Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Thu Aug 4 10:11:30 UTC 2022 on sn-devel-184
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Wed Aug 3 14:00:36 UTC 2022 on sn-devel-184
Ralph Boehme [Fri, 19 Nov 2021 12:21:31 +0000 (13:21 +0100)]
mdssvc: don't trigger http reconnect if a search was cancelled
Calling tevent_req_error() triggers a HTTP reconnect in mds_es_search_done() as
mds_es_search_recv() returns the error so we call mds_es_reconnect_on_error().
slq (which is s->slq) or s->mds_es_ctx will be NULL if the user closed a search
or disconnected a share with an active mdssvc IPC pipe, no need to trigger a
HTTP reconnect for those cases.
Ralph Boehme [Fri, 19 Nov 2021 12:11:20 +0000 (13:11 +0100)]
mdssvc: fix check if search connection state is gone
This was dead code: before this patchset noone set s->mds_es_ctx->mds_ctx to
NULL. A previous commit changed that so now the mds_es_ctx destructor sets
s->mds_es_ctx to NULL if a search "s" was currently in-flight.
Ralph Boehme [Thu, 18 Nov 2021 15:51:36 +0000 (16:51 +0100)]
mdssvc: reapply default search destructor when marking a search non-pending
This is needed to ensure searches that are scheduled more then once to the
Elasticsarch server (because the first run didn't return all results) get
removed from the list of searches in case the user closes the query.
Ralph Boehme [Fri, 19 Nov 2021 12:29:54 +0000 (13:29 +0100)]
mdssvc: prevent a crash when pending search finishes after the client closed the search connection
When a search is in-flight and currently being processed against the
Elasticsearch server, we set s->pending. In the destructor of "s" we check "pending"
and reject deallocation of the object.
One instance where "s" is requested to be deallocated is when the client closes
the top-level per-share search connection. This will implicitly close all
searches associated with the mds_ctx from mds_ctx_destructor_cb():
while (mds_ctx->query_list != NULL) {
/*
* slq destructor removes element from list.
* Don't use TALLOC_FREE()!
*/
talloc_free(mds_ctx->query_list);
}
So when this happens the Elasticsearch backend query object stays around,
alongside with any active tevent_req request and a tevent_req timer set with
tevent_req_set_endtime() in mds_es_search_send().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14915
RN: mdssvc crashes when searches are pending and the client closes the mdssvc IPC pipe
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Noel Power <npower@samba.org>
Ralph Boehme [Fri, 19 Nov 2021 12:28:17 +0000 (13:28 +0100)]
mdssvc: consolidate calls of mds_es_search_unset_pending()
Both codepaths were mds_es_search_unset_pending() is currently called end up
going through the higher level callback mds_es_search_done(). Moving the call to
mds_es_search_unset_pending() ensures we call it consistently and don't miss it
in some error code path.
Jeremy Allison [Thu, 28 Jul 2022 19:38:47 +0000 (12:38 -0700)]
s3: smbd: Convert smb_file_rename_information() to use filename_convert_dirfsp().
There is only one last user of filename_convert(), in filename_convert_smb1_search_path().
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 2 20:46:38 UTC 2022 on sn-devel-184
Jeremy Allison [Thu, 28 Jul 2022 18:25:48 +0000 (11:25 -0700)]
s3: smbd: Add dst_dirfsp parameter to rename_internals_fsp().
Not yet used, but when this is fully plumbed though we can
look at optimizing and removing the code inside rename_internals_fsp()
that currently gets it's own dst_dirfsp.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Fri, 29 Jul 2022 21:07:50 +0000 (14:07 -0700)]
s3: smbd: In reply_ntrename(), don't call filename_convert() if we know it's a stream rename.
There is no point in calling filename_convert() on a raw stream name.
It can never find the file anyway (and never returns a valid smb_fname->fsp).
Use the same logic as SMB2_FILE_RENAME_INFORMATION_INTERNAL now does
and generate smb_fname_new directly.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Fri, 29 Jul 2022 21:38:17 +0000 (14:38 -0700)]
s3: smbd: Tweak the logic of smb2_file_rename_information().
There's no point in calling filename_convert() and then
just ignoring the returned smb_fname if it's a raw stream name.
Only call filename_convert() if we know it isn't a raw stream
name.
Ignore stream/non-stream mismatches in src and dst in
smb2_file_rename_information, let rename_internals_fsp()
take care of that as the error returns inside rename_internals_fsp()
are tested by raw.streams.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Mon, 1 Aug 2022 18:40:14 +0000 (11:40 -0700)]
s3: smbd: Inside filename_convert_dirfsp_nosymlink(), don't require UCF_PREP_CREATEFILE when parsing a stream name that doesn't already exist.
We don't require it for a new file. Without this change, we have
to add UCF_PREP_CREATEFILE to the destination flags when we are
doing renames to a destination stream name, but not when doing
renames to a destination file name, which makes for inconsistent API use.
filename_convert_dirfsp() is now a drop in replacement
for filename_convert(), even for the ugly SMB1 POSIX
cases.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Tue, 2 Aug 2022 00:55:23 +0000 (17:55 -0700)]
s3: smbd: In filename_convert_dirfsp(), don't let an SMB1+POSIX client see a symlink to a directory with no permissions.
This isn't 100% correct, but it gets us close enough
to the old behavior for SMB1+POSIX libsmbclient. If we went through a
symlink, and we got NT_STATUS_ACCESS_DENIED on the directory
containing the target, just don't allow the client to see the
intermediate path.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Mon, 1 Aug 2022 21:24:31 +0000 (14:24 -0700)]
s3: smbd: In filename_convert_dirfsp_nosymlink(), in SMB1-only POSIX mode, allow a pathname referencing a symlink to be returned.
Doesn't contain a valid smb_fname->fsp pointer of course,
and is only used by the SMB1 code to take a reference to
a smylink name for manipulation (unlinkat, readlinkat etc.).
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Aug 2 11:05:14 UTC 2022 on sn-devel-184
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Jul 28 23:41:27 UTC 2022 on sn-devel-184
Joseph Sutton [Tue, 7 Jun 2022 05:38:55 +0000 (17:38 +1200)]
CVE-2022-32743 dsdb/modules/acl: Allow simultaneous sAMAccountName, dNSHostName, and servicePrincipalName change
If the message changes the sAMAccountName, we'll check dNSHostName and
servicePrincipalName values against the new value of sAMAccountName,
rather than the account's current value. Similarly, if the message
changes the dNSHostName, we'll check servicePrincipalName values against
the new dNSHostName. This allows setting more than one of these
attributes simultaneously with validated write rights.
We now pass 'struct ldb_val' to acl_validate_spn_value() instead of
simple strings. Previously, we were relying on the data inside 'struct
ldb_val' having a terminating zero byte, even though this is not
guaranteed.
Joseph Sutton [Tue, 7 Jun 2022 05:37:34 +0000 (17:37 +1200)]
CVE-2022-32743 dsdb/modules/acl: Account for sAMAccountName without $
If we have an account without a trailing $, we should ensure the
servicePrincipalName matches the entire sAMAccountName. We should not
allow a match against the sAMAccountName prefix of length
strlen(samAccountName) - 1, as that could conflict with a different
account.
Joseph Sutton [Tue, 7 Jun 2022 05:29:02 +0000 (17:29 +1200)]
CVE-2022-32743 s4:rpc_server/netlogon: Connect to samdb as a user, rather than as system
This allows us to perform validation on a client-specified dNSHostName
value, to ensure that it matches the sAMAccountName.
We might not have any rights to modify the account, so pass the control
FORCE_ALLOW_VALIDATED_DNS_HOSTNAME_SPN_WRITE which allows us to perform
a validated write to dNSHostName and servicePrincipalName (and
unvalidated writes to other attributes, such as operatingSystem).
Joseph Sutton [Tue, 7 Jun 2022 05:36:43 +0000 (17:36 +1200)]
CVE-2022-32743 dsdb/common: Add FORCE_ALLOW_VALIDATED_DNS_HOSTNAME_SPN_WRITE control
Passing this control will grant the right to set validated values for
dNSHostName and servicePrincipalName, and non-validated values for other
attributes.
This function simulates an add or modify operation for an ldb message to
determine the final value of a particular single-valued attribute. This
is useful when validating attributes that should stay in sync with other
attributes, such as servicePrincipalName and dNSHostName.
examples/winexe: fix fetching return code of the remote command
ctrl_inbuf field is used to parse remote-side information. A typo was
there that tried to parse return code as "version 0x%x" whereas the
correct way to do it (tested on Windows 10) is to scan for "return_code
%x".
Signed-off-by: Yury Lunev <yury.lunev@gmail.com> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jul 28 18:01:16 UTC 2022 on sn-devel-184
Jeremy Allison [Wed, 27 Jul 2022 21:36:33 +0000 (14:36 -0700)]
s3: smbd: Ensure we set fsp->file_id in openat_pathref_dirfsp_nosymlink().
This is a subtle one. The dirfsp returned by openat_pathref_dirfsp_nosymlink()
can be used inside open.c and passed to check_parent_access_fsp() to
check if a delete_on_close flag has been set on an existing "real"
open fsp. So the file_id must be correctly set in order for this
to work. Without it, samba3.base.delete fails in deltest20 when
we convert reply_open_and_X() to use filename_convert_dirfsp().
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
s3:winbind: Implement dcerpc_samr_chgpasswd_user4 for PamAuthChangePassword
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jul 28 12:47:31 UTC 2022 on sn-devel-184
projects / thirdparty / samba.git / log
