1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

136165 Commits

Author SHA1 Message Date
Joseph Sutton
4bb031f875 libcli/smb: Include missing headers
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-30 00:02:33 +00:00
Joseph Sutton
acb67bd93e selftest: Remove knownfail entries for non‐existent tests
The corresponding tests were removed in commit
938afb8b28.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-30 00:02:33 +00:00
Joseph Sutton
187d3baab3 librpc:ndr: Use correct libndr flags type
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-30 00:02:33 +00:00
Joseph Sutton
79f6da4212 librpc:ndr: Remove trailing whitespace
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-30 00:02:33 +00:00
Joseph Sutton
5571116ba0 docs-xml: Add missing closing parenthesis
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-30 00:02:33 +00:00
Joseph Sutton
e3f81fa71e pidl: Make sure to cast whole expressions
$cvar could be an expression such as ‘1 << 10’. In such cases this cast
presumably was intended to apply to the entire expression, not just to
the ‘1’.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-30 00:02:33 +00:00
Joseph Sutton
59b9432524 conditional_ace.idl: Fix undefined shift
If ‘int’ is a 32‐bit type, then 1 << 31 cannot be represented in an
‘int’, and this shift will invoke undefined behaviour.

We have got away with this so far because of a Pidl bug that changed the
expression to ‘(uint32_t)1 << 31’, which is valid. But that bug is about
to be fixed.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-30 00:02:33 +00:00
Joseph Sutton
3da132a8df pidl: Fix subscripts of dereferenced arrays
Pidl will generate code like the following:

py_out_2 = PyLong_FromLong((uint16_t)*r->out.out[out_cntr_2]);

As the array subscripting operator has a higher precedence than the
indirection (derference) operator, the argument will be evaluated as
(uint16_t)*(r->out.out[out_cntr_2]), which is wrong.

Fix Pidl to generate the following code instead:

py_out_2 = PyLong_FromLong((uint16_t)(*r->out.out)[out_cntr_2]);

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-30 00:02:33 +00:00
Joseph Sutton
dbc9c9bd12 pidl: Remove unneeded casts
_pytalloc_get_ptr() returns ‘void *’.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-30 00:02:33 +00:00
Joseph Sutton
561537adbb pidl: Fix grammar in warning message
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-30 00:02:33 +00:00
Joseph Sutton
25988f5d25 pidl: Remove trailing whitespace
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-30 00:02:33 +00:00
Joseph Sutton
9d7bce5bbb pidl: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-30 00:02:33 +00:00
Andreas Schneider
c4a5d4eb62 third_party: Update waf to version 2.0.26
https://gitlab.com/ita1024/waf/-/blob/waf-2.0.26/ChangeLog

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Nov 29 10:47:00 UTC 2023 on atb-devel-224
2023-11-29 10:47:00 +00:00
Rob van der Linde
e265162884 tests: claims blackbox: add device and server silo restrictions test
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Nov 29 04:15:27 UTC 2023 on atb-devel-224
2023-11-29 04:15:27 +00:00
Rob van der Linde
834fc223e2 python: tests: claims blackbox tests use ntstatus constants
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-11-29 03:11:34 +00:00
Rob van der Linde
0d907a0214 tests: claims blackbox: use raw strings rather than escaping \
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-11-29 03:11:34 +00:00
Rob van der Linde
dc74cabaa4 tests: claims: blackbox device tests
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-11-29 03:11:34 +00:00
Andrew Bartlett
64212a371b selftest: Run samba.tests.gensec in an enviroment build also with MIT Krb5
We would like confidence that the FAST hooks work with both implementations.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-11-29 03:11:34 +00:00
Andrew Bartlett
c49fd98ed7 s4-auth/kerberos: Use FAST credentials for armor if specified in cli_credentials
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-11-29 03:11:34 +00:00
Andrew Bartlett
0293d233bf python/tests: Add test for creds.set_krb5_fast_credentials()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-11-29 03:11:34 +00:00
Andrew Bartlett
ebdb1f6b43 python/tests: Lock in key-word arguments as key-word only in samba.tests.gssapi
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-11-29 03:11:34 +00:00
Andrew Bartlett
61b0397de2 python/tests: Import samba.gensec, not gensec
This allows this function to be used by gensec.py (a test) without collision.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-11-29 03:11:34 +00:00
Andrew Bartlett
cc2c9b2a1e auth/credentials: Add Python bindings for association of a connection for FAST
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-11-29 03:11:34 +00:00
Andrew Bartlett
bed1893a75 auth/credentials: Add API to allow requesting a Kerberos ticket to be protected with FAST
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-11-29 03:11:34 +00:00
Andrew Bartlett
dbb682f5fa build: Add build time detection for the MIT FAST ccache API
This will allow us to link against an older system Heimdal.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-11-29 03:11:34 +00:00
Andrew Bartlett
6222d572ee third_party/heimdal: Provide krb5_init_creds_opt_set_fast_ccache() and krb5_init_creds_opt_set_fast_flags() (import lorikeet-heimdal-202311290114 (commit 4c8517e161396330c76240bf09609a0dd5f9ea20))
It is easier for external callers to manipulate the krb5_get_init_creds_opt
(via the helpers) as this is passed down from higher up than the krb5_init_creds_context.

And just as importantly, alignment with MIT makes end-user callers happier.

Finally, this resolves the ambiguity as to which layer owns the
krb5_ccache, because now we match the MIT behaviour the init_creds code
re-opens a private copy inside libkrb5, meaning the caller closes the
cache it opened, rather than handing it over to the library.

(The unrelated changes are fixes to the test_pac test, also included in this import,
but in distinct lorikeet-heimdal commits, to allow it to compile)

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-11-29 03:11:34 +00:00
Douglas Bagnall
a757a51a26 libcli/security: note suboptimality of conditional ACE Contains operators
The Contains and Any_of operators could use a sorted comparison like
compare_composites_via_sort(), rather than O(n²) nested loops. But
that would involve amount of quite fiddly work that I am not starting
on now.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Nov 27 23:38:13 UTC 2023 on atb-devel-224
2023-11-27 23:38:13 +00:00
Douglas Bagnall
2eb00c0bba libcli/security: comparability check: claim members are of one type
We know from the way claims are defined, and from the code that checks
sortedness and sets the flag.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-27 22:37:32 +00:00
Douglas Bagnall
55999b7b7b libcli/security: shift comparability check to shortcut exits
The ordinary comparison path, using the sorted arrays, already implicitly
checks for comparability. We only need this when we're leaving early.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-27 22:37:32 +00:00
Douglas Bagnall
6c6f25904e libcli/security: add shortcuts for conditional ACE compare
If the number of members does not match in certain ways we can
say the sets are not equal without comparing the members.

We first need to check for comparability, though, so that we can return
an error if things aren't comparable.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-27 22:37:32 +00:00
Douglas Bagnall
8bad19c42e libcli/security: improve conditional ACE composite comparison
We had the comparison method wrong. Composites are compared as sets or
flabby sets, depending on their origin. Until now we compared them as
something a bit like sets, but not quite, in a maximally inefficient way.

Claims are always sets, and the left hand side is always a claim, but
literal composites on the right hand side can be multi-sets
(containing duplicate values). When it comes to comparison, composites
are reduced down to sets. To do the comparison we sort each side and
compare in order.

The fact that either side might ask for case-sensitive comparison (if
it is a claim) is an interesting complication.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-27 22:37:32 +00:00
Douglas Bagnall
6a07d2fe44 libcli/security: separate out claim_v1_to_ace_composite_unchecked()
For SDDL Resource ACE conversions we don't want to check too much
claim validity so that a semi-invalid ACE can round-trip through
deserialisation and serialisation. This is because Windows allows it,
but also because if the check puts the values in a sorted order that
makes the round-trip less round (that is, the return string is
semantically the same but possibly different in byte order).

The validity we're talking about is mostly uniqueness. For example
`S:(RA;;;;;WD;("foo",TU,0,7,5,7))` has two 7s, and that would be
invalid as a claim, but this is not checked while in ACE form.

On the other hand `S:(RA;;;;;WD;("foo",TU,0,3,2))` is valid, but the
return string will have 3 and 2 reversed when the check is made. We
prefer the ACE to stay the same while it is just being an ACE.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-27 22:37:32 +00:00
Douglas Bagnall
e338625ebf libcli/security: avoid leak on SDDL encode failure
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-27 22:37:32 +00:00
Douglas Bagnall
4f56c70283 libcli/security: claim_v1_to_ace_token(): avoid unnecessary re-sort
If it is a wire claim (which is probably most common), the checking
and sorting has already happened. We don't need to make a copy to
sort and check.

In either case, there is still a copy step to make the conditional ACE
token.

This shuffles around some knownfails because the claim_v1_copy()
function we were using is checking for duplicates, which we don't
always want. That will be fixed soon.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-27 22:37:32 +00:00
Douglas Bagnall
e223ce4a93 libcli/security: add_claim_to_token() re-sorts/checks claims
This function is used in tests and fuzzing.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-27 22:37:32 +00:00
Douglas Bagnall
843fd4d15f libcli/security: resource attribute claims use claim_v1_check_and_sort()
Because RA ACEs live a double life, sometimes being ACEs and sometimes
being claims, we make a copy of the claim strucutre for sorting and
further use in conditional ACEs.

We don't need to do that for wire claims, because they are not
persistent or forwarded on to somewhere else.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-27 22:37:32 +00:00
Douglas Bagnall
8074257c3a libcli/security: wire claim conversion uses claim_v1_check_and_sort()
This roughly returns things to where they were a few commits ago, with
the claims being checked for uniqueness.

The difference is the claims will be sorted afterwards, and the
uniqueness check will be far more efficient on large claims.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-27 22:37:32 +00:00
Douglas Bagnall
4b032d2558 libcli/security: claim_v1_check_and_sort(): add all types
To manage this sort we need a qsort_r-like sort context which holds:

a) the value type,
b) a case sensitive flag for the string compare, and
c) a return flag indicating a failure. Failures are not picked up until
   after the sort finishes.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-27 22:37:32 +00:00
Douglas Bagnall
a19f914fb9 libcli/security: begin claim_v1_check_and_sort with Boolean checks
claim_v1_check_and_sort() is meant to sort the claim values and check
that there are no duplicates, as well as making some value checks.

In order to ease into the idea, we look first at the case where the claim
has Boolean values. There are only two values allowed, which limits the
length of a valid claim set and means we only really need to "sort" in
the {1, 0} case, which we rewrite in place as {0, 1}.

That's what will happen with other types: we'll sort in-place, make
some checks on values, set flags, and return an error if there are
duplicates or value errors.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-27 22:37:32 +00:00
Douglas Bagnall
4ebb488e51 libcli/security: don't allow two NULL string claims
This restores the behaviour with regard to duplicate NULL strings that
existed before the last commit. I'm putting it separately, because it
seems so strange, and I not entirely certain the behaviour is
intentional.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-27 22:37:32 +00:00
Douglas Bagnall
1c88dfc6ac libcli/security: wire claims conversion: remove strings uniqueness check
This changes the behaviour when one of the strings is NULL. Previously
a single NULL string would be ignored, and two would cause an error.
That will be restored in the next commit.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-27 22:37:32 +00:00
Douglas Bagnall
08096fd5b4 libcli/security: int wire claims drop uniqueness check
And we allocate all the values together as an array, because
we might as well.

This and the next couple of commits might look like steps backwards,
and they are, but they allow us to get a run-up to leap over a big
fence.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-27 22:37:32 +00:00
Douglas Bagnall
10fd3e5836 libcli/security: simplify wire claim conversion mem, 3/3: rm tmp_ctx
The interstitial tmp_ctx now does nothing but be interstitial, so
let's get rid of it.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-27 22:37:32 +00:00
Douglas Bagnall
d7da41a9be libcli/security: simplify wire claim conversion mem, 2/3: one tree
These values would have leaked in the event of failure (but only onto
the caller mem_ctx, which might be fleeting -- especially as its
security token is now failing).

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-27 22:37:32 +00:00
Douglas Bagnall
7656d13334 libcli/security: simplify wire claim conversion mem, 1/3: avoid NULL parent
The reason for this, apart from weighing up possible over-allocations
vs realloc costs, is in the first iteration of the loop,

       claim_values = talloc_array(claims,

would allocate onto NULL, which leaks.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-27 22:37:32 +00:00
Douglas Bagnall
a836ad1442 pytest: conditional_ace_claims tests large composite comparisons
Our composite comparisons are currently all wrong.

Soon they will be fixed, but we are going to have an inflection point
where we switch from the naive compare-everything approach to a sort
based comparison, and we want to test both sides. Also, we use these
tests for a little bit of timing, which reveals it is all fast enough.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-27 22:37:32 +00:00
Douglas Bagnall
cea44421eb libcli/security/sddl: improve some SDDL error messages
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-27 22:37:32 +00:00
Douglas Bagnall
bc9da95682 pytest: conditional_ace_claims: write_c_test_on_failure() copes with claims
*copes badly, but better than crashing.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-27 22:37:32 +00:00
Douglas Bagnall
4cc91d2828 pytest: token_factory note that a flag is not set
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-27 22:37:32 +00:00
Douglas Bagnall
51d9444baa pytest: token_factory copes with empty claims
We don't have a good story yet with regard to empty claims, but we at
least want to be able to create them in tests.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-27 22:37:32 +00:00