[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via b07eff31de4 net_ads_gpo: remove old '#if 0' blocks
via 7c01a44f18b libgpo: parse_gp_ext: do not crash upon no ext_strings
from a18ffe26b3b smbd: RIP user_struct
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit b07eff31de43adb0cd6eab217ca85cd5ba6f3621
Author: Douglas Bagnall
Date: Fri Jan 10 16:06:33 2020 +1300
net_ads_gpo: remove old '#if 0' blocks
I think the dump_gpo() calls do enough, and this code has done nothing
for a decade.
Signed-off-by: Douglas Bagnall
Reviewed-by: Gary Lockyer
Autobuild-User(master): Gary Lockyer
Autobuild-Date(master): Mon Jan 13 23:52:26 UTC 2020 on sn-devel-184
commit 7c01a44f18b679709d141b2d05e576ee084039b4
Author: Douglas Bagnall
Date: Fri Jan 10 15:45:45 2020 +1300
libgpo: parse_gp_ext: do not crash upon no ext_strings
Signed-off-by: Douglas Bagnall
Reviewed-by: Gary Lockyer
---
Summary of changes:
libgpo/gpo_ldap.c | 4 +++-
source3/utils/net_ads_gpo.c | 45 -
2 files changed, 3 insertions(+), 46 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libgpo/gpo_ldap.c b/libgpo/gpo_ldap.c
index e5a5adb7235..2d95f74276c 100644
--- a/libgpo/gpo_ldap.c
+++ b/libgpo/gpo_ldap.c
@@ -98,7 +98,9 @@ bool ads_parse_gp_ext(TALLOC_CTX *mem_ctx,
for (k = 0; ext_strings[k] != NULL; k++) {
/* no op */
}
-
+ if (k == 0) {
+ goto parse_error;
+ }
q = ext_strings[0];
if (q[0] == '{') {
diff --git a/source3/utils/net_ads_gpo.c b/source3/utils/net_ads_gpo.c
index cd77f93ffd3..4a2d19a4ba5 100644
--- a/source3/utils/net_ads_gpo.c
+++ b/source3/utils/net_ads_gpo.c
@@ -134,29 +134,7 @@ static int net_ads_gpo_refresh(struct net_context *c, int
argc, const char **arg
d_printf(_("* dumping GPO list\n"));
for (gpo = gpo_list; gpo; gpo = gpo->next) {
-
dump_gpo(gpo, 0);
-#if 0
- char *server, *share, *nt_path, *unix_path;
-
- d_printf("--\n");
- d_printf("Name:\t\t\t%s\n", gpo->display_name);
- d_printf("LDAP GPO version:\t%d (user: %d, machine: %d)\n",
- gpo->version,
- GPO_VERSION_USER(gpo->version),
- GPO_VERSION_MACHINE(gpo->version));
-
- result = gpo_explode_filesyspath(mem_ctx, gpo->file_sys_path,
-, , _path,
-_path);
- if (!NT_STATUS_IS_OK(result)) {
- d_printf("got: %s\n", nt_errstr(result));
- }
-
- d_printf("GPO stored on server: %s, share: %s\n", server,
share);
- d_printf("\tremote path:\t%s\n", nt_path);
- d_printf("\tlocal path:\t%s\n", unix_path);
-#endif
}
}
@@ -179,30 +157,7 @@ static int net_ads_gpo_refresh(struct net_context *c, int
argc, const char **arg
d_printf(_("* dumping GPO list from registry\n"));
for (gpo = read_list; gpo; gpo = gpo->next) {
-
dump_gpo(gpo, 0);
-
-#if 0
- char *server, *share, *nt_path, *unix_path;
-
- d_printf("--\n");
- d_printf("Name:\t\t\t%s\n", gpo->display_name);
- d_printf("LDAP GPO version:\t%d (user: %d, machine: %d)\n",
- gpo->version,
- GPO_VERSION_USER(gpo->version),
- GPO_VERSION_MACHINE(gpo->version));
-
- result = gpo_explode_filesyspath(mem_ctx, gpo->file_sys_path,
-, , _path,
-_path);
- if (!NT_STATUS_IS_OK(result)) {
- d_printf("got: %s\n", nt_errstr(result));
- }
-
- d_printf("GPO stored on server: %s, share: %s\n", server,
share);
- d_printf("\tremote path:\t%s\n", nt_path);
- d_printf("\tlocal path:\t%s\n", unix_path);
-#endif
}
}
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via a18ffe26b3b smbd: RIP user_struct via 5f85090d78c smbd: use smbXsrv_session_info_lookup() in become_user_without_service() via cdab99ba1e7 smbd: remove using vuser from smbd_smb2_tree_connect() via 1d797a839d4 smbd: don't use vuser in make_connection() via 758c42ec5dd smbd: remove unused vuser arg from make_connection_smb2() via 893aba4d65b smbd: remove unused vuser arg from make_connection_smb1() via 9ef30c75b06 smbd: use req->session instead of vuser->session in make_connection_smb1() via 8be0ca8e19b smbd: remove use of user_struct from reply_ulogoffX() via 4b89100dc8d smbd: use smbXsrv_session_local_traverse() in id_in_use() via 18b43aeb574 smbd: add smbXsrv_session_local_traverse() via d2b5f85d221 smbd: remove enum server_allocated_state magic from get_valid_user_struct() via c3d22018679 smbd: use get_valid_smbXsrv_session() in invalidate_vuid() via dd9735b1da7 smbd: add get_valid_smbXsrv_session() via a22b503819c smbd: use session->global->auth_session_info in switch_message() via 54d626cc77e smbd: remove dependency on session->compat in smbXsrv_session_logoff() via 25524c8e78b smbd: use smbXsrv_session_info_lookup() in api_reply() via c3f890fb1e9 smbd: use smbXsrv_session_info_lookup() in api_WWkstaUserLogon() via 46f51912aea smbd: share level security is long gone... via 57d4689273f smbd: use smbXsrv_session_info_lookup() in change_to_user_and_service() via e80aca04278 smbd: introduce smbXsrv_session_info_lookup() via 96fd0ddd02e smbd: remove vuser arg from make_connection_snum() via c1d0a70d19e smbd: use session->global->auth_session_info in make_connection_snum() via 61fa0f99768 smbd: remove vuid from struct user_struct via bcadd7d798e smbd: use session->global->session_wire_id instead of session->compat->vuid via 5992f8fa93a smbd: pass smbXsrv_session to make_connection_snum() via 8aae1ef5c0b smbd: move homes_snum from struct user_struct to struct smbXsrv_session via aa27bceff19 smbd: add session to struct smb_request via 15ee379ef11 s3: lib: dbwrap. Cleanup. Add a couple of missing 'return NULL' statements on talloc fail. via 36ea1e188d5 s3: lib: dbwrap_ctdb: Ensure value_valid is set true if we find the record in the marshall buffer. from c6d880a1150 s3-rpcserver: fix security level check for DsRGetForestTrustInformation https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a18ffe26b3be13e45622172c4ade258cfc8fa783 Author: Ralph Boehme Date: Mon Jan 6 10:14:11 2020 +0100 smbd: RIP user_struct At last, the nail in the coffin. :) Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Mon Jan 13 21:09:01 UTC 2020 on sn-devel-184 commit 5f85090d78c11c9c4ef58954b947a8bc71481e18 Author: Ralph Boehme Date: Thu Jan 2 17:24:47 2020 +0100 smbd: use smbXsrv_session_info_lookup() in become_user_without_service() Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison commit cdab99ba1e7ef48faeacf7ec45651ce5b48dc5d4 Author: Ralph Boehme Date: Thu Jan 2 17:21:06 2020 +0100 smbd: remove using vuser from smbd_smb2_tree_connect() Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison commit 1d797a839d4f96da649ff13bf8c6c7ea4b52ae44 Author: Ralph Boehme Date: Thu Jan 2 17:16:38 2020 +0100 smbd: don't use vuser in make_connection() Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison commit 758c42ec5dd3dd8bba7b4f74741dc9b02cfb0d73 Author: Ralph Boehme Date: Thu Jan 2 17:09:26 2020 +0100 smbd: remove unused vuser arg from make_connection_smb2() Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison commit 893aba4d65b6f2bdcd49ba3618f882fad0d5df49 Author: Ralph Boehme Date: Thu Jan 2 17:07:23 2020 +0100 smbd: remove unused vuser arg from make_connection_smb1() Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison commit 9ef30c75b065876fee05103a4ad1b0d70d2d86c6 Author: Ralph Boehme Date: Thu Jan 2 17:06:23 2020 +0100 smbd: use req->session instead of vuser->session in make_connection_smb1() Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison commit 8be0ca8e19b861d13038769289325537c101072b Author: Ralph Boehme Date: Thu Jan 2 16:26:03 2020 +0100 smbd: remove use of user_struct from reply_ulogoffX() Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison commit 4b89100dc8d7620657fa1e6335d47df97188c102 Author: Ralph Boehme Date: Thu Jan 2 14:47:51 2020 +0100 smbd: use smbXsrv_session_local_traverse() in id_in_use() Signed-off-by: Ralph Boehme
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via c6d880a1150 s3-rpcserver: fix security level check for
DsRGetForestTrustInformation
from beb386b584b fuzz: add a fuzzer for parsing ldb controls
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit c6d880a115095c336b8b74f45854a99abb1bbb87
Author: Alexander Bokovoy
Date: Tue Jan 7 19:25:53 2020 +0200
s3-rpcserver: fix security level check for DsRGetForestTrustInformation
Harmonize _netr_DsRGetForestTrustInformation with source4/ logic which
didn't change since DCE RPC channel refactoring.
With the current code we return RPC faul as can be seen in the logs:
2019/12/11 17:12:55.463081, 1, pid=20939, effective(128420,
128420), real(128420, 0), class=rpc_parse]
../librpc/ndr/ndr.c:471(ndr_print_function_debug)
netr_DsRGetForestTrustInformation: struct
netr_DsRGetForestTrustInformation
in: struct netr_DsRGetForestTrustInformation
server_name : *
server_name : '\\some-dc.example.com'
trusted_domain_name : NULL
flags: 0x (0)
[2019/12/11 17:12:55.463122, 4, pid=20939, effective(128420,
128420), real(128420, 0), class=rpc_srv]
../source3/rpc_server/srv_pipe.c:1561(api_rpcTNP)
api_rpcTNP: fault(5) return.
This is due to this check in processing a request:
if (!(p->pipe_bound && (p->auth.auth_type != DCERPC_AUTH_TYPE_NONE)
&& (p->auth.auth_level != DCERPC_AUTH_LEVEL_NONE))) {
p->fault_state = DCERPC_FAULT_ACCESS_DENIED;
return WERR_ACCESS_DENIED;
}
and since we get AuthZ response,
Successful AuthZ: [netlogon,ncacn_np] user [EXAMPLE]\[admin]
[S-1-5-21-1234567-890123456-500] at [Wed, 11 Dec 2019 17:12:55.461164 UTC]
Remote host [ipv4:Y.Y.Y.Y:59017] local host [ipv4:X.X.X.X:445]
[2019/12/11 17:12:55.461584, 4, pid=20939, effective(0, 0), real(0, 0)]
../lib/audit_logging/audit_logging.c:141(audit_log_json)
JSON Authorization: {"timestamp": "2019-12-11T17:12:55.461491+",
"type": "Authorization", "Authorization": {"version": {"major": 1,
"minor": 1},
"localAddress": "ipv4:X.X.X.X:445", "remoteAddress":
"ipv4:Y.Y.Y.Y:59017",
"serviceDescription": "netlogon", "authType": "ncacn_np",
"domain": "EXAMPLE", "account": "admin", "sid":
"S-1-5-21-1234567-890123456-500",
"sessionId": "c5a2386f-f2cc-4241-9a9e-d104cf5859d5", "logonServer":
"SOME-DC",
"transportProtection": "SMB", "accountFlags": "0x0010"}}
this means we are actually getting anonymous DCE/RPC access to netlogon
on top of authenticated SMB connection. In such case we have exactly
auth_type set to DCERPC_AUTH_TYPE_NONE and auth_level set to
DCERPC_AUTH_LEVEL_NONE in the pipe->auth. Thus, returning an error.
Update the code to follow the same security level check as in s4 variant
of the call.
Signed-off-by: Alexander Bokovoy
Reviewed-by: Guenther Deschner
Autobuild-User(master): Günther Deschner
Autobuild-Date(master): Mon Jan 13 15:05:28 UTC 2020 on sn-devel-184
---
Summary of changes:
source3/rpc_server/netlogon/srv_netlog_nt.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c
b/source3/rpc_server/netlogon/srv_netlog_nt.c
index cbbf9feedc7..52b17c10e61 100644
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -2451,10 +2451,10 @@ WERROR _netr_DsRGetForestTrustInformation(struct
pipes_struct *p,
{
NTSTATUS status;
struct lsa_ForestTrustInformation *info, **info_ptr;
+ enum security_user_level security_level;
- if (!(p->pipe_bound && (p->auth.auth_type != DCERPC_AUTH_TYPE_NONE)
- && (p->auth.auth_level != DCERPC_AUTH_LEVEL_NONE))) {
- p->fault_state = DCERPC_FAULT_ACCESS_DENIED;
+ security_level = security_session_user_level(p->session_info, NULL);
+ if (security_level < SECURITY_USER) {
return WERR_ACCESS_DENIED;
}
--
Samba Shared Repository
