1
0
mirror of https://github.com/samba-team/samba.git synced 2025-03-15 02:50:27 +03:00

3382 Commits

Author SHA1 Message Date
Stefan Metzmacher
bf8f8c592b s4:auth: let authenticate_ldap_simple_bind() pass down the mapped nt4names
authenticate_ldap_simple_bind*() needs to pass the
result of the cracknames operation into the auth stack
as user_info->client.{account,domain}_name, because
user_info->client.{account,domain}_name is also used
when forwarding the request via netrLogonSamLogon*
to a remote server, for exactly that the values are
also used in order to map a AUTH_PASSWORD_PLAIN into
AUTH_PASSWORD_RESPONSE, where the NTLMv2 response
contains the account and domain names passed in the
netr_IdentityInfo value.

Otherwise it would not be possible to forward the
LDAP simple bind authentication request to a remote
DC.

Currently this only applies to an RODC that forwards
the request to an RWDC.

But note that LDAP simple binds (as on Windows) only
work for users in the DCs forest, as the DsCrackNames
need to work and it can't work for users of remote
forests. I tested that in a DC of a forest root domain,
if rejected the LDAP simple bind against a different forest,
but allowed it for a users of a child domain in the
same forest. The NTLMSSP bind worked in both cases.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Mar 10 04:10:54 UTC 2022 on sn-devel-184

(cherry picked from commit 40f2070d3b2b1b13cc08f7844bfe4945e9f0cd86)

Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Wed Mar 16 14:40:08 UTC 2022 on sn-devel-184
2022-03-16 14:40:08 +00:00
Stefan Metzmacher
1e617128ad winbindd: don't set mapped_state in winbindd_dual_auth_passdb()
mapped_state is a special hack for authenticate_ldap_simple_bind_send()
in order to avoid some additional work in authsam_check_password_internals()

This doesn't apply here. We should also handle wbinfo -a
authentication UPN names, e.g. administrator@DOMAIN,
even if the account belongs to the local sam.

With this change the behavior is consistent also locally on DCs and
also an RODC can handle these requests locally for cached accounts.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15003

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 8dfdbe095a4c8a7bedd29341656a7c3164517713)
2022-03-16 13:41:14 +00:00
Stefan Metzmacher
cd29a661e0 nsswitch: let test_wbinfo.sh also test wbinfo -a $USERNAME@$DOMAIN
When winbindd forwards wbinfo -a via netrLogonSamLogon* to a remote
DC work fine for upn names, e.g. administrator@DOMAIN.

But it currently fails locally on a DC against the local sam.

For the RODC only work because it forwards the request to
an RWDC.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15003

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit e1d2c59d360fb4e72dafe788b5d9dbb0572bf811)
2022-03-16 13:41:14 +00:00
Garming Sam
fcec3b21d9 rodc: Add tests for simple BIND alongside NTLMSSP binds
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 62fb6c1dc8527db6cf0f08d4d06e8813707f767a)
2022-03-16 13:41:14 +00:00
Stefan Metzmacher
64b2075c11 s4:auth_sam: use USER_INFO_INTERACTIVE_LOGON as inducation for an interactive logon
Using != AUTH_PASSWORD_RESPONSE is not the correct indication
due to the local mappings from AUTH_PASSWORD_PLAIN via
AUTH_PASSWORD_HASH to AUTH_PASSWORD_RESPONSE.

It means an LDAP simble bind will now honour
'old password allowed period'.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15001

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 2ad44686229ba02f98de5769c26a3dfeaf5ada2b)
2022-03-16 13:41:14 +00:00
Stefan Metzmacher
d92b46a4c0 dsdb/tests: add test_login_basics_simple()
This demonstrates that 'old password allowed period' also
applies to LDAP simple binds and not only to GSS-SPNEGO/NTLMSSP binds.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15001

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 3625d1381592f7af8ec14715c6c2dfa4d9f02676)
2022-03-16 13:41:14 +00:00
Stefan Metzmacher
9d819c9359 third_party/heimdal: import lorikeet-heimdal-202203101710 (commit df8d801544144949931cd742169be1207b239c3d)
This fixes the regressions against KDCs without FAST support.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15002
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15005

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Mar 11 18:06:47 UTC 2022 on sn-devel-184

(cherry picked from commit 9b48e7f7eda5e368c1192d562c268885c1f68d8b)
2022-03-14 14:27:13 +00:00
Stefan Metzmacher
e6196c456c selftest: use 'kdc enable fast = no' for fl2000 fl2003
This makes sure we still run tests against KDCs without FAST support
and it already found a few regressions.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15002
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15005

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
(cherry picked from commit f1a71e24864367a55a30813dd642e7ef392b5ac9)
2022-03-14 14:27:13 +00:00
Stefan Metzmacher
4b6a6af868 s4:kdc: redirect pre-authentication failures to an RWDC
The most important case is that we still have a previous
password cached at the RODC and the inbound replication
hasn't wiped the cache yet and we also haven't triggered
a new replication yet.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14865

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 0f5d7ff1a9fd14fd412b09883d413d1d660fa7be)

Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Tue Mar  8 14:30:45 UTC 2022 on sn-devel-184
2022-03-08 14:30:45 +00:00
Jule Anger
9df5283f3d s3:utils: assign ids to struct to list shares correctly
The commit "99d1f1fa10d smbd: Remove unused "struct connections_key"" removes
also the assignment of information to connections_data, which are needed to list
shares.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14999

Signed-off-by: Jule Anger <janger@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Jule Anger <janger@samba.org>
Autobuild-Date(master): Mon Mar  7 15:27:48 UTC 2022 on sn-devel-184

(cherry picked from commit 9e9e6955ba93691545ea35e39ebdc285cd484406)

Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Tue Mar  8 11:31:47 UTC 2022 on sn-devel-184
2022-03-08 11:31:47 +00:00
Jule Anger
364b16068b s3:tests: Add a test to check the output of smbstatus.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14999

Signed-off-by: Jule Anger <janger@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit b108e039ab13ee9f8f2c629c5b57085a462d14db)
2022-03-08 10:33:17 +00:00
Jeremy Allison
de8fc990b2 s3: smbd: Fix our leases code to return the correct error in the non-dynamic share case.
We now return INVALID_PARAMETER when trying to open a
different file with a duplicate lease key on the same
(non-dynamic) share. This will enable us to pass another
Windows test suite leases test.

We now behave the same as Windows10.

Remove knownfail.d/smb2-lease-duplicateopen

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14737

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Feb 18 20:12:12 UTC 2022 on sn-devel-184

(cherry picked from commit 408be54323861c24b6377b804be4428cf45b471e)

Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Mon Mar  7 11:49:31 UTC 2022 on sn-devel-184
2022-03-07 11:49:31 +00:00
Jeremy Allison
7995e03b39 s4: torture: Add new SMB2 lease test test_lease_duplicate_open().
Checks we return INVALID_PARAMETER when trying to open a
different file with a duplicate lease key on the same share.

Checked against Windows10. Currently fails against smbd
so add knownfail.d/smb2-lease-duplicateopen

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14737

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
(cherry picked from commit ca3896b6f8bbcad68f042720feceedfa29ddbd83)
2022-03-07 10:54:17 +00:00
Douglas Bagnall
c240b977db s4/auth/simple_bind: correctly report TLS state
It went wrong in 366f8cf0903e3583fda42696df62a5337f22131f

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jan 26 12:39:52 UTC 2022 on sn-devel-184

(cherry picked from commit 309f1982263677045d407463eb19a2444c165a63)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14996

Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Mon Mar  7 10:11:23 UTC 2022 on sn-devel-184
2022-03-07 10:11:22 +00:00
Douglas Bagnall
5dee3a6834 pytest:auth_log: expect TLS connections when using ldaps
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit f37682747898591b37405f9e96a8135c15638637)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14996
2022-03-07 09:10:18 +00:00
Volker Lendecke
cdc5e9e4db smbd: Only file_free() a self-created fsp in create_file_unixpath()
This fixes a use-after-free in smb_full_audit_create_file() when
calling SMB_VFS_CREATE_FILE with fsp->fsp_name as smb_fname.

create_file_unixpath() has this comment:

 * This is really subtle. If someone passes in an smb_fname
 * where smb_fname actually is taken from fsp->fsp_name, then
 * the lifetime of these objects is meant to be the same.

so it seems legitimate to call CREATE_FILE this way.

When CREATE_FILE runs into an error, create_file_unixpath() does a
file_free, which also takes fsp->fsp_name with
it. smb_full_audit_create_file() wants to log the failure including
the smb_fname after NEXT_CREATE_FILE has exited, but this will then
use the already free'ed data.

Fix by only doing the file_free() on an fsp that
create_file_unixpath() created itself.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14975

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Feb 10 19:11:33 UTC 2022 on sn-devel-184

(cherry picked from commit 434e6d4b4b45757878642d229d26d146792a3878)

Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Mon Feb 14 18:36:26 UTC 2022 on sn-devel-184
2022-02-14 18:36:26 +00:00
Volker Lendecke
4cc60cbdb7 torture: Add a test to show that full_audit uses a ptr after free
Run vfstest with this vfstest.cmd under valgrind and you'll see what
happens. Exact explanation a few patches further down...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14975

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 5f1ceead7094aefc6ad1f209468e9ea8f009716c)
2022-02-14 17:46:14 +00:00
Pavel Filipenský
e1e2bae551 s3:modules: Fix virusfilter_vfs_openat
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>

Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Feb 10 22:09:06 UTC 2022 on sn-devel-184

(cherry picked from commit 3f1c958f6fa9d2991185f4e281a377a295d09f9c)

Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Mon Feb 14 14:26:30 UTC 2022 on sn-devel-184
2022-02-14 14:26:30 +00:00
Pavel Filipenský
63f6fac589 s3:selftest: Add test for virus scanner
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>

Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit a25c714c34d3e00e0f3c29d2acfa98cf9cdbc544)
2022-02-14 13:32:15 +00:00
Pavel Filipenský
e95306ed8e selftest: Fix trailing whitespace in Samba3.pm
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 547b4c595a8513a4be99177edbaa39ce43840f7a)
2022-02-14 13:32:15 +00:00
Andreas Schneider
2fd16c0cbf selftest: Do not force -d0 for smbd/nmbd/winbindd
We have the env variable SERVER_LOG_LEVEL which allows you to change
the log level on the command line. If we force -d0 this will not work.

make test TESTS="samba" SERVER_LOG_LEVEL=10

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 9693f7ea7383c6a51ab58b7c8255b30206f18a3b)
2022-02-14 13:32:15 +00:00
Stefan Metzmacher
8deee49cda selftest/quick: add smb2.session
We run the quicktest on each linux distro as part of samba-o3 builds.

We should make sure smb2 signing/enctyption works on all of them
and all different system libraries.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14968

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 68e62962b08497da8359ddbe4324443818c05cd1)
2022-02-13 09:11:16 +00:00
Jeremy Allison
cdcf23aac2 s3: libsmb: Call cli_dfs_target_check() from cli_smb2_rename_send().
Strips off any DFS prefix from the target if passed in.

Remove knownfail selftest/knownfail.d/msdfs-rename.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>

Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Fri Feb  4 12:02:36 UTC 2022 on sn-devel-184

(cherry picked from commit b9b82f3611c56e837e9189f5275ae9a78e647262)
2022-02-09 11:09:41 +00:00
Jeremy Allison
738fbcca54 s3: tests: Add a new test test_msdfs_rename() that does simple renames on MSDFS root shares.
We fail this on SMB2 for a subtle reason.

Our client code called from smbclient only sets the SMB2_HDR_FLAG_DFS flag
in the outgoing packet on the SMB2_CREATE call, and SMB2 rename does the
following operations:

SMB2_CREATE(src_path) // We set SMB2_HDR_FLAG_DFS here for a MSDFS share.
SMB2_SETINFO: SMB2_FILE_RENAME_INFO(dst_path). // We don't set SMB2_HDR_FLAG_DFS

However, from smbclient, dst_path is a MSDFS path but we don't set the flag,
so even though the rename code inside smbd will cope with a MSDFS path
(as used in the SMB1 SMBmv call) it fails as the correct flag isn't set.

Add knownfail selftest/knownfail.d/msdfs-rename.

Note we need to add the new test to "selftest/knownfail.d/smb1-tests"
as test_smbclient_s3.sh is run against the (ad_member|nt4_member)
environments first using NT1 (SMB1) protocol and then using SMB3,
but the (ad_member|nt4_member) environments don't support SMB1.
Seems a bit strange to me, but all the other SMB1 tests inside
test_smbclient_s3.sh have already been added to "selftest/knownfail.d/smb1-tests"
so just go with the test environment.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit 44cc9fb0e01b3635804f41e03f9b20afc3bfe36c)
2022-02-09 11:09:40 +00:00
Jeremy Allison
95aca464c7 s3: tests: Add a new test test_msdfs_hardlink() that does simple hardlinks on MSDFS root shares.
We pass this already as the cmd_hardlink in smbclient doesn't
do the DFS path conversion on the hardlink target. But it's
good to have the test.

Note we need to add the new test to "selftest/knownfail.d/smb1-tests"
as test_smbclient_s3.sh is run against the (ad_member|nt4_member)
environments first using NT1 (SMB1) protocol and then using SMB3,
but the (ad_member|nt4_member) environments don't support SMB1.
Seems a bit strange to me, but all the other SMB1 tests inside
test_smbclient_s3.sh have already been added to "selftest/knownfail.d/smb1-tests"
so just go with the test environment.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit d7deb876053ef45313026b4dea9ee1b376153611)
2022-02-09 11:09:40 +00:00
Jeremy Allison
64aea70f9f lib: libsmbclient: Ensure cli_rename() always sets cli->raw_status.
Identical change as used in cli_unlink(), cli_mkdir(), cli_rmdir()
cli_chkpath() to ensure SMB2 calls correctly set raw_status for
libsmbclient uses.

Remove knownfail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14938

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Feb  2 21:50:31 UTC 2022 on sn-devel-184

(cherry picked from commit ca60f6350d566b7ecc822bcbb44fb65a1d150bbe)

Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Fri Feb  4 08:41:09 UTC 2022 on sn-devel-184
2022-02-04 08:41:09 +00:00
Jeremy Allison
5c55418c25 s4: test: Add samba4.libsmbclient.rename test. Currently fails for SMB3.
Add knownfail.d/libsmbclient_rename

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14938

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 0ecc58858360bcc0181a02e52ada3e8327f97c5b)
2022-02-04 07:46:50 +00:00
Jeremy Allison
b88d24e33b CVE-2021-44141: s3: smbd: Inside rename_internals_fsp(), we must use vfs_stat() for existence, not SMB_VFS_STAT().
We need to take SMB1+POSIX into account here and do an LSTAT if it's
a POSIX name.

Remove knownfail.d/posix_sylink_rename

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>
2022-01-31 14:26:10 +00:00
Jeremy Allison
239e915b8f CVE-2021-44141: s3: torture: Add a test samba3.blackbox.test_symlink_rename.SMB1.posix that shows we still leak target info across a SMB1+POSIX rename.
Add a knownfail.d/posix_sylink_rename

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>
2022-01-31 14:26:10 +00:00
Jeremy Allison
86157b3c7b CVE-2021-44141: s3: smbd: Fix a subtle bug in the error returns from filename_convert().
If filename_convert() fails to convert the path, we never call
check_name(). This means we can return an incorrect error code
(NT_STATUS_ACCESS_DENIED) if we ran into a symlink that points
outside the share to a non-readable directory. We need to make
sure in this case we always call check_name().

Remove knownfail.d/symlink_traversal.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>
2022-01-31 14:26:10 +00:00
Jeremy Allison
f4202a0bcc CVE-2021-44141: s3: smbd: Inside check_reduced_name() ensure we return the correct error codes when failing symlinks.
NT_STATUS_OBJECT_PATH_NOT_FOUND for a path component failure.
NT_STATUS_OBJECT_NAME_NOT_FOUND for a terminal component failure.

Remove:

	samba3.blackbox.test_symlink_traversal.SMB1.posix
	samba3.blackbox.smbclient_s3.*.Ensure\ widelinks\ are\ restricted\(.*\)
	samba3.blackbox.smbclient_s3.*.follow\ symlinks\ \=\ no\(.*\)

in knownfail.d/symlink_traversal as we now pass these. Only one more fix
remaining to get rid of knownfail.d/symlink_traversal completely.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>
2022-01-31 14:26:10 +00:00
Jeremy Allison
4106af6d62 CVE-2021-44141: s3: smbd: For SMB1+POSIX clients trying to open a symlink, always return NT_STATUS_OBJECT_NAME_NOT_FOUND.
Matches the error return from openat_pathref_fsp().

NT_STATUS_OBJECT_PATH_NOT_FOUND is for a bad component in a path, not
a bad terminal symlink.

Remove knownfail.d/simple_posix_open, we now pass.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>
2022-01-31 14:26:10 +00:00
Jeremy Allison
b8da8b7220 CVE-2021-44141: s3: torture: Change expected error return for samba3.smbtorture_s3.plain.POSIX.smbtorture.
Trying to open a symlink as a terminal component should return
NT_STATUS_OBJECT_NAME_NOT_FOUND, not NT_STATUS_OBJECT_PATH_NOT_FOUND.

Mark as knownfail.d/simple_posix_open until we fix the server.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>
2022-01-31 14:26:10 +00:00
Jeremy Allison
c6d70dad3a CVE-2021-44141: s3: torture: In test_smbclient_s3, change the error codes expected for test_widelinks() and test_nosymlinks() from ACCESS_DENIED to NT_STATUS_OBJECT_NAME_NOT_FOUND.
For SMB1/2/3 (minus posix) we need to treat bad symlinks
as though they don't exist.

Add to knwownfail.d/symlink_traversal

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>
2022-01-31 14:26:10 +00:00
Jeremy Allison
ea20599ff1 CVE-2021-44141: s3: torture: Add samba3.blackbox.test_symlink_traversal.SMB1.posix
Add to knownfail.d/symlink_traversal.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>
2022-01-31 14:26:10 +00:00
Jeremy Allison
e6ccaced53 CVE-2021-44141: s3: torture: Add samba3.blackbox.test_symlink_traversal.SMB1.
Add to knownfail.d/symlink_traversal.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>
2022-01-31 14:26:10 +00:00
Jeremy Allison
1dcd818303 CVE-2021-44141: s3: torture: Add samba3.blackbox.test_symlink_traversal.SMB2.
Add to knownfail.d/symlink_traversal

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>
2022-01-31 14:26:10 +00:00
Ralph Boehme
ef82298436 CVE-2021-44142: libadouble: harden parsing code
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14914

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-01-31 14:26:10 +00:00
Ralph Boehme
03c6ba0054 CVE-2021-44142: libadouble: add basic cmocka tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14914

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-01-31 14:26:10 +00:00
Joseph Sutton
e4f18bfaec CVE-2022-0336: s4/dsdb/samldb: Don't return early when an SPN is re-added to an object
If an added SPN already exists on an object, we still want to check the
rest of the element values for conflicts.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14950

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2022-01-31 14:26:10 +00:00
Joseph Sutton
eaede91afd CVE-2022-0336: pytest: Add a test for an SPN conflict with a re-added SPN
This test currently fails, as re-adding an SPN means that later checks
do not run.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14950

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2022-01-31 14:26:10 +00:00
Stefan Metzmacher
4d3054261d blackbox.ndrdump: fix test_ndrdump_fuzzed_NULL_struct_ntlmssp_CHALLENGE_MESSAGE test
This actually reveals that ndr_push_string() for TargetName="" was
failing before because it resulted in 1 byte for a subcontext with
TargetLen=0.

This is fixed now and we no longer expect ndrdump to exit with 1.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Jan 24 16:18:34 UTC 2022 on sn-devel-184

(cherry picked from commit 12464bd4c222d996aac6d6250b7945d63f20f4bc)

Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Sun Jan 30 11:52:27 UTC 2022 on sn-devel-184
2022-01-30 11:52:27 +00:00
Stefan Metzmacher
7734584c4f librpc/ndr: let ndr_push_string() let s_len == 0 result in d_len = 0
convert_string_talloc_handle() tries to play an the safe side
and always returns a null terminated array.

But for NDR we need to be correct on the wire...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 43648e95a514020da4c7efa62df55d0882e3db85)
2022-01-30 10:57:11 +00:00
Stefan Metzmacher
9be924f907 s4:torture/ndr: demonstrate the ndr_push_string(STR_NOTERM|REMAINING) of "" is wrong
convert_string_talloc() never returns a string with len=0 and always
implies zero termination byte(s).

For ndr_push_string this is unexpected as we need to be compatible on
the wire and push 0 bytes for an empty string.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 8da26cb6725b5d853ab481a348a3a672966715b5)
2022-01-30 10:57:11 +00:00
Stefan Metzmacher
a55de23fb0 blackbox.ndrdump: adjust example files to the usage of dump_data_diff output.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 1dc385cb648f0c37b04f4ede6b1c96916e379b23)
2022-01-30 10:57:11 +00:00
Stefan Metzmacher
c1bd0f0d5e ndrdump: make use of dump_data_file_diff() in order to show differences
This makes it much easier to detect differences in the given and
generated buffers.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit d1a7f392a8ceef111a5d6c3d2a3bdb9dcb90db5e)
2022-01-30 10:57:11 +00:00
Stefan Metzmacher
f1cbfdc43c blackbox.ndrdump: adjust example files to changed dump_data() output.
The cleanup using dump_data_block16() fixed the space handling.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 9110a8854a518befa2908c26076e17a085c5ec48)
2022-01-30 10:57:11 +00:00
Stefan Metzmacher
8097c9b388 lib/util: split out a dump_data_block16() helper
This simplifies the logic a lot for me.

It also fixes some corner cases regarding whitespaces in the
output, that's why we have to mark a few tests as knownfail,
they will be fixed in the next commit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 58b09e107cadd7fb8191822d4e7e42657b1ed4c7)
2022-01-30 10:57:11 +00:00
Stefan Metzmacher
7055827b8f HEIMDAL: move code from source4/heimdal* to third_party/heimdal*
This makes it clearer that we always want to do heimdal changes
via the lorikeet-heimdal repository.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>

Autobuild-User(master): Joseph Sutton <jsutton@samba.org>
Autobuild-Date(master): Wed Jan 19 21:41:59 UTC 2022 on sn-devel-184
2022-01-19 21:41:59 +00:00
Stefan Metzmacher
2232d8408e selftest: set [libdefaults] fcache_strict_checking = false
We're using uid_wrapper so the checks will fail.

NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-01-19 20:50:35 +00:00