Joseph Sutton [Wed, 6 Sep 2023 01:09:24 +0000 (13:09 +1200)]
s4:kdc: Don’t prepend useless colon to MIT KDC logging messages
If we pass an empty string as the ‘whoami’ parameter, MIT’s logging
facilities will prepend a mysterious colon to the message. Printing
“mitkdc: ” ought at least to be more sensible, and perhaps more closely
to match our behaviour prior to commit dd8138236bec3635c25e5b482b7a14faa0a9c36b.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 5 Sep 2023 23:03:02 +0000 (11:03 +1200)]
s4:wrepl_server: Correctly read ‘type’ element
winsdb_message() stores this element as hexadecimal, which format
ldb_msg_find_attr_as_uint() cannot cope with. Permit this element to be
in either decimal or hexadecimal format.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 5 Sep 2023 04:38:23 +0000 (16:38 +1200)]
s4:dsdb: Switch to using smb_krb5_princ_component()
This function has the handy feature of being able to be called twice in
succession without mysteriously breaking your code. Now, doesn’t that
sound useful?
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 5 Sep 2023 02:08:25 +0000 (14:08 +1200)]
s4:kdc: Rename ‘status’ variables to ‘reply_status’
This makes it clearer what these variables are used for, and avoids
confusion with the similarly‐named ‘nt_status’ variables — also used in
these functions.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 5 Sep 2023 01:23:35 +0000 (13:23 +1200)]
s4:kdc: Make ‘struct pac_blobs’ memory handling safer and more consistent
Having pac_blobs::type_blobs be managed both by talloc and by the
‘pac_blobs’ structure itself (with pac_blobs_destroy()) is very prone to
error. So is the current situation of having the other ‘pac_blobs’
functions each take in a memory context.
Improve these circumstances by requiring ‘pac_blobs’ to be managed by
talloc. Now the other functions can dispense with their ‘mem_ctx’
parameters, being instead able to allocate on to the ‘pac_blobs’
structure itself. pac_blobs_init() no longer must be a separate
function; inline it into pac_blobs_from_krb5_pac(). pac_blobs_destroy(),
being no longer of use, can go too.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 4 Sep 2023 22:44:55 +0000 (10:44 +1200)]
s4:kdc: Don’t corrupt domain groups structure if talloc_realloc() fails
Introduce a temporary variable instead of assigning the result of
talloc_realloc() directly to samr_RidWithAttributeArray::rids. In this
way we avoid having a structure with a non‐zero ‘count’ but with ‘rids’
set to the NULL pointer.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 4 Sep 2023 01:20:34 +0000 (13:20 +1200)]
s4:kdc: Add correct Asserted Identity SID in response to an S4U2Self request
I’m not sure exactly how this check was supposed to work. But in any
case, within fast_unwrap_request() the Heimdal KDC replaces the outer
padata with the padata from the inner FAST request. Hence, this check
does not accomplish anything useful: at no point should the KDC plugin
see the outer padata.
A couple of unwanted consequences resulted from this check. One was that
a client who sent empty FX‐FAST padata within the inner FAST request
would receive the *Authentication Authority* Asserted Identity SID
instead of the *Service* Asserted Identity SID. Another consequence was
that a client could in the same manner bypass the restriction on
performing S4U2Self with an RODC‐issued TGT.
Overall, samba_wdc_is_s4u2self_req() is somewhat of a hack. But the
Heimdal plugin API gives us nothing better to work with.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
nsswitch/wb_common.c: fix socket fd and memory leaks of global state
When we are called in wb_atfork_child() or winbind_destructor(),
wb_thread_ctx_destructor() is not called for the global state
of the current nor any other thread, which means we would
leak the related memory and socket fds.
Now we maintain a global list protected by a global mutex.
We traverse the list and close all socket fds, which are no
longer used (winbind_destructor) or no longer valid in the
current process (wb_atfork_child), in addition we 'autofree'
the ones, which are only visible internally as global (per thread)
context.
Tested-by: Krzysztof Piotr Oledzki <ole@ans.pl> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Sep 14 18:53:07 UTC 2023 on atb-devel-224
nsswitch/wb_common.c: don't operate on a stale wb_global_ctx.key
If nss_winbind is loaded into a process that uses fork multiple times
without any further calls into nss_winbind, wb_atfork_child handler
was using a wb_global_ctx.key that was no longer registered in the
pthread library, so we operated on a slot that was potentially
reused by other libraries or the main application. Which is likely
to cause memory corruption.
So we better don't call pthread_key_delete() in wb_atfork_child().
Reported-by: Krzysztof Piotr Oledzki <ole@ans.pl> Tested-by: Krzysztof Piotr Oledzki <ole@ans.pl> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 4 Aug 2023 15:19:00 +0000 (17:19 +0200)]
smbd: make vfs_stat_fsp() a no-op on fake file-handles
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Sep 12 17:08:17 UTC 2023 on atb-devel-224
Samuel Cabrero [Thu, 7 Sep 2023 12:51:15 +0000 (14:51 +0200)]
auth:credentials: Check if password_obtained > obtained
Fixes reading the password from STDIN or environment vars if it was already
given in the command line:
$ export PASSWD_FD=0
$ ./bin/net offlinejoin composeodj <...> --password=FOO
<Waiting to read password from STDIN>
Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Sep 11 03:36:28 UTC 2023 on atb-devel-224
Samuel Cabrero [Thu, 7 Sep 2023 12:53:22 +0000 (14:53 +0200)]
netapi: Pass net's cmdline credentials to libnetapi_net_init()
Avoid unnecessary credentials allocation and initialization by passing the
net's cmdline creds to libnetapi_net_init() directly.
Fixes the problem of running cli_credentials_guess() (which runs password
callbacks) twice, one for the net's cmdline creds and a second time for the
creds initialized in libnetapi_net_init(), just to override them immediately
after.
Example:
$ export PASSWD_FD=0
$ ./bin/net offlinejoin composeodj <...>
foo
bar
Password is read from STDIN twice.
Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Wed, 30 Aug 2023 02:45:49 +0000 (14:45 +1200)]
.gitlab-ci.yml: Move coverity build to internal Heimdal
The opensuse155 image has MIT 1.20, not the required MIT 1.21, so build
with intenral Heimdal instead.
The opensuse155 image was chosen deliberatly in commit f2eb411646bbc3cbedd4aecaba98bd363a6cd3df so this changes
the KDC choice rather than the image. Eventually we will
need to do both.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
projects / thirdparty / samba.git / log
