[SCM] Samba Shared Repository - branch master updated - 9a3be6f0f8e120797a02fa1be60b51812cfd86f5
The branch, master has been updated via 9a3be6f0f8e120797a02fa1be60b51812cfd86f5 (commit) via 738271fc2026b2911b7d20a73496989641714df3 (commit) via 9da3101e449649f0614240f13157ac81e17b2e90 (commit) via 4a322398c5ffaf238eba1e7bfbe47e2d093c7c4d (commit) via 599707c87a739811ba426e44b11189e1ddba078e (commit) from 6a627b440e8b3f42db2a8a27047dd3482bad0d28 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 9a3be6f0f8e120797a02fa1be60b51812cfd86f5 Author: Volker Lendecke [EMAIL PROTECTED] Date: Sat Nov 8 16:48:20 2008 +0100 Move cli_trans_oob to lib/util.c Rename it to trans_oob, it will be used in the server routines. commit 738271fc2026b2911b7d20a73496989641714df3 Author: Volker Lendecke [EMAIL PROTECTED] Date: Sat Nov 8 16:14:12 2008 +0100 Remove the variable size from reply_nttrans This converts the range checks for the setup[] array to rely on req-wct being set correctly in init_smb_request. As that already verifies the vwv array to be in the range of the smb_request inbuf, we don't have to do overflow checks here anymore. Jeremy, please check thoroughly! :-) Thanks, Volker commit 9da3101e449649f0614240f13157ac81e17b2e90 Author: Volker Lendecke [EMAIL PROTECTED] Date: Sat Nov 8 16:14:12 2008 +0100 Remove the variable size from reply_trans This converts the range checks for the setup[] array to rely on req-wct being set correctly in init_smb_request. As that already verifies the vwv array to be in the range of the smb_request inbuf, we don't have to do overflow checks here anymore. Jeremy, please check thoroughly! :-) Thanks, Volker commit 4a322398c5ffaf238eba1e7bfbe47e2d093c7c4d Author: Volker Lendecke [EMAIL PROTECTED] Date: Sat Nov 8 16:03:07 2008 +0100 Remove an unused variable commit 599707c87a739811ba426e44b11189e1ddba078e Author: Volker Lendecke [EMAIL PROTECTED] Date: Sat Nov 8 15:44:20 2008 +0100 Remove two direct inbuf references from reply_sesssetup_and_X_spnego() --- Summary of changes: source3/include/proto.h |1 + source3/lib/util.c| 19 +++ source3/libsmb/clitrans.c | 21 - source3/smbd/ipc.c| 28 source3/smbd/nttrans.c| 23 +-- source3/smbd/sesssetup.c |4 ++-- source3/smbd/trans2.c |2 -- 7 files changed, 55 insertions(+), 43 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/proto.h b/source3/include/proto.h index 73be87b..71f12a6 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1251,6 +1251,7 @@ char *procid_str_static(const struct server_id *pid); bool procid_valid(const struct server_id *pid); bool procid_is_local(const struct server_id *pid); int this_is_smp(void); +bool trans_oob(uint32_t bufsize, uint32_t offset, uint32_t length); bool is_offset_safe(const char *buf_base, size_t buf_len, char *ptr, size_t off); char *get_safe_ptr(const char *buf_base, size_t buf_len, char *ptr, size_t off); char *get_safe_str_ptr(const char *buf_base, size_t buf_len, char *ptr, size_t off); diff --git a/source3/lib/util.c b/source3/lib/util.c index 5007fb7..074b523 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -2879,6 +2879,25 @@ int this_is_smp(void) } / + Check if offset/length fit into bufsize. Should probably be + merged with is_offset_safe, but this would require a rewrite + of lanman.c. Later :-) +/ + +bool trans_oob(uint32_t bufsize, uint32_t offset, uint32_t length) +{ + if ((offset + length offset) || (offset + length length)) { + /* wrap */ + return true; + } + if ((offset bufsize) || (offset + length bufsize)) { + /* overflow */ + return true; + } + return false; +} + +/ Check if an offset into a buffer is safe. If this returns True it's safe to indirect into the byte at pointer ptr+off. diff --git a/source3/libsmb/clitrans.c b/source3/libsmb/clitrans.c index c929f0b..bbdfb75 100644 --- a/source3/libsmb/clitrans.c +++ b/source3/libsmb/clitrans.c @@ -978,19 +978,6 @@ static void cli_trans_ship_rest(struct async_req *req, } } -static bool cli_trans_oob(uint32_t bufsize, uint32_t offset, uint32_t length) -{ - if ((offset + length offset) || (offset + length length)) { - /* wrap */ - return true; - } - if ((offset bufsize) || (offset + length bufsize)) { - /* overflow */ -
[SCM] Samba Shared Repository - branch master updated - 2719216d60088eb3f10a2e3e968f15e8089b5491
The branch, master has been updated via 2719216d60088eb3f10a2e3e968f15e8089b5491 (commit) from 9a3be6f0f8e120797a02fa1be60b51812cfd86f5 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 2719216d60088eb3f10a2e3e968f15e8089b5491 Author: Volker Lendecke [EMAIL PROTECTED] Date: Sat Nov 8 17:08:57 2008 +0100 Consolidate the buffer checks for the reply_trans style functions This is the one where I found the problem that led to 3.2.5. So if there is one checkin in the last year that I would like others to review and *understand*, it is this one :-) Volker --- Summary of changes: source3/smbd/ipc.c | 73 +++--- source3/smbd/nttrans.c | 75 +++ source3/smbd/trans2.c | 75 +++ 3 files changed, 54 insertions(+), 169 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index bf9b1d8..649ead4 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -503,7 +503,6 @@ void reply_trans(struct smb_request *req) unsigned int pscnt; struct trans_state *state; NTSTATUS result; - unsigned int av_size; START_PROFILE(SMBtrans); @@ -513,7 +512,6 @@ void reply_trans(struct smb_request *req) return; } - av_size = smb_len(req-inbuf); dsoff = SVAL(req-vwv+12, 0); dscnt = SVAL(req-vwv+11, 0); psoff = SVAL(req-vwv+10, 0); @@ -559,6 +557,12 @@ void reply_trans(struct smb_request *req) goto bad_param; if (state-total_data) { + + if (trans_oob(state-total_data, 0, dscnt) + || trans_oob(smb_len(req-inbuf), dsoff, dscnt)) { + goto bad_param; + } + /* Can't use talloc here, the core routines do realloc on the * params and data. Out of paranoia, 100 bytes too many. */ state-data = (char *)SMB_MALLOC(state-total_data+100); @@ -573,21 +577,16 @@ void reply_trans(struct smb_request *req) /* null-terminate the slack space */ memset(state-data[state-total_data], 0, 100); - if (dscnt state-total_data || - dsoff+dscnt dsoff) { - goto bad_param; - } - - if (dsoff av_size || - dscnt av_size || - dsoff+dscnt av_size) { - goto bad_param; - } - memcpy(state-data,smb_base(req-inbuf)+dsoff,dscnt); } if (state-total_param) { + + if (trans_oob(state-total_param, 0, pscnt) + || trans_oob(smb_len(req-inbuf), psoff, pscnt)) { + goto bad_param; + } + /* Can't use talloc here, the core routines do realloc on the * params and data. Out of paranoia, 100 bytes too many */ state-param = (char *)SMB_MALLOC(state-total_param+100); @@ -603,17 +602,6 @@ void reply_trans(struct smb_request *req) /* null-terminate the slack space */ memset(state-param[state-total_param], 0, 100); - if (pscnt state-total_param || - psoff+pscnt psoff) { - goto bad_param; - } - - if (psoff av_size || - pscnt av_size || - psoff+pscnt av_size) { - goto bad_param; - } - memcpy(state-param,smb_base(req-inbuf)+psoff,pscnt); } @@ -696,7 +684,6 @@ void reply_transs(struct smb_request *req) connection_struct *conn = req-conn; unsigned int pcnt,poff,dcnt,doff,pdisp,ddisp; struct trans_state *state; - unsigned int av_size; START_PROFILE(SMBtranss); @@ -729,8 +716,6 @@ void reply_transs(struct smb_request *req) if (SVAL(req-vwv+1, 0) state-total_data) state-total_data = SVAL(req-vwv+1, 0); - av_size = smb_len(req-inbuf); - pcnt = SVAL(req-vwv+2, 0); poff = SVAL(req-vwv+3, 0); pdisp = SVAL(req-vwv+4, 0); @@ -747,41 +732,19 @@ void reply_transs(struct smb_request *req) goto bad_param; if (pcnt) { - if (pdisp state-total_param || - pcnt state-total_param || - pdisp+pcnt state-total_param || - pdisp+pcnt pdisp) { - goto bad_param; - } - - if (poff av_size || -
svn commit: samba-web r1250 - in trunk: .
Author: kseeger Date: 2008-11-28 09:21:26 + (Fri, 28 Nov 2008) New Revision: 1250 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1250 Log: Fix links after moving the rc from pre/ to rc/ Karolin Modified: trunk/index.html Changeset: Modified: trunk/index.html === --- trunk/index.html2008-11-27 16:22:05 UTC (rev 1249) +++ trunk/index.html2008-11-28 09:21:26 UTC (rev 1250) @@ -27,18 +27,18 @@ a href=https://bugzilla.samba.org/;report any bugs that you find/a. The final 3.3.0 release is planned for December 15. Please read the changes in the -a href=/samba/ftp/pre/WHATSNEW-3-3-0rc1.txtRelease Notes/a +a href=/samba/ftp/rc/WHATSNEW-3-3-0rc1.txtRelease Notes/a for details on new features and difference in behavior from previous releases./p -pThe a href=/samba/ftp/pre/samba-3.3.0rc1.tar.gzSamba 3.3.0rc1 +pThe a href=/samba/ftp/rc/samba-3.3.0rc1.tar.gzSamba 3.3.0rc1 source code/a can be downloaded now. The a -href=/samba/ftp/pre/samba-3.3.0rc1.tar.ascGnuPG +href=/samba/ftp/rc/samba-3.3.0rc1.tar.ascGnuPG signature is for the for the emun/emcompressed tarball/a. If you prefer, the a -href=/samba/ftp/pre/patch-3.3.0pre2-3.3.0rc1.diffs.gzpatch +href=/samba/ftp/rc/patch-3.3.0pre2-3.3.0rc1.diffs.gzpatch file against Samba 3.3.0pre2/a -(a href=/samba/ftp/pre/patch-3.3.0pre2-3.3.0rc1.diffs.ascGnuPG +(a href=/samba/ftp/rc/patch-3.3.0pre2-3.3.0rc1.diffs.ascGnuPG signature/a) is also available for download. Please read these a href=/samba/download/instructions on how to verify the gpg signature/a. Precompiled packages will
[SCM] Samba Shared Repository - branch master updated - 2bb90b7a88518844c1fcb8177cefcbc5b8ecda99
The branch, master has been updated via 2bb90b7a88518844c1fcb8177cefcbc5b8ecda99 (commit) via a790dcbc4ec2f3b29045ab9919cca5a9ca038e26 (commit) from 2719216d60088eb3f10a2e3e968f15e8089b5491 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 2bb90b7a88518844c1fcb8177cefcbc5b8ecda99 Author: Volker Lendecke [EMAIL PROTECTED] Date: Sun Nov 9 17:25:40 2008 +0100 Remove conn parameter from np_open, smb_request contains it commit a790dcbc4ec2f3b29045ab9919cca5a9ca038e26 Author: Volker Lendecke [EMAIL PROTECTED] Date: Sun Nov 9 12:07:57 2008 +0100 Remove inbuf references from the trans2ioctl code --- Summary of changes: source3/include/proto.h |4 ++-- source3/rpc_server/srv_pipe_hnd.c |5 +++-- source3/smbd/nttrans.c|2 +- source3/smbd/pipes.c |2 +- source3/smbd/trans2.c |8 5 files changed, 11 insertions(+), 10 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/proto.h b/source3/include/proto.h index 71f12a6..59df098 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -6996,8 +6996,8 @@ pipes_struct *get_next_internal_pipe(pipes_struct *p); void init_rpc_pipe_hnd(void); bool fsp_is_np(struct files_struct *fsp); -NTSTATUS np_open(struct smb_request *smb_req, struct connection_struct *conn, -const char *name, struct files_struct **pfsp); +NTSTATUS np_open(struct smb_request *smb_req, const char *name, +struct files_struct **pfsp); NTSTATUS np_write(struct files_struct *fsp, const uint8_t *data, size_t len, ssize_t *nwritten); NTSTATUS np_read(struct files_struct *fsp, uint8_t *data, size_t len, diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 03a0f72..1cff95d 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -1078,9 +1078,10 @@ static struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx, return NULL; } -NTSTATUS np_open(struct smb_request *smb_req, struct connection_struct *conn, -const char *name, struct files_struct **pfsp) +NTSTATUS np_open(struct smb_request *smb_req, const char *name, +struct files_struct **pfsp) { + struct connection_struct *conn = smb_req-conn; NTSTATUS status; struct files_struct *fsp; const char **proxy_list; diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index fe2029e..18dd7d5 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -284,7 +284,7 @@ static void nt_open_pipe(char *fname, connection_struct *conn, /* Strip \\ off the name. */ fname++; - status = np_open(req, conn, fname, fsp); + status = np_open(req, fname, fsp); if (!NT_STATUS_IS_OK(status)) { if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) { reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND, diff --git a/source3/smbd/pipes.c b/source3/smbd/pipes.c index b52b1b0..261f12c 100644 --- a/source3/smbd/pipes.c +++ b/source3/smbd/pipes.c @@ -78,7 +78,7 @@ void reply_open_pipe_and_X(connection_struct *conn, struct smb_request *req) } #endif - status = np_open(req, conn, fname, fsp); + status = np_open(req, fname, fsp); if (!NT_STATUS_IS_OK(status)) { if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) { reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND, diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index cc8c611..4dc2001 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -7269,8 +7269,8 @@ static void call_trans2ioctl(connection_struct *conn, return; } - if ((SVAL(req-inbuf,(smb_setup+4)) == LMCAT_SPL) -(SVAL(req-inbuf,(smb_setup+6)) == LMFUNC_GETJOBID)) { + if ((SVAL(req-vwv+16, 0) == LMCAT_SPL) +(SVAL(req-vwv+17, 0) == LMFUNC_GETJOBID)) { *ppdata = (char *)SMB_REALLOC(*ppdata, 32); if (*ppdata == NULL) { reply_nterror(req, NT_STATUS_NO_MEMORY); @@ -7613,8 +7613,8 @@ void reply_trans2(struct smb_request *req) */ if ( (state-setup_count == 4) (tran_call == TRANSACT2_IOCTL) - (SVAL(req-inbuf,(smb_setup+4)) == LMCAT_SPL) - (SVAL(req-inbuf,(smb_setup+6)) == LMFUNC_GETJOBID)) { + (SVAL(req-vwv+16, 0) == LMCAT_SPL) + (SVAL(req-vwv+17, 0) == LMFUNC_GETJOBID)) { DEBUG(2,(Got Trans2 DevIOctl jobid\n)); } else { DEBUG(2,(Invalid smb_sucnt in trans2
[SCM] Samba Shared Repository - branch master updated - 296fae7561bf1ec425b884bd7d1f914b7faac36a
The branch, master has been updated via 296fae7561bf1ec425b884bd7d1f914b7faac36a (commit) via 4d7485df96b45054aa8f4fcac38b25847f34ca87 (commit) via 408cd5b09d5079d73f0ea8819a4505a04e40f8ea (commit) via 1be5be5b83d860372cf6b7aedfd6511b44d092e9 (commit) from 2bb90b7a88518844c1fcb8177cefcbc5b8ecda99 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 296fae7561bf1ec425b884bd7d1f914b7faac36a Author: Günther Deschner [EMAIL PROTECTED] Date: Thu Nov 27 17:45:01 2008 +0100 s4-samr: fix samr passwdord_expired callers. Guenther commit 4d7485df96b45054aa8f4fcac38b25847f34ca87 Author: Günther Deschner [EMAIL PROTECTED] Date: Mon Nov 24 18:49:37 2008 +0100 s3-samr: fix init_samr_user_info{23,24} callers. Guenther commit 408cd5b09d5079d73f0ea8819a4505a04e40f8ea Author: Günther Deschner [EMAIL PROTECTED] Date: Mon Nov 24 16:32:18 2008 +0100 s3-build: re-run make samba3-idl. Guenther commit 1be5be5b83d860372cf6b7aedfd6511b44d092e9 Author: Günther Deschner [EMAIL PROTECTED] Date: Mon Nov 24 16:31:49 2008 +0100 samr: fix samr_UserInfo24 and samr_UserInfo26. Guenther --- Summary of changes: librpc/idl/samr.idl |4 ++-- source3/include/proto.h |7 +++ source3/libnet/libnet_join.c |3 ++- source3/librpc/gen_ndr/ndr_samr.c | 12 ++-- source3/librpc/gen_ndr/samr.h |4 ++-- source3/rpc_client/init_samr.c| 13 ++--- source3/utils/net_rpc.c |2 +- source3/utils/net_rpc_join.c |3 ++- source4/libnet/libnet_passwd.c|5 ++--- source4/torture/rpc/samba3rpc.c |8 ++-- source4/torture/rpc/samr.c|5 ++--- source4/torture/rpc/testjoin.c|2 +- 12 files changed, 35 insertions(+), 33 deletions(-) Changeset truncated at 500 lines: diff --git a/librpc/idl/samr.idl b/librpc/idl/samr.idl index 6ef069a..140782c 100644 --- a/librpc/idl/samr.idl +++ b/librpc/idl/samr.idl @@ -971,7 +971,7 @@ import misc.idl, lsa.idl, security.idl; typedef struct { samr_CryptPassword password; - uint8 pw_len; + uint8 password_expired; } samr_UserInfo24; typedef [flag(NDR_PAHEX)] struct { @@ -985,7 +985,7 @@ import misc.idl, lsa.idl, security.idl; typedef struct { samr_CryptPasswordEx password; - uint8 pw_len; + uint8 password_expired; } samr_UserInfo26; typedef [switch_type(uint16)] union { diff --git a/source3/include/proto.h b/source3/include/proto.h index 59df098..0087b5b 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -5733,11 +5733,10 @@ void init_samr_user_info23(struct samr_UserInfo23 *r, uint8_t nt_password_set, uint8_t lm_password_set, uint8_t password_expired, - uint8_t data[516], - uint8_t pw_len); + struct samr_CryptPassword *pwd_buf); void init_samr_user_info24(struct samr_UserInfo24 *r, - uint8_t data[516], - uint8_t pw_len); + struct samr_CryptPassword *pwd_buf, + uint8_t password_expired); void init_samr_CryptPasswordEx(const char *pwd, DATA_BLOB *session_key, struct samr_CryptPasswordEx *pwd_buf); diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index bd127f8..498c7af 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -941,7 +941,8 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, cli-user_session_key, crypt_pwd); - init_samr_user_info24(user_info.info24, crypt_pwd.data, 24); + init_samr_user_info24(user_info.info24, crypt_pwd, + PASS_DONT_CHANGE_AT_NEXT_LOGON); status = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx, user_pol, diff --git a/source3/librpc/gen_ndr/ndr_samr.c b/source3/librpc/gen_ndr/ndr_samr.c index 52b8c72..40082e7 100644 --- a/source3/librpc/gen_ndr/ndr_samr.c +++ b/source3/librpc/gen_ndr/ndr_samr.c @@ -3014,7 +3014,7 @@ static enum ndr_err_code ndr_push_samr_UserInfo24(struct ndr_push *ndr, int ndr_ if (ndr_flags NDR_SCALARS) { NDR_CHECK(ndr_push_align(ndr, 1)); NDR_CHECK(ndr_push_samr_CryptPassword(ndr, NDR_SCALARS, r-password)); - NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r-pw_len)); +
[SCM] Samba Shared Repository - branch master updated - bd95b6b4160760b33bedb14b247fa302507962a4
The branch, master has been updated via bd95b6b4160760b33bedb14b247fa302507962a4 (commit) via 206375c8cf802582eec94bc9fb5f71f9b89650f1 (commit) from 296fae7561bf1ec425b884bd7d1f914b7faac36a (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit bd95b6b4160760b33bedb14b247fa302507962a4 Author: Günther Deschner [EMAIL PROTECTED] Date: Fri Nov 28 12:04:09 2008 +0100 s4-smbtorture: add test_SetUserPass_level_ex. Guenther commit 206375c8cf802582eec94bc9fb5f71f9b89650f1 Author: Günther Deschner [EMAIL PROTECTED] Date: Fri Nov 28 01:56:09 2008 +0100 s4-smbtorture: add samr_rand_pass_silent. Guenther --- Summary of changes: source4/torture/rpc/samr.c | 140 +++- 1 files changed, 139 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index 6115c0c..02124e6 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -508,12 +508,19 @@ static bool test_SetUserInfo(struct dcerpc_pipe *p, struct torture_context *tctx /* generate a random password for password change tests */ -static char *samr_rand_pass(TALLOC_CTX *mem_ctx, int min_len) +static char *samr_rand_pass_silent(TALLOC_CTX *mem_ctx, int min_len) { size_t len = MAX(8, min_len) + (random() % 6); char *s = generate_random_str(mem_ctx, len); + return s; +} + +static char *samr_rand_pass(TALLOC_CTX *mem_ctx, int min_len) +{ + char *s = samr_rand_pass_silent(mem_ctx, min_len); printf(Generated password '%s'\n, s); return s; + } /* @@ -839,6 +846,137 @@ static bool test_SetUserPass_25(struct dcerpc_pipe *p, struct torture_context *t return ret; } +static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p, + struct torture_context *tctx, + struct policy_handle *handle, + uint16_t level, + uint32_t fields_present, + char **password, uint8_t password_expired, + bool use_setinfo2, NTSTATUS expected_error) +{ + NTSTATUS status; + struct samr_SetUserInfo s; + struct samr_SetUserInfo2 s2; + union samr_UserInfo u; + bool ret = true; + DATA_BLOB session_key; + DATA_BLOB confounded_session_key = data_blob_talloc(tctx, NULL, 16); + struct MD5Context ctx; + uint8_t confounder[16]; + char *newpass; + struct samr_GetUserPwInfo pwp; + struct samr_PwInfo info; + int policy_min_pw_len = 0; + pwp.in.user_handle = handle; + pwp.out.info = info; + + status = dcerpc_samr_GetUserPwInfo(p, tctx, pwp); + if (NT_STATUS_IS_OK(status)) { + policy_min_pw_len = pwp.out.info-min_password_length; + } + newpass = samr_rand_pass_silent(tctx, policy_min_pw_len); + + if (use_setinfo2) { + s2.in.user_handle = handle; + s2.in.info = u; + s2.in.level = level; + } else { + s.in.user_handle = handle; + s.in.info = u; + s.in.level = level; + } + + ZERO_STRUCT(u); + + switch (level) { + case 21: + u.info21.fields_present = fields_present; + u.info21.password_expired = password_expired; + + break; + case 23: + u.info23.info.fields_present = fields_present; + u.info23.info.password_expired = password_expired; + + encode_pw_buffer(u.info23.password.data, newpass, STR_UNICODE); + + break; + case 24: + u.info24.password_expired = password_expired; + + encode_pw_buffer(u.info24.password.data, newpass, STR_UNICODE); + + break; + case 25: + u.info25.info.fields_present = fields_present; + u.info25.info.password_expired = password_expired; + + encode_pw_buffer(u.info25.password.data, newpass, STR_UNICODE); + + break; + case 26: + u.info26.password_expired = password_expired; + + encode_pw_buffer(u.info26.password.data, newpass, STR_UNICODE); + + break; + } + + status = dcerpc_fetch_session_key(p, session_key); + if (!NT_STATUS_IS_OK(status)) { + printf(SetUserInfo level %u - no session key - %s\n, + s.in.level, nt_errstr(status)); + return false; + } + + generate_random_buffer((uint8_t *)confounder, 16); + + MD5Init(ctx); + MD5Update(ctx, confounder, 16); + MD5Update(ctx,
[SCM] Samba Shared Repository - branch master updated - 580c2b3283cfa0f55a5c7e4632a2a101a036b364
The branch, master has been updated via 580c2b3283cfa0f55a5c7e4632a2a101a036b364 (commit) via 4b687944f382185fafccc41f3ec4737a72e55448 (commit) via 465466e1afa70e0fa1076963ae67a96e9e5b4cbb (commit) via 89ad20789cd3e3418cd22dd7b40f72fecf9f4c8d (commit) from bd95b6b4160760b33bedb14b247fa302507962a4 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 580c2b3283cfa0f55a5c7e4632a2a101a036b364 Author: Günther Deschner [EMAIL PROTECTED] Date: Thu Nov 27 17:25:13 2008 +0100 selftest: s4 does not have a pwdlastset implementation yet. Guenther commit 4b687944f382185fafccc41f3ec4737a72e55448 Author: Günther Deschner [EMAIL PROTECTED] Date: Fri Nov 28 12:10:56 2008 +0100 s4-smbtorture: allow to disable full testing of all possible opcode combinations. Guenther commit 465466e1afa70e0fa1076963ae67a96e9e5b4cbb Author: Günther Deschner [EMAIL PROTECTED] Date: Thu Nov 27 12:09:39 2008 +0100 s4-smbtorture: move test to SAMR-PASSWORDS-PWDLASTSET. Guenther commit 89ad20789cd3e3418cd22dd7b40f72fecf9f4c8d Author: Günther Deschner [EMAIL PROTECTED] Date: Tue Nov 25 02:46:25 2008 +0100 s4-smbtorture: add test for samr password_expired flag while setting passwords. Guenther --- Summary of changes: source4/selftest/skip |1 + source4/torture/rpc/rpc.c |1 + source4/torture/rpc/samr.c | 455 +++- 3 files changed, 456 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/selftest/skip b/source4/selftest/skip index a3dfdbf..f1500ff 100644 --- a/source4/selftest/skip +++ b/source4/selftest/skip @@ -23,6 +23,7 @@ base.scan.maxfid raw.hold.oplock# Not a test, but a way to block other clients for a test raw.ping.pong # Needs second server to test rpc.samr_accessmask +samba4.rpc.samr.passwords.pwdlastset # Not provided by Samba 4 yet raw.scan.eamax samba4.ntvfs.cifs.raw.qfileinfo.ipc smb2.notify diff --git a/source4/torture/rpc/rpc.c b/source4/torture/rpc/rpc.c index 7fe5827..7f6b06d 100644 --- a/source4/torture/rpc/rpc.c +++ b/source4/torture/rpc/rpc.c @@ -395,6 +395,7 @@ NTSTATUS torture_rpc_init(void) torture_suite_add_simple_test(suite, SAMR, torture_rpc_samr); torture_suite_add_simple_test(suite, SAMR-USERS, torture_rpc_samr_users); torture_suite_add_simple_test(suite, SAMR-PASSWORDS, torture_rpc_samr_passwords); + torture_suite_add_simple_test(suite, SAMR-PASSWORDS-PWDLASTSET, torture_rpc_samr_passwords_pwdlastset); torture_suite_add_suite(suite, torture_rpc_netlogon(suite)); torture_suite_add_suite(suite, torture_rpc_remote_pac(suite)); torture_suite_add_simple_test(suite, SAMLOGON, torture_rpc_samlogon); diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index 02124e6..86a959d 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -29,6 +29,8 @@ #include libcli/security/security.h #include torture/rpc/rpc.h +#include unistd.h + #define TEST_ACCOUNT_NAME samrtorturetest #define TEST_ALIASNAME samrtorturetestalias #define TEST_GROUPNAME samrtorturetestgroup @@ -37,6 +39,7 @@ enum torture_samr_choice { TORTURE_SAMR_PASSWORDS, + TORTURE_SAMR_PASSWORDS_PWDLASTSET, TORTURE_SAMR_USER_ATTRIBUTES, TORTURE_SAMR_OTHER }; @@ -2270,6 +2273,416 @@ static bool test_TestPrivateFunctionsUser(struct dcerpc_pipe *p, struct torture_ return true; } +static bool test_QueryUserInfo_pwdlastset(struct dcerpc_pipe *p, + struct torture_context *tctx, + struct policy_handle *handle, + bool use_info2, + NTTIME *pwdlastset) +{ + NTSTATUS status; + uint16_t levels[] = { /* 3, */ 5, 21 }; + int i; + NTTIME pwdlastset3 = 0; + NTTIME pwdlastset5 = 0; + NTTIME pwdlastset21 = 0; + + torture_comment(tctx, Testing QueryUserInfo%s level 5 and 21 call , + use_info2 ? 2:); + + for (i=0; iARRAY_SIZE(levels); i++) { + + struct samr_QueryUserInfo r; + struct samr_QueryUserInfo2 r2; + union samr_UserInfo *info; + + if (use_info2) { + r2.in.user_handle = handle; + r2.in.level = levels[i]; + r2.out.info = info; + status = dcerpc_samr_QueryUserInfo2(p, tctx, r2); + + } else { + r.in.user_handle = handle; + r.in.level = levels[i]; + r.out.info = info; + status =
[SCM] Samba Shared Repository - branch master updated - 143097d71c15c1624446b56205639e0b863d35fe
The branch, master has been updated via 143097d71c15c1624446b56205639e0b863d35fe (commit) from 580c2b3283cfa0f55a5c7e4632a2a101a036b364 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 143097d71c15c1624446b56205639e0b863d35fe Author: Günther Deschner [EMAIL PROTECTED] Date: Fri Nov 28 11:15:29 2008 +0100 s3-samr: add init_samr_user_info25 and init_samr_user_info26. Guenther --- Summary of changes: source3/include/proto.h| 33 +++ source3/rpc_client/init_samr.c | 85 2 files changed, 118 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/proto.h b/source3/include/proto.h index 0087b5b..2dd9b61 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -5737,6 +5737,39 @@ void init_samr_user_info23(struct samr_UserInfo23 *r, void init_samr_user_info24(struct samr_UserInfo24 *r, struct samr_CryptPassword *pwd_buf, uint8_t password_expired); +void init_samr_user_info25(struct samr_UserInfo25 *r, + NTTIME last_logon, + NTTIME last_logoff, + NTTIME last_password_change, + NTTIME acct_expiry, + NTTIME allow_password_change, + NTTIME force_password_change, + const char *account_name, + const char *full_name, + const char *home_directory, + const char *home_drive, + const char *logon_script, + const char *profile_path, + const char *description, + const char *workstations, + const char *comment, + struct lsa_BinaryString *parameters, + uint32_t rid, + uint32_t primary_gid, + uint32_t acct_flags, + uint32_t fields_present, + struct samr_LogonHours logon_hours, + uint16_t bad_password_count, + uint16_t logon_count, + uint16_t country_code, + uint16_t code_page, + uint8_t nt_password_set, + uint8_t lm_password_set, + uint8_t password_expired, + struct samr_CryptPasswordEx *pwd_buf); +void init_samr_user_info26(struct samr_UserInfo26 *r, + struct samr_CryptPasswordEx *pwd_buf, + uint8_t password_expired); void init_samr_CryptPasswordEx(const char *pwd, DATA_BLOB *session_key, struct samr_CryptPasswordEx *pwd_buf); diff --git a/source3/rpc_client/init_samr.c b/source3/rpc_client/init_samr.c index 19dd0b3..473fae7 100644 --- a/source3/rpc_client/init_samr.c +++ b/source3/rpc_client/init_samr.c @@ -508,6 +508,91 @@ void init_samr_user_info24(struct samr_UserInfo24 *r, } /* + init_samr_user_info25 + */ + +void init_samr_user_info25(struct samr_UserInfo25 *r, + NTTIME last_logon, + NTTIME last_logoff, + NTTIME last_password_change, + NTTIME acct_expiry, + NTTIME allow_password_change, + NTTIME force_password_change, + const char *account_name, + const char *full_name, + const char *home_directory, + const char *home_drive, + const char *logon_script, + const char *profile_path, + const char *description, + const char *workstations, + const char *comment, + struct lsa_BinaryString *parameters, + uint32_t rid, + uint32_t primary_gid, + uint32_t acct_flags, + uint32_t fields_present, + struct samr_LogonHours logon_hours, + uint16_t bad_password_count, + uint16_t logon_count, + uint16_t country_code, + uint16_t code_page, + uint8_t nt_password_set, +
svn commit: samba-web r1251 - in trunk: .
Author: kseeger Date: 2008-11-28 11:46:51 + (Fri, 28 Nov 2008) New Revision: 1251 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1251 Log: Add missing headline Karolin Modified: trunk/index.html Changeset: Modified: trunk/index.html === --- trunk/index.html2008-11-28 09:21:26 UTC (rev 1250) +++ trunk/index.html2008-11-28 11:46:51 UTC (rev 1251) @@ -19,6 +19,7 @@ h2Current Release/h2 +h427 November 2008/h4 p class=headlineSamba 3.3.0rc1 Available for Download/p pSamba 3.3.0rc1 is now available for download. This the first
[SCM] Samba Shared Repository - branch master updated - 1cf5c154aaab8b8c45145343e00ec452c6d0f5b5
The branch, master has been updated via 1cf5c154aaab8b8c45145343e00ec452c6d0f5b5 (commit) via fd2a15fa7813f5560bd7fdb9b5ed8e3880cae387 (commit) from 143097d71c15c1624446b56205639e0b863d35fe (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1cf5c154aaab8b8c45145343e00ec452c6d0f5b5 Author: Günther Deschner [EMAIL PROTECTED] Date: Fri Nov 28 22:01:18 2008 +0100 s4-smbtorture: add some more testcases to pwdlastset test. Guenther commit fd2a15fa7813f5560bd7fdb9b5ed8e3880cae387 Author: Günther Deschner [EMAIL PROTECTED] Date: Fri Nov 28 21:58:25 2008 +0100 s4-smbtorture: fix RPC-SAMR-PASSWORDS-PWDLASTSET with samba3 option. Guenther --- Summary of changes: source4/torture/rpc/samr.c | 149 ++- 1 files changed, 118 insertions(+), 31 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index 86a959d..01ff016 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -870,6 +870,8 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p, struct samr_GetUserPwInfo pwp; struct samr_PwInfo info; int policy_min_pw_len = 0; + const char *comment = NULL; + pwp.in.user_handle = handle; pwp.out.info = info; @@ -889,17 +891,23 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p, s.in.level = level; } + if (fields_present SAMR_FIELD_COMMENT) { + comment = talloc_asprintf(tctx, comment: %d\n, time(NULL)); + } + ZERO_STRUCT(u); switch (level) { case 21: u.info21.fields_present = fields_present; u.info21.password_expired = password_expired; + u.info21.comment.string = comment; break; case 23: u.info23.info.fields_present = fields_present; u.info23.info.password_expired = password_expired; + u.info23.info.comment.string = comment; encode_pw_buffer(u.info23.password.data, newpass, STR_UNICODE); @@ -913,6 +921,7 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p, case 25: u.info25.info.fields_present = fields_present; u.info25.info.password_expired = password_expired; + u.info25.info.comment.string = comment; encode_pw_buffer(u.info25.password.data, newpass, STR_UNICODE); @@ -962,8 +971,16 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p, status = dcerpc_samr_SetUserInfo(p, tctx, s); } - if (NT_STATUS_IS_ERR(expected_error)) { - torture_assert_ntstatus_equal(tctx, status, expected_error, ); + if (!NT_STATUS_IS_OK(expected_error)) { + if (use_setinfo2) { + torture_assert_ntstatus_equal(tctx, + s2.out.result, + expected_error, SetUserInfo2 failed); + } else { + torture_assert_ntstatus_equal(tctx, + s.out.result, + expected_error, SetUserInfo failed); + } return true; } @@ -2431,6 +2448,16 @@ static bool test_SetPassword_pwdlastset(struct dcerpc_pipe *p, .password_expired_nonzero = 1, .fields_present = SAMR_FIELD_LAST_PWD_CHANGE, .set_error = NT_STATUS_ACCESS_DENIED + },{ + .level = 21, + .password_expired_nonzero = 1, + .fields_present = 0, + .set_error = NT_STATUS_INVALID_PARAMETER + },{ + .level = 21, + .password_expired_nonzero = 1, + .fields_present = SAMR_FIELD_COMMENT, + #if 0 /* FIXME */ },{ @@ -2478,7 +2505,16 @@ static bool test_SetPassword_pwdlastset(struct dcerpc_pipe *p, .level = 23, .password_expired_nonzero = 1, .fields_present = SAMR_FIELD_PASSWORD | - SAMR_FIELD_PASSWORD2 + SAMR_FIELD_PASSWORD2, + },{ + .level = 23, + .password_expired_nonzero = 1, +
[SCM] Samba Shared Repository - branch master updated - 28099876f9a39f56a54fd2540532309c0d1e2877
The branch, master has been updated via 28099876f9a39f56a54fd2540532309c0d1e2877 (commit) via 42adfd1be2237bbe5430fe972143b548b42f6edb (commit) from 1cf5c154aaab8b8c45145343e00ec452c6d0f5b5 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 28099876f9a39f56a54fd2540532309c0d1e2877 Author: Günther Deschner [EMAIL PROTECTED] Date: Sat Nov 29 00:12:26 2008 +0100 s3-libnetjoin: Fix bug #5749. Re-set acctflags while joining. fix from metze. Guenther commit 42adfd1be2237bbe5430fe972143b548b42f6edb Author: Günther Deschner [EMAIL PROTECTED] Date: Sat Nov 29 00:10:18 2008 +0100 s3-libnetjoin: remove unused md4_trust_password, found by metze. Guenther --- Summary of changes: source3/libnet/libnet_join.c | 50 - 1 files changed, 29 insertions(+), 21 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 498c7af..908fb78 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -762,7 +762,6 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, struct lsa_String lsa_acct_name; uint32_t user_rid; uint32_t acct_flags = ACB_WSTRUST; - uchar md4_trust_password[16]; struct samr_Ids user_rids; struct samr_Ids name_types; union samr_UserInfo user_info; @@ -898,14 +897,6 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, goto done; } - /* Create a random machine account password and generate the hash */ - - E_md4hash(r-in.machine_password, md4_trust_password); - - init_samr_CryptPasswordEx(r-in.machine_password, - cli-user_session_key, - crypt_pwd_ex); - /* Fill in the additional account flags now */ acct_flags |= ACB_PWNOEXP; @@ -916,23 +907,40 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, ;; } - /* Set password and account flags on machine account */ - - ZERO_STRUCT(user_info.info25); - - user_info.info25.info.fields_present = ACCT_NT_PWD_SET | - ACCT_LM_PWD_SET | - SAMR_FIELD_ACCT_FLAGS; - - user_info.info25.info.acct_flags = acct_flags; - memcpy(user_info.info25.password.data, crypt_pwd_ex.data, - sizeof(crypt_pwd_ex.data)); + /* Set account flags on machine account */ + ZERO_STRUCT(user_info.info16); + user_info.info16.acct_flags = acct_flags; status = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx, user_pol, -25, +16, user_info); + if (!NT_STATUS_IS_OK(status)) { + + rpccli_samr_DeleteUser(pipe_hnd, mem_ctx, + user_pol); + + libnet_join_set_error_string(mem_ctx, r, + Failed to set account flags for machine account (%s)\n, + nt_errstr(status)); + goto done; + } + + /* Set password on machine account - first try level 26 */ + + init_samr_CryptPasswordEx(r-in.machine_password, + cli-user_session_key, + crypt_pwd_ex); + + init_samr_user_info26(user_info.info26, crypt_pwd_ex, + PASS_DONT_CHANGE_AT_NEXT_LOGON); + + status = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx, + user_pol, + 26, + user_info); + if (NT_STATUS_EQUAL(status, NT_STATUS(DCERPC_FAULT_INVALID_TAG))) { /* retry with level 24 */ -- Samba Shared Repository
Build status as of Sat Nov 29 00:00:02 2008
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2008-11-28 00:00:45.0 + +++ /home/build/master/cache/broken_results.txt 2008-11-29 00:00:39.0 + @@ -1,4 +1,4 @@ -Build status as of Fri Nov 28 00:00:01 2008 +Build status as of Sat Nov 29 00:00:02 2008 Build counts: Tree Total Broken Panic @@ -7,16 +7,16 @@ ctdb 0 0 0 distcc 1 0 0 ldb 32 32 0 -libreplace 31 12 0 +libreplace 30 12 0 lorikeet-heimdal 29 20 0 pidl 19 2 0 ppp 13 0 0 rsync32 13 0 samba-docs 0 0 0 samba-gtk5 5 0 -samba_3_X_devel 28 19 1 +samba_3_X_devel 28 18 1 samba_3_X_test 28 16 0 -samba_4_0_test 31 28 1 +samba_4_0_test 30 30 1 smb-build30 7 0 talloc 32 32 0 tdb 32 13 0