samba-mirror

mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00

Author	SHA1	Message	Date
Stefan Metzmacher	d8a6e6549c	CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: protect netr_ServerPasswordSet2 against unencrypted passwords BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>	2020-09-18 12:48:38 +00:00
Stefan Metzmacher	d3123858fb	CVE-2020-1472(ZeroLogon): libcli/auth: reject weak client challenges in netlogon_creds_server_init() This implements the note from MS-NRPC 3.1.4.1 Session-Key Negotiation: 7. If none of the first 5 bytes of the client challenge is unique, the server MUST fail session-key negotiation without further processing of the following steps. It lets ./zerologon_tester.py from https://github.com/SecuraBV/CVE-2020-1472.git report: "Attack failed. Target is probably patched." BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>	2020-09-18 12:48:38 +00:00
Stefan Metzmacher	53528c71ff	CVE-2020-1472(ZeroLogon): libcli/auth: add netlogon_creds_is_random_challenge() to avoid weak values This is the check Windows is using, so we won't generate challenges, which are rejected by Windows DCs (and future Samba DCs). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>	2020-09-18 12:48:38 +00:00
Stefan Metzmacher	74eb448adf	CVE-2020-1472(ZeroLogon): s4:rpc_server:netlogon: make use of netlogon_creds_random_challenge() This is not strictly needed, but makes things more clear. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>	2020-09-18 12:48:38 +00:00
Stefan Metzmacher	caba2d8082	CVE-2020-1472(ZeroLogon): s3:rpc_server:netlogon: make use of netlogon_creds_random_challenge() This is not strictly needed, but makes things more clear. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>	2020-09-18 12:48:38 +00:00
Stefan Metzmacher	46642fd32d	CVE-2020-1472(ZeroLogon): libcli/auth: make use of netlogon_creds_random_challenge() in netlogon_creds_cli.c This will avoid getting rejected by the server if we generate a weak challenge. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>	2020-09-18 12:48:38 +00:00
Stefan Metzmacher	355efadc6a	CVE-2020-1472(ZeroLogon): s4:torture/rpc: make use of netlogon_creds_random_challenge() This will avoid getting flakey tests once our server starts to reject weak challenges. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>	2020-09-18 12:48:38 +00:00
Stefan Metzmacher	b813cdcac3	CVE-2020-1472(ZeroLogon): libcli/auth: add netlogon_creds_random_challenge() It's good to have just a single isolated function that will generate random challenges, in future we can add some logic in order to avoid weak values, which are likely to be rejected by a server. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>	2020-09-18 12:48:38 +00:00
Björn Jacke	380938b00f	nt_printing_ads: add missing printShareName attribute when publishing printers Without printShareName attribute in LDAP, Windows doesn't list the pinters at all. BUG: https://bugzilla.samba.org/show_bug.cgi?id=9771 Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Sep 18 01:58:22 UTC 2020 on sn-devel-184	2020-09-18 01:58:22 +00:00
Björn Jacke	787d7756b9	cli_winreg_spoolss: handle also printer sharename BUG: https://bugzilla.samba.org/show_bug.cgi?id=9771 Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2020-09-18 00:35:40 +00:00
Björn Jacke	7651c02681	srv_spoolss_nt.c: fix wrong value in debug message Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2020-09-18 00:35:40 +00:00
Samuel Cabrero	ed625d6694	tests: Disable kerberos for weak crypto test Otherwise the test fails because the client is authenticated using spnego and gse_krb5, not triggering the weak crypto restrictions. Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Thu Sep 17 00:05:51 UTC 2020 on sn-devel-184	2020-09-17 00:05:51 +00:00
Samuel Cabrero	63b0d2dc76	selftest: set pid directory in client's smb.conf Set a pid file directory to avoid the following testparm error: ERROR: pid directory /usr/local/samba/var/run does not exist Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>	2020-09-16 22:45:38 +00:00
Samuel Cabrero	ebada816de	selftest: Create client directories in a loop Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>	2020-09-16 22:45:38 +00:00
Jeremy Allison	67498ffd78	s3: libsmb: Cleanup - in internal_resolve_name() only write the out parameters on success. All callers already correctly initialize them. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <noel.power@suse.com> Autobuild-User(master): Noel Power <npower@samba.org> Autobuild-Date(master): Tue Sep 15 11:33:35 UTC 2020 on sn-devel-184	2020-09-15 11:33:35 +00:00
Jeremy Allison	c1d39295fb	s3: Remove struct ip_service. --------------- / \ / REST \ / IN \ / PEACE \ / \ \| \| \| struct ip_service \| \| \| \| \| \| 9 August \| \| In the year of the \| \| pandemic \| \| 2020 \| \| * * \| * _________)/\\_//(\/(/\)/\//\/\////\|_)_______ Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>	2020-09-15 10:09:40 +00:00
Jeremy Allison	526fdaa747	s3: libsmb: namequery. Rename remove_duplicate_addrs2_sa() to remove_duplicate_addrs2() It's now the only function. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>	2020-09-15 10:09:40 +00:00
Jeremy Allison	d627ef1488	s3: libsmb: namequery.c: Remove unused remove_duplicate_addrs2(). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>	2020-09-15 10:09:40 +00:00
Jeremy Allison	5b6245d14b	s3: libsmb: namequery.c: Remove now unused internal_resolve_name() wrapper. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>	2020-09-15 10:09:40 +00:00
Jeremy Allison	a679c6c5a1	s3: libsmb: namequery.c: Remove now unused convert_ss2service(). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>	2020-09-15 10:09:40 +00:00
Jeremy Allison	7d37b8ba1b	s3: libsmb: namequery.c: Remove now unused ip_service_to_samba_sockaddr(). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>	2020-09-15 10:09:40 +00:00
Jeremy Allison	757934e864	3: libsmb: namequery: Convert _internal_resolve_name() -> internal_resolve_name() returning talloced samba_sockaddr arrays. Wrapper function internal_resolve_name() is now commented out, along with the now unused ip_service_to_samba_sockaddr() and convert_ss2service() functions. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>	2020-09-15 10:09:40 +00:00
Jeremy Allison	d3f6eccc98	s3: libsmb: namequery: Add utility function sockaddr_array_to_samba_sockaddr_array(). Not yet used. Will help convert _internal_resolve_name() to internal_resolve_name(). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>	2020-09-15 10:09:40 +00:00
Jeremy Allison	ef62fa93be	s3: libsmb: Rename prioritize_ipv4_list_sa() -> prioritize_ipv4_list() now it's the only use. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>	2020-09-15 10:09:40 +00:00
Jeremy Allison	5a2b5c74c9	s3: libsmb: Remove unused prioritize_ipv4_list(). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>	2020-09-15 10:09:40 +00:00
Jeremy Allison	e0d060c632	s3: libsmb: Tidy up the talloc heirarchy allocation in get_dc_list(). Always allocate the return_salist off the frame pointer. Only talloc_move() to return ctx on successful return. Cleans up a nasty else in the exit path that caused problems in the past - we can now always TALLOC_FREE(return_salist) without remembering if we need to return it. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>	2020-09-15 10:09:40 +00:00
Jeremy Allison	f03a6ef66b	s3: libsmb: Convert get_dc_list() to call internal_resolve_name() not _internal_resolve_name(). prioritize_ipv4_list() is no longer used. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>	2020-09-15 10:09:40 +00:00
Jeremy Allison	5b8f5971e0	s3: libsmb: Remove now unused internal functions ip_service_compare() and sort_service_list(). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>	2020-09-15 10:09:40 +00:00
Jeremy Allison	e6c581f0e1	s3: libsmb: Convert get_pdc_ip() to call internal_resolve_name() not _internal_resolve_name(). NB. sort_service_list() and ip_service_compare() are now no longer used so comment them out for removal. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>	2020-09-15 10:09:39 +00:00
Jeremy Allison	be85a463f4	s3: libsmb: Convert find_master_ip() to call internal_resolve_name() not _internal_resolve_name(). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>	2020-09-15 10:09:39 +00:00
Jeremy Allison	3b1542a1e9	s3: libsmb: Convert resolve_name_list() to call internal_resolve_name() not _internal_resolve_name(). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>	2020-09-15 10:09:39 +00:00
Jeremy Allison	178bd3847b	s3: libsmb: Convert resolve_name() to call internal_resolve_name() not _internal_resolve_name(). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>	2020-09-15 10:09:39 +00:00
Jeremy Allison	185f3027f0	s3: libsmb: Rename internal_resolve_name_sa() -> internal_resolve_name() That's now the only external interface to it. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>	2020-09-15 10:09:39 +00:00
Jeremy Allison	489102b044	s3: libsmb: Remove the internal_resolve_name() external interface. Change the internal version from internal_resolve_name() -> _internal_resolve_name(). Only external caller calls internal_resolve_name_sa(). After this we can rename internal_resolve_name_sa() back to internal_resolve_name() as all internal use in namequery.c is via _internal_resolve_name(). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>	2020-09-15 10:09:39 +00:00
Jeremy Allison	a8ec446d9d	s3: libsmb: Fix discover_dc_netbios() to call internal_resolve_name_sa(). All callers of internal_resolve_name() are now internal to namequery.c Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>	2020-09-15 10:09:39 +00:00
Jeremy Allison	fb8acf1717	s3: libsmb: Add internal_resolve_name_sa(). A wrapper for internal_resolve_name(). Not yet used. Now to fix the callers, and convert internal_resolve_name(). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <jra@samba.org>	2020-09-15 10:09:39 +00:00
Jeremy Allison	c5b1d4ffc5	s3: libsmb: Add prioritize_ipv4_list_sa(). Re-arranges a samba_sockaddr array in IPv4 preference. Not yet used so compiles but ifdef'ed out. Needed for conversion of internal_resolve_name(). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>	2020-09-15 10:09:39 +00:00
Jeremy Allison	5bb632006c	3: torture: Use remove_duplicate_addrs2_sa() instead of remove_duplicate_addrs2() in LOCAL-remove_duplicate_addrs2 test. Spoiler, still passes :-). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>	2020-09-15 10:09:39 +00:00
Jeremy Allison	1181e5e1fe	s3: libsmb: Add remove_duplicate_addrs2_sa() - uses samba_sockaddr. Not yet used, will be used when we migrate internal_resolve_name() to samba_sockaddr. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>	2020-09-15 10:09:39 +00:00
Jeremy Allison	1cb9611b7b	s3: libsmb: Convert internal function get_dc_list() to return a samba_sockaddr array. Callers now don't need to convert. Getting closer to making internal_resolve_name() return samba_sockaddr array. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <npower@samba.org> `	2020-09-15 10:09:39 +00:00
Jeremy Allison	b59de9e5ee	s3: libsmb: Rename get_sorted_dc_list_sa() -> get_sorted_dc_list(). Everyone now uses samba_sockaddr arrays. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <npower@samba.com>	2020-09-15 10:09:39 +00:00
Jeremy Allison	8ae5408d1f	s3: libsmb: Remove get_sorted_dc_list(). No longer used. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>	2020-09-15 10:09:39 +00:00
Jeremy Allison	ffed032bf0	s3: libsmb: Remove last caller of get_sorted_dc_list() from rpc_dc_name(). Now only get_sorted_dc_list_sa() left. Now we can remove get_sorted_dc_list() and rename get_sorted_dc_list_sa() back to get_sorted_dc_list(). One more external user of struct ip_service gone. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>	2020-09-15 10:09:38 +00:00
Jeremy Allison	cb5b69fb6f	s3: winbind: Fix get_dcs() to use get_sorted_dc_list_sa(). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>	2020-09-15 10:09:38 +00:00
Jeremy Allison	2a57e7ede3	s3: libads: Rename cldap_ping_list_sa() -> cldap_ping_list(). The old cldap_ping_list() is now gone. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>	2020-09-15 10:09:38 +00:00
Jeremy Allison	bef9ebd8c9	s3: libads: Remove cldap_ping_list(). No longer used. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>	2020-09-15 10:09:38 +00:00
Jeremy Allison	5a448e96ac	s3: libads: Make resolve_and_ping_dns() use get_sorted_dc_list_sa(). We no longer use cldap_ping_list(), comment it out for removal. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>	2020-09-15 10:09:38 +00:00
Jeremy Allison	6be32826d7	s3: libads: Make resolve_and_ping_netbios() use get_sorted_dc_list_sa(). Now we use cldap_ping_list_sa() so uncomment it. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>	2020-09-15 10:09:38 +00:00
Jeremy Allison	4b6fc2b034	s3: libads: Add an alternate version of cldap_ping_list() that takes an array of samba_sockaddrs. Preparing for get_sorted_dc_list() returning such an array. ifdef'ed out as not yet used. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>	2020-09-15 10:09:38 +00:00
Jeremy Allison	1fb56f3f4f	s3: utils: Make net_lookup_dc() use get_sorted_dc_list_sa(). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>	2020-09-15 10:09:38 +00:00

1 2 3 4 5 ...

123373 Commits