git.ipfire.org Git - thirdparty/samba.git/log

]> git.ipfire.org Git - thirdparty/samba.git/log

Andrew Bartlett [Wed, 11 Aug 2021 23:10:09 +0000 (11:10 +1200)]

CVE-2020-25722 dsdb: Move krbtgt password setup after the point of checking if any passwords are changed

This allows the add of an RODC, before setting the password, to avoid
this module, which helps isolate testing of security around the
msDS-SecondaryKrbTgtNumber attribute.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14703

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Andrew Bartlett [Tue, 10 Aug 2021 10:31:02 +0000 (22:31 +1200)]

CVE-2020-25722 dsdb: Tests for our known set of privileged attributes

This, except for where we choose to disagree, does pass
against Windows 2019.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14703
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14778
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14775

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

commit | commitdiff | tree

Joseph Sutton [Thu, 21 Oct 2021 03:46:56 +0000 (16:46 +1300)]

CVE-2020-17049 tests/krb5: Check account name and SID in PAC for S4U tests

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Oct 25 09:23:35 UTC 2021 on sn-devel-184

(cherry picked from commit c174e9ebe715aad6910d53c1f427a0512c09d651)

commit | commitdiff | tree

Andrew Bartlett [Thu, 16 Sep 2021 04:09:24 +0000 (16:09 +1200)]

CVE-2020-25722 selftest: Use self.assertRaisesLdbError() in user_account_control.py test

This changes most of the simple pattern with self.samdb.modify()
to use the wrapper. Some other calls still need to be converted, while
the complex decision tree tests should remain as-is for now.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14753

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Oct 4 21:55:43 UTC 2021 on sn-devel-184

(cherry picked from commit b45190bdac7bd9dcefd5ed88be4bd9a97a712664)

commit | commitdiff | tree

Andrew Bartlett [Mon, 30 Aug 2021 06:17:47 +0000 (18:17 +1200)]

CVE-2020-25722 selftest: Update user_account_control tests to pass against Windows 2019

This gets us closer to passing against Windows 2019, without
making major changes to what was tested. More tests are needed,
but it is important to get what was being tested tested again.

Account types (eg UF_NORMAL_ACCOUNT, UF_WORKSTATION_TRUST_ACCOUNT)
are now required on all objects, this can't be omitted any more.

Also for UF_NORMAL_ACCOUNT for these accounts without a password
set |UF_PASSWD_NOTREQD must be included.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14753

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Sep 15 08:49:11 UTC 2021 on sn-devel-184

(cherry picked from commit d12cb47724c2e8d19a28286d4c3ef72271a002fd)

commit | commitdiff | tree

Andrew Bartlett [Mon, 30 Aug 2021 02:54:39 +0000 (14:54 +1200)]

CVE-2020-25722 selftest: Replace internal loop in test_uac_bits_set() using @DynamicTestClass

This generates a single test per bit which is easier to
debug. Elsewhere we use this pattern where we want to
be able to put some cases in a knownfail, which is otherwise
not possible.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14753
(cherry picked from commit 17ae0319db53a7b88e7fb44a9e2fd4bf1d1daa0e)

commit | commitdiff | tree

Andrew Bartlett [Mon, 30 Aug 2021 02:51:27 +0000 (14:51 +1200)]

CVE-2020-25722 selftest: Replace internal loop in test_uac_bits_add() using @DynamicTestClass

This generates a single test per bit which is easier to
debug. Elsewhere we use this pattern where we want to
be able to put some cases in a knownfail, which is otherwise
not possible.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14753
(cherry picked from commit 60f1b6cf0ef0bf6736d8db9c53fa48fe9f3d8e75)

commit | commitdiff | tree

Andrew Bartlett [Mon, 30 Aug 2021 02:37:06 +0000 (14:37 +1200)]

CVE-2020-25722 selftest: Use @DynamicTestCase in user_account_control test_uac_bits_unrelated_modify()

This is a nice easy example of how the test generation
code works, and it combined nicely with the earlier
patch to return string names from the UF_ constants.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14753
(cherry picked from commit 8701ce492fc3a209035b152961d8c17e801b082a)

commit | commitdiff | tree

Andrew Bartlett [Mon, 30 Aug 2021 01:03:15 +0000 (13:03 +1200)]

CVE-2020-25722 pydsdb: Add API to return strings of known UF_ flags

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14753
(cherry picked from commit fb6c0b9e2a10c9559d3e056bb020bd2c990da998)

commit | commitdiff | tree

Andrew Bartlett [Sun, 29 Aug 2021 22:10:56 +0000 (10:10 +1200)]

CVE-2020-25722 selftest: Use addCleanup rather than tearDown in user_account_control.py

self.addCleanup() is called regardless of the test failure or error status
and so is more reliable, particularly during development.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14753
(cherry picked from commit 8c455268165f0bbfce17407df2c1746a0e03f828)

commit | commitdiff | tree

Andrew Bartlett [Sun, 29 Aug 2021 22:07:31 +0000 (10:07 +1200)]

CVE-2020-25722 selftest: Modernise user_account_control.py tests use a common self.OU

We set and use a single self.OU to ensure consistancy and
reduce string duplication.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14753
(cherry picked from commit 8b078bbf8717b9407cdbc1588dd065164ab78e1b)

commit | commitdiff | tree

Andrew Bartlett [Mon, 13 Sep 2021 09:48:13 +0000 (21:48 +1200)]

CVE-2020-25722 selftest: Move self.assertRaisesLdbError() to samba.tests.TestCase

This is easier to reason with regarding which cases should work
and which cases should fail, avoiding issues where more success
than expected would be OK because a self.fail() was missed in a
try: block.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14753

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 298515cac2f35082483c2b4e4b7dbfe4df1d2e0c)

commit | commitdiff | tree

Stefan Metzmacher [Tue, 2 Nov 2021 14:39:53 +0000 (15:39 +0100)]

CVE-2020-25719 selftest/knownfail_mit_kdc: Add pointless knownfail to allow a later cherry-pick to apply cleanly

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561

commit | commitdiff | tree

Volker Lendecke [Wed, 14 Apr 2021 20:24:44 +0000 (22:24 +0200)]

CVE-2020-25717 auth4: Remove sync check_password from auth_operations

Remove complexity in the data structures, and pushes the async-ness
one level down.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit 254af19ba89b4c42e5f45ec731e6577d2fcc6736)

commit | commitdiff | tree

Volker Lendecke [Thu, 15 Apr 2021 08:04:21 +0000 (10:04 +0200)]

CVE-2020-25717 auth4: Make auth_sam pseudo-async

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit f852fb4cd4e2bcd676a9ea104c5bf00979771eed)

commit | commitdiff | tree

Volker Lendecke [Wed, 14 Apr 2021 19:59:55 +0000 (21:59 +0200)]

CVE-2020-25717 auth4: Make auth_unix pseudo-async

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit a6f42ab8a778b9863990da3112c2e868cd006303)

commit | commitdiff | tree

Volker Lendecke [Wed, 14 Apr 2021 20:22:18 +0000 (22:22 +0200)]

CVE-2020-25717 auth4: Make auth_developer pseudo-async

This is a simpler approach to really just wrap the code.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit 43a1e42815718591faa8d526319b96d089a758fa)

commit | commitdiff | tree

Volker Lendecke [Wed, 14 Apr 2021 19:48:32 +0000 (21:48 +0200)]

CVE-2020-25717 auth4: Make auth_anonymous pseudo-async

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit 759573136876ef2b1b1c7484f99570d7de957e0d)

commit | commitdiff | tree

Volker Lendecke [Tue, 13 Apr 2021 15:14:01 +0000 (15:14 +0000)]

CVE-2020-25717 auth: Simplify DEBUG statements in make_auth3_context_for_ntlm()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14801
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit 8536bf7fce41c43bbed25f7ed4ce5775a1b9c0d5)

commit | commitdiff | tree

Volker Lendecke [Wed, 14 Apr 2021 08:05:59 +0000 (10:05 +0200)]

CVE-2020-25717 auth3: Simplify check_samba4_security()

First set up "server_info" in a local variable and once it's fully set
up, assign it to the out parameter "pserver_info".

Pointer dereferencing obfuscates the code for me.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit 062a0c14c6ee0b74e7619af73747df59c5e67672)

commit | commitdiff | tree

Andreas Schneider [Thu, 10 Jun 2021 14:20:28 +0000 (16:20 +0200)]

CVE-2020-25717 selftest: Only set netbios aliases for the ad_member env

The provision_ad_member() function is reused by different
setup_ad_member*() functions. Each environment needs to have unique
netbios aliases as they are all in the same network.
The aliases should only be set for the 'ad_member' environment.

Signed-Off-By: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jun 11 01:26:36 UTC 2021 on sn-devel-184

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit e165dcc770ec58c3749d653d6cb85f6ecf9479d6)

commit | commitdiff | tree

Andreas Schneider [Tue, 11 May 2021 15:59:51 +0000 (17:59 +0200)]

CVE-2020-25717 selftest: Pass down the machine account name to provision_ad_member

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit fbe68dcbb783409589cdefd8ee551c9971c51f08)

Needed as preparation for CVE-2020-25717

commit | commitdiff | tree

Björn Jacke [Sun, 18 Oct 2020 19:07:14 +0000 (21:07 +0200)]

CVE-2020-25717 auth_generic: fix empty initializer compile warning

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit cce4e8012c5eafb6d98111b92923d748d72d077b)

commit | commitdiff | tree

Alexander Bokovoy [Tue, 10 Nov 2020 15:35:24 +0000 (17:35 +0200)]

CVE-2020-25717 lookup_name: allow lookup names prefixed with DNS forest root for FreeIPA DC

In FreeIPA deployment with active Global Catalog service, when a two-way
trust to Active Directory forest is established, Windows systems can
look up FreeIPA users and groups. When using a security tab in Windows
Explorer on AD side, a lookup over a trusted forest might come as
realm\name instead of NetBIOS domain name:

--------------------------------------------------------------------
[2020/01/13 11:12:39.859134,  1, pid=33253, effective(1732401004, 1732401004), real(1732401004, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:471(ndr_print_function_debug)
       lsa_LookupNames3: struct lsa_LookupNames3
          in: struct lsa_LookupNames3
              handle                   : *
                  handle: struct policy_handle
                      handle_type              : 0x00000000 (0)
                      uuid                     : 0000000e-0000-0000-1c5e-a750e5810000
              num_names                : 0x00000001 (1)
              names: ARRAY(1)
                  names: struct lsa_String
                      length                   : 0x001e (30)
                      size                     : 0x0020 (32)
                      string                   : *
                          string                   : 'ipa.test\admins'
              sids                     : *
                  sids: struct lsa_TransSidArray3
                      count                    : 0x00000000 (0)
                      sids                     : NULL
              level                    : LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2 (6)
              count                    : *
                  count                    : 0x00000000 (0)
              lookup_options           : LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES (0)
              client_revision          : LSA_CLIENT_REVISION_2 (2)
--------------------------------------------------------------------

If we are running as a DC and PASSDB supports returning domain info
(pdb_get_domain_info() returns a valid structure), check domain of the
name in lookup_name() against DNS forest name and allow the request to
be done against the primary domain. This corresponds to FreeIPA's use of
Samba as a DC. For normal domain members a realm-based lookup falls back
to a lookup over to its own domain controller with the help of winbindd.

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Wed Nov 11 10:59:01 UTC 2020 on sn-devel-184

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit 31c703766fd2b89737826fb7e9a707f0622bb8cd)

commit | commitdiff | tree

Alexander Bokovoy [Wed, 11 Nov 2020 12:42:55 +0000 (14:42 +0200)]

CVE-2020-25717 auth_sam: use pdb_get_domain_info to look up DNS forest information

When Samba is used as a part of FreeIPA domain controller, Windows
clients for a trusted AD forest may try to authenticate (perform logon
operation) as a REALM\name user account.

Fix auth_sam plugins to accept DNS forest name if we are running on a DC
with PASSDB module providing domain information (e.g. pdb_get_domain_info()
returning non-NULL structure). Right now, only FreeIPA or Samba AD DC
PASSDB backends return this information but Samba AD DC configuration is
explicitly ignored by the two auth_sam (strict and netlogon3) modules.

Detailed logs below:

[2020/11/11 09:23:53.281296,  1, pid=42677, effective(65534, 65534), real(65534, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:482(ndr_print_function_debug)
       netr_LogonSamLogonWithFlags: struct netr_LogonSamLogonWithFlags
          in: struct netr_LogonSamLogonWithFlags
              server_name              : *
                  server_name              : '\\master.ipa.test'
              computer_name            : *
                  computer_name            : 'AD1'
              credential               : *
                  credential: struct netr_Authenticator
                      cred: struct netr_Credential
                          data                     : 529f4b087c5f6546
                      timestamp                : Wed Nov 11 09:23:55 AM 2020 UTC
              return_authenticator     : *
                  return_authenticator: struct netr_Authenticator
                      cred: struct netr_Credential
                          data                     : 204f28f622010000
                      timestamp                : Fri May  2 06:37:50 AM 1986 UTC
              logon_level              : NetlogonNetworkTransitiveInformation (6)
              logon                    : *
                  logon                    : union netr_LogonLevel(case 6)
                  network                  : *
                      network: struct netr_NetworkInfo
                          identity_info: struct netr_IdentityInfo
                              domain_name: struct lsa_String
                                  length                   : 0x0010 (16)
                                  size                     : 0x01fe (510)
                                  string                   : *
                                      string                   : 'IPA.TEST'
                              parameter_control        : 0x00002ae0 (10976)
                                     0: MSV1_0_CLEARTEXT_PASSWORD_ALLOWED
                                     0: MSV1_0_UPDATE_LOGON_STATISTICS
                                     0: MSV1_0_RETURN_USER_PARAMETERS
                                     0: MSV1_0_DONT_TRY_GUEST_ACCOUNT
                                     1: MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT
                                     1: MSV1_0_RETURN_PASSWORD_EXPIRY
                                     1: MSV1_0_USE_CLIENT_CHALLENGE
                                     0: MSV1_0_TRY_GUEST_ACCOUNT_ONLY
                                     1: MSV1_0_RETURN_PROFILE_PATH
                                     0: MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY
                                     1: MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT
                                     0: MSV1_0_DISABLE_PERSONAL_FALLBACK
                                     1: MSV1_0_ALLOW_FORCE_GUEST
                                     0: MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED
                                     0: MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY
                                     0: MSV1_0_ALLOW_MSVCHAPV2
                                     0: MSV1_0_S4U2SELF
                                     0: MSV1_0_CHECK_LOGONHOURS_FOR_S4U
                                     0: MSV1_0_SUBAUTHENTICATION_DLL_EX
                              logon_id                 : 0x0000000000884ef2 (8933106)
                              account_name: struct lsa_String
                                  length                   : 0x000e (14)
                                  size                     : 0x000e (14)
                                  string                   : *
                                      string                   : 'idmuser'
                              workstation: struct lsa_String
                                  length                   : 0x0000 (0)
                                  size                     : 0x0000 (0)
                                  string                   : *
                                      string                   : ''
                         challenge                : 417207867bd33c74
                          nt: struct netr_ChallengeResponse
                              length                   : 0x00c0 (192)
                              size                     : 0x00c0 (192)
                              data                     : *
                                  data: ARRAY(192)
  [0000] A5 24 62 6E 31 DF 69 66   9E DC 54 D6 63 4C D6 2F   .$bn1.if ..T.cL./
  [0010] 01 01 00 00 00 00 00 00   50 37 D7 60 0C B8 D6 01   ........ P7.`....
  [0020] 15 1B 38 4F 47 95 4D 62   00 00 00 00 02 00 0E 00   ..8OG.Mb ........
  [0030] 57 00 49 00 4E 00 32 00   30 00 31 00 36 00 01 00   W.I.N.2. 0.1.6...
  [0040] 06 00 41 00 44 00 31 00   04 00 18 00 77 00 69 00   ..A.D.1. ....w.i.
  [0050] 6E 00 32 00 30 00 31 00   36 00 2E 00 74 00 65 00   n.2.0.1. 6...t.e.
  [0060] 73 00 74 00 03 00 20 00   61 00 64 00 31 00 2E 00   s.t... . a.d.1...
  [0070] 77 00 69 00 6E 00 32 00   30 00 31 00 36 00 2E 00   w.i.n.2. 0.1.6...
  [0080] 74 00 65 00 73 00 74 00   05 00 18 00 77 00 69 00   t.e.s.t. ....w.i.
  [0090] 6E 00 32 00 30 00 31 00   36 00 2E 00 74 00 65 00   n.2.0.1. 6...t.e.
  [00A0] 73 00 74 00 07 00 08 00   50 37 D7 60 0C B8 D6 01   s.t..... P7.`....
  [00B0] 06 00 04 00 02 00 00 00   00 00 00 00 00 00 00 00   ........ ........
                          lm: struct netr_ChallengeResponse
                              length                   : 0x0018 (24)
                              size                     : 0x0018 (24)
                              data                     : *
                                  data                     : 000000000000000000000000000000000000000000000000
              validation_level         : 0x0006 (6)
              flags                    : *
                  flags                    : 0x00000000 (0)
                         0: NETLOGON_SAMLOGON_FLAG_PASS_TO_FOREST_ROOT
                         0: NETLOGON_SAMLOGON_FLAG_PASS_CROSS_FOREST_HOP
                         0: NETLOGON_SAMLOGON_FLAG_RODC_TO_OTHER_DOMAIN
                         0: NETLOGON_SAMLOGON_FLAG_RODC_NTLM_REQUEST

In such case checks for a workgroup name will not match the DNS forest
name used in the username specification:

[2020/11/11 09:23:53.283055,  3, pid=42677, effective(65534, 65534), real(65534, 0), class=auth] ../../source3/auth/auth.c:200(auth_check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user [IPA.TEST]\[idmuser]@[] with the new password interface
[2020/11/11 09:23:53.283073,  3, pid=42677, effective(65534, 65534), real(65534, 0), class=auth] ../../source3/auth/auth.c:203(auth_check_ntlm_password)
  check_ntlm_password:  mapped user is: [IPA.TEST]\[idmuser]@[]
[2020/11/11 09:23:53.283082, 10, pid=42677, effective(65534, 65534), real(65534, 0), class=auth] ../../source3/auth/auth.c:213(auth_check_ntlm_password)
  check_ntlm_password: auth_context challenge created by fixed
[2020/11/11 09:23:53.283091, 10, pid=42677, effective(65534, 65534), real(65534, 0), class=auth] ../../source3/auth/auth.c:216(auth_check_ntlm_password)
  challenge is:
[2020/11/11 09:23:53.283099,  5, pid=42677, effective(65534, 65534), real(65534, 0)] ../../lib/util/util.c:678(dump_data)
  [0000] 41 72 07 86 7B D3 3C 74                             Ar..{.<t
[2020/11/11 09:23:53.283113, 10, pid=42677, effective(65534, 65534), real(65534, 0), class=auth] ../../source3/auth/auth_sam.c:209(auth_sam_netlogon3_auth)
  auth_sam_netlogon3_auth: Check auth for: [IPA.TEST]\[idmuser]
[2020/11/11 09:23:53.283123,  5, pid=42677, effective(65534, 65534), real(65534, 0), class=auth] ../../source3/auth/auth_sam.c:234(auth_sam_netlogon3_auth)
  auth_sam_netlogon3_auth: IPA.TEST is not our domain name (DC for IPA)
[2020/11/11 09:23:53.283131, 10, pid=42677, effective(65534, 65534), real(65534, 0), class=auth] ../../source3/auth/auth.c:249(auth_check_ntlm_password)
  auth_check_ntlm_password: sam_netlogon3 had nothing to say

and overall authentication attempt will fail: auth_winbind will complain
that this domain is not a trusted one and refuse operating on it:

[2020/11/11 09:23:53.283784, 10, pid=42663, effective(0, 0), real(0, 0), class=winbind] ../../source3/winbindd/winbindd.c:742(process_request_send)
  process_request_send: process_request: Handling async request smbd(42677):PAM_AUTH_CRAP
[2020/11/11 09:23:53.283796,  3, pid=42663, effective(0, 0), real(0, 0), class=winbind] ../../source3/winbindd/winbindd_pam_auth_crap.c:110(winbindd_pam_auth_crap_send)
  [42677]: pam auth crap domain: [IPA.TEST] user: idmuser
[2020/11/11 09:23:53.283810,  3, pid=42663, effective(0, 0), real(0, 0), class=winbind] ../../source3/winbindd/winbindd_pam.c:409(find_auth_domain)
  Authentication for domain [IPA.TEST] refused as it is not a trusted domain
[2020/11/11 09:23:53.283825, 10, pid=42663, effective(0, 0), real(0, 0), class=winbind] ../../source3/winbindd/winbindd.c:810(process_request_done)
  process_request_done: [smbd(42677):PAM_AUTH_CRAP]: NT_STATUS_NO_SUCH_USER
[2020/11/11 09:23:53.283844, 10, pid=42663, effective(0, 0), real(0, 0), class=winbind] ../../source3/winbindd/winbindd.c:855(process_request_written)
  process_request_written: [smbd(42677):PAM_AUTH_CRAP]: delivered response to client

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit 2a8b672652dcbcf55ec59be537773d76f0f14d0a)

commit | commitdiff | tree

Ralph Boehme [Fri, 20 Aug 2021 13:04:49 +0000 (15:04 +0200)]

CVE-2020-25717 winbind: ensure wb_parent_idmap_setup_send() gets called in winbindd_allocate_uid_send()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14804
RN: winbindd can crash because idmap child state is not fully initialized

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Sep 2 15:20:06 UTC 2021 on sn-devel-184

(cherry picked from commit d0f6d54354b02f5591706814fbd1e4844788fdfa)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit 446f89510f2e55a551e2975a6cbf01c6a023ba0c)

commit | commitdiff | tree

Ralph Boehme [Tue, 31 Aug 2021 15:04:56 +0000 (17:04 +0200)]

CVE-2020-25717 winbindd: call wb_parent_idmap_setup_send() in wb_queryuser_send()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14804

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 39c2ec72cb77945c3eb611fb1d7d7e9aad52bdfd)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit 7d1dd87a6538f8c7f1e4938b0ff52cbd231fff90)

commit | commitdiff | tree

Stefan Metzmacher [Fri, 23 Oct 2020 10:21:57 +0000 (12:21 +0200)]

CVE-2020-25717 s3:idmap_hash: reliable return ID_TYPE_BOTH

idmap_hash used to bounce back the requested type,
which was ID_TYPE_UID, ID_TYPE_GID or ID_TYPE_NOT_SPECIFIED
before as the winbindd parent always used a lookupsids.
When the lookupsids failed because of an unknown domain,
the idmap child weren't requested at all and the caller
sees ID_TYPE_NOT_SPECIFIED.

This module should have supported ID_TYPE_BOTH since
samba-4.1.0, similar to idmap_rid and idmap_autorid.

Now that the winbindd parent will pass ID_TYPE_BOTH in order to
indicate that the domain exists, it's better to always return
ID_TYPE_BOTH instead of a random mix of ID_TYPE_UID, ID_TYPE_GID
or ID_TYPE_BOTH. In order to request a type_hint it will return
ID_REQUIRE_TYPE for ID_TYPE_NOT_SPECIFIED, which means that
the parent at least assures that the domain sid exists.
And the caller still gets ID_TYPE_NOT_SPECIFIED if the
domain doesn't exist.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jan 22 11:32:46 UTC 2021 on sn-devel-184

(cherry picked from commit d8339056eef2845805f573bd8b0f3323370ecc8f)
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(v4-14-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-14-test): Wed Jan 27 17:06:51 UTC 2021 on sn-devel-184

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit 99673b77b069674a6145552eb870de8829dfa503)

commit | commitdiff | tree

Stefan Metzmacher [Fri, 11 Sep 2020 14:24:49 +0000 (16:24 +0200)]

CVE-2020-25717 wb_sids2xids: defer/skip wb_lookupsids* unless we get ID_TYPE_WB_REQUIRE_TYPE

We try to give a valid hint for predefined sids and
pass ID_TYPE_BOTH as a hint that the domain part of the sid is valid.

In most cases the idmap child/backend does not require a type_hint
as mappings already exist.

This is a speed up as we no longer need to contact a domain controller.

It's also possible to accept kerberos authentication without reaching
out to a domain controller at all (if the idmap backend doesn't need a
hint).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Oct 23 04:47:26 UTC 2020 on sn-devel-184

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit 54b4d2d3cb307019a260d15c6e6b4a3fb7fc337c)

commit | commitdiff | tree

Stefan Metzmacher [Tue, 15 Sep 2020 15:26:11 +0000 (17:26 +0200)]

CVE-2020-25717 winbindd: allow idmap backends to mark entries with ID_[TYPE_WB_]REQUIRE_TYPE

This must only be used between winbindd parent and child!
It must not leak into outside world.

Some backends require ID_TYPE_UID or ID_TYPE_GID as type_hint,
while others may only need ID_TYPE_BOTH in order to validate that
the domain exists.

This will allow us to skip the wb_lookupsids_send/recv in the winbindd parent
in future and only do that on demand.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit 493f5d6b078e0b0f80d1ef25043e2834cb4fcb87)

commit | commitdiff | tree

Stefan Metzmacher [Thu, 10 Sep 2020 15:13:14 +0000 (17:13 +0200)]

CVE-2020-25717 wb_sids2xids: build state->idmap_doms based on wb_parent_idmap_config

In future we'll try to avoid wb_lookupsids_send() and only call
it if needed.

The domain name passed should be only relevant to find the correct
idmap backend, and these should all be available in
wb_parent_idmap_config as it was created before the idmap child was forked.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit c55f4f37589130a0d8952489da175bbcf53f6748)

commit | commitdiff | tree

Stefan Metzmacher [Thu, 10 Sep 2020 21:06:02 +0000 (23:06 +0200)]

CVE-2020-25717 wb_sids2xids: fill cache as soon as possible

After adding entries to the cache we can mark them
as filled from the cache by setting its domain_index
to UINT32_MAX.

This will allow further changes to fill the results
into state->all_ids in steps.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit 3f4626ea6d235470195918b77af35ac2cfeb227c)

commit | commitdiff | tree

Stefan Metzmacher [Tue, 15 Sep 2020 12:17:37 +0000 (14:17 +0200)]

CVE-2020-25717 wb_sids2xids: directly use state->all_ids to collect results

In order to translate the indexes from state->lookup_sids[]
for wb_lookupsids_send/recv() and state->map_ids.ids[]
for dcerpc_wbint_Sids2UnixIDs_send/recv() back to
state->all_ids.ids[] or state->sids[] we have state->tmp_idx[].

This simplifies wb_sids2xids_recv() a lot and make further
restructuring much easier.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit 374acc2e5fcc3c4b40f41906d0349499e3304841)

commit | commitdiff | tree

Stefan Metzmacher [Tue, 15 Sep 2020 11:58:26 +0000 (13:58 +0200)]

CVE-2020-25717 wb_sids2xids: change 'i' to 'li' in wb_sids2xids_lookupsids_done()

With all the indexes we have into various array, this makes clear
'li' is the index into the state->lookup_sids array.

This makes the following changes easier to review.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit 19c8b6a8b188e45a6342a3d1308085800388a38e)

commit | commitdiff | tree

Stefan Metzmacher [Tue, 15 Sep 2020 11:54:24 +0000 (13:54 +0200)]

CVE-2020-25717 wb_sids2xids: refactor wb_sids2xids_done() a bit

Here we don't change the logic.

It will make the following changes easier.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit cda61f592a0b33d36da8da9b6837312396cceec4)

commit | commitdiff | tree

Stefan Metzmacher [Tue, 15 Sep 2020 11:36:43 +0000 (13:36 +0200)]

CVE-2020-25717 wb_sids2xids: inline wb_sids2xids_extract_for_domain_index() into wb_sids2xids_next_sids2unix()

Instead of re-creating the dom_ids element,
we just use a pre-allocated map_ids_in array.

This is a bit tricky as we need to use map_ids_out as a copy of
map_ids_in, because the _ids argument of dcerpc_wbint_Sids2UnixIDs_send()
in [in,out], which means that _ids->ids is changed between
dcerpc_wbint_Sids2UnixIDs_send() and dcerpc_wbint_Sids2UnixIDs_recv()!

If the domain doesn't need any mappings, we'll move to the next domain
early, for now this can't happend but it will in future.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit f6bb0ed21f82f2cf1f238f9f00cd049ecf8673af)

commit | commitdiff | tree

Stefan Metzmacher [Tue, 15 Sep 2020 11:19:14 +0000 (13:19 +0200)]

CVE-2020-25717 wb_sids2xids: move more checks to wb_sids2xids_next_sids2unix()

For the first run this is a no-op, but it simplified the caller.

We'll call wb_sids2xids_next_sids2unix() in a few more places in future
and it's easier to have this all within wb_sids2xids_next_sids2unix().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit 231c8d04b19a1c17937f988d142ca5c0f889d4e0)

commit | commitdiff | tree

Stefan Metzmacher [Thu, 10 Sep 2020 15:45:24 +0000 (17:45 +0200)]

CVE-2020-25717 wb_sids2xids: rename 'non_cached' to 'lookup_sids'

This array is used to pass to wb_lookupsids_send()
and that will be the only reason to have this in future.

For now it's used for all non cached sids, but that will
also change in the next commits.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit 797b11f198e819300007997ce536bc6d05f19843)

commit | commitdiff | tree

Stefan Metzmacher [Thu, 10 Sep 2020 14:45:03 +0000 (16:45 +0200)]

CVE-2020-25717 wb_sids2xids: maintain struct wbint_TransIDArray all_ids as cache

Entries with domain_index == UINT32_MAX are valid cache entries.

In the following commits we'll fill in missing entries step by step
until all entries are marked as filled.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit 04956350a5725325954b2caba662ecd6dace7829)

commit | commitdiff | tree

Ralph Boehme [Fri, 3 Jul 2020 14:39:26 +0000 (16:39 +0200)]

CVE-2020-25717 wb_sids2xids: split out wb_sids2xids_next_sids2unix()

Put the code that calls the per-domain idmap backend
in its own function.

This makes further reconstruction easier.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit 79c1d3aaf6d465a8edd1871edb85211f8715fea1)

commit | commitdiff | tree

Stefan Metzmacher [Fri, 11 Sep 2020 13:42:42 +0000 (15:42 +0200)]

CVE-2020-25717 winbindd: defer the setup_child() from init_idmap_child()

At startup we trigger a wb_parent_idmap_setup_send() and make
sure setup_child() is called just before wb_parent_idmap_setup_recv()
finished.

This makes sure our view of the idmap config in the parent matches
what we have in the child.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit 28e020c0a863411cfa95e3b1ed943d922b8635bd)

commit | commitdiff | tree

Stefan Metzmacher [Fri, 11 Sep 2020 12:12:17 +0000 (14:12 +0200)]

CVE-2020-25717 winbindd: assert wb_parent_idmap_setup_send/recv() was called before idmap_child_handle()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit b8c74b7b46d1c7f6b66e565ee08f8c88d6dc2cc4)

commit | commitdiff | tree

Stefan Metzmacher [Fri, 11 Sep 2020 11:52:17 +0000 (13:52 +0200)]

CVE-2020-25717 wb_queryuser: explain why wb_parent_idmap_setup_send/recv is not needed

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit 82fd07793f065e150729848566e7c30f4f4d472e)

commit | commitdiff | tree

Stefan Metzmacher [Fri, 11 Sep 2020 10:52:40 +0000 (12:52 +0200)]

CVE-2020-25717 wb_sids2xids: call wb_parent_idmap_setup_send/recv as the first step

This isn't really used yet, but it will in the next commits.

Also idmap_child_handle() will soon assert that
wb_parent_idmap_setup_send/recv() was called before it's used.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit d42aaeba6e0820acd17f204ff7ab6d1aede1b303)

commit | commitdiff | tree

Stefan Metzmacher [Fri, 11 Sep 2020 10:31:13 +0000 (12:31 +0200)]

CVE-2020-25717 wb_xids2sids: make use of the new wb_parent_idmap_setup_send/recv() helpers

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit a8f57c94fc2294c309ecb18ea79d0acac86c495b)

commit | commitdiff | tree

Stefan Metzmacher [Fri, 11 Sep 2020 10:16:00 +0000 (12:16 +0200)]

CVE-2020-25717 winbindd: add generic wb_parent_idmap_setup_send/recv() helpers

This is more or less a copy of wb_xids2sids_init_dom_maps_send/recv,
but it's more generic and doesn't imply global state.

It also closes a initialization race by using a tevent_queue to
serialize the calls.

In the next commits we'll replace wb_xids2sids_init_dom_maps_send/recv.

We'll also use the new function in the wb_sids2xids code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit 209e81a2ea8c972ee57e2f0c9579da843c0e2ac7)

commit | commitdiff | tree

Stefan Metzmacher [Fri, 11 Sep 2020 12:06:04 +0000 (14:06 +0200)]

CVE-2020-25717 winbindd: add and use is_idmap_child()

We should avoid calling idmap_child() as much as possible.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit cd9a9702c1f97c47bd3447e2014eeff3e56268cf)

commit | commitdiff | tree

Stefan Metzmacher [Fri, 11 Sep 2020 12:06:04 +0000 (14:06 +0200)]

CVE-2020-25717 winbindd: add and use idmap_child_pid()

We should avoid calling idmap_child() as much as possible.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit 2103543629004a3a22e7bf60305bb15bf3b316be)

commit | commitdiff | tree

Stefan Metzmacher [Thu, 10 Sep 2020 13:49:34 +0000 (15:49 +0200)]

CVE-2020-25717 wb_sids2xids: avoid idmap_child() and use idmap_child_handle() instead

This is the only aspect we need here.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit 1694de1ae6ce63377d0afc47e84e55e4745905d7)

commit | commitdiff | tree

Stefan Metzmacher [Fri, 11 Sep 2020 10:35:09 +0000 (12:35 +0200)]

CVE-2020-25717 wb_xids2sids: avoid idmap_child() and use idmap_child_handle() instead

This is the only aspect we need here.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit 5cc21a9d319e00397ad98900d81ffb9d1d70514f)

commit | commitdiff | tree

Stefan Metzmacher [Fri, 11 Sep 2020 11:52:17 +0000 (13:52 +0200)]

CVE-2020-25717 wb_queryuser: avoid idmap_child() and use idmap_child_handle() instead

This is the only aspect we need here.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit 7dbe5b4897448aa71b5a8a2175850b4010316b88)

commit | commitdiff | tree

Stefan Metzmacher [Thu, 21 Mar 2019 11:30:37 +0000 (12:30 +0100)]

CVE-2020-25717 winbindd/idmap: apply const to struct nss_info_methods pointers

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit 7518a0ca32cade2b8b9eac0e2b5416ae685ffcff)

commit | commitdiff | tree

Stefan Metzmacher [Thu, 21 Mar 2019 11:30:37 +0000 (12:30 +0100)]

CVE-2020-25717 winbindd/idmap: apply const to struct idmap_methods pointers

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit 95b0dac0af5bc7ee85c6c8099dda135c36c9684b)

commit | commitdiff | tree

Stefan Metzmacher [Thu, 21 Mar 2019 11:29:00 +0000 (12:29 +0100)]

CVE-2020-25717 test_idmap_tdb_common: correctly initialize the idmap domain with an init function

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit f5eec89011cf7b577375d83247524587f170b592)

commit | commitdiff | tree

Stefan Metzmacher [Tue, 15 Sep 2020 14:46:44 +0000 (16:46 +0200)]

CVE-2020-25717 s3:passdb: use ID_TYPE_* instead of WBC_ID_TYPE_*

Currently these enums have the same values, but that will
change in future.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit 58e9b62222ad62c81cdf11d704859a227cb2902b)

commit | commitdiff | tree

Stefan Metzmacher [Tue, 15 Sep 2020 14:01:04 +0000 (16:01 +0200)]

CVE-2020-25717 winbind.idl: rename wbint_TransID.type to wbint_TransID.type_hint

This makes it clear that it's a hint from the parent to the
child.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit 1576421dbdd2cfe9a47516224cb54bf15ba51132)

commit | commitdiff | tree

Stefan Metzmacher [Tue, 2 Nov 2021 14:19:31 +0000 (15:19 +0100)]

ldb: version 2.2.3

Backport all C code changes from ldb-2.4.1
to be available for Samba 4.13.x

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(v4-13-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-13-test): Tue Nov 2 22:41:39 UTC 2021 on sn-devel-184

commit | commitdiff | tree

Björn Jacke [Mon, 19 Oct 2020 00:39:46 +0000 (02:39 +0200)]

ldb_kv_index: fix empty initializer compile warning

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit c862ad64aea31d1d5ec66385bb50d9b97e609071)

commit | commitdiff | tree

Volker Lendecke [Mon, 4 Jan 2021 12:55:01 +0000 (13:55 +0100)]

ldb: Use hex_byte() in ldb_binary_decode()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit b6a57c49c00a778f954aaf10db6ebe6dca8f5ae2)

commit | commitdiff | tree

Volker Lendecke [Mon, 4 Jan 2021 12:12:30 +0000 (13:12 +0100)]

lib: Add "hex_byte()" to replace.h

This is required in quite a few places, and replace.h has things like
ZERO_STRUCT already, so this is not completely outplaced.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit c8d9ce3f7c8c486ab21e320a0adcb71311dcb453)

commit | commitdiff | tree

Douglas Bagnall [Fri, 24 Jul 2020 00:41:29 +0000 (12:41 +1200)]

ldb_controls: control_to_string avoids crash

Otherwise a malformed control with unexpected NULL data will segfault
ldb_control_to_string(), though this is not very likely to affect
anyone in practice as converting controls to strings is rarely
necessary. If it happens at all in Samba it is in Python code.

Found by Honggfuzz using fuzz_ldb_parse_control.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Jul 29 04:43:23 UTC 2020 on sn-devel-184

(cherry picked from commit 2aace18f170644da9c293342a6df5e5b2ae8da25)

commit | commitdiff | tree

Andreas Schneider [Thu, 17 Dec 2020 18:16:13 +0000 (19:16 +0100)]

lib:ldb-samba: Improve calculate_popt_array_length()

Note that memcmp() doesn't work well with padding bytes. So avoid it!

(gdb) ptype/o struct poptOption
/* offset    |  size */  type = struct poptOption {
/*    0      |     8 */    const char *longName;
/*    8      |     1 */    char shortName;
/* XXX  3-byte hole  */
/*   12      |     4 */    unsigned int argInfo;
/*   16      |     8 */    void *arg;
/*   24      |     4 */    int val;
/* XXX  4-byte hole  */
/*   32      |     8 */    const char *descrip;
/*   40      |     8 */    const char *argDescrip;

                           /* total size (bytes):   48 */

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit c2c7c1f50a8acb3169e19ba4329aa78839b66def)

commit | commitdiff | tree

Andreas Schneider [Thu, 17 Dec 2020 10:56:08 +0000 (11:56 +0100)]

lib:ldb: Use C99 initializers for builtin_popt_options[]

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit a593065c7f22e17434f33d0132cc6a7073acf414)

commit | commitdiff | tree

Björn Baumbach [Mon, 18 Jan 2021 15:48:21 +0000 (16:48 +0100)]

pyldb: fix a typo

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Rowland penny <rpenny@samba.org>
(cherry picked from commit 6fcde09f093db5d26c582a3c28531265f06b9fde)

commit | commitdiff | tree

Douglas Bagnall [Fri, 29 Jan 2021 00:49:02 +0000 (13:49 +1300)]

ldb: improve comments for ldb_module_connect_backend()

There is no flags argument.
There are more URI forms.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 48068a58df0313cd904f27e2c918ee10275ae373)

commit | commitdiff | tree

Douglas Bagnall [Fri, 5 Mar 2021 20:57:44 +0000 (09:57 +1300)]

ldb: correct comments in attrib_handers val_to_int64

c.f. the identical static function in lib/ldb-samba/ldif_handlers.c

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 46e6f6ef8436df7e083f34556c25f66f65ea1ce5)

commit | commitdiff | tree

Douglas Bagnall [Fri, 18 Dec 2020 22:43:56 +0000 (11:43 +1300)]

ldb.h: remove undefined async_ctx function signatures

These functions do not exist.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 1a05b58edaf96e7da707f9ad0a237551dbe13eb5)

commit | commitdiff | tree

Andreas Schneider [Mon, 1 Feb 2021 13:21:21 +0000 (14:21 +0100)]

lib:ldb: Add missing break in switch statement

error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough]

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 1ffacac547a8ce29c6696dda73991a8db7e34dfd)

commit | commitdiff | tree

Joseph Sutton [Fri, 28 May 2021 02:15:43 +0000 (14:15 +1200)]

pyldb: Fix Message.items() for a message containing elements

Previously, message elements were being freed before the call to
Py_BuildValue(), resulting in an exception being raised. Additionally,
only the first element of the returned list was ever assigned to.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 3e4ec0a90a222c1cff4a91912afc703ca4cbbb0e)

commit | commitdiff | tree

Douglas Bagnall [Wed, 3 Mar 2021 06:54:37 +0000 (19:54 +1300)]

ldb_match: remove redundant check

We already ensure the no-trailing-asterisk case ends at the end of the
string.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14044

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit fa93339978040eab52b2722c1716028b48d8d084)

commit | commitdiff | tree

Stefan Metzmacher [Tue, 19 Jan 2021 15:53:55 +0000 (16:53 +0100)]

pyldb: catch potential overflow error in py_timestring

Pair-Programmed-With: Björn Baumbach <bb@sernet.de>

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 71e8b24b8a031de26b21539e36a60f459257d2fd)

commit | commitdiff | tree

Douglas Bagnall [Sat, 6 Mar 2021 03:05:15 +0000 (16:05 +1300)]

ldb: fix ldb_comparison_fold off-by-one overrun

We run one character over in comparing all the bytes in two ldb_vals.

In almost all circumstances both ldb_vals would have an allocated '\0'
in the overrun position, but it is best not to rely on that.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 2b2f4f519454beb6f2a46705675a62274019fc09)

commit | commitdiff | tree

Douglas Bagnall [Wed, 3 Mar 2021 06:17:36 +0000 (19:17 +1300)]

ldb_match: trailing chunk must match end of string

A wildcard search is divided into chunks by the asterisks. While most
chunks match the first suitable string, the last chunk matches the
last possible string (unless there is a trailing asterisk, in which
case this distinction is moot).

We always knew this in our hearts, but we tried to do it in a funny
complicated way that stepped through the string, comparing here and
there, leading to CVE-2019-3824 and missed matches (bug 14044).

With this patch, we just jump to the end of the string and compare it.
As well as being correct, this should also improve performance, as the
previous algorithm involved a quadratic loop of erroneous memmem()s.

See https://tools.ietf.org/html/rfc4517

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14044

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit cc098f1cad04b2cfec4ddd6b2511cd5a600f31c6)

commit | commitdiff | tree

Douglas Bagnall [Tue, 8 Dec 2020 09:00:55 +0000 (22:00 +1300)]

ldb/attrib_handler casefold: simplify space dropping

As seen in CVE-2021-20277, ldb_handler_fold() has been making mistakes
when collapsing spaces down to a single space.

This patch fixes the way it handles internal spaces (CVE-2021-20277
was about leading spaces), and involves a rewrite of the parsing loop.

The bug has a detailed description of the problem.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14656

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Apr 7 03:16:39 UTC 2021 on sn-devel-184
(cherry picked from commit 24ddc1ca9cad95673bdd8023d99867707b37085f)

commit | commitdiff | tree

Jule Anger [Fri, 29 Oct 2021 06:12:27 +0000 (08:12 +0200)]

VERSION: Bump version up to Samba 4.13.14...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Jule Anger <janger@samba.org>

commit | commitdiff | tree

Jule Anger [Fri, 29 Oct 2021 06:11:43 +0000 (08:11 +0200)]

VERSION: Disable GIT_SNAPSHOT for the 4.13.13 release.

Signed-off-by: Jule Anger <janger@samba.org>

commit | commitdiff | tree

Jule Anger [Fri, 29 Oct 2021 06:11:05 +0000 (08:11 +0200)]

WHATSNEW: Add release notes for Samba 4.13.13.

Signed-off-by: Jule Anger <janger@samba.org>

commit | commitdiff | tree

Andrew Bartlett [Mon, 4 Oct 2021 08:57:25 +0000 (21:57 +1300)]

ldb: Release ldb 2.2.1

* Corrected python behaviour for 'in' for LDAP attributes
contained as part of ldb.Message (bug 14845)
* Fix memory handling in ldb.msg_diff (bug 14836)
* Corrected python docstrings

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14845
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14836
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14848
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(v4-14-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-14-test): Tue Oct 26 13:03:37 UTC 2021 on sn-devel-184

Autobuild-User(v4-13-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-13-test): Thu Oct 28 09:49:45 UTC 2021 on sn-devel-184

commit | commitdiff | tree

Joseph Sutton [Sat, 25 Sep 2021 02:39:59 +0000 (14:39 +1200)]

pyldb: Make ldb.Message containment testing consistent with indexing

Previously, containment testing using the 'in' operator was handled by
performing an equality comparison between the chosen object and each of
the message's keys in turn. This behaviour was prone to errors due to
not considering differences in case between otherwise equal elements, as
the indexing operations do.

Containment testing should now be more consistent with the indexing
operations and with the get() method of ldb.Message.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14845
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14848

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 860d8902a9c502d4be83396598cf4a53c80fea69)

commit | commitdiff | tree

Joseph Sutton [Sat, 25 Sep 2021 01:48:57 +0000 (13:48 +1200)]

pyldb: Add tests for ldb.Message containment testing

These tests verify that the 'in' operator on ldb.Message is consistent
with indexing and the get() method. This means that the 'dn' element
should always be present, lookups should be case-insensitive, and use of
an invalid type should result in a TypeError.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14845
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14848

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 865fe238599a732360b77e06e592cb85d459acf8)

commit | commitdiff | tree

Joseph Sutton [Sat, 25 Sep 2021 01:39:56 +0000 (13:39 +1200)]

pyldb: Raise TypeError for an invalid ldb.Message index

Previously, a TypeError was raised and subsequently overridden by a
KeyError.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14845
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14848

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 22353767ca75af9d9e8fa1e7da372dcb5eddfcb7)

commit | commitdiff | tree

Joseph Sutton [Sat, 25 Sep 2021 01:22:05 +0000 (13:22 +1200)]

pyldb: Add test for an invalid ldb.Message index type

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14845
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14848

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit b018e51d2725a23b2fedd3058644b8021f6a6a06)

commit | commitdiff | tree

Joseph Sutton [Sat, 25 Sep 2021 07:18:39 +0000 (19:18 +1200)]

s4/torture/drs/python: Fix attribute existence check

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14845
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14848

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit fb758c32e7633178f42dc2c031667b10c2ca6e90)

commit | commitdiff | tree

Joseph Sutton [Fri, 24 Sep 2021 23:16:09 +0000 (11:16 +1200)]

pyldb: Fix deleting an ldb.Control critical flag

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14845
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14848

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 9d25a21d6024c6c2f8e4634f45e3944d8acbf8b8)

commit | commitdiff | tree

Joseph Sutton [Fri, 24 Sep 2021 23:13:02 +0000 (11:13 +1200)]

pytest:segfault: Add test for deleting an ldb.Control critical flag

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14845
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14848

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
[abartlet@samba.org backported from commit b1adaa517c1237a473bdcf818523f5107df3d6b0
as @no_gdb_backtrace is not in Samba 4.14]

commit | commitdiff | tree

Joseph Sutton [Fri, 24 Sep 2021 23:12:16 +0000 (11:12 +1200)]

pyldb: Fix deleting an ldb.Message dn

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14845
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14848

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
[abartlet@samba.org backported from commit d7af772de88885f46708329ff7bb5798da91d2c7
due to conflicts in knownfail.d/python-segfaults]

commit | commitdiff | tree

Joseph Sutton [Fri, 24 Sep 2021 22:56:25 +0000 (10:56 +1200)]

pytest:segfault: Add test for deleting an ldb.Message dn

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14845
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14848

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
[abartlet@samba.org backported from commit 6a041f6a99c39632d5c32e9d53b06719c20bef2c
as other segfaulting tests are listed in knownfail.d/python-segfaults
and @no_gdb_backtrace is not in 4.14]

commit | commitdiff | tree

Joseph Sutton [Wed, 28 Apr 2021 04:48:55 +0000 (16:48 +1200)]

Fix Python docstrings

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14848

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Sep 4 00:55:32 UTC 2021 on sn-devel-184

(cherry picked from commit 02b187303369d3ce0c19dfb72ffa78f86a3911f0)

commit | commitdiff | tree

Joseph Sutton [Sun, 12 Sep 2021 23:15:17 +0000 (11:15 +1200)]

pyldb: Avoid use-after-free in msg_diff()

Make a deep copy of the message elements in msg_diff() so that if either
of the input messages are deallocated early, the result does not refer
to non-existing elements.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14645
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14836
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14848

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
[abartlet@samba.org backported from commit
19a2af02f57d99db8ed3c6b028c3abdf4b553700 due to conflicts in
the knownfail.d/python-segfaults file]

Autobuild-User(v4-14-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-14-test): Wed Sep 29 13:14:22 UTC 2021 on sn-devel-184

commit | commitdiff | tree

Joseph Sutton [Mon, 13 Sep 2021 23:08:41 +0000 (11:08 +1200)]

ldb_msg: Don't fail in ldb_msg_copy() if source DN is NULL

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14645
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14836
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14848

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit c2bbe774ce03661666a1f48922a9ab681ef4f64b)

commit | commitdiff | tree

Joseph Sutton [Sun, 12 Sep 2021 23:34:56 +0000 (11:34 +1200)]

pytest:segfault: Add test for ldb.msg_diff()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14645
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14836
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14848

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
[abartlet@samba.org backported form from commit
a99a76722d6046a5d63032e3d2bb3f791da948a6 due to conflicts
with other new segfault tests]

commit | commitdiff | tree

Andrew Bartlett [Thu, 21 Oct 2021 21:50:36 +0000 (10:50 +1300)]

lib/krb5_wrap: Fix missing error check in new salt code

CID 1492905: Control flow issues (DEADCODE)

This was a regression in 5eeb441b771a1ffe1ba1c69b72e8795f525a58ed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14874
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Oct 23 08:07:13 UTC 2021 on sn-devel-184

(cherry picked from commit 5094d986b7686f057195dcb10764295b88967019)

Autobuild-User(v4-13-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-13-test): Wed Oct 27 23:29:34 UTC 2021 on sn-devel-184

commit | commitdiff | tree

Andrew Bartlett [Tue, 19 Oct 2021 03:01:36 +0000 (16:01 +1300)]

dsdb: Allow special chars like "@" in samAccountName when generating the salt

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14874
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 20 12:54:54 UTC 2021 on sn-devel-184

(cherry picked from commit 5eeb441b771a1ffe1ba1c69b72e8795f525a58ed)

commit | commitdiff | tree

Joseph Sutton [Tue, 19 Oct 2021 23:46:36 +0000 (12:46 +1300)]

tests/krb5: Add tests for account salt calculation

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14874
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
[abartlet@samba.org backported from commit 46039baa81377df10e5b134e4bb064ed246795e4
as the no_preauth side of the testsuite shows differences in enctypes
in Samba 4.14. The change is only in salt calculation so this is
not vital]

commit | commitdiff | tree

Joseph Sutton [Tue, 19 Oct 2021 23:45:47 +0000 (12:45 +1300)]

tests/krb5: Fix account salt calculation to match Windows

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14874
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 25bdf4c994e4fdb74abbacb1e22237f3f2cc37fe)

commit | commitdiff | tree

Joseph Sutton [Tue, 19 Oct 2021 23:45:08 +0000 (12:45 +1300)]

tests/krb5: Allow specifying the UPN for test accounts

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14874
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 889476d1754f8ce2a41557ed3bf5242c1293584e)

commit | commitdiff | tree

Joseph Sutton [Tue, 19 Oct 2021 23:44:19 +0000 (12:44 +1300)]

tests/krb5: Allow creating machine accounts without a trailing dollar

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14874
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit f4785ccfefe7c89f84ad847ca3c12f604172b321)

commit | commitdiff | tree

Joseph Sutton [Tue, 19 Oct 2021 23:41:39 +0000 (12:41 +1300)]

tests/krb5: Allow specifying prefix or suffix for test account names

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14874
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 7e39994ed341883ac4c8c257220c19dbf70c7bc5)

commit | commitdiff | tree

Joseph Sutton [Tue, 19 Oct 2021 23:39:05 +0000 (12:39 +1300)]

tests/krb5: Decrease length of test account prefix

This allows us more room to test with different account names.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14874
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit a5a6296e57cab2b53617d997c37b4e92d4124cc7)

commit | commitdiff | tree

Stefan Metzmacher [Tue, 5 Oct 2021 14:42:00 +0000 (16:42 +0200)]

selftest/Samba3: replace (winbindd => "yes", skip_wait => 1) with (winbindd => "offline")

This is much more flexible and concentrates the logic in a single place.

We'll use winbindd => "offline" in other places soon.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14870
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 4dc3c68c9a28f71888e3d6dd3b1f0bcdb8fa45de)

Mirror of https://github.com/samba-team/samba.git

RSS Atom