1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

7958 Commits

Author SHA1 Message Date
Douglas Bagnall
9849e7440e util/genrand: don't ignore errors in random number generation
In this case it is probably better to crash out.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15103

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2022-07-28 05:23:28 +00:00
Joseph Sutton
4e2e767a78 CVE-2022-2031 lib:krb5_wrap: Generate valid error codes in smb_krb5_mk_error()
The error code passed in will be an offset from ERROR_TABLE_BASE_krb5,
so we need to subtract that before creating the error. Heimdal does this
internally, so it isn't needed there.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15074

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2022-07-27 10:52:36 +00:00
Andrew Bartlett
f4eb4e6478 CVE-2022-32746 ldb: Release LDB 2.6.1
* CVE-2022-32746 Use-after-free occurring in database audit logging module (bug 15009)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2022-07-27 10:52:36 +00:00
Joseph Sutton
0a3aa5f908 CVE-2022-32746 ldb: Make use of functions for appending to an ldb_message
This aims to minimise usage of the error-prone pattern of searching for
a just-added message element in order to make modifications to it (and
potentially finding the wrong element).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-07-27 10:52:36 +00:00
Joseph Sutton
df487eb2d7 CVE-2022-32746 ldb: Add functions for appending to an ldb_message
Currently, there are many places where we use ldb_msg_add_empty() to add
an empty element to a message, and then call ldb_msg_add_value() or
similar to add values to that element. However, this performs an
unnecessary search of the message's elements to locate the new element.
Moreover, if an element with the same attribute name already exists
earlier in the message, the values will be added to that element,
instead of to the intended newly added element.

A similar pattern exists where we add values to a message, and then call
ldb_msg_find_element() to locate that message element and sets its flags
to (e.g.) LDB_FLAG_MOD_REPLACE. This also performs an unnecessary
search, and may locate the wrong message element for setting the flags.

To avoid these problems, add functions for appending a value to a
message, so that a particular value can be added to the end of a message
in a single operation.

For ADD requests, it is important that no two message elements share the
same attribute name, otherwise things will break. (Normally,
ldb_msg_normalize() is called before processing the request to help
ensure this.) Thus, we must be careful not to append an attribute to an
ADD message, unless we are sure (e.g. through ldb_msg_find_element())
that an existing element for that attribute is not present.

These functions will be used in the next commit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-07-27 10:52:36 +00:00
Joseph Sutton
a2bb5beee8 CVE-2022-32746 ldb: Ensure shallow copy modifications do not affect original message
Using the newly added ldb flag, we can now detect when a message has
been shallow-copied so that its elements share their values with the
original message elements. Then when adding values to the copied
message, we now make a copy of the shared values array first.

This should prevent a use-after-free that occurred in LDB modules when
new values were added to a shallow copy of a message by calling
talloc_realloc() on the original values array, invalidating the 'values'
pointer in the original message element. The original values pointer can
later be used in the database audit logging module which logs database
requests, and potentially cause a crash.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-07-27 10:52:36 +00:00
Joseph Sutton
7efe8182c1 CVE-2022-32746 ldb: Add flag to mark message element values as shared
When making a shallow copy of an ldb message, mark the message elements
of the copy as sharing their values with the message elements in the
original message.

This flag value will be heeded in the next commit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-07-27 10:52:36 +00:00
Joseph Sutton
41b1fe6d4a CVE-2022-32746 ldb:rdn_name: Use LDB_FLAG_MOD_TYPE() for flags equality check
Now unrelated flags will no longer affect the result.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15009

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-07-27 10:52:36 +00:00
Stefan Metzmacher
0f544f3363 lib/util: make use of tevent_cached_getpid() in performance critical code
This avoids wasting getpid() calls in a lot of places...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-07-25 17:34:33 +00:00
Stefan Metzmacher
bcfb257bbf lib/messaging: s/getpid/tevent_cached_getpid
Our messaging code is very performance critical and
we should note waste time in getpid() syscalls...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-07-25 17:34:33 +00:00
Stefan Metzmacher
63d4db63fe tevent: version 0.13.0
- add tevent_cached_getpid()

Note the changes to ABI/tevent-0.12.1.sigs only
revert the temporary changes made there...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-07-25 17:34:33 +00:00
Stefan Metzmacher
673a8551d8 tevent: tevent_cached_getpid() tests
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-07-25 17:34:33 +00:00
Stefan Metzmacher
087b1b0efd tevent: add tevent_cached_getpid() helper
This avoids a getpid() syscall per tevent_loop_once() iteration.

We provide tevent_cached_getpid() also as helper for external consumers
in order to have the logic only once.

Note the change to ABI/tevent-0.12.1.sigs will be reverted
with the bump to 0.13.0.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-07-25 17:34:33 +00:00
Volker Lendecke
e2d30fd5b7 lib: Remove a few #include "includes.h"
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-07-25 12:04:33 +00:00
Volker Lendecke
930426db02 lib: On FreeBSD util_paths.c does not find struct stat
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Jul 24 00:25:49 UTC 2022 on sn-devel-184
2022-07-24 00:25:48 +00:00
Volker Lendecke
605d646935 lib: Fix the 32-bit build
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-07-23 23:29:38 +00:00
Volker Lendecke
0d1890011e lib: Fix the FreeBSD build
"time_t" only comes in via a proper include of <time.h>

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-07-23 23:29:38 +00:00
Martin Schwenke
b686bbb4ac replace: Add check for if_nameindex()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2022-07-22 16:09:31 +00:00
Andreas Schneider
f340b88472 waf: Check for -Wno-error=array-bounds flags
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15073

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jul 19 12:17:35 UTC 2022 on sn-devel-184
2022-07-19 12:17:35 +00:00
Pavel Filipenský
f0e0a95320 debug: Add DEBUGLF macro with explicit location and function parameters.
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
2022-07-15 14:25:37 +00:00
Pavel Filipenský
8e2d05879e debug: Fix whitespace and a typo in debug.h
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
2022-07-15 14:25:37 +00:00
Samuel Cabrero
2235a4aac4 lib:krb5_wrap: Add debug to ads_krb5_cli_get_ticket()
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2022-07-12 11:47:30 +00:00
Samuel Cabrero
28db144375 s3:winbind: Improve debug message to print service in smb_krb5_renew_ticket()
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
2022-07-12 11:47:30 +00:00
Andrew Bartlett
d2a473a7b7 dsdb: Allow password history and password changes without an NT hash
We now allow this to be via the ENCTYPE_AES256_CTS_HMAC_SHA1_96 hash instead
which allows us to decouple Samba from the unsalted NT hash for
organisations that are willing to take this step (for user accounts).

(History checking is limited to the last three passwords only, as
ntPwdHistory is limited to NT hash values, and the PrimaryKerberosCtr4
package only stores three sets of keys.)

Since we don't store a salt per-key, but only a single salt, the check
will fail for a previous password if the account was renamed prior to a
newer password being set.

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-06-26 22:10:29 +00:00
Andreas Schneider
f68374aac5 lib:cmdline: Fix error handling of --client-protection=sign|encrypt|off
Best reviewed with `git show -b`

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15104

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jun 22 11:49:23 UTC 2022 on sn-devel-184
2022-06-22 11:49:23 +00:00
Andreas Schneider
7cc340f972 lib:cmdline: Fix error handling of --use-krb5-ccache=CCACHE
Best reviewed with `git show -b`

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15104

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-06-22 10:53:36 +00:00
Andreas Schneider
2dbd3210ed lib:cmdline: Fix error handling of --use-kerberos=desired|required|off
Best reviewed with `git show -b`

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15104

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-06-22 10:53:36 +00:00
Douglas Bagnall
d0d18934fa torture: add torture_assertf()
Often we go 'torture_assert(tctx, expr, talloc_asprintf(tctx, "foo
%s", foo));' which is just a pain.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15040

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-06-17 01:28:30 +00:00
Douglas Bagnall
c7254de6fd util/debug: share classname table with tests
The executables generated from lib/util/tests/test_logging.c are used
by the samba.tests.logfiles tests to test logging with various
smb.confs that assign classes to various files at different levels
etc.

Previously test_logging.c had its own version of the table; now it
shares one with debug.c

We put the table in a sub-directory (lib/util/debug-classes/), because
adding local_include=True to the wscript_build stanza causes the
compiler confusion between <time.h> and lib/util/time.h.

Note: there are still two other lists of the class names, in
python/samba/tests/logfiles.py and
docs-xml/smbdotconf/logging/loglevel.xml.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-06-17 01:28:30 +00:00
Douglas Bagnall
1a6890a94d debug: add DBG_DEV()
This can be a useful macro when you are trying to track the behaviour
of one process out of the dozens that samba starts up, and when your
interest is in following it over time, not necessarily in a single
stack.

In DEVELOPER mode, if you call 'debug_developer_enable()' in the
process you're following, then any instances of DBG_DEV() will work
like DBG_ERR(), also adding ":DEV:12345:" where "12345" is the pid of
th current process.

Within debug.c itself, the macro always writes to stderr, because the
debug.c functions are not all reentrant.

When not in DEVELOPER MODE, the macro evaluates to nothing.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-06-17 01:28:30 +00:00
Douglas Bagnall
b94c805783 debug: drop an '#if _SAMBA_BUILD_ == 3'
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-06-17 01:28:30 +00:00
Douglas Bagnall
dfc9cf384d tests: rename logging test source
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-06-17 01:28:30 +00:00
Douglas Bagnall
ab949131b5 tests: adapt logging test for s3.
There is one knownfail, where it seems an smb.conf like

   log file = foo
   log level = 2 tdb:2@baa ldb:3

will send the ldb logs to 'baa' instead of 'foo' (i.e., the last
opened log file, rather than the default log file).

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-06-17 01:28:30 +00:00
Douglas Bagnall
c668b5caa9 tests: test source4 cmdline/smb.conf log level
The 'log level' line in smb.conf allows messages from different log
classes to be sent to different places, but we have not tested that
this works. Now we do, somewhat.

The test involves running a special binary based on a stripped down
source4/samba/server.c that just starts up, parses the command line
and a given smb.conf, then logs messages from multiple classes and
exits.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-06-17 01:28:30 +00:00
Martin Schwenke
a8091bd0c5 util: Add new debug setting debug_no_stderr_redirect
CTDB doesn't want this redirection of stderr to the log file.  It
expects to be able to capture stderr of subprocesses and log them with
a header.  This redirection stops that from happening.

Unfortunately this has to be a negative option (i.e. "no" in the name)
so that the default of 0/false maintains existing behaviour.

Note that the default behaviour is sub-optimal because it causes raw
data (i.e. debug data without a header) to appear in the log.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15090

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
2022-06-16 12:42:35 +00:00
Samuel Cabrero
89e0c732b1 replace: Check for -Wuse-after-free
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15095

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-06-14 09:25:31 +00:00
Joseph Sutton
0dad0e3fcd lib:krb5_wrap: Add const to parameters for smb_krb5_create_key_from_string()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2022-06-14 07:21:29 +00:00
Joseph Sutton
aec2076fa7 lib/util: Delegate constant time memcmp to gnutls_memcmp()
gnutls_memcmp() is mostly identical to our own implementation, except
that ours will not break if supplied with 4 GiB or more of data.
However, using an external function permits us to disclaim
responsibility if some CPU/compiler combination happens to invalidate
our constant-time guarantee.

For reference, gnutls_memcmp() implementation:
78d9820de0/lib/safe-memfuncs.c (L41-67)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-06-09 22:49:29 +00:00
Joseph Sutton
222e1afc6f lib/util: Add test of mem_equal_const_time()
Ensure that it gives the correct results for comparing two memory
regions.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-06-09 22:49:29 +00:00
Joseph Sutton
a80d783a34 lib/util: Add test of data_blob_equal_const_time()
Ensure that it gives the correct results for comparing two data blobs.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-06-09 22:49:29 +00:00
Joseph Sutton
8d7a091adc lib/util: Reduce sum variable to uint8_t
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-06-09 22:49:29 +00:00
Joseph Sutton
feb36dbebf lib/util: Change function to mem_equal_const_time()
Since memcmp_const_time() doesn't act as an exact replacement for
memcmp(), and its return value is only ever compared with zero, simplify
it and emphasize the intention of checking equality by returning a bool
instead.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-06-09 22:49:29 +00:00
Joseph Sutton
a554e2ce53 lib/util: Change function to data_blob_equal_const_time()
Since data_blob_cmp_const_time() doesn't act as an exact replacement for
data_blob_cmp(), and its return value is only ever compared with zero,
simplify it and emphasize the intention of checking equality by
returning a bool instead.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-06-09 22:49:29 +00:00
Joseph Sutton
ae6634c787 auth: Use constant-time memcmp when comparing sensitive buffers
This helps to avoid timing attacks.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15010

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-06-09 22:49:29 +00:00
Joseph Sutton
87f68500ed lib/util: Move memcmp_const_time() to util.c
This allows it to be used in more places without needing to introduce
more dependencies.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-06-09 22:49:29 +00:00
Andrew Bartlett
14feb93d48 lib/util: Prefer backtrace_symbols() for internal backtraces
Backtraces when Samba is in PANIC state are better with
backtrace_symbols() than with libunwind on Ubuntu 20.04 x86_64
so move libunwind to a off-by-default option, prompted for
if backtrace_symbols() is not available.

Based on a request by Fco Javier Felix <ffelix@inode64.com>

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-06-09 22:49:29 +00:00
Andrew Bartlett
bd09537e21 build: Possibly link against libexecinfo for backtrace_symbols()
We look for backtrace_symbols() in this library, so we should link against
it if we find it.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-06-09 22:49:29 +00:00
Andrew Bartlett
df11826a3b build: Make build with --disable-fault-hanlding work under --enable-developer
Previously this would leave static functions unused, which the compiler will
not allow for a developer build.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-06-09 22:49:29 +00:00
Samuel Cabrero
b3034f1209 Revert "lib:util: Remove NIS support from string_match()"
This partly reverts commit 620de975f1.

Drop chunk including system/nis.h, drop wscript_build modifications,
use getdomainname() from glibc instead of yp_get_default_domain() from
libnsl.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15087

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-06-09 21:45:28 +00:00
Stefan Metzmacher
27ceb1c3ad tdb: version 1.4.7
* Fix build problems

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15071

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jun  8 17:57:53 UTC 2022 on sn-devel-184
2022-06-08 17:57:53 +00:00