s4:kdc: pass client_claims, device_info, device_claims into samba_make_krb5_pac()
This allows us to add claims blobs to the PAC once we have the ability
to create them.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 2 Nov 2022 01:56:34 +0000 (14:56 +1300)]
krb5: Detect support for krb5_const_pac type
We can't unconditionally assume (as we did in
third_party/heimdal_build/wscript_configure) that Heimdal has this type,
since we may have an older system Heimdal that lacks it. We must also
check whether krb5_pac_get_buffer() is usable with krb5_const_pac, and
declare krb5_const_pac as a non-const typedef if not.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 3 Nov 2022 04:35:35 +0000 (17:35 +1300)]
wscript: Correctly determine dependencies for system Heimdal build
Previously, the call to CHECK_BUNDLED_SYSTEM() in
check_system_heimdal_lib() could have us pick up MIT Kerberos headers
when we should only be using system Heimdal headers. Now, we just
perform an explicit check for the functions we require, which should
avoid any use of the MIT libraries.
We also remove some library checks for Heimdal components that we don't
use directly, restricting the checks to only the functions we need.
Finally, we no longer need to recurse into third_party/heimdal_build
when performing a system Heimdal build.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Mon, 7 Nov 2022 14:08:51 +0000 (15:08 +0100)]
smbd: Don't hide directories with "hide new files timeout"
The intention of this option was to hide *files*. Before this patch we
also hide directories where new files are dropped.
This is a change in behaviour, but I think this option is niche enough
to justify not adding another parameter that we then need to test. If
workflows break with this change and people depend on directories also
to be hidden, we can still add the additional option value required.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Nov 7 22:58:33 UTC 2022 on sn-devel-184
David Mulder [Tue, 25 Oct 2022 14:28:22 +0000 (08:28 -0600)]
gpo: GPME doesn't permit nesting of admx categories in builtin
The gnome settings were nested within a builtin
admx category, which GPME does not permit. This
was hiding the GNOME settings anytime windows
admx templates were present.
Signed-off-by: David Mulder <dmulder@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Nov 4 19:09:09 UTC 2022 on sn-devel-184
Pavel Filipenský [Tue, 21 Jun 2022 16:19:16 +0000 (18:19 +0200)]
s3:winbind: Avoid unnecessary locking in wb_parent_idmap_setup_send()
A function in tevent environment can span over several context loop iterations.
Every iteration 'unschedules' the current code and a different functions can
access not yet fully initialized structures.
A locking is used to avoid this. In tevent, we use tevent queues as a locking
mechanism. Every function trying to access lock protected data, puts itself to
a queue. The function must remove itself from the queue only after the complete
work is done.
A good coding practise is to lock only the smallest code path and not to use the
locking if not needed.
wb_parent_idmap_setup_send() uses queue "wb_parent_idmap_config_queue" for:
- testing if the setup is ready
- setting up all idmap domains
But "testing if the setup is ready" can be coded as an atomic operation without
needing a lock.
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Nov 4 10:06:28 UTC 2022 on sn-devel-184
vporpo [Sat, 1 Oct 2022 21:45:18 +0000 (14:45 -0700)]
smbget: Adds a rate limiting option --limit-rate in KB/s
This patch implements a very simple rate limiter. It works by pausing the main
download loop whenever the bytes transferred are more than what we would get
with if it were transferred at the rate set by the user.
Please note that this may reduce the blocksize if the limit is too small.
Signed-off-by: Vasileios Porpodas <v.porpodas@gmail.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov 2 22:47:10 UTC 2022 on sn-devel-184
rewrite fallthrough to HEIM_FALLTHROUGH to deal with new Apple SDKs
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Nov 2 05:21:29 UTC 2022 on sn-devel-184
This commit won't compile on it's own, as we need to fix the build system
to cope in the next commit.
The purpose of this commit is to update to a new lorikeet-heimdal tree
that includes the previous two patches and is rebased on a current
Heimdal master snapshot.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Joseph Sutton [Fri, 21 Oct 2022 21:11:53 +0000 (10:11 +1300)]
third_party/heimdal: Introduce macro for common plugin structure elements
Heimdal's HDB plugin interface, and hence Samba's KDC that depends upon
it, doesn't work on 32-bit builds due to structure fields being arranged
in the wrong order. This problem presents itself in the form of
segmentation faults on 32-bit systems, but goes unnoticed on 64-bit
builds thanks to extra structure padding absorbing the errant fields.
This commit reorders the HDB plugin structure fields to prevent crashes
and introduces a common macro to ensure every plugin presents a
consistent interface.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Mulder <dmulder@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Nov 1 18:31:22 UTC 2022 on sn-devel-184
Daniel Kobras [Fri, 21 Oct 2022 14:40:14 +0000 (16:40 +0200)]
docs-xml: ea support option restricted to user ns
Update documentation to match current behavior.
Signed-off-by: Daniel Kobras <kobras@puzzle-itc.de> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Oct 28 07:24:18 UTC 2022 on sn-devel-184
Daniel Kobras [Mon, 26 Sep 2022 08:27:19 +0000 (10:27 +0200)]
s3: smbd: Consistently map EAs to user namespace
Samba has always been mapping Windows EAs to the 'user' namespace on the
POSIX side. However, in the opposite direction, the mapping would also map
other user-readable POSIX EA namespaces to Windows EAs, only stripping the
'user' namespace prefix, and passing all other EA names verbatim.
This means any POSIX EA 'other.foo' collides with 'user.other.foo' on the
Windows side, hence the mapping of non-user namespaces is unreliable.
Also, copy operations via Windows would rename an existing POSIX EA
'other.foo' in the source file to 'user.other.foo' in the destination. The
'user' namespace, however, may not be enabled on the underlying filesystem,
leading to subtle failure modes like the ones reported in eg.
<https://bugzilla.samba.org/show_bug.cgi?id=15186>
Fix the issues by restricting the mapping to the 'user' POSIX EA namespace
consistently for either direction.
Signed-off-by: Daniel Kobras <kobras@puzzle-itc.de> Reviewed-by: Michael Weiser <michael.weiser@atos.net> Tested-by: Michael Weiser <michael.weiser@atos.net> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
testprogs/blackbox: add 'net ads keytab delete' tests to test_net_ads.sh
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 27 22:14:53 UTC 2022 on sn-devel-184
We define True to true from stdbool.h and the same for false. So we
don't have to do a cleanup now.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 27 19:11:30 UTC 2022 on sn-devel-184
Volker Lendecke [Wed, 19 Oct 2022 08:59:17 +0000 (10:59 +0200)]
tests: Rename python/samba/tests/libsmb.py
samba/libsmb.py will become a common file to do the library
initialization for our tests. We already have two copies in
smb3unix.py and libsmb.py, and there might be more soon.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Philipp Gesang [Mon, 17 Oct 2022 11:42:26 +0000 (13:42 +0200)]
s3-lib: restore truncating behavior of push_ascii_nstring()
Some users of push_ascii_nstring() (notably name_to_unstring())
expect the output to be truncated if it would exceed the size of
an nstring after conversion. However this broke in 2011 due to
commit d546adeab5 ("Change convert_string_internal() and
convert_string_error() to bool return"). This patch restores the
old behavior.
The issue can be observed in syslog after setting the
``workgroup`` to a 16+ characters long string which triggers a
DEBUG() message:
Signed-off-by: Philipp Gesang <philipp.gesang@intra2net.com> Reviewed-by: Noel Power <npower@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Tue Oct 25 16:25:40 UTC 2022 on sn-devel-184
Signed-off-by: David Mulder <dmulder@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Tue Oct 25 15:21:08 UTC 2022 on sn-devel-184
subdir_of() calculates the share-relative rest for us, don't do the
strlen(connectpath) calculation twice. subdir_of() also checks that
the target properly ends on a directory. With just strncmp a symlink
to x->/aa/etc would qualify as in share /a, so a "get x/passwd" leads to a
pretty unfortunate result. This is the proper fix for bug 15207, so we
need to change the expected error code to OBJECT_PATH_NOT_FOUND
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15207 Signed-off-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jule Anger <janger@samba.org>
Autobuild-Date(master): Tue Oct 25 11:27:02 UTC 2022 on sn-devel-184
Volker Lendecke [Sat, 15 Oct 2022 12:09:55 +0000 (14:09 +0200)]
CVE-2022-3592 torture3: Show that our symlink traversal checks are insecure
This test shows that we don't properly check whether symlink targets
are inside the exported share. Linking to <share-root>a/etc makes us
loop back into filename_convert_dirfsp_nosymlink() with /etc as a
directory name.
On Linux systems with openat2(RESOLVE_NO_SYMLINKS) we pass "/etc"
directly into that call after some checks for "."/".." as invalid file
name components. "/etc" is okay for openat2(), but this test must also
succeed on systems without RESOLVE_NO_SYMLINKS (sn-devel-184 for
example). On systems without RESOLVE_NO_SYMLINKS split up the path
"/etc" into path components, in this case "" and "etc". So we pass ""
down to openat(), which correctly fails with ENOENT.
Summary: Only with RESOLVE_NO_SYMLINKS we're hit by bug 15207, and
this test shows by expecting CONNECTION_DISCONNECTED that we violate
the internal assumption of empty path components with an unexpected
symlink target, making it testable on systems with and without
RESOLVE_NO_SYMLINKS.
Joseph Sutton [Wed, 12 Oct 2022 00:57:33 +0000 (13:57 +1300)]
CVE-2022-3437 third_party/heimdal: Pass correct length to _gssapi_verify_pad()
We later subtract 8 when calculating the length of the output message
buffer. If padlength is excessively high, this calculation can underflow
and result in a very large positive value.
Now we properly constrain the value of padlength so underflow shouldn't
be possible.
Joseph Sutton [Mon, 10 Oct 2022 07:33:09 +0000 (20:33 +1300)]
CVE-2022-3437 third_party/heimdal: Check for overflow in _gsskrb5_get_mech()
If len_len is equal to total_len - 1 (i.e. the input consists only of a
0x60 byte and a length), the expression 'total_len - 1 - len_len - 1',
used as the 'len' parameter to der_get_length(), will overflow to
SIZE_MAX. Then der_get_length() will proceed to read, unconstrained,
whatever data follows in memory. Add a check to ensure that doesn't
happen.
Joseph Sutton [Mon, 15 Aug 2022 04:53:45 +0000 (16:53 +1200)]
CVE-2022-3437 third_party/heimdal: Avoid undefined behaviour in _gssapi_verify_pad()
By decrementing 'pad' only when we know it's safe, we ensure we can't
stray backwards past the start of a buffer, which would be undefined
behaviour.
In the previous version of the loop, 'i' is the number of bytes left to
check, and 'pad' is the current byte we're checking. 'pad' was
decremented at the end of each loop iteration. If 'i' was 1 (so we
checked the final byte), 'pad' could potentially be pointing to the
first byte of the input buffer, and the decrement would put it one
byte behind the buffer.
That would be undefined behaviour.
The patch changes it so that 'pad' is the byte we previously checked,
which allows us to ensure that we only decrement it when we know we
have a byte to check.
As described by the C standard, __func__ is a variable, not a macro.
Hence this #ifndef check does not work as intended, and only serves to
unconditionally disable __func__. A nonoperating __func__ prevents
cmocka operating correctly, so remove this definition.
Noel Power [Fri, 21 Oct 2022 16:14:44 +0000 (17:14 +0100)]
python/samba/tests: fix samba.tests.auth_log_pass_change for later gnutls
later gnutls that support GNUTLS_PBKDF2 currently fail,
we need to conditionally switch test data to reflect use of
'samr_ChangePasswordUser3' or 'samr_ChangePasswordUser4'
depending on whether GNUTLS_PBKDF2 is supported or not
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Oct 25 10:30:59 UTC 2022 on sn-devel-184
Noel Power [Fri, 21 Oct 2022 16:40:36 +0000 (17:40 +0100)]
s4/rpc_server/sambr: don't mutate the return of samdb_set_password_aes
prior to this commit return of samdb_set_password_aes was set to
NT_STATUS_WRONG_PASSWORD on failure. Useful status that should be
returned such as NT_STATUS_PASSWORD_RESTRICTION are swallowed here
otherwise (and in this case can be partially responsible for failures
in test samba.tests.auth_log_pass_change (with later gnutls)
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org>
Christof Schmitt [Sun, 23 Oct 2022 23:01:41 +0000 (16:01 -0700)]
vfs_gpfs: Remove support for old GPFS without DACL_PROTECTED support
GPFS 3.5 introduced support for storing the DACL_PROTECTED flag as part
of the ACL. That version has long been superceded. Remove this now
unused codepath.
David Mulder [Fri, 14 Oct 2022 15:00:45 +0000 (09:00 -0600)]
winbind: Enforce user group policy when enabled
This only enforces user group policy at logon.
We should also enforce this policy every 90 to
120 minutes, but a logoff will need to cancel the
timer and we cannot have multiple timers if there
are multiple sessions for the same user.
Signed-off-by: David Mulder <dmulder@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct 21 18:48:18 UTC 2022 on sn-devel-184
Joseph Sutton [Thu, 13 Oct 2022 01:48:07 +0000 (14:48 +1300)]
docs-xml: Fix outdated comment in documentation
This was written prior to the release of Windows Vista and later
versions.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Fri Oct 21 04:53:47 UTC 2022 on sn-devel-184
projects / thirdparty / samba.git / log
