[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via b07eff31de4 net_ads_gpo: remove old '#if 0' blocks via 7c01a44f18b libgpo: parse_gp_ext: do not crash upon no ext_strings from a18ffe26b3b smbd: RIP user_struct https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit b07eff31de43adb0cd6eab217ca85cd5ba6f3621 Author: Douglas Bagnall Date: Fri Jan 10 16:06:33 2020 +1300 net_ads_gpo: remove old '#if 0' blocks I think the dump_gpo() calls do enough, and this code has done nothing for a decade. Signed-off-by: Douglas Bagnall Reviewed-by: Gary Lockyer Autobuild-User(master): Gary Lockyer Autobuild-Date(master): Mon Jan 13 23:52:26 UTC 2020 on sn-devel-184 commit 7c01a44f18b679709d141b2d05e576ee084039b4 Author: Douglas Bagnall Date: Fri Jan 10 15:45:45 2020 +1300 libgpo: parse_gp_ext: do not crash upon no ext_strings Signed-off-by: Douglas Bagnall Reviewed-by: Gary Lockyer --- Summary of changes: libgpo/gpo_ldap.c | 4 +++- source3/utils/net_ads_gpo.c | 45 - 2 files changed, 3 insertions(+), 46 deletions(-) Changeset truncated at 500 lines: diff --git a/libgpo/gpo_ldap.c b/libgpo/gpo_ldap.c index e5a5adb7235..2d95f74276c 100644 --- a/libgpo/gpo_ldap.c +++ b/libgpo/gpo_ldap.c @@ -98,7 +98,9 @@ bool ads_parse_gp_ext(TALLOC_CTX *mem_ctx, for (k = 0; ext_strings[k] != NULL; k++) { /* no op */ } - + if (k == 0) { + goto parse_error; + } q = ext_strings[0]; if (q[0] == '{') { diff --git a/source3/utils/net_ads_gpo.c b/source3/utils/net_ads_gpo.c index cd77f93ffd3..4a2d19a4ba5 100644 --- a/source3/utils/net_ads_gpo.c +++ b/source3/utils/net_ads_gpo.c @@ -134,29 +134,7 @@ static int net_ads_gpo_refresh(struct net_context *c, int argc, const char **arg d_printf(_("* dumping GPO list\n")); for (gpo = gpo_list; gpo; gpo = gpo->next) { - dump_gpo(gpo, 0); -#if 0 - char *server, *share, *nt_path, *unix_path; - - d_printf("--\n"); - d_printf("Name:\t\t\t%s\n", gpo->display_name); - d_printf("LDAP GPO version:\t%d (user: %d, machine: %d)\n", - gpo->version, - GPO_VERSION_USER(gpo->version), - GPO_VERSION_MACHINE(gpo->version)); - - result = gpo_explode_filesyspath(mem_ctx, gpo->file_sys_path, -, , _path, -_path); - if (!NT_STATUS_IS_OK(result)) { - d_printf("got: %s\n", nt_errstr(result)); - } - - d_printf("GPO stored on server: %s, share: %s\n", server, share); - d_printf("\tremote path:\t%s\n", nt_path); - d_printf("\tlocal path:\t%s\n", unix_path); -#endif } } @@ -179,30 +157,7 @@ static int net_ads_gpo_refresh(struct net_context *c, int argc, const char **arg d_printf(_("* dumping GPO list from registry\n")); for (gpo = read_list; gpo; gpo = gpo->next) { - dump_gpo(gpo, 0); - -#if 0 - char *server, *share, *nt_path, *unix_path; - - d_printf("--\n"); - d_printf("Name:\t\t\t%s\n", gpo->display_name); - d_printf("LDAP GPO version:\t%d (user: %d, machine: %d)\n", - gpo->version, - GPO_VERSION_USER(gpo->version), - GPO_VERSION_MACHINE(gpo->version)); - - result = gpo_explode_filesyspath(mem_ctx, gpo->file_sys_path, -, , _path, -_path); - if (!NT_STATUS_IS_OK(result)) { - d_printf("got: %s\n", nt_errstr(result)); - } - - d_printf("GPO stored on server: %s, share: %s\n", server, share); - d_printf("\tremote path:\t%s\n", nt_path); - d_printf("\tlocal path:\t%s\n", unix_path); -#endif } } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via a18ffe26b3b smbd: RIP user_struct via 5f85090d78c smbd: use smbXsrv_session_info_lookup() in become_user_without_service() via cdab99ba1e7 smbd: remove using vuser from smbd_smb2_tree_connect() via 1d797a839d4 smbd: don't use vuser in make_connection() via 758c42ec5dd smbd: remove unused vuser arg from make_connection_smb2() via 893aba4d65b smbd: remove unused vuser arg from make_connection_smb1() via 9ef30c75b06 smbd: use req->session instead of vuser->session in make_connection_smb1() via 8be0ca8e19b smbd: remove use of user_struct from reply_ulogoffX() via 4b89100dc8d smbd: use smbXsrv_session_local_traverse() in id_in_use() via 18b43aeb574 smbd: add smbXsrv_session_local_traverse() via d2b5f85d221 smbd: remove enum server_allocated_state magic from get_valid_user_struct() via c3d22018679 smbd: use get_valid_smbXsrv_session() in invalidate_vuid() via dd9735b1da7 smbd: add get_valid_smbXsrv_session() via a22b503819c smbd: use session->global->auth_session_info in switch_message() via 54d626cc77e smbd: remove dependency on session->compat in smbXsrv_session_logoff() via 25524c8e78b smbd: use smbXsrv_session_info_lookup() in api_reply() via c3f890fb1e9 smbd: use smbXsrv_session_info_lookup() in api_WWkstaUserLogon() via 46f51912aea smbd: share level security is long gone... via 57d4689273f smbd: use smbXsrv_session_info_lookup() in change_to_user_and_service() via e80aca04278 smbd: introduce smbXsrv_session_info_lookup() via 96fd0ddd02e smbd: remove vuser arg from make_connection_snum() via c1d0a70d19e smbd: use session->global->auth_session_info in make_connection_snum() via 61fa0f99768 smbd: remove vuid from struct user_struct via bcadd7d798e smbd: use session->global->session_wire_id instead of session->compat->vuid via 5992f8fa93a smbd: pass smbXsrv_session to make_connection_snum() via 8aae1ef5c0b smbd: move homes_snum from struct user_struct to struct smbXsrv_session via aa27bceff19 smbd: add session to struct smb_request via 15ee379ef11 s3: lib: dbwrap. Cleanup. Add a couple of missing 'return NULL' statements on talloc fail. via 36ea1e188d5 s3: lib: dbwrap_ctdb: Ensure value_valid is set true if we find the record in the marshall buffer. from c6d880a1150 s3-rpcserver: fix security level check for DsRGetForestTrustInformation https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a18ffe26b3be13e45622172c4ade258cfc8fa783 Author: Ralph Boehme Date: Mon Jan 6 10:14:11 2020 +0100 smbd: RIP user_struct At last, the nail in the coffin. :) Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Mon Jan 13 21:09:01 UTC 2020 on sn-devel-184 commit 5f85090d78c11c9c4ef58954b947a8bc71481e18 Author: Ralph Boehme Date: Thu Jan 2 17:24:47 2020 +0100 smbd: use smbXsrv_session_info_lookup() in become_user_without_service() Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison commit cdab99ba1e7ef48faeacf7ec45651ce5b48dc5d4 Author: Ralph Boehme Date: Thu Jan 2 17:21:06 2020 +0100 smbd: remove using vuser from smbd_smb2_tree_connect() Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison commit 1d797a839d4f96da649ff13bf8c6c7ea4b52ae44 Author: Ralph Boehme Date: Thu Jan 2 17:16:38 2020 +0100 smbd: don't use vuser in make_connection() Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison commit 758c42ec5dd3dd8bba7b4f74741dc9b02cfb0d73 Author: Ralph Boehme Date: Thu Jan 2 17:09:26 2020 +0100 smbd: remove unused vuser arg from make_connection_smb2() Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison commit 893aba4d65b6f2bdcd49ba3618f882fad0d5df49 Author: Ralph Boehme Date: Thu Jan 2 17:07:23 2020 +0100 smbd: remove unused vuser arg from make_connection_smb1() Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison commit 9ef30c75b065876fee05103a4ad1b0d70d2d86c6 Author: Ralph Boehme Date: Thu Jan 2 17:06:23 2020 +0100 smbd: use req->session instead of vuser->session in make_connection_smb1() Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison commit 8be0ca8e19b861d13038769289325537c101072b Author: Ralph Boehme Date: Thu Jan 2 16:26:03 2020 +0100 smbd: remove use of user_struct from reply_ulogoffX() Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison commit 4b89100dc8d7620657fa1e6335d47df97188c102 Author: Ralph Boehme Date: Thu Jan 2 14:47:51 2020 +0100 smbd: use smbXsrv_session_local_traverse() in id_in_use() Signed-off-by: Ralph Boehme
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via c6d880a1150 s3-rpcserver: fix security level check for DsRGetForestTrustInformation from beb386b584b fuzz: add a fuzzer for parsing ldb controls https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c6d880a115095c336b8b74f45854a99abb1bbb87 Author: Alexander Bokovoy Date: Tue Jan 7 19:25:53 2020 +0200 s3-rpcserver: fix security level check for DsRGetForestTrustInformation Harmonize _netr_DsRGetForestTrustInformation with source4/ logic which didn't change since DCE RPC channel refactoring. With the current code we return RPC faul as can be seen in the logs: 2019/12/11 17:12:55.463081, 1, pid=20939, effective(128420, 128420), real(128420, 0), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) netr_DsRGetForestTrustInformation: struct netr_DsRGetForestTrustInformation in: struct netr_DsRGetForestTrustInformation server_name : * server_name : '\\some-dc.example.com' trusted_domain_name : NULL flags: 0x (0) [2019/12/11 17:12:55.463122, 4, pid=20939, effective(128420, 128420), real(128420, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1561(api_rpcTNP) api_rpcTNP: fault(5) return. This is due to this check in processing a request: if (!(p->pipe_bound && (p->auth.auth_type != DCERPC_AUTH_TYPE_NONE) && (p->auth.auth_level != DCERPC_AUTH_LEVEL_NONE))) { p->fault_state = DCERPC_FAULT_ACCESS_DENIED; return WERR_ACCESS_DENIED; } and since we get AuthZ response, Successful AuthZ: [netlogon,ncacn_np] user [EXAMPLE]\[admin] [S-1-5-21-1234567-890123456-500] at [Wed, 11 Dec 2019 17:12:55.461164 UTC] Remote host [ipv4:Y.Y.Y.Y:59017] local host [ipv4:X.X.X.X:445] [2019/12/11 17:12:55.461584, 4, pid=20939, effective(0, 0), real(0, 0)] ../lib/audit_logging/audit_logging.c:141(audit_log_json) JSON Authorization: {"timestamp": "2019-12-11T17:12:55.461491+", "type": "Authorization", "Authorization": {"version": {"major": 1, "minor": 1}, "localAddress": "ipv4:X.X.X.X:445", "remoteAddress": "ipv4:Y.Y.Y.Y:59017", "serviceDescription": "netlogon", "authType": "ncacn_np", "domain": "EXAMPLE", "account": "admin", "sid": "S-1-5-21-1234567-890123456-500", "sessionId": "c5a2386f-f2cc-4241-9a9e-d104cf5859d5", "logonServer": "SOME-DC", "transportProtection": "SMB", "accountFlags": "0x0010"}} this means we are actually getting anonymous DCE/RPC access to netlogon on top of authenticated SMB connection. In such case we have exactly auth_type set to DCERPC_AUTH_TYPE_NONE and auth_level set to DCERPC_AUTH_LEVEL_NONE in the pipe->auth. Thus, returning an error. Update the code to follow the same security level check as in s4 variant of the call. Signed-off-by: Alexander Bokovoy Reviewed-by: Guenther Deschner Autobuild-User(master): Günther Deschner Autobuild-Date(master): Mon Jan 13 15:05:28 UTC 2020 on sn-devel-184 --- Summary of changes: source3/rpc_server/netlogon/srv_netlog_nt.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c index cbbf9feedc7..52b17c10e61 100644 --- a/source3/rpc_server/netlogon/srv_netlog_nt.c +++ b/source3/rpc_server/netlogon/srv_netlog_nt.c @@ -2451,10 +2451,10 @@ WERROR _netr_DsRGetForestTrustInformation(struct pipes_struct *p, { NTSTATUS status; struct lsa_ForestTrustInformation *info, **info_ptr; + enum security_user_level security_level; - if (!(p->pipe_bound && (p->auth.auth_type != DCERPC_AUTH_TYPE_NONE) - && (p->auth.auth_level != DCERPC_AUTH_LEVEL_NONE))) { - p->fault_state = DCERPC_FAULT_ACCESS_DENIED; + security_level = security_session_user_level(p->session_info, NULL); + if (security_level < SECURITY_USER) { return WERR_ACCESS_DENIED; } -- Samba Shared Repository