1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

102 Commits

Author SHA1 Message Date
Pavel Filipenský
988077c336 s3:libsmb: Zero memory in trust_pw_change()
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2022-08-26 07:59:32 +00:00
Pavel Filipenský
c9c120da11 s3:libsmb: Fix trailing whitespaces in trusts_util.c
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2022-08-26 07:59:32 +00:00
Stefan Metzmacher
5e2386336c s3:trusts_utils: use a password length of 120 for machine accounts
This is important when we change the machine password against
an RODC that proxies the request to an RWDC.

An RODC using NetrServerPasswordSet2() to proxy PasswordUpdateForward via
NetrLogonSendToSam() ignores a return of NT_STATUS_INVALID_PARAMETER
and reports NT_STATUS_OK as result of NetrServerPasswordSet2().
This hopefully found the last hole in our very robust machine account
password handling logic inside of trust_pw_change().

The lesson is: try to be as identical to how windows works as possible,
everything else may use is untested code paths on Windows.

A similar problem was fixed by this commit:

    commit 609ca65765
    Author: Joseph Sutton <josephsutton@catalyst.net.nz>
    Date:   Wed Feb 24 02:03:25 2021 +1300

        provision: Decrease the length of random machine passwords

        The current length of 128-255 UTF-16 characters currently causes
        generation of crypt() passwords to typically fail. This commit
        decreases the length to 120 UTF-16 characters, which is the same as
        that used by Windows.

        BUG: https://bugzilla.samba.org/show_bug.cgi?id=14621

        Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
        Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
        Reviewed-by: Andrew Bartlett <abartlet@samba.org>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14984

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Feb 23 08:49:54 UTC 2022 on sn-devel-184
2022-02-23 08:49:54 +00:00
Noel Power
2138bd93bb s3/libsmb: clang: value stored to 'idx_current' is never read
Fixes:

source3/libsmb/trusts_util.c:602:2: warning: Value stored to 'idx_current' is never read <--[clang]
        idx_current = idx;
        ^             ~~~

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-09-26 18:41:28 +00:00
Volker Lendecke
7fe67a4782 lib: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-06-20 17:18:17 +00:00
Andreas Schneider
1aabfff8a6 libsmb: Remove incorrect fall through comment in trusts_util.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Mar  1 09:52:37 CET 2018 on sn-devel-144
2018-03-01 09:52:37 +01:00
Volker Lendecke
a104e08171 lib: Make g_lock_unlock use TDB_DATA
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-02-08 10:01:50 +01:00
Volker Lendecke
bdeb7e7d81 lib: Make g_lock_lock use TDB_DATA
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-02-08 10:01:50 +01:00
Volker Lendecke
4d19f8b4b9 netlogon_creds_cli: Protect netlogon_creds_cli_auth by _lck
This widens the lock range to cover the check for established
credentials. Before this patch it could happen that more than one
winbind finds no credentials and does the auth3. This can pile up.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-09-25 09:43:13 +02:00
Stefan Metzmacher
40c42af11f s3:trusts_util: make use the workstation password change more robust
We use secrets_{prepare,failed,defer,finish}_password_change() to make
the process more robust.

Even if we just just verified the current password with the DC
it can still happen that the remote password change will fail.

If a server has the RefusePasswordChange=1 under
HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters,
it will reject NetrServerPasswordSet2() with NT_STATUS_WRONG_PASSWORD.

This results in a successful local change, but a failing remote change,
which means the domain membership is broken (as we don't fallback to
the previous password for ntlmssp nor kerberos yet).

An (at least Samba) RODC will also reject a password change,
see https://bugzilla.samba.org/show_bug.cgi?id=12773.

Even with this change we still have open problems, e.g. if the password was
changed, but we didn't get the servers response. In order to fix that we need
to use only netlogon and lsa over unprotected transports, just using schannel
authentication (which supports the fallback to the old password).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-27 16:57:46 +02:00
Stefan Metzmacher
d60404b032 s3:trusts_util: also pass the previous_nt_hash to netlogon_creds_cli_auth()
Even in the case where only the password is known to the server, we should
try to leave a valid authentication behind.

We have better ways to indentify which password worked than only using
the current one.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-27 16:57:46 +02:00
Stefan Metzmacher
0f5945a06d libcli/auth: pass the cleartext blob to netlogon_creds_cli_ServerPasswordSet*()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-27 16:57:46 +02:00
Stefan Metzmacher
ddd7ac68cc libcli/auth: pass an array of nt_hashes to netlogon_creds_cli_auth*()
This way the caller can pass more than 2 hashes and can only
know which hash was used for a successful connection.

We allow up to 4 hashes (next, current, old, older).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-27 16:57:45 +02:00
Stefan Metzmacher
1421abfc73 s3:trusts_util: pass dcname to trust_pw_change()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-27 16:57:45 +02:00
Stefan Metzmacher
c21e9981d0 s3:libsmb: use trust_pw_new_value() in trust_pw_change()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-02-21 16:09:21 +01:00
Stefan Metzmacher
9e26ad86fb s3:libsmb: add trust_pw_new_value() helper function
This generates a new trust password based on the secure channel type
and lp_security().

NT4 really has a limit of 28 UTF16 bytes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-02-21 16:09:21 +01:00
Stefan Metzmacher
a287754168 s3:libsmb: let trust_pw_change() verify the new password at the end.
We should notice problems as early as possible, it makes no
sense to keep things working for a while and later find out
the we lost our trust relationship with our domain.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-02-21 16:09:21 +01:00
Stefan Metzmacher
4185689dbf s3:libsmb: let trust_pw_change() debug more verbose information
Password changes caused much trouble in the past, so we better debug
them at log level 0 and may see them also in the syslog.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-02-21 16:09:21 +01:00
Stefan Metzmacher
54e68e94ee s3:trusts_util: generate completely random passwords in trust_pw_change()
Instead of having every 2nd byte as '\0' in the utf16 password,
because the utf8 form is based on an ascii subset, we convert
the random buffer from CH_UTF16MUNGED to CH_UTF8.

This way we have a random but valid utf8 string,
which is almost like what Windows is doing.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2015-03-30 13:41:25 +02:00
Stefan Metzmacher
3e1e58711c s3:trusts_util: pass new_trust_version to netlogon_creds_cli_ServerPasswordSet() in trust_pw_change()
We should maintain current and previous passwords on both sides of the trust,
which mean we need to pass our view of the new version to the remote DC.

This avoid problems with replication delays and make sure the kvno
for cross-realm tickets is in sync.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2015-03-30 13:41:25 +02:00
Stefan Metzmacher
99ebb92d46 s3:trusts_util: make use of pdb_get_trust_credentials() and pdb_get_trusted_domain() in trust_pw_change()
Using pdb_get_trust_credentials() works for all kind of trusts
and gives us much more details regarding the credentials.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2015-03-30 13:41:25 +02:00
Stefan Metzmacher
50605ddd1c s3:trusts_util: add support for SEC_CHAN_DNS_DOMAIN in trust_pw_change()
SEC_CHAN_DNS_DOMAIN trusts use longer passwords, Windows uses 240 UTF16 bytes.

Some trustAttribute flags may also make impact on the length on Windows,
but we could be better if we know that the remote domain is an AD domain.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2015-03-30 13:41:25 +02:00
Stefan Metzmacher
29b173d2a7 s4:trust_utils: store new trust/machine passwords before trying it remotely.
If this fails we can still fallback to the old password...

Before trying the password change we verify the dc knows our current password.

This should make the password changes much more robust.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2015-03-12 17:13:43 +01:00
Andrew Bartlett
e6ec265a40 libsmb: Allow change of BDC trust account password
This account is otherwise just like the workstation trust acocunt, so use that code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10891

Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-12-11 19:14:06 +01:00
Jose A. Rivera
2b77b07286 s3/libsmb: Free memdup'd local variable
secrets_fetch_machine_password() sets pwd to point to memdup()'d (and thus
malloc()'d) memory. This memory should be freed before we go out of scope.

Change-Id: I07e575819c309fa5b85627dce2eb969bc720ce4e
Coverity-Id: 1168001
Reviewed-by: Ira Cooper <ira@samba.org>
Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
Reviewed-by: Simo Sorce <idra@samba.org>

Autobuild-User(master): Simo Sorce <idra@samba.org>
Autobuild-Date(master): Sat Feb 22 00:58:23 CET 2014 on sn-devel-104
2014-02-22 00:58:23 +01:00
Stefan Metzmacher
a8ecebe3e8 s3:libsmb: remove unused trust_pw_find_change_and_store_it()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-01-07 12:47:13 +01:00
Stefan Metzmacher
16c6e4992f s3:libsmb: add trust_pw_change()
This protects the password change using a domain specific g_lock,
so multiple parts 'net rpc', 'rpcclient', 'winbindd', 'wbinfo --change-secret'
even on multiple cluster nodes doesn't race anymore.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-01-07 12:47:12 +01:00
Volker Lendecke
1cae867f72 libsmb: Fix CID 1127343 Dead default in switch
We have checked sec_channel_type a few lines above already

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
2013-11-11 21:04:08 +01:00
Stefan Metzmacher
2be39c1866 s3:libsmb: inline trust_pw_change_and_store_it() into trust_pw_find_change_and_store_it()
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-10-17 08:48:59 +13:00
Stefan Metzmacher
062df736fa s3:libsmb: remove unused change_trust_account_password()
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-10-17 08:48:58 +13:00
Günther Deschner
9813fe2b04 s3-rpc_cli: pass down ndr_interface_table to cli_rpc_pipe_open_noauth().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:30:00 +02:00
Stefan Metzmacher
9292e5b743 s3: use generate_random_password() instead of generate_random_str()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2013-02-04 17:14:22 +01:00
Stefan Metzmacher
1b04e54b57 s3:libsmb: s/Undefined/SMB_SIGNING_DEFAULT/
metze
2011-11-03 16:55:13 +01:00
Günther Deschner
16627ca313 s3-trustdomcache: make enumerate_domain_trusts() static.
Guenther
2011-11-02 16:59:32 +01:00
Andrew Bartlett
74eed8f3ed s3-param Remove special case for global_myname(), rename to lp_netbios_name()
There is no reason this can't be a normal constant string in the
loadparm system, now that we have lp_set_cmdline() to handle overrides
correctly.

Andrew Bartlett
2011-06-09 12:40:09 +02:00
Andrew Bartlett
5e26e94092 s3-talloc Change TALLOC_ZERO_ARRAY() to talloc_zero_array()
Using the standard macro makes it easier to move code into common, as
TALLOC_ZERO_ARRAY isn't standard talloc.
2011-06-09 12:40:08 +02:00
Günther Deschner
27022587e3 s3-libsmb: move protos to libsmb/proto.h
Guenther
2011-05-06 16:37:18 +02:00
Jeremy Allison
02af307585 More simple const fixes. 2011-05-05 23:56:07 +02:00
Günther Deschner
2f36ef7225 s3-passdb: add passdb.h where needed.
Guenther
2011-03-30 01:13:07 +02:00
Andreas Schneider
bf18403c81 s3-rpc_client: Move client pipe functions to own header. 2011-02-28 18:15:04 +01:00
Günther Deschner
fcaba0fb59 s3-libsmb: prefer dcerpc_lsa_X functions.
Guenther
2011-02-02 19:02:23 +01:00
Volker Lendecke
d096de56b1 s3: Remove unused "retry" from cli_full_connection 2010-12-20 17:10:58 +01:00
Volker Lendecke
09cccee273 s3: Remove some unused variables 2010-12-20 17:10:57 +01:00
Günther Deschner
c136b84f0d s3-secrets: only include secrets.h when needed.
Guenther
2010-08-05 10:12:25 +02:00
Günther Deschner
6625aada81 s3-libsmb: move change_trust_account_password out of smbd into libsmb.
Guenther
2010-06-30 21:46:08 +02:00
Andrew Bartlett
cba7f8b827 s3:dom_sid Global replace of DOM_SID with struct dom_sid
This matches the structure that new code is being written to,
and removes one more of the old-style named structures, and
the need to know that is is just an alias for struct dom_sid.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21 10:39:59 +02:00
Günther Deschner
230b880d14 s3-rpc_client: move protos to cli_lsarpc.h
Guenther
2010-05-18 21:42:41 +02:00
Günther Deschner
5ed3654112 s3-rpc_client: move protos to cli_netlogon.h
Guenther
2010-05-18 21:42:37 +02:00
Günther Deschner
3d679a3b5f s3-rpc: Avoid including every pipe's client and server stubs everywhere in samba.
Guenther
2009-11-26 20:03:17 +01:00
Jeremy Allison
5363d6e62c Ensure all callers to the rpc_client/cli_pipe functions correctly
initialize return variables.
Jeremy.
2009-11-12 13:56:33 -08:00