1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

460 Commits

Author SHA1 Message Date
Joseph Sutton
0a3aa5f908 CVE-2022-32746 ldb: Make use of functions for appending to an ldb_message
This aims to minimise usage of the error-prone pattern of searching for
a just-added message element in order to make modifications to it (and
potentially finding the wrong element).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-07-27 10:52:36 +00:00
Andreas Schneider
3467214cf9 s3: Remove --log-stdout from daemons
The common cmdline parser provides --debug-stdout.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-04-29 03:58:37 +00:00
Andreas Schneider
24c4fcf811 s3:winbind: Pass the 'samba' daemon config file to winbindd
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-04-28 03:43:34 +00:00
Andreas Schneider
0b8433cf87 s4:winbind: Add a missing no memory check
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-04-28 03:43:34 +00:00
Ralph Boehme
4142bde7e5 s4: rename source4/smbd/ to source4/samba/
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Nov 27 10:07:18 UTC 2020 on sn-devel-184
2020-11-27 10:07:18 +00:00
Douglas Bagnall
213a8d551d s4/winbind/idmap: check the right variable (CID 1272950)
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-07-06 12:30:33 +00:00
Noel Power
c534b05c8d s4/winbind: clang: Fixes 'Value stored during its initialization is never read'
Fixes:

source4/winbind/idmap.c:214:11: warning: Value stored to 'status' during its initialization is never read <--[clang]
        NTSTATUS status = NT_STATUS_NONE_MAPPED;

source4/winbind/idmap.c:397:11: warning: Value stored to 'status' during its initialization is never read <--[clang]
        NTSTATUS status = NT_STATUS_NONE_MAPPED;
                 ^~~~~~   ~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-09-26 18:41:26 +00:00
Mathieu Parent
271b04aaae Spelling fixes s/noone/no one/
Skipping source4/torture/winbind/struct_based.c

Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-09-01 22:21:27 +00:00
Andrew Bartlett
e995c9c16f s4-winbindd: Removed unused wb_utils.c
Garming noticed this was untested code in the lcov report, and it turns out to be unused.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-05-06 05:46:11 +00:00
Volker Lendecke
f1e71a2c1e winbind4: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-08 03:40:28 +01:00
Gary Lockyer
99aea42520 source4 smdb: Add a post fork hook to the service API
Add a post fork hook to the service API this will be called:

 - standard process model
   immediately after the task_init.

- single process model
  immediately after the task_init

- prefork process model, inhibit_pre_fork = true
  immediately after the task_init

- prefork process model, inhibit_pre_fork = false
  after each service worker has forked. It is not run on the service
  master process.

The post fork hook is not called in the standard model if a new process
is forked on a new connection. It is instead called immediately after
the task_init.

The task_init hook has been changed to return an error code. This ensures
the post_fork code is only run if the task_init code completed successfully.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
2018-11-01 23:49:24 +01:00
Gary Lockyer
d6777a66c0 source4 smbd: Make the service_details structure constant.
Make the service_details structure a static const.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
2018-11-01 23:49:24 +01:00
Gary Lockyer
5c0345ea9b samdb: Add remote address to connect
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-05-10 20:02:23 +02:00
Simo Sorce
f5e3b1e9d3 Remove dead code
Signed-off-by: Simo Sorce <idra@samba.org>

Autobuild-User(master): Simo Sorce <idra@samba.org>
Autobuild-Date(master): Mon Mar 19 20:29:28 CET 2018 on sn-devel-144
2018-03-19 20:29:28 +01:00
Gary Lockyer
b852ad044b source4/smbd: refactor the process model for prefork
Refactor the process model code to allow the addition of a prefork
    process model.

    - Add a process context to contain process model specific state
    - Add a service details structure to allow service to indicate which
      process model options they can support.

    In the new code the services advertise the features they support to the
    process model.  The process model context is plumbed through to allow the
    process model to keep track of the supported options, and any state
    the process model may require.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-10-19 05:33:09 +02:00
Jeremy Allison
560c37524b s4: Add TALLOC_CTX * to register_server_service().
Use the passed in context from callers. Remove one
talloc_autofree_context().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-05-11 20:30:13 +02:00
Jeremy Allison
306783d6f5 lib: modules: Change XXX_init interface from XXX_init(void) to XXX_init(TALLOC_CTX *)
Not currently used - no logic changes inside.

This will make it possible to pass down a long-lived talloc
context from the loading function for modules to use instead
of having them internally all use talloc_autofree_context()
which is a hidden global.

Updated all known module interface numbers, and added a
WHATSNEW.

Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Böhme <slow@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Apr 22 01:17:00 CEST 2017 on sn-devel-144
2017-04-22 01:17:00 +02:00
Volker Lendecke
22b2151fb5 winbind4: Remove unused code
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-01-02 18:04:13 +01:00
Volker Lendecke
2e1dc952f0 idmap4: Use sid_check_is_in_unix_groups()
This avoids the need for the special unix groups sid

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Thu Dec 29 00:05:25 CET 2016 on sn-devel-144
2016-12-29 00:05:25 +01:00
Volker Lendecke
e06a342f80 idmap4: Use sid_check_is_in_unix_users()
This avoids the need for the special unix users sid

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-12-28 20:17:13 +01:00
Volker Lendecke
6830a6a350 idmap4: Slightly simplify idmap_xid_to_sid
No need to parse "S-1-22-1", we have global_sid_Unix_Users

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-12-28 20:17:12 +01:00
Volker Lendecke
2146df24d8 idmap4: Fix error path memleaks in idmap_init
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-12-28 20:17:12 +01:00
Volker Lendecke
f39ed433dc idmap4: Fix idmap_ctx talloc hierarchy
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-12-28 20:17:12 +01:00
Andrew Bartlett
c31c30043b s4-winbindd: Remove the winbind rewrite from the samba4 effort
This winbind implementation is undermaintained, out of date and not the
future of even the AD DC, let alone any other purpose.

Removing it will reduce our security and bug exposure on this
off by default subsystem

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 24 22:34:57 CEST 2015 on sn-devel-104
2015-06-24 22:34:57 +02:00
Andrew Bartlett
7fcaa07e20 winbindd4: Force home directory in internal winbind to use a lower-case username
This is a BEHAVIOUR CHANGE from Samba 4.0 and 4.1, if mixed-case
usernames were in use.

However, it matches the behaviour in winbindd in all other use cases.

Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-05-06 01:22:14 +02:00
Andrew Bartlett
406cd32126 s4-winbind: Correctly reject the unsupported WBFLAG_PAM_AUTH_PAC flag
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-05-06 01:22:14 +02:00
Andreas Schneider
d86f7b9daf s3-winbind: Correct debug message for starting winbind.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-03-20 23:25:52 +01:00
Volker Lendecke
a99a5a34a5 Fix the developer O3 build
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Wed Feb 25 16:32:29 CET 2015 on sn-devel-104
2015-02-25 16:32:29 +01:00
Garming Sam
58b343be47 idmap: return the correct id type to *id_to_sid methods
We have a pointer to a unixid which is sent down instead of a uid or
gid. We can use this as an in-out variable so that pdb_samba_dsdb can be
returned ID_TYPE_BOTH to cache correctly instead of leaving it as
ID_TYPE_UID or ID_TYPE_GID.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10720

Change-Id: I0cef2e419cbb337531244b7b41c708cf2ab883e3
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-12-03 04:21:09 +01:00
Andrew Bartlett
b19750dbe9 winbindd: Do not use group_list->out.resume_index after free
Found by AddressSanitizer

Change-Id: I59009144b28c390ddb80b7b3fbb4007dfd16db0e
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
2014-09-08 07:26:34 +02:00
Andrew Bartlett
34cc5bd260 winbindd: Do not use user_list->out.resume_index after free
Found by AddressSanitizer

Change-Id: I9f8b95b65de788994a7404fa8889fce45ccb3a30
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
2014-09-08 07:26:34 +02:00
Andrew Bartlett
57228317fc winbind: Fix template homedir to match source3
Fix provided by Andy Igoshin <ai@vsu.ru>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10324

Andrew Bartlett

Change-Id: Ie94d207fed91e9dfd85ee3c3339c376b25ac5fa4
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-06-04 03:22:26 +02:00
Andrew Bartlett
77b04f1df6 winbind: Allow winbindd to be run from inside "samba"
Change-Id: I6b90a9b62ba5821e0feedb23cd20642078ba0ca6
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Apr 29 05:28:39 CEST 2014 on sn-devel-104
2014-04-29 05:28:39 +02:00
Volker Lendecke
1f60aa8ec2 winbind4: Remove unused winbind_get_idmap irpc operation
Change-Id: Ia5e62d30b277f8a7074d451cfb8675eee8e9d21f
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-03-05 16:33:21 +01:00
Volker Lendecke
699f86cc27 Revert "winbind4: Remove unused winbind_get_idmap irpc operation"
This reverts commit 41ff0f4454.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-02-18 10:28:28 +01:00
Stefan Metzmacher
71096883e1 s4:winbind: make use of dcerpc_binding_[g|s]et_flags()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-13 11:54:17 +01:00
Stefan Metzmacher
785c0fe34a s4:winbind: don't access dcerpc_binding internals in init_domain_binding()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-02-13 11:54:17 +01:00
Volker Lendecke
41ff0f4454 winbind4: Remove unused winbind_get_idmap irpc operation
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Kai Blin <kai@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Feb 10 13:24:09 CET 2014 on sn-devel-104
2014-02-10 13:24:09 +01:00
Noel Power
0f347e44e2 log winbind version (when requested) in winbindd log
winbindd currently only logs the INTERFACE version request,
it would be useful to additionally have the version returned
in the log also.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jim McDonough <jmcd@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Wed Jan 22 21:57:04 CET 2014 on sn-devel-104
2014-01-22 21:57:04 +01:00
Stefan Metzmacher
124a89698b s4:winbind: let wb_samr_userdomgroups_send() take tevent_context/dcerpc_binding_handle
This avoids usage/dereferencing 'struct dcerpc_pipe'.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-01-16 16:22:52 +01:00
Stefan Metzmacher
ad14fb9545 s4:winbind: let wb_lsa_lookupnames_send() take tevent_context/dcerpc_binding_handle
This avoids usage/dereferencing 'struct dcerpc_pipe'.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-01-16 16:22:52 +01:00
Stefan Metzmacher
5559cdf5c2 s4:winbind: let wb_lsa_lookupsids_send() take tevent_context/dcerpc_binding_handle
This avoids usage/dereferencing 'struct dcerpc_pipe'.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-01-16 16:22:52 +01:00
Stefan Metzmacher
59bc7cb0df s4:winbind: make clear that we use the global tevent_context
We should avoid using the tevent_context pointer on a
dcecli_connection, it's the same as the global per task one
anyway.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-01-16 16:22:52 +01:00
Stefan Metzmacher
00d616e104 s4:winbind: correctly fill the libnet_context lsa and samr binding handles
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-01-16 16:22:52 +01:00
Jeremy Allison
0dc6181894 CVE-2013-4408:s3:Ensure LookupNames replies arrays are range checked.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
2013-12-09 07:05:46 +01:00
Jeremy Allison
b0ba4a5621 CVE-2013-4408:s3:Ensure LookupSids replies arrays are range checked.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
2013-12-09 07:05:46 +01:00
Andrew Bartlett
2505d48e4f s4-winbindd: Do not terminate a connection that is still pending (bug #9820)
Instead, wait until the call attempts to reply, and let it terminate then

(often this happens in the attempt to then write to the broken pipe).

Andrew Bartlett

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-07-10 06:57:06 +02:00
Andrew Bartlett
88c72fceb1 s4-winbind: Add special case for BUILTIN domain
This should mean that lookups for the BUILTIN domain cause less trouble
then they have in the past, because they will no longer go via the
trusted domain handler.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 20 15:30:00 CEST 2013 on sn-devel-104
2013-06-20 15:30:00 +02:00
Stefan Metzmacher
097a8c7239 s4:winbind: don't leak libnet_context into the main event context
This needs to be a talloc child of struct wbsrv_domain
otherwise the cleanup of a broken connection doesn't work.

The following command can trigger the leak on a domain controller.

root@dc:~/samba# ls -l /var/lib/samba/sysvol/samba.private/
total 16
drwxrwx---+ 5 root 3000000 4096 May 14 14:46 Policies
drwxrwx---+ 2 root 3000000 4096 May 14 11:45 scripts

gid 3000000 belongs to Builtin\Administrators.

The code triggers a ncacn_np: connection to the local smbd
and complains that domain BUILTIN is not available:

[2013/05/29 17:28:03,  2] ../source4/winbind/wb_init_domain.c:376(init_domain_recv_queryinfo)
  Expected domain name BUILTIN, DC dc.samba.private said SAMBA

In that case the connection was not closed, which is fixed by this commit.

Using ncalrpc: for all local SIDs and serving the BUILTIN domain is
a project for another day...

Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jun  4 11:05:09 CEST 2013 on sn-devel-104
2013-06-04 11:05:09 +02:00
Michael Adam
8bf311288b s4:idmap: break account_type check lines for readability in idmap_sid_to_xid()
Also makes code obey README.Coding, regarding line-length.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon May 27 00:05:19 CEST 2013 on sn-devel-104
2013-05-27 00:05:19 +02:00