1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

2390 Commits

Author SHA1 Message Date
Douglas Bagnall
6fb98f70c6 ndr: always attempt ACE coda pull if ACE type suggests a coda
We were skipping the pull in cases where the coda size was calculated
to be zero. This has the right result for empty conditional ACEs, but
not for Resource Attribute ACEs where the
CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 coda was not intialised.

The situation is made a bit worse, because the function that
calculates the coda size (ndr_subcontext_size_of_ace_coda()) can
return zero in conditions that are not exactly errors, but in which
the would-be calculated value makes so little sense that zero is
thought to be a safer default.

Credit to OSS-Fuzz.

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66577
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15613

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Mar 25 06:00:21 UTC 2024 on atb-devel-224
2024-03-25 06:00:21 +00:00
Volker Lendecke
02d9631cf3 tools: Fix whitespace
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-12 13:31:31 +00:00
Volker Lendecke
7c68d88cef lib: Make GUID_to_ndr_buf() return void
The whole point of struct GUID_ndr_buf is that this never fails.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-12 13:31:31 +00:00
Andrew Bartlett
724f403d88 libcli/security: Add SID_FRESH_PUBLIC_KEY_IDENTITY
This allows an ACL level check (rather than only an all-or-nothing KDC configuration)
that PKINIT freshness was used during the AS-REQ.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-02-28 03:44:37 +00:00
Andrew Bartlett
e6ef2fc224 librpc/idl: Check protocol version number in Kerberos ccache parser
The ccache file format version is checked by the switch in OPTIONAL_HEADER.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-02-27 01:11:37 +00:00
Andrew Bartlett
ecaaff57e4 librpc/idl: Add a parser for a FILE: format keytab
This will let us examine keytab entries exported for gMSA accounts and
ensure they are the values we expect.  This will in particular help
test our KDC via the "samba-tool domain exportkeytab" as this is a thin
wrapper around the relevant code.

Additionally, we can use this to test the new client-side keytab generation
in "samba-tool domain exportkeytab" for gMSA accounts.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-02-27 01:11:37 +00:00
Andreas Schneider
e758425869 librpc:idl: Make netlogon_samlogon_response public
This is required that we can use it with ndrdump or in python to decode
a NETLOGON_SAM_LOGON_RESPONSE_EX ldap response.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15588

Signed-off-by: Andreas Schneider <asn@samba.org>
Pair-Programmed-With: Guenther Deschner <gd@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-02-26 06:57:31 +00:00
Noel Power
01e901ef86 idl: Add constant for max rows buffer size
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15579
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-02-17 16:51:37 +00:00
Jo Sutton
14da75c4e1 librpc:idl: Fix code spelling
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-02-08 02:48:44 +00:00
Jo Sutton
19870248c0 librpc:idl: Remove trailing whitespace
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-02-08 02:48:44 +00:00
Douglas Bagnall
0c1f421c10 ndr: ignore trailing bytes in ndr_pull_security_ace()
This returns the behaviour with ordinary ACEs to where it was with 4.19.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
2024-02-08 02:48:44 +00:00
Douglas Bagnall
a72c198921 ndr: ndr_push_security_ace: calculate coda size once
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
2024-02-08 02:48:44 +00:00
Douglas Bagnall
ecb5da3e49 ndr: avoid object ACE push overhead for non-object ACE
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
2024-02-08 02:48:44 +00:00
Douglas Bagnall
fce4d51eb4 ndr: avoid object ACE pull overhead for non-object ACE
When an ACE is not an object ACE, which is common, setting the switch
value and attempting the object ACE GUID pull is just going to do
nothing, and we know that ahead of time. By noticing that we can save
a bit of time on a common operation.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
2024-02-08 02:48:44 +00:00
Douglas Bagnall
2a60ec9840 ndr: do not push ACE->coda.ignored blob
From 1e80221b23 (2008) until
c73034cf7c (conditional ACEs, etc, 2023)
we had a manual ndr_pull_security_ace() that would discard trailing
bytes, which are those bytes that we now call the coda. The ACE types
that we handled then are those that end up with a coda.ignored data
blob.

With this we effectively restore the long-standing behaviour in the
event that we push and pull an ACE -- though now we discard the
ignored bytes on push rather than pull.

This change is not because the trailing bytes caused any problems (as
far as is known), but because it is much faster to not do the push.

It may be that such ACEs no longer occur.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
2024-02-08 02:48:44 +00:00
Douglas Bagnall
4face258de ndr: mark invalid pull ndr_flags as unlikely
This might have little effect, but sometimes we see primatives like
ndr_pull_uint32() taking a few percent of the CPU time, and this is in
all those functions.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
2024-02-08 02:48:44 +00:00
Douglas Bagnall
c2673b02a7 ndr: skip talloc when pulling empty DATA_BLOB
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
2024-02-08 02:48:44 +00:00
Douglas Bagnall
ee1b8ae04b ndr: ACE push avoids no-op coda pushes
We don't expect an ordinary ACE to have a non-empty coda, and we don't
really want to push it if it does, but for this patch we still will.

This will not change the data on the wire.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
2024-02-08 02:48:44 +00:00
Douglas Bagnall
dc08e7924c ndr: make security_ace push manual
This will allow some optimisations; in this commit we just copy the
code.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
2024-02-08 02:48:44 +00:00
Douglas Bagnall
ac0c8ee01e ndr: short-circuit ace coda if no bytes left
The overwhelmingly common case is that there are no bytes left, and
regardless of the ACE type we want to store an empty blob.

We know the blob will be empty if there are no bytes, so we don't need
to allocate a sub-ndr and tokens list and so forth.

This can save almost half the time of a security descriptor pull.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
2024-02-08 02:48:44 +00:00
Douglas Bagnall
1e6a876c2c ndr: shift ndr_pull_security_ace to manual code
This was manual until commit c73034cf7c
(a few months ago).

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
2024-02-08 02:48:44 +00:00
Noel Power
718c411201 librpc/idl: remove duplicate definitition
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-01-30 16:21:35 +00:00
Noel Power
3d063f212f librpc/idl: fix typo in wsp_csort member
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-01-30 16:21:35 +00:00
Noel Power
d097c38992 librpc/wsp: Unknown property used in 'current directory' searches
This property seems to be used instead of 'Scope' when the windows
search UI has selected current dir

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-01-30 16:21:35 +00:00
Stefan Metzmacher
0744d55be0 messaging.idl: add MSG_RPCD_WITNESS_REGISTRATION_UPDATE
This will be used for rpcd_witness_registration_updateB messages
in 'net witness [client-move,...]' commands later.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-01-26 17:00:33 +00:00
Stefan Metzmacher
a9829ce6cf s3:rpcd_witness.idl: introduce definitions for rpcd_witness_registration.tdb records
A rpcd_witness_registration.tdb will be added shortly in order to
implement useful 'net witness [list,client-move,...]' commands
in the end.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-01-26 17:00:33 +00:00
Stefan Metzmacher
f21e380064 witness.idl: make witness_interfaceList public to that ndr_print works in python
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-01-26 17:00:32 +00:00
Stefan Metzmacher
1b6ef968d8 dcesrv_reply: just drop responses if the connection is already terminating
There's no reason to waste resources...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jan  9 11:26:55 UTC 2024 on atb-devel-224
2024-01-09 11:26:55 +00:00
Stefan Metzmacher
e829f5d8ec dcesrv_core: add dcesrv_call_state->subreq in order to allow tevent_req_cancel() on termination
Requests might be cancelled if the connection got disconnected,
we got an ORPHANED or CO_CANCEL pdu.

But this is all opt-in for the backends to choose.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-01-09 10:21:34 +00:00
Stefan Metzmacher
87e37e73a9 witness.idl: add flag(NDR_PAHEX) to some hex based enums
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-01-09 10:21:34 +00:00
Stefan Metzmacher
290b0b04ae witness.idl: make some types public in order to be used elsewhere
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-01-09 10:21:34 +00:00
Samuel Cabrero
5beef87816 witness.idl: Set cifs as auth service name for the witness interface
Windows clients use the 'cifs' service name to bind to the witness interface.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-01-09 10:21:34 +00:00
Joseph Sutton
9f16157f10 lib:crypto: Add implementation of GKDI key derivation
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-22 05:33:31 +00:00
Joseph Sutton
8a9f395821 librpc: Do not allow u16string to be encoded in a big‐endian context
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-21 23:48:46 +00:00
Joseph Sutton
346844b730 librpc: Change type of ‘u16string’ from ‘const uint16_t *’ to ‘const unsigned char *’
A u16string is supposed to contain UTF‐16 code units, but
ndr_pull_u16string() and ndr_push_u16string() fail to correctly ensure
this on big‐endian systems. Code that relies on the u16string array
containing correct values will then fail.

Fix ndr_pull_u16string() and ndr_push_u16string() to work on big‐endian
systems, ensuring that other code can use these strings without having
to worry about first encoding them to little‐endian.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-21 23:48:46 +00:00
Joseph Sutton
65db36ca32 librpc: Add missing spaces to error messages
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-21 23:48:46 +00:00
Joseph Sutton
44f6bfea5a gkdi.idl: Verify magic numbers of pulled GKDI structures
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-21 20:21:34 +00:00
Joseph Sutton
f5ae39548b gkdi.idl: Add ‘additional_info’ field to KeyEnvelope structure
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-21 20:21:34 +00:00
Joseph Sutton
183fd79c38 gkdi.idl: Comment on domain and forest name fields
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-21 20:21:34 +00:00
Joseph Sutton
93379df977 librpc:ndr: Don’t unnecessarily parenthesize macro arguments
If we’re just passing a parameter to another macro which we know
correctly parenthesizes its arguments, then we don’t need to
parenthesize the parameter ourselves.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-21 20:21:34 +00:00
Joseph Sutton
c62d17dbe7 security.idl: Remove trailing whitespace
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-08 02:28:33 +00:00
Joseph Sutton
e05c3477fc librpc: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-08 02:28:33 +00:00
Joseph Sutton
4846ebbd8a librpc: Remove trailing whitespace
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-08 02:28:33 +00:00
Joseph Sutton
2cb6e37e5b gkdi.idl: Add definitions for the Group Key Distribution Service
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-08 02:28:33 +00:00
Joseph Sutton
187d3baab3 librpc:ndr: Use correct libndr flags type
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-30 00:02:33 +00:00
Joseph Sutton
79f6da4212 librpc:ndr: Remove trailing whitespace
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-30 00:02:33 +00:00
Joseph Sutton
59b9432524 conditional_ace.idl: Fix undefined shift
If ‘int’ is a 32‐bit type, then 1 << 31 cannot be represented in an
‘int’, and this shift will invoke undefined behaviour.

We have got away with this so far because of a Pidl bug that changed the
expression to ‘(uint32_t)1 << 31’, which is valid. But that bug is about
to be fixed.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-30 00:02:33 +00:00
Douglas Bagnall
e81e070638 librpc/idl:security: add claims flag indicating orderly and unique members
The same flag will be used in conditional ACE composites, and on
CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 structures derived from wire
claims and resource attribute ACEs, when we know we have checked the
claim has no duplicate values.

Resource Attribute ACEs contain CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1
at rest, but we are not going to set the flag there on the off chance
that the ACE could fly off to another application and have another
application specific meaning there. We will only check for uniqueness
and set the flag on ephemeral copies of resource claims during access
check operations.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-27 22:37:32 +00:00
Douglas Bagnall
a8f83fe8a2 librpc/idl:security: add a couple of claims flags
We don't use these.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-27 22:37:31 +00:00
Douglas Bagnall
f4ea27b84a librpc/idl:condtional_ace: shift CONDITIONAL_ACE_FLAG_TOKEN_FROM_ATTR to last bit
This region is "available for application-specific data" in the
CLAIM_SECURITY_ATTRIBUTE_ space, according to [MS-DTYP] 2.4.10.1,
so it nicer to use that, even though we are not actually setting the
flag on the V1 claims.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-27 22:37:31 +00:00