1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-22 22:04:08 +03:00
Jeremy Allison 7b4387f765 Fix bug #7146 - Samba miss-parses authenticated RPC packets.
Parts of the Samba RPC client and server code misinterpret authenticated
packets.

DCE authenticated packets actually look like this :

+--------------------------+
|header                    |
| ... frag_len (packet len)|
| ... auth_len             |
+--------------------------+
|                          |
| Data payload             |
...                     ....
|                          |
+--------------------------+
|                          |
| auth_pad_len bytes       |
+--------------------------+
|                          |
| Auth footer              |
| auth_pad_len value       |
+--------------------------+
|                          |
| Auth payload             |
| (auth_len bytes long)    |
+--------------------------+

That's right. The pad bytes come *before* the footer specifying how many pad
bytes there are. In order to read this you must seek to the end of the packet
and subtract the auth_len (in the packet header) and the auth footer length (a
known value).

The client and server code gets this right (mostly) in 3.0.x -> 3.4.x so long
as the pad alignment is on an 8 byte boundary (there are some special cases in
the code for this).

Tridge discovered there are some (DRS replication) cases where on 64-bit
machines where the pad alignment is on a 16-byte boundary. This breaks the
existing S3 hand-optimized rpc code.

This patch removes all the special cases in client and server code, and allows
the pad alignment for generated packets to be specified by changing a constant
in include/local.h (this doesn't affect received packets, the new code always
handles them correctly whatever pad alignment is used).

This patch also works correctly with rpcclient using sign+seal from
the 3.4.x and 3.3.x builds (testing with 3.0.x and 3.2.x to follow)
so even as a server it should still work with older libsmbclient and
winbindd code.

Jeremy
2010-02-17 15:27:59 -08:00

281 lines
8.6 KiB
C

/* Copyright (C) 1995-1998 Samba-Team */
/* Copyright (C) 1998 John H Terpstra <jht@aquasoft.com.au> */
/* local definitions for file server */
#ifndef _LOCAL_H
#define _LOCAL_H
/* The default workgroup - usually overridden in smb.conf */
#ifndef WORKGROUP
#define WORKGROUP "WORKGROUP"
#endif
/* the maximum debug level to compile into the code. This assumes a good
optimising compiler that can remove unused code
for embedded or low-memory systems set this to a value like 2 to get
only important messages. This gives *much* smaller binaries
*/
#ifndef MAX_DEBUG_LEVEL
#define MAX_DEBUG_LEVEL 1000
#endif
/* This defines the section name in the configuration file that will contain */
/* global parameters - that is, parameters relating to the whole server, not */
/* just services. This name is then reserved, and may not be used as a */
/* a service name. It will default to "global" if not defined here. */
#define GLOBAL_NAME "global"
#define GLOBAL_NAME2 "globals"
/* This defines the section name in the configuration file that will
refer to the special "homes" service */
#define HOMES_NAME "homes"
/* This defines the section name in the configuration file that will
refer to the special "printers" service */
#define PRINTERS_NAME "printers"
/* Yves Gaige <yvesg@hptnodur.grenoble.hp.com> requested this set this */
/* to a maximum of 8 if old smb clients break because of long printer names. */
#define MAXPRINTERLEN 15
/* max number of directories open at once */
/* note that with the new directory code this no longer requires a
file handle per directory, but large numbers do use more memory */
#define MAX_OPEN_DIRECTORIES 256
/* max number of directory handles */
/* As this now uses the bitmap code this can be
quite large. */
#define MAX_DIRECTORY_HANDLES 2048
/* maximum number of file caches per smbd */
#define MAX_WRITE_CACHES 10
/* define what facility to use for syslog */
#ifndef SYSLOG_FACILITY
#define SYSLOG_FACILITY LOG_DAEMON
#endif
/*
* Fudgefactor required for open tdb's, etc.
*/
#ifndef MAX_OPEN_FUDGEFACTOR
#define MAX_OPEN_FUDGEFACTOR 20
#endif
/*
* Minimum number of open files needed for Windows7 to
* work correctly. A little conservative but better that
* than run out of fd's.
*/
#ifndef MIN_OPEN_FILES_WINDOWS
#define MIN_OPEN_FILES_WINDOWS 16384
#endif
/*
* Default number of maximum open files per smbd. This is
* also limited by the maximum available file descriptors
* per process and can also be set in smb.conf as "max open files"
* in the [global] section.
*/
#ifndef MAX_OPEN_FILES
#define MAX_OPEN_FILES (MIN_OPEN_FILES_WINDOWS + MAX_OPEN_FUDGEFACTOR)
#endif
#define WORDMAX 0xFFFF
/* the maximum password length before we declare a likely attack */
#define MAX_PASS_LEN 200
/* separators for lists */
#define LIST_SEP " \t,;\n\r"
/* wchar separators for lists */
#define LIST_SEP_W wchar_list_sep
/* this is where browse lists are kept in the lock dir */
#define SERVER_LIST "browse.dat"
/* shall filenames with illegal chars in them get mangled in long
filename listings? */
#define MANGLE_LONG_FILENAMES
/* define this if you want to stop spoofing with .. and soft links
NOTE: This also slows down the server considerably */
#define REDUCE_PATHS
/* the size of the directory cache */
#define DIRCACHESIZE 20
/* what default type of filesystem do we want this to show up as in a
NT file manager window? */
#define FSTYPE_STRING "NTFS"
/* the default guest account - normally set in the Makefile or smb.conf */
#ifndef GUEST_ACCOUNT
#define GUEST_ACCOUNT "nobody"
#endif
/* user to test password server with as invalid in security=server mode. */
#ifndef INVALID_USER_PREFIX
#define INVALID_USER_PREFIX "sambatest"
#endif
/* the default pager to use for the client "more" command. Users can
override this with the PAGER environment variable */
#ifndef PAGER
#define PAGER "more"
#endif
/* the size of the uid cache used to reduce valid user checks */
#define VUID_CACHE_SIZE 32
/* the following control timings of various actions. Don't change
them unless you know what you are doing. These are all in seconds */
#define DEFAULT_SMBD_TIMEOUT (60*60*24*7)
#define SMBD_RELOAD_CHECK (180)
#define IDLE_CLOSED_TIMEOUT (60)
#define DPTR_IDLE_TIMEOUT (120)
#define SMBD_SELECT_TIMEOUT (60)
#define NMBD_SELECT_LOOP (10)
#define BROWSE_INTERVAL (60)
#define REGISTRATION_INTERVAL (10*60)
#define NMBD_INETD_TIMEOUT (120)
#define NMBD_MAX_TTL (24*60*60)
#define LPQ_LOCK_TIMEOUT (5)
#define NMBD_INTERFACES_RELOAD (120)
#define NMBD_UNEXPECTED_TIMEOUT (15)
/* the following are in milliseconds */
#define LOCK_RETRY_TIMEOUT (100)
/* do you want to dump core (carefully!) when an internal error is
encountered? Samba will be careful to make the core file only
accessible to root */
#define DUMP_CORE 1
/* shall we support browse requests via a FIFO to nmbd? */
#define ENABLE_FIFO 1
/* how long (in miliseconds) to wait for a socket connect to happen */
#define LONG_CONNECT_TIMEOUT 30000
#define SHORT_CONNECT_TIMEOUT 5000
/* the default netbios keepalive timeout */
#define DEFAULT_KEEPALIVE 300
/* the directory to sit in when idle */
/* #define IDLE_DIR "/" */
/* Timout (in seconds) to wait for an oplock break
message to return from the client. */
#define OPLOCK_BREAK_TIMEOUT 30
/* Timout (in seconds) to add to the oplock break timeout
to wait for the smbd to smbd message to return. */
#define OPLOCK_BREAK_TIMEOUT_FUDGEFACTOR 2
/* the read preciction code has been disabled until some problems with
it are worked out */
#define USE_READ_PREDICTION 0
/*
* Default passwd chat script.
*/
#define DEFAULT_PASSWD_CHAT "*new*password* %n\\n *new*password* %n\\n *changed*"
/* Minimum length of allowed password when changing UNIX password. */
#define MINPASSWDLENGTH 5
/* maximum ID number used for session control. This cannot be larger
than 62*62 for the current code */
#define MAX_SESSION_ID 3000
/* For the benifit of PAM and the 'session exec' scripts, we fake up a terminal
name. This can be in one of two forms: The first for systems not using
utmp (and therefore not constrained as to length or the need for a number
< 3000 or so) and the second for systems with this 'well behaved terminal
like name' constraint.
*/
#ifndef SESSION_TEMPLATE
/* Paramaters are 'pid' and 'vuid' */
#define SESSION_TEMPLATE "smb/%lu/%d"
#endif
#ifndef SESSION_UTMP_TEMPLATE
#define SESSION_UTMP_TEMPLATE "smb/%d"
#endif
/* the maximum age in seconds of a password. Should be a lp_ parameter */
#define MAX_PASSWORD_AGE (21*24*60*60)
/* Default allocation roundup. */
#define SMB_ROUNDUP_ALLOCATION_SIZE 0x100000
/* shall we deny oplocks to clients that get timeouts? */
#define FASCIST_OPLOCK_BACKOFF 1
/* this enables the "rabbit pellet" fix for SMBwritebraw */
#define RABBIT_PELLET_FIX 1
/* Max number of jobs per print queue. */
#define PRINT_MAX_JOBID 10000
/* Max number of open RPC pipes. */
#define MAX_OPEN_PIPES 2048
/* Tuning for server auth mutex. */
#define CLI_AUTH_TIMEOUT 5000 /* In milli-seconds. */
#define NUM_CLI_AUTH_CONNECT_RETRIES 3
/* Number in seconds to wait for the mutex. This must be less than 30 seconds. */
#define SERVER_MUTEX_WAIT_TIME ( ((NUM_CLI_AUTH_CONNECT_RETRIES) * ((CLI_AUTH_TIMEOUT)/1000)) + 5)
/* Number in seconds for winbindd to wait for the mutex. Make this 2 * smbd wait time. */
#define WINBIND_SERVER_MUTEX_WAIT_TIME (( ((NUM_CLI_AUTH_CONNECT_RETRIES) * ((CLI_AUTH_TIMEOUT)/1000)) + 5)*2)
/* Max number of simultaneous winbindd socket connections. */
#define WINBINDD_MAX_SIMULTANEOUS_CLIENTS 200
/* Buffer size to use when printing backtraces */
#define BACKTRACE_STACK_SIZE 64
/* size of listen() backlog in smbd */
#define SMBD_LISTEN_BACKLOG 50
/* Number of microseconds to wait before a sharing violation. */
#define SHARING_VIOLATION_USEC_WAIT 950000
/* Number of microseconds to wait before a updating the write time (2 secs). */
#define WRITE_TIME_UPDATE_USEC_DELAY 2000000
#define MAX_LDAP_REPLICATION_SLEEP_TIME 5000 /* In milliseconds. */
/* tdb hash size for the open database. */
#define SMB_OPEN_DATABASE_TDB_HASH_SIZE 10007
/* Characters we disallow in sharenames. */
#define INVALID_SHARENAME_CHARS "%<>*?|/\\+=;:\","
/* Seconds between connection attempts to a remote server. */
#define FAILED_CONNECTION_CACHE_TIMEOUT 30
/* Default hash size for the winbindd cache. */
#define WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE 5000
/* Windows minimum lock resolution timeout in ms */
#define WINDOWS_MINIMUM_LOCK_TIMEOUT_MS 200
/* Maximum size of RPC data we will accept for one call. */
#define MAX_RPC_DATA_SIZE (15*1024*1024)
#define CLIENT_NDR_PADDING_SIZE 8
#define SERVER_NDR_PADDING_SIZE 8
#endif