1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

721 Commits

Author SHA1 Message Date
Volker Lendecke
eb8968534d libnet3: Fix Coverity ID 1034874 Resource leak
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2024-11-19 18:11:29 +00:00
Stefan Metzmacher
d1a3c74eb9 s3:rpc_client: pass remote_{name,sockaddr} to rpccli_connect_netlogon()
Otherwise this can only work with NCACN_NP...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2024-09-26 15:22:46 +00:00
Stefan Metzmacher
10d34de8d3 s3:libnet: make use of rpccli_connect_netlogon() instead of reimplement the logic
We only need the logic to setup a full netlogon connection once...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2024-09-26 15:22:46 +00:00
Stefan Metzmacher
099c8d904e s3:libnet_dssync: make use of dcerpc_binding_handle_auth_session_key()
Note we only need to call this once per connection, not after
each request...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2024-09-26 15:22:45 +00:00
Stefan Metzmacher
56175a0947 s3:libnet_join: make use of dcerpc_binding_handle_transport_session_key()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2024-09-26 15:22:45 +00:00
Jo Sutton
d603d8b392 s3:libnet: Fix code spelling
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-08-04 00:32:39 +00:00
Pavel Filipenský
eeb79875c6 s3:libnet: Sync keytab during libnet_join_create_keytab()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 17:12:36 +00:00
Andreas Schneider
382c300acd s3:libnet: Convert myalias to lower case
This will be more consistent as it is a dnsname.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-05-22 20:33:36 +00:00
Andreas Schneider
0e96092c18 s3:libnet: Use lp_dns_hostname() in libnet_join.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-05-22 20:33:36 +00:00
Stefan Metzmacher
83f03513fd s3:libnet: add a debug message to libnet_keytab_add_to_keytab_entries()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-05-22 03:04:34 +00:00
Stefan Metzmacher
888a785f47 s3:libnet: add support for trusted domains in libnet_dssync_keytab.c
It means that keytabs generated via 'net rpc vampire keytab' are
able to decrypt cross-realm tickets in wireshark.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-05-22 03:04:34 +00:00
Stefan Metzmacher
2b2cc54472 s3:libnet: split out store_or_fetch_attribute() from parse_user() in libnet_dssync_keytab.c
This way we can easily re-use the logic in the next commits...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-05-22 03:04:34 +00:00
Stefan Metzmacher
feff15fc88 s3:libnet: split out parse_user() in libnet_dssync_keytab.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-05-22 03:04:34 +00:00
Stefan Metzmacher
52df406387 s3:libnet: let parse_user() in libnet_dssync_keytab.c work without nt hash
It happens in setups with 'nt hash store = never'.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-05-22 03:04:34 +00:00
Stefan Metzmacher
2de585a978 s3:include: remove unused krb5_env.h
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-05-14 10:18:31 +00:00
Stefan Metzmacher
f4f31236c4 s3:libnet_join: pass down cli_credentials *admin_credentials to libnet_{Join,Unjoin}Ctx()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-05-14 10:18:31 +00:00
Andreas Schneider
bf688e0d2a s3:libnet: Fix memory leak in libnet_join_connect_dc_ipc()
Direct leak of 885 byte(s) in 1 object(s) allocated from:
    #0 0x7f261b8dc03f in malloc (/lib64/libasan.so.8+0xdc03f) (BuildId: 3e1694ad218c99a8b1b69231666a27df63cf19d0)
    #1 0x7f261b2c2bc2 in __talloc_with_prefix ../../lib/talloc/talloc.c:783
    #2 0x7f261b2c543c in _talloc_pool ../../lib/talloc/talloc.c:838
    #3 0x7f261b2c543c in _talloc_pooled_object ../../lib/talloc/talloc.c:906
    #4 0x7f261a69cac9 in __tevent_req_create ../../lib/tevent/tevent_req.c:98
    #5 0x7f261a75bf55 in cli_full_connection_creds_send ../../source3/libsmb/cliconnect.c:3455
    #6 0x7f261a75c4b7 in cli_full_connection_creds ../../source3/libsmb/cliconnect.c:3818
    #7 0x7f261b70d39f in libnet_join_connect_dc_ipc ../../source3/libnet/libnet_join.c:1146
    #8 0x7f261b715794 in libnet_join_lookup_dc_rpc ../../source3/libnet/libnet_join.c:1188
    #9 0x7f261b715794 in libnet_DomainJoin ../../source3/libnet/libnet_join.c:2812
    #10 0x7f261b715794 in libnet_Join ../../source3/libnet/libnet_join.c:3040
    #11 0x555bd93671ea in net_ads_join ../../source3/utils/net_ads.c:1855
    #12 0x555bd9415ca9 in net_join ../../source3/utils/net_join.c:45
    #13 0x555bd940b972 in net_run_function ../../source3/utils/net_util.c:464
    #14 0x555bd9363129 in main ../../source3/utils/net.c:1372
    #15 0x7f2616a281af in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-04-29 08:43:32 +00:00
Andreas Schneider
d2297b41a2 s3:libsmb: Pass memory context to cli_full_connection_creds()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-04-29 08:43:32 +00:00
Joseph Sutton
0c2d2f833e s3:libnet: Remove always‐false comparison (CID 241309)
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-13 02:18:31 +00:00
Joseph Sutton
d7331a6821 s3:libnet: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-11 02:42:41 +00:00
Joseph Sutton
b3c47b6583 s3:libnet: Fix reference to incorrect function names
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-21 23:37:29 +00:00
Joseph Sutton
4004ded906 s3:libnet: Remove unnecessary cast
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-21 23:37:29 +00:00
Joseph Sutton
f798cf932e s3:libnet: Add missing newline to logging message
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:38 +00:00
Günther Deschner
bf7fbf7e2b s3-net: no secrets access required when processing a ODJ provisioning
It should be possible to call "net offlinejoin provision" as non-root,
no access to secrets.tdb required in that case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15414

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Jul  5 09:23:22 UTC 2023 on atb-devel-224
2023-07-05 09:23:22 +00:00
Andrew Bartlett
937bf4b836 librpc/ndr: Unimplement DRSUAPI_COMPRESSION_TYPE_XPRESS and rename
DRSUAPI_COMPRESSION_TYPE_XPRESS is not MS-XCA nor is it implemented by
lzexpress_compress(), so disconnect from that algorithm.

This avoids someone fixing lzxpress_compress() to work for DRSUAPI
and breaking claims support.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-03-31 01:48:30 +00:00
Günther Deschner
39e8489dfc s3-librpc: add ads.idl and convert ads_struct to talloc.
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-16 20:38:32 +00:00
Stefan Metzmacher
40b47c194d CVE-2022-37966 s3:libnet: no longer reference des encryption types
We no longer have support for des encryption types in the kerberos
libraries anyway.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-13 13:07:30 +00:00
Stefan Metzmacher
1a36c348d7 CVE-2022-37966 s3:libnet: remove unused ifdef HAVE_ENCTYPE_AES*
aes encryption types are always supported.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-13 13:07:30 +00:00
Samuel Cabrero
ed784ed07e s3:libads: Allocate ads->auth.ccache_name under ADS_STRUCT talloc context
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-06-27 15:50:30 +00:00
Samuel Cabrero
633ccc55c0 s3:libads: Allocate ads->auth.user_name under ADS_STRUCT talloc context
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-06-27 15:50:30 +00:00
Samuel Cabrero
d64335eaef s3:libads: Allocate ads->auth.password under ADS_STRUCT talloc context
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-06-27 15:50:30 +00:00
Samuel Cabrero
c1ab39163b s3:libads: Allocate ads->auth.realm under ADS_STRUCT talloc context
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-06-27 15:50:30 +00:00
Samuel Cabrero
d0dc0171ad s3:libads: Allocate ADS_STRUCT under a talloc context
The ads_destroy() function is now static and only called from the
ADS_STRUCT destructor.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-06-27 15:50:30 +00:00
Samuel Cabrero
9cbe5503ba s3:libnet: Allocate a temporary talloc context in libnet_connect_ads()
Prepare to allocate ADS_STRUCT under a talloc context. Pass a talloc
context where the ads struct will be moved on success.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-06-27 15:50:29 +00:00
Samuel Cabrero
392cd13778 s3:libnet: Allocate the machine name string under its container's talloc context
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-06-27 15:50:29 +00:00
Samuel Cabrero
1b4d33d872 s3:libnet: Allocate the machine name string under its container's talloc context
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-06-27 15:50:29 +00:00
Samuel Cabrero
4dde5e747d s3:libnet: Fix talloc frame not freed in order
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-05-23 18:25:28 +00:00
Pavel Filipenský
fa5413b63c s3:libnet: Do not set ADS_AUTH_ALLOW_NTLMSSP in FIPS mode
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14955

Pair-Programmed-With: Andreas Schneider <asn@samba.org>

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Jan 22 00:27:52 UTC 2022 on sn-devel-184
2022-01-22 00:27:52 +00:00
Pavel Filipenský
2e64984634 s3:libnet: Fix dereference of NULL win7
Found by covscan.

Pair-Programmed-With: Andreas Schneider <asn@samba.org>

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-01-10 23:31:33 +00:00
Pavel Filipenský
82f53c82ed s3:libnet: Fix dead code in libnet_join.c
Found by covscan.

Pair-programmed-with: Andreas Schneider <asn@samba.org>

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-01-10 23:31:33 +00:00
Andreas Schneider
3397e04d71 s3:libnet: Initialize struct ODJ_POLICY_DNS_DOMAIN_INFO
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-12-15 19:32:30 +00:00
Günther Deschner
6bf3a39b11 s3:rpc_client: Pass remote name and socket to cli_rpc_pipe_open_schannel_with_creds()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14767

Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-12-02 13:59:31 +00:00
Andreas Schneider
34c57ebee0 s3:libnet: Remove tailing whitespaces in libnet_join.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14767

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-12-02 13:59:31 +00:00
Günther Deschner
eff9610e7b s3-libnet_join: always check config correctness while joining offline
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2021-07-14 16:49:30 +00:00
Günther Deschner
799384792a s3-libnet_join: check for netbios name correctness as well
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2021-07-14 16:49:30 +00:00
Günther Deschner
33ed555e9b s3-libnet_join: set netbios name as well when modification is requested
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2021-07-14 16:49:30 +00:00
Günther Deschner
8f3b994485 s3-libnet_join: use dsgetonedcname to validate given DC
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2021-07-14 16:49:30 +00:00
Günther Deschner
de32962039 s3-libnet_join: use joinprov3 struct in libnet_DomainOfflineJoin()
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2021-07-14 16:49:30 +00:00
Günther Deschner
1581d63bfe s3-libnet_join: add support for libnet_DomainOfflineJoin
libnet_DomainOfflineJoin will consume the provided offline domain join
blob and lay out libnet_Join information to properly store join metadata
in the local database.

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2021-07-14 16:49:30 +00:00
Günther Deschner
0d75503421 s3-libnet_join: fully implement libnet_odj_compose_OP_JOINPROV3_PART
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2021-07-14 16:49:30 +00:00