1
0
mirror of https://github.com/samba-team/samba.git synced 2025-02-25 17:57:42 +03:00

105246 Commits

Author SHA1 Message Date
Stefan Metzmacher
6e98de0158 samba: tag release samba-4.5.16
-----BEGIN PGP SIGNATURE-----
 
 iEYEABECAAYFAlqmbowACgkQbzORW2Vot+rCbQCeN6rCkAERSaaYU4l2SCRwQXI9
 93QAn3yfFmREstPdM0xHWvswIB6A0DRS
 =Deny
 -----END PGP SIGNATURE-----

Merge tag 'samba-4.5.16' into v4-5-test

samba: tag release samba-4.5.16
2018-03-13 11:00:06 +01:00
Karolin Seeger
4b43ad8703 VERSION: Disable GIT_SNAPSHOT for the 4.6.16 release.
CVE-2018-1050 (Denial of Service Attack on external print server.)
CVE-2018-1057 (Authenticated users can change other users' password.)

Signed-off-by: Karolin Seeger <kseeger@samba.org>
samba-4.5.16
2018-03-12 13:10:30 +01:00
Karolin Seeger
3e0aa7587c WHATSNEW: Add release notes for Samba 4.6.16.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
2018-03-12 13:09:35 +01:00
Ralph Boehme
36639815f3 CVE-2018-1057: s4:dsdb/acl: changing dBCSPwd is only allowed with a control
This is not strictly needed to fig bug 13272, but it makes sense to also
fix this while fixing the overall ACL checking logic.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-03-12 13:06:14 +01:00
Ralph Boehme
e5b8c81d29 CVE-2018-1057: s4:dsdb: use DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID
This is used to pass information about which password change operation (change
or reset) the acl module validated, down to the password_hash module.

It's very important that both modules treat the request identical.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-03-12 13:06:14 +01:00
Ralph Boehme
4adcba5f6a CVE-2018-1057: s4:dsdb/samdb: define DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID control
Will be used to pass "user password change" vs "password reset" from the
ACL to the password_hash module, ensuring both modules treat the request
identical.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-03-12 13:06:14 +01:00
Ralph Boehme
bb43ab081a CVE-2018-1057: s4:dsdb/acl: run password checking only once
This is needed, because a later commit will let the acl module add a
control to the change request msg and we must ensure that this is only
done once.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-03-12 13:06:14 +01:00
Ralph Boehme
67fa44aaf2 CVE-2018-1057: s4/dsdb: correctly detect password resets
This change ensures we correctly treat the following LDIF

  dn: cn=testuser,cn=users,...
  changetype: modify
  delete: userPassword
  add: userPassword
  userPassword: thatsAcomplPASS1

as a password reset. Because delete and add element counts are both
one, the ACL module wrongly treated this as a password change
request.

For a password change we need at least one value to delete and one value
to add. This patch ensures we correctly check attributes and their
values.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-03-12 13:06:14 +01:00
Ralph Boehme
6c980a03e5 CVE-2018-1057: s4:dsdb/acl: add a NULL check for talloc_new() in acl_check_password_rights()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-03-12 13:06:14 +01:00
Ralph Boehme
54c363e012 CVE-2018-1057: s4:dsdb/acl: add check for DSDB_CONTROL_PASSWORD_HASH_VALUES_OID control
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-03-12 13:06:14 +01:00
Ralph Boehme
6d5caffbf5 CVE-2018-1057: s4:dsdb/acl: check for internal controls before other checks
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-03-12 13:06:14 +01:00
Ralph Boehme
99f46aabe5 CVE-2018-1057: s4:dsdb/acl: remove unused else branches in acl_check_password_rights()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-03-12 13:06:14 +01:00
Ralph Boehme
d552abe8a2 CVE-2018-1057: s4:dsdb/acl: only call dsdb_acl_debug() if we checked the acl in acl_check_password_rights()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-03-12 13:06:14 +01:00
Ralph Boehme
abf925c2d1 CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for passwordAttr->num_values
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-03-12 13:06:14 +01:00
Ralph Boehme
7eabe3d477 CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for LDB_FLAG_MOD_TYPE
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-03-12 13:06:14 +01:00
Ralph Boehme
e5774640b0 CVE-2018-1057: s4:dsdb/tests: add a test for password change with empty delete
Note that the request using the clearTextPassword attribute for the
password change is already correctly rejected by the server.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-03-12 13:06:14 +01:00
Jeremy Allison
dff5d43907 CVE-2018-1050: s3: RPC: spoolss server. Protect against null pointer derefs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11343

Signed-off-by: Jeremy Allison <jra@samba.org>
2018-03-12 13:06:09 +01:00
Karolin Seeger
64b6a9f6e1 VERSION: Re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
2018-03-12 13:02:04 +01:00
Karolin Seeger
f3ec20fdbe VERSION: Bump version up to 4.5.16.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit 8376a89e40b82c0b4b365b8daf155159f59945cb)
2018-03-12 13:01:25 +01:00
Karolin Seeger
8376a89e40 VERSION: Bump version up to 4.5.16.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
2017-11-22 09:04:28 +01:00
Karolin Seeger
829fa020f5 samba: tag release samba-4.5.15
-----BEGIN PGP SIGNATURE-----
 
 iEYEABECAAYFAloOxHsACgkQbzORW2Vot+qKnACgp6xmL5YU6X98gqxS7qGXJ6wD
 FQEAoIwuPbGmNtBGTnMYAezfSwo8ltR9
 =7k7G
 -----END PGP SIGNATURE-----

Merge tag 'samba-4.5.15' into v4-5-test

samba: tag release samba-4.5.15
2017-11-22 09:03:52 +01:00
Karolin Seeger
f333815481 VERSION: Disable GIT_SNAPSHOT for the 4.5.15 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
samba-4.5.15
2017-11-17 12:13:04 +01:00
Karolin Seeger
d7526d66f5 WHATSNEW: Add release notes for Samba 4.5.15.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
2017-11-17 12:04:37 +01:00
Jeremy Allison
c1a22e59f8 s3: smbd: Chain code can return uninitialized memory when talloc buffer is grown.
Ensure we zero out unused grown area.

CVE-2017-15275

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13077

Signed-off-by: Jeremy Allison <jra@samba.org>
2017-11-17 12:04:37 +01:00
Jeremy Allison
007f5b54d7 s3: smbd: Fix SMB1 use-after-free crash bug. CVE-2017-14746
When setting up the chain, always use 'next->' variables
not the 'req->' one.

Bug discovered by 连一汉 <lianyihan@360.cn>

CVE-2017-14746

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13041

Signed-off-by: Jeremy Allison <jra@samba.org>
2017-11-17 12:04:37 +01:00
Joe Guo
bd200ea5d2 python: use communicate to fix Popen deadlock
`Popen.wait()` will deadlock when using stdout=PIPE and/or stderr=PIPE and the
child process generates large output to a pipe such that it blocks waiting for
the OS pipe buffer to accept more data. Use communicate() to avoid that.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Oct 19 09:27:16 CEST 2017 on sn-devel-144

(cherry picked from commit 5dc773a5b00834c7a53130a73a48f49048bd55e8)

Autobuild-User(v4-5-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-5-test): Tue Nov 14 14:35:22 CET 2017 on sn-devel-144
2017-11-17 12:04:37 +01:00
Gary Lockyer
c28d922788 blackbox tests: method to check specific exit codes
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
(cherry picked from commit 74ebcf6dfc84b6aab6838fa99e12808eb6b913d9)
2017-11-17 12:04:37 +01:00
Karolin Seeger
21811ac688 VERSION: Bump version up to 4.5.15...
and re-enable GIT_SNAPSHOTS.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
2017-11-17 12:04:37 +01:00
Joe Guo
3ad244462a python: use communicate to fix Popen deadlock
`Popen.wait()` will deadlock when using stdout=PIPE and/or stderr=PIPE and the
child process generates large output to a pipe such that it blocks waiting for
the OS pipe buffer to accept more data. Use communicate() to avoid that.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Oct 19 09:27:16 CEST 2017 on sn-devel-144

(cherry picked from commit 5dc773a5b00834c7a53130a73a48f49048bd55e8)

Autobuild-User(v4-5-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-5-test): Tue Nov 14 14:35:22 CET 2017 on sn-devel-144
2017-11-14 14:35:22 +01:00
Gary Lockyer
d433c7f455 blackbox tests: method to check specific exit codes
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
(cherry picked from commit 74ebcf6dfc84b6aab6838fa99e12808eb6b913d9)
2017-11-14 10:15:19 +01:00
Karolin Seeger
aba4994bd0 VERSION: Bump version up to 4.5.15...
and re-enable GIT_SNAPSHOTS.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
2017-09-20 13:03:53 +02:00
Karolin Seeger
f84484ac9d samba: tag release samba-4.5.14
-----BEGIN PGP SIGNATURE-----
 
 iEYEABECAAYFAlm5ecAACgkQbzORW2Vot+rrFACffOP4GW/eKvFZNvnM12wZlbd7
 z9oAnjEHCVbILXP+jnAFNZbwYqZdPBjj
 =mcGl
 -----END PGP SIGNATURE-----

Merge tag 'samba-4.5.14' into v4-5-test

samba: tag release samba-4.5.14
2017-09-20 13:03:09 +02:00
Karolin Seeger
f261c9a5ef VERSION: Disable GIT_SNAPSHOTS for the 4.5.14 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
samba-4.5.14
2017-09-13 09:42:04 -07:00
Karolin Seeger
bb90fee8f6 WHATSNEW: Add release notes for Samba 4.5.14.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
2017-09-13 09:39:40 -07:00
Stefan Metzmacher
b5178cb03b selftest: make samba3.blackbox.smbclient_s3.*follow.symlinks.*no as flapping
This is fixed in master and 4.7. For the backports we can just ignore
failures.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12914

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2017-09-12 05:31:54 +02:00
Jeremy Allison
a43b36f551 CVE-2017-12163: s3:smbd: Prevent client short SMB1 write from writing server memory to file.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13020

Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2017-09-12 05:31:54 +02:00
Stefan Metzmacher
157f2a703b CVE-2017-12151: s3:libsmb: make use of cli_state_is_encryption_on()
This will keep enforced encryption across dfs referrals.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12996

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2017-09-04 11:36:11 +02:00
Stefan Metzmacher
282a1d122f CVE-2017-12151: s3:libsmb: add cli_state_is_encryption_on() helper function
This allows to check if the current cli_state uses encryption
(either via unix extentions or via SMB3).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12996

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2017-09-04 11:35:59 +02:00
Stefan Metzmacher
609e6b09fe CVE-2017-12150: s3:libsmb: only fallback to anonymous if authentication was not requested
With forced encryption or required signing we should also don't fallback.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2017-09-04 11:35:31 +02:00
Stefan Metzmacher
f30ea84489 CVE-2017-12150: libcli/smb: add smbXcli_conn_signing_mandatory()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2017-09-04 11:35:11 +02:00
Stefan Metzmacher
dc24ef0fc4 CVE-2017-12150: auth/credentials: cli_credentials_authentication_requested() should check for NTLM_CCACHE/SIGN/SEAL
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2017-09-04 11:34:58 +02:00
Stefan Metzmacher
5d296e6ea3 CVE-2017-12150: libgpo: make use of SMB_SIGNING_REQUIRED in gpo_connect_server()
It's important that we use a signed connection to get the GPOs!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2017-09-04 11:34:43 +02:00
Stefan Metzmacher
f82c235484 CVE-2017-12150: s3:pylibsmb: make use of SMB_SIGNING_DEFAULT for 'samba.samba3.libsmb_samba_internal'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2017-09-04 11:34:29 +02:00
Stefan Metzmacher
f14a94b5cd CVE-2017-12150: s3:lib: get_cmdline_auth_info_signing_state smb_encrypt SMB_SIGNING_REQUIRED
This is an addition to the fixes for CVE-2015-5296.

It applies to smb2mount -e, smbcacls -e and smbcquotas -e.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2017-09-04 11:34:04 +02:00
Karolin Seeger
5c645ed69e VERSION: Bump version up to 4.5.14...
and re-enable GIT_SNAPSHOTS.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
2017-08-30 12:33:20 +02:00
Karolin Seeger
3c9bc040e2 VERSION: Disable GIT_SNAPSHOTS for the 4.5.13 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
samba-4.5.13
2017-08-30 12:32:45 +02:00
Karolin Seeger
0247ece5e2 WHATSNEW: Add release notes for Samba 4.5.13.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
2017-08-30 12:32:10 +02:00
Ralph Boehme
2339d4bc05 vfs_fruit: factor out common code from ad_get() and ad_fget()
As a result of the previous changes ad_get() and ad_fget() do completey
the same, so factor out the common code to a new helper function. No
change in behaviour.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Aug  9 22:33:36 CEST 2017 on sn-devel-144

(backported from commit d55c27abc5a7357f740c7065bbe12e7f36b57125)

Autobuild-User(v4-5-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-5-test): Mon Aug 14 14:52:17 CEST 2017 on sn-devel-144
2017-08-14 14:52:17 +02:00
Ralph Boehme
b559efc42b vfs_fruit: return fake pipe fd in fruit_open_meta_netatalk()
Do not open the basefile, that conflict with "kernel oplocks = yes". We
just return a fake file fd based on dup'ing a pipe fd and ensure all VFS
functions that go through vfs_fruit and work on the metadata stream can
deal with it.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
(backported from commit 7583ee6e1c558067e4c7a7351085fcc0e4240366)
2017-08-14 10:50:10 +02:00
Ralph Boehme
379dbb5fe8 vfs_fruit: don't open basefile in ad_open() and simplify API
We never need an fd on the basefile when operating on the metadata, as
we can always use path based syscalls. Opening the basefile conflicts
with "kernel oplocks" so just don't do it.

Additional changes:

- remove the adouble_type_t argument to ad_open(), the type is passed
  and set when allocating a struct adouble with ad_alloc()

- additionally pass an optional fsp to ad_open() (so the caller can pass
  NULL). With this change we can move the fd inheritance from fsp to ad
  into ad_open() itself where it belongs and remove it from the caller
  ad_fget()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
(backported from commit e92a39255e66f655e2758f0a71a01eaf258cf711)
2017-08-14 10:50:10 +02:00