The branch, v4-15-stable has been updated via 37595203ef3 VERSION: Disable GIT_SNAPSHOT for the 4.15.11 release. via c074cc854b9 WHATSNEW: Add release notes for Samba 4.15.11. via e9db0373600 CVE-2022-3437 source4/heimdal: Pass correct length to _gssapi_verify_pad() via 77e0f2febaa CVE-2022-3437 source4/heimdal: Check for overflow in _gsskrb5_get_mech() via 1aca3451551 CVE-2022-3437 source4/heimdal: Check buffer length against overflow for DES{,3} unwrap via ebac8bf0478 CVE-2022-3437 source4/heimdal: Check the result of _gsskrb5_get_mech() via 5a62eb5734d CVE-2022-3437 source4/heimdal: Avoid undefined behaviour in _gssapi_verify_pad() via 9f6f1e01aca CVE-2022-3437 source4/heimdal: Don't pass NULL pointers to memcpy() in DES unwrap via 5f6dbf2ab29 CVE-2022-3437 source4/heimdal: Use constant-time memcmp() in unwrap_des3() via c22914f845b CVE-2022-3437 source4/heimdal: Use constant-time memcmp() for arcfour unwrap via 310bffc0855 CVE-2022-3437 s4/auth/tests: Add unit tests for unwrap_des3() via a49a3ac8e08 CVE-2022-3437 source4/heimdal_build: Add gssapi-subsystem subsystem via fe1204d9da2 CVE-2022-3437 source4/heimdal: Remove __func__ compatibility workaround via 9f658aa5fe2 .gitlab-ci: Work around new git restrictions arising from CVE-2022-24765 via 52ed3d07fd5 bootstrap: Migrate to CentOS8 Stream via ae64b3bfc18 bootstrap: chown the whole cloned repo, not just the subfolders via 6881b17bf27 bootstrap: Fix CentOS8 runner via 1ad45400995 VERSION: Bump version up to Samba 4.15.11... from c3bff29ce35 VERSION: Disable GIT_SNAPSHOT for the 4.15.10 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-stable - Log ----------------------------------------------------------------- commit 37595203ef30b1a631b94075328f8d0d604e6e71 Author: Jule Anger <jan...@samba.org> Date: Mon Oct 24 12:35:24 2022 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.15.11 release. Signed-off-by: Jule Anger <jan...@samba.org> commit c074cc854b9ae6e85f0e667523778b655c49da16 Author: Jule Anger <jan...@samba.org> Date: Mon Oct 24 12:19:04 2022 +0200 WHATSNEW: Add release notes for Samba 4.15.11. Signed-off-by: Jule Anger <jan...@samba.org> commit e9db03736007721e37c4fba847ce4aa0c4520924 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Wed Oct 12 13:57:33 2022 +1300 CVE-2022-3437 source4/heimdal: Pass correct length to _gssapi_verify_pad() We later subtract 8 when calculating the length of the output message buffer. If padlength is excessively high, this calculation can underflow and result in a very large positive value. Now we properly constrain the value of padlength so underflow shouldn't be possible. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 77e0f2febaaf4d6e5e42f8e73a1f8f3c0e4a2985 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Mon Oct 10 20:33:09 2022 +1300 CVE-2022-3437 source4/heimdal: Check for overflow in _gsskrb5_get_mech() If len_len is equal to total_len - 1 (i.e. the input consists only of a 0x60 byte and a length), the expression 'total_len - 1 - len_len - 1', used as the 'len' parameter to der_get_length(), will overflow to SIZE_MAX. Then der_get_length() will proceed to read, unconstrained, whatever data follows in memory. Add a check to ensure that doesn't happen. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 1aca34515515f2cb00fbf5ad8b9212b319f01836 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Mon Aug 15 16:54:23 2022 +1200 CVE-2022-3437 source4/heimdal: Check buffer length against overflow for DES{,3} unwrap BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit ebac8bf0478e19849f83af6d44b73d7ab3afd25b Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Mon Aug 15 16:53:55 2022 +1200 CVE-2022-3437 source4/heimdal: Check the result of _gsskrb5_get_mech() We should make sure that the result of 'total_len - mech_len' won't overflow, and that we don't memcmp() past the end of the buffer. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 5a62eb5734d50fe556934aefa3bac5698372f00e Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Mon Aug 15 16:53:45 2022 +1200 CVE-2022-3437 source4/heimdal: Avoid undefined behaviour in _gssapi_verify_pad() By decrementing 'pad' only when we know it's safe, we ensure we can't stray backwards past the start of a buffer, which would be undefined behaviour. In the previous version of the loop, 'i' is the number of bytes left to check, and 'pad' is the current byte we're checking. 'pad' was decremented at the end of each loop iteration. If 'i' was 1 (so we checked the final byte), 'pad' could potentially be pointing to the first byte of the input buffer, and the decrement would put it one byte behind the buffer. That would be undefined behaviour. The patch changes it so that 'pad' is the byte we previously checked, which allows us to ensure that we only decrement it when we know we have a byte to check. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 9f6f1e01aca4f00a5d23127803c81939253e0577 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Wed Oct 12 13:57:42 2022 +1300 CVE-2022-3437 source4/heimdal: Don't pass NULL pointers to memcpy() in DES unwrap BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 5f6dbf2ab29bcd30c701cab3daecf5a6a53a44cd Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Wed Oct 12 13:57:55 2022 +1300 CVE-2022-3437 source4/heimdal: Use constant-time memcmp() in unwrap_des3() The surrounding checks all use ct_memcmp(), so this one was presumably meant to as well. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit c22914f845b3eba1c9ad444333f3d044352b7e2c Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Wed Oct 12 13:57:13 2022 +1300 CVE-2022-3437 source4/heimdal: Use constant-time memcmp() for arcfour unwrap BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> [jsut...@samba.org Adapted to small differences in comparisons, and removed erroneous duplicate code in conflicting region] commit 310bffc085514f9ceba5b3501ddef15807c53809 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Wed Oct 12 13:55:39 2022 +1300 CVE-2022-3437 s4/auth/tests: Add unit tests for unwrap_des3() BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> [jsut...@samba.org Adapted to lack of 'samba.unittests.auth.sam' test, renamed 'third_party' to 'source4' in paths, defined HEIMDAL_NORETURN_ATTRIBUTE and HEIMDAL_PRINTF_ATTRIBUTE to fix compiler error] commit a49a3ac8e082921c2793a073b5991c4693f167ab Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Wed Oct 12 13:55:51 2022 +1300 CVE-2022-3437 source4/heimdal_build: Add gssapi-subsystem subsystem This allows us to access (and so test) functions internal to GSSAPI by depending on this subsystem. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> [jsut...@samba.org Adapted to older wscript_build file] commit fe1204d9da2c6f761c4dc4421f67057b10eaf430 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Wed Oct 12 13:56:08 2022 +1300 CVE-2022-3437 source4/heimdal: Remove __func__ compatibility workaround As described by the C standard, __func__ is a variable, not a macro. Hence this #ifndef check does not work as intended, and only serves to unconditionally disable __func__. A nonoperating __func__ prevents cmocka operating correctly, so remove this definition. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 9f658aa5fe2d64780b4cd25a456ae0c6e4b7c2a4 Author: Andrew Bartlett <abart...@samba.org> Date: Fri May 6 17:53:29 2022 +1200 .gitlab-ci: Work around new git restrictions arising from CVE-2022-24765 It was realised that git would run commands found in a git repo (eg from configuration). BUG: https://bugzilla.samba.org/show_bug.cgi?id=15193 Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> (cherry picked from commit dd568490089ae6d5bcf03068bfc4ca6b9103badb) commit 52ed3d07fd5269163b006985e56921cf015a32f9 Author: Andreas Schneider <a...@samba.org> Date: Thu Feb 3 15:43:54 2022 +0100 bootstrap: Migrate to CentOS8 Stream BUG: https://bugzilla.samba.org/show_bug.cgi?id=15193 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Alexander Bokovoy <a...@samba.org> Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org> Autobuild-Date(master): Fri Feb 4 21:11:40 UTC 2022 on sn-devel-184 [adapted from commit 136ec5bc01e2648bae34a1158f923fbf5a86d561 in the hope of getting lmdb-devel to be available for the CentoS 8 image] commit ae64b3bfc1823c4efd03f506f6908722e8fa513b Author: Andrew Bartlett <abart...@samba.org> Date: Fri May 6 13:29:05 2022 +1200 bootstrap: chown the whole cloned repo, not just the subfolders Modern git versions have started to notice the possible security issue. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15193 Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> [abart...@samba.org adapted from commit c771d197eeebf2b01d46451cc51b698a99502935 with new sha1sum] commit 6881b17bf277c7b4958f66de7af5bdbdecc32eac Author: Andreas Schneider <a...@samba.org> Date: Thu Feb 3 07:53:33 2022 +0100 bootstrap: Fix CentOS8 runner CentOS8 is EOL since December 31, 2021. The packages move to vault.centos.org. We should migrate to CentOS8 Stream soon. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15193 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Alexander Bokovoy <a...@samba.org> Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org> Autobuild-Date(master): Thu Feb 3 14:31:01 UTC 2022 on sn-devel-184 [abart...@samba.org Adapted from commit 0c6554aa0d6812343a8155fca3d7a7993cd5c703 by updating sha1sum] ----------------------------------------------------------------------- Summary of changes: .gitlab-ci-main.yml | 10 +- VERSION | 2 +- WHATSNEW.txt | 54 +- bootstrap/.gitlab-ci.yml | 4 +- bootstrap/config.py | 15 +- bootstrap/generated-dists/Vagrantfile | 10 +- .../{centos8 => centos8s}/Dockerfile | 2 +- .../{centos8 => centos8s}/bootstrap.sh | 5 +- .../{centos8 => centos8s}/locale.sh | 0 .../{centos8 => centos8s}/packages.yml | 0 bootstrap/sha1sum.txt | 2 +- selftest/tests.py | 5 + source4/auth/tests/heimdal_unwrap_des.c | 1247 ++++++++++++++++++++ source4/auth/wscript_build | 21 + source4/heimdal/lib/gssapi/krb5/arcfour.c | 24 +- source4/heimdal/lib/gssapi/krb5/decapsulate.c | 12 +- source4/heimdal/lib/gssapi/krb5/unwrap.c | 34 +- source4/heimdal/lib/krb5/krb5_locl.h | 4 - source4/heimdal_build/wscript_build | 14 +- 19 files changed, 1401 insertions(+), 64 deletions(-) rename bootstrap/generated-dists/{centos8 => centos8s}/Dockerfile (90%) rename bootstrap/generated-dists/{centos8 => centos8s}/bootstrap.sh (93%) rename bootstrap/generated-dists/{centos8 => centos8s}/locale.sh (100%) rename bootstrap/generated-dists/{centos8 => centos8s}/packages.yml (100%) create mode 100644 source4/auth/tests/heimdal_unwrap_des.c Changeset truncated at 500 lines: diff --git a/.gitlab-ci-main.yml b/.gitlab-ci-main.yml index 125b3901832..e0b9b9d20b9 100644 --- a/.gitlab-ci-main.yml +++ b/.gitlab-ci-main.yml @@ -42,7 +42,7 @@ variables: # Set this to the contents of bootstrap/sha1sum.txt # which is generated by bootstrap/template.py --render # - SAMBA_CI_CONTAINER_TAG: dd2b9a1848eed2d200e1a525695e40f06c23d888 + SAMBA_CI_CONTAINER_TAG: fbf9c4c8a2055936d4ca279878df7811af46d86d # # We use the ubuntu1804 image as default as # it matches what we have on sn-devel-184. @@ -64,7 +64,7 @@ variables: SAMBA_CI_CONTAINER_IMAGE_fedora33: fedora33 SAMBA_CI_CONTAINER_IMAGE_fedora34: fedora34 SAMBA_CI_CONTAINER_IMAGE_centos7: centos7 - SAMBA_CI_CONTAINER_IMAGE_centos8: centos8 + SAMBA_CI_CONTAINER_IMAGE_centos8s: centos8s include: # The image creation details are specified in a separate file @@ -137,6 +137,8 @@ include: - export CXX="ccache c++" - ccache -z -M 500M - ccache -s + # We are already running .gitlab-ci directives from this repo, remove additional checks that break our CI + - git config --global --add safe.directory `pwd` after_script: - mount - df -h @@ -594,10 +596,10 @@ centos7-samba-o3: # We need a newer GnuTLS version on CentOS7 PKG_CONFIG_PATH: "/usr/lib64/compat-gnutls34/pkgconfig:/usr/lib64/compat-nettle32/pkgconfig" -centos8-samba-o3: +centos8s-samba-o3: extends: .samba-o3-template variables: - SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_centos8} + SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_centos8s} fedora33-samba-o3: extends: .samba-o3-template diff --git a/VERSION b/VERSION index 5762c28f102..342a497a486 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ ######################################################## SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=15 -SAMBA_VERSION_RELEASE=10 +SAMBA_VERSION_RELEASE=11 ######################################################## # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 8c22b675d54..b62e20cbc53 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,54 @@ + =============================== + Release Notes for Samba 4.15.11 + October 25, 2022 + =============================== + + +This is a security release in order to address the following defect: + +o CVE-2022-3437: There is a limited write heap buffer overflow in the GSSAPI + unwrap_des() and unwrap_des3() routines of Heimdal (included + in Samba). + https://www.samba.org/samba/security/CVE-2022-3437.html + +Changes since 4.15.10 +--------------------- + +o Andrew Bartlett <abart...@samba.org> + * BUG 15193: Allow rebuild of Centos 8 images after move to vault for Samba + 4.15. + +o Andreas Schneider <a...@samba.org> + * BUG 15193: Allow rebuild of Centos 8 images after move to vault for Samba + 4.15. + +o Joseph Sutton <josephsut...@catalyst.net.nz> + * BUG 15134: CVE-2022-3437. + + +####################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical:matrix.org matrix room, or +#samba-technical IRC channel on irc.libera.chat. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +Release notes for older releases follow: +---------------------------------------- =============================== Release Notes for Samba 4.15.10 September 28, 2022 @@ -61,8 +112,7 @@ database (https://bugzilla.samba.org/). ====================================================================== -Release notes for older releases follow: ----------------------------------------- +---------------------------------------------------------------------- ============================== Release Notes for Samba 4.15.9 July 27, 2022 diff --git a/bootstrap/.gitlab-ci.yml b/bootstrap/.gitlab-ci.yml index 33534f5f1dd..58e0642a70d 100644 --- a/bootstrap/.gitlab-ci.yml +++ b/bootstrap/.gitlab-ci.yml @@ -47,7 +47,7 @@ services: diff -u bootstrap/sha1sum.txt /tmp/sha1sum-template.txt # run smoke test with samba-o3 or samba-fuzz docker run --volume $(pwd):${samba_repo_root} --workdir ${samba_repo_root} ${ci_image_name} \ - /bin/bash -c "sudo chown -R samba:samba ./** && export PKG_CONFIG_PATH=/usr/lib64/compat-gnutls34/pkgconfig:/usr/lib64/compat-nettle32/pkgconfig && script/autobuild.py ${SAMBA_CI_TEST_JOB} --verbose --nocleanup --keeplogs --tail --testbase /tmp/samba-testbase" + /bin/bash -c "sudo chown -R samba:samba ${samba_repo_root} && export PKG_CONFIG_PATH=/usr/lib64/compat-gnutls34/pkgconfig:/usr/lib64/compat-nettle32/pkgconfig && script/autobuild.py ${SAMBA_CI_TEST_JOB} --verbose --nocleanup --keeplogs --tail --testbase /tmp/samba-testbase" docker tag ${ci_image_name} ${ci_image_path}:${SAMBA_CI_CONTAINER_TAG} docker tag ${ci_image_name} ${ci_image_path}:${timestamp_tag} # We build all images, but only upload is it's not marked as broken @@ -112,7 +112,7 @@ fedora33: fedora34: extends: .build_image_template -centos8: +centos8s: extends: .build_image_template centos7: diff --git a/bootstrap/config.py b/bootstrap/config.py index fd75a771252..164ab306329 100644 --- a/bootstrap/config.py +++ b/bootstrap/config.py @@ -230,7 +230,7 @@ if [ ! -f /usr/bin/python3 ]; then fi """ -CENTOS8_YUM_BOOTSTRAP = r""" +CENTOS8S_YUM_BOOTSTRAP = r""" #!/bin/bash {GENERATED_MARKER} set -xueo pipefail @@ -240,10 +240,9 @@ yum install -y dnf-plugins-core yum install -y epel-release yum -v repolist all -yum config-manager --set-enabled PowerTools -y || \ +yum config-manager --set-enabled powertools -y || \ yum config-manager --set-enabled powertools -y -yum config-manager --set-enabled Devel -y || \ - yum config-manager --set-enabled devel -y + yum update -y yum install -y \ @@ -471,10 +470,10 @@ RPM_DISTS = { 'tracker-devel': '', # do not install } }, - 'centos8': { - 'docker_image': 'centos:8', - 'vagrant_box': 'centos/8', - 'bootstrap': CENTOS8_YUM_BOOTSTRAP, + 'centos8s': { + 'docker_image': 'quay.io/centos/centos:stream8', + 'vagrant_box': 'centos/stream8', + 'bootstrap': CENTOS8S_YUM_BOOTSTRAP, 'replace': { 'lsb-release': 'redhat-lsb', '@development-tools': '"@Development Tools"', # add quotes diff --git a/bootstrap/generated-dists/Vagrantfile b/bootstrap/generated-dists/Vagrantfile index 780320ec7c8..10075800c01 100644 --- a/bootstrap/generated-dists/Vagrantfile +++ b/bootstrap/generated-dists/Vagrantfile @@ -17,11 +17,11 @@ Vagrant.configure("2") do |config| v.vm.provision :shell, path: "centos7/locale.sh" end - config.vm.define "centos8" do |v| - v.vm.box = "centos/8" - v.vm.hostname = "centos8" - v.vm.provision :shell, path: "centos8/bootstrap.sh" - v.vm.provision :shell, path: "centos8/locale.sh" + config.vm.define "centos8s" do |v| + v.vm.box = "centos/stream8" + v.vm.hostname = "centos8s" + v.vm.provision :shell, path: "centos8s/bootstrap.sh" + v.vm.provision :shell, path: "centos8s/locale.sh" end config.vm.define "debian10" do |v| diff --git a/bootstrap/generated-dists/centos8/Dockerfile b/bootstrap/generated-dists/centos8s/Dockerfile similarity index 90% rename from bootstrap/generated-dists/centos8/Dockerfile rename to bootstrap/generated-dists/centos8s/Dockerfile index f6343e9d5a2..1c932f58a94 100644 --- a/bootstrap/generated-dists/centos8/Dockerfile +++ b/bootstrap/generated-dists/centos8s/Dockerfile @@ -3,7 +3,7 @@ # See also bootstrap/config.py # -FROM centos:8 +FROM quay.io/centos/centos:stream8 # pass in with --build-arg while build ARG SHA1SUM diff --git a/bootstrap/generated-dists/centos8/bootstrap.sh b/bootstrap/generated-dists/centos8s/bootstrap.sh similarity index 93% rename from bootstrap/generated-dists/centos8/bootstrap.sh rename to bootstrap/generated-dists/centos8s/bootstrap.sh index 60cf3937cf7..1111450c400 100755 --- a/bootstrap/generated-dists/centos8/bootstrap.sh +++ b/bootstrap/generated-dists/centos8s/bootstrap.sh @@ -12,10 +12,9 @@ yum install -y dnf-plugins-core yum install -y epel-release yum -v repolist all -yum config-manager --set-enabled PowerTools -y || \ +yum config-manager --set-enabled powertools -y || \ yum config-manager --set-enabled powertools -y -yum config-manager --set-enabled Devel -y || \ - yum config-manager --set-enabled devel -y + yum update -y yum install -y \ diff --git a/bootstrap/generated-dists/centos8/locale.sh b/bootstrap/generated-dists/centos8s/locale.sh similarity index 100% rename from bootstrap/generated-dists/centos8/locale.sh rename to bootstrap/generated-dists/centos8s/locale.sh diff --git a/bootstrap/generated-dists/centos8/packages.yml b/bootstrap/generated-dists/centos8s/packages.yml similarity index 100% rename from bootstrap/generated-dists/centos8/packages.yml rename to bootstrap/generated-dists/centos8s/packages.yml diff --git a/bootstrap/sha1sum.txt b/bootstrap/sha1sum.txt index 11369ced5f7..120d935186d 100644 --- a/bootstrap/sha1sum.txt +++ b/bootstrap/sha1sum.txt @@ -1 +1 @@ -dd2b9a1848eed2d200e1a525695e40f06c23d888 +fbf9c4c8a2055936d4ca279878df7811af46d86d diff --git a/selftest/tests.py b/selftest/tests.py index c87b41c1a66..1331a6841e0 100644 --- a/selftest/tests.py +++ b/selftest/tests.py @@ -47,6 +47,8 @@ with_pam = ("WITH_PAM" in config_hash) with_elasticsearch_backend = ("HAVE_SPOTLIGHT_BACKEND_ES" in config_hash) pam_wrapper_so_path = config_hash.get("LIBPAM_WRAPPER_SO_PATH") pam_set_items_so_path = config_hash.get("PAM_SET_ITEMS_SO_PATH") +have_heimdal_support = "SAMBA4_USES_HEIMDAL" in config_hash +using_system_gssapi = "USING_SYSTEM_GSSAPI" in config_hash planpythontestsuite("none", "samba.tests.source") if have_man_pages_support: @@ -429,6 +431,9 @@ plantestsuite("samba.unittests.test_registry_regfio", "none", [os.path.join(bindir(), "default/source3/test_registry_regfio")]) plantestsuite("samba.unittests.test_oLschema2ldif", "none", [os.path.join(bindir(), "default/source4/utils/oLschema2ldif/test_oLschema2ldif")]) +if have_heimdal_support and not using_system_gssapi: + plantestsuite("samba.unittests.auth.heimdal_gensec_unwrap_des", "none", + [valgrindify(os.path.join(bindir(), "test_heimdal_gensec_unwrap_des"))]) if with_elasticsearch_backend: plantestsuite("samba.unittests.mdsparser_es", "none", [os.path.join(bindir(), "default/source3/test_mdsparser_es")] + [configuration]) diff --git a/source4/auth/tests/heimdal_unwrap_des.c b/source4/auth/tests/heimdal_unwrap_des.c new file mode 100644 index 00000000000..dc31e9d0ad1 --- /dev/null +++ b/source4/auth/tests/heimdal_unwrap_des.c @@ -0,0 +1,1247 @@ +/* + * Unit tests for source4/heimdal/lib/gssapi/krb5/unwrap.c + * + * Copyright (C) Catalyst.NET Ltd 2022 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +/* + * from cmocka.c: + * These headers or their equivalents should be included prior to + * including + * this header file. + * + * #include <stdarg.h> + * #include <stddef.h> + * #include <setjmp.h> + * + * This allows test applications to use custom definitions of C standard + * library functions and types. + * + */ + +#include <stdarg.h> +#include <stddef.h> +#include <setjmp.h> + +#include <cmocka.h> + +#include "includes.h" +#include "replace.h" + +#define HEIMDAL_NORETURN_ATTRIBUTE _NORETURN_ +#define HEIMDAL_PRINTF_ATTRIBUTE(x) FORMAT_ATTRIBUTE(x) + +#include "../../../source4/heimdal/lib/gssapi/gssapi/gssapi.h" +#include "gsskrb5_locl.h" + +/****************************************************************************** + * Helper functions + ******************************************************************************/ + +const uint8_t *valid_range_begin; +const uint8_t *valid_range_end; +const uint8_t *invalid_range_end; + +/* + * 'array_len' is the size of the passed in array. 'buffer_len' is the size to + * report in the resulting buffer. + */ +static const gss_buffer_desc get_input_buffer(TALLOC_CTX *mem_ctx, + const uint8_t array[], + const size_t array_len, + const size_t buffer_len) +{ + gss_buffer_desc buf; + + /* Add some padding to catch invalid memory accesses. */ + const size_t padding = 0x100; + const size_t padded_len = array_len + padding; + + uint8_t *data = talloc_size(mem_ctx, padded_len); + assert_non_null(data); + + memcpy(data, array, array_len); + memset(data + array_len, 0, padding); + + assert_in_range(buffer_len, 0, array_len); + + buf.value = data; + buf.length = buffer_len; + + valid_range_begin = buf.value; + valid_range_end = valid_range_begin + buf.length; + invalid_range_end = valid_range_begin + padded_len; + + return buf; +} + +static void assert_mem_in_valid_range(const uint8_t *ptr, const size_t len) +{ + /* Ensure we've set up the range pointers properly. */ + assert_non_null(valid_range_begin); + assert_non_null(valid_range_end); + assert_non_null(invalid_range_end); + + /* + * Ensure the length isn't excessively large (a symptom of integer + * underflow). + */ + assert_in_range(len, 0, 0x1000); + + /* Ensure the memory is in our valid range. */ + assert_in_range(ptr, valid_range_begin, valid_range_end); + assert_in_range(ptr + len, valid_range_begin, valid_range_end); +} + +/* + * This function takes a pointer to volatile to allow it to be called from the + * ct_memcmp() wrapper. + */ +static void assert_mem_outside_invalid_range(const volatile uint8_t *ptr, + const size_t len) +{ + const LargestIntegralType _valid_range_end + = cast_ptr_to_largest_integral_type(valid_range_end); + const LargestIntegralType _invalid_range_end + = cast_ptr_to_largest_integral_type(invalid_range_end); + const LargestIntegralType _ptr = cast_ptr_to_largest_integral_type(ptr); + const LargestIntegralType _len = cast_to_largest_integral_type(len); + + /* Ensure we've set up the range pointers properly. */ + assert_non_null(valid_range_begin); + assert_non_null(valid_range_end); + assert_non_null(invalid_range_end); + + /* + * Ensure the length isn't excessively large (a symptom of integer + * underflow). + */ + assert_in_range(len, 0, 0x1000); + + /* Ensure the memory is outside the invalid range. */ + if (_ptr < _invalid_range_end && _ptr + _len > _valid_range_end) { + fail(); + } +} + +/***************************************************************************** + * wrapped functions + *****************************************************************************/ + +krb5_keyblock dummy_key; + +krb5_error_code __wrap_krb5_auth_con_getlocalsubkey(krb5_context context, + krb5_auth_context auth_context, + krb5_keyblock **keyblock); +krb5_error_code __wrap_krb5_auth_con_getlocalsubkey(krb5_context context, + krb5_auth_context auth_context, + krb5_keyblock **keyblock) +{ + *keyblock = &dummy_key; + return 0; +} + +void __wrap_krb5_free_keyblock(krb5_context context, + krb5_keyblock *keyblock); +void __wrap_krb5_free_keyblock(krb5_context context, + krb5_keyblock *keyblock) +{ + assert_ptr_equal(&dummy_key, keyblock); +} + +struct krb5_crypto_data dummy_crypto; + +krb5_error_code __wrap_krb5_crypto_init(krb5_context context, + const krb5_keyblock *key, + krb5_enctype etype, + krb5_crypto *crypto); +krb5_error_code __wrap_krb5_crypto_init(krb5_context context, + const krb5_keyblock *key, + krb5_enctype etype, + krb5_crypto *crypto) +{ + static const LargestIntegralType etypes[] = {ETYPE_DES3_CBC_NONE, 0}; + + assert_ptr_equal(&dummy_key, key); + assert_in_set(etype, etypes, ARRAY_SIZE(etypes)); + + *crypto = &dummy_crypto; + + return 0; +} + +krb5_error_code __wrap_krb5_decrypt(krb5_context context, + krb5_crypto crypto, + unsigned usage, + void *data, + size_t len, + krb5_data *result); +krb5_error_code __wrap_krb5_decrypt(krb5_context context, + krb5_crypto crypto, + unsigned usage, + void *data, + size_t len, + krb5_data *result) +{ + assert_ptr_equal(&dummy_crypto, crypto); + assert_int_equal(KRB5_KU_USAGE_SEAL, usage); + + assert_mem_in_valid_range(data, len); + + check_expected(len); + check_expected_ptr(data); + + result->data = malloc(len); + assert_non_null(result->data); + result->length = len; -- Samba Shared Repository