The branch, master has been updated
via 9b0fc29 winbind: Don't add duplicate IDs in wbinfo -r
via a4733c7 libcli: Add an overflow check
via a3737ef libcli: Do not overwrite pointer on realloc failure
via 18332a1 winbind: Fix a typo
via 3267659 s3/smbd: check for invalid access_mask
smbd_calculate_access_mask()
via a3781d1 selftest: also run test base.createx_access against ad_dc
from 8ec6d8a Add explicit dependency on samba-debug from libinterfaces
and libserverrole.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 9b0fc295eff69120593211863d0253bdd9ecd0fe
Author: Volker Lendecke <[email protected]>
Date: Wed Jan 18 16:54:03 2017 +0100
winbind: Don't add duplicate IDs in wbinfo -r
We look at the netsamlogon_cache entry twice: Once in queryuser and
once in lookupusergroups_cached. This can add the group SID twice.
Use add_sid_to_array_unique to avoid this.
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
Autobuild-User(master): Jeremy Allison <[email protected]>
Autobuild-Date(master): Tue Jan 24 02:36:19 CET 2017 on sn-devel-144
commit a4733c7fde1764dd42a24412c744794410e570ba
Author: Volker Lendecke <[email protected]>
Date: Wed Jan 18 16:43:56 2017 +0100
libcli: Add an overflow check
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
commit a3737ef6bca739952e72e9df7a96a5dd74eea2ac
Author: Volker Lendecke <[email protected]>
Date: Wed Jan 18 16:43:35 2017 +0100
libcli: Do not overwrite pointer on realloc failure
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
commit 18332a1743401d0ddefce879ba1ca97bddbeba29
Author: Volker Lendecke <[email protected]>
Date: Fri Jan 13 07:33:24 2017 +0100
winbind: Fix a typo
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
commit 326765923f1d384e5cd8b7fda048b459c67a4bf5
Author: Ralph Boehme <[email protected]>
Date: Mon Jan 23 16:19:06 2017 +0100
s3/smbd: check for invalid access_mask smbd_calculate_access_mask()
This makes us pass "base.createx_access".
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12536
Signed-off-by: Ralph Boehme <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
commit a3781d1cfe7d5e7df20fc65a9a7653937f03808c
Author: Ralph Boehme <[email protected]>
Date: Mon Jan 23 17:35:51 2017 +0100
selftest: also run test base.createx_access against ad_dc
Fails currently, will be made to work in the next commit.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12536
Signed-off-by: Ralph Boehme <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
libcli/security/util_sid.c | 12 ++++--
source3/selftest/tests.py | 4 +-
source3/smbd/open.c | 6 +++
source3/winbindd/wb_gettoken.c | 81 +++++++++++++++++++----------------------
source3/winbindd/wb_sids2xids.c | 2 +-
5 files changed, 57 insertions(+), 48 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/security/util_sid.c b/libcli/security/util_sid.c
index 2f3fceb..ac44876 100644
--- a/libcli/security/util_sid.c
+++ b/libcli/security/util_sid.c
@@ -337,12 +337,18 @@ int sid_compare_domain(const struct dom_sid *sid1, const
struct dom_sid *sid2)
NTSTATUS add_sid_to_array(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
struct dom_sid **sids, uint32_t *num)
{
- *sids = talloc_realloc(mem_ctx, *sids, struct dom_sid,
- (*num)+1);
- if (*sids == NULL) {
+ struct dom_sid *tmp;
+
+ if ((*num) == UINT32_MAX) {
+ return NT_STATUS_INTEGER_OVERFLOW;
+ }
+
+ tmp = talloc_realloc(mem_ctx, *sids, struct dom_sid, (*num)+1);
+ if (tmp == NULL) {
*num = 0;
return NT_STATUS_NO_MEMORY;
}
+ *sids = tmp;
sid_copy(&((*sids)[*num]), sid);
*num += 1;
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 37cf1a4..0b5a0ce 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -284,7 +284,7 @@ plantestsuite("samba3.async_req", "nt4_dc",
#smbtorture4 tests
-base = ["base.attr", "base.charset", "base.chkpath", "base.defer_open",
"base.delaywrite", "base.delete",
+base = ["base.attr", "base.charset", "base.chkpath", "base.createx_access",
"base.defer_open", "base.delaywrite", "base.delete",
"base.deny1", "base.deny2", "base.deny3", "base.denydos", "base.dir1",
"base.dir2",
"base.disconnect", "base.fdpass", "base.lock",
"base.mangle", "base.negnowait", "base.ntdeny1",
@@ -340,6 +340,8 @@ tests= base + raw + smb2 + rpc + unix + local + rap + nbt +
libsmbclient + idmap
for t in tests:
if t == "base.delaywrite":
plansmbtorture4testsuite(t, "ad_dc", '//$SERVER/tmp
-U$USERNAME%$PASSWORD -k yes --maximum-runtime=900')
+ if t == "base.createx_access":
+ plansmbtorture4testsuite(t, "ad_dc", '//$SERVER/tmp
-U$USERNAME%$PASSWORD -k yes --maximum-runtime=900')
elif t == "rap.sam":
plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp
-U$USERNAME%$PASSWORD --option=doscharset=ISO-8859-1')
plansmbtorture4testsuite(t, "ad_dc", '//$SERVER_IP/tmp
-U$USERNAME%$PASSWORD --option=doscharset=ISO-8859-1')
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 404a259..931d76d 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -2275,6 +2275,12 @@ NTSTATUS smbd_calculate_access_mask(connection_struct
*conn,
uint32_t orig_access_mask = access_mask;
uint32_t rejected_share_access;
+ if (access_mask & SEC_MASK_INVALID) {
+ DBG_DEBUG("access_mask [%8x] contains invalid bits\n",
+ access_mask);
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
/*
* Convert GENERIC bits to specific bits.
*/
diff --git a/source3/winbindd/wb_gettoken.c b/source3/winbindd/wb_gettoken.c
index d8867c3..07c7fc7 100644
--- a/source3/winbindd/wb_gettoken.c
+++ b/source3/winbindd/wb_gettoken.c
@@ -27,14 +27,15 @@ struct wb_gettoken_state {
struct tevent_context *ev;
struct dom_sid usersid;
bool expand_local_aliases;
- int num_sids;
+ uint32_t num_sids;
struct dom_sid *sids;
};
-static bool wb_add_rids_to_sids(TALLOC_CTX *mem_ctx,
- int *pnum_sids, struct dom_sid **psids,
- const struct dom_sid *domain_sid,
- int num_rids, uint32_t *rids);
+static NTSTATUS wb_add_rids_to_sids(TALLOC_CTX *mem_ctx,
+ uint32_t *pnum_sids,
+ struct dom_sid **psids,
+ const struct dom_sid *domain_sid,
+ int num_rids, uint32_t *rids);
static void wb_gettoken_gotuser(struct tevent_req *subreq);
static void wb_gettoken_gotlocalgroups(struct tevent_req *subreq);
@@ -70,10 +71,9 @@ static void wb_gettoken_gotuser(struct tevent_req *subreq)
subreq, struct tevent_req);
struct wb_gettoken_state *state = tevent_req_data(
req, struct wb_gettoken_state);
- struct dom_sid *sids;
struct winbindd_domain *domain;
struct wbint_userinfo *info;
- uint32_t num_groups;
+ uint32_t i, num_groups;
struct dom_sid *groups;
NTSTATUS status;
@@ -83,11 +83,10 @@ static void wb_gettoken_gotuser(struct tevent_req *subreq)
return;
}
- sids = talloc_array(state, struct dom_sid, 2);
- if (tevent_req_nomem(sids, req)) {
+ state->sids = talloc_array(state, struct dom_sid, 2);
+ if (tevent_req_nomem(state->sids, req)) {
return;
}
- state->sids = sids;
state->num_sids = 2;
sid_copy(&state->sids[0], &info->user_sid);
@@ -102,21 +101,14 @@ static void wb_gettoken_gotuser(struct tevent_req *subreq)
return;
}
- if (num_groups + state->num_sids < num_groups) {
- tevent_req_nterror(req, NT_STATUS_INTEGER_OVERFLOW);
- return;
- }
+ for (i=0; i<num_groups; i++) {
+ status = add_sid_to_array_unique(
+ state, &groups[i], &state->sids, &state->num_sids);
- sids = talloc_realloc(state, state->sids, struct dom_sid,
- state->num_sids+num_groups);
- if (tevent_req_nomem(sids, req)) {
- return;
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
}
- state->sids = sids;
-
- memcpy(&state->sids[state->num_sids], groups,
- num_groups * sizeof(struct dom_sid));
- state->num_sids += num_groups;
if (!state->expand_local_aliases) {
tevent_req_done(req);
@@ -156,9 +148,10 @@ static void wb_gettoken_gotlocalgroups(struct tevent_req
*subreq)
if (tevent_req_nterror(req, status)) {
return;
}
- if (!wb_add_rids_to_sids(state, &state->num_sids, &state->sids,
- get_global_sam_sid(), num_rids, rids)) {
- tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
+
+ status = wb_add_rids_to_sids(state, &state->num_sids, &state->sids,
+ get_global_sam_sid(), num_rids, rids);
+ if (tevent_req_nterror(req, status)) {
return;
}
TALLOC_FREE(rids);
@@ -196,9 +189,9 @@ static void wb_gettoken_gotbuiltins(struct tevent_req
*subreq)
if (tevent_req_nterror(req, status)) {
return;
}
- if (!wb_add_rids_to_sids(state, &state->num_sids, &state->sids,
- &global_sid_Builtin, num_rids, rids)) {
- tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
+ status = wb_add_rids_to_sids(state, &state->num_sids, &state->sids,
+ &global_sid_Builtin, num_rids, rids);
+ if (tevent_req_nterror(req, status)) {
return;
}
tevent_req_done(req);
@@ -219,24 +212,26 @@ NTSTATUS wb_gettoken_recv(struct tevent_req *req,
TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
-static bool wb_add_rids_to_sids(TALLOC_CTX *mem_ctx,
- int *pnum_sids, struct dom_sid **psids,
- const struct dom_sid *domain_sid,
- int num_rids, uint32_t *rids)
+static NTSTATUS wb_add_rids_to_sids(TALLOC_CTX *mem_ctx,
+ uint32_t *pnum_sids,
+ struct dom_sid **psids,
+ const struct dom_sid *domain_sid,
+ int num_rids, uint32_t *rids)
{
- struct dom_sid *sids;
int i;
- sids = talloc_realloc(mem_ctx, *psids, struct dom_sid,
- *pnum_sids + num_rids);
- if (sids == NULL) {
- return false;
- }
for (i=0; i<num_rids; i++) {
- sid_compose(&sids[i+*pnum_sids], domain_sid, rids[i]);
+ NTSTATUS status;
+ struct dom_sid sid;
+
+ sid_compose(&sid, domain_sid, rids[i]);
+
+ status = add_sid_to_array_unique(
+ mem_ctx, &sid, psids, pnum_sids);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
}
- *pnum_sids += num_rids;
- *psids = sids;
- return true;
+ return NT_STATUS_OK;
}
diff --git a/source3/winbindd/wb_sids2xids.c b/source3/winbindd/wb_sids2xids.c
index 25260be..9bb8fa8 100644
--- a/source3/winbindd/wb_sids2xids.c
+++ b/source3/winbindd/wb_sids2xids.c
@@ -40,7 +40,7 @@ struct wb_sids2xids_state {
/*
* Domain array to use for the idmap call. The output from
* lookupsids cannot be used directly since for migrated
- * objects the returned domain SID can be different that the
+ * objects the returned domain SID can be different than the
* original one. The new domain SID cannot be combined with
* the RID from the previous domain.
*
--
Samba Shared Repository
