IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
We reread the account details inside the transaction in case the account
has been locked out in the meantime. If it has, we return the
appropriate error code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 96479747bdb5bc5f33d903085f5f69793f369e3a)
[jsutton@samba.org Fixed conflict due to lack of dbg_ret variable]
Previously, there was a gap between calling dsdb_update_bad_pwd_count()
and dsdb_module_modify() where no transaction was in effect. Another
process could slip in and modify badPwdCount, only for our update to
immediately overwrite it. Doing the update inside the transaction will
help for the following commit when we make it atomic.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit a65147a9e98ead70869cdfa20ffcc9c167dbf535)
[jsutton@samba.org Fixed conflicts due to lack of dbg_ret variable]
The error code may be NT_STATUS_ACCOUNT_LOCKED_OUT, which we use in
preference to NT_STATUS_WRONG_PASSWORD.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit d8a862cb811489abb67d4cf3a7fbd83d05c7e5cb)
These variables are not important to protect against a race with
and a double-read can easily be avoided by moving them up the file
a little.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit b5f78b7b895a6b92cfdc9221b18d67ab18bc2a24)
By bringing this function inline it can then be split out in a
subsequent commit.
Based on work by Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 712181032a47318576ef35f6a6cf0f958aa538fb)
authsam_calculate_lastlogon_sync_interval() is split out of authsam_update_lastlogon_timestamp()
Based on work by Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 55147335aec8194b6439169b040556a96db22e95)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit b954acfde258a1909ed60c1c3e1015701582719f)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 4a9e0fdccfa218fbb2c3eb87e1a955ade0364b98)
Ensure that the bad password count is incremented atomically,
and that the successful logon accounting data is updated atomically.
Use bad password indicator (in a distinct TDB) to determine if to open a transaction
We open a transaction when we have seen the hint that this user
has recorded a bad password. This allows us to avoid always
needing one, while not missing a possible lockout.
We also go back and get a transation if we did not take out
one out but we chose to do a write (eg for lastLogonTimestamp)
Based on patches by Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit de4cc0a3dae89f3e51a099282615cf80c8539e11)
This is more specific than NT_STATUS_UNSUCCESSFUL, and for the SAMR
password change, matches the result the call to samdb_result_passwords()
would give.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 336e303cf1962b56b64c0d9d2b05ac15d00e8692)
cmocka unit tests for the authsam_reread_user_logon_data in
source4/auth/sam.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit d6cf245b96fb02edb3bcc52733d040d5f03fb918)
As is, this is pointless, as we need a transaction to make this
any less of a race, but this provides the steps towards that goal.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 7b8e32efc336fb728e0c7e3dd6fbe2ed54122124)
To ensure that the bad password count is incremented atomically,
and that the successful logon accounting data is updated atomically,
without always opening a transaction, we will need to make a note
of all bad and successful passwords in a side-DB outside the
transaction lock.
This provides the functions needed for that and hooks them in
(future commits will handle errors and use the results).
Based on patches by Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 408717242aad8adf4551f2394eee2d80a06c7e63)
samdb_result_msds_LockoutObservationWindow() is split out of
samdb_result_effective_badPwdCount()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 2087b0cd986b8959b2a402b9a1891472e47ca0b0)
This helps the bad password and audit log handling code as it
allows assumptions to be made about the attributes found in
the variable "msg", such as that DSDB_SEARCH_SHOW_EXTENDED_DN
was used.
This ensures we can re-search on the DN via the embedded GUID,
which in in turn rename-proof.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 439f96a2cfe77f6cbf331d965a387512c2db91c6)
[jsutton@samba.org Adapted to LM hash still being present]
Running the password lockout tests on Fedora 35 occasionally results in
errors similar to the following:
[1(0)/1 at 0s] samba.tests.krb5.lockout_tests(ad_dc:local)
EPOLL_CTL_DEL EBADF for fde[0x5569dc76c670] mpx_fde[(nil)] fd[14] - disabling
EPOLL_CTL_DEL EBADF for fde[0x5569dc6089c0] mpx_fde[(nil)] fd[14] - disabling
EPOLL_CTL_DEL EBADF for fde[0x5569dbbe58e0] mpx_fde[(nil)] fd[14] - disabling
UNEXPECTED(error): samba.tests.krb5.lockout_tests.samba.tests.krb5.lockout_tests.LockoutTests.test_lockout_race_kdc(ad_dc:local)
REASON: Exception: Exception: concurrent.futures.process._RemoteTraceback:
"""
Traceback (most recent call last):
File "/usr/lib64/python3.10/concurrent/futures/process.py", line 243, in _process_worker
r = call_item.fn(*call_item.args, **call_item.kwargs)
File "/home/samba/src/bin/python/samba/tests/krb5/lockout_tests.py", line 141, in connect_kdc
pipe.send_bytes(b'0')
File "/usr/lib64/python3.10/multiprocessing/connection.py", line 205, in send_bytes
self._send_bytes(m[offset:offset + size])
File "/usr/lib64/python3.10/multiprocessing/connection.py", line 416, in _send_bytes
self._send(header + buf)
File "/usr/lib64/python3.10/multiprocessing/connection.py", line 373, in _send
n = write(self._handle, buf)
OSError: [Errno 9] Bad file descriptor
"""
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/home/samba/src/bin/python/samba/tests/krb5/lockout_tests.py", line 537, in test_lockout_race_kdc
self.do_lockout_race(connect_kdc)
File "/home/samba/src/bin/python/samba/tests/krb5/lockout_tests.py", line 863, in do_lockout_race
self.wait_for_ready(our_pipe, connect_future)
File "/home/samba/src/bin/python/samba/tests/krb5/lockout_tests.py", line 471, in wait_for_ready
raise exception
OSError: [Errno 9] Bad file descriptor
Such messages can be seen to come from epoll_del_event(). By resorting
to lower-level facilites such as fork() and OS pipes, we lose helpful
features such as timeouts and propagation of exceptions from child
processes, but we may avoid interactions with the event system that lead
to failures.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 91e2e5616ccd507fcaf097533c5fc25974119c1e)
[jsutton@samba.org Fixed conflicts in usage.py, knownfails, and tests.py
due to not having claims tests]
[jsutton@samba.org Removed tests for unsupported SAMR AES password
change, removed related GNUTLS_PBKDF2_SUPPORT environment variable, and
fixed knownfail conflicts; marked all password lockout tests as
flapping due to sporadic failures seen with Fedora 35]
This lets us access MD4, which might not be available in hashlib, from
Python. This function is used in a following commit for hashing a
password to obtain the verifier for a SAMR password change.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 17b8d164f69a5ed79d9b7b7fc2f3f84f8ea534c8)
This lets us access single-DES from Python. This function is used in a
following commit for encrypting an NT hash to obtain the verifier for a
SAMR password change.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit b27a67af0216811d330d8a4c52390cf4fc04b5fd)
[jsutton@samba.org Fixed wscript conflict introduced by commit
61aeb7740764b202db0ddba559e83c3b2953ae36]
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 5dcb49bbd80abf6f3f082ef9c1d5452991c74c87)
Fixes a regression introduced by the fixes for bug 15126 where we crash in
vfs_default in vfswrap_stat():
assert failed: !is_named_stream(smb_fname)
The frontend calls into the VFS from build_stream_path() with a stream path
without checking if the share supports streams.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15161
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
[slow@samba.org: change from master adapted for unix_convert()]
Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Tue Sep 6 08:49:51 UTC 2022 on sn-devel-184
This is what a Windows server returns. Tested with a share residing on a FAT
formatted drive, a Windows filesystem that doesn't support streams.
Combinations tested:
file::$DATA
file:stream
file:stream:$DATA
All three fail with NT_STATUS_OBJECT_NAME_INVALID.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15161
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 201e1969bf31af07e8bd52876ff7f4d72b48a848)
The spec lists the following as requiring special access:
- for requiring FILE_READ_ATTRIBUTES:
FileBasicInformation
FileAllInformation
FileNetworkOpenInformation
FileAttributeTagInformation
- for requiring FILE_READ_EA:
FileFullEaInformation
All other infolevels are unrestricted.
We ignore the IPC related infolevels:
FilePipeInformation
FilePipeLocalInformation
FilePipeRemoteInformation
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15153
RN: Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Aug 23 12:54:08 UTC 2022 on sn-devel-184
(cherry picked from commit 6d493a9d568c08cfe5242821ccbd5a5ee1fe5284)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15153
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 9b2d28157107602fcbe659664cf9ca25f08bb30b)
smb2_composite_setpathinfo() uses SEC_FLAG_MAXIMUM_ALLOWED which can
have unwanted side effects like breaking oplocks if the effective access
includes [READ|WRITE]_DATA.
For changing the DOS attributes we only need SEC_FILE_WRITE_ATTRIBUTE. With this
change test_smb2_oplock_batch25() doesn't trigger an oplock break anymore.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15153
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 66e40690bdd41800a01333ce4243bd62ee2b1894)
We're now consistently passing the base_fsp to SMB_VFS_FSET_DOS_ATTRIBUTES(), so
we don't need to check for a stream_fsp here anymore.
Additionally vfs_default will assert a non-stream fsp inside
vfswrap_fgetxattr(), so in case any caller wrongly passes a stream fsp, this is
caught in vfs_default.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 968a5ae89f0d0da219e7dd05dd1f7f7c96dbb910)
Commit d71ef1365cdde47aeb3465699181656b0655fa04 caused a regression where the
creation date on streams wasn't updated anymore on the stream fsp.
By adding a simple wrapper vfs_fget_dos_attributes() that takes care of
- passing only the base_fsp to the VFS, so the VFS can be completely agnostic of
all the streams related complexity like fake fds,
- propagating any updated btime from the base_fsp->fsp_name to the
stream_fsp->fsp_name
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(backported from commit 3f7d8db9945a325020e4d1574289dea9e8331c29)
[slow@samba.org: also update itime and file_id]
A subsequent commit adds another streams test named "attributes2", this change
avoids matching the new testname with the existing knownfail entries.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit b5848d391be4f7633745d9c36e432ac8b1c9dba2)
Enforce fsp is a non-stream one in as many VFS operations as possible in
vfs_default. We really need an assert here instead of returning an error, as
otherwise he can have very hard to diagnose bugs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Aug 10 16:32:35 UTC 2022 on sn-devel-184
(backported from commit fc45fcfde51b0b0bdcd524c82a0f9eabf7273045)
[slow@samba.org: skip some hunks that are not applicable]
For streams, access is already checked in create_file_unixpath() by
check_base_file_access().
We already skip the access check in this function when doing an IO open of a
file, see above in open_file(), also skip it for "stat opens".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(backported from commit f0299abf1b28a14518328710d9f84bef17fd2ecf)
[slow@samba.org: smbd_check_access_rights_fsp(dirfsp) -> smbd_check_access_rights_fsp(parent_dir->fsp)]
As per MS-FSA 2.1.1.5 this is a per stream attribute, but our backends don't
support it in a consistent way, therefor just pretend success and ignore the
request.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 3af8f8e8741cc8c889bbf416ccd38a1b702917ec)
When using vfs_streams_xattr, for a pathref handle of a stream the system fd
will be a fake fd created by pipe() in vfs_fake_fd().
For the following callchain we wrongly pass a stream fsp to
SMB_VFS_FGET_NT_ACL():
SMB_VFS_CREATE_FILE(..., "file:stream", ...)
=> open_file():
if (open_fd):
-> taking the else branch:
-> smbd_check_access_rights_fsp(stream_fsp)
-> SMB_VFS_FGET_NT_ACL(stream_fsp)
This is obviously wrong and can lead to strange permission errors when using
vfs_acl_xattr:
in vfs_acl_xattr we will try to read the stored ACL by calling
fgetxattr(fake-fd) which of course faild with EBADF. Now unfortunately the
vfs_acl_xattr code ignores the specific error and handles this as if there was
no ACL stored and subsequently runs the code to synthesize a default ACL
according to the setting of "acl:default acl style".
As the correct access check for streams has already been carried out by calling
check_base_file_access() from create_file_unixpath(), the above problem is not
a security issue: it can only lead to "decreased" permissions resulting in
unexpected ACCESS_DENIED errors.
The fix is obviously going to be calling
smbd_check_access_rights_fsp(stream_fsp->base_fsp).
This test verifies that deleting a file works when the stored NT ACL grants
DELETE_FILE while the basic POSIX permissions (used in the acl_xattr fallback
code) do not.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 23bc760ec5d61208c2d8778991e3d7e202eab352)
Allows passing on "user." xattr to the backend. This can be useful for testing
specific aspects of operation on streams when "streams_xattr" is configured as
stream filesystem backend.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 92e0045d7ca7c0b94efd0244ba0e426cad0a05b6)
Centralize the pattern
if (fsp->base_fsp != NULL) {
fsp = fsp->base_fsp;
}
with a descriptive name.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit ac58b0b942cd73210100ee346816a0cf23900716)
[slow@samba.org: only backport the function, skip all updated callers]
To me this is more descriptive than "fsp->base_fsp != NULL". If this
turns out to be a performance problem, I would go and make this a
static inline in smbd/proto.h.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit 21b380ca133417df096e2b262a5da41faff186ea)
[slow@samba.org: only backport the function, skip all changed callers]
