IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This must only be used between winbindd parent and child!
It must not leak into outside world.
Some backends require ID_TYPE_UID or ID_TYPE_GID as type_hint,
while others may only need ID_TYPE_BOTH in order to validate that
the domain exists.
This will allow us to skip the wb_lookupsids_send/recv in the winbindd parent
in future and only do that on demand.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
This makes it clear that it's a hint from the parent to the
child.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Oct 17 10:46:12 UTC 2020 on sn-devel-184
This will be used by a test and the DNS server code to parse short dnsProperty
records which come from Windows servers.
This example is from the value that caused Samba to fail as it
can not be parsed as a normal dnsp_DnsProperty
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14310
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
If the struct has zero or two schedules, that is what it has, and we
should let that be.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Mar 22 06:19:51 UTC 2020 on sn-devel-184
Found while trying to run winexe against Windows Server 2019.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14313
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Limit the max_recursion on self recursive definitions in the idl to
20,000. This value is hopefully large eneough to not impact normal
operation, but small eneough to prevent stack over flow issues.
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19820
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14254
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Feb 27 02:29:21 UTC 2020 on sn-devel-184
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jan 16 21:34:27 UTC 2020 on sn-devel-184
This is like close-share, but kicks out only active users where share
access controls are changed such that now access would be denied
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The charset determination makes it more difficult to deal with the real
REG_MULTI_SZ nature of that element.
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Dec 18 08:05:05 UTC 2019 on sn-devel-184
We need to focus the fuzzing effort on reachable code, and these IDL
are just historical artifacts, many are entirely [todo] and have
no samba client nor server.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
There are two concerns here, assuming the attacker can place arbitary values
in a dnsProperty attribute over LDAP (eg is a DNS administrator).
This comes from the fact that id is used as the switch value at the C layer
but at the NDR layer the wDataLength value is considered first.
One concern is that a pull/push round-trip could include server memory:
The previous switch_is() behaviour could store the server memory back
into the attribute.
However this pattern of pull/push only happens in ndrdump and fuzzing tools, as
dnsserver_db_do_reset_dword() operates only on the uint32/bitmap union
arms, and fully initialises those.
The other is that a pull of the attacker-supplied value could
cause the server to expose memory.
This would be over the network via DNS or the RPC dnsserver protocols.
However at all times the ndr_pull_struct_blob is passed zeroed memory.
The final concern (which fuzz_ndr_X found) is that in the ndr_size_dnsPropertyData()
the union descriminent is only id.
This has no impact as only zeroed memory is used so there will be a
zero value in all scalars, including data->d_ns_servers.AddrArray.
Therefore the server will not crash processing the attacker-supplied blob
[MS-DNSP] 2.3.2.1 dnsProperty has no mention of this special behaviour.
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dnsp/445c7843-e4a1-4222-8c0f-630c230a4c80
This was known as CVE-2019-14908 before being triaged back to a normal bug.
Found by Douglas Bagnall using Hongfuzz and the new fuzz_ndr_X fuzzer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14206
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@samba.org>
This NDR fuzzer links with each "interface" in the IDL files to
create avsingle binary. This tries to matches what the fuzzing
engines desire.
It started as a copy of ndrdump but very little of that remains
in place.
The fancy build rules try to avoid needing a lof of boilerplate
in the wscript_build files and ensure new fuzzers are generated
and run when new IDL is added automatically.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We can do this because ndr_{pull,push}_CFDATA is unused.
The earlier commit 466d5e814727046dd630d5503b43874ec46a365e removed
the link between "uint16 cbData" and the size of "DATA_BLOB ab" so
when the new ndr_fuzz_X fusser pushed a new structure this allowed
a read beyond the end of allocated memory.
The ndr_push_cab_file() function is also manually written and
does not rely on the value of cbData to calculate the checksum.
Found by Douglas Bagnall using Hongfuzz and the new fuzz_ndr_X
fuzzer, which like ndrdump's struct mode uses the public structure
tables. (This is how it found the unused functions to test).
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This allows ndrdump --validate to avoid following a NULL pointer when re-pushing
a valid but unusual input.
It also avoids an issue if the Samba server code were to provide a response
without an EncryptedRandomSessionKey.
At this stage ntlmssp.idl is not used for this, instead the packets are
generated with msrpc_gen().
Found by Douglas Bagnall using Hongfuzz and the new fuzz_ndr_X
fuzzer.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Nov 20 06:06:29 UTC 2019 on sn-devel-184
It is important that the generated print function checks r->messages
before de-referencing r->messages[num] as r->num can be non-zero
while r->messages is NULL.
There is not witness server in Samba and print functions are only
used during debugging and ndrdump in any case.
The change in the IDL does not change the header and the IDL
function is already nopull,nopush so only the print function changes.
Found by Douglas Bagnall using Honggfuzz and a new fuzzer for
Samba's NDR layer.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This requires that misc.GUID not move in the IDL, so a comment is added.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14191
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This is just a list of event IDs, there are no structures to parse.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14191
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-progammed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This helps generate fuzzers for this IDL.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
We do not have a server for this DCOM component so do not generate
the code for it.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
We do not have a server for the Win32 Time Server so do not generate
the code for it.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
We do not have a client or server for this DCOM component so do not generate
the code for it.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
We do not have a source4 varient of the dfs server, so do not generate
the code for it.
DFS is very closely tied to SMB so we use the DFS server in
smbd.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
We do not have a source3 varient of the unixinfo server, so do not generate
the code for it.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
We do not have a server for the DCOM Remote activation service, so do not generate
the code for it.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
We do not have a source4 varient of the ntsvcs server, so do not generate
the code for it.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
We do not have a source4 varient of the initshutdown server, so do not generate
the code for it.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This avoids building server-side code we do not use and so makes the build
smaller and code auditing easier.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
No change in behaviour, this just changes all functions to take the
policy_handle argument as pointer instead of passing it by value.
This is how all other IDLs pass it.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Oct 9 15:52:55 UTC 2019 on sn-devel-184
