -d %{buildroot}%{_bindir}/mdfind
chrpath -d %{buildroot}%{_bindir}/wbinfo
chrpath -d %{buildroot}%{_bindir}/ntlm_auth
chrpath -d %{buildroot}%{_bindir}/ltdbtool
@ -770,7 +771,6 @@ echo "%{_libdir}/%{name}" > %{buildroot}/etc/ld.so.conf.d/%{name}-%{_arch}.conf
%if ! %with_dc
for i in \
%{_libdir}/samba/libdfs-server-ad-samba4.so \
%{_libdir}/samba/libdnsserver-common-samba4.so \
%{_libdir}/samba/libdsdb-garbage-collect-tombstones-samba4.so \
%{_libdir}/samba/libscavenge-dns-records-samba4.so \
%{_libdir}/samba/ldb/ildap.so \
@ -899,15 +899,19 @@ fi
%post client
/sbin/ldconfig
%if %{?openEuler:1}0
%{_sbindir}/update-alternatives --install %{_libexecdir}/samba/cups_backend_smb \
cups_backend_smb \
%{_bindir}/smbspool 10
%endif
%postun client
/sbin/ldconfig
%if %{?openEuler:1}0
if [ $1 -eq 0 ] ; then
%{_sbindir}/update-alternatives --remove cups_backend_smb %{_bindir}/smbspool
fi
%endif
%if %{with_dc}
%ldconfig_scriptlets -n python3-samba-dc
@ -929,15 +933,19 @@ fi
%endif
%post krb5-printing
%if %{?openEuler:1}0
%{_sbindir}/update-alternatives --install %{_libexecdir}/samba/cups_backend_smb \
cups_backend_smb \
%{_libexecdir}/samba/smbspool_krb5_wrapper 50
%endif
/sbin/ldconfig
%postun krb5-printing
%if %{?openEuler:1}0
if [ $1 -eq 0 ] ; then
%{_sbindir}/update-alternatives --remove cups_backend_smb %{_libexecdir}/samba/smbspool_krb5_wrapper
fi
%endif
/sbin/ldconfig
%ldconfig_scriptlets libs
@ -1117,15 +1125,16 @@ fi
%{_libdir}/samba/vfs/time_audit.so
%{_libdir}/samba/vfs/unityed_media.so
%{_libdir}/samba/vfs/virusfilter.so
%{_libdir}/samba/vfs/widelinks.so
%{_libdir}/samba/vfs/worm.so
%{_libdir}/samba/vfs/xattr_tdb.so
%{_libexecdir}/samba/samba-bgqd
%dir %{_datadir}/samba
%dir %{_datadir}/samba/mdssvc
%{_datadir}/samba/mdssvc/elasticsearch_mappings.json
%{_unitdir}/nmb.service
%{_unitdir}/smb.service
%attr(1777,root,root) %dir /var/spool/samba
%dir %{_sysconfdir}/openldap/schema
%config %{_sysconfdir}/openldap/schema/samba.schema
%config(noreplace) %{_sysconfdir}/pam.d/samba
@ -1141,6 +1150,7 @@ fi
%{_libdir}/samba/libauth4-samba4.so
%{_libdir}/samba/libauth-unix-token-samba4.so
%{_libdir}/samba/libdcerpc-samba4.so
%{_libdir}/samba/libdnsserver-common-samba4.so
%{_libdir}/samba/libshares-samba4.so
%{_libdir}/samba/libsmbpasswdparser-samba4.so
%{_libdir}/samba/libxattr-tdb-samba4.so
@ -1151,9 +1161,8 @@ fi
%{_bindir}/cifsdd
%{_bindir}/dbwrap_tool
%{_bindir}/dumpmscat
%{_bindir}/findsmb
%{_bindir}/mvxattr
%{_bindir}/mdfind
%{_bindir}/mdsearch
%{_bindir}/nmblookup
%{_bindir}/oLschema2ldif
%{_bindir}/regdiff
@ -1171,8 +1180,10 @@ fi
%{_bindir}/smbspool
%{_bindir}/smbtar
%{_bindir}/smbtree
%if %{?openEuler:1}0
%dir %{_libexecdir}/samba
%ghost %{_libexecdir}/samba/cups_backend_smb
%endif
%{_libdir}/libdcerpc-binding.so.*
@ -1211,10 +1222,10 @@ fi
%{_libdir}/samba/libclidns-samba4.so
%{_libdir}/samba/libcluster-samba4.so
%{_libdir}/samba/libcmdline-contexts-samba4.so
%{_libdir}/samba/libcmdline-credentials-samba4.so
%{_libdir}/samba/libcommon-auth-samba4.so
%{_libdir}/samba/libctdb-event-client-samba4.so
%{_libdir}/samba/libdbwrap-samba4.so
%{_libdir}/samba/libdcerpc-pkt-auth-samba4.so
%{_libdir}/samba/libdcerpc-samba-samba4.so
%{_libdir}/samba/libevents-samba4.so
%{_libdir}/samba/libflag-mapping-samba4.so
@ -1259,7 +1270,6 @@ fi
%{_libdir}/samba/libsmb-transport-samba4.so
%{_libdir}/samba/libsmbclient-raw-samba4.so
%{_libdir}/samba/libsmbd-base-samba4.so
%{_libdir}/samba/libsmbd-conn-samba4.so
%{_libdir}/samba/libsmbd-shim-samba4.so
%{_libdir}/samba/libsmbldaphelper-samba4.so
%{_libdir}/samba/libsys-rw-samba4.so
@ -1270,7 +1280,6 @@ fi
%{_libdir}/samba/libtime-basic-samba4.so
%{_libdir}/samba/libtorture-samba4.so
%{_libdir}/samba/libtrusts-util-samba4.so
%{_libdir}/samba/libutil-cmdline-samba4.so
%{_libdir}/samba/libutil-reg-samba4.so
%{_libdir}/samba/libutil-setid-samba4.so
%{_libdir}/samba/libutil-tdb-samba4.so
@ -1304,8 +1313,7 @@ fi
%config(noreplace) %{_sysconfdir}/samba/lmhosts
%config(noreplace) %{_sysconfdir}/sysconfig/samba
%{_libdir}/samba/libpopt-samba3-cmdline-samba4.so
%{_libdir}/samba/libpopt-samba3-samba4.so
%{_libdir}/samba/libcmdline-samba4.so
%dir %{_libdir}/samba/ldb
@ -1319,6 +1327,7 @@ fi
%{_bindir}/net
%{_bindir}/pdbedit
%{_bindir}/profiles
%{_bindir}/samba-tool
%{_bindir}/smbcontrol
%{_bindir}/smbpasswd
%{_bindir}/testparm
@ -1327,7 +1336,6 @@ fi
%if %{with_dc}
%files dc
%{_unitdir}/samba.service
%{_bindir}/samba-tool
%{_sbindir}/samba
%{_sbindir}/samba_dnsupdate
%{_sbindir}/samba_downgrade_db
@ -1418,7 +1426,6 @@ fi
%{_libdir}/samba/service/winbindd.so
%{_libdir}/samba/service/wrepl.so
%{_libdir}/libdcerpc-server.so.*
%{_libdir}/samba/libdnsserver-common-samba4.so
%{_libdir}/samba/libdsdb-module-samba4.so
%{_libdir}/samba/libdsdb-garbage-collect-tombstones-samba4.so
%{_libdir}/samba/libscavenge-dns-records-samba4.so
@ -1427,11 +1434,11 @@ fi
%files dc-bind-dlz
%attr(770,root,named) %dir /var/lib/samba/bind-dns
%dir %{_libdir}/samba/bind9
%{_libdir}/samba/bind9/dlz_bind9.so
%{_libdir}/samba/bind9/dlz_bind9_9.so
%{_libdir}/samba/bind9/dlz_bind9_10.so
%{_libdir}/samba/bind9/dlz_bind9_11.so
%{_libdir}/samba/bind9/dlz_bind9_12.so
%{_libdir}/samba/bind9/dlz_bind9_14.so
%{_libdir}/samba/bind9/dlz_bind9_16.so
%config(noreplace) /etc/ld.so.conf.d/*
#endif with_dc
%endif
@ -1503,7 +1510,6 @@ fi
%dir %{_includedir}/samba-4.0/util
%{_includedir}/samba-4.0/util/attr.h
%{_includedir}/samba-4.0/util/blocking.h
%{_includedir}/samba-4.0/util/byteorder.h
%{_includedir}/samba-4.0/util/data_blob.h
%{_includedir}/samba-4.0/util/debug.h
%{_includedir}/samba-4.0/util/discard.h
@ -1512,7 +1518,6 @@ fi
%{_includedir}/samba-4.0/util/idtree.h
%{_includedir}/samba-4.0/util/idtree_random.h
%{_includedir}/samba-4.0/util/signal.h
%{_includedir}/samba-4.0/util/string_wrappers.h
%{_includedir}/samba-4.0/util/substitute.h
%{_includedir}/samba-4.0/util/tevent_ntstatus.h
%{_includedir}/samba-4.0/util/tevent_unix.h
@ -1578,7 +1583,9 @@ fi
%endif
%files krb5-printing
%if %{?openEuler:1}0
%attr(0700,root,root) %{_libexecdir}/samba/smbspool_krb5_wrapper
%endif
%config(noreplace) /etc/ld.so.conf.d/*
%if %with_libsmbclient
@ -1638,6 +1645,7 @@ fi
%attr(644,root,root) %{perl_vendorlib}/Parse/Pidl/Samba4/Template.pm
%dir %{perl_vendorlib}/Parse/Pidl/Samba4/NDR
%attr(644,root,root) %{perl_vendorlib}/Parse/Pidl/Samba4/NDR/Server.pm
%attr(644,root,root) %{perl_vendorlib}/Parse/Pidl/Samba4/NDR/ServerCompat.pm
%attr(644,root,root) %{perl_vendorlib}/Parse/Pidl/Samba4/NDR/Client.pm
%attr(644,root,root) %{perl_vendorlib}/Parse/Pidl/Samba4/NDR/Parser.pm
%attr(644,root,root) %{perl_vendorlib}/Parse/Pidl/Samba4/TDR.pm
@ -1652,14 +1660,19 @@ fi
%{python3_sitearch}/samba/__pycache__/auth_util.*.pyc
%{python3_sitearch}/samba/__pycache__/colour.*.pyc
%{python3_sitearch}/samba/__pycache__/common.*.pyc
%{python3_sitearch}/samba/__pycache__/compat.*.pyc
%{python3_sitearch}/samba/__pycache__/dbchecker.*.pyc
%{python3_sitearch}/samba/__pycache__/descriptor.*.pyc
%{python3_sitearch}/samba/__pycache__/dnsresolver.*.pyc
%{python3_sitearch}/samba/__pycache__/drs_utils.*.pyc
%{python3_sitearch}/samba/__pycache__/getopt.*.pyc
%{python3_sitearch}/samba/__pycache__/gpclass.*.pyc
%{python3_sitearch}/samba/__pycache__/gp_ext_loader.*.pyc
%{python3_sitearch}/samba/__pycache__/gp_gnome_settings_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/gp_msgs_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/gp_scripts_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/gp_sec_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/gp_smb_conf_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/gp_sudoers_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/graph.*.pyc
%{python3_sitearch}/samba/__pycache__/hostconfig.*.pyc
%{python3_sitearch}/samba/__pycache__/idmap.*.pyc
@ -1674,8 +1687,17 @@ fi
%{python3_sitearch}/samba/__pycache__/sites.*.pyc
%{python3_sitearch}/samba/__pycache__/subnets.*.pyc
%{python3_sitearch}/samba/__pycache__/tdb_util.*.pyc
%{python3_sitearch}/samba/__pycache__/trust_utils.*.pyc
%{python3_sitearch}/samba/__pycache__/upgrade.*.pyc
%{python3_sitearch}/samba/__pycache__/upgradehelpers.*.pyc
%{python3_sitearch}/samba/__pycache__/vgp_access_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/vgp_files_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/vgp_issue_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/vgp_motd_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/vgp_openssh_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/vgp_startup_scripts_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/vgp_sudoers_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/vgp_symlink_ext.*.pyc
%{python3_sitearch}/samba/__pycache__/xattr.*.pyc
%{python3_sitearch}/samba/_glue.*.so
%{python3_sitearch}/samba/_ldb.*.so
@ -1684,7 +1706,6 @@ fi
%{python3_sitearch}/samba/dbchecker.py
%{python3_sitearch}/samba/colour.py
%{python3_sitearch}/samba/common.py
%{python3_sitearch}/samba/compat.py
%{python3_sitearch}/samba/credentials.*.so
%{python3_sitearch}/samba/crypto.*.so
%dir %{python3_sitearch}/samba/dcerpc
@ -1705,6 +1726,7 @@ fi
%{python3_sitearch}/samba/dcerpc/idmap.*.so
%{python3_sitearch}/samba/dcerpc/initshutdown.*.so
%{python3_sitearch}/samba/dcerpc/irpc.*.so
%{python3_sitearch}/samba/dcerpc/krb5ccache.*.so
%{python3_sitearch}/samba/dcerpc/krb5pac.*.so
%{python3_sitearch}/samba/dcerpc/lsa.*.so
%{python3_sitearch}/samba/dcerpc/messaging.*.so
@ -1731,10 +1753,15 @@ fi
%{python3_sitearch}/samba/dcerpc/wkssvc.*.so
%{python3_sitearch}/samba/dcerpc/xattr.*.so
%{python3_sitearch}/samba/descriptor.py
%{python3_sitearch}/samba/dnsresolver.py
%{python3_sitearch}/samba/drs_utils.py
%{python3_sitearch}/samba/dsdb.*.so
%{python3_sitearch}/samba/dsdb_dns.*.so
%{python3_sitearch}/samba/gensec.*.so
%{python3_sitearch}/samba/getopt.py
%{python3_sitearch}/samba/gpclass.py
%{python3_sitearch}/samba/gp_gnome_settings_ext.py
%{python3_sitearch}/samba/gp_scripts_ext.py
%{python3_sitearch}/samba/gp_sec_ext.py
%{python3_sitearch}/samba/gpo.*.so
%{python3_sitearch}/samba/graph.py
@ -1744,6 +1771,7 @@ fi
%{python3_sitearch}/samba/messaging.*.so
%{python3_sitearch}/samba/ndr.py
%{python3_sitearch}/samba/net.*.so
%{python3_sitearch}/samba/net_s3.*.so
%{python3_sitearch}/samba/ntstatus.*.so
%{python3_sitearch}/samba/posix_eadb.*.so
%dir %{python3_sitearch}/samba/emulate
@ -1755,6 +1783,9 @@ fi
%{python3_sitearch}/samba/emulate/traffic.py
%{python3_sitearch}/samba/emulate/traffic_packets.py
%{python3_sitearch}/samba/gp_ext_loader.py
%{python3_sitearch}/samba/gp_msgs_ext.py
%{python3_sitearch}/samba/gp_smb_conf_ext.py
%{python3_sitearch}/samba/gp_sudoers_ext.py
%dir %{python3_sitearch}/samba/gp_parse
%{python3_sitearch}/samba/gp_parse/__init__.py
%dir %{python3_sitearch}/samba/gp_parse/__pycache__
@ -1843,7 +1874,9 @@ fi
%{python3_sitearch}/samba/samba3/__init__.py
%dir %{python3_sitearch}/samba/samba3/__pycache__
%{python3_sitearch}/samba/samba3/__pycache__/__init__.*.pyc
%{python3_sitearch}/samba/samba3/libsmb_samba_internal.*.so
%{python3_sitearch}/samba/samba3/__pycache__/libsmb_samba_internal.*.pyc
%{python3_sitearch}/samba/samba3/libsmb_samba_cwrapper.cpython*.so
%{python3_sitearch}/samba/samba3/libsmb_samba_internal.py
%{python3_sitearch}/samba/samba3/mdscli.*.so
%{python3_sitearch}/samba/samba3/param.*.so
%{python3_sitearch}/samba/samba3/passdb.*.so
@ -1858,12 +1891,17 @@ fi
%{python3_sitearch}/samba/subunit/__pycache__/run.*.pyc
%{python3_sitearch}/samba/subunit/run.py
%{python3_sitearch}/samba/tdb_util.py
%dir %{python3_sitearch}/samba/third_party
%{python3_sitearch}/samba/third_party/__init__.py
%dir %{python3_sitearch}/samba/third_party/__pycache__
%{python3_sitearch}/samba/third_party/__pycache__/__init__.*.pyc
%{python3_sitearch}/samba/trust_utils.py
%{python3_sitearch}/samba/upgrade.py
%{python3_sitearch}/samba/upgradehelpers.py
%{python3_sitearch}/samba/vgp_access_ext.py
%{python3_sitearch}/samba/vgp_files_ext.py
%{python3_sitearch}/samba/vgp_issue_ext.py
%{python3_sitearch}/samba/vgp_motd_ext.py
%{python3_sitearch}/samba/vgp_openssh_ext.py
%{python3_sitearch}/samba/vgp_startup_scripts_ext.py
%{python3_sitearch}/samba/vgp_sudoers_ext.py
%{python3_sitearch}/samba/vgp_symlink_ext.py
%{python3_sitearch}/samba/werror.*.so
%{python3_sitearch}/samba/xattr.py
%{python3_sitearch}/samba/xattr_native.*.so
@ -1893,8 +1931,6 @@ fi
%{python3_sitearch}/samba/dcerpc/dnsserver.*.so
%{python3_sitearch}/samba/dckeytab.*.so
%{python3_sitearch}/samba/dsdb.*.so
%{python3_sitearch}/samba/dsdb_dns.*.so
%{python3_sitearch}/samba/domain_update.py
%{python3_sitearch}/samba/forest_update.py
%{python3_sitearch}/samba/ms_forest_updates_markdown.py
@ -1959,8 +1995,10 @@ fi
%{python3_sitearch}/samba/tests/__pycache__/complex_expressions.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/core.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/credentials.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/cred_opt.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dckeytab.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dns.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dns_aging.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dns_base.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dns_forwarder.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dns_invalid.*.pyc
@ -1968,6 +2006,8 @@ fi
%{python3_sitearch}/samba/tests/__pycache__/dns_tkey.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dns_wildcard.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dsdb.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dsdb_api.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dsdb_dns.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dsdb_lock.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/dsdb_schema_attributes.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/docs.*.pyc
@ -1979,17 +2019,22 @@ fi
%{python3_sitearch}/samba/tests/__pycache__/getdcname.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/glue.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/gpo.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/gpo_member.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/graph.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/group_audit.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/hostconfig.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/imports.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/join.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/krb5_credentials.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/ldap_raw.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/ldap_referrals.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/ldap_spn.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/ldap_upn_sam_account.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/loadparm.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/libsmb.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/lsa_string.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/messaging.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/ndr.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/netbios.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/netcmd.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/net_join_no_spnego.*.pyc
@ -2025,13 +2070,16 @@ fi
%{python3_sitearch}/samba/tests/__pycache__/s3passdb.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/s3registry.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/s3windb.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/s3_net_join.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/samba3sam.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/samba_upgradedns_lmdb.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/samdb.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/samdb_api.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/sddl.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/security.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/segfault.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/smb.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/smb-notify.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/smbd_base.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/smbd_fuzztest.*.pyc
%{python3_sitearch}/samba/tests/__pycache__/source.*.pyc
@ -2062,10 +2110,14 @@ fi
%{python3_sitearch}/samba/tests/blackbox/__pycache__/bug13653.*.pyc
%{python3_sitearch}/samba/tests/blackbox/__pycache__/check_output.*.pyc
%{python3_sitearch}/samba/tests/blackbox/__pycache__/downgradedatabase.*.pyc
%{python3_sitearch}/samba/tests/blackbox/__pycache__/mdfind.*.pyc
%{python3_sitearch}/samba/tests/blackbox/__pycache__/mdsearch.*.pyc
%{python3_sitearch}/samba/tests/blackbox/__pycache__/ndrdump.*.pyc
%{python3_sitearch}/samba/tests/blackbox/__pycache__/netads_json.*.pyc
%{python3_sitearch}/samba/tests/blackbox/__pycache__/samba_dnsupdate.*.pyc
%{python3_sitearch}/samba/tests/blackbox/__pycache__/smbcacls.*.pyc
%{python3_sitearch}/samba/tests/blackbox/__pycache__/smbcacls_basic.*.pyc
%{python3_sitearch}/samba/tests/blackbox/__pycache__/smbcacls_dfs_propagate_inherit.*.pyc
%{python3_sitearch}/samba/tests/blackbox/__pycache__/smbcacls_propagate_inhertance.*.pyc
%{python3_sitearch}/samba/tests/blackbox/__pycache__/smbcontrol.*.pyc
%{python3_sitearch}/samba/tests/blackbox/__pycache__/smbcontrol_process.*.pyc
%{python3_sitearch}/samba/tests/blackbox/__pycache__/traffic_learner.*.pyc
@ -2074,10 +2126,14 @@ fi
%{python3_sitearch}/samba/tests/blackbox/bug13653.py
%{python3_sitearch}/samba/tests/blackbox/check_output.py
%{python3_sitearch}/samba/tests/blackbox/downgradedatabase.py
%{python3_sitearch}/samba/tests/blackbox/mdfind.py
%{python3_sitearch}/samba/tests/blackbox/mdsearch.py
%{python3_sitearch}/samba/tests/blackbox/ndrdump.py
%{python3_sitearch}/samba/tests/blackbox/netads_json.py
%{python3_sitearch}/samba/tests/blackbox/samba_dnsupdate.py
%{python3_sitearch}/samba/tests/blackbox/smbcacls.py
%{python3_sitearch}/samba/tests/blackbox/smbcacls_basic.py
%{python3_sitearch}/samba/tests/blackbox/smbcacls_dfs_propagate_inherit.py
%{python3_sitearch}/samba/tests/blackbox/smbcacls_propagate_inhertance.py
%{python3_sitearch}/samba/tests/blackbox/smbcontrol.py
%{python3_sitearch}/samba/tests/blackbox/smbcontrol_process.py
%{python3_sitearch}/samba/tests/blackbox/traffic_learner.py
@ -2087,14 +2143,18 @@ fi
%{python3_sitearch}/samba/tests/complex_expressions.py
%{python3_sitearch}/samba/tests/core.py
%{python3_sitearch}/samba/tests/credentials.py
%{python3_sitearch}/samba/tests/cred_opt.py
%dir %{python3_sitearch}/samba/tests/dcerpc
%{python3_sitearch}/samba/tests/dcerpc/__init__.py
%dir %{python3_sitearch}/samba/tests/dcerpc/__pycache__
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/__init__.*.pyc
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/array.*.pyc
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/bare.*.pyc
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/createtrustrelax.*.pyc
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/binding.*.pyc
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/dnsserver.*.pyc
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/integer.*.pyc
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/lsa.*.pyc
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/mdssvc.*.pyc
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/misc.*.pyc
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/raw_protocol.*.pyc
@ -2103,14 +2163,18 @@ fi
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/rpc_talloc.*.pyc
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/rpcecho.*.pyc
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/sam.*.pyc
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/samr_change_password.*.pyc
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/srvsvc.*.pyc
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/string_tests.*.pyc
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/testrpc.*.pyc
%{python3_sitearch}/samba/tests/dcerpc/__pycache__/unix.*.pyc
%{python3_sitearch}/samba/tests/dcerpc/array.py
%{python3_sitearch}/samba/tests/dcerpc/bare.py
%{python3_sitearch}/samba/tests/dcerpc/binding.py
%{python3_sitearch}/samba/tests/dcerpc/createtrustrelax.py
%{python3_sitearch}/samba/tests/dcerpc/dnsserver.py
%{python3_sitearch}/samba/tests/dcerpc/integer.py
%{python3_sitearch}/samba/tests/dcerpc/lsa.py
%{python3_sitearch}/samba/tests/dcerpc/mdssvc.py
%{python3_sitearch}/samba/tests/dcerpc/misc.py
%{python3_sitearch}/samba/tests/dcerpc/raw_protocol.py
@ -2119,12 +2183,14 @@ fi
%{python3_sitearch}/samba/tests/dcerpc/rpc_talloc.py
%{python3_sitearch}/samba/tests/dcerpc/rpcecho.py
%{python3_sitearch}/samba/tests/dcerpc/sam.py
%{python3_sitearch}/samba/tests/dcerpc/samr_change_password.py
%{python3_sitearch}/samba/tests/dcerpc/srvsvc.py
%{python3_sitearch}/samba/tests/dcerpc/string_tests.py
%{python3_sitearch}/samba/tests/dcerpc/testrpc.py
%{python3_sitearch}/samba/tests/dcerpc/unix.py
%{python3_sitearch}/samba/tests/dckeytab.py
%{python3_sitearch}/samba/tests/dns.py
%{python3_sitearch}/samba/tests/dns_aging.py
%{python3_sitearch}/samba/tests/dns_base.py
%{python3_sitearch}/samba/tests/dns_forwarder.py
%dir %{python3_sitearch}/samba/tests/dns_forwarder_helpers
@ -2135,6 +2201,8 @@ fi
%{python3_sitearch}/samba/tests/dns_tkey.py
%{python3_sitearch}/samba/tests/dns_wildcard.py
%{python3_sitearch}/samba/tests/dsdb.py
%{python3_sitearch}/samba/tests/dsdb_api.py
%{python3_sitearch}/samba/tests/dsdb_dns.py
%{python3_sitearch}/samba/tests/dsdb_lock.py
%{python3_sitearch}/samba/tests/dsdb_schema_attributes.py
%{python3_sitearch}/samba/tests/docs.py
@ -2154,9 +2222,11 @@ fi
%{python3_sitearch}/samba/tests/get_opt.py
%{python3_sitearch}/samba/tests/glue.py
%{python3_sitearch}/samba/tests/gpo.py
%{python3_sitearch}/samba/tests/gpo_member.py
%{python3_sitearch}/samba/tests/graph.py
%{python3_sitearch}/samba/tests/group_audit.py
%{python3_sitearch}/samba/tests/hostconfig.py
%{python3_sitearch}/samba/tests/imports.py
%{python3_sitearch}/samba/tests/join.py
%dir %{python3_sitearch}/samba/tests/kcc
%{python3_sitearch}/samba/tests/kcc/__init__.py
@ -2170,13 +2240,68 @@ fi
%{python3_sitearch}/samba/tests/kcc/graph_utils.py
%{python3_sitearch}/samba/tests/kcc/kcc_utils.py
%{python3_sitearch}/samba/tests/kcc/ldif_import_export.py
%dir %{python3_sitearch}/samba/tests/krb5
%dir %{python3_sitearch}/samba/tests/krb5/__pycache__
%{python3_sitearch}/samba/tests/krb5/__pycache__/alias_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/as_canonicalization_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/as_req_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/compatability_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/fast_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/kcrypto.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_base_test.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_tgs_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/ms_kile_client_principal_lookup_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/raw_testcase.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/rfc4120_constants.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/rfc4120_pyasn1.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/rodc_tests*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/salt_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/simple_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/spn_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/s4u_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/test_ccache.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/test_idmap_nss.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/test_ldap.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/test_min_domain_uid.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/test_rpc.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/test_smb.*.pyc
%{python3_sitearch}/samba/tests/krb5/__pycache__/xrealm_tests.*.pyc
%{python3_sitearch}/samba/tests/krb5/alias_tests.py
%{python3_sitearch}/samba/tests/krb5/as_canonicalization_tests.py
%{python3_sitearch}/samba/tests/krb5/as_req_tests.py
%{python3_sitearch}/samba/tests/krb5/compatability_tests.py
%{python3_sitearch}/samba/tests/krb5/fast_tests.py
%{python3_sitearch}/samba/tests/krb5/kcrypto.py
%{python3_sitearch}/samba/tests/krb5/kdc_base_test.py
%{python3_sitearch}/samba/tests/krb5/kdc_tests.py
%{python3_sitearch}/samba/tests/krb5/kdc_tgs_tests.py
%{python3_sitearch}/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py
%{python3_sitearch}/samba/tests/krb5/raw_testcase.py
%{python3_sitearch}/samba/tests/krb5/rfc4120_constants.py
%{python3_sitearch}/samba/tests/krb5/rfc4120_pyasn1.py
%{python3_sitearch}/samba/tests/krb5/rodc_tests.py
%{python3_sitearch}/samba/tests/krb5/salt_tests.py
%{python3_sitearch}/samba/tests/krb5/simple_tests.py
%{python3_sitearch}/samba/tests/krb5/spn_tests.py
%{python3_sitearch}/samba/tests/krb5/test_ccache.py
%{python3_sitearch}/samba/tests/krb5/test_idmap_nss.py
%{python3_sitearch}/samba/tests/krb5/test_ldap.py
%{python3_sitearch}/samba/tests/krb5/test_min_domain_uid.py
%{python3_sitearch}/samba/tests/krb5/test_rpc.py
%{python3_sitearch}/samba/tests/krb5/test_smb.py
%{python3_sitearch}/samba/tests/krb5/s4u_tests.py
%{python3_sitearch}/samba/tests/krb5/xrealm_tests.py
%{python3_sitearch}/samba/tests/krb5_credentials.py
%{python3_sitearch}/samba/tests/ldap_raw.py
%{python3_sitearch}/samba/tests/ldap_referrals.py
%{python3_sitearch}/samba/tests/ldap_spn.py
%{python3_sitearch}/samba/tests/ldap_upn_sam_account.py
%{python3_sitearch}/samba/tests/libsmb.py
%{python3_sitearch}/samba/tests/loadparm.py
%{python3_sitearch}/samba/tests/lsa_string.py
%{python3_sitearch}/samba/tests/messaging.py
%{python3_sitearch}/samba/tests/ndr.py
%{python3_sitearch}/samba/tests/netbios.py
%{python3_sitearch}/samba/tests/netcmd.py
%{python3_sitearch}/samba/tests/net_join_no_spnego.py
@ -2212,6 +2337,7 @@ fi
%{python3_sitearch}/samba/tests/s3passdb.py
%{python3_sitearch}/samba/tests/s3registry.py
%{python3_sitearch}/samba/tests/s3windb.py
%{python3_sitearch}/samba/tests/s3_net_join.py
%{python3_sitearch}/samba/tests/samba3sam.py
%{python3_sitearch}/samba/tests/samba_upgradedns_lmdb.py
%dir %{python3_sitearch}/samba/tests/samba_tool
@ -2228,6 +2354,7 @@ fi
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/forest.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/fsmo.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/gpo.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/gpo_exts.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/group.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/help.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/join.*.pyc
@ -2239,6 +2366,7 @@ fi
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/promote_dc_lmdb_size.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/provision_lmdb_size.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/provision_password_check.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/provision_userPassword_crypt.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/rodc.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/schema.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/sites.*.pyc
@ -2246,6 +2374,9 @@ fi
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/user.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/user_check_password_script.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/user_virtualCryptSHA.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/user_virtualCryptSHA_base.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/user_virtualCryptSHA_gpg.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/user_virtualCryptSHA_userPassword.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/user_wdigest.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/visualize.*.pyc
%{python3_sitearch}/samba/tests/samba_tool/__pycache__/visualize_drs.*.pyc
@ -2259,6 +2390,7 @@ fi
%{python3_sitearch}/samba/tests/samba_tool/forest.py
%{python3_sitearch}/samba/tests/samba_tool/fsmo.py
%{python3_sitearch}/samba/tests/samba_tool/gpo.py
%{python3_sitearch}/samba/tests/samba_tool/gpo_exts.py
%{python3_sitearch}/samba/tests/samba_tool/group.py
%{python3_sitearch}/samba/tests/samba_tool/help.py
%{python3_sitearch}/samba/tests/samba_tool/join.py
@ -2270,6 +2402,7 @@ fi
%{python3_sitearch}/samba/tests/samba_tool/promote_dc_lmdb_size.py
%{python3_sitearch}/samba/tests/samba_tool/provision_lmdb_size.py
%{python3_sitearch}/samba/tests/samba_tool/provision_password_check.py
%{python3_sitearch}/samba/tests/samba_tool/provision_userPassword_crypt.py
%{python3_sitearch}/samba/tests/samba_tool/rodc.py
%{python3_sitearch}/samba/tests/samba_tool/schema.py
%{python3_sitearch}/samba/tests/samba_tool/sites.py
@ -2277,14 +2410,19 @@ fi
%{python3_sitearch}/samba/tests/samba_tool/user.py
%{python3_sitearch}/samba/tests/samba_tool/user_check_password_script.py
%{python3_sitearch}/samba/tests/samba_tool/user_virtualCryptSHA.py
%{python3_sitearch}/samba/tests/samba_tool/user_virtualCryptSHA_base.py
%{python3_sitearch}/samba/tests/samba_tool/user_virtualCryptSHA_gpg.py
%{python3_sitearch}/samba/tests/samba_tool/user_virtualCryptSHA_userPassword.py
%{python3_sitearch}/samba/tests/samba_tool/user_wdigest.py
%{python3_sitearch}/samba/tests/samba_tool/visualize.py
%{python3_sitearch}/samba/tests/samba_tool/visualize_drs.py
%{python3_sitearch}/samba/tests/samdb.py
%{python3_sitearch}/samba/tests/samdb_api.py
%{python3_sitearch}/samba/tests/sddl.py
%{python3_sitearch}/samba/tests/security.py
%{python3_sitearch}/samba/tests/segfault.py
%{python3_sitearch}/samba/tests/smb.py
%{python3_sitearch}/samba/tests/smb-notify.py
%{python3_sitearch}/samba/tests/smbd_base.py
%{python3_sitearch}/samba/tests/smbd_fuzztest.py
%{python3_sitearch}/samba/tests/source.py
@ -2338,7 +2476,9 @@ fi
%files winbind-krb5-locator
%ghost %{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so
%dir %{_libdir}/samba/krb5
%{_libdir}/samba/krb5/winbind_krb5_locator.so
%{_libdir}/samba/krb5/async_dns_krb5_locator.so
%config(noreplace) /etc/ld.so.conf.d/*
%files winbind-modules
@ -2384,11 +2524,10 @@ fi
%{_sbindir}/ctdbd
%{_sbindir}/ctdbd_wrapper
%{_bindir}/ctdb
%{_bindir}/ctdb_local_daemons
%{_bindir}/ping_pong
%{_bindir}/ltdbtool
%{_bindir}/ctdb_diagnostics
%{_bindir}/ltdbtool
%{_bindir}/onnode
%{_bindir}/ping_pong
%dir %{_libexecdir}/ctdb
%{_libexecdir}/ctdb/ctdb-config
@ -2403,6 +2542,7 @@ fi
%{_libexecdir}/ctdb/ctdb_recovery_helper
%{_libexecdir}/ctdb/ctdb_takeover_helper
%{_libexecdir}/ctdb/smnotify
%{_libexecdir}/ctdb/tdb_mutex_check
%dir %{_localstatedir}/lib/ctdb/
%dir %{_localstatedir}/lib/ctdb/persistent
@ -2428,6 +2568,7 @@ fi
%{_datadir}/ctdb/events/legacy/31.clamd.script
%{_datadir}/ctdb/events/legacy/40.vsftpd.script
%{_datadir}/ctdb/events/legacy/41.httpd.script
%{_datadir}/ctdb/events/legacy/48.netbios.script
%{_datadir}/ctdb/events/legacy/49.winbind.script
%{_datadir}/ctdb/events/legacy/50.samba.script
%{_datadir}/ctdb/events/legacy/60.nfs.script
@ -2435,8 +2576,10 @@ fi
%{_datadir}/ctdb/events/legacy/91.lvs.script
%config(noreplace) /etc/ld.so.conf.d/*
%if %{with testsuite}
%files -n ctdb-tests
%doc ctdb/tests/README
%{_bindir}/ctdb_local_daemons
%{_bindir}/ctdb_run_tests
%{_bindir}/ctdb_run_cluster_tests
@ -2528,6 +2671,7 @@ fi
%{_datadir}/ctdb/tests/INTEGRATION/database/basics.004.wipe.sh
%{_datadir}/ctdb/tests/INTEGRATION/database/basics.010.backup_restore.sh
%{_datadir}/ctdb/tests/INTEGRATION/database/fetch.001.ring.sh
%{_datadir}/ctdb/tests/INTEGRATION/database/fetch.002.ring-hotkeys.sh
%{_datadir}/ctdb/tests/INTEGRATION/database/readonly.001.basic.sh
%{_datadir}/ctdb/tests/INTEGRATION/database/recovery.001.volatile.sh
%{_datadir}/ctdb/tests/INTEGRATION/database/recovery.002.large.sh
@ -2572,7 +2716,6 @@ fi
%{_datadir}/ctdb/tests/INTEGRATION/simple/basics.005.process_exists.sh
%{_datadir}/ctdb/tests/INTEGRATION/simple/basics.010.statistics.sh
%{_datadir}/ctdb/tests/INTEGRATION/simple/basics.011.statistics_reset.sh
%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.001.isnotrecmaster.sh
%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.002.recmaster_yield.sh
%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.010.getrelock.sh
%{_datadir}/ctdb/tests/INTEGRATION/simple/cluster.012.reclock_command.sh
@ -2640,6 +2783,8 @@ fi
%{_datadir}/ctdb/tests/UNIT/cunit/sock_io_test_001.sh
%{_datadir}/ctdb/tests/UNIT/cunit/srvid_test_001.sh
%{_datadir}/ctdb/tests/UNIT/cunit/system_socket_test_001.sh
%{_datadir}/ctdb/tests/UNIT/cunit/system_socket_test_002.sh
%{_datadir}/ctdb/tests/UNIT/cunit/system_socket_test_003.sh
%dir %{_datadir}/ctdb/tests/UNIT/eventd
%dir %{_datadir}/ctdb/tests/UNIT/eventd/etc-ctdb
%{_datadir}/ctdb/tests/UNIT/eventd/etc-ctdb/ctdb.conf
@ -2823,6 +2968,8 @@ fi
%{_datadir}/ctdb/tests/UNIT/eventscripts/41.httpd.monitor.002.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/41.httpd.shutdown.002.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/41.httpd.startup.002.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/48.netbios.shutdown.011.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/48.netbios.startup.011.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/49.winbind.monitor.101.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/49.winbind.monitor.102.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/49.winbind.shutdown.002.sh
@ -2912,6 +3059,7 @@ fi
%{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/31.clamd.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/40.vsftpd.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/41.httpd.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/48.netbios.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/49.winbind.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/50.samba.sh
%{_datadir}/ctdb/tests/UNIT/eventscripts/scripts/60.nfs.sh
@ -2943,6 +3091,7 @@ fi
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/kill
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/killall
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/multipath
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/nfsconf
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/net
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/pidof
%{_datadir}/ctdb/tests/UNIT/eventscripts/stubs/pkill
@ -3103,6 +3252,7 @@ fi
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.getdbstatus.001.sh
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.getdbstatus.002.sh
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.getpid.001.sh
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.getpid.010.sh
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.getreclock.001.sh
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.getreclock.002.sh
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.getvar.001.sh
@ -3129,6 +3279,7 @@ fi
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.lvs.006.sh
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.lvs.007.sh
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.lvs.008.sh
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.lvs.010.sh
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.natgw.001.sh
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.natgw.002.sh
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.natgw.003.sh
@ -3137,6 +3288,7 @@ fi
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.natgw.006.sh
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.natgw.007.sh
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.natgw.008.sh
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.natgw.010.sh
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.nodestatus.001.sh
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.nodestatus.002.sh
%{_datadir}/ctdb/tests/UNIT/tool/ctdb.nodestatus.003.sh
@ -3207,12 +3359,17 @@ fi
%dir %{_datadir}/ctdb/tests/UNIT/tool/scripts
%{_datadir}/ctdb/tests/UNIT/tool/scripts/local.sh
%config(noreplace) /etc/ld.so.conf.d/*
#endif with_testsuite
%endif
#endif with_clustering_support
%endif
%files help
%{_mandir}/man*
%dir %{_datadir}/samba/admx
%{_datadir}/samba/admx/samba.admx
%dir %{_datadir}/samba/admx/en-US
%{_datadir}/samba/admx/en-US/samba.adml
%if %{with_winexe}
### WINEXE
@ -3221,28 +3378,17 @@ fi
%endif
%changelog
* Fri Nov 05 2021 gaihuiying <gaihuiying1@huawei.com> - 4.12.5-9
* Tue Jan 18 2022 zengwefeng<zwfeng@huawei.com> - 4.15.3-2
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:fix undefined shift in put_res_rec
- DESC:add "openEuler" macro to control if cups is needed
* Fri Oct 29 2021 gaihuiying <gaihuiying1@huawei.com> - 4.12.5-8
- Type:bugfix
* Tue Jan 18 2022 zengwefeng<zwfeng@huawei.com> - 4.15.3-1
- Type:requirement
- ID:NA
- SUG:NA
- DESC:fix fuzz error:
idl: drsuapi_DsaAddressListItem_V1 limit recursion
idl: limit recurion on recursive-elements
lib: ldb Limit depth of ldb_parse_tree
librpc: ndr add recursion check macros
librpc: ndr Heap-buffer-overflow in lzxpress_decompress
librpc: ndr NDR_PULL_ALIGN check for unsigned overflow
lzxpress: add bounds checking to lzxpress decompress
lzxpress: avoid technically undefined shift
pidl: Add recursive depth checks
utils: asn1 avoid undefined behaviour
witness: idl fix length calculation for witness_IPaddrInfoList
- DESC:update samba to 4.15.3
* Mon Oct 25 2021 gaihuiying <gaihuiying1@huawei.com> - 4.12.5-7
- Type:cves