1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

36614 Commits

Author SHA1 Message Date
David Mulder
c96347f293 s4:torture: Convert samba4.base.vuid test to smb2
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Noel Power <noel.power@suse.com>
2020-06-24 20:50:24 +00:00
David Mulder
fc9f64184e s4:torture: Convert samba4.base.secleak test to smb2
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Noel Power <noel.power@suse.com>
2020-06-24 20:50:24 +00:00
David Mulder
e32f4602ed Add python binding for DATADIR build path
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2020-06-23 16:32:30 +00:00
David Mulder
a9d1ccc569 gpo: Run Group Policy Scripts
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2020-06-23 16:32:30 +00:00
Christof Schmitt
315271f81f source4/smb_server: Use NT_STATUS_PENDING instead of STATUS_PENDING
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-06-22 12:07:38 +00:00
Christof Schmitt
7fe581874a source4/libcli: Use NT_STATUS_PENDING instead of STATUS_PENDING
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-06-22 12:07:38 +00:00
Christof Schmitt
0a877e9b47 smbtorture: Use NT_STATUS_PENDING instead of STATUS_PENDING
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-06-22 12:07:38 +00:00
Christof Schmitt
73d452305f ntvfs: Use NT_STATUS_NOTIFY_ENUM_DIR instead of STATUS_NOTIFY_ENUM_DIR
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-06-22 12:07:38 +00:00
Christof Schmitt
eec333daf4 smbtorture: Use NT_STATUS_NOTIFY_ENUM_DIR instead of STATUS_NOTIFY_ENUM_DIR
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-06-22 12:07:38 +00:00
Christof Schmitt
85380ab9da torture: Use NT_STATUS_NOTIFY_CLEANUP instead of STATUS_NOTIFY_CLEANUP
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-06-22 12:07:37 +00:00
Andreas Schneider
53e3a959b9 s3:lib:tls: Use better priority lists for modern GnuTLS
We should use the default priority list. That is a good practice,
because TLS protocol hardening and phasing out of legacy algorithms,
is easier to co-ordinate when happens at a single place. See crypto
policies of Fedora.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14408

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jun 17 17:42:02 UTC 2020 on sn-devel-184
2020-06-17 17:42:02 +00:00
Andreas Schneider
e7204f3c9e s4:torture: Make sure that ctx is initialized to NULL
If we go to done and call smbc_free_context() the pointer should be
initialized.

Found by clang.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
2020-06-16 09:08:34 +00:00
Douglas Bagnall
d827392f2a replmd: slightly clarify a comment
it has been a long time since we introduced "control", so lets remind
ourselves which control it was.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Jun 13 06:50:12 UTC 2020 on sn-devel-184
2020-06-13 06:50:11 +00:00
Douglas Bagnall
0f6c8a75e6 dsdb/mod/acl_util: do not deref NULL sd_flags control
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-06-13 05:25:31 +00:00
Isaac Boukris
7655a0298e db-glue.c: set forwardable flag on cross-realm tgt tickets
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14233

Match Windows behavior and allow the forwardable flag to be
set in cross-realm tickets. We used to allow forwardable to
any server, but now that we apply disallow-forwardable policy
in heimdal we need to explicitly allow in the corss-realm case
(and remove the workaround we have for it the MIT plugin).

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jun 12 22:10:34 UTC 2020 on sn-devel-184
2020-06-12 22:10:34 +00:00
Isaac Boukris
fb7dfdbe8f selftest: test forwardable flag in cross-realm with s4u2proxy
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-06-12 20:42:38 +00:00
Isaac Boukris
9b302a57ff selftest: test forwardable flag in cross-realm tgt tickets
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14233

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-06-12 20:42:38 +00:00
Isaac Boukris
8fdff19c54 heimdal: apply disallow-forwardable on server in TGS request
upstream commit: 839b073facd2aecda6740224d73e560bc79965dc

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14233

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-06-12 20:42:38 +00:00
Isaac Boukris
6095a4f0d5 kdc: allow checksum of PA-FOR-USER to be HMAC_MD5
even if the tgt session key uses different hmac.

Per [MS-SFU] 2.2.1 PA-FOR-USER the checksum is
always HMAC_MD5, and that's what windows 7 client
and MIT client send.

In heimdal both the client and kdc use the checksum of
the tgt key instead and therefore work with each other
but windows and MIT clients fail against heimdal KDC.

Windows KDC allows either checksum (HMAC_MD5 or from
tgt) so we should do the same to support all clients.

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 11 02:48:58 UTC 2020 on sn-devel-184
2020-06-11 02:48:58 +00:00
Stefan Metzmacher
05e1417396 s4:torture:smb2: use delete-on-close in test_rw_invalid()
We test the limits here and leave a 16TB file with zeros.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14361

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jun  5 13:17:55 UTC 2020 on sn-devel-184
2020-06-05 13:17:55 +00:00
Björn Baumbach
d72a512e0f pyauth: add python binding for auth_session_info_set_unix()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14400

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-06-05 10:32:31 +00:00
Björn Baumbach
bde136a280 s4-auth/unix_token: add new function auth_session_info_set_unix()
Used to fill the unix info in a struct auth_session_info similar to
auth_session_info_fill_unix().

The new auth_session_info_set_unix() receives the uid and gid for
the unix token as an parameter. It does not query the unix token from
winbind (via security_token_to_unix_token()).
This is useful to fill a user session info manually if winbind is not
available.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14400

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-06-05 10:32:31 +00:00
Björn Baumbach
d159b4c0a5 s4-auth/unix_token: separate out filling the unix_info elements in a struct session_info
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14400

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-06-05 10:32:31 +00:00
Samuel Cabrero
72f73efd7f librpc: core: Move the s4 handles implementation to the RPC server core
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-05-24 23:55:36 +00:00
Samuel Cabrero
ebdacf187d selftest: Add test for handle types
The test is written for SAMR, but as the handle type is verified by the
server core library it also applies to other RPC services.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-05-24 23:55:36 +00:00
Andreas Schneider
55cbdac15e selftest: Run some tests against ad_member_fips
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2020-05-18 14:43:40 +00:00
Michael Adam
dbfc197f65 s4/torture: Unlink test file at the beginning of smb2.read.position
Pair-Programmed-With: Anoop C S <anoopcs@redhat.com>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri May 15 16:02:47 UTC 2020 on sn-devel-184
2020-05-15 16:02:47 +00:00
Isaac Boukris
8b5e764413 selftest: add python S4U2Self tests including unkeyed checksums
To test the CRC32 I reverted the unkeyed-checksum fix (43958af1)
and the weak-crypto fix (389d1b97). Note that the unkeyed-md5
still worked even with weak-crypto disabled, and that the
unkeyed-sha1 never worked but I left it anyway.

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri May 15 12:25:40 UTC 2020 on sn-devel-184
2020-05-15 12:25:40 +00:00
Isaac Boukris
19875a3731 Revert "CVE-2018-16860 selftest: Add test for S4U2Self with unkeyed checksum"
This reverts commit 5639e973c1.

This is no longer needed as the next commit includes a Python
test for this, without the complexity of being inside krb5.kdc.canon.

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-05-15 10:27:41 +00:00
Isaac Boukris
b5adc11277 Revert "selftest: mitm-s4u2self: use zlib for CRC32_checksum calc"
This reverts commit 151f8c0f31.

This allows a clean revert (and so removal) of the test.

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-05-15 10:27:41 +00:00
Isaac Boukris
ce65e8979d Revert "selftest: allow any kdc error in mitm-s4u2self test"
This reverts commit a53fa8ffe3.

This allows a clean revert (and so removal) of the test.

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-05-15 10:27:41 +00:00
Andrew Bartlett
004e7a1fee s4/rpc_server/dnsserver: Allow parsing of dnsProperty to fail gracefully
On (eg) the

DC=_msdcs.X.Y,CN=MicrosoftDNS,DC=ForestDnsZones,DC=X,DC=Y

record, in domains that have had a Microsoft Windows DC an attribute:

dNSProperty:: AAAAAAAAAAAAAAAAAQAAAJIAAAAAAAAA

000000 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00  >................<
000010 92 00 00 00 00 00 00 00                          >........<
000018

We, until samba 4.12, would parse this as:

pull returned Success
    dnsp_DnsProperty: struct dnsp_DnsProperty
        wDataLength              : 0x00000000 (0)
        namelength               : 0x00000000 (0)
        flag                     : 0x00000000 (0)
        version                  : 0x00000001 (1)
        id                       : DSPROPERTY_ZONE_NS_SERVERS_DA (146)
        data                     : union dnsPropertyData(case 0)
        name                     : 0x00000000 (0)
dump OK

However, the wDataLength is 0.  There is not anything in
[MS-DNSP] 2.3.2.1 dnsProperty to describe any special behaviour
for when the id suggests that there is a value, but wDataLength is 0.

https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dnsp/445c7843-e4a1-4222-8c0f-630c230a4c80

We now fail to parse it, because we expect an entry with id DSPROPERTY_ZONE_NS_SERVERS_DA
to therefore have a valid DNS_ADDR_ARRAY (section 2.2.3.2.3).

As context we changed it in our commit fee5c6a424
because of bug https://bugzilla.samba.org/show_bug.cgi?id=14206
which was due to the artificial environment of the fuzzer.

Microsoft advises that Windows also fails to parse this, but
instead of failing the operation, the value is ignored.

Reported by Alex MacCuish.  Many thanks for your assistance in
tracking down the issue.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14310

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri May 15 07:29:17 UTC 2020 on sn-devel-184
2020-05-15 07:29:16 +00:00
Ralph Boehme
f0df11ce9d s4/torture: add a *real* root_dir_fid test
raw.samba3rootdirfid tests with the share root directory as root_dir_fid handle,
that doesn't cover the case where the relative name has more then one path
component. It only works because in unix_convert() we run into the creating file
optimasation.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14380

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-05-14 18:07:39 +00:00
Andreas Schneider
ab70153c20 testprogs: Add 'net ads join' test for fips
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu May 14 14:27:26 UTC 2020 on sn-devel-184
2020-05-14 14:27:26 +00:00
Stefan Metzmacher
54de0e4a3e s4:torture: add tests to test the SMB2 read/write offset/length boundaries
[MS-FSA] 2.1.5.2 Server Requests a Read and
2.1.5.3 Server Requests a Write define some contraints.

These tests demonstrate that ((int64_t)offset) < 0) is
not allowed for both reads and writes for SMB.
Also the special case for writes at offset -2 is not possible
nor the append mode with offset < 0.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14361

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-05-12 19:53:43 +00:00
Ralph Boehme
2ace545a63 s4/torture: reproducer for bug 14375
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14375

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2020-05-12 18:15:30 +00:00
Gary Lockyer
e907f002a7 Fix clang 9 for-loop-analysis warnings
Review-note: The for loop increment operation was changed and the
             trailing i++ was removed from the loop body.
             The resulting for statement is equivalent to the original

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri May  8 11:16:18 UTC 2020 on sn-devel-184
2020-05-08 11:16:18 +00:00
Gary Lockyer
8c17b6f82f Fix clang 9 format-nonliteral warnings
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-05-08 09:31:31 +00:00
Gary Lockyer
13a2f70a4d Fix clang 9 missing-field-initializer warnings
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-05-08 09:31:31 +00:00
Gary Lockyer
d55812e4ee Fix clang 9 enum-conversion warnings
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-05-08 09:31:31 +00:00
Gary Lockyer
5e44b7cdfc Fix clang 9 constant-conversion warnings
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-05-08 09:31:31 +00:00
Gary Lockyer
fa8332780d Fix clang 9 logical-not-parentheses warnings
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-05-08 09:31:31 +00:00
Gary Lockyer
79b371da80 s4 ldap_server: modernize debug calls
Replace DEBUG(0 with DBG_ERR(

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
2020-05-06 21:15:42 +00:00
Amitay Isaacs
93408f60cb lib/messaging: Move messages_dgm out of source3
... so CTDB can also use it.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2020-05-06 00:06:40 +00:00
Jeremy Allison
9881c3f9ab s4: torture: Add an SMB1-specific open root of share with @GMT-path test - base.smb1-twrp-openroot
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-05-05 19:18:43 +00:00
Jeremy Allison
2b8ea97709 s4: torture: Add smb2.twrp.openroot test.
Opens the root of a share over SMB2 with a zero-length
filename and a timewarp token.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-05-05 19:18:43 +00:00
Volker Lendecke
d0deaf90e5 torture4: Move a variable declaration closer to its use
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-05-05 11:48:38 +00:00
Andrew Bartlett
906aa7ddb8 CVE-2020-10700: dsdb: Do not permit the ASQ control for the GUID search in paged_results
ASQ is a very strange control and a BASE search can return multiple results
that are NOT the requested DN, but the DNs pointed to by it!

Thanks to Andrei Popa <andrei.popa@next-gen.ro> for finding,
reporting and working with us to diagnose this issue!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14331

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Mon May  4 10:14:28 UTC 2020 on sn-devel-184
2020-05-04 10:14:28 +00:00
Andrew Bartlett
5603d26770 CVE-2020-10700: dsdb: Add test for ASQ and ASQ in combination with paged_results
Thanks to Andrei Popa <andrei.popa@next-gen.ro> for finding,
reporting and working with us to diagnose this issue!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14331

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-05-04 08:19:41 +00:00
Gary Lockyer
3149ea0a8a CVE-2020-10704: libcli ldap_message: Add search size limits to ldap_decode
Add search request size limits to ldap_decode calls.

The ldap server uses the smb.conf variable
"ldap max search request size" which defaults to 250Kb.
For cldap the limit is hard coded as 4096.

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-05-04 02:59:32 +00:00