1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

111246 Commits

Author SHA1 Message Date
Ralph Boehme
50e7788603 CVE-2018-1057: s4:dsdb/acl: changing dBCSPwd is only allowed with a control
This is not strictly needed to fig bug 13272, but it makes sense to also
fix this while fixing the overall ACL checking logic.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-03-13 10:24:27 +01:00
Ralph Boehme
c804568551 CVE-2018-1057: s4:dsdb: use DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID
This is used to pass information about which password change operation (change
or reset) the acl module validated, down to the password_hash module.

It's very important that both modules treat the request identical.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-03-13 10:24:27 +01:00
Ralph Boehme
ab7dc210e9 CVE-2018-1057: s4:dsdb/samdb: define DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID control
Will be used to pass "user password change" vs "password reset" from the
ACL to the password_hash module, ensuring both modules treat the request
identical.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-03-13 10:24:27 +01:00
Ralph Boehme
407a34c73f CVE-2018-1057: s4:dsdb/acl: run password checking only once
This is needed, because a later commit will let the acl module add a
control to the change request msg and we must ensure that this is only
done once.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-03-13 10:24:27 +01:00
Ralph Boehme
3e6621fe58 CVE-2018-1057: s4/dsdb: correctly detect password resets
This change ensures we correctly treat the following LDIF

  dn: cn=testuser,cn=users,...
  changetype: modify
  delete: userPassword
  add: userPassword
  userPassword: thatsAcomplPASS1

as a password reset. Because delete and add element counts are both
one, the ACL module wrongly treated this as a password change
request.

For a password change we need at least one value to delete and one value
to add. This patch ensures we correctly check attributes and their
values.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-03-13 10:24:27 +01:00
Ralph Boehme
9dd7dd9ebb CVE-2018-1057: s4:dsdb/acl: add a NULL check for talloc_new() in acl_check_password_rights()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-03-13 10:24:27 +01:00
Ralph Boehme
766ab4c52b CVE-2018-1057: s4:dsdb/acl: add check for DSDB_CONTROL_PASSWORD_HASH_VALUES_OID control
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-03-13 10:24:26 +01:00
Ralph Boehme
0e15ce12e1 CVE-2018-1057: s4:dsdb/acl: check for internal controls before other checks
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-03-13 10:24:26 +01:00
Ralph Boehme
39e689aa70 CVE-2018-1057: s4:dsdb/acl: remove unused else branches in acl_check_password_rights()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-03-13 10:24:26 +01:00
Ralph Boehme
2fea9ee701 CVE-2018-1057: s4:dsdb/acl: only call dsdb_acl_debug() if we checked the acl in acl_check_password_rights()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-03-13 10:24:26 +01:00
Ralph Boehme
c653e51a3d CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for passwordAttr->num_values
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-03-13 10:24:26 +01:00
Ralph Boehme
b23bf04cae CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for LDB_FLAG_MOD_TYPE
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-03-13 10:24:26 +01:00
Ralph Boehme
fbd16473ec CVE-2018-1057: s4:dsdb/tests: add a test for password change with empty delete
Note that the request using the clearTextPassword attribute for the
password change is already correctly rejected by the server.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-03-13 10:24:26 +01:00
Uri Simchoni
614f5a041e README.Coding: codify line splitting on function calls
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 13 01:48:21 CET 2018 on sn-devel-144
2018-03-13 01:48:21 +01:00
Swen Schillig
b97d18f0fe s3: Fix max indentation and max column
Minor cleanup reducing the max indentation level and max column length.

Signed-off-by: Swen Schillig <swen@vnet.ibm.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2018-03-12 20:39:16 +01:00
Martin Schwenke
9e954bcbf4 ctdb-tests: Don't use nc -d or -w options
nmap-ncat is used in some distributions to replace netcat.  It has a
different meaning for these options.

We can get the same effect as the current combination of -d and -w by
piping a sleep process to nc.  Subsequent use of $! works because it
gets the last process in pipeline.

Note that redirecting from /dev/null doesn't work with some versions
of nc.  They just exit when they get EOF.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Mar  9 12:24:13 CET 2018 on sn-devel-144
2018-03-09 12:24:13 +01:00
Martin Schwenke
bd66445edd Revert "ctdb-doc: Fix monitoring bug in example NFS Ganesha call-out"
The check action should be there.  It is used by 20.nfs_ganesha.check.

This reverts commit 4fa9026bbd.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-03-09 07:08:26 +01:00
Martin Schwenke
98bd5b6a41 ctdb-tests: Depend on setup_ctdb_base() to install events.d/
This directory is only used by simple tests when running against local
daemons.  Moving it to simple/etc-ctdb/events.d/ means that it is
automatically copied by setup_ctdb_base().

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-03-09 07:08:25 +01:00
Martin Schwenke
85598480fb ctdb-tests: Make fake ssh script set CTDB_BASE
The local daemons code puts the socket in the CTDB_BASE directory.
This means CTDB_NODES_SOCKETS can be replaced by CTDB_BASES, a list of
base directories.  The fake ssh script can first determine the correct
CTDB_BASE directory and then use it to set CTDB_SOCKET and
CTDB_PIDFILE.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-03-09 07:08:25 +01:00
Martin Schwenke
a7a5216968 ctdb-tests: Use setup_ctdb_base() for simple tests
The comment in local.bash is incorrect.  CTDB_BASE will never be set
here because this script is not run under onnode.  Instead, this where
CTDB_BASE needs to be set when running against a real cluster.

For local daemons, the check for CTDB_BASE being inconsistent with
node_dir is temporary.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-03-09 07:08:25 +01:00
Martin Schwenke
caf6b1c684 ctdb-tests: Reindent setup_ctdb() function
This could have been done earlier but previous movement of lines out
to new functions has made the job easier.

Best viewed with show/diff -w.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-03-09 07:08:25 +01:00
Martin Schwenke
670668f4c1 ctdb-tests: Clean up nodes and public address file setup
Untangle a single loop into two separate, clear functions.  Create a
separate, empty file for the node with no public IPs instead of
pointing the configuration at /dev/null.

Leave the indentation in setup_ctdb() in the old style to make this
commit comprehensible.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-03-09 07:08:25 +01:00
Martin Schwenke
2b09dc9d8e ctdb-tests: Use SIMPLE_TESTS_VAR_DIR for data for local daemons tests
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-03-09 07:08:25 +01:00
Martin Schwenke
ee9051b7f7 ctdb-tests: New directory for simple test state
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-03-09 07:08:25 +01:00
Martin Schwenke
2b38b82303 ctdb-tests: Use setup_ctdb_base() for onnode unit tests
The nodes file is now in the CTDB_BASE directory so no CTDB_NODES_FILE
variable is needed.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-03-09 07:08:25 +01:00
Martin Schwenke
258e1e04ae ctdb-tests: Use setup_ctdb_base() for eventscript unit tests
There is currently a directory of symlinks that are copied during test
setup.  These symlinks are updated during installation so they point
to the right place when copied.

Instead, use setup_ctdb_base() during test setup.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-03-09 07:08:25 +01:00
Martin Schwenke
b1c87b2609 ctdb-tests: Factor out setup of fake CTDB_BASE
Several test suites need the CTDB_BASE directory to contain a subset
of the regular contents of that subdirectory.  In some cases there are
symbolic links in the test directory (or a subdirectory) and these
symbolic links need to be fixed at installation time.

Instead, add new function setup_ctdb_base() to set CTDB_BASE, create
the directory and populate it as specified.  This relies on
script_install_paths.sh so it can copy the specified targets.  It also
copies any files from the test directory's etc-ctdb/ subdirectory.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-03-09 07:08:25 +01:00
Martin Schwenke
52cdb03c65 ctdb-scripts: Drop PID file argument from wrapper
Use the default compile-time PID file.

Use a CTDB_PIDFILE environment variable when testing.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-03-09 07:08:25 +01:00
Martin Schwenke
b0d892b9ad ctdb-daemon: CTDB_PIDFILE environment variable overrides default
Use environment variables for test-only options.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-03-09 07:08:25 +01:00
Martin Schwenke
6a5473854f ctdb-daemon: Provide default location for ctdbd PID file
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-03-09 07:08:25 +01:00
Martin Schwenke
a2c6c98302 ctdb-scripts: Drop init script PID directory backward compatibility
This tries to be backward compatible with very old versions of CTDB,
so don't bother.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-03-09 07:08:24 +01:00
Martin Schwenke
0e5d537323 ctdb-scripts: Don't create directory for PID file
This is already created by installation and/or packaging.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-03-09 07:08:24 +01:00
Martin Schwenke
9fe85f4cc9 ctdb-packaging: Package up relevant /var subdirectories
They're already created at installation time.  This way they don't
need to be created at startup.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-03-09 07:08:24 +01:00
Martin Schwenke
bf250fe595 ctdb-scripts: Drop unnecessary complexity from wrapper
All of this logic was necessary when ctdbd did poor PID file and
socket handling.  Those things are now solid, so remove this
unnecessary logic.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-03-09 07:08:24 +01:00
Martin Schwenke
a821306ec3 ctdb-scripts: Drop broken wrapper code that uses PID
The code has been broken since commit
4b652c1527.

If ctdbd isn't all the way up in time just make a basic attempt to
shut it down.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-03-09 07:08:24 +01:00
Martin Schwenke
914c877860 ctdb-tests: Rework simple tests daemon start/stop
Separate stopping and starting of daemons during restart

This allows actions to be taken after stopping and allows the init
testcase to be clearer about what it is doing.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-03-09 07:08:24 +01:00
Martin Schwenke
5a99835c38 ctdb-packaging: Use RPM's local state directory
Instead of fixed /var.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-03-09 07:08:24 +01:00
Martin Schwenke
b416ed72d4 ctdb-scripts: Simplify the names of NFS fail counter files
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-03-09 07:08:24 +01:00
Martin Schwenke
bcadab7149 ctdb-scripts: Move failure counters to the service state directory
Scripts that use these counters must call ctdb_setup_state_dir().

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-03-09 07:08:24 +01:00
Martin Schwenke
e6aae12ba2 ctdb-scripts: Move the reconfigure flag to the script state directory
Scripts that use these functions must call ctdb_setup_state_dir().

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-03-09 07:08:24 +01:00
Martin Schwenke
ef0962acf0 ctdb-scripts: Drop unused function ctdb_setup_service_state_dir()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-03-09 07:08:24 +01:00
Martin Schwenke
eed0e3f6d7 ctdb-scripts: Use ctdb_setup_state_dir()
Replace all uses of ctdb_setup_service_state_dir() by
ctdb_setup_state_dir().

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-03-09 07:08:24 +01:00
Martin Schwenke
fac6d23d27 ctdb-scripts: Factor out function ctdb_setup_state_dir()
This allows state directories for scripts other than services.
ctdb_setup_state_dir() takes 2 mandatory arguments.

Unlike ctdb_setup_service_state_dir(), this does not print the
directory name but sets a global variable.  The intention is to go
back to a more sensible style of usage.

This will require a shellcheck directive before the first use, such
as:

  # Set by ctdb_setup_state_dir
  # shellcheck disable=SC2154
  foo="${script_state_dir}/bar"

An alternative would be something like the following, which tricks
shellcheck into believing the variable is set:

  ctdb_setup_state_dir "service" "foo"
  # Shellcheck
  script_state_dir="$script_state_dir"

However, this is more cryptic.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-03-09 07:08:24 +01:00
Martin Schwenke
2089961346 ctdb-scripts: Move script state to its own directory
Don't use the same directory as temporary databases.

Make associated test consistent.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2018-03-09 07:08:23 +01:00
Amitay Isaacs
ba7123021a ctdb-tools: Fix documentation for ctdb ping command
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2018-03-09 07:08:23 +01:00
Amitay Isaacs
8053f652cd ctdb-tools: Event script commands cannot be run without daemon
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2018-03-09 07:08:23 +01:00
Amitay Isaacs
53c550d894 ctdb-common: Drop unused function ctdb_sys_find_ifname()
The ioctl SIOCGIFCONF does not return IPv6 addresses, so this function
does not work for IPv6 addresses.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2018-03-09 07:08:23 +01:00
Amitay Isaacs
efe3a7279e ctdb-tools: Drop ipiface command from ctdb tool
This command is not used anywhere and also does not work for IPv6
addresses.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2018-03-09 07:08:23 +01:00
Amitay Isaacs
35cc786d10 ctdb-tools: Wait for ctdb daemon to go away in shutdown
This can only be done on the local node.  For remote node, exit as
soon as the control returns.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2018-03-09 07:08:23 +01:00
Amitay Isaacs
376e9794e2 ctdb-client: Client code should never free the client context
This should never have been done.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2018-03-09 07:08:23 +01:00