1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

7853 Commits

Author SHA1 Message Date
Joseph Sutton
0b0d8a8ece CVE-2023-0614 ldb: Add ldb_parse_tree_get_attr()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-20 10:03:38 +01:00
Joseph Sutton
4bbdd6709b CVE-2023-0614 ldb: Make use of ldb_filter_attrs_in_place()
Change all uses of ldb_kv_filter_attrs() to use
ldb_filter_attrs_in_place() instead. This function does less work than
its predecessor, and no longer requires the allocation of a second ldb
message. Some of the work is able to be split out into separate
functions that each accomplish a single task, with a purpose to make the
code clearer.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-20 10:03:38 +01:00
Joseph Sutton
4addeaaf5d CVE-2023-0614 ldb: Make ldb_filter_attrs_in_place() work in place
ldb_filter_attrs() previously did too much. Now its replacement,
ldb_filter_attrs_in_place(), only does the actual filtering, while
taking ownership of each element's values is handled in a separate
function, ldb_msg_elements_take_ownership().

Also, ldb_filter_attrs_in_place() no longer adds the distinguishedName
to the message if it is missing. That is handled in another function,
ldb_msg_add_distinguished_name().

As we're now modifying the original message rather than copying it into
a new one, we no longer need the filtered_msg parameter.

We adapt a test, based on ldb_filter_attrs_test, to exercise the new
function.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-20 10:03:38 +01:00
Joseph Sutton
7c2d0e0a06 CVE-2023-0614 ldb: Add function to filter message in place
At present this function is an exact duplicate of ldb_filter_attrs(),
but in the next commit we shall modify it to work in place, without the
need for the allocation of a second message.

The test is a near duplicate of the existing test for
ldb_filter_attrs().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-20 10:03:38 +01:00
Joseph Sutton
7982090641 CVE-2023-0614 ldb: Add function to add distinguishedName to message
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

[abartlet@samba.org Adapted to conflict from lack of new
ldb_ascii_toupper() in ldb_private.h]
2023-03-20 10:03:38 +01:00
Joseph Sutton
873d4e465f CVE-2023-0614 ldb: Add function to remove excess capacity from an ldb message
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

[abartlet@samba.org Adapted to conflict from lack of new
ldb_ascii_toupper() in ldb_private.h]
2023-03-20 10:03:38 +01:00
Joseph Sutton
891ffeaf99 CVE-2023-0614 ldb: Add function to take ownership of an ldb message
Many places in Samba depend upon various components of an ldb message
being talloc allocated, and hence able to be used as talloc contexts.
The elements and values of an unpacked ldb message point to unowned data
inside the memory-mapped database, and this function ensures that such
messages have talloc ownership of said elements and values.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-20 10:03:38 +01:00
Joseph Sutton
6519d1d8fa CVE-2023-0614 ldb:tests: Ensure all tests are accounted for
Add ldb_filter_attrs_test to the list of tests so that it actually gets
run.

Remove a duplicate ldb_msg_test that was accidentally added in commit
5ca90e758a.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-20 10:03:38 +01:00
Joseph Sutton
7153af801e CVE-2023-0614 ldb:tests: Ensure ldb_val data is zero-terminated
If the value of an ldb message element is not zero-terminated, calling
ldb_msg_find_attr_as_string() will cause the function to read off the
end of the buffer in an attempt to verify that the value is
zero-terminated. This can cause unexpected behaviour and make the test
randomly fail.

To avoid this, we must have a terminating null byte that is *not*
counted as part of the length, and so we must calculate the length with
strlen() rather than sizeof.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-20 10:03:37 +01:00
Joseph Sutton
0f8a334450 CVE-2023-0614 ldb: Add functions for handling inaccessible message elements
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-20 10:03:37 +01:00
Andrew Bartlett
ae3d273794 CVE-2023-0614 lib/ldb: Avoid allocation and memcpy() for every wildcard match candidate
The value can be quite large, the allocation will take much
longer than the actual match and is repeated per candidate
record.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15331
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
(cherry picked from commit cad96f59a0)

[abartlet@samba.org Included in the security release as this
 makes the new large_ldap.py timeout test more reliable]
2023-03-20 10:03:37 +01:00
Andrew Walker
eddd14cedb lib/replace - add extra check to bsd_attr_list
The FreeBSD extattr API may return success and truncated
namelist. We need to check for this in bsd_attr_list to
ensure that we don't accidentally read off the end of the
buffer. In the case of a truncated value, the pascal
strings for attr names will reflect the lengths as if
the value were not truncated. For example:
`58DosStrea`

In case of short read we now set error to ERANGE and
fail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15271

Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Jan  2 14:27:23 UTC 2023 on sn-devel-184

(cherry picked from commit 01cdc5e00b)

Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Mon Jan 23 10:59:28 UTC 2023 on sn-devel-184
2023-01-23 10:59:28 +00:00
Stefan Metzmacher
4477651a0d CVE-2022-37966 param: Add support for new option "kdc supported enctypes"
This allows admins to disable enctypes completely if required.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 36d0a49515)
2022-12-14 10:28:17 +00:00
Stefan Metzmacher
be57176c3a CVE-2022-37966 param: let "kdc default domain supportedenctypes = 0" mean the default
In order to allow better upgrades we need the default value for smb.conf to the
same even if the effective default value of the software changes in future.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit fa64f8fa8d)
2022-12-14 10:28:17 +00:00
Stefan Metzmacher
e7d3998bcc CVE-2022-37966 param: don't explicitly initialize "kdc force enable rc4 weak session keys" to false/"no"
This is not squashed in order to allow easier backports...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 7504a4d6fe)
2022-12-14 10:28:17 +00:00
Stefan Metzmacher
b220162824 CVE-2022-37966 lib/krb5_wrap: no longer reference des encryption types
We no longer have support for des encryption types in the kerberos
libraries anyway.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 16b805c8f3)
2022-12-14 10:28:16 +00:00
Stefan Metzmacher
911750da81 CVE-2022-37966 lib/krb5_wrap: remove unused ifdef HAVE_ENCTYPE_AES*
aes encryption types are always supported.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit c9b10ee32c)
2022-12-14 10:28:16 +00:00
Andrew Bartlett
545c20fd32 CVE-2022-37966 param: Add support for new option "kdc force enable rc4 weak session keys"
Pair-Programmed-With: Joseph Sutton <josephsutton@catalyst.net.nz>

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit ee18bc29b8)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
2022-12-14 10:28:16 +00:00
Joseph Sutton
4c2dc48598 CVE-2022-37966 param: Add support for new option "kdc default domain supportedenctypes"
This matches the Windows registry key

HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\KDC\DefaultDomainSupportedEncTypes

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit d861d4eb28)

[jsutton@samba.org Fixed header include conflict]
2022-12-14 10:28:16 +00:00
Stefan Metzmacher
d04da3d700 CVE-2022-38023 docs-xml/smbdotconf: add "server schannel require seal[:COMPUTERACCOUNT]" options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 7732a4b0bd)
2022-12-14 10:28:16 +00:00
Stefan Metzmacher
bc78864cb5 CVE-2022-38023 docs-xml/smbdotconf: change 'reject md5 clients' default to yes
AES is supported by Windows Server >= 2008R2, Windows (Client) >= 7 and Samba >= 4.0,
so there's no reason to allow md5 clients by default.
However some third party domain members may need it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit c8e53394b9)
2022-12-14 10:28:16 +00:00
Stefan Metzmacher
08e2a93393 CVE-2022-38023 docs-xml/smbdotconf: change 'reject md5 servers' default to yes
AES is supported by Windows >= 2008R2 and Samba >= 4.0 so there's no
reason to allow md5 servers by default.

Note the change in netlogon_creds_cli_context_global() is only cosmetic,
but avoids confusion while reading the code. Check with:

 git show -U35 libcli/auth/netlogon_creds_cli.c

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 1c6c112990)
2022-12-14 10:28:16 +00:00
Stefan Metzmacher
450dd63bdf lib/replace: fix memory leak in snprintf replacements
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15230

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Nov  9 11:18:02 UTC 2022 on sn-devel-184

(cherry picked from commit 76adda9d2f)
2022-11-23 12:43:15 +00:00
Stefan Metzmacher
bc16a8abe3 lib/tsocket: avoid endless cpu-spinning in tstream_bsd_fde_handler()
There were some reports that strace output an LDAP server socket is in
CLOSE_WAIT state, returning EAGAIN for writev over and over (after a call to
epoll() each time).

In the tstream_bsd code the problem happens when we have a pending
writev_send, while there's no readv_send pending. In that case
we still ask for TEVENT_FD_READ in order to notice connection errors
early, so we try to call writev even if the socket doesn't report TEVENT_FD_WRITE.
And there are situations where we do that over and over again.

It happens like this with a Linux kernel:

    tcp_fin() has this:
        struct tcp_sock *tp = tcp_sk(sk);

        inet_csk_schedule_ack(sk);

        sk->sk_shutdown |= RCV_SHUTDOWN;
        sock_set_flag(sk, SOCK_DONE);

        switch (sk->sk_state) {
        case TCP_SYN_RECV:
        case TCP_ESTABLISHED:
                /* Move to CLOSE_WAIT */
                tcp_set_state(sk, TCP_CLOSE_WAIT);
                inet_csk_enter_pingpong_mode(sk);
                break;

It means RCV_SHUTDOWN gets set as well as TCP_CLOSE_WAIT, but
sk->sk_err is not changed to indicate an error.

    tcp_sendmsg_locked has this:
    ...
        err = -EPIPE;
        if (sk->sk_err || (sk->sk_shutdown & SEND_SHUTDOWN))
                goto do_error;

        while (msg_data_left(msg)) {
                int copy = 0;

                skb = tcp_write_queue_tail(sk);
                if (skb)
                        copy = size_goal - skb->len;

                if (copy <= 0 || !tcp_skb_can_collapse_to(skb)) {
                        bool first_skb;

    new_segment:
                        if (!sk_stream_memory_free(sk))
                                goto wait_for_space;

    ...

    wait_for_space:
                set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
                if (copied)
                        tcp_push(sk, flags & ~MSG_MORE, mss_now,
                                 TCP_NAGLE_PUSH, size_goal);

                err = sk_stream_wait_memory(sk, &timeo);
                if (err != 0)
                        goto do_error;

It means if (sk->sk_err || (sk->sk_shutdown & SEND_SHUTDOWN)) doesn't
hit as we only have RCV_SHUTDOWN and sk_stream_wait_memory returns
-EAGAIN.

    tcp_poll has this:

        if (sk->sk_shutdown & RCV_SHUTDOWN)
                mask |= EPOLLIN | EPOLLRDNORM | EPOLLRDHUP;

So we'll get EPOLLIN | EPOLLRDNORM | EPOLLRDHUP triggering
TEVENT_FD_READ and writev/sendmsg keeps getting EAGAIN.

So we need to always clear TEVENT_FD_READ if we don't
have readable handler in order to avoid burning cpu.
But we turn it on again after a timeout of 1 second
in order to monitor the error state of the connection.

And now that our tsocket_bsd_error() helper checks for POLLRDHUP,
we can check if the socket is in an error state before calling the
writable handler when TEVENT_FD_READ was reported.
Only on error we'll call the writable handler, which will pick
the error without calling writev().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15202

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit e232ba946f)
2022-10-31 14:30:09 +00:00
Stefan Metzmacher
aeb7dd2ca8 lib/tsocket: remember the first error as tstream_bsd->error
If we found that the connection is broken, there's no point
in trying to use it anymore, so just return the first error we detected.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15202

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 4c7e2b9b60)
2022-10-31 14:30:09 +00:00
Stefan Metzmacher
d8d5146d16 lib/tsocket: check for errors indicated by poll() before getsockopt(fd, SOL_SOCKET, SO_ERROR)
This also returns an error if we got TCP_FIN from the peer,
which is only reported by an explicit POLLRDHUP check.

Also on FreeBSD getsockopt(fd, SOL_SOCKET, SO_ERROR) fetches
and resets the error, so a 2nd call no longer returns an error.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15202

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 29a65da63d)
2022-10-31 14:30:09 +00:00
Stefan Metzmacher
119bf60998 lib/tsocket: split out tsocket_bsd_error() from tsocket_bsd_pending()
This will be used on its own soon.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15202

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 9950efd83e)
2022-10-31 14:30:08 +00:00
Andrew Bartlett
c805ccba33 lib/tsocket: Add tests for loop on EAGAIN
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15202

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit f0fb8b9508)
2022-10-31 14:30:08 +00:00
Pavel Filipenský
d9a144e8c4 lib:replace: Add macro BURN_STR() to zero memory of a string
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 8564380346)

[jsutton@samba.org Fixed conflict]
2022-09-18 16:46:09 +00:00
Joseph Sutton
a3aebea489 lib:util: Check memset_s() error code in talloc_keep_secret_destructor()
Panic if memset_s() fails.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 03a50d8f7d)
2022-09-18 16:46:09 +00:00
Joseph Sutton
b7351888e8 CVE-2021-20251 lib:crypto: Add md4_hash_blob() for hashing data with MD4
This lets us access MD4, which might not be available in hashlib, from
Python. This function is used in a following commit for hashing a
password to obtain the verifier for a SAMR password change.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 17b8d164f6)
2022-09-18 16:46:09 +00:00
Joseph Sutton
3542483de3 CVE-2021-20251 lib:crypto: Add des_crypt_blob_16() for encrypting data with DES
This lets us access single-DES from Python. This function is used in a
following commit for encrypting an NT hash to obtain the verifier for a
SAMR password change.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit b27a67af02)

[jsutton@samba.org Fixed wscript conflict introduced by commit
 61aeb77407]
2022-09-18 16:46:09 +00:00
Andreas Schneider
df7d6f0c48 lib:replace: Only include <sys/mount.h> on non-Linux systems
Details at:
https://sourceware.org/glibc/wiki/Release/2.36#Usage_of_.3Clinux.2Fmount.h.3E_and_.3Csys.2Fmount.h.3E

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15132

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 766151bf5b)

Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Tue Aug 23 08:53:41 UTC 2022 on sn-devel-184
2022-08-23 08:53:41 +00:00
Joseph Sutton
99bbd95a1d CVE-2022-2031 lib:krb5_wrap: Generate valid error codes in smb_krb5_mk_error()
The error code passed in will be an offset from ERROR_TABLE_BASE_krb5,
so we need to subtract that before creating the error. Heimdal does this
internally, so it isn't needed there.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15074

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2022-07-24 09:23:55 +02:00
Andrew Bartlett
90ef792d90 CVE-2022-32746 ldb: Release LDB 2.5.2
* CVE-2022-32746 Use-after-free occurring in database audit logging module (bug 15009)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2022-07-24 09:20:22 +02:00
Joseph Sutton
18b73e01ca CVE-2022-32746 ldb: Make use of functions for appending to an ldb_message
This aims to minimise usage of the error-prone pattern of searching for
a just-added message element in order to make modifications to it (and
potentially finding the wrong element).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-07-24 09:20:21 +02:00
Joseph Sutton
c0127af98b CVE-2022-32746 ldb: Add functions for appending to an ldb_message
Currently, there are many places where we use ldb_msg_add_empty() to add
an empty element to a message, and then call ldb_msg_add_value() or
similar to add values to that element. However, this performs an
unnecessary search of the message's elements to locate the new element.
Moreover, if an element with the same attribute name already exists
earlier in the message, the values will be added to that element,
instead of to the intended newly added element.

A similar pattern exists where we add values to a message, and then call
ldb_msg_find_element() to locate that message element and sets its flags
to (e.g.) LDB_FLAG_MOD_REPLACE. This also performs an unnecessary
search, and may locate the wrong message element for setting the flags.

To avoid these problems, add functions for appending a value to a
message, so that a particular value can be added to the end of a message
in a single operation.

For ADD requests, it is important that no two message elements share the
same attribute name, otherwise things will break. (Normally,
ldb_msg_normalize() is called before processing the request to help
ensure this.) Thus, we must be careful not to append an attribute to an
ADD message, unless we are sure (e.g. through ldb_msg_find_element())
that an existing element for that attribute is not present.

These functions will be used in the next commit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-07-24 09:20:21 +02:00
Joseph Sutton
a7a59c540b CVE-2022-32746 ldb: Ensure shallow copy modifications do not affect original message
Using the newly added ldb flag, we can now detect when a message has
been shallow-copied so that its elements share their values with the
original message elements. Then when adding values to the copied
message, we now make a copy of the shared values array first.

This should prevent a use-after-free that occurred in LDB modules when
new values were added to a shallow copy of a message by calling
talloc_realloc() on the original values array, invalidating the 'values'
pointer in the original message element. The original values pointer can
later be used in the database audit logging module which logs database
requests, and potentially cause a crash.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-07-24 09:20:21 +02:00
Joseph Sutton
513574283d CVE-2022-32746 ldb: Add flag to mark message element values as shared
When making a shallow copy of an ldb message, mark the message elements
of the copy as sharing their values with the message elements in the
original message.

This flag value will be heeded in the next commit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-07-24 09:20:21 +02:00
Joseph Sutton
ef8e25cf53 CVE-2022-32746 ldb:rdn_name: Use LDB_FLAG_MOD_TYPE() for flags equality check
Now unrelated flags will no longer affect the result.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-07-24 09:20:21 +02:00
Samuel Cabrero
3537ef5acb replace: Check for -Wuse-after-free
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15095

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 89e0c732b1)
2022-07-18 08:47:13 +00:00
Douglas Bagnall
edd5a85127 cmdline_s4: re-initialise logging once loadparm is ready
The first time round we maybe didn't know which files we wanted to log to.
Suppose, for example, we had an smb.conf with

 log level = 1 dsdb_group_json_audit:5@/var/log/group_json.log

we wouldn't see anything in "/var/log/group_json.log", while the level
5 dsdb_group_json_audit messages would go into the main log.

Note that the named file would still be opened by winbindd and others
that use the s3 code, but would remain empty as they don't have anything
to say about dsdb_group_json_audit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15076

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 9537ac723c)
2022-06-18 08:47:17 +00:00
Martin Schwenke
a393eab06a util: Add new debug setting debug_no_stderr_redirect
CTDB doesn't want this redirection of stderr to the log file.  It
expects to be able to capture stderr of subprocesses and log them with
a header.  This redirection stops that from happening.

Unfortunately this has to be a negative option (i.e. "no" in the name)
so that the default of 0/false maintains existing behaviour.

Note that the default behaviour is sub-optimal because it causes raw
data (i.e. debug data without a header) to appear in the log.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15090

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit a8091bd0c5)
2022-06-18 08:47:17 +00:00
Samuel Cabrero
9bab57ae40 Revert "lib:util: Remove NIS support from string_match()"
This partly reverts commit 620de975f1.

Drop chunk including system/nis.h, drop wscript_build modifications,
use getdomainname() from glibc instead of yp_get_default_domain() from
libnsl.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15087

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit b3034f1209)

Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Sun Jun 12 10:17:00 UTC 2022 on sn-devel-184
2022-06-12 10:17:00 +00:00
Stefan Metzmacher
56eca40741 ldb: version 2.5.1
* Fix build problems

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15071

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(v4-16-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-16-test): Thu Jun  9 12:14:04 UTC 2022 on sn-devel-184
2022-06-09 12:14:04 +00:00
Ralph Boehme
c3ce1fec59 lib/util/gpfswrap: remove unused gpfswrap_get_winattrs_path()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jun  3 21:53:31 UTC 2022 on sn-devel-184

(cherry picked from commit 3bd753983c)
2022-06-09 08:54:17 +00:00
Ralph Boehme
72ef38a974 lib/util/gpfswrap: remove unused gpfswrap_getacl()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit 9172c5ff6a)
2022-06-09 08:54:16 +00:00
Ralph Boehme
1d4f8f3e47 lib/util/gpfswrap: add gpfswrap_fgetacl()
Adds handle based version of gpfswrap_getacl().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit d373ff3c01)
2022-06-09 08:54:16 +00:00
Stefan Metzmacher
9aa78f15fd docs-xml: add 'kdc enable fast' option
This will be useful to test against a KDC without FAST support
and find/prevent regressions.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15002
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15005

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
(cherry picked from commit 12b623088c)
2022-03-14 14:27:13 +00:00
Samuel Cabrero
a4b9a9ce8e lib:krb5_wrap: Fix wrong debug message and use newer debug macro
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 1b5b4107a5)
2022-02-25 17:12:17 +00:00