1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

2243 Commits

Author SHA1 Message Date
David Mulder
8ac241017f Add ntstatus_gen for Rust
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2024-10-23 14:21:33 +00:00
Volker Lendecke
f749330dda lib: Fix CID 1620428: Memory - illegal accesses (OVERRUN)
Beginner's mistake, sorry.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Sun Sep 29 11:49:13 UTC 2024 on atb-devel-224
2024-09-29 11:49:13 +00:00
Volker Lendecke
bad2646ff0 libsmb: Move UNIX constants to smb3posix.idl
Make them available to python

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2024-09-26 15:22:46 +00:00
Volker Lendecke
a9983bb6ed libsmb: Define to transfer file types via smb3 unix extensions
Ride on the definitions of the SMB1 extensions, send the UNIX type in the 3
bits above the permissions and extra (suid,sgid,sticky) bits

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2024-09-26 15:22:46 +00:00
Volker Lendecke
6084914e22 libsmb: Move unix_filetype_to_wire() to libcli/smb
Mostly symmetry reasons, we have the opposite function here as well

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2024-09-26 15:22:46 +00:00
Volker Lendecke
4c9aa5fa15 libsmb: Rename and simplify unix_filetype_from_wire()
Align naming with the perms functions, use the fact that the unix
types are numbered the way they are

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2024-09-26 15:22:46 +00:00
Stefan Metzmacher
66411b96b8 libcli/tstream_binding_handle: implement get_binding()
We just create an dummy binding handle here
as it's not really dcerpc...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2024-09-26 15:22:45 +00:00
Volker Lendecke
f525800613 lib: Avoid unused includes
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
2024-09-20 17:13:37 +00:00
Volker Lendecke
5ad8536ec7 libsecurity: Simplify struct ace_condition_script
We only need the stack temporarily, no reason to put it in the struct

Signed-off-by: Volker Lendecke <vl@samba.org>
Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Sep  6 14:23:58 UTC 2024 on atb-devel-224
2024-09-06 14:23:58 +00:00
Noel Power
56c4815402 libcli/smb: Fix failure of Smb3UnixTests.test_create_context_reparse
On tumbleweed at least the definition in py_reparse_put of 'reserved' as
'unsigned' causes the tag value to be overwritten. Note: ParseTuple is
given a format of 'Kk' where
  K = unsigned long long (for tag)
  k = unsigned long      (for reserved)

The problem is 'reserved' is defined as 'unsigned' which on a
64 bit linux system has size 4. The size however of the 'unsigned long' type
on the same 64 bit system is 8. This causes 'tag' to be overwritten by
the value of 'reserved' because it's destination size is smaller than
expected.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15702
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Aug 28 18:38:01 UTC 2024 on atb-devel-224
2024-08-28 18:38:01 +00:00
Joseph Sutton
0425b0fcbe libcli:auth: Remove unreachable code (CID 1272968)
For us to reach the statement ‘if (0 < len1)’, ‘len1’ must be equal to
‘len2’, and they must not both be equal to zero. That cannot be the case
if ‘len1’ is equal to zero, and therefore the ‘else’ branch cannot be
reached.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-08-28 04:24:39 +00:00
Volker Lendecke
1602b0120b lib: Add libcli/util/ntstatus.h in a few headers where it's needed
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jennifer Sutton <jsutton@samba.org>
2024-08-27 07:19:32 +00:00
Volker Lendecke
56ec6fe5ed lib: Add a few explicit includes
Required to trim down includes from gen_ndr/*security*

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jennifer Sutton <jsutton@samba.org>
2024-08-27 07:19:32 +00:00
Volker Lendecke
40e2fdfc6b libsmb: Simplify smb1cli_trans_recv()
tevent_req_received() called below takes care of this

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:40 +00:00
Volker Lendecke
af442249a0 tsocket: Use iov_buflen
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-08-06 16:29:33 +00:00
Jo Sutton
3588d6c33d libcli:auth: Fix code spelling
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-08-04 00:32:39 +00:00
Douglas Bagnall
8903876f65 libcli:security: allow spaces after BAD:
In AD_DS_Classes_Windows_Server_v1903.ldf from
https://www.microsoft.com/en-us/download/details.aspx?id=23782, we see

  defaultSecurityDescriptor: O:BAG:BAD: (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15685

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>

Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Jul 25 06:27:27 UTC 2024 on atb-devel-224
2024-07-25 06:27:26 +00:00
Stefan Metzmacher
8937dce133 libcli/auth: fix debug level 100 valgrind warnings in SMBOWFencrypt_ntv2()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-07-17 10:12:36 +00:00
Andreas Schneider
ddadbddb40 libcli:nbt: Initialize struct nbt_name_register
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/libcli/nbt/pynbt.c:277: var_decl: Declaring variable ""io"" without initializer.
samba-4.20.0rc2/libcli/nbt/pynbt.c:305: uninit_use_in_call: Using uninitialized value ""io.in.nb_flags"" when calling ""nbt_name_register"".
  303|   		return NULL;
  304|
  305|-> 	status = nbt_name_register(node->socket, NULL, &io);
  306|
  307|   	if (NT_STATUS_IS_ERR(status)) {"

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2024-07-16 11:41:33 +00:00
Volker Lendecke
09b91728d1 lib: Remove unused py_reparse_symlink_get
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-07-05 23:42:46 +00:00
Volker Lendecke
6cfa378833 lib: Add general py_reparse_get parsing routine
Will superseed py_reparse_symlink_get

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-07-05 23:42:46 +00:00
Volker Lendecke
b91e257f56 libcli: New routine symlink_target_path for [MS-SMB2] 2.2.2.2.1.1
Right now the only user is the user-space symlink following in
smbd. We will use it in libsmb as well to correctly handle
STOPPED_ON_SYMLINK. When trying to upstream that code I found the
previous_slash function incredibly hard to understand.

This new routine makes copy of "const char *_name_in", so that we can
replace previous_slash with a simple strrchr_m. If that's too
slow (which I doubt, this is "only" chasing symlinks) we can always do
something smarter again.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-07-04 15:26:36 +00:00
Stefan Metzmacher
14d6e26721 smbXcli_base: add hacks to test anonymous signing and encryption
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15412

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-05-23 12:35:37 +00:00
Volker Lendecke
7c59f11056 test: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-05-14 22:29:36 +00:00
Volker Lendecke
1fa7668ee8 smbd: Use reparse_buffer_check() in fsctl_set_reparse_point()
check_reparse_data_buffer() was duplicated code

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-05-06 20:55:37 +00:00
Volker Lendecke
fafe29a264 reparse: Tighten reparse point length check
test_create_reparse shows that the length checks need to be precise,
not just checking for overflow.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-05-06 20:55:37 +00:00
Volker Lendecke
0baae61e42 lib: Give lib/util/util_file.c its own header file
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
2024-04-16 23:51:45 +00:00
Douglas Bagnall
4641a97151 libcli/security: use NUMERIC_CMP in dom_sid_compare_auth()
These numbers are all 8 bit, so overflow is unlikely.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-10 22:56:33 +00:00
Douglas Bagnall
cb94202c1c libcli/security: use NUMERIC_CMP in dom_sid_compare()
sid->num_auths is always small (int8 < 16), so this is cosmetic only.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-10 22:56:33 +00:00
Noel Power
a18c53a9b9 libcli/http: Detect unsupported Transfer-encoding type
Also removes knownfail for test that now passes

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-08 03:00:39 +00:00
Stefan Metzmacher
cca373b806 libcli/nbt: add nbt_name_send_raw()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15620

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-05 12:24:41 +00:00
Noel Power
03240c91fb libcli/http: Handle http chunked transfer encoding
Also removes the knownfail for the chunked transfer test

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611
2024-03-27 01:14:31 +00:00
Noel Power
5f03d84e3b libcli/http: Optimise reading for content-length
Instead of reading byte-by-byte we know the content length we
want to read so lets use it.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611
2024-03-27 01:14:31 +00:00
Douglas Bagnall
b815abe779 libcli/security: check again for NULL values
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Mar 18 02:51:08 UTC 2024 on atb-devel-224
2024-03-18 02:51:08 +00:00
Douglas Bagnall
78f728063a libcli/security: claims_conversions: check for NULL in claims array
If by mistake we end up with a NULL in our array of claims pointers,
it is better to return an error than crash.

There can be NULLs in the array if a resource attribute ACE has a
claim that uses 0 as a relative data pointer. Samba assumes this means
a NULL pointer, rather than a zero offset.

Credit to OSS-Fuzz.

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66777
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15606

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-18 01:46:31 +00:00
Volker Lendecke
7c68d88cef lib: Make GUID_to_ndr_buf() return void
The whole point of struct GUID_ndr_buf is that this never fails.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-12 13:31:31 +00:00
Andrew Bartlett
724f403d88 libcli/security: Add SID_FRESH_PUBLIC_KEY_IDENTITY
This allows an ACL level check (rather than only an all-or-nothing KDC configuration)
that PKINIT freshness was used during the AS-REQ.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-02-28 03:44:37 +00:00
Jo Sutton
a838719570 libcli/security: Make ‘session_info’ parameter const
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-02-16 02:41:36 +00:00
Jo Sutton
1e13e37e21 libcli/security: Include missing headers
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-02-16 02:41:36 +00:00
Jo Sutton
437e3dd1e6 libcli/security: Make ‘replace_sid’ parameter const
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-02-08 02:48:44 +00:00
Joseph Sutton
f30a79d7f2 python: Generate HRESULT definitions automatically
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Joseph Sutton <jsutton@samba.org>
Autobuild-Date(master): Mon Jan 15 01:56:53 UTC 2024 on atb-devel-224
2024-01-15 01:56:53 +00:00
Joseph Sutton
cce290e8f5 s4:scripting: Generate HRESULT definitions as part of the build process
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-01-15 00:48:40 +00:00
Joseph Sutton
da54537202 libcli:util: Update NTSTATUS definitions
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-01-15 00:48:40 +00:00
Joseph Sutton
446ef0aa8c libcli:util: Update HRESULT definitions
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-01-15 00:48:40 +00:00
Stefan Metzmacher
f94d2ed13e libcli/security: remove PRIMARY_{USER,GROUP}_SID_INDEX defines from security.h
These and more are also defined in security_token.h, which is later included
from security.h anyway.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-01-09 10:21:34 +00:00
Stefan Metzmacher
6331d33ae4 libcli/smb: add new SMB2_SHAREFLAG_ defines in smb2_constants.h
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-01-09 10:21:34 +00:00
Douglas Bagnall
21853b01e6 libcli/security: sddl conditional ACE: write -0 when asked
Credit to OSS-Fuzz.

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65122

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-21 23:48:46 +00:00
Douglas Bagnall
8f0c91f3a8 libcli/security: rearrange conditional ACE sddl_write_int
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65122

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-21 23:48:46 +00:00
Douglas Bagnall
46f6157071 libcli/security: tests for signed zeros in sddl condtional ACEs
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65122

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-21 23:48:46 +00:00
Douglas Bagnall
25f8e50793 libcli/security: allow SDDL conditional ACE round-trip for -00 and -0x0
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00