1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

1950 Commits

Author SHA1 Message Date
Joseph Sutton
38b93532a7 libcli/security: Remove unnecessary cast
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:37 +00:00
Joseph Sutton
aa0cddad52 libcli/security: Use portable format specifiers
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:37 +00:00
Joseph Sutton
dbf53bf3d5 libcli/security: Fix integer overflow
On a typical machine where the size of ‘int’ is 32 bits or smaller, a
sub-authority of 2147483649 would be ordered before a sub-authority of
1, even though it is greater.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:37 +00:00
Joseph Sutton
5cf61ed2e3 libcli/security: Remove unused function sid_compare_domain()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:37 +00:00
Joseph Sutton
3870e00fc5 libcli/security: Call dom_sid_compare_domain() instead of sid_compare_domain()
The two functions are identical in behaviour.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:37 +00:00
Joseph Sutton
f05ed66295 libcli/auth: Add missing newline to logging message
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:37 +00:00
Joseph Sutton
45ef3ab99c smbXcli: Remove call to utf16_len_n()
This code was probably intended to refer to ‘blob1’ rather than to
‘blob2’. As it is, it fails to achieve anything.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:37 +00:00
Joseph Sutton
d6a6dcc0c6 libcli/ldap: Don’t try to encode NULL name
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:37 +00:00
Joseph Sutton
748cbac2fa libcli/security: Cast isupper() argument to ‘unsigned char’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:36 +00:00
Joseph Sutton
60f4d873b7 libcli/security: Remove unnecessary code
The revision has already been set at the start of this function.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:36 +00:00
Joseph Sutton
2b33c919c5 libcli/auth: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:36 +00:00
Joseph Sutton
0e653af8d6 libcli: Add missing newlines to logging messages
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:36 +00:00
Joseph Sutton
edad945339 librpc/nbt: Avoid reading invalid member of union
WACK packets use the ‘data’ member of the ‘nbt_rdata’ union, but they
claim to be a different type — NBT_QTYPE_NETBIOS — than would normally
be used with that union member. This means that if rr_type is equal to
NBT_QTYPE_NETBIOS, ndr_push_nbt_res_rec() has to guess which type the
structure really is by examining the data member. However, if the
structure is actually of a different type, that union member will not be
valid and accessing it will invoke undefined behaviour.

To fix this, eliminate all the guesswork and introduce a new type,
NBT_QTYPE_WACK, which can never appear on the wire, and which indicates
that although the ‘data’ union member should be used, the wire type is
actually NBT_QTYPE_NETBIOS.

This means that as far as NDR is concerned, the ‘netbios’ member of the
‘nbt_rdata’ union will consistently be used for all NBT_QTYPE_NETBIOS
structures; we shall no longer access the wrong member of the union.

Credit to OSS-Fuzz.

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38480

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15019

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Fri Jul  7 01:14:06 UTC 2023 on atb-devel-224
2023-07-07 01:14:06 +00:00
Andrew Bartlett
3522cddf9c libcli/smb: Remove unused fallback case for ALLOW_GNUTLS_AEAD_CIPHER_ENCRYPTV2_AES_GCM
We now require a GnuTLS version that is not impacted for AES-GCM
(fixed in 3.6.11, we require 3.6.13).

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jul  4 07:42:35 UTC 2023 on atb-devel-224
2023-07-04 07:42:35 +00:00
Volker Lendecke
3d6befda58 lib: Move IO_REPARSE_TAG_NFS subtypes to toplevel
They should be generally available

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-07-03 19:40:35 +00:00
Andrew Bartlett
11b3c6826d Remove redundant check and fallback for AES CMAC 128 as we now require GnuTLS 3.6.13
This allows us to remove a lot of conditionally compiled code and so
know with more certainly that our tests are covering our code-paths.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-06-30 14:00:38 +00:00
Andrew Bartlett
a21ca8ac9c Remove rudundent check and fallback for AES CFB8 as we now require GnuTLS 3.6.13
This allows us to remove a lot of conditionally compiled code and so
know with more certaintly that our tests are covering our codepaths.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-06-30 14:00:38 +00:00
Andrew Bartlett
a815eead84 Remove rudundent check/workaround for buggy GnuTLS 3.5.2 as we now require GnuTLS 3.6.13
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-06-30 14:00:38 +00:00
Andreas Schneider
232f281bd4 libcli:smbreadline: Fix code spelling
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-23 13:44:31 +00:00
Volker Lendecke
12cbb043d1 libcli: Simplify security_token_is_sid()
Avoid an explicit if-statement.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-06-16 16:14:30 +00:00
Volker Lendecke
9e2723988e libcli: Simplify dom_sid_dup()
We have sid_copy() for this.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-06-16 16:14:30 +00:00
Joseph Sutton
efb85e3d6d s4/scripting/bin: Add NT_STATUS_OK to list of definitions
Add NT_STATUS_OK to our pre-generated list of status codes. Ensure it
goes first in the list to ensure that code that previously found this
error code in ‘special_errs’ maintains the same behaviour by falling
back to ‘nt_errs’.

This makes NT_STATUS_OK available to Python code using the ‘ntstatus’
module.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-14 22:57:35 +00:00
Joseph Sutton
7f692601c5 libcli: Don’t call memcpy() with a NULL pointer
Doing so is undefined behaviour.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-05-29 22:32:28 +00:00
Joseph Sutton
c782dd2ffe libcli: Add missing include
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-05-18 01:03:37 +00:00
Joseph Sutton
2a8db07293 auth: Return status code if configuration prohibits NTLM
Currently, we rely on ‘stored_nt’ being NULL to give an
NT_STATUS_WRONG_PASSWORD error.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-05-16 23:29:32 +00:00
Volker Lendecke
59694ad0a4 rpc_server3: Pass winbind_env_set() state through to rpcd_*
Winbind can ask rpcd_lsad for LookupNames etc. This can recurse back
into winbind for getpwnam. We have the "_NO_WINBINDD" environment
variable set in winbind itself for this case, but this is lost on the
way into rpcd_lsad. Use a flag in global_sid_Samba_NPA_Flags to pass
this information to dcerpc_core, where it sets the variable on every
call if requested.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue May 16 11:54:32 UTC 2023 on atb-devel-224
2023-05-16 11:54:32 +00:00
Volker Lendecke
bdba027a33 rpc: Remove named_pipe_auth_req_info6->need_idle_server
Involves bumping up the version number

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-05-16 10:53:40 +00:00
Volker Lendecke
ebbb93cc7a rpc: Add global_sid_Samba_NPA_Flags SID
This will be used as a flexible way to pass per-RPC-connection flags
over ncalrpc to the RPC server without having to modify
named_pipe_auth_req_info6 every time something new needs to be
passed. It's modeled after global_sid_Samba_SMB3.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-05-16 10:53:40 +00:00
Volker Lendecke
5e8c7192ba libcli: Add security_token_count_flag_sids()
To be used in a few places when checking special-case Samba SIDs.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-05-16 10:53:40 +00:00
Joseph Sutton
2e41c73e98 lib/http: Remove unused structure
This is just a typo of ‘struct loadparm_context’.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-05-05 02:54:31 +00:00
Douglas Bagnall
848bce061a libcli/security/tests: test strings for windows and samba SDDL tests
These are produced by editing `python/samba/test/sddl.py to enable
`test_write_test_strings`, the running `make test TESTS='sddl\\b'`.

The windows executable from the C file added in a recent commit can
run these tests using the `-i` flag.

The Samba sddl.py tests can be induced to use them too, but that is
only useful for showing they are still in sync.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Noel Power
d36bab52d0 s3/utils: when encoding ace string use "FA", "FR", "FW", "FX" string rights
prior to this patch rights matching "FA", "FR", "FW", "FX" were
outputted as the hex string representing the bit value.

While outputting the hex string is perfectly fine, it makes it harder
to compare icacls output (which always uses the special string values)

Additionally adjust various tests to deal with use of shortcut access masks
as sddl format now uses FA, FR, FW & FX strings (like icalcs does) instead
of hex representation of the bit mask.

adjust
  samba4.blackbox.samba-tool_ntacl
  samba3.blackbox.large_acl
  samba.tests.samba_tool.ntacl
  samba.tests.ntacls
  samba.tests.posixacl

so various string comparisons of the sddl format now pass

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

[abartlet@samba.org Adapted to new stricter SDDL behaviour around leading zeros in hex
 numbers, eg 0x001]
2023-04-28 02:15:36 +00:00
Noel Power
0a153c1d58 s3/utils: value for ace_flags value "FA" is incorrect
value for FA should be 0x001f01ff  (instead of 0x00001ff)

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
c0d477738e libcli:security:sddl: accept only 8-4-4-4-12 GUIDs
Before we would take strings in a variety of lengths and formats,
which is not what Windows does or [MS-DTYP] says.

This was found by looking at evolved fuzz seeds. Note the 16 and 32
byte sequences in GUID position below:

$ hd $(ls -t seeds/fuzz_sddl_parse/* | head -1)| head
00000000  44 3a 41 52 50 50 50 50  50 28 4f 4c 3b 3b 46 57  |D:ARPPPPP(OL;;FW|
00000010  3b 30 7e ff ff ff ff ff  ff ff 2d 31 38 f5 ff ff  |;0~.......-18...|
00000020  fb 3b 3b 52 43 29 28 4f  44 3b 3b 46 57 3b 3b 3b  |.;;RC)(OD;;FW;;;|
00000030  52 43 29 28 4f 44 3b 3b  46 57 3b 30 30 ff ff ff  |RC)(OD;;FW;00...|
00000040  fb 30 e9 9b 3c cf e6 f5  ff ff fb 3b 3b 52 43 29  |.0..<......;;RC)|
00000050  28 4f 44 3b 3b 46 57 43  52 3b 3b 3b 52 43 29 28  |(OD;;FWCR;;;RC)(|
00000060  4f 44 3b 3b 46 58 47 52  3b 3b 33 43 43 35 38 37  |OD;;FXGR;;3CC587|
00000070  32 35 44 44 44 44 44 44  44 44 44 44 44 44 44 44  |25DDDDDDDDDDDDDD|
00000080  44 44 44 44 44 44 44 44  44 44 3b 52 43 29 28 4f  |DDDDDDDDDD;RC)(O|
00000090  44 3b 3b 46 58 3b 3b 3b  52 43 29 28 4f 44 3b 3b  |D;;FX;;;RC)(OD;;|

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
46793d384e libcli:security:sddl_decode_access allows spaces between flags
because Windows does.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
e7445aa677 libcli:security: sddl_decode_ace: don't allow junk after SID
sddl_decode_sid() will stop at the first non-SID character. Windows
doesn't allow white space here, and nor do we.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
c67f2292cb libcli/security: sddl_decode_access rejects trailing rubbish
Before we just ignored things like negative numbers, because they'd
end up being seen as not-numbers, so treated as flags, then as
not-flags.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
faf1b80a90 libcli:security: sddl_map_flags rejects trailing nonsense
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
d9e1fa3456 libcli/security: SDDL parse tests to run on Windows
The C version tests the public SDDL API on Windows which seems to follow
Active Directory closely, though case in hex numbers is reversed vis-a-vis
defaultSecurityDescriptor.

The python version is less refined and tests powershell functions.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
16d2687cc7 libcli/security: do not pad sddl flags with zeros
We don't see this happening on Windows.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
251da186bf libcli/security: ace type is not enum not flags
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
56da318cee libcli/security: disallow sddl access masks greater than 32 bits
Our previous behaviour (at least with glibc) was to clip off the extra
bits, so that 0x123456789 would become 0x23456789. That's kind of the
obvious thing, but is not what Windows does, which is to saturate the
value, rounding to 0xffffffff. The effect of this is to turn on all
the flags, which quite possibly not what you meant.

Now we just return an error.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
11add4d631 libcli/security: allow decimal/octal numbers in SDDL access mask
This follows Windows and [MS-DTYP].

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
5abd687fce lib/sec/sddl: allow empty non-trailing ACL with flags
The string "S:D:P" is parsed by us and Windows into a valid struct,
which has an empty DACL with the PROTECTED flag, and an empty SACL.
This is reconstructed in canonical order as "D:PS:", which Windows
will correctly parse, but Samba has assumed the "S" is a bad DACL
flag. Now we don't make that assumption.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
b621c59f64 libcli/sec/sddl decode: allow hex numbers in SIDs
These occur canonically when the indentifier authority is > 2^32, but
also are accepted by Windows for any number.

There is a tricky case with an "O:" or "G:" SID that is immediately
followed by a "D:" dacl, because the "D" looks like a hex digit. When
we detect this we need to subtract one from the length.

We also need to do look out for trailing garbage. This was not an
issue before because any string caught by the strspn(...,
"-0123456789") would be either rejected or fully comsumed by
dom_sid_parse_talloc(), but with hex digits, a string like
"S-1-1-2x0xabcxxx-X" would be successfully parsed as "S-1-1-2", and
the "x0xabcxxx-X" would be skipped over. That's why we switch to using
dom_sid_parse_endp(), so we can compare the consumed length to the
expected length.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
22fe657c8a libcli/sec/sddl decode: don't ignore random junk.
previously a string could have anything in it, so long as every second
character was ':'.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
4f5737cbf2 libcli/security/dom_sid: use (unsigned char) in isdigit()
The man page notes:

       The standards require that the argument c for these functions
       is either EOF or a value that is representable in the type
       unsigned char.  If the argument c is of type char, it must be
       cast to unsigned char, as in the following example:

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
1149d39159 libcli/security/dom_sid: hex but not octal is OK for sub-auth
Following Windows, the numbers that would be octal (e.g. "0123") are
converted to decimal by skipping over the zeros.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
67ff4ca200 libcli/security: avoid overflow in subauths
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
b3cff5636b libcli/security: stricter identauth parsing
We don't want octal numbers or overflows.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00