1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

2237 Commits

Author SHA1 Message Date
Gary Lockyer
ae6927e4f0 librpc ndr: Heap-buffer-overflow in lzxpress_decompress
Reproducer for oss-fuzz Issue 20083

Project: samba
Fuzzing Engine: libFuzzer
Fuzz Target: fuzz_ndr_drsuapi_TYPE_OUT
Job Type: libfuzzer_asan_samba
Platform Id: linux

Crash Type: Heap-buffer-overflow READ 1
Crash Address: 0x6040000002fd
Crash State:
  lzxpress_decompress
    ndr_pull_compression_xpress_chunk
      ndr_pull_compression_start

Sanitizer: address (ASAN)

Recommended Security Severity: Medium

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20083
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14236

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-02-07 08:53:40 +00:00
Andrew Bartlett
c8e3c78d4f selftest: Test behaviour of DNS scavenge with an existing dNSTombstoned value
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14258

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Feb  6 16:24:25 UTC 2020 on sn-devel-184
2020-02-06 16:24:25 +00:00
Stefan Metzmacher
590df382be s3:auth_sam: map an empty domain or '.' to the local SAM name
When a domain member gets an empty domain name or '.', it should
not forward the authentication to domain controllers of
the primary domain.

But we need to keep passing UPN account names with
an empty domain to the DCs as a domain member.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-02-05 16:30:42 +00:00
Björn Baumbach
cf9850b4e0 samba-tool group addmembers: avoid python traceback on member add failure
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-01-21 14:38:47 +00:00
Björn Baumbach
557fa1d44b samba-tool group addmembers: add --member-base-dn option for group member search
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-01-21 14:38:47 +00:00
Björn Baumbach
5b129bf12b samba-tool group {add,remove}members: allow to use --member-dn in combination with listofmembers
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-01-21 14:38:47 +00:00
Björn Baumbach
47f9ee91ed samba-tool group removemembers: adapt functionality to addmembers command
Adds --member-dn and --object-types options.

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-01-21 14:38:46 +00:00
Björn Baumbach
aedcf6a527 samba-tool group addmembers: add --member-dn option
The --member-dn option allows to specify an object by it's DN.

This is required to select a specific object if there are more than one
with the same name. Multiple contacts can exist with the same name in
different OUs.

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-01-21 14:38:46 +00:00
Björn Baumbach
f2e2579926 samba-tool group addmembers: add new option --object-types
With this option the admin can specify the object types of the group
members which will be added to the group. The search filter for the objects
will be created according to the types.

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-01-21 14:38:46 +00:00
Björn Baumbach
a4d77bfd90 python/samdb: validation of group member types for group member filter
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-01-21 14:38:46 +00:00
Björn Baumbach
f9bf6b7856 python/samdb: add type "all" to search for all common types of group members
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-01-21 14:38:46 +00:00
Björn Baumbach
c4e899d6b4 python/samdb: adapt search filter for group object type
Use a group search filter which is similar to the filter which is used
by the basic MS Windows group membership management.

The filter excludes the group type GROUP_TYPE_BUILTIN_LOCAL_GROUP.

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-01-21 14:38:46 +00:00
Björn Baumbach
45abb4fd4f python/samdb: adapt search filter for user object type
Use a user search filter which is similar to the filter which is used
by the basic MS Windows group membership management.

The filter filters for objects with the sAMAccountType ATYPE_NORMAL_ACCOUNT.

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-01-21 14:38:46 +00:00
Björn Baumbach
2baa301237 python/samdb: add 'computer' to the default group member types for group member filters
Add the 'computer' type to the default member types, so that the next
commit does not change the default behavior.

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-01-21 14:38:46 +00:00
Björn Baumbach
2abebee140 python/samdb: fetch specific error if there are more than one search results
There can be more than one contact with the same name.

Signed-off-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-01-21 14:38:46 +00:00
Björn Baumbach
e3099ac407 python/samdb: add more object types for adding/remove group members
The filters are based on the MS Windows filter, which are used by the
basic group member management dialog.

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-01-21 14:38:46 +00:00
Björn Baumbach
662b7458ae python/samdb: add option to specify types of group members
The option can be used to specify the type of the object which have to
be added to (or removed) from a group. The search filter for the objects
will be created according to the types.

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-01-21 14:38:46 +00:00
Jule Anger
b081bd977c samba-tool tests: add test-case for 'ou list --base-dn'
Check if the ou list --base-dn / -b command uses a specific base dn.

Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-01-21 14:38:46 +00:00
Jule Anger
2186c5a6a4 samba-tool: add -b/--base-dn option to OUs list command
With this option it's e.g. possible to list the OUs which are
located under a different specific place in the AD.

Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-01-21 14:38:45 +00:00
Jule Anger
918d91bb84 samba-tool tests: add test-case for 'user list --base-dn'
Check if the user list --base-dn / -b command uses a specific base dn.

Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-01-21 14:38:45 +00:00
Jule Anger
d4de2e3192 samba-tool: add -b/--base-dn option to users list command
With this option it's e.g. possible to list the users of a
specify OU or users which are located under a different specific
place in the AD.

Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-01-21 14:38:45 +00:00
Jule Anger
55be0f1d2f samba-tool tests: add test-case for 'contact list --base-dn'
Check if the contact list --base-dn / -b command uses a specific base dn.

Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-01-21 14:38:45 +00:00
Jule Anger
8a45adb2b1 samba-tool: add -b/--base-dn option to contacts list command
With this option it's e.g. possible to list the contacts of a
specify OU or contacts which are located under a different specific
place in the AD.

Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-01-21 14:38:45 +00:00
Jule Anger
88f0a1390b samba-tool tests: add test-case for 'computer list --base-dn'
Check if the computer list --base-dn / -b command uses a specific base dn.

Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-01-21 14:38:45 +00:00
Jule Anger
b292a266a8 samba-tool: add -b/--base-dn option to computer list command
With this option it's e.g. possible to list the computers of a
specify OU or computers which are located under a different specific
place in the AD.

Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-01-21 14:38:45 +00:00
Jule Anger
bced03b0d1 samba-tool tests: add test-case for 'group list --base-dn'
Check if the group list --base-dn / -b command uses a specific base dn.

Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-01-21 14:38:45 +00:00
Jule Anger
8f68236dc4 samba-tool: add -b/--base-dn option to groups list command
With this option it's e.g. possible to list the groups of a
specify OU or groups which are located under a different specific
place in the AD.

Signed-off-by: Jule Anger <ja@sernet.de>
Pair-programmed-with: Björn Baumbach <bb@samba.org>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-01-21 14:38:45 +00:00
Björn Baumbach
41262d1d66 samba-tool: add --full-dn option for user getgroups command
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-01-21 14:38:45 +00:00
Jule Anger
d2d345103b samba-tool tests: add test-case for 'group listmembers --full-dn'
Check if the group listmembers --full-dn command displays DN instead of the sAMAccountName.

Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-01-21 14:38:45 +00:00
Jule Anger
bb66b32254 samba-tool: add --full-dn option to group listmembers command
With this option the command lists the groupmembers distinguished names
instead of the sAMAccountName.

Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-01-21 14:38:44 +00:00
Jule Anger
08207f77f1 samba-tool tests: add test case for 'user list --full-dn'
Check if the --full-dn option displays DN instead of the sAMAccountName.

Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-01-21 14:38:44 +00:00
Jule Anger
3106096395 samba-tool: add --full-dn option to user list command
With this option the command lists the users distringuished names
instead of the sAMAccountNames.

Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-01-21 14:38:44 +00:00
Jule Anger
2e767e81be samba-tool tests: add test case for 'computer list --full-dn'
Check if the --full-dn option displays DN instead of the sAMAccountName.

Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-01-21 14:38:44 +00:00
Jule Anger
29326e3264 samba-tool: add --full-dn option to computer list command
With this option the command lists the computers distringuished names
instead of the sAMAccountNames.

Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-01-21 14:38:44 +00:00
Jule Anger
e64f7de31f samba-tool tests: Add test-case for 'group list --full-dn'
Check if the --full-dn option displays DN instead of the sAMAccountName.

Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-01-21 14:38:44 +00:00
Björn Baumbach
51d4c82f3c samba-tool: add --full-dn option to group list command
With this option the command lists the groups distringuished names
instead of the sAMAccountNames.

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-01-21 14:38:44 +00:00
Douglas Bagnall
4bc481c5cb samba-tool gpo: improve UNC parsing
The "UNC doesn't start with \\\\ or //" message was unreachable due to
a logic error, and an UNC starting with \\ would have been split on
/ if there were enough /s in the string.

The unreachable exception was first noticed by Gerhard Lausser in a
github pull request (https://github.com/samba-team/samba/pull/123),
but that patch no longer applies with this more thorough rewrite.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-01-16 20:09:42 +00:00
Stefan Metzmacher
a77f758df1 samba-tool: implement user getgroups command
samba-tool user getgroups command to list a users group memberships.

Pair-programmed-with: Björn Baumbach <bb@sernet.de>

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-01-15 12:05:33 +00:00
Björn Baumbach
8403527bbd samba-tool: implement user setprimary group command (set primaryGroupID)
Introduce an option to set the primaryGroupID attribute of a user account.

Pair-programmed-with: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Björn Baumbach <bb@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-01-15 12:05:33 +00:00
Björn Jacke
de768710e1 tests/DNS: add MX/SRV record tests with multiple spaces
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13788

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Björn Baumbach <bb@samba.org>

Autobuild-User(master): Björn Baumbach <bb@sernet.de>
Autobuild-Date(master): Tue Jan 14 11:58:20 UTC 2020 on sn-devel-184
2020-01-14 11:58:20 +00:00
Björn Jacke
af7a0e3371 samba-tool: fix adding of dns SRV/MX/SOA records
Thanks to Denis Cardon for finding

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13788

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Björn Baumbach <bb@samba.org>
2020-01-14 10:28:40 +00:00
Björn Jacke
89ed960b1d tests/DNS: \n.COM shouldn't be a valid DNS record
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13788

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Björn Baumbach <bb@samba.org>
2020-01-14 10:28:40 +00:00
Volker Lendecke
7283413a3f tests: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-01-06 01:47:30 +00:00
Björn Jacke
03b42aeb81 python/loadparm: check for AD DC required VFS modules
same as the previous commit, just for python's testparm code

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10560

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

Autobuild-User(master): Björn Jacke <bjacke@samba.org>
Autobuild-Date(master): Fri Jan  3 22:19:47 UTC 2020 on sn-devel-184
2020-01-03 22:19:47 +00:00
Ralph Boehme
ee5bf29662 pysmbd: add "session_info" arg tp py_smbd_create_file()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-12-20 11:41:42 +00:00
Ralph Boehme
7121d47579 pysmbd: add "session_info" arg to py_smbd_mkdir()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-12-20 11:41:42 +00:00
Ralph Boehme
5cef3a13b8 pysmbd: add "session_info" arg to py_smbd_get_sys_acl()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-12-20 11:41:42 +00:00
Ralph Boehme
9b2c415d2c pysmbd: make "session_info" arg to py_smbd_get_nt_acl() mandatory
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-12-20 11:41:42 +00:00
Ralph Boehme
437af4d079 pysmbd: make "session_info" arg to py_smbd_set_nt_acl() mandatory
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-12-20 11:41:42 +00:00
Ralph Boehme
a4f3860da3 pysmbd: add "session_info" arg to py_smbd_unlink()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-12-20 11:41:42 +00:00