1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

5091 Commits

Author SHA1 Message Date
Joseph Sutton
65c473d4a5 CVE-2021-20251 s3: Ensure bad password count atomic updates for SAMR password change
The bad password count is supposed to limit the number of failed login
attempt a user can make before being temporarily locked out, but race
conditions between processes have allowed determined attackers to make
many more than the specified number of attempts.  This is especially
bad on constrained or overcommitted hardware.

To fix this, once a bad password is detected, we reload the sam account
information under a user-specific mutex, ensuring we have an up to
date bad password count.

Derived from a similar patch to source3/auth/check_samsec.c by
Jeremy Allison <jra@samba.org>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-09-12 23:07:38 +00:00
Joseph Sutton
6932ccf3cc s3:rpc_server: Fix typo in error message
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-09-12 23:07:37 +00:00
Jeremy Allison
63e569a48c s3: smbd: Remove allow_broken_path from create_junction().
We no longer look at it, we know we must have a canonicalized
DFS path here.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-08-28 19:59:28 +00:00
Jeremy Allison
32f6eb2e98 s3: smbd: Remove allow_broken_path from get_referred_path() and it's callers.
It no longer looks at this bool, we must already have a
canonicalized path here.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-08-28 19:59:28 +00:00
Volker Lendecke
7c26512b6d smbd: Adapt np_[read|write]_send() to more recent tevent_req conventions
We usually don't do "goto post_status;" anymore

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-08-26 18:54:37 +00:00
Ralph Boehme
c949e4b2a4 smbd: use metadata_fsp() with SMB_VFS_FGET_NT_ACL()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2022-08-10 15:32:35 +00:00
Jeremy Allison
d21cf6bbb1 s3: smbd: Cleanup - integer align. consumedcnt should be a size_t.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2022-08-05 09:24:30 +00:00
Ralph Boehme
61c6a00f55 mdssvc: check if the user closed the query before trying to read the HTTP response from Elasticsearch
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14915

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <npower@samba.org>

Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Wed Aug  3 14:00:36 UTC 2022 on sn-devel-184
2022-08-03 14:00:36 +00:00
Ralph Boehme
c9ecd33ad7 mdssvc: fold two if blocks into one
No change in behaviour.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14915

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
2022-08-03 13:00:36 +00:00
Ralph Boehme
ac13935a58 mdssvc: don't trigger http reconnect if a search was cancelled
Calling tevent_req_error() triggers a HTTP reconnect in mds_es_search_done() as
mds_es_search_recv() returns the error so we call mds_es_reconnect_on_error().

slq (which is s->slq) or s->mds_es_ctx will be NULL if the user closed a search
or disconnected a share with an active mdssvc IPC pipe, no need to trigger a
HTTP reconnect for those cases.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14915

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
2022-08-03 13:00:36 +00:00
Ralph Boehme
1150d121b7 mdssvc: fix check if search connection state is gone
This was dead code: before this patchset noone set s->mds_es_ctx->mds_ctx to
NULL. A previous commit changed that so now the mds_es_ctx destructor sets
s->mds_es_ctx to NULL if a search "s" was currently in-flight.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14915

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
2022-08-03 13:00:36 +00:00
Ralph Boehme
9b0e61ff75 mdssvc: reapply default search destructor when marking a search non-pending
This is needed to ensure searches that are scheduled more then once to the
Elasticsarch server (because the first run didn't return all results) get
removed from the list of searches in case the user closes the query.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14915

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
2022-08-03 13:00:36 +00:00
Ralph Boehme
9b56c7030f mdssvc: prevent a crash when pending search finishes after the client closed the search connection
When a search is in-flight and currently being processed against the
Elasticsearch server, we set s->pending. In the destructor of "s" we check "pending"
and reject deallocation of the object.

One instance where "s" is requested to be deallocated is when the client closes
the top-level per-share search connection. This will implicitly close all
searches associated with the mds_ctx from mds_ctx_destructor_cb():

	while (mds_ctx->query_list != NULL) {
		/*
		 * slq destructor removes element from list.
		 * Don't use TALLOC_FREE()!
		 */
		talloc_free(mds_ctx->query_list);
	}

So when this happens the Elasticsearch backend query object stays around,
alongside with any active tevent_req request and a tevent_req timer set with
tevent_req_set_endtime() in mds_es_search_send().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14915
RN: mdssvc crashes when searches are pending and the client closes the mdssvc IPC pipe

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
2022-08-03 13:00:36 +00:00
Ralph Boehme
2fc2c7d4b0 mdssvc: move calling mds_es_search_set_pending() to mds_es_next_search_trigger()
This makes the calls to mds_es_search_set_pending() and
mds_es_search_unset_pending() symmetric. No change in behaviour.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14915

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
2022-08-03 13:00:36 +00:00
Ralph Boehme
5b750d6b33 mdssvc: consolidate calls of mds_es_search_unset_pending()
Both codepaths were mds_es_search_unset_pending() is currently called end up
going through the higher level callback mds_es_search_done(). Moving the call to
mds_es_search_unset_pending() ensures we call it consistently and don't miss it
in some error code path.

Otherwise no change in behaviour.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14915

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
2022-08-03 13:00:36 +00:00
Ralph Boehme
c0d46796d4 mdssvc: update a comment
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14915

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
2022-08-03 13:00:36 +00:00
Ralph Boehme
3254622a30 mdssvc: fix a comment
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14915

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
2022-08-03 13:00:36 +00:00
Jeremy Allison
c3737300ed s3: smbd: Convert _srvsvc_NetSetFileSecurity() to use filename_convert_dirfsp().
One less use of filename_convert().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2022-08-02 19:49:32 +00:00
Jeremy Allison
d89ec90c87 s3: smbd: Convert _srvsvc_NetGetFileSecurity() to use filename_convert_dirfsp().
One less use of filename_convert().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2022-08-02 19:49:32 +00:00
Andreas Schneider
1ca42e12ef s3:rpc_server: Implement dcesrv_samr_ChangePasswordUser4()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-07-28 11:51:29 +00:00
Andreas Schneider
f904f41820 s3:rpc_server: Implement SAMR SetUserInfo(2) level 32
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-07-28 11:51:29 +00:00
Andreas Schneider
3f72918a16 s3:rpc_server: Implement support for SAMR SetUserInfo level 31
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-07-28 11:51:29 +00:00
Andreas Schneider
c26f696169 s3:rpc_server: Remove obosolete copy_id26_to_sam_passwd()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-07-28 11:51:29 +00:00
Andreas Schneider
c975394edf s3:rpc_server: Use copy_pwd_expired_to_sam_passwd() in set_user_info_26()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-07-28 11:51:29 +00:00
Andreas Schneider
cb2d9429a8 s3:rpc_server: Add copy_pwd_expired_to_sam_passwd() for SAMR
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-07-28 11:51:29 +00:00
Andreas Schneider
b54188cbe3 s3:rpc_server: Set missing debug class for srv_samr_chgpasswd
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-07-28 11:51:29 +00:00
Andreas Schneider
2ecdbe17e8 samr.idl: Add samr_ChangePasswordUser4()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-07-28 11:51:29 +00:00
Andreas Schneider
308f89ce6a samr:idl: add samr_SupportedFeatures for samr_Connect5()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-07-28 11:51:28 +00:00
Ralph Boehme
23e6e50c0f mdssvc: return all-zero policy handle if spotlight is disabled
A Mac SMB server returns an all zero handle and an empty path if Spotlight is
disabled on a share. We must return the exact same error return in order to
trigger client-side searching.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15086
pcap: https://www.samba.org/~slow/pcaps/mac-bigsur-smbserver-spotlight-disabled.pcapng.gz

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <npower@samba.org>

Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Tue Jul 12 15:42:52 UTC 2022 on sn-devel-184
2022-07-12 15:42:52 +00:00
Ralph Boehme
72468166b2 mdssvc: convert mds_init_ctx() to return NTSTATUS
No change in behavour. In preperation for returning a special error to signal
the caller that spotlight is disabled for a share.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15086

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
2022-07-12 14:45:36 +00:00
Ralph Boehme
d54144356a mdssvc: fix indentation
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15086

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
2022-07-12 14:45:36 +00:00
Volker Lendecke
11d3d2aeac rpc_server3: Initialize mangle_fns in classic and spoolss
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15118
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>

Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Tue Jul 12 13:33:14 UTC 2022 on sn-devel-184
2022-07-12 13:33:14 +00:00
Michael Tokarev
17c733d946 spelling: connnect encrytion exisit expection explicit invalide missmatch paramater paramter partion privilige relase reponse seperate unkown verson authencication progagated
Tree-wide spellcheck for some common misspellings.

source3/utils/status.c has misspelled local variable (unkown_dialect).

"missmatch" is a known historical misspelling, only the incorrect
misspellings are fixed.

source3/locale/net/de.po has the spelling error (unkown) in two msgids -
it probably should be updated with current source.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-06-10 18:12:33 +00:00
Joseph Sutton
feb36dbebf lib/util: Change function to mem_equal_const_time()
Since memcmp_const_time() doesn't act as an exact replacement for
memcmp(), and its return value is only ever compared with zero, simplify
it and emphasize the intention of checking equality by returning a bool
instead.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-06-09 22:49:29 +00:00
Joseph Sutton
a554e2ce53 lib/util: Change function to data_blob_equal_const_time()
Since data_blob_cmp_const_time() doesn't act as an exact replacement for
data_blob_cmp(), and its return value is only ever compared with zero,
simplify it and emphasize the intention of checking equality by
returning a bool instead.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-06-09 22:49:29 +00:00
Joseph Sutton
ae6634c787 auth: Use constant-time memcmp when comparing sensitive buffers
This helps to avoid timing attacks.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15010

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-06-09 22:49:29 +00:00
Volker Lendecke
be944dce00 srvsvcd: Silence a integer type warning
Okay because lp_csc_policy() is an enum with 4 choices

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri May 20 19:59:07 UTC 2022 on sn-devel-184
2022-05-20 19:59:07 +00:00
Volker Lendecke
5f82f01a3b srvsvcd: Avoid an "else" due to the early return
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-05-20 19:02:37 +00:00
Volker Lendecke
d4a6e72d5c srvsvcd: Directly initialize variables in count_for_all_fn()
Easier to read for me

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-05-20 19:02:37 +00:00
Volker Lendecke
48168614d4 srvsvcd: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-05-20 19:02:37 +00:00
Volker Lendecke
c90aff07ab srvsvcd: Fix shareinfo2 max_connections calculation
lp_max_connections() being an int could be >UINT32_MAX

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-05-20 19:02:37 +00:00
Volker Lendecke
8ea8526d13 srvsvcd: Use UINT32_MAX where appropriate
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-05-20 19:02:37 +00:00
Volker Lendecke
04e0e02c69 srvsvc: Announce [username] in NetShareEnum
This patch has two flaws: First, it does not cover api_RNetShareEnum()
for SMB1, and the second one is: To make this elegant, we would have
to restructure our share handling. It is really only listing shares
for which we have to pull in everything from smb.conf, registry,
usershares and potentially printers. What we should do is modify our
loadparm handling to only load share definitions on demand and for
listing shares handle all the potential sources specially. Add code
that walks the registry shares without adding them to our services
list and so on.

This patch is the quick&dirty way to fix the bug, the alternative
would be weeks or more. And hopefully nobody notices the SMB1
problem...

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15062

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May 18 17:42:20 UTC 2022 on sn-devel-184
2022-05-18 17:42:20 +00:00
Volker Lendecke
20cbade5b1 srvsvc: Add a central return point to init_srv_share_info_ctr()
Soon there will be cleanup work to do.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15062

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-05-18 16:50:34 +00:00
Volker Lendecke
6086a73f4e Revert "vfs: remove dirfsp arg from SMB_VFS_CREATE_FILE()"
This reverts commit 322574834f.

Not strictly a revert anymore, but for future work we do need "dirfsp"
in create_file_default() passed through the VFS.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-04-28 13:12:33 +00:00
Ralph Boehme
643da37fd1 smbd: remove itime and file_id logic and code
This bases File-Ids on the inode numbers again. The whole stuff was
added because at that time Apple clients

1. would be upset by inode number reusage and

2. had a client side bug in their fallback implemetentation that
assigns File-Ids on the client side in case the server provides
File-Ids of 0.

After discussion with folks at Apple it should be safe these days to
rely on the Mac to generate its own File-Ids and let Samba return 0
File-Ids.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-03-31 23:01:37 +00:00
Jeremy Allison
2b246dbf68 s3: smbd: mdssvc: All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp,
we must call vfs_stat_fsp() as this preserves the iflags.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-03-24 16:28:37 +00:00
Volker Lendecke
5030bba13a samba-dcerpcd: Silence a DEBUG message
This is not worth a debuglevel 1 message

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Feb 22 10:16:44 UTC 2022 on sn-devel-184
2022-02-22 10:16:44 +00:00
Volker Lendecke
f5bc73a2ad smbd: NULL out "fsp" in close_file()
Quite a few places already had this in the caller, but not all. Rename
close_file() to close_file_free() appropriately. We'll factor out
close_file_smb() doing only parts of close_file_free() later.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-02-10 18:16:36 +00:00
Volker Lendecke
69f2352c49 mdssvc: Align an integer type
In libjansson 2.13.1 json_array_size() returns a size_t

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-02-01 19:09:34 +00:00