1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

1793 Commits

Author SHA1 Message Date
Joseph Sutton
3cab9f6a34 libcli:auth: Keep passwords from convert_string_talloc() secret
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 6edf88f5c4)

[jsutton@samba.org Removed change to decode_pwd_string_from_buffer514()
 that is not present in 4.16]
2022-09-18 16:46:09 +00:00
Joseph Sutton
f6afc5b35e libcli/smb: Set error status if 'iov' pointer is NULL
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15152

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Aug 22 09:03:29 UTC 2022 on sn-devel-184

(cherry picked from commit 75e03ea021)
2022-08-23 07:45:16 +00:00
Joseph Sutton
f33ad1c172 libcli/smb: Ensure we call tevent_req_nterror() on failure
Commit 3594c3ae20 added a NULL check for
'inhdr', but it meant we didn't always call tevent_req_nterror() when we
should.

Now we handle connection errors. We now also set an error status if the
NULL check fails.

I noticed this when an ECONNRESET error from a server refusing SMB1
wasn't handled, and the client subsequently hung in epoll_wait().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15152

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 40d4912d84)
2022-08-23 07:45:16 +00:00
Stefan Metzmacher
fe8bf1d8aa libcli/smb: let smb2_signing_decrypt_pdu() cope with gnutls_aead_cipher_decrypt() ptext_len bug
The initial implementation of gnutls_aead_cipher_decrypt() had a bug and
used:
    *ptext_len = ctext_len;
instead of:
    *ptext_len = ctext_len - tag_size;

This got fixed with gnutls 3.5.2.

As we only require gnutls 3.4.7 we need to cope with this...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14968

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Feb  2 18:29:08 UTC 2022 on sn-devel-184

(cherry picked from commit 735f3d7dde)

Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Sun Feb 13 10:18:29 UTC 2022 on sn-devel-184
2022-02-13 10:18:29 +00:00
Stefan Metzmacher
f400eef07a libcli/smb: fix error checking in smb2_signing_decrypt_pdu() invalid ptext_len
When the ptext_size != m_total check fails, we call this:

   status = gnutls_error_to_ntstatus(rc, NT_STATUS_INTERNAL_ERROR);
   goto out;

As rc is 0 at that point we'll exit smb2_signing_decrypt_pdu()
with NT_STATUS_OK, but without copying the decrypted data
back into the callers buffer. Which leads to strange errors
in the caller.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14968

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 99182af4ab)
2022-02-13 09:11:16 +00:00
Volker Lendecke
f60780c8b6 libcli/dns: Fix TCP fallback
A customer has come across a DNS server that really just cuts a SRV
reply if it's too long. This makes the packet invalid according to
ndr_pull and according to wireshark. DNS_FLAG_TRUNCATION is however
set. As this seems to be legal according to the DNS RFCs, we need to
hand-parse the first two uint16's and look whether DNS_FLAG_TRUNCATION
is set.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jan 20 18:01:41 UTC 2022 on sn-devel-184
2022-01-20 18:01:41 +00:00
Volker Lendecke
8732561396 lib: Remove unused tstream_npa_socketpair()
This was used in the pre samba-dcerpcd source3 rpc server.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-01-18 20:22:38 +00:00
Stefan Metzmacher
23bedd69b2 libcli/auth: let NTLMv2_RESPONSE_verify_netlogon_creds ignore invalid netapp requests
We should avoid spamming the logs with wellknown messages like:
ndr_pull_error(Buffer Size Error): Pull bytes 39016

They just confuse admins (and developers).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14932

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-01-04 20:07:28 +00:00
Stefan Metzmacher
f123c1a171 libcli/auth: let NTLMv2_RESPONSE_verify_netlogon_creds ignore BUFFER_TOO_SMALL
Windows doesn't complain about invalid av_pair blobs,
we need to do the same.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14932

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-01-04 20:07:28 +00:00
Volker Lendecke
00e41d198d librpc: Get transport out of tstream_npa_accept_existing_recv()
To be used by the RPC servers in the next commit

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-12-10 14:02:30 +00:00
Volker Lendecke
1bab76223c librpc: Add named_pipe_auth_req_info5->transport
This will serve as a check to make sure that in particular a SAMR
client is really root. This is for example used in get_user_info_18()
handing out a machine password.

The unix domain sockets for NCACN_NP can only be contacted by root,
the "np\" subdirectory for those sockets is root/root 0700.

Connecting to such a socket is done in two situations: First, local
real root processes connecting and smbd on behalf of SMB clients
connecting to \\pipe\name, smbd does become_root() there. Via the
named_pipe_auth_req_info4 smbd hands over the SMB session information
that the RPC server blindly trusts. The session information (i.e. the
NT token) is heavily influenced by external sources like the KDC. It
is highly unlikely that we get a system token via SMB, but who knows,
this is information not fully controlled by smbd.

This is where this additional field in named_pipe_auth_req_info5 makes
a difference: This field is set to NCACN_NP by smbd's code, not
directly controlled by the clients. Other clients directly connecting
to a socket in "np\" is root anyway (only smbd can do become_root())
and can set this field to NCALRPC.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-12-10 14:02:30 +00:00
Volker Lendecke
d1934e2331 named_pipe_auth: Bump info4 to info5
We'll add a field soon

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-12-10 14:02:30 +00:00
Andreas Schneider
d1ea9c5aab libcli:auth: Allow to connect to netlogon server offering only AES
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14912

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Dec  2 14:49:35 UTC 2021 on sn-devel-184
2021-12-02 14:49:35 +00:00
Stefan Metzmacher
04a79139a4 libcli/smb: split out smb2cli_raw_tcon* from smb2cli_tcon*
This will be used in tests in order to separate the tcon from
validate_negotiate_info.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14788

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2021-12-01 11:04:29 +00:00
Volker Lendecke
b7fc678107 libcli: Remove NT_STATUS_INACCESSIBLE_SYSTEM_SHORTCUT error code
This is the same as STATUS_STOPPED_ON_SYMLINK, and this is what also
wireshark displays. Avoid some confusion.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-11-11 19:08:37 +00:00
Volker Lendecke
d0759cb648 libsmb: move reparse_symlink to libcli/smb/
This will be useful for smbXcli_create to parse the symlink error

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-11-11 19:08:37 +00:00
Volker Lendecke
fadce102d4 libcli: "smb_util.h" needs "ntstatus.h"
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-11-11 19:08:37 +00:00
Alexander Bokovoy
e2d5b4d709 CVE-2020-25717: Add FreeIPA domain controller role
As we want to reduce use of 'classic domain controller' role but FreeIPA
relies on it internally, add a separate role to mark FreeIPA domain
controller role.

It means that role won't result in ROLE_STANDALONE.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14801
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-11-09 19:45:33 +00:00
Stefan Metzmacher
8a607e7577 netlogon_creds_cli: add netlogon_creds_cli_SendToSam_recv() and don't ignore result
This is a low level function that should not ignore results.

If the caller doesn't care it's his choice.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 19 20:20:00 UTC 2021 on sn-devel-184
2021-10-19 20:20:00 +00:00
Stefan Metzmacher
dd07bb81bb libcli/smb: use MID=0 for SMB2 Cancel with ASYNC_ID and legacy signing algorithms
We can only assume that servers with support for AES-GMAC-128 signing
will except an SMB2 Cancel with ASYNC_ID and real MID.
This strategy is also used by Windows clients, because
some vendors don't cope otherwise.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14855

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 19 19:23:39 UTC 2021 on sn-devel-184
2021-10-19 19:23:39 +00:00
Volker Lendecke
e5b446fe11 libcli: Simplify get_sec_mask_str()
Use talloc_asprintf_addbuf()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-10-08 19:28:32 +00:00
Volker Lendecke
34c08da059 libcli: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-10-08 19:28:31 +00:00
Volker Lendecke
423e5726d2 libcli: Avoid an includes.h
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-10-08 19:28:31 +00:00
Volker Lendecke
f24b2163be libcli: Simplify security_session_user_level()
Use sid_compose(), use struct dom_sid on the stack.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-10-08 19:28:31 +00:00
Volker Lendecke
70b1260020 libcli: Introduce a helper variable in security_session_user_level()
Makes it easier to read for me

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-10-08 19:28:31 +00:00
Volker Lendecke
82281ca34f libcli: Remove unused security_token_has_sid_string()
This should have been removed in ef990008f2, I just was not aware
it's there...

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-10-08 19:28:31 +00:00
Volker Lendecke
e2256c99a6 smbd: Make SID_SAMBA_SMB3 a static SID
No need to parse it

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-10-08 19:28:31 +00:00
Matthew Grant
617a5a1d35 libcli/dns: smb.conf dns forwarder port support
Call new tsocket_address_inet_from_hostport_strings() instead of
tsocket_address_inet_from_strings() to implement setting a port to query
for a DNS forwarder.

Signed-off-by: Matthew Grant <grantma@mattgrant.net.nz>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-09-28 09:44:35 +00:00
Volker Lendecke
ef990008f2 libcli: Remove unused security_token_is_sid_string()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-09-24 23:55:32 +00:00
Volker Lendecke
df4c03d524 lib: Add required #includes
dom_sid.h itself references talloc, and security.h references
DATA_BLOB.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-09-21 00:13:32 +00:00
Ralph Boehme
98c977f44b nmblookup: don't ignore unknown options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-09-10 15:10:30 +00:00
Stefan Metzmacher
867c6ff9f3 docs-xml: use upper case for "{client,server} smb3 {signing,encryption} algorithms" values
This matches what smbstatus prints out. Note there's also the removal of
an '-' in "hmac-sha-256" => HMAC-SHA256".

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14825
RN: "{client,server} smb3 {signing,encryption} algorithms" should use the same strings as smbstatus output

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Sep  8 16:37:07 UTC 2021 on sn-devel-184
2021-09-08 16:37:07 +00:00
Joseph Sutton
ad3498ab16 libcli/smb: Don't call memcpy() with a NULL pointer
Doing so is undefined behaviour.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-09-04 00:10:37 +00:00
Jeremy Allison
62cd95096a s3: libcli: Add FSCTL_SMBTORTURE_FSP_ASYNC_SLEEP.
Prepare for async FSCTL tests on an fsp.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2021-08-11 19:16:29 +00:00
Andreas Schneider
d6c7a2a700 netlogon:schannel: If weak crypto is disabled, do not announce RC4 support.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-08-03 09:28:38 +00:00
Stefan Metzmacher
5512416a8f gnutls: allow gnutls_aead_cipher_encryptv2 with gcm before 3.6.15
The memory leak bug up to 3.6.14 was only related to ccm, but gcm was
fine.

This avoids talloc+memcpy on more systems, e.g. ubuntu 20.04,
and brings ~ 20% less cpu overhead, see:
https://hackmd.io/@asn/samba_crypto_benchmarks

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14764

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2021-07-20 15:25:37 +00:00
Stefan Metzmacher
155348cda6 libcli/smb: allow unexpected padding in SMB2 READ responses
Make use of smb2cli_parse_dyn_buffer() in smb2cli_read_done()
as it was exactly introduced for a similar problem see:

    commit 4c6c71e137
    Author:     Stefan Metzmacher <metze@samba.org>
    AuthorDate: Thu Jan 14 17:32:15 2021 +0100
    Commit:     Volker Lendecke <vl@samba.org>
    CommitDate: Fri Jan 15 08:36:34 2021 +0000

        libcli/smb: allow unexpected padding in SMB2 IOCTL responses

        A NetApp Ontap 7.3.7 SMB server add 8 padding bytes to an
        offset that's already 8 byte aligned.

        RN: Work around special SMB2 IOCTL response behavior of NetApp Ontap 7.3.7
        BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607

        Pair-Programmed-With: Volker Lendecke <vl@samba.org>

        Signed-off-by: Stefan Metzmacher <metze@samba.org>
        Signed-off-by: Volker Lendecke <vl@samba.org>

        Autobuild-User(master): Volker Lendecke <vl@samba.org>
        Autobuild-Date(master): Fri Jan 15 08:36:34 UTC 2021 on sn-devel-184

RN: Work around special SMB2 READ response behavior of NetApp Ontap 7.3.7
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jul 15 23:53:55 UTC 2021 on sn-devel-184
2021-07-15 23:53:55 +00:00
Stefan Metzmacher
1faf15b3d0 libcli/smb: make smb2cli_ioctl_parse_buffer() available as smb2cli_parse_dyn_buffer()
It will be used in smb2cli_read.c soon...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-07-15 23:04:34 +00:00
Stefan Metzmacher
b3c9823d90 s4:torture/smb2: add smb2.read.bug14607 test
This test will use a FSCTL_SMBTORTURE_GLOBAL_READ_RESPONSE_BODY_PADDING8
in order to change the server behavior of READ responses regarding
the data offset.

It will demonstrate the problem in smb2cli_read*() triggered
by NetApp Ontap servers.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-07-15 23:04:34 +00:00
Stefan Metzmacher
3f843e56a8 libcli/smb: add support for SMB2_SIGNING_AES128_GMAC
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-07-15 00:06:31 +00:00
Stefan Metzmacher
982bdcf427 libcli/smb: actually make use of "client/server smb3 signing algorithms"
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-07-15 00:06:31 +00:00
Stefan Metzmacher
3706b27a3b libcli/smb: prepare support for SMB2_SIGNING_CAPABILITIES negotiation
For now client_sign_algos->num_algos will always be 0,
but that'll change in the next commits.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-07-15 00:06:31 +00:00
Stefan Metzmacher
4d33b08c0f libcli/smb: make sure smb2_signing_calc_signature() never generates a signature without a valid MID
This is important as AES-128-GMAC signing will derive the NONCE from the MID.

It also means a STATUS_PENDING response must never be signed.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-07-15 00:06:31 +00:00
Stefan Metzmacher
89f0552c5e libcli/smb: make sure we always send a valid MID in cancel PDUs
This is important as with AES-128-GMAC signing, the nonce will be
derived from the MID.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-07-15 00:06:31 +00:00
Stefan Metzmacher
e720ce4fad libcli/smb: skip session setup signing for REQUEST_OUT_OF_SEQUENCE, NOT_SUPPORTED and ACCESS_DENIED
We should propagate these errors to the caller instead of masking them
with ACCESS_DENIED. And for ACCESS_DENIED we should not disconnect the
connection.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-07-15 00:06:31 +00:00
Stefan Metzmacher
eeb09dfa6d libcli/smb: add smb2cli_conn_server_{signing,encryption}_algo()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-07-15 00:06:31 +00:00
Stefan Metzmacher
6447ae60b0 libcli/smb: add SMB2_SIGNING_CAPABILITIES related defines to smb2_constants.h
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-07-15 00:06:31 +00:00
Stefan Metzmacher
6b775f030a libcli/smb: add SMB2_RDMA_TRANSFORM_CAPABILITIES related defines to smb2_constants.h
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-07-15 00:06:31 +00:00
Stefan Metzmacher
24142c3796 libcli/smb: add SMB2_TRANSPORT_CAPABILITIES related defines to smb2_constants.h
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-07-15 00:06:31 +00:00
Stefan Metzmacher
d10153c851 libcli/smb: add aes-256-{gcm,ccm} support to smb2_signing_[en|de]crypt_pdu()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-07-15 00:06:31 +00:00