samba-mirror

mirror of https://github.com/samba-team/samba.git synced 2025-01-06 13:18:07 +03:00

Author	SHA1	Message	Date
Jo Sutton	747a7fec01	s3:rpc_server: Check query level according to MS-NRPC BUG: https://bugzilla.samba.org/show_bug.cgi?id=15465 Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Noel Power <noel.power@suse.com> Autobuild-User(master): Noel Power <npower@samba.org> Autobuild-Date(master): Tue Jun 4 09:39:42 UTC 2024 on atb-devel-224	2024-06-04 09:39:42 +00:00
Jo Sutton	8adbdbe50f	s3:rpc_server: Check function code according to MS-NRPC BUG: https://bugzilla.samba.org/show_bug.cgi?id=15465 Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Noel Power <noel.power@suse.com>	2024-06-04 08:33:32 +00:00
Noel Power	0418b9fa92	s3/rpc_server: Fix dereference of client pointer BUG: https://bugzilla.samba.org/show_bug.cgi?id=15465 Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>	2024-06-04 08:33:32 +00:00
Andreas Schneider	070cfeae52	s3:rpc_server: Use dcerpc_lsa_open_policy_fallback() for netlogon Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>	2023-11-21 11:16:37 +00:00
Joseph Sutton	448cc122a8	s3:rpc_server: Remove unnecessary cast Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-21 23:37:29 +00:00
Andreas Schneider	9826fd4588	s3:rpc_server: Fix code spelling Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>	2023-07-19 09:58:37 +00:00
Stefan Metzmacher	dfeabce44f	s3:rpc_server:netlogon: generate FAULT_INVALID_TAG for invalid netr_LogonGetCapabilities levels This is important as Windows clients with KB5028166 seem to call netr_LogonGetCapabilities with query_level=2 after a call with query_level=1. An unpatched Windows Server returns DCERPC_NCA_S_FAULT_INVALID_TAG for query_level values other than 1. While Samba tries to return NT_STATUS_NOT_SUPPORTED, but later fails to marshall the response, which results in DCERPC_FAULT_BAD_STUB_DATA instead. Because we don't have any documentation for level 2 yet, we just try to behave like an unpatched server and generate DCERPC_NCA_S_FAULT_INVALID_TAG instead of DCERPC_FAULT_BAD_STUB_DATA. Which allows patched Windows clients to keep working against a Samba DC. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15418 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Mon Jul 17 07:35:09 UTC 2023 on atb-devel-224	2023-07-17 07:35:09 +00:00
Joseph Sutton	d128d401f0	s3:rpc_server/netlogon: Fix typo Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-03-03 01:07:37 +00:00
Samuel Cabrero	56837f3d31	CVE-2022-38023 s3:rpc_server/netlogon: Avoid unnecessary loadparm_context allocations After s3 and s4 rpc servers merge the loadparm_context is available in the dcesrv_context structure. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240 Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Jan 9 15:17:14 UTC 2023 on sn-devel-184	2023-01-09 15:17:14 +00:00
Samuel Cabrero	a0b97e2623	CVE-2022-38023 s3:rpc_server/netlogon: Check for global "server schannel require seal" By default we'll now require schannel connections with privacy/sealing/encryption. But we allow exceptions for specific computer/trust accounts. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240 Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2023-01-09 14:23:36 +00:00
Samuel Cabrero	ca07f4340c	CVE-2022-38023 s3:rpc_server/netlogon: make sure all _netr_LogonSamLogon*() calls go through dcesrv_netr_check_schannel() Some checks are also required for _netr_LogonSamLogonEx(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240 Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2023-01-09 14:23:36 +00:00
Samuel Cabrero	25300d354c	CVE-2022-38023 s3:rpc_server/netlogon: Use dcesrv_netr_creds_server_step_check() After s3 and s4 rpc servers merge we can avoid duplicated code. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240 Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2023-01-09 14:23:36 +00:00
Samuel Cabrero	8141eae47a	CVE-2022-38023 s3:rpc_server/netlogon: 'server schannel != yes' warning to dcesrv_interface_netlogon_bind Follow s4 netlogon server changes and move the checks to the RPC bind hook. Next commits will remove the s3 netr_creds_server_step_check() function. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240 Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2023-01-09 14:23:35 +00:00
Volker Lendecke	5d82af05f3	smbd: Remove a few "extern userdom_struct current_user_info" get_current_username() returns current_user_info.smb_name Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Mon Dec 12 22:14:20 UTC 2022 on sn-devel-184	2022-12-12 22:14:20 +00:00
Joseph Sutton	a554e2ce53	lib/util: Change function to data_blob_equal_const_time() Since data_blob_cmp_const_time() doesn't act as an exact replacement for data_blob_cmp(), and its return value is only ever compared with zero, simplify it and emphasize the intention of checking equality by returning a bool instead. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2022-06-09 22:49:29 +00:00
Joseph Sutton	ae6634c787	auth: Use constant-time memcmp when comparing sensitive buffers This helps to avoid timing attacks. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15010 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2022-06-09 22:49:29 +00:00
Pavel Filipenský	41c86c9dda	s3:rpc_server: Fix possible NULL dereference Found by covscan. Pair-Programmed-With: Andreas Schneider <asn@samba.org> Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2022-01-10 23:31:33 +00:00
Volker Lendecke	0a7ecf1880	rpc_server3: Remove pipes_struct->auth Replace with a call to dcesrv_call_auth_info(p->dce_call) Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2022-01-05 00:11:38 +00:00
Volker Lendecke	8379d8cd53	rpc_server3: Remove pipes_struct->session_info This is a big patch, but all it does is replace all "p->session_info" with "session_info" after introducing a local variable from dcesrv_call_session_info(p->dce_call). Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2022-01-05 00:11:38 +00:00
Volker Lendecke	640f4403c6	rpc_server3: Remove pipes_struct->remote_address Also available via dcesrv_connection_get_remote_address(p->dce_call->conn) Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2022-01-05 00:11:37 +00:00
Volker Lendecke	5a0155fb51	rpc_server3: Remove pipes_struct->local_address Also available via dcesrv_connection_get_local_address(p->dce_call->conn) Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2022-01-05 00:11:37 +00:00
Volker Lendecke	a7c65958a1	s3:rpc_server: Activate samba-dcerpcd This is the big switch to use samba-dcerpcd for the RPC services in source3/. It is a pretty big and unordered patch, but I don't see a good way to split this up into more manageable pieces without sacrificing bisectability even more. Probably I could cut out a few small ones, but a major architechtural switch like this will always be messy. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>	2021-12-10 14:02:30 +00:00
Ralph Boehme	25043ebb2e	source3: move lib/substitute.c functions out of proto.h BUG: https://bugzilla.samba.org/show_bug.cgi?id=14897 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2021-11-11 13:49:32 +00:00
Volker Lendecke	426a7b4805	rpc_server3: Use dcesrv_iface_state in netlogon3 Align with the source4/rpc_server/netlogon Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-10-08 19:28:32 +00:00
Volker Lendecke	246a5ceab1	netlogon: Move netlogon_server_pipe_state to netlogon.idl Make this available as a shared structure for both source3 and source4 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-10-08 19:28:32 +00:00
Volker Lendecke	ed9e2850bf	rpc_server3: Remove "pipes_struct->opnum" Also available via dce_call->pkt.u.request.opnum Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-10-08 19:28:32 +00:00
Andreas Schneider	d6c7a2a700	netlogon:schannel: If weak crypto is disabled, do not announce RC4 support. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-08-03 09:28:38 +00:00
Volker Lendecke	386f62fb57	rpc_server: Initialize variables in get_md4pw() My gcc complained at one point about uninitialized vars Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-03-16 17:09:32 +00:00
Volker Lendecke	35ecbb3221	rpc_server: Save roundtrips into samr for machine pwd changes We already have the machine SID, no need to look it up again. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-03-16 17:09:32 +00:00
Volker Lendecke	559b4df143	rpc_server: Use any_nt_status_not_ok() in srv_netlog_nt.c Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-03-09 22:36:28 +00:00
Volker Lendecke	3e58a4d9d7	rpc_server: Use direct struct initialization instead of ZERO_STRUCT Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-03-09 22:36:28 +00:00
Volker Lendecke	3a7f099b6b	rpc_server: talloc_stackframe() panics on failure Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-03-09 22:36:28 +00:00
Volker Lendecke	dd56d415b1	rpc_server: Fix a typo Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-03-09 22:36:28 +00:00
Volker Lendecke	ca1f67406f	rpc_server: Align integer types Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-03-09 22:36:28 +00:00
Gary Lockyer	b9b6abf18b	CVE-2020-1472(ZeroLogon): rpc_server/netlogon: Fix confounder check Add check for zero length confounder, to allow setting of passwords 512 bytes long. This does not need to be backported, as it is extremely unlikely that anyone is using 512 byte passwords. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2020-10-16 04:45:40 +00:00
Günther Deschner	b8e4b0f430	CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: log warnings about unsecure configurations BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>	2020-09-18 12:48:39 +00:00
Günther Deschner	b74017d2dd	CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: support "server require schannel:WORKSTATION$ = no" This allows to add expections for individual workstations, when using "server schannel = yes". "server schannel = auto" is very insecure and will be removed soon. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>	2020-09-18 12:48:39 +00:00
Günther Deschner	9ef5b63e7a	CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: refactor dcesrv_netr_creds_server_step_check() We should debug more details about the failing request. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>	2020-09-18 12:48:39 +00:00
Jeremy Allison	82d41977a8	CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: protect netr_ServerPasswordSet2 against unencrypted passwords BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>	2020-09-18 12:48:38 +00:00
Jeremy Allison	9ec8b59bde	CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Fix mem leak onto p->mem_ctx in error path of _netr_ServerPasswordSet2(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>	2020-09-18 12:48:38 +00:00
Stefan Metzmacher	caba2d8082	CVE-2020-1472(ZeroLogon): s3:rpc_server:netlogon: make use of netlogon_creds_random_challenge() This is not strictly needed, but makes things more clear. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>	2020-09-18 12:48:38 +00:00
Samuel Cabrero	4c09839ec9	s3:rpc_server: Do not include s3 autogenerated headers Prototype is generated by the server compat parser. Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2020-03-20 15:36:36 +00:00
Samuel Cabrero	dc1d34d388	s3:rpc_server: Include generated boilerplate code Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2020-03-20 15:36:31 +00:00
Ralph Boehme	1484fb0c66	s3/rpc_server/netlogon: use set_current_user_info() in _netr_LogonSamLogon_base() Note that we're now sanitizing the username we got from the client, as we do everywhere else. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2020-02-06 10:17:43 +00:00
Alexander Bokovoy	c6d880a115	s3-rpcserver: fix security level check for DsRGetForestTrustInformation Harmonize _netr_DsRGetForestTrustInformation with source4/ logic which didn't change since DCE RPC channel refactoring. With the current code we return RPC faul as can be seen in the logs: 2019/12/11 17:12:55.463081, 1, pid=20939, effective(1284200000, 1284200000), real(1284200000, 0), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) netr_DsRGetForestTrustInformation: struct netr_DsRGetForestTrustInformation in: struct netr_DsRGetForestTrustInformation server_name : * server_name : '\\some-dc.example.com' trusted_domain_name : NULL flags : 0x00000000 (0) [2019/12/11 17:12:55.463122, 4, pid=20939, effective(1284200000, 1284200000), real(1284200000, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1561(api_rpcTNP) api_rpcTNP: fault(5) return. This is due to this check in processing a request: if (!(p->pipe_bound && (p->auth.auth_type != DCERPC_AUTH_TYPE_NONE) && (p->auth.auth_level != DCERPC_AUTH_LEVEL_NONE))) { p->fault_state = DCERPC_FAULT_ACCESS_DENIED; return WERR_ACCESS_DENIED; } and since we get AuthZ response, Successful AuthZ: [netlogon,ncacn_np] user [EXAMPLE]\[admin] [S-1-5-21-1234567-890123456-500] at [Wed, 11 Dec 2019 17:12:55.461164 UTC] Remote host [ipv4:Y.Y.Y.Y:59017] local host [ipv4:X.X.X.X:445] [2019/12/11 17:12:55.461584, 4, pid=20939, effective(0, 0), real(0, 0)] ../lib/audit_logging/audit_logging.c:141(audit_log_json) JSON Authorization: {"timestamp": "2019-12-11T17:12:55.461491+0000", "type": "Authorization", "Authorization": {"version": {"major": 1, "minor": 1}, "localAddress": "ipv4:X.X.X.X:445", "remoteAddress": "ipv4:Y.Y.Y.Y:59017", "serviceDescription": "netlogon", "authType": "ncacn_np", "domain": "EXAMPLE", "account": "admin", "sid": "S-1-5-21-1234567-890123456-500", "sessionId": "c5a2386f-f2cc-4241-9a9e-d104cf5859d5", "logonServer": "SOME-DC", "transportProtection": "SMB", "accountFlags": "0x00000010"}} this means we are actually getting anonymous DCE/RPC access to netlogon on top of authenticated SMB connection. In such case we have exactly auth_type set to DCERPC_AUTH_TYPE_NONE and auth_level set to DCERPC_AUTH_LEVEL_NONE in the pipe->auth. Thus, returning an error. Update the code to follow the same security level check as in s4 variant of the call. Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Mon Jan 13 15:05:28 UTC 2020 on sn-devel-184	2020-01-13 15:05:28 +00:00
Isaac Boukris	a75ca8d5d5	session: convert sess_crypt_blob to use gnutls Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2019-12-10 00:30:31 +00:00
Isaac Boukris	dcc33103d5	smbdes: convert des_crypt112_16 to use gnutls Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2019-12-10 00:30:31 +00:00
Andrew Bartlett	2f827bec8c	s3-rpc_server: Check NTSTATUS return value from netlogon_creds_aes_decrypt() Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2019-08-21 09:57:30 +00:00
David Disseldorp	93d424528f	netlogon: Fix potential use of uninitialized variable The _netr_NetrEnumerateTrustedDomains()->dcerpc_lsa_open_policy2() error path checks the policy handle and closes it if non-empty. The policy handle may be uninitialized in this code-path - fix this. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2019-07-26 01:48:27 +00:00
Andreas Schneider	1c84bda361	s3:rpc_server: Use a stackframe for temporary memory Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2019-07-26 01:48:27 +00:00

1 2 3

134 Commits