1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

5149 Commits

Author SHA1 Message Date
Andreas Schneider
01c31c8f6d s3:spoolss: Remove dead code
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-08-03 14:31:34 +00:00
Ralph Boehme
c2e83ebe72 mdssvc: fix returning file modification date for older Mac releases
Mac 10.10 uses kMDItemContentModificationDate instead of
kMDItemFSContentChangeDate.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jul 26 23:42:44 UTC 2023 on atb-devel-224
2023-07-26 23:42:44 +00:00
Ralph Boehme
620ca1e68d mdssvc: fix date marshalling
Did this ever work? Possible just copied over from Netatalk and was always
broken... The Mac client expects the timevalue as seconds relative to
2001-01-01 00:00:00 UTC, packed as IEEE float.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-07-26 22:43:38 +00:00
Ralph Boehme
9dc66fecf7 mdssvc: prepare for returning timestamps with sub-seconds granularity
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-07-26 22:43:38 +00:00
Ralph Boehme
724a0518c9 mdssvc: reduce pagesize to 50
Lastest macOS queries additional file metadata per search result, which causes
the mashalled paged result set including metadata to exceed the 64 KB result
fragment buffer.

Lacking fragementation support in mdssvc (it's supported by the protocol), for
now just reduce the maximum number of results per search page.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15342

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-07-26 22:43:38 +00:00
Ralph Boehme
d8fa5c8e2a mdssvc: fix enforcement of "elasticsearch:max results"
This wasn't enforced at all thus a query would return all available matches
without limit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15342

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-07-26 22:43:38 +00:00
Ralph Boehme
086c2602d0 mdssvc: add and use SL_PAGESIZE
SL_PAGESIZE is the number of entries we want to process per paged search result
set. This is different from MAX_SL_RESULTS which ought to be a default maximum
value for total number of results returned for a search query.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15342

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-07-26 22:43:38 +00:00
Ralph Boehme
925fefae20 mdssvc: fix long running backend queries
If a query is still running in the backend and we have no results yet, returning
0 triggers a search termination by the client in latest macOS releases. macOS
returns 0x23 in this case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15342

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-07-26 22:43:38 +00:00
Ralph Boehme
4149ef97e5 mdssvc: set query state for continued queries to SLQ_STATE_RUNNING
SLQ_STATE_RESULTS implies that there are already results attached to the slq
which is not the case. Instead the backend will start processing from where it
left off when it hits the maximum result limit and had set the state to
SLQ_STATE_FULL.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15342

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-07-26 22:43:38 +00:00
Ralph Boehme
424af98c89 mdscli: increase MAX_SLQ_COUNT
Now that the client supports fragementation, when procesing reassambled large
result sets from macOS Spotlight server, it's possible to hit this limit in the
client. Let's just increase it to some larger value.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
2023-07-24 15:18:32 +00:00
Ralph Boehme
b8e0f02f08 mdscli: increase MAX_SLQ_TOCIDX
Now that the client supports fragementation, when procesing reassambled large
result sets from macOS Spotlight server, it's possible to hit this limit in the
client. Let's just increase it to some larger value.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
2023-07-24 15:18:32 +00:00
Ralph Boehme
1149d497b3 mdssvc: increase MAX_SLQ_TOC
Now that the client supports fragementation, when procesing reassambled large
result sets from macOS Spotlight server, it's possible to hit this limit in the
client. Let's just increase it to some larger value.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
2023-07-24 15:18:32 +00:00
Ralph Boehme
68bb582bc5 mdssvc: introduce MAX_MDSCMD_SIZE
Allow larger value for the reassembled mdscmd's. Now that the client supports
fragementation, when processing reassambled large result sets from macOS
Spotlight server, it's possible to hit this limit in the unmarshalling
code. Let's just increase it to some larger value.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
2023-07-24 15:18:32 +00:00
Ralph Boehme
27980c87c9 mdssvc: remove duplicate define of MAX_SL_FRAGMENT_SIZE
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
2023-07-24 15:18:32 +00:00
Ralph Boehme
578e434a94 CVE-2023-34968: mdssvc: return a fake share path
Instead of returning the real server-side absolute path of shares and search
results, return a fake absolute path replacing the path of the share with the
share name, iow for a share "test" with a server-side path of "/foo/bar", we
previously returned

  /foo/bar and
  /foo/bar/search/result

and now return

  /test and
  /test/search/result

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-07-21 12:05:35 +00:00
Ralph Boehme
d402c0cc6a CVE-2023-34968: mdssvc: introduce an allocating wrapper to sl_pack()
sl_pack_alloc() does the buffer allocation that previously all callers of
sl_pack() did themselves.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-07-21 12:05:35 +00:00
Ralph Boehme
ac9008a20c CVE-2023-34968: mdssvc: switch to doing an early return
Just reduce indentation of the code handling the success case. No change in
behaviour.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-07-21 12:05:35 +00:00
Ralph Boehme
33b82c6185 CVE-2023-34968: mdssvc: remove response blob allocation
This is alreay done by NDR for us.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-07-21 12:05:35 +00:00
Ralph Boehme
70184ef3b4 CVE-2023-34968: mdssvc: add missing "kMDSStoreMetaScopes" dict key in slrpc_fetch_properties()
We were adding the value, but not the key.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-07-21 12:05:35 +00:00
Ralph Boehme
02552493e3 CVE-2023-34968: mdssvc: cache and reuse stat info in struct sl_inode_path_map
Prepare for the "path" being a fake path and not the real server-side
path where we won't be able to vfs_stat_fsp() this fake path. Luckily we already
got stat info for the object in mds_add_result() so we can just pass stat info
from there.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-07-21 12:05:35 +00:00
Ralph Boehme
4c60e35add CVE-2023-34967: mdssvc: add type checking to dalloc_value_for_key()
Change the dalloc_value_for_key() function to require an additional final
argument which denotes the expected type of the value associated with a key. If
the types don't match, return NULL.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15341

Signed-off-by: Ralph Boehme <slow@samba.org>
2023-07-21 12:05:35 +00:00
Ralph Boehme
38664163fc CVE-2023-34966: mdssvc: harden sl_unpack_loop()
A malicious client could send a packet where subcount is zero, leading to a busy
loop because

    count -= subcount
=>  count -= 0
=>  while (count > 0)

loops forever.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15340

Signed-off-by: Ralph Boehme <slow@samba.org>
2023-07-21 12:05:35 +00:00
Andreas Schneider
9826fd4588 s3:rpc_server: Fix code spelling
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-07-19 09:58:37 +00:00
Stefan Metzmacher
dfeabce44f s3:rpc_server:netlogon: generate FAULT_INVALID_TAG for invalid netr_LogonGetCapabilities levels
This is important as Windows clients with KB5028166 seem to
call netr_LogonGetCapabilities with query_level=2 after
a call with query_level=1.

An unpatched Windows Server returns DCERPC_NCA_S_FAULT_INVALID_TAG
for query_level values other than 1.
While Samba tries to return NT_STATUS_NOT_SUPPORTED, but
later fails to marshall the response, which results
in DCERPC_FAULT_BAD_STUB_DATA instead.

Because we don't have any documentation for level 2 yet,
we just try to behave like an unpatched server and
generate DCERPC_NCA_S_FAULT_INVALID_TAG instead of
DCERPC_FAULT_BAD_STUB_DATA.
Which allows patched Windows clients to keep working
against a Samba DC.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15418

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Jul 17 07:35:09 UTC 2023 on atb-devel-224
2023-07-17 07:35:09 +00:00
Pavel Filipenský
6f073f258f s3:rpc_server: Fix double blackslash issue in dfs path
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15400

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jul  5 20:24:35 UTC 2023 on atb-devel-224
2023-07-05 20:24:35 +00:00
Pavel Filipenský
8c10f53928 s3:rpc_server: Initialize consumedcnt to 0 in _dfs_GetInfo()
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-07-05 19:26:31 +00:00
Andrew Bartlett
eda1022b59 crypto: Rely on GnuTLS 3.6.13 and gnutls_pbkdf2()
This removes a lot of inline #ifdef and means this feature is always tested.

We can do this as we have chosen GnuTLS 3.6.13 as the new minimum version.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-06-30 14:00:38 +00:00
Joseph Sutton
ca9d27ae99 auth: Add functionality to log client and server policy information
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-25 23:29:32 +00:00
Volker Lendecke
c64699aeb0 rpc_server: Fix talloc hierarchy in _srvsvc_NetSrvGetInfo()
Make ->comment a proper talloc child of the right structure.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-06-16 16:14:31 +00:00
Volker Lendecke
59694ad0a4 rpc_server3: Pass winbind_env_set() state through to rpcd_*
Winbind can ask rpcd_lsad for LookupNames etc. This can recurse back
into winbind for getpwnam. We have the "_NO_WINBINDD" environment
variable set in winbind itself for this case, but this is lost on the
way into rpcd_lsad. Use a flag in global_sid_Samba_NPA_Flags to pass
this information to dcerpc_core, where it sets the variable on every
call if requested.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue May 16 11:54:32 UTC 2023 on atb-devel-224
2023-05-16 11:54:32 +00:00
Volker Lendecke
bdba027a33 rpc: Remove named_pipe_auth_req_info6->need_idle_server
Involves bumping up the version number

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-05-16 10:53:40 +00:00
Volker Lendecke
31180e0e6d rpc_server3: Use global_sid_Samba_NPA_Flags to pass "need_idle"
More code, but will be more flexible in the future.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-05-16 10:53:40 +00:00
Ralph Boehme
3633027e49 rpcd_mdssvc: initialize POSIX locking
Otherwise the posix_pending_close_db is NULL and we crash when trying to close a
file descriptor:

   #4 /usr/lib64/samba/libdbwrap-samba4.so(dbwrap_parse_record+0xe) [0x7fbc5d05c8ae]
   #5 /usr/lib64/samba/libdbwrap-samba4.so(dbwrap_fetch_int32+0x38) [0x7fbc5d05d438]
   #6 /usr/lib64/samba/libsmbd-base-samba4.so(fd_close_posix+0x7b) [0x7fbc5e276f8b]
   #7 /usr/lib64/samba/libsmbd-base-samba4.so(+0x57900) [0x7fbc5e28a900]
   #8 /usr/lib64/samba/libsmbd-base-samba4.so(fd_close+0x68) [0x7fbc5e2b7ea8]
   #9 /usr/lib64/samba/libsmbd-base-samba4.so(+0x62608) [0x7fbc5e295608]
   #10 /usr/lib64/samba/libtalloc-samba4.so(_talloc_free+0x51b) [0x7fbc5d9f439b]
   #11 /usr/lib64/samba/vfs/fruit.so(+0xcac2) [0x7fbc45fcdac2]
   #12 /usr/lib64/samba/vfs/fruit.so(+0xcbdd) [0x7fbc45fcdbdd]
   #13 /usr/lib64/samba/vfs/fruit.so(+0xf603) [0x7fbc45fd0603]
   #14 /usr/lib64/samba/libsmbd-base-samba4.so(+0x56375) [0x7fbc5e289375]
   #15 /usr/lib64/samba/vfs/nothingtoseeherereally.so(+0x196c) [0x7fbc467f996c]
   #16 /usr/lib64/samba/vfs/streams_xattr.so(+0x51fc) [0x7fbc461e71fc]
   #17 /usr/lib64/samba/libsmbd-base-samba4.so(+0xade3a) [0x7fbc5e2e0e3a]
   #18 /usr/lib64/samba/libsmbd-base-samba4.so(create_conn_struct_cwd+0x44) [0x7fbc5e2e1cf4]
   #19 /usr/libexec/samba/rpcd_mdssvc(mds_init_ctx+0x2c3) [0x563fdac08f03]
   #20 /usr/libexec/samba/rpcd_mdssvc(_mdssvc_open+0x141) [0x563fdac0b4d1]

The corresponding open is done as part of initializing a connection_struct
object, where we chdir() and stat() the root path of the share. The stat() in
vfs_fruit causes an expensive metadata request on the path which triggers an
internal open of a pathref handle. Note that this only affects servers that have
fruit:metadata = netatalk set, which is the default unfortunately.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15354

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Apr  7 21:12:21 UTC 2023 on atb-devel-224
2023-04-07 21:12:21 +00:00
Volker Lendecke
dec4d5aa9d rpcd: Use size_t for walking an array
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-09 18:10:33 +00:00
Volker Lendecke
a1780ed8d1 rpcd: With npa->need_idle_server we can have more than 256 servers
Before this patch the worker-status cut the worker index such that
samba-dcerpcd could not properly update status of the surplus rpc
daemons. This could lead to those daemons to stay around forever,
samba-dcerpcd will never notice they are idle and can exit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15310

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Mar  6 22:35:00 UTC 2023 on atb-devel-224
2023-03-06 22:35:00 +00:00
Volker Lendecke
f23eb1b3b7 rpcd: Increase listening queue
Allow more waiters under load.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15310

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-06 21:32:35 +00:00
Joseph Sutton
d128d401f0 s3:rpc_server/netlogon: Fix typo
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-03 01:07:37 +00:00
Joseph Sutton
5147f011d9 auth: Shorten long SID flags combinations
The combination MANDATORY | ENABLED_BY_DEFAULT | ENABLED is very
commonly used, and introducing a shorter alias for it makes the code
clearer.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 00:03:39 +00:00
Joseph Sutton
8aef16bbbc named_pipe_auth: Bump info5 to info6
In the next commit, we shall replace the 'authenticated' field of
named_pipe_auth_req_info.info5.session_info.session_info.info with a
more general 'user_flags' field.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 00:03:39 +00:00
Andreas Schneider
f266e9e2dc s3:rpcsrv:eventlog: Remove unused variable
source3/rpc_server/eventlog/srv_eventlog_nt.c:634:11: error: variable
  'num_records_read' set but not used [-Werror,-Wunused-but-set-variable]
        uint32_t num_records_read = 0;

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-02-06 22:51:31 +00:00
Ralph Boehme
1dd0cd2f4e mdssvc: fix kMDScopeArray parsing
In macOS Ventura marshalling of kMDScopeArray in the "openQueryWithParams"
request has changed from

  string: kMDScopeArray
  sl_array_t(#1): {
    string: /foo/bar
  }

to:

  string: kMDScopeArray
  sl_array_t(#1): {
    sl_array_t(#1): {
      string: /foo/bar
    }
  }

With this patch we check both encodings. Bug fixed according to user feedback.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15299
RN: Spotlight doesn't work with latest macOS Ventura

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-02-02 20:14:36 +00:00
Stefan Metzmacher
91f1567cdc s3:rpc_server/mdssvc: don't crash mdssvc_tracker_shutdown with NULL glue
If mdssvc_tracker_shutdown() is called without any mds_tracker_connect()
we would crash as mdssvc_tracker_init() don't call
mdssvc_tracker_prepare().

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jan 19 19:46:01 UTC 2023 on atb-devel-224
2023-01-19 19:46:01 +00:00
Volker Lendecke
b73ecb28a7 lib: Remove idtree from samba_util.h
No need to recompile the world when only a few files need this.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-01-10 00:28:37 +00:00
Volker Lendecke
43f041de65 lib: Add "starting_id" to idr_get_new_random()
To be used in smbXsrv_open.c, for this we need a lower bound.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-01-10 00:28:37 +00:00
Samuel Cabrero
56837f3d31 CVE-2022-38023 s3:rpc_server/netlogon: Avoid unnecessary loadparm_context allocations
After s3 and s4 rpc servers merge the loadparm_context is available in
the dcesrv_context structure.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jan  9 15:17:14 UTC 2023 on sn-devel-184
2023-01-09 15:17:14 +00:00
Samuel Cabrero
a0b97e2623 CVE-2022-38023 s3:rpc_server/netlogon: Check for global "server schannel require seal"
By default we'll now require schannel connections with privacy/sealing/encryption.

But we allow exceptions for specific computer/trust accounts.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-01-09 14:23:36 +00:00
Samuel Cabrero
ca07f4340c CVE-2022-38023 s3:rpc_server/netlogon: make sure all _netr_LogonSamLogon*() calls go through dcesrv_netr_check_schannel()
Some checks are also required for _netr_LogonSamLogonEx().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-01-09 14:23:36 +00:00
Samuel Cabrero
25300d354c CVE-2022-38023 s3:rpc_server/netlogon: Use dcesrv_netr_creds_server_step_check()
After s3 and s4 rpc servers merge we can avoid duplicated code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-01-09 14:23:36 +00:00
Samuel Cabrero
8141eae47a CVE-2022-38023 s3:rpc_server/netlogon: 'server schannel != yes' warning to dcesrv_interface_netlogon_bind
Follow s4 netlogon server changes and move the checks to the RPC bind
hook. Next commits will remove the s3 netr_creds_server_step_check()
function.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-01-09 14:23:35 +00:00
Stefan Metzmacher
f28553105b s3:rpc_server/srvsvc: make sure we (re-)load all shares as root.
This fixes a regression in commit f03665bb7e

The use of reload_services() has a lot of side effects, e.g. reopen of
log files and other things, which are only useful in smbd, but not in rpcd_classic.
It was also unloading the user and registry shares we loaded a few lines
above.

We need to do all (re-)loading as root, otherwise we won't be able
to read root only smb.conf files, access registry shares, ...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15243
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15266

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Walker <awalker@ixsystems.com>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Dec 29 21:14:02 UTC 2022 on sn-devel-184
2022-12-29 21:14:02 +00:00