Joseph Sutton [Thu, 5 Oct 2023 03:07:55 +0000 (16:07 +1300)]
s4:kdc: Create the Requester SID blob only if we actually need it
View with ‘git show -b’.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 5 Oct 2023 02:34:55 +0000 (15:34 +1300)]
s4:kdc: Remove unused function get_claims_blob_for_principal()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 5 Oct 2023 02:34:41 +0000 (15:34 +1300)]
s4:kdc: Modify samba_kdc_get_claims_blob() to use claims_data functions
The chief advantage of these functions is that the claims got from the
database are retained in the ‘samba_kdc_entry’ object, allowing them to
be reused should they be needed later during the same request.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 5 Oct 2023 02:33:42 +0000 (15:33 +1300)]
s4:kdc: Add functions to fetch claims from the DB or from the PAC
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 5 Oct 2023 00:43:54 +0000 (13:43 +1300)]
s4:auth: Explicitly initialize claims structures
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 5 Oct 2023 02:11:42 +0000 (15:11 +1300)]
s4:auth: Have claims_data_encoded_claims_set() return a reference to the encoded claims
Having the lifetime of the encoded claims be tied in a predictable
fashion to a caller‐controlled memory context is less prone to error.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 4 Oct 2023 22:07:48 +0000 (11:07 +1300)]
s4:kdc: Declare ‘auth_entry’ to be of type ‘samba_kdc_entry_pac’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 2 Oct 2023 23:57:45 +0000 (12:57 +1300)]
s4:kdc: Rename samba_kdc_obtain_user_info_dc() to samba_kdc_get_user_info_dc()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 4 Oct 2023 04:19:31 +0000 (17:19 +1300)]
s4:kdc: Cache user info and resource groups from PACs
When authentication policies are implemented, we shall need to fetch
SIDs (and claims) from the PACs of users and devices repeatedly — not
just when first looking up a user, but every time a policy needs to be
evaluated.
This will likely be more efficient if we can cache this information,
removing the need to derive it more than once.
View with ‘git show -b’.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Wed, 11 Oct 2023 04:07:02 +0000 (17:07 +1300)]
s4-kdc: Do not modify the returned user_info_dc from samba_kdc_get_user_info_dc()
We have the duplicated shallow copy in each caller so that the caller is
clear on what memory can be changed.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Joseph Sutton [Wed, 4 Oct 2023 04:10:35 +0000 (17:10 +1300)]
s4:kdc: Always fetch resource groups
No behaviour change, and if the caller doesn’t need the resource groups
after all, the cost incurred is little more than the allocation of a
couple of dozen bytes of memory.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 4 Oct 2023 03:38:28 +0000 (16:38 +1300)]
s4:kdc: Label ‘resource_groups_out’ parameter
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 4 Oct 2023 03:31:41 +0000 (16:31 +1300)]
s4:kdc: Remove ‘group_inclusion’ parameter from samba_kdc_obtain_user_info_dc()
It could be equal only to AUTH_EXCLUDE_RESOURCE_GROUPS.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 4 Oct 2023 03:23:12 +0000 (16:23 +1300)]
s4:kdc: Pass AUTH_EXCLUDE_RESOURCE_GROUPS into samba_kdc_obtain_user_info_dc()
As the ‘group_inclusion’ parameter has an effect only if the
‘resource_groups_out’ parameter is non‐NULL, this does not result in a
change in behaviour.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 3 Oct 2023 21:35:14 +0000 (10:35 +1300)]
s4:kdc: Pass resource groups parameter only if we are creating a TGT
No change in behaviour.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 3 Oct 2023 07:08:03 +0000 (20:08 +1300)]
s4:kdc: Make ‘resource_groups_out’ parameter const
The caller shouldn’t need to modify this.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 3 Oct 2023 07:06:29 +0000 (20:06 +1300)]
s4:kdc: Check parameters of samba_kdc_get_user_info_from_pac()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 3 Oct 2023 07:04:44 +0000 (20:04 +1300)]
s4:kdc: Simplify memory management with talloc stackframe
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 3 Oct 2023 06:27:20 +0000 (19:27 +1300)]
s4:kdc: Remove common out path from samba_kdc_obtain_user_info_dc()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 3 Oct 2023 05:45:17 +0000 (18:45 +1300)]
s4:kdc: Split samba_kdc_get_user_info_from_pac() out of samba_kdc_obtain_user_info_dc()
View with ‘git show -b’.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 3 Oct 2023 06:44:41 +0000 (19:44 +1300)]
s4:kdc: Rename variable ‘user_info_dc’ to ‘info’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 3 Oct 2023 06:43:21 +0000 (19:43 +1300)]
s4:kdc: Rename parameter ‘user_info_dc_out’ to ‘info_out’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 3 Oct 2023 05:45:14 +0000 (18:45 +1300)]
s4:kdc: Fix leak
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 3 Oct 2023 05:41:59 +0000 (18:41 +1300)]
s4:kdc: Introduce intermediate variable ‘resource_groups’
No change in behaviour.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 3 Oct 2023 04:01:07 +0000 (17:01 +1300)]
s4:kdc: Initialize out parameter of samba_kdc_get_user_info_from_db()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 3 Oct 2023 04:00:43 +0000 (17:00 +1300)]
s4:kdc: Check parameters of samba_kdc_get_user_info_from_db()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 3 Oct 2023 02:35:27 +0000 (15:35 +1300)]
s4:kdc: Rename local variable ‘user_info_dc’ to ‘info’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 3 Oct 2023 01:53:17 +0000 (14:53 +1300)]
s4:kdc: Pass ‘samdb’ into samba_kdc_get_user_info_from_db()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 3 Oct 2023 01:58:52 +0000 (14:58 +1300)]
s4:kdc: Add ‘samdb’ parameter to samba_kdc_get_device_info_blob()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 3 Oct 2023 01:58:10 +0000 (14:58 +1300)]
s4:kdc: Add ‘samdb’ parameter to samba_kdc_verify_pac()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 3 Oct 2023 01:33:48 +0000 (14:33 +1300)]
s4:kdc: Make boolean members into bit‐fields
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 3 Oct 2023 00:39:48 +0000 (13:39 +1300)]
s4:kdc: Modify samba_kdc_get_user_info_from_db() to return a Kerberos error code
instead of an NT status code.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 3 Oct 2023 00:48:11 +0000 (13:48 +1300)]
s4:kdc: Pass Kerberos context into samba_kdc_get_device_info_blob()
We shall need it in order to produce an error string.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 2 Oct 2023 23:33:25 +0000 (12:33 +1300)]
s4:kdc: Rename samba_kdc_entry::user_info_dc to samba_kdc_entry::info_from_db
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 2 Oct 2023 23:32:13 +0000 (12:32 +1300)]
s4:kdc: Rename samba_kdc_get_user_info_dc() to samba_kdc_get_user_info_from_db()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 2 Oct 2023 23:28:58 +0000 (12:28 +1300)]
s4:kdc: Inline samba_kdc_get_user_info_from_db() into its only caller
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 2 Oct 2023 22:58:05 +0000 (11:58 +1300)]
s4:kdc: Replace calls to samba_kdc_get_user_info_from_db() with calls to samba_kdc_get_user_info_dc()
The latter function behaves identically, except that it makes a shallow
copy of the returned structure, thus avoiding lifetime issues.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 2 Oct 2023 22:14:30 +0000 (11:14 +1300)]
s4:kdc: Add ‘msg’ parameter to samba_kdc_get_user_info_dc()
We want to call this function from more places. But some potential
callers, found in db-glue.c, have only a partially‐initialized
‘samba_kdc_entry’ structure, without the crucial ‘msg’ member. These
callers need to be able to pass in the ldb message as a separate
parameter.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 3 Oct 2023 02:07:55 +0000 (15:07 +1300)]
s4:kdc: Rename ‘user_info_dc_out’ parameter of samba_kdc_get_user_info_dc() to ‘info_out’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 3 Oct 2023 02:07:18 +0000 (15:07 +1300)]
s4:kdc: Rename ‘skdc_entry’ parameter of samba_kdc_get_user_info_dc() to ‘entry’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 3 Oct 2023 02:05:08 +0000 (15:05 +1300)]
s4:kdc: Rename ‘user_info_dc’ parameter of samba_kdc_get_user_info_from_db() to ‘info_out’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 3 Oct 2023 02:03:23 +0000 (15:03 +1300)]
s4:kdc: Rename ‘skdc_entry’ parameter of samba_kdc_get_user_info_from_db() to ‘entry’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 10 Oct 2023 01:35:07 +0000 (14:35 +1300)]
libcli/security: Initialize conditional ACE token
If the ‘flags’ member is not initialized, we invoke undefined behaviour
when trying to push or evaluate the parsed conditional ACE.
One way this issue can manifest is in the mysterious failure of Unicode
comparisons owing to the CLAIM_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE
flag being set when it shouldn’t.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Fri, 30 Jun 2023 21:21:13 +0000 (23:21 +0200)]
libsmb: Use cli_smb2_qpathinfo_send() for SMB_QUERY_FILE_ALT_NAME_INFO
Remove one sync-only wrapper
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 12 17:51:44 UTC 2023 on atb-devel-224
Volker Lendecke [Thu, 14 Sep 2023 11:45:04 +0000 (13:45 +0200)]
examples: Enable posix for teststat
Show that we can properly detect non-regular files created by the
Windows NFS server. Tested manually against Windows 2022.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 23 Aug 2023 14:04:00 +0000 (16:04 +0200)]
libsmbclient: Read the file type from the server with posix enabled
This does not really request posix extensions, but it depends on them
being activated because it changes behaviour.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 16 Aug 2023 07:13:50 +0000 (09:13 +0200)]
libsmbclient: Add smbc_[gs]etOptionPosixExtensions()
This is an obvious part of MR2888, not used anywhere yet. It will
eventually result in us requesting SMB311 posix semantics, but for now
it will just allow to change behaviour of libsmbclient that could
break unsuspecting applications.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 2 Jan 2023 13:28:44 +0000 (14:28 +0100)]
libsmb: Parse reparse tag in query_directory response
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 23 Aug 2023 13:07:29 +0000 (15:07 +0200)]
libsmb: Query reparse tag in cli_qpathinfo2
Convert what we find to a file type
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 23 Aug 2023 11:47:20 +0000 (13:47 +0200)]
libsmb: Add placeholder "mode" parameter to cli_qpathinfo2()
Unused so far: Patch stripped out to not clutter the real patches that
follow.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 14 Aug 2023 15:30:24 +0000 (17:30 +0200)]
examples: Print file type as part of teststat
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 19 Sep 2023 19:29:11 +0000 (12:29 -0700)]
libsmb: Ask for posix semantics if requested
This is so far only for the getattr-style smb311 calls to request
case-sensitive semantics when "posix" was requested over smb311.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 19 Sep 2023 18:55:32 +0000 (11:55 -0700)]
smbclient: Always ask for SMB311 posix in negprot
This does not mean that we're actually using it (yet). We just probe
whether the server is willing to do it.
Enable the posix cli command for smb311 posix extensions.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Pavel Filipenský [Mon, 18 Sep 2023 09:16:39 +0000 (11:16 +0200)]
s3:winbindd: Call winbind_add_failed_connection_entry() for the correct dc name
We were calling winbind_add_failed_connection_entry() for saf_servername
which is NULL. domain->dcname should be used instead.
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Wed Oct 11 16:42:15 UTC 2023 on atb-devel-224
Pavel Filipenský [Mon, 18 Sep 2023 09:15:21 +0000 (11:15 +0200)]
s3:winbindd: Skip check_negative_conn_cache() if saf_servername == NULL
saf_servername can be NULL even after calling saf_fetch(). Avoid
calling check_negative_conn_cache() like it was before commit
0fcf0012
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Wed, 11 Oct 2023 10:15:42 +0000 (10:15 +0000)]
gitlab-ci: run samba-codecheck on ubuntu22.04
There's no reason to run it on fedora38
and it makes sure autobuild and gitlab-ci use the same.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 11 12:52:57 UTC 2023 on atb-devel-224
Stefan Metzmacher [Wed, 11 Oct 2023 10:15:42 +0000 (10:15 +0000)]
bootstrap: install codespell, shfmt and shellcheck also on debian/ubuntu
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Wed, 11 Oct 2023 09:47:09 +0000 (09:47 +0000)]
.codespellignore: adjust in order to pass on ubuntu 22.04
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Wed, 11 Oct 2023 09:17:07 +0000 (11:17 +0200)]
s4:torture/smb2: fix typo in acls.c
This fixes the failing samba-codecheck CI job and is not part of the functional
security fix.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15439
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Wed, 30 Aug 2023 11:02:02 +0000 (13:02 +0200)]
libcli: Make debug_unix_user_token() use just one DEBUG statement
This avoids messing up the debug logs when multiple processes are
writing into the same file.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Oct 11 00:24:58 UTC 2023 on atb-devel-224
Volker Lendecke [Wed, 30 Aug 2023 10:46:18 +0000 (12:46 +0200)]
libcli: Make security_token_debug() use just one DEBUG statement
This avoids messing up the debug logs when multiple processes are
writing into the same file.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 30 Aug 2023 10:39:00 +0000 (12:39 +0200)]
libcli: Convert security_token_debug_privileges() to talloc_asprintf
Reduces the number of DEBUGADD calls which leads to messed debug logs
between processes.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 1 Sep 2023 11:21:09 +0000 (13:21 +0200)]
smbd: is_in_path() deals with a NULL namelist
Don't need to check in the callers
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 1 Sep 2023 11:18:14 +0000 (13:18 +0200)]
smbd: Remove a pointless NULL check
boolean short-circuiting already gives us this condition.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 31 Aug 2023 14:35:47 +0000 (16:35 +0200)]
smbd: Use SMB_VFS_FSTATAT() instead of SMB_LSTAT()
Use the dirfsp when we have it available
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 31 Aug 2023 10:50:09 +0000 (12:50 +0200)]
smbd: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 31 Aug 2023 10:01:13 +0000 (12:01 +0200)]
vfs: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 31 Aug 2023 09:37:00 +0000 (11:37 +0200)]
smbd: Modernize two DBG statements
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 31 Aug 2023 09:33:02 +0000 (11:33 +0200)]
smbd: Reduce indentation, remove a nested if-statement
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 31 Aug 2023 09:23:58 +0000 (11:23 +0200)]
libsmb: Remove unused smb2_create_blob_remove()
Trivial to re-add if needed.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 31 Aug 2023 09:17:02 +0000 (11:17 +0200)]
smbd: Avoid casts in a DBG statement
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 30 Aug 2023 11:32:38 +0000 (13:32 +0200)]
rpc_server3: Avoid a pointless DEBUGADD
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 30 Aug 2023 11:28:57 +0000 (13:28 +0200)]
rpc_server3: Remove a duplicate comment
Review with "git sh -U20"
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Oct 2023 06:26:11 +0000 (08:26 +0200)]
rpc_netlogon4: Simplify dcesrv_netr_ServerAuthenticate3_helper()
Use a switch/case statement instead of a if/else chain. Easier to read
to me.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Oct 2023 06:00:06 +0000 (08:00 +0200)]
dsdb: Slightly simplify dsdb_trust_get_incoming_passwords()
Use talloc_memdup() instead of a manual copy.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Oct 2023 05:52:12 +0000 (07:52 +0200)]
lsa_srv4: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Oct 2023 05:51:27 +0000 (07:51 +0200)]
pdb: Slightly simplify pdb_samba_dsdb_set_trusteddom_pw()
This is easier to read to me.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Oct 2023 13:52:22 +0000 (15:52 +0200)]
Remove IS_DOS_*() macros
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Oct 2023 13:50:29 +0000 (15:50 +0200)]
libsmb: Expand IS_DOS_DIR() macro
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Oct 2023 13:43:55 +0000 (15:43 +0200)]
examples: Expand IS_DOS_DIR() macros
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Oct 2023 13:41:47 +0000 (15:41 +0200)]
smbd: Expand IS_DOS_READONLY() macros
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Oct 2023 12:03:31 +0000 (14:03 +0200)]
smbd: Expand IS_DOS_ARCHIVE() macros
Together with the "dosmode | FILE_ATTRIBUTE_ARCHIVE" a line below this
is more obvious to me.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Oct 2023 11:48:09 +0000 (13:48 +0200)]
libsmb: Expand IS_DOS_* macros
To me these macros hide more than they clarify.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Oct 2023 11:42:19 +0000 (13:42 +0200)]
smbd: Expand IS_DOS_* macros
To me these macros hide more than they clarify. In a lot of places we
already directly check for these flags without those macros. Unify
that.
Also, check for the dosmode bits first, lp_map_* is a bit more effort
to evaluate.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andrew Bartlett [Tue, 12 Sep 2023 04:23:49 +0000 (16:23 +1200)]
CVE-2023-42670 s3-rpc_server: Remove cross-check with "samba" EPM lookup
We now have ensured that no conflicting services attempt to start
so we do not need the runtime lookup and so avoid the risk that
the lookup may fail.
This means that any duplicates will be noticed early not just
in a race condition.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15473
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Jule Anger <janger@samba.org>
Autobuild-Date(master): Tue Oct 10 15:47:04 UTC 2023 on atb-devel-224
Andrew Bartlett [Tue, 12 Sep 2023 00:28:49 +0000 (12:28 +1200)]
CVE-2023-42670 s3-rpc_server: Strictly refuse to start RPC servers in conflict with AD DC
Just as we refuse to start NETLOGON except on the DC, we must refuse
to start all of the RPC services that are provided by the AD DC.
Most critically of course this applies to netlogon, lsa and samr.
This avoids the supression of these services being the result of a
runtime epmapper lookup, as if that fails these services can disrupt
service to end users by listening on the same socket as the AD DC
servers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15473
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 12 Sep 2023 07:03:10 +0000 (19:03 +1200)]
s4-echo: Remove the "echo" server (port 7, RFC 862) in production builds
This demonstration should never be enabled in production, if
echo service is required other software is far better positioned
to provide it. Reflection attacks on echo are a known issue.
This is removed for consistency with the removal of rpcecho, but was
never enabled in the default smb.conf so is mostly harmless.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 12 Sep 2023 07:01:03 +0000 (19:01 +1200)]
CVE-2023-42669 s3-rpc_server: Disable rpcecho for consistency with the AD DC
The rpcecho server in source3 does have samba the sleep() feature that
the s4 version has, but the task architecture is different, so there
is not the same impact. Hoever equally this is not something that
should be enabled on production builds of Samba, so restrict to
selftest builds.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15474
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 12 Sep 2023 06:59:44 +0000 (18:59 +1200)]
CVE-2023-42669 s4-rpc_server: Disable rpcecho server by default
The rpcecho server is useful in development and testing, but should never
have been allowed into production, as it includes the facility to
do a blocking sleep() in the single-threaded rpc worker.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15474
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 8 Aug 2023 05:58:27 +0000 (17:58 +1200)]
CVE-2023-4154: Unimplement the original DirSync behaviour without LDAP_DIRSYNC_OBJECT_SECURITY
This makes LDAP_DIRSYNC_OBJECT_SECURITY the only behaviour provided by
Samba.
Having a second access control system withing the LDAP stack is unsafe
and this layer is incomplete.
The current system gives all accounts that have been given the
GUID_DRS_GET_CHANGES extended right SYSTEM access. Currently in Samba
this equates to full access to passwords as well as "RODC Filtered
attributes" (often used with confidential attributes).
Rather than attempting to correctly filter for secrets (passwords) and
these filtered attributes, as well as preventing search expressions for
both, we leave this complexity to the acl_read module which has this
facility already well tested.
The implication is that callers will only see and filter by attribute
in DirSync that they could without DirSync.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 22 Aug 2023 03:08:17 +0000 (15:08 +1200)]
CVE-2023-4154 dsdb/tests: Extend attribute read DirSync tests
The aim here is to document the expected (even if not implemented)
SEARCH_FLAG_RODC_ATTRIBUTE vs SEARCH_FLAG_CONFIDENTIAL, behaviour, so
that any change once CVE-2023-4154 is fixed can be noted.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 8 Aug 2023 02:30:19 +0000 (14:30 +1200)]
CVE-2023-4154 dsdb/tests: Add test for SEARCH_FLAG_RODC_ATTRIBUTE behaviour
SEARCH_FLAG_RODC_ATTRIBUTE should be like SEARCH_FLAG_CONFIDENTIAL,
but for DirSync and DRS replication. Accounts with
GUID_DRS_GET_CHANGES rights should not be able to read this
attribute.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Mon, 7 Aug 2023 23:18:46 +0000 (11:18 +1200)]
CVE-2023-4154 dsdb/tests: Speed up DirSync test by only checking positive matches once
When we (expect to) get back a result, do not waste time against a potentially
slow server confirming we also get back results for all the other attribute
combinations.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Sun, 6 Aug 2023 23:56:56 +0000 (11:56 +1200)]
CVE-2023-4154 dsdb/tests: Check that secret attributes are not visible with DirSync ever.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Mon, 7 Aug 2023 02:44:28 +0000 (14:44 +1200)]
CVE-2023-4154 dsdb/tests: Force the test attribute to be not-confidential at the start
Rather than fail, if the last run failed to reset things, just force
the DC into the required state.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Mon, 7 Aug 2023 01:15:40 +0000 (13:15 +1200)]
CVE-2023-4154 dsdb/tests: Use self.addCleanup() and delete_force()
Thie helps ensure this test is reliable even in spite of errors while
running.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Sun, 6 Aug 2023 23:55:55 +0000 (11:55 +1200)]
CVE-2023-4154 dsdb/tests: Do not run SimpleDirsyncTests twice
To re-use setup code, the super-class must have no test_*() methods
otherwise these will be run as well as the class-local tests.
We rename tests that would otherwise have duplicate names
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Ralph Boehme [Tue, 1 Aug 2023 11:04:36 +0000 (13:04 +0200)]
CVE-2023-4091: smbd: use open_access_mask for access check in open_file()
If the client requested FILE_OVERWRITE[_IF], we're implicitly adding
FILE_WRITE_DATA to the open_access_mask in open_file_ntcreate(), but for the
access check we're using access_mask which doesn't contain the additional
right, which means we can end up truncating a file for which the user has
only read-only access via an SD.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15439
Signed-off-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Tue, 1 Aug 2023 10:30:00 +0000 (12:30 +0200)]
CVE-2023-4091: smbtorture: test overwrite dispositions on read-only file
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15439
Signed-off-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 26 Jul 2023 00:54:41 +0000 (17:54 -0700)]
CVE-2023-3961:s3: smbd: Remove the SMB_ASSERT() that crashes on bad pipenames.
We correctly handle this and just return ENOENT (NT_STATUS_OBJECT_NAME_NOT_FOUND).
Remove knowfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15422
Signed-off-by: Jeremy Allison <jra@samba.org>