Andrew Bartlett [Tue, 8 Aug 2023 02:30:19 +0000 (14:30 +1200)]
CVE-2023-4154 dsdb/tests: Add test for SEARCH_FLAG_RODC_ATTRIBUTE behaviour
SEARCH_FLAG_RODC_ATTRIBUTE should be like SEARCH_FLAG_CONFIDENTIAL,
but for DirSync and DRS replication. Accounts with
GUID_DRS_GET_CHANGES rights should not be able to read this
attribute.
Andrew Bartlett [Mon, 7 Aug 2023 23:18:46 +0000 (11:18 +1200)]
CVE-2023-4154 dsdb/tests: Speed up DirSync test by only checking positive matches once
When we (expect to) get back a result, do not waste time against a potentially
slow server confirming we also get back results for all the other attribute
combinations.
Ralph Boehme [Tue, 1 Aug 2023 11:04:36 +0000 (13:04 +0200)]
CVE-2023-4091: smbd: use open_access_mask for access check in open_file()
If the client requested FILE_OVERWRITE[_IF], we're implicitly adding
FILE_WRITE_DATA to the open_access_mask in open_file_ntcreate(), but for the
access check we're using access_mask which doesn't contain the additional
right, which means we can end up truncating a file for which the user has
only read-only access via an SD.
Volker Lendecke [Fri, 4 Aug 2023 12:47:51 +0000 (14:47 +0200)]
ctdb: Add "home_nodes" file to deterministic IP allocation
With a file "home_nodes" next to "public_addresses" you can assign
public IPs to specific nodes when using the deterministic allocation
algorithm. Whenever the "home node" is up, the IP address will be
assigned to that node, independent of any other deterministic
calculation. The line
192.168.21.254 2
in the file "home_nodes" assigns the IP address to node 2. Only when
node 2 is not able to host IP addresses, 192.168.21.254 undergoes the
normal deterministic IP allocation algorithm.
Signed-off-by: Volker Lendecke <vl@samba.org>
add home_nodes Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Oct 10 14:17:19 UTC 2023 on atb-devel-224
Ralph Boehme [Wed, 20 Sep 2023 21:21:44 +0000 (14:21 -0700)]
s3: smbd: Ignore fstat() error on deleted stream in fd_close().
In the fd_close() fsp->fsp_flags.fstat_before_close code path.
If this is a stream and delete-on-close was set, the
backing object (an xattr from streams_xattr) might
already be deleted so fstat() fails with
NT_STATUS_NOT_FOUND. So if fsp refers to a stream we
ignore the error and only bail for normal files where
an fstat() should still work. NB. We cannot use
fsp_is_alternate_stream(fsp) for this as the base_fsp
has already been closed at this point and so the value
fsp_is_alternate_stream() checks for is already NULL.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Oct 10 09:39:27 UTC 2023 on atb-devel-224
Indicate BACKUP_INTENT to vfs_openat(). Why? I have a customer request
who wants to add O_NOATIME in this case to avoid metadata updates when
a backup or virus-checking application comes along.
This does not fully handle BACKUP_INTENT correctly, this would require
become_root() appropriately. We might want to do that later after a
lot of careful security audit, but this patch independently might
already provide some infrastructure for it.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Oct 5 14:00:33 UTC 2023 on atb-devel-224
This needs close review. I could not see where we were actually
referencing the original flags in a way that would not be available in
local_flags. The reason for this patch is that I want to pass in
vfs_open_how into open_file(), and the distinction between flags and
local_flags made this significantly harder to understand for me.
The only place where we really used both versions is the DBG_NOTICE in
the last hunk, and this will come back in the next patch.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Move adding O_RDWR before the check for read only shares. I haven't
been able to pass this condition through SMB, but in any case we
should not accidentially open with O_RDWR in the !CAN_WRITE(conn)
case.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
We have to return NT_STATUS_OBJECT_NAME_INVALID even if we're not
creating. In fact, we probably should not end up in open_file() if
we're open a Windows file with a wildcard.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Wed, 4 Oct 2023 14:33:01 +0000 (16:33 +0200)]
libsmb: Use pidl generated parsing for posix file info
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Oct 4 21:26:20 UTC 2023 on atb-devel-224
Martin Schwenke [Fri, 3 Mar 2023 06:49:05 +0000 (17:49 +1100)]
ctdb-scripts: Implement failcount handling with thresholds
This can be used for simple failure counting, without restarts, as
used in the 40.vsftpd event script. That case will subsequently be
converted and this functionality can also be used elsewhere.
Add documentation to ctdb-script.options(5) to allow parameters that
use this to be more easily described.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 15 Mar 2023 06:56:40 +0000 (17:56 +1100)]
ctdb-scripts: Avoid errors for uninitialised counters
Uninitialised counters are treated as 0, but still produce an error.
The redirect to stderr needs to come before the redirect for a missing
counter file.
The seemingly saner alternative of moving it outside the subshell
works when dash is /bin/sh (e.g. on Debian) but does not work when
bash is /bin/sh (e.g. on Fedora).
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Joseph Sutton <jsutton@samba.org>
Autobuild-Date(master): Sun Oct 1 23:46:44 UTC 2023 on atb-devel-224
Joseph Sutton [Wed, 27 Sep 2023 00:15:15 +0000 (13:15 +1300)]
s4:kdc: Add ‘samba_kdc_entry_pac’ wrapper type
With embedded Heimdal, we can mark a PAC as being trusted (i.e. not
issued by an RODC). This is convenient, as it saves us needing to carry
that information in flags, hoping it isn’t inadvertently lost.
System Heimdal and MIT Kerberos, however, don’t provide a way to mark a
PAC trusted. So we add a new wrapper type, ‘samba_kdc_entry_pac’, that
contains this extra information if ‘krb5_const_pac’ doesn’t contain it
already. As it also stores a pointer to the client entry, the
structure’s lifetime must therefore be carefully managed. Finally, it
keeps track of whether the PAC came across a trust, to know which is
useful in some circumstances.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 28 Sep 2023 23:44:08 +0000 (12:44 +1300)]
s4:kdc: Remove device PAC validation
In the first place, this check was only applicable to the Heimdal KDC,
the MIT KDC not having support for compounded authentication. Secondly,
it was redundant, because _kdc_fast_check_armor_pac() would have already
been called to verify the armor ticket; a second round of validation
achieved nothing. And finally, the check was flawed: it checked only
*explicitly* armored PACs, and so would have done nothing for an armored
*AS‐REQ*.
In short, this check was useless; remove it.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 29 Sep 2023 00:27:39 +0000 (13:27 +1300)]
tests/krb5: Initialize variable
This avoids the following exception:
Exception: Traceback (most recent call last):
File "/samba/bin/python/samba/tests/krb5/kdc_tgs_tests.py", line 2500, in test_renew_pac_request_false
tgt = self._modify_tgt(tgt, renewable=True)
File "samba/bin/python/samba/tests/krb5/kdc_tgs_tests.py", line 3014, in _modify_tgt
return self.modified_ticket(
File "/samba/bin/python/samba/tests/krb5/raw_testcase.py", line 5694, in modified_ticket
auth_data, new_pac,
UnboundLocalError: local variable 'new_pac' referenced before assignment
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 27 Sep 2023 03:38:23 +0000 (16:38 +1300)]
s4:kdc: Have callers of samba_kdc_get_user_info_dc() themselves add an Asserted Identity SID
samba_kdc_get_user_info_dc() does too much. It should be responsible
only for getting account information, not for adding extra SIDs.
By extracting the call to samba_kdc_add_asserted_identity() into the
former function’s callers, we’ll be able to remove the
‘asserted_identity’ parameter in the next commit, reducing the
function’s complexity.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 27 Sep 2023 03:23:33 +0000 (16:23 +1300)]
s4:kdc: Have callers of samba_kdc_get_user_info_dc() themselves add the Claims Valid SID
samba_kdc_get_user_info_dc() does too much. It should be responsible
only for getting account information, not for adding extra SIDs.
By extracting the call to samba_kdc_add_claims_valid() into the former
function’s callers, we’ll be able to remove the ‘claims_valid’ parameter
in the next commit, reducing the function’s complexity.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
projects / thirdparty / samba.git / log
