1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

1087 Commits

Author SHA1 Message Date
Joseph Sutton
1bb5cfef87 s4:libnet: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-11 02:42:41 +00:00
Andreas Schneider
37664f4ce7 s4:libnet: Fix code spelling
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-14 21:45:29 +00:00
Joseph Sutton
45abe2853f s4:libnet: Add missing newlines to logging messages
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:38 +00:00
Andrew Bartlett
eda1022b59 crypto: Rely on GnuTLS 3.6.13 and gnutls_pbkdf2()
This removes a lot of inline #ifdef and means this feature is always tested.

We can do this as we have chosen GnuTLS 3.6.13 as the new minimum version.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-06-30 14:00:38 +00:00
Dmitry Antipov
8720a25d57 s4:libnet: cleanup py_net_time()
Fix size of buffer passed to and always check the value returned
from strftime(), raise PyErr_NoMemory() and return NULL if zero,
or use it with PyUnicode_FromStringAndSize() (thus avoiding extra
internal call to strlen()) otherwise.

Signed-off-by: Dmitry Antipov <dantipov@cloudlinux.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-03 03:56:35 +00:00
Andrew Bartlett
937bf4b836 librpc/ndr: Unimplement DRSUAPI_COMPRESSION_TYPE_XPRESS and rename
DRSUAPI_COMPRESSION_TYPE_XPRESS is not MS-XCA nor is it implemented by
lzexpress_compress(), so disconnect from that algorithm.

This avoids someone fixing lzxpress_compress() to work for DRSUAPI
and breaking claims support.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-03-31 01:48:30 +00:00
Stefan Metzmacher
eb5df255fa s4:libnet: correctly handle gnutls_pbkdf2() errors
We should not ignore the error nor should we map
GNUTLS_E_UNWANTED_ALGORITHM to NT_STATUS_WRONG_PASSWORD,
instead we use NT_STATUS_CRYPTO_SYSTEM_INVALID as in most other places
in the same file.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15206

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Baumbach <bbaumbach@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Dec 14 13:35:20 UTC 2022 on sn-devel-184
2022-12-14 13:35:20 +00:00
Stefan Metzmacher
53d5583651 s4:libnet: fix error string for failing samr_ChangePasswordUser4()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15206

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Baumbach <bbaumbach@samba.org>
2022-12-14 12:41:35 +00:00
Stefan Metzmacher
4ebbe7e407 CVE-2022-37966 s4:libnet: allow python bindings to force setting an nthash via SAMR level 18
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-13 13:07:30 +00:00
Stefan Metzmacher
271cd82cd6 CVE-2022-37966 s4:libnet: add support LIBNET_SET_PASSWORD_SAMR_HANDLE_18 to set nthash only
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-13 13:07:30 +00:00
Stefan Metzmacher
9e69289b09 CVE-2022-37966 s4:libnet: initialize libnet_SetPassword() arguments explicitly to zero by default.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-13 13:07:30 +00:00
Stefan Metzmacher
b7ea69bdff lib/krb5_wrap: remove unused keep_old_entries argument from smb_krb5_kt_add_entry()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-10-27 21:14:43 +00:00
Andreas Schneider
30ca92a816 s4:libnet: If we successfully changed the password we are done
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15206

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
2022-10-25 09:34:33 +00:00
Andreas Schneider
16335412ff s3:rpcclient: Pass salt down to init_samr_CryptPasswordAES()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15206

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
2022-10-25 09:34:33 +00:00
Andreas Schneider
83dac5ce89 s4:libnet: Add support for samr_ChangePasswordUser4()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-07-28 11:51:29 +00:00
Andreas Schneider
0c961b16f1 s4:libnet: Move code using RC4 into its own function
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-07-28 11:51:29 +00:00
Andreas Schneider
da0e0c8aeb s4:libnet: Remove unused code in libnet_ChangePassword_samr()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-07-28 11:51:29 +00:00
Stefan Metzmacher
68dfb46361 s4:libnet: avoid using sdb_entry_ex and use sdb_entry directly
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-24 09:19:33 +00:00
Stefan Metzmacher
14487c4027 s4:kdc: samba_kdc_{first,next}key() only need sdb_entry
sdb_entry_ex will be removed shortly.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-24 09:19:33 +00:00
Stefan Metzmacher
3cba1641fd s4:kdc: samba_kdc_fetch() only needs sdb_entry
sdb_entry_ex will be removed shortly.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-24 09:19:33 +00:00
Stefan Metzmacher
4f6a34df68 s4:libnet: ask for SDB_F_ADMIN_DATA in order to create a keytab entry
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-24 09:19:33 +00:00
Stefan Metzmacher
244e188083 s4:libnet: sdb_free_entry() already clears everything
There's no need to know about '.free_entry'.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-24 09:19:33 +00:00
Pavel Filipenský
851fc9d60d s4:libnet: Fix uninitialized value "seq_num"
Found by covscan.

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2022-01-26 11:44:32 +00:00
Pavel Filipenský
dbbad4b500 s4:libnet: Fix trailing whitespace in libnet_vampire.c
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2022-01-26 11:44:32 +00:00
Andreas Schneider
17cc20ebe6 s4:libnet: Allow libnet_SetPassword() for encrypted SMB connections
This is needed for smbtorture to join a domain in FIPS mode.

FYI: The correct way would be to join using LDAP as the s3 code is doing it. But
this requires a bigger rewrite.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-08-03 09:28:38 +00:00
Andreas Schneider
1326e7d65d s4:libnet: Remove trailing whitespaces
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-08-03 09:28:38 +00:00
Joseph Sutton
609ca65765 provision: Decrease the length of random machine passwords
The current length of 128-255 UTF-16 characters currently causes
generation of crypt() passwords to typically fail. This commit
decreases the length to 120 UTF-16 characters, which is the same as
that used by Windows.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14621

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-04-07 09:18:30 +00:00
Stefan Metzmacher
11f3c852c7 s4:libnet_rpc: avoid reusing the assoc_group_id of the lsa connection
This was an unexpected side effect introduced in commit
1b17d9a587.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 11 22:50:02 UTC 2021 on sn-devel-184
2021-03-11 22:50:02 +00:00
Andrew Walker
c2fcd83ed7 s4:libnet:py_net - free event context in dealloc fn
Creation of a new Net() object initializes an event context under
a NULL talloc context and then creates a new talloc context as a
child of the event context. The deallocation function for the
net object only frees the child and not the parent. This leaks an
fd for the tevent context and associated memory.

Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Nov  6 04:58:31 UTC 2020 on sn-devel-184
2020-11-06 04:58:31 +00:00
Isaac Boukris
dce944e8a1 smbdes: convert E_old_pw_hash to use gnutls
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-10 00:30:31 +00:00
Andreas Schneider
9ea736590d s4:libnet: Use GnuTLS RC4 in libnet_ChangePassword_samr()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031

Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-26 01:48:23 +00:00
Andreas Schneider
cdb4e12765 s4:libnet: Use GnuTLS RC4 in libnet_SetPassword_samr_handle_23()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-26 01:48:23 +00:00
Andreas Schneider
18937f9ceb s4:libnet: Use GnuTLS RC4 in libnet_SetPassword_samr_handle_24()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-26 01:48:23 +00:00
Andreas Schneider
e44ba0397c s4:libnet: Use encode_rc4_passwd_buffer() in libnet_SetPassword_samr_handle_25()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-26 01:48:23 +00:00
Andreas Schneider
5afa402bb7 s4:libnet: Use encode_rc4_passwd_buffer() in libnet_SetPassword_samr_handle_26()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-26 01:48:23 +00:00
Tim Beale
b3a2508f2a s4/libnet: Fix joining a Windows pre-2008R2 DC
From v4.8 onwards, Samba may not be able join a DC older than 2008R2
because the Windows DC doesn't support GET_TGT.

If the dsdb repl_md code can't resolve a link target it returns an
error, and the calling code (e.g. drs_util.py) should retry with
GET_TGT. However, GET_TGT is only supported on Windows 2008R2 and later,
so if you try to join an earlier Windows DC, the join will throw an
error that you can't work-around.

We can avoid this problem by setting the same DSDB flag that GET_TGT
sets to indicate that the link targets are as up-to-date as possible,
and so there's no point retrying. Missing targets are still logged, so
this at least allows the admin to fix up any problems after the join
completed.

I've only done this for the join case (problems during periodic
replication are probably still worth escalating to an error).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14021
RN: From Samba v4.8 onwards, joining a Windows 2003 or 2008 (non-R2) AD
DC may not have worked. When this problem occurred, the following
message would be displayed:
 'Failed to commit objects: DOS code 0x000021bf'
This particular issue has now been resolved. Note that there may still
be other potential problems that occur when joining an older Windows DC.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-04 22:49:23 +00:00
Andrew Bartlett
8f4c30f785 lib/crypto: move gnutls error wrapper to own subsystem
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-06-27 12:54:22 +00:00
Andrew Bartlett
34f9a089d8 py3: Remove PyStr_FromString() compatability macro
We no longer need Samba to be py2/py3 compatible so we choose to return to the standard
function names.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
2019-06-24 17:24:27 +00:00
Andreas Schneider
5823dc5414 s3:libnet: Use gnutls_error_to_ntstatus() in libnet_passwd
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-06-24 06:11:17 +00:00
Andreas Schneider
4b7b2ed99c s4:libnet: Use GnuTLS MD5 for samr passwords
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-05-21 00:03:22 +00:00
Noel Power
a7d75a1c57 s4: squash 'cast between incompatible function types' warning
To avoid warning above produced by using
 -Wcast-function-type we;

  + ensure PyCFunctions of type METH_NOARGS defined dummy arg
  + ensure PyCFunctions of type METH_KEYWORDS use PY_DISCARD_FUNC_SIG
    macro
  + ensure PyCFunctions of type METH_KEYWORDS really actually use the
    problematic kargs param, if not remove it

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-05-16 17:55:17 +00:00
Andrew Bartlett
71cc89833f libnet: Remove unused source4/libnet/libnet_sam{dump,sync}:
The last caller was removed in samba-tool: Remove C version of samba-tool
(e2af384151) by Amitay Isaacs in 2011

This was a tool to dump a genine NT4 DC (never Samba) into smbpasswd file.

It did work against Windows AD, but DRS replication is much
more comprehensive.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Mon May  6 07:11:51 UTC 2019 on sn-devel-184
2019-05-06 07:11:51 +00:00
Andrew Bartlett
7671eb2ca0 libnet: Remove unused source4/libnet/libnet_samsync_ldb.c
The last caller was removed in samba-tool: Remove C version of samba-tool
(e2af384151) by Amitay Isaacs in 2011

This was a prototype tool to sync a genine NT4 DC (never Samba) into ldb.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-05-06 05:46:11 +00:00
Garming Sam
fc2e521a5e libnet vampire: NULL access bug fix
NULL pointer access bug fix

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-04-08 02:07:22 +00:00
Andrew Bartlett
fdb6305c86 build: Remove bld.gen_python_environments()
This was part of --extra-python support.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2019-03-21 04:06:14 +00:00
Andrew Bartlett
270d04e4ea build: Remove --extra-python
This option is quite invasive in waf and was mainly for the python3 transition.

Testing with multiple python versions can be done by testing a full compile against
multiple versions, likewise multiple different binding versions can be created
the same way.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-03-21 04:06:14 +00:00
Volker Lendecke
908ef16567 libnet: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-02-27 01:35:19 +01:00
Noel Power
5f9a5ef262 s4/param: Fix provision_get_schema leaking python object
provision_get_schema returns a ldb_context object which is stored
in a python object. As a result the parent python object is never
decrefed and probably not released ever.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-02-21 04:09:19 +01:00
Noel Power
0c15c4b1db Make sure results from GetAttrString are decref'ed where needed
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett abartlet@samba.org

Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Wed Feb 13 14:51:12 CET 2019 on sn-devel-144
2019-02-13 14:51:12 +01:00
Noel Power
53d973f59c Cleanup references to module objects returned from PyImport_ImportModule
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-02-07 13:44:30 +01:00