1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

519 Commits

Author SHA1 Message Date
Andreas Schneider
eb7bfe2f3a s4:ldap_server: Use cli_credentials_init_server()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-04-09 10:46:28 +00:00
Ralph Boehme
4142bde7e5 s4: rename source4/smbd/ to source4/samba/
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Nov 27 10:07:18 UTC 2020 on sn-devel-184
2020-11-27 10:07:18 +00:00
Stefan Metzmacher
5e3363e0b8 s4:ldap_server: Use samba_server_gensec_start() in ldapsrv_backend_Init()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-09-07 12:02:15 +00:00
Matthew DeVore
232054c09b lib/util: remove extra safe_string.h file
lib/util/safe_string.h is similar to source3/include/safe_string.h, but
the former has fewer checks. It is missing bcopy, strcasecmp, and
strncasecmp.

Add the missing elements to lib/util/safe_string.h remove the other
safe_string.h which is in the source3-specific path. To accomodate
existing uses of str(n?)casecmp, add #undef lines to source files where
they are used.

Signed-off-by: Matthew DeVore <matvore@google.com>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 28 02:18:40 UTC 2020 on sn-devel-184
2020-08-28 02:18:40 +00:00
Volker Lendecke
eb72f887b0 ldap_server: Terminate LDAP connections on krb ticket expiry
See RFC4511 section 4.4.1 and

https://lists.samba.org/archive/cifs-protocol/2020-August/003515.html

for details: Windows terminates LDAP connections when the krb5 ticket
expires, Samba should do the same. This patch slightly deviates from
Windows behaviour by sending a LDAP exop response with msgid 0 that is
ASN1-encoded conforming to RFC4511.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-21 19:14:32 +00:00
Volker Lendecke
77f72fb01f ldap_server: Add the krb5 expiry to conn->limits
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-21 19:14:32 +00:00
Volker Lendecke
4f3ab0e9ca ldap_server: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-08-17 19:35:37 +00:00
Volker Lendecke
3514e4100c ldap_server: Do an early TALLOC_FREE()
We don't need the asn1 struct after this point anymore

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Aug 17 11:10:04 UTC 2020 on sn-devel-184
2020-08-17 11:10:04 +00:00
Volker Lendecke
86ab467667 ldap_server: Avoid talloc_memdup() for ldap_decode()
Slight optimization for the ldap server: We don't need to copy the
client PDU into the ASN1 struct, the decoding process happens
immediately in the same routine.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-08-17 09:46:36 +00:00
Gary Lockyer
79b371da80 s4 ldap_server: modernize debug calls
Replace DEBUG(0 with DBG_ERR(

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
2020-05-06 21:15:42 +00:00
Gary Lockyer
3149ea0a8a CVE-2020-10704: libcli ldap_message: Add search size limits to ldap_decode
Add search request size limits to ldap_decode calls.

The ldap server uses the smb.conf variable
"ldap max search request size" which defaults to 250Kb.
For cldap the limit is hard coded as 4096.

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-05-04 02:59:32 +00:00
Gary Lockyer
28ee4acc83 CVE-2020-10704: S4 ldap server: Limit request sizes
Check the size of authenticated and anonymous ldap requests and reject
them if they exceed the limits in smb.conf

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-05-04 02:59:32 +00:00
Gary Lockyer
f467727db5 CVE-2020-10704: lib util asn1: Add ASN.1 max tree depth
Add maximum parse tree depth to the call to asn1_init, which will be
used to limit the depth of the ASN.1 parse tree.

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-05-04 02:59:31 +00:00
Garming Sam
9f6b87d3f6 ldap_server: Regression in 0559430ab6
Extended DN requests seem to have been incorrectly handled.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14029

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Thu Jul 11 05:25:26 UTC 2019 on sn-devel-184
2019-07-11 05:25:26 +00:00
Gary Lockyer
1958cd8a7f ldap server: generate correct referral schemes
Ensure that the referrals returned in a search request use the same
scheme as the request, i.e. referrals recieved via ldap are prefixed
with "ldap://" and those over ldaps are prefixed with "ldaps://"

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12478

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri May 24 05:12:14 UTC 2019 on sn-devel-184
2019-05-24 05:12:14 +00:00
Andrew Bartlett
0559430ab6 ldap_server: Run ldapsrv_queue_reply() in the ldb callback, rather than waiting for the full result
Based on earlier work by Garming Sam.

This allows the server to stop working on a reply that will never
be sent to the client as it is too large.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-05-20 04:01:11 +00:00
Andrew Bartlett
8dfad9fa2c ldap_server: chunk the writev() calls at 25MB
This should limit the amount we send to GENSEC at a
time where it may help avoid large realloc or memcpy calls.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-05-20 04:01:11 +00:00
Andrew Bartlett
e8475f8ec5 ldap_server: Add explict repsonse size limit of 256MB
This allows us to replace the implicit limit via data_blob_append()
removed in the previous commit.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-05-20 04:01:11 +00:00
Andrew Bartlett
00b9a97706 ldap_server: Use an array of struct iovec to avoid data_blob_append()
This avoids a the implicit 256MB limit on LDAP replies (allowing this
to be increased in the future) and means we copy less memory around.

However because we can only have 1024 entries in a struct iovec (on Linux)
we will need to call tstream_writev_queue_send() multiple times.

Calling it in chunks of 1024 seems a reasonable compromise, the
gensec layer will chunk it out smaller if required.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-05-20 04:01:11 +00:00
Andrew Bartlett
fd74b63144 ldap_server: Run the ldap_encode() step in ldapsrv_queue_reply()
This avoids holding the memory for the response twice,
by the time the result is queued it is only ASN.1 encoded.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-05-20 04:01:11 +00:00
Andrew Bartlett
11c20e03d7 ldap_server: Remove success_limit
This was always set to 0 so was poinless.  Any LDAP scope can return 0 entries,
even a SCOPE_BASE if the filter does not match.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-05-20 04:01:11 +00:00
Garming Sam
5841b164b2 ldap: Add a database open after fork to speed-up prefork binds
Removing this (system) database open from the later auth stack results
in a 15-30% improvement in different types of binds and on different
hardware (presumably better with slower disk speeds).

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-05-15 04:03:37 +00:00
Douglas Bagnall
4624957d42 s4: use ldb_msg_new(), not talloc/talloc_zero
ldb_msg_new() is currently the same as talloc_zero(), but it might
not always be.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-05-10 01:15:17 +00:00
Douglas Bagnall
a82f924179 s4/ldap_bind: notice backend init failure
This should silence CID 1418508 and CID 1418512

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-05-10 01:15:16 +00:00
Garming Sam
d2c98abde1 CVE-2018-16851 ldap_server: Check ret before manipulating blob
In the case of hitting the talloc ~256MB limit, this causes a crash in
the server.

Note that you would actually need to load >256MB of data into the LDAP.
Although there is some generated/hidden data which would help you reach that
limit (descriptors and RMD blobs).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13674

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-11-28 08:22:24 +01:00
Gary Lockyer
99aea42520 source4 smdb: Add a post fork hook to the service API
Add a post fork hook to the service API this will be called:

 - standard process model
   immediately after the task_init.

- single process model
  immediately after the task_init

- prefork process model, inhibit_pre_fork = true
  immediately after the task_init

- prefork process model, inhibit_pre_fork = false
  after each service worker has forked. It is not run on the service
  master process.

The post fork hook is not called in the standard model if a new process
is forked on a new connection. It is instead called immediately after
the task_init.

The task_init hook has been changed to return an error code. This ensures
the post_fork code is only run if the task_init code completed successfully.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
2018-11-01 23:49:24 +01:00
Gary Lockyer
d6777a66c0 source4 smbd: Make the service_details structure constant.
Make the service_details structure a static const.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
2018-11-01 23:49:24 +01:00
Volker Lendecke
291630126d ldap_server: Fix CID 1435721 Unchecked return value
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May 24 03:35:00 CEST 2018 on sn-devel-144
2018-05-24 03:35:00 +02:00
Volker Lendecke
312faa0b82 ldap_server: Fix CID 1435731 Unchecked return value
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-05-24 00:43:51 +02:00
Gary Lockyer
5c0345ea9b samdb: Add remote address to connect
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-05-10 20:02:23 +02:00
Gary Lockyer
daa7b60a60 dsdb: pass the remote address to samdb connect
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-05-10 20:02:23 +02:00
Andreas Schneider
8438897828 s4:ldap_server: Fix size types
This fixes compilation with -Wstrict-overflow=2

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-03-20 23:16:15 +01:00
Gary Lockyer
0840252670 source4/smbd: Do not overstamp the process model with "single"
Instead, except in RPC which is a special SNOWFLAKE, we rely on the struct
service_details in the init function.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-10-19 05:33:10 +02:00
Gary Lockyer
b852ad044b source4/smbd: refactor the process model for prefork
Refactor the process model code to allow the addition of a prefork
    process model.

    - Add a process context to contain process model specific state
    - Add a service details structure to allow service to indicate which
      process model options they can support.

    In the new code the services advertise the features they support to the
    process model.  The process model context is plumbed through to allow the
    process model to keep track of the supported options, and any state
    the process model may require.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-10-19 05:33:09 +02:00
Andrew Bartlett
dd53be2756 ldap_server: Plumb ldb error string from a failed connect to ldapsrv_terminate_connection()
However, do not plumb it to the client-seen error string, as it could contain server paths.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2017-09-20 02:25:30 +02:00
Andrew Bartlett
f4ce77857b ldap: Run the LDAP server with the default (typically standard) process model
This allows one LDAP socket to proceed if another fails, and reduces the
impact of a crash becoming a DoS bug, as it only impacts one socket.

This may mean we have a lot of idle tasks, but this should not be a big
issue

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-07-02 17:35:20 +02:00
Stefan Metzmacher
52bd61d7f4 s4:ldap_server: implement async BindSASL
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 15 13:18:47 CEST 2017 on sn-devel-144
2017-06-15 13:18:47 +02:00
Stefan Metzmacher
9f23a88fd3 s4:ldap_server: set result = LDAP_SUCCESS at the end, when we're really done
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-15 09:13:24 +02:00
Stefan Metzmacher
772b816c44 s4:ldap_server: avoid using talloc_reference()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-15 09:13:24 +02:00
Stefan Metzmacher
489bc70c43 s4:ldap_server: remove useless NT_STATUS_IS_OK(status) check
We checked a few lines above already, check with:
git show -U10

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-15 09:13:24 +02:00
Stefan Metzmacher
126fd7e45d s4:ldap_server: remove useless indentation level arround ldapsrv_backend_Init()
Check with git show -w

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-15 09:13:24 +02:00
Stefan Metzmacher
eaa8acf6e3 s4:ldap_server: remove useless indentation level arround gensec_session_info()
Check with git show -w

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-15 09:13:24 +02:00
Stefan Metzmacher
a280367177 s4:ldap_server: make the gensec_create_tstream() error checking more clear
Check with 'git show -w'.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-15 09:13:24 +02:00
Stefan Metzmacher
461abf3ce3 s4:ldap_server: only touch conn->session_info on success in ldapsrv_BindSASL()
The old conn->session_info (as well as conn->ldb) should only be changed
after a successful Bind().

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-15 09:13:24 +02:00
Stefan Metzmacher
5de8074b39 s4:ldap_server: terminate the connection if talloc_reference fails
talloc_reference will be removed completely in the next commits...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-15 09:13:24 +02:00
Stefan Metzmacher
3df94e62f4 s4:ldap_server: remove pointless (result != LDAP_SUCCESS) check
We set result = LDAP_SUCCESS above and have goto do_reply;
in all cases where we overwrite 'result'.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-15 09:13:24 +02:00
Stefan Metzmacher
399936239c s4:ldap_server: do the transport validation before calling gensec_create_tstream()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-15 09:13:23 +02:00
Stefan Metzmacher
dc56e8874f s4:ldap_server: use talloc_zero for ldapsrv_sasl_postprocess_context
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-15 09:13:23 +02:00
Stefan Metzmacher
bd0a987c5c s4:ldap_server: drop the connection if we fail to allocate ldapsrv_sasl_postprocess_context
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-15 09:13:23 +02:00
Stefan Metzmacher
85a6e73695 s4:ldap_server: only set *resp->SASL.secblob = output for OK or MORE_PROCESSING_REQUIRED
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-15 09:13:23 +02:00