The branch, master has been updated
via 747a7fec01d s3:rpc_server: Check query level according to MS-NRPC
via 8adbdbe50f7 s3:rpc_server: Check function code according to MS-NRPC
via 0418b9fa929 s3/rpc_server: Fix dereference of client pointer
via a27525e555c s4/torture: Test with level 4 with
NETLOGON_CONTROL_SET_DBFLAG function
via 1297c7ca65b s4/torture: Prepare to handle Level 4 check with
unknown func code
from 6b3135078e0 lib: Align an integer type
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 747a7fec01d39453093ed48b167fa1d5d80aead4
Author: Jo Sutton <josut...@catalyst.net.nz>
Date: Tue May 28 15:12:36 2024 +1200
s3:rpc_server: Check query level according to MS-NRPC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15465
Signed-off-by: Jo Sutton <josut...@catalyst.net.nz>
Reviewed-by: Noel Power <noel.po...@suse.com>
Autobuild-User(master): Noel Power <npo...@samba.org>
Autobuild-Date(master): Tue Jun 4 09:39:42 UTC 2024 on atb-devel-224
commit 8adbdbe50f7ac69cb815794d1c3d214bbac7c848
Author: Jo Sutton <josut...@catalyst.net.nz>
Date: Tue May 28 15:10:51 2024 +1200
s3:rpc_server: Check function code according to MS-NRPC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15465
Signed-off-by: Jo Sutton <josut...@catalyst.net.nz>
Reviewed-by: Noel Power <noel.po...@suse.com>
commit 0418b9fa929736a404b9ff976ff034009b913089
Author: Noel Power <noel.po...@suse.com>
Date: Mon Sep 25 09:58:33 2023 +0100
s3/rpc_server: Fix dereference of client pointer
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15465
Signed-off-by: Noel Power <noel.po...@suse.com>
Reviewed-by: Jo Sutton <josut...@catalyst.net.nz>
commit a27525e555c2c88f3b3bbef17d6e803a3a231d2b
Author: Noel Power <noel.po...@suse.com>
Date: Sun Sep 24 01:03:37 2023 +0100
s4/torture: Test with level 4 with NETLOGON_CONTROL_SET_DBFLAG function
Change levels tested from 1 - 3 to 1 - 4 for NETLOGON_CONTROL_SET_DBFLAG
This change triggers a core dump in the server and so we add a knownfail
here. Following commit will fix (and remove known fail)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15465
Signed-off-by: Noel Power <noel.po...@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
commit 1297c7ca65ba485febee4eabe32a8e1c793b187c
Author: Noel Power <noel.po...@suse.com>
Date: Mon Sep 25 10:30:30 2023 +0100
s4/torture: Prepare to handle Level 4 check with unknown func code
A future (next) commit will change the NETLOGON_CONTROL_SET_DBFLAG test
to use levels 1 - 4 (current test just tests 1 - 3). A side affect of
this test is that the following test will now test passing an unknown
function code against against Level 4 (previously level 3).
Unfortunately s4 and s3 netlogon server results differ when handling
a level 4 request with an unknown function code.
s3 server returns WERR_NOT_SUPPORTED and
s4 server returns WERR_INVALID_PARAMETER.
For level 3 both return WERR_NOT_SUPPORTED.
MS-NRPC doesn't seem to specifically indicate the required response in
this case.
this commit modifies the test to cater for either response (for either
level) A future commit could explore the test response combinations more
thorougly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15465
Signed-off-by: Noel Power <noel.po...@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
-----------------------------------------------------------------------
Summary of changes:
source3/rpc_server/netlogon/srv_netlog_nt.c | 30 +++++++++++++++++++----------
source4/torture/rpc/netlogon.c | 8 ++++++--
2 files changed, 26 insertions(+), 12 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c
b/source3/rpc_server/netlogon/srv_netlog_nt.c
index fa3e597fa8e..ccae62083cc 100644
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -197,7 +197,6 @@ WERROR _netr_LogonControl2Ex(struct pipes_struct *p,
struct netr_NETLOGON_INFO_1 *info1;
struct netr_NETLOGON_INFO_2 *info2;
struct netr_NETLOGON_INFO_3 *info3;
- struct netr_NETLOGON_INFO_4 *info4;
const char *fn;
NTSTATUS status;
struct netr_DsRGetDCNameInfo *dc_info;
@@ -264,10 +263,16 @@ WERROR _netr_LogonControl2Ex(struct pipes_struct *p,
case NETLOGON_CONTROL_TRUNCATE_LOG:
case NETLOGON_CONTROL_TRANSPORT_NOTIFY:
case NETLOGON_CONTROL_FORCE_DNS_REG:
+ return WERR_NOT_SUPPORTED;
case NETLOGON_CONTROL_QUERY_DNS_REG:
+ if (r->in.level != 1) {
+ return WERR_INVALID_PARAMETER;
+ }
return WERR_NOT_SUPPORTED;
-
case NETLOGON_CONTROL_FIND_USER:
+ if (r->in.level != 4) {
+ return WERR_INVALID_PARAMETER;
+ }
if (!r->in.data || !r->in.data->user) {
return WERR_NOT_SUPPORTED;
}
@@ -278,6 +283,9 @@ WERROR _netr_LogonControl2Ex(struct pipes_struct *p,
}
break;
case NETLOGON_CONTROL_TC_VERIFY:
+ if (r->in.level != 2) {
+ return WERR_INVALID_PARAMETER;
+ }
if (!r->in.data || !r->in.data->domain) {
return WERR_NOT_SUPPORTED;
}
@@ -369,6 +377,12 @@ WERROR _netr_LogonControl2Ex(struct pipes_struct *p,
r->out.query->info1 = info1;
break;
case 2:
+ if (r->in.function_code != NETLOGON_CONTROL_REDISCOVER &&
+ r->in.function_code != NETLOGON_CONTROL_TC_QUERY &&
+ r->in.function_code != NETLOGON_CONTROL_TC_VERIFY)
+ {
+ return WERR_INVALID_PARAMETER;
+ }
info2 = talloc_zero(p->mem_ctx, struct netr_NETLOGON_INFO_2);
W_ERROR_HAVE_NO_MEMORY(info2);
@@ -389,14 +403,10 @@ WERROR _netr_LogonControl2Ex(struct pipes_struct *p,
r->out.query->info3 = info3;
break;
case 4:
- info4 = talloc_zero(p->mem_ctx, struct netr_NETLOGON_INFO_4);
- W_ERROR_HAVE_NO_MEMORY(info4);
-
- info4->trusted_dc_name = dc_name;
- info4->trusted_domain_name = r->in.data->domain;
-
- r->out.query->info4 = info4;
- break;
+ if (r->in.function_code != NETLOGON_CONTROL_FIND_USER) {
+ return WERR_INVALID_PARAMETER;
+ }
+ return WERR_NOT_SUPPORTED;
default:
return WERR_INVALID_LEVEL;
}
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index c3715619cb7..1f04af119ac 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -3993,6 +3993,7 @@ static bool test_DatabaseSync2(struct torture_context
*tctx,
/*
try a netlogon LogonControl2Ex
*/
+
static bool test_LogonControl2Ex(struct torture_context *tctx,
struct dcerpc_pipe *p,
struct cli_credentials *machine_credentials)
@@ -4066,7 +4067,7 @@ static bool test_LogonControl2Ex(struct torture_context
*tctx,
r.in.function_code = NETLOGON_CONTROL_SET_DBFLAG;
r.in.data = &data;
- for (i=1;i<4;i++) {
+ for (i=1;i<=4;i++) {
r.in.level = i;
torture_comment(tctx, "Testing LogonControl2Ex function code %s
(%d) level %d\n",
@@ -4087,7 +4088,10 @@ static bool test_LogonControl2Ex(struct torture_context
*tctx,
torture_assert_ntstatus_ok(tctx, status, "LogonControl2Ex");
switch (secure_channel_type) {
case SEC_CHAN_NULL:
- torture_assert_werr_equal(tctx, r.out.result,
WERR_NOT_SUPPORTED, "LogonControl2Ex");
+ torture_assert(tctx,
+ W_ERROR_EQUAL(r.out.result, WERR_NOT_SUPPORTED) ||
+ W_ERROR_EQUAL(r.out.result, WERR_INVALID_PARAMETER),
+ "LogonControl2Ex");
break;
default:
torture_assert_werr_equal(tctx, r.out.result,
WERR_ACCESS_DENIED, "LogonControl2Ex");
--
Samba Shared Repository
