1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

2489 Commits

Author SHA1 Message Date
Volker Lendecke
c2387f13c6 selftest: Adapt libsmbclient.readdirplus2 to unix extensions
A few lines above the mode check we created a file with mode
0666. With unix exensions we expect this back 1:1, without them the
server changes them on the fly.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-03-03 17:48:38 +00:00
Volker Lendecke
c2e012fe11 libsmb: Use posix result in SMBC_readdirplus2_ctx
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-03-03 17:48:37 +00:00
Volker Lendecke
890c94d585 libsmb: Implement SMB_FIND_FILE_UNIX_INFO2 dir listing
This keeps the original SMB_STRUCT_STAT coming from posix as part of
struct file_info. It is a slight waste of space, as the timestamps are
kept twice, but having a full SMB_STRUCT_STAT with the nlink!=0
validity check makes thinking about which mode/size/etc is the correct
one a no-brainer. We can save space later by referencing only one set
of time stamps for example.

This for the time fixes readdirplus2, but for the wrong reason: We don't yet
create files the "proper" way using posix create.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-03-03 17:48:37 +00:00
Volker Lendecke
cb37caaa56 selftest: Run libsmbclient with and without unix extensions
The libsmbclient readdir tests are broken just for the unix extension
case. For example they assume our "map archive" behaviour. This will
have to be parameterized once unix extensions become better
implemented in libsmbclient

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Feb 27 19:34:36 UTC 2020 on sn-devel-184
2020-02-27 19:34:36 +00:00
Volker Lendecke
ac65874ef4 selftest: Factor out smbtorture4testsuite_cmdarray()
This will be used in the libsmbclient tests soon

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-02-27 18:07:29 +00:00
Volker Lendecke
e4f399126e selftest: Assemble smbtorture arguments as a list
I'm planning to mess with libsmbclient tests calling into
smbtorture4. For this it will be much more convenient to have the
arguments available as a higher-level data structure than just a
string.

Checked by "diff" on the testlist before and after -- no change.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-02-27 18:07:29 +00:00
Volker Lendecke
ce3b594a22 selftest: Remove an obsolete knownfail entry
Since ae76d21834 this is not run anymore

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-02-27 18:07:29 +00:00
Gary Lockyer
2f8c3b6226 idl: drsuapi_DsaAddressListItem_V1 limit recursion
Limit number of drsuapi_DsaAddressListItem_V1 elements to 1024

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19820
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14254

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-02-27 01:02:32 +00:00
Gary Lockyer
23d285d349 librpc ndr: Stack-overflow in ndr_pull_drsuapi_DsaAddressListItem_V1
Reproducer for oss-fuzz Issue 19280

Project: samba
Fuzzing Engine: libFuzzer
Fuzz Target: fuzz_ndr_drsuapi_TYPE_OUT
Job Type: libfuzzer_asan_samba
Platform Id: linux

Crash Type: Stack-overflow
Crash Address: 0x7ffcb4cc2ff8
Crash State:
  ndr_pull_drsuapi_DsaAddressListItem_V1

Sanitizer: address (ASAN)

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19280
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14254

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-02-27 01:02:32 +00:00
Volker Lendecke
51551e0d53 libsmb: Pass the correct path to cli_posix_stat()
This fixes doing strlen() on talloc_tos(), about which valgrind is pretty
unhappy. Without this patch we survive the tests because we have fallbacks to
the non-posix flavors of stat(). With this patch in place cli_posix_stat()
becomes functional in this code path. This creates conflicts with the readdir
libsmbclient tests, which need fixing separately.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14101

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-02-25 23:23:39 +00:00
Andreas Schneider
8a87fdb4a7 lib:util: Add test to verify old and new macros are the same
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-02-21 02:09:33 +00:00
Andreas Schneider
3d8680e6a8 lib:util: Add bytearray.h
This is an implementation which doesn't have undefined behavior
problems. It casts correctly that calculations are don in the correct
integer space. Also the naming is less confusing than what we have in
byteorder.h.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-02-21 02:09:33 +00:00
Volker Lendecke
aebe427b77 smbd: Separate aio_pthread indicator from normal EINTR
According to Posix and the Linux open(2) manpage, the open-syscall can
return EINTR. If that happens, core smbd saw this as an indication
that aio_pthread's open function was doing its job. With a real EINTR
without aio_pthread this meant we ended up in a server_exit after 20
seconds, because there was nobody to do the retry.

EINTR is mapped to NT_STATUS_RETRY. Handle this by just retrying after
a second.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14285
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Feb 20 22:14:25 UTC 2020 on sn-devel-184
2020-02-20 22:14:25 +00:00
Volker Lendecke
7bbba73b30 test: Show that smbd does not handle EINTR from open() correctly
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14285
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-02-20 20:48:29 +00:00
Martin Schwenke
dc0150801c selftest:clusteredmember: Build a unclist for every share
This is fairly cheap and it is simple to do.  This allows the Python
code to be able to specify a unclist quite simply.  The level of
coupling doesn't seem worse than anything else in the
selftest/autobuild code.

There may be cleverer ways of doing this (e.g. a wrapper in
testprogs/blackbox/clusteredmember_smbtorture or similar) but cleverer
code isn't necessarily better code... and they'll probably involve
code duplication.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
2020-02-19 09:38:40 +00:00
Michael Adam
5ff7e2f213 selftest:Samba3: add a clusteredmember environment
Allow running tests against a CTDB setup, thereby covering the
dbrwap_ctdb->ctdb stack in real SMB tests.

Sets up a 3 node cluster.

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Martin Schwenke <martin@meltin.net>
2020-02-19 09:38:40 +00:00
Volker Lendecke
bb85a710e2 selftest: Split up a long line
We'll add another argument soon

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2020-02-19 09:38:40 +00:00
Martin Schwenke
822604a112 selftest: net command needs to think it is root in clustered case
So just run it "as root" all the time.

Something similar is already done for other things in
Samba3::provision(), such as running smbpasswd in
Samba3::createuser().

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
2020-02-19 09:38:40 +00:00
Volker Lendecke
c779dfe70f selftest: Allow passing fork_and_exec()'s child_cleanup
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2020-02-19 09:38:40 +00:00
Volker Lendecke
154d7c8eaf selftest: Convert Samba3::check_or_start() to named parameters
Another parameter will be added soon.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2020-02-19 09:38:40 +00:00
Volker Lendecke
ff5dd4bb4f selftest: Parameterize clean up in the child process
Default to closing the write end of the parent->child pipe.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2020-02-19 09:38:40 +00:00
Martin Schwenke
586189ab69 selftest: Fix an uninitialised variable warning.
If $nmbd is not "yes" then this can result in a warning.

Introduced in commit 676261fa08.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
2020-02-19 09:38:40 +00:00
Volker Lendecke
4cd28d736a selftest: Fix a warning message
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2020-02-19 09:38:39 +00:00
Volker Lendecke
2a54c03af7 selftest: Add "share_dir" as an argument to Samba3::provision()
Default to the previous value

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2020-02-19 09:38:39 +00:00
Volker Lendecke
7598b9069d selftest: Allow "netbios name" to be overriden in Samba3::provision()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2020-02-19 09:38:39 +00:00
Andreas Schneider
e2ea059e67 s3:tests: Add test for a dropbox with dir mode 0733
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Feb 18 21:07:44 UTC 2020 on sn-devel-184
2020-02-18 21:07:44 +00:00
Andreas Schneider
b9ab8bf7a9 s3:tests: Add smbclient test for 'force create mode = 0664'
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Feb 14 20:16:04 UTC 2020 on sn-devel-184
2020-02-14 20:16:04 +00:00
Andrew Bartlett
f231a072d5 s4-auth: Allow simple bind login of a user with an @ in the samAccountName
LDAP Simple BIND authentications have already been mapped to a
DOMAIN\username pair and should not be mapped twice.

This appears to be a regression in 09e24ce40f
included in Samba 4.7.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13598

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>

Autobuild-User(master): Isaac Boukris <iboukris@samba.org>
Autobuild-Date(master): Fri Feb 14 17:13:33 UTC 2020 on sn-devel-184
2020-02-14 17:13:33 +00:00
Andrew Bartlett
8fbdff5c3d auth/credentials: Test connecting to LDAP with a "virtual user" style account
This type of account is often used by e-mail hosting platforms
that do not wish to create an AD domain for each DNS domain that
they host mail for.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13598

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
2020-02-14 15:47:41 +00:00
Gary Lockyer
490bbb96b9 libprc ndr tests: Fix ndrdump test ntlmssp_CHALLENGE_MESSAGE
Fix the expected data in fuzzed_ntlmssp-CHALLENGE_MESSAGE.txt, as it
contained source code line numbers.

Andrew this test needs to be altered to us a regular expression and
remove the dependency on source line numbers.

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20083
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14236

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-02-07 08:53:40 +00:00
Gary Lockyer
14182350f8 librpc ndr: ndr_pull_advance check for unsigned overflow.
Handle uint32 overflow in ndr_pull_advance

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20083
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14236

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-02-07 08:53:40 +00:00
Gary Lockyer
d1277f4d02 librpc ndr tests: Unsigned overflow in ndr_pull_advance
Check that uint32 overflow is handled correctly by ndr_pull_advance.

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20083
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14236

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-02-07 08:53:40 +00:00
Gary Lockyer
6d05fb3ea7 librpc ndr: NDR_PULL_ALIGN check for unsigned overflow
Handle uint32 overflow in NDR_PULL_ALIGN

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20083
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14236

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-02-07 08:53:40 +00:00
Gary Lockyer
46edde8647 librpc ndr tests: uint32 overflow in NDR_PULL_ALIGN
Check that uint32 overflow is handled correctly by NDR_NEED_BYTES.

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20083
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14236

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-02-07 08:53:40 +00:00
Gary Lockyer
ae6927e4f0 librpc ndr: Heap-buffer-overflow in lzxpress_decompress
Reproducer for oss-fuzz Issue 20083

Project: samba
Fuzzing Engine: libFuzzer
Fuzz Target: fuzz_ndr_drsuapi_TYPE_OUT
Job Type: libfuzzer_asan_samba
Platform Id: linux

Crash Type: Heap-buffer-overflow READ 1
Crash Address: 0x6040000002fd
Crash State:
  lzxpress_decompress
    ndr_pull_compression_xpress_chunk
      ndr_pull_compression_start

Sanitizer: address (ASAN)

Recommended Security Severity: Medium

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20083
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14236

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-02-07 08:53:40 +00:00
Andrew Bartlett
d3b385d596 source4/scripting/bin: Swap machine account password scripts
I regularly get requests for my simple script to print the
password from the secrets.tdb (or secrets.ldb on the AD DC).

This removes the old script that only reads the secrets.ldb.

Neither new nor old script has tests, however it seems
better to have it in the tree where it can be found rather
that me digging it out of my outbound e-mail.

Originally posted here:
 https://lists.samba.org/archive/samba/2017-November/212362.html

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-02-06 14:57:42 +00:00
Stefan Metzmacher
7d1b560804 selftest: create a pcap file for the environment setup
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-02-06 14:57:42 +00:00
Stefan Metzmacher
f182c9a36b selftest: create pcap files for invidual env services
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-02-06 14:57:42 +00:00
Stefan Metzmacher
4effc5585e selftest: move {setup,cleanup}_pcap() to selftest/target/Samba.pm
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-02-06 14:57:42 +00:00
Stefan Metzmacher
c48ae9cf4d selftest: force LC_ALL=en_US.utf8 LANG=en_US.utf8
That makes sure we have the same as on gitlab runners
(see bootstrap/config.py).

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-02-06 14:57:41 +00:00
Stefan Metzmacher
590df382be s3:auth_sam: map an empty domain or '.' to the local SAM name
When a domain member gets an empty domain name or '.', it should
not forward the authentication to domain controllers of
the primary domain.

But we need to keep passing UPN account names with
an empty domain to the DCs as a domain member.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-02-05 16:30:42 +00:00
Stefan Metzmacher
a9eeea6ef7 s3:selftest: test authentication with an empty userdomain and upn names
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-02-05 16:30:42 +00:00
Douglas Bagnall
4258f805f4 selftest: simplify logic in setup_env
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-02-04 05:13:40 +00:00
Douglas Bagnall
131bfc8ce2 selftest: avoid comparison against undefined value
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-02-04 05:13:40 +00:00
Douglas Bagnall
7334d575a9 selftest/target/samba: do not look for undef environment
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-02-04 05:13:40 +00:00
Douglas Bagnall
d087f74d45 selftest/target/samba: add missing methods
These methods are being called but have not been provided.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-02-04 05:13:40 +00:00
Douglas Bagnall
213e237e39 selftest/s3: prefer empty string over undef to add nothing to config
To fix a warning.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-02-04 05:13:40 +00:00
Douglas Bagnall
e50c5b80bf selftest/s3: actually close parent copy of smbd's STDIN
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-02-04 05:13:40 +00:00
Douglas Bagnall
314b59fbef selftest/s4: remove illegal function signature
The character ':' has no meaning in function signatures. Perhaps ';' was
intended, which would have marked the later arguments as optional --
which is the default with no signature. All callers always provide all
the arguments anyway.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-02-04 05:13:40 +00:00
Douglas Bagnall
18efb47a8f selftest/s4: don't put pcap file in / by default
If the SOCKET_WRAPPER_PCAP_DIR is not defined, let's assume it wasn't
wanted rather than choosing /.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-02-04 05:13:40 +00:00
Douglas Bagnall
7a65a26a2f selftest/s4: properly initialise an empty hash
The '%ret = {}' construction was bad because '{}' is a hash-ref, which
counts as a single scalar value, but a true hash like '%ret' must be
initialised with an even number of scalar values (usually in pairs, like
'($a => $b, $c => $d)').

I think this meant %ret was initialised as something harmless like
'(<HASH(0x55ce39781278)> => undef)'.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-02-04 05:13:39 +00:00
Douglas Bagnall
6c4ee5282e selftest: avoid redeclaring perl variables
None of these ones are doing any harm, we just want to silence these
warnings.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-02-04 05:13:39 +00:00
Douglas Bagnall
467abee4ee selftest/target/samba: avoid overwriting $pkinitdir
We were declaring the same variable twice with two different paths,
"$cadir/Users/$pkinitprincipalname" here and
"$ctx->{prefix_abs}/pkinit" about 5 lines down.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-02-04 05:13:39 +00:00
Douglas Bagnall
8f17d48163 selftest: enable perl warnings
After this we will see more noise with each test run, and these
warnings will be addressed in following commits.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-02-04 05:13:39 +00:00
David Mulder
1bb16ff4e2 s4:torture: Convert samba4.base.charset test to smb2
The partial surrogate test is known to fail (in
both smb1 and smb2).

Signed-off-by: David Mulder <dmulder@suse.com>
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Thu Jan 30 12:05:13 UTC 2020 on sn-devel-184
2020-01-30 12:05:13 +00:00
Volker Lendecke
3f0e0ee274 selftest: Exit skipped daemons on close(STDIN)
Without this, teardown_env() will take ages for environments with
skipped daemons

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jan 29 11:06:53 UTC 2020 on sn-devel-184
2020-01-29 11:06:53 +00:00
Volker Lendecke
5bc5b681c0 selftest: Close STDIN_PIPE's write end for skipped daemons
Without this, any environment that skips any daemon will not shut down
properly. If a copy of a pipe's write end remains, closing one of them
won't cause the read end to be readable, i.e. the daemons waiting for
that won't exit properly.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-01-29 09:36:27 +00:00
Volker Lendecke
f9173c18a6 selftest: Convert Samba3::provision() to named parameters
9 positional parameters is a bit too much for easy overview

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2020-01-27 14:27:33 +00:00
Volker Lendecke
26da6f562b selftest: Factor out create_file_chmod()
24 lines less perl :-)

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2020-01-27 14:27:33 +00:00
Andreas Schneider
6a10ab3f10 selftest: Make 'Samba Users' the primary group of joe
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2020-01-24 15:46:42 +00:00
Andreas Schneider
227a8a1131 selftest: Add a group 'Samba Users'
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2020-01-24 15:46:42 +00:00
Andreas Schneider
b4a4adebd9 selftest: Add user joe
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2020-01-24 15:46:42 +00:00
Volker Lendecke
0a77890bbc testenv: No "mktemp" for in_screen
We don't use this

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-01-21 14:38:44 +00:00
Volker Lendecke
823e4de309 testenv: Simplify "in_screen"
We don't need "seq", bash can do that itself, and we assume bash here

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-01-21 14:38:44 +00:00
Volker Lendecke
1ca1c60198 testenv: Properly kill daemons
Without this, all the daemons were kept around

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-01-21 14:38:43 +00:00
Volker Lendecke
4f1e4f9ce3 testenv: Be more careful deleting environment tmpfiles
If there is more than one server we will have for example nt4_dc.smbd,
nt4_dc.nmbd and nt4_dc.winbind as daemon environments, together with
the commandline environment "nt4_dc" coming last. Before this patch we
would have deleted all previous tmpfiles in the commandline environment.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-01-21 14:38:43 +00:00
Andrew Bartlett
2b1828276b CVE-2019-14902 dsdb: Change basis of descriptor module deferred processing to be GUIDs
We can not process on the basis of a DN, as the DN may have changed in a rename,
not only that this module can see, but also from repl_meta_data below.

Therefore remove all the complex tree-based change processing, leaving only
a tree-based sort of the possible objects to be changed, and a single
stopped_dn variable containing the DN to stop processing below (after
a no-op change).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2020-01-21 10:11:38 +00:00
Andrew Bartlett
b7030f9a8b CVE-2019-14902 repl_meta_data: Set renamed = true (and so do SD inheritance) after any rename
Previously if there was a conflict, but the incoming object would still
win, this was not marked as a rename, and so inheritence was not done.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2020-01-21 10:11:38 +00:00
Andrew Bartlett
4c62210098 CVE-2019-14902 repl_meta_data: Fix issue where inherited Security Descriptors were not replicated.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2020-01-21 10:11:38 +00:00
Andrew Bartlett
d64670bab8 CVE-2019-14902 selftest: Add test for a special case around replicated renames
It appears Samba is currently string-name based in the ACL inheritence code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2020-01-21 10:11:38 +00:00
Andrew Bartlett
7b19e221ae CVE-2019-14902 selftest: Add test for replication of inherited security descriptors
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2020-01-21 10:11:38 +00:00
Günther Deschner
0a76a7c3c2 s4-torture: add test for spoolss AddPerMachineConnection
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-01-08 23:51:30 +00:00
Volker Lendecke
40ecc2f6f0 lib: Fix contending with a READ lock
When contending a WRITE with an existing READ, the contender puts
himself into the exclusive slot, waiting for the READers to go
away. If the async lock request is canceled before we got the lock, we
need to remove ourselves again. This is done in the destructor of the
g_lock_lock_state. In the successful case, the destructor needs to go
away.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Dec 22 18:57:17 UTC 2019 on sn-devel-184
2019-12-22 18:57:17 +00:00
Volker Lendecke
12638d48a6 torture3: Add a test that contends with a READ, not a WRITE lock
This walks different code paths in the subsequent locker. And the one
that we did not test so far is in fact buggy

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-12-22 17:29:28 +00:00
Andrew Bartlett
a85d257c1e librpc: Do not access name[-1] trying to push "" into a dnsp_name
This simply matches the behaviour from before e7b1acaddf
when the logic for a trailing . was added.  This matches what is added in
the dnsRecord attribute for a name of "." over the dnsserver RPC
management interface and is based on what Windows does for that name
in (eg) an MX record.

No a security bug because we use talloc and so name will be just the
end of the talloc header.

Credit to OSS-Fuzz

Found using the fuzz_ndr_X fuzzer

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Dec 20 11:33:52 UTC 2019 on sn-devel-184
2019-12-20 11:33:52 +00:00
Andrew Bartlett
16557e4480 selftest: Confirm parse of dnsProperty records
This confirms a name of "." will round-trip correctly.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2019-12-20 10:09:34 +00:00
Gary Lockyer
0bd479140c upgradedns: ensure lmdb lock files linked
Ensure that the '-lock' files for the dns partitions as well as the data
files are linked when running
  samba_dnsupgrade --dns-backend=BIND9_DLZ
failure to create these links can cause corruption of the corresponding
data file.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14199

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-20 07:35:41 +00:00
Gary Lockyer
f0cebbe4dd test upgradedns: ensure lmdb lock files linked
Add tests to check that the '-lock' files for the dns partitions as well as
the data files are linked when running
    samba_dnsupgrade --dns-backend=BIND9_DLZ
failure to create these links can cause corruption of the corresponding
data file.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14199

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-20 07:35:41 +00:00
Ralph Boehme
1cf2397226 selftest: don't use NTVFS fileserver in chgdcpass
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Dec 20 07:34:42 UTC 2019 on sn-devel-184
2019-12-20 07:34:42 +00:00
Ralph Boehme
2e5188f520 selftest: don't use NTVFS fileserver in rodc
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-12-20 06:08:41 +00:00
Ralph Boehme
629254ec5b selftest: don't use NTVFS fileserver in fl2008r2dc
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-12-20 06:08:41 +00:00
Ralph Boehme
3518151cb2 selftest: don't use NTVFS fileserver in fl2003dc
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-12-20 06:08:41 +00:00
Ralph Boehme
bd141ead0d selftest: don't use NTVFS fileserver in fl2000dc
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-12-20 06:08:41 +00:00
Ralph Boehme
fbcf1ab708 selftest: don't use NTVFS fileserver in vampire_dc
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-12-20 06:08:40 +00:00
Ralph Boehme
db24892d0e selftest: don't use NTVFS fileserver in promoted_dc
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-12-20 06:08:40 +00:00
Ralph Boehme
01141d06af selftest: make fl2008dc an alias for ad_dc, not ad_dc_ntvfs
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-12-20 06:08:40 +00:00
Ralph Boehme
bba0cafa95 selftest: make ad_dc_slowtests an alias for ad_dc, not ad_dc_ntvfs
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-12-20 06:08:40 +00:00
Ralph Boehme
8d1206c920 selftest: make ad_dc_default an alias for ad_dc, not ad_dc_ntvfs
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-12-20 06:08:40 +00:00
Ralph Boehme
0f5b66230d selftest: run samba4.ldap.dirsync.python against ad_dc_ntvfs explicitly
No change in behaviour.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-12-20 06:08:40 +00:00
Ralph Boehme
9174968b01 selftest: hardcode ad_dc_ntvfs for the rpc.netlogon testsuite
The rpc.netlogon testsuite has a test that verifies LSA over netlogon which is
only enabled in the ad_dc_ntvfs env.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-12-20 06:08:40 +00:00
Andrew Bartlett
0e651b4508 librpc: Fix manually written printer for drsuapi_DsAttributeValue
Credit to OSS-Fuzz

Found using the ndr_fuzz_X target.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-12-18 06:39:26 +00:00
Andrew Bartlett
5ccb5e23c9 sefltest: Demonstrate crash in manually written printer for drsuapi_DsAttributeValue
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-12-18 06:39:26 +00:00
Andrew Bartlett
92a7c5a726 librpc: Do not follow a NULL pointer when calculating the size of a union
Found by Douglas Bagnall using Hongfuzz and the new fuzz_ndr_X
fuzzer.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13876

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-12-12 02:30:40 +00:00
Andrew Bartlett
456cdb7fa3 pidl: Mismatch between set and get of relative base pointers
The set was within the switch, the get was before the switch.

The difference is shown when there is an empty default element.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13876

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-12-12 02:30:40 +00:00
Andrew Bartlett
362d70ff2f librpc: Do not follow a NULL pointer when calculating the size of a structure
Found by Douglas Bagnall using Hongfuzz and the new fuzz_ndr_X
fuzzer.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13876

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-12-12 02:30:40 +00:00
Andrew Bartlett
bcffdc9a89 selftest: Add test for ndr_size_struct() faulting on a NULL pointer
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13876

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-12-12 02:30:39 +00:00
Andrew Bartlett
f56fa3bb6a selftest: Add test for ndr_size_union() faulting on a NULL pointer
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13876

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-12-12 02:30:39 +00:00
Andrew Bartlett
cf83eec565 selftest: Add test for structure with NDR_BUFFERS only in a union
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13876

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-12-12 02:30:39 +00:00
Andrew Bartlett
fee5c6a424 librpc/idl/dnsserver.idl: Ensure DnsProperty id matches what is pulled from the stored buffer
There are two concerns here, assuming the attacker can place arbitary values
in a dnsProperty attribute over LDAP (eg is a DNS administrator).

This comes from the fact that id is used as the switch value at the C layer
but at the NDR layer the wDataLength value is considered first.

One concern is that a pull/push round-trip could include server memory:

 The previous switch_is() behaviour could store the server memory back
 into the attribute.

 However this pattern of pull/push only happens in ndrdump and fuzzing tools, as
 dnsserver_db_do_reset_dword() operates only on the uint32/bitmap union
 arms, and fully initialises those.

The other is that a pull of the attacker-supplied value could
cause the server to expose memory.

 This would be over the network via DNS or the RPC dnsserver protocols.
 However at all times the ndr_pull_struct_blob is passed zeroed memory.

The final concern (which fuzz_ndr_X found) is that in the ndr_size_dnsPropertyData()
the union descriminent is only id.

 This has no impact as only zeroed memory is used so there will be a
 zero value in all scalars, including data->d_ns_servers.AddrArray.

 Therefore the server will not crash processing the attacker-supplied blob

[MS-DNSP] 2.3.2.1 dnsProperty has no mention of this special behaviour.
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dnsp/445c7843-e4a1-4222-8c0f-630c230a4c80

This was known as CVE-2019-14908 before being triaged back to a normal bug.

Found by Douglas Bagnall using Hongfuzz and the new fuzz_ndr_X fuzzer.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14206
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@samba.org>
2019-12-12 00:35:30 +00:00
Gary Lockyer
ee4617ec5f librpc dnsp test: Ensure length matches union selector
Ensure that a dnsp_DnsProperty is rejected if the length data does not not
correspond to the length indicated by the union id.  It was possible for
the union to be referencing memory past the end of the structure.

Found by Douglas Bagnall using Hongfuzz and the new fuzz_ndr_X fuzzer.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14206
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-12 00:35:30 +00:00