The branch, v4-20-stable has been updated
via 3de528753a4 VERSION: Disable GIT_SNAPSHOT for the 4.20.6 release.
via 609ab9a783a WHATSNEW: Add release notes for Samba 4.20.6.
via 42bfbb012f9 BUG 15590 ldb: Release LDB 2.9.2
via 7b4629ef84a libcli/auth: make use of
netlogon_creds_cli_check_transport() in more places
via aa4add0053b libcli/auth: split out
netlogon_creds_cli_check_transport()
via 21e93556300 libcli/auth: let netlogon_creds_copy() copy all scalar
elements
via 75e62cc19be s4:librpc/rpc: make use of
netlogon_creds_client_verify()
via 77a02d6e79b libcli/auth: make use of netlogon_creds_client_verify()
via 1de6cffa683 libcli/auth: split out netlogon_creds_client_verify()
that takes auth_{type,level}
via 0c61920c887 libcli/auth: pass auth_{type,level} to
netlogon_creds_server_step_check()
via 200fc14fb8e libcli/auth: pass auth_{type,level} to
schannel_check_creds_state()
via 270499b1c9e libcli/auth: return INVALID_PARAMETER for DES in
netlogon_creds_{de,en}crypt_samlogon_logon
via 6b32dcf6ea2 s4:rpc_server/netlogon: make use of
netlogon_creds_decrypt_SendToSam
via dc7ab826ef3 s4:rpc_server/netlogon: make use of
netlogon_creds_decrypt_samr_CryptPassword
via 3aefe6a54a7 s4:rpc_server/netlogon: make use of
netlogon_creds_{de,en}crypt_samr_Password()
via cb5ed3bf75b s3:rpc_server/netlogon: make use of
netlogon_creds_decrypt_samr_CryptPassword()
via 27ae047ba55 s3:rpc_server/netlogon: make use of
netlogon_creds_{de,en}crypt_samr_Password
via 5792c2ce9d4 s4:torture/rpc: make use of
netlogon_creds_{de,en}crypt_samr_Password
via 3768134cae8 s4:torture/rpc: make use of
netlogon_creds_encrypt_samr_CryptPassword()
via 78ff2be8592 s4:torture/rpc: make use of
netlogon_creds_decrypt_samlogon_validation()
via c9c23c1a96b s4:torture/rpc: make use of
netlogon_creds_encrypt_samlogon_logon()
via 856aaaf881f libcli/auth: make use of
netlogon_creds_{de,en}crypt_samr_Password
via 8f035b80223 libcli/auth: make use of
netlogon_creds_encrypt_SendToSam
via b85a1d526ca libcli/auth: make use of
netlogon_creds_encrypt_samr_CryptPassword
via a03fb784134 libcli/auth: make
netlogon_creds_des_{de,en}crypt_LMKey() static
via 10da7c803b1 python/tests: use encrypt_netr_PasswordInfo in
KDCBaseTest._test_samlogon()
via 254440c71a8 pycredentials: add py_creds_encrypt_netr_PasswordInfo
helper
via 7f1db18b446 pycredentials: make use of
netlogon_creds_encrypt_samr_CryptPassword in
py_creds_encrypt_netr_crypt_password
via a616dcc89d9 libcli/auth: add netlogon_creds_{de,en}crypt_SendToSam()
via 536080d084e libcli/auth: add
netlogon_creds_{de,en}crypt_samr_CryptPassword()
via 1aa11e2af6e libcli/auth: add
netlogon_creds_{de,en}crypt_samr_Password()
via 838e5257d2a libcli/auth: pass auth_{type,level} to
netlogon_creds_{de,en}crypt_samlogon_logon()
via 91154188e28 libcli/auth: pass auth_{type,level} to
netlogon_creds_{de,en}crypt_samlogon_validation()
via 1637e23c35d netlogon.idl: add netr_ServerAuthenticateKerberos() and
related stuff
via 86ebe5e4e6d s3:rpc_server: add DCESRV_COMPAT_NOT_USED_ON_WIRE()
helper macro
via 447a9c782b9 dcesrv_core: add DCESRV_NOT_USED_ON_WIRE() helper macro
via 6a50b1aea3a s4:rpc_server/netlogon: split out
dcesrv_netr_ServerAuthenticateGeneric()
via 6bd5d4d204a s4:dsdb/common: dsdb_trust_get_incoming_passwords only
needs a const ldb_message
via c3b5697dd2e libcli/auth: split out netlogon_creds_alloc()
via 4419fc6c48f libcli/auth: let netlogon_creds_cli_store_internal
check netlogon_creds_CredentialState_legacy
via bc8dcaa109e libcli/auth: let netlogon_creds_cli_store_internal()
use talloc_stackframe()
via 1debb3d3743 libcli/auth: also use
netlogon_creds_CredentialState_extra_info for the client
via 4aa40fd5be0 s4:torture/rpc: let test_netlogon_capabilities() fail
on legacy servers
via fa49a8ad2b0 s4:rpc_server/netlogon: implement
netr_LogonGetCapabilities query_level=2
via 1acd16876bb s3:rpc_server/netlogon: implement
netr_LogonGetCapabilities query_level=2
via 5c74014ae82 libcli/auth: remember client_requested_flags and
auth_time in netlogon_creds_server_init()
via 71c0e187665 libcli/auth: remove unused creds->sid
via 0b85452df0f s4:rpc_server/netlogon: make use of
creds->ex->client_sid
via 6d117ea4c8b s3:rpc_server/netlogon: make use of
creds->ex->client_sid
via 9ff331f9b9c librpc/rpc: make use of creds->ex->client_sid in
dcesrv_netr_check_schannel_get_state()
via 02bc35458be libcli/auth: split out
netlogon_creds_CredentialState_extra_info
via 878482663eb libcli/auth: pass client_sid to
netlogon_creds_server_init()
via dcb07d4504c s4:rpc_server/netlogon: add client_sid helper variables
via ca97536d7d2 s3:rpc_server/netlogon: add client_sid helper variables
via a3b8c49a998 s4:dsdb/common: samdb_confirm_rodc_allowed_to_repl_to()
only needs a const sid
via 8d4d6fc8d21 s3:cli_netlogon: let rpccli_connect_netlogon() use
force_reauth = true on retry
via adcd2436bf0 s4:torture/rpc/netlogon: adjust
test_netlogon_capabilities query_level=2 to request_flags
via d0b2469385f s4:librpc/rpc: use netr_LogonGetCapabilities
query_level=2 to verify the proposed capabilities
via 620065e13df s4:librpc/rpc: define required schannel flags and
enforce them
via a73571c0747 s4:librpc/rpc: don't allow any unexpected upgrades of
negotiate_flags
via 20661a24ff2 s4:librpc/rpc: do LogonControl after
LogonGetCapabilities downgrade
via 560aa3e3db1 libcli/auth: use netr_LogonGetCapabilities
query_level=2 to verify the proposed capabilities
via 3a33457f23c libcli/auth: use a LogonControl after a
LogonGetCapabilities downgrade
via 28a7372c58d libcli/auth: if we require aes we don't need to require
arcfour nor strong key
via 84f4313aa9b libcli/auth: don't allow any unexpected upgrades of
negotiate_flags
via b3fd6d36e99 libcli/auth: make use of
netlogon_creds_cli_store_internal() in netlogon_creds_cli_auth_srvauth_done()
via 1dcb72dcac2 libcli/auth: remove unused
netlogon_creds_client_init_session_key()
via e476b15d1bd netlogon.idl: the capabilities in query_level=2 are the
ones send by the client
via 92fc4f2b683 s4:rpc_server/netlogon: if we require AES there's no
need to remove the ARCFOUR flag
via 41a60326a3d s3:rpc_server/netlogon: if we require AES there's no
need to remove the ARCFOUR flag
via e39ca0ed85e s3:rpc_server/netlogon: correctly negotiate flags in
ServerAuthenticate2/3
via f467f83fbda s4:torture/rpc: without weak crypto we should require
AES
via e463774b7cc s4:torture/rpc: check that DOWNGRADE_DETECTED has no
bits negotiated
via 568ebd48af4 s4:rpc_server: Make some arrays static
via cc3a1195855 s3:winbindd: call process_set_title() for locator child
via 81f92c8a62f third_party/heimdal: Import
lorikeet-heimdal-202410161454 (commit 0d61538a16b5051c820702f0711102112cd01a83)
via 6bcccb5c7be smbd: fix sharing access check for directories
via 3572ffa6c5d smbd: fix share access check for overwrite dispostions
via 2c7f99a68c0 smbtorture: add subtests for overwrite dispositions vs
sharemodes
via dca5bd464dd smbtorture: fix smb2.notify.mask test
via d6185526693 smbtorture: prepare test_overwrite_read_only_file() for
more subtests
via 1a74def369c dcesrv_core: better fault codes
dcesrv_auth_prepare_auth3()
via bef660cfee2 dcesrv_core: fix the auth3 for large ntlmssp messages
via 70889a5f2f4 gensec:spnego: ignore trailing bytes in
SPNEGO_SERVER_START state
via a7742b35192 gensec:ntlmssp: only allow messages up to 2888 bytes
via fd7bfa6ad2e dcesrv_core: alter_context logon failures should result
in DCERPC_FAULT_ACCESS_DENIED
via b6dd675372a dcesrv_core: a failure from gensec_update results in
NAK_REASON_INVALID_CHECKSUM
via 6309b9a770c dcerpc_util: let dcerpc_pull_auth_trailer() ignore
data_and_pad for bind, alter, auth3
via 8c33f14b97f dcerpc_util: let dcerpc_pull_auth_trailer() expose the
reject reason
via 1dbcb533af1 dcerpc_util: let dcerpc_pull_auth_trailer() check that
auth_offset is 4 bytes aligned
via 432f8a3b690 tests/dcerpc/raw_protocol: test invalid schannel binds
via 5efc2a0ea97 tests/dcerpc/raw_protocol: add more tests for auth_pad
alignment
via a6dec953e74 tests/dcerpc/raw_protocol: add tests for max
auth_padding, auth_len or auth_offset
via 7185f309460 tests/dcerpc/raw_protocol: fix comment in
test_spnego_change_auth_type1
via d896ce18e0d tests/dcerpc/raw_protocol: test_no_auth_ctx_request
via fd6e9855c33 dcesrv_core: introduce
dcesrv_connection->transport_max_recv_frag
via 71aad11c2c0 tests/dcerpc/raw_protocol: run test_neg_xmit_ffff_ffff
over tcp and smb
via 7bd44b9fb0b dcesrv_core: add more verbose debugging for missing
association groups
via 8d902a20031 RawDCERPCTest: add some more auth_length related asserts
via f2705e5b3b3 RawDCERPCTest: split prepare_pdu() and send_pdu_blob()
out of send_pdu()
via d921255c842 s4:librpc: provide py_schannel bindings
via 5e2aa6bf037 dcerpc_util: don't allow auth_padding for BIND,
ALTER_CONTEXT and AUTH3 pdus
via 0c7983db19f tests/dcerpc/raw_protocol: add more test for auth
padding during ALTER_CONTEXT/AUTH3
via 8ee66862dbb dcesrv_core: return
NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED for binds without contexts
via 74b127d0373 dcesrv_core: disconnect after a fault with non
AUTH_LEVEL_CONNECT bind
via d095ad71cc5 s4:selftest: only run ad_member with
AUTH_LEVEL_CONNECT_LSA=1
via c063734ac31 tests/dcerpc/raw_protocol: pass against Windows 2022
and require special env vars for legacy servers
via b647d526912 RawDCERPCTest: ignore errors in smb_pipe_socket.close()
via 2d2d5f675d4 s4:tortore/rpc: let rpc.backupkey without privacy pass
against Windows 2022
via 24e89430b17 s3:smbd: avoid false positives for got_oplock and
have_other_lease in delay_for_oplock_fn
via 1e9bd54ef06 s3:smbd: allow reset_share_mode_entry() to handle more
than one durable handle
via 22682be22bd s3:smbd: let durable_reconnect_fn already check for a
disconnected handle with the correct file_id
via 11903eb4762 s4:torture/smb2: add
smb2.durable-v2-open.{keep,purge}-disconnected-* tests
via 02a4ccfb32e s4:torture/smb2: add
smb2.durable-v2-open.{[non]stat[RH]-and,two-same,two-different}-lease
via 041f15c8a8e s3:smbd: only store durable handles with byte range
locks when having WRITE lease
via ad0fb085464 s4:torture/smb2: add
smb2.durable-v2-open.lock-{oplock,lease,noW-lease}
via 6ea02f37659 s4:torture/smb2: add smb2.durable-open.lock-noW-lease
via 989d0c486e3 s4:torture/smb2: improve error handling in
durable_v2_open.c
via e14520172bd s4:torture/smb2: improve error handling in
durable_open.c
via 44378caeb4c netcmd:domain:policy: Fix missing conversion from
tgt_lifetime minutes to 10^(-7) seconds
via 0a99463b3e0 ldb:kv_index: help static analysers to not worry (CID
1615192)
via 76e1024f4c2 ldb:kv_index: realloc away old dn list
via 226b0a20bd1 ldb_kv_index: dn_list load sub transaction can re-use
keys
via 676ac1793a1 s3: SIGHUP handlers use consistent log level 3
via 165149da928 shadow_copy2: Ignore VFS_OPEN_HOW_WITH_BACKUP_INTENT
via fa2041cef64 s4:lib/messaging: fix interaction between
imessaging_reinit and irpc_destructor
via 630c870eef0 smbd: remove just created sharemode entry in the error
codepaths
via e620d1a8713 smbd: consolidate DH reconnect failure code
via 4e419975cc3 s3:tests: let test_durable_handle_reconnect.sh run
smb2.durable-v2-regressions.durable_v2_reconnect_bug15624
via dc0f69fd13c s4:torture/smb2: add
smb2.durable-v2-regressions.durable_v2_reconnect_bug15624
via b4921859823 vfs_error_inject: add 'error_inject:durable_reconnect =
st_ex_nlink'
via 46ac92e15ec smbd: add option "smbd:debug events" for tevent
handling duration threshold warnings
via e261202e7d0 smbd: move trace_state variable behind tv variable
via 34e00dfc5f7 smbd: add option "smbd lease break:debug hung procs"
via 57b194484cd smbd: log share_mode_watch_recv() errors as errors
via b7fd8bdf0b1 s3/lib: add option "serverid watch:debug script"
via 78b677b4374 s3/lib: add option "serverid watch:debug = yes" to
print kernel stack of hanging process
via a9cb9d32ae0 s3/lib: add next helper variable in server_id_watch_*
via bf81b8e4b1a VERSION: Bump version up to Samba 4.20.6...
from 6ddb7d9a2c0 VERSION: Disable GIT_SNAPSHOT for the 4.20.5 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 74 +-
auth/credentials/pycredentials.c | 92 +-
auth/gensec/spnego.c | 24 +-
auth/ntlmssp/ntlmssp.c | 9 +
auth/ntlmssp/ntlmssp_client.c | 6 -
auth/ntlmssp/ntlmssp_server.c | 6 -
lib/ldb/ABI/{ldb-2.8.0.sigs => ldb-2.9.2.sigs} | 0
...pyldb-util-2.1.0.sigs => pyldb-util-2.9.2.sigs} | 0
lib/ldb/ldb_key_value/ldb_kv_index.c | 100 +-
lib/ldb/wscript | 2 +-
libcli/auth/credentials.c | 358 +-
libcli/auth/libcli_auth.h | 1 +
libcli/auth/netlogon_creds_cli.c | 744 +++--
libcli/auth/proto.h | 59 +-
libcli/auth/schannel_state.h | 2 +
libcli/auth/schannel_state_tdb.c | 15 +-
librpc/idl/netlogon.idl | 33 +-
librpc/idl/schannel.idl | 73 +-
librpc/idl/wscript_build | 2 +-
librpc/rpc/dcerpc_util.c | 75 +-
librpc/rpc/dcesrv_auth.c | 71 +-
librpc/rpc/dcesrv_core.c | 107 +-
librpc/rpc/dcesrv_core.h | 10 +
librpc/rpc/server/netlogon/schannel_util.c | 6 +-
python/samba/netcmd/domain/auth/policy.py | 18 +-
python/samba/tests/dcerpc/raw_protocol.py | 1555 ++++++++-
python/samba/tests/dcerpc/raw_testcase.py | 52 +-
python/samba/tests/krb5/kdc_base_test.py | 10 +-
.../samba/tests/samba_tool/domain_auth_policy.py | 19 +-
selftest/expectedfail.d/ntlm-auth | 4 +
selftest/expectedfail.d/samba4.rpc.backupkey | 28 +
selftest/knownfail | 1 -
selftest/knownfail.d/smb2.durable-v2-open.bug15708 | 7 +
selftest/skip | 1 +
selftest/target/Samba4.pm | 1 -
source3/lib/server_id_watch.c | 128 +-
source3/locking/share_mode_lock.c | 315 +-
source3/modules/vfs_error_inject.c | 76 +
source3/modules/vfs_shadow_copy2.c | 2 +-
source3/printing/queue_process.c | 2 +-
source3/rpc_client/cli_netlogon.c | 1 +
source3/rpc_server/netlogon/srv_netlog_nt.c | 169 +-
source3/rpc_server/rpc_pipes.h | 6 +
.../script/tests/test_durable_handle_reconnect.sh | 18 +
source3/smbd/durable.c | 185 +-
source3/smbd/open.c | 148 +-
source3/smbd/server.c | 2 +-
source3/smbd/smb2_process.c | 74 +-
source3/winbindd/winbindd_dual.c | 4 +-
source3/winbindd/winbindd_locator.c | 9 +
source3/winbindd/winbindd_proto.h | 1 +
source4/dsdb/common/rodc_helper.c | 2 +-
source4/dsdb/common/util_trusts.c | 2 +-
source4/lib/messaging/messaging.c | 9 +
source4/librpc/rpc/dcerpc_schannel.c | 333 +-
source4/librpc/wscript_build | 7 +
source4/rpc_server/netlogon/dcerpc_netlogon.c | 406 ++-
source4/selftest/tests.py | 14 +-
source4/torture/ntp/ntp_signd.c | 1 +
source4/torture/rpc/backupkey.c | 80 +-
source4/torture/rpc/forest_trust.c | 17 +-
source4/torture/rpc/lsa.c | 21 +-
source4/torture/rpc/netlogon.c | 194 +-
source4/torture/rpc/netlogon_crypto.c | 7 +-
source4/torture/rpc/remote_pac.c | 42 +-
source4/torture/rpc/samba3rpc.c | 19 +-
source4/torture/rpc/samlogon.c | 38 +-
source4/torture/rpc/samr.c | 21 +-
source4/torture/rpc/schannel.c | 85 +-
source4/torture/smb2/acls.c | 124 +-
source4/torture/smb2/durable_open.c | 136 +-
source4/torture/smb2/durable_v2_open.c | 3412 +++++++++++++++++++-
source4/torture/smb2/notify.c | 34 +-
source4/torture/smb2/smb2.c | 2 +
third_party/heimdal/lib/gssapi/krb5/8003.c | 10 +
76 files changed, 8311 insertions(+), 1412 deletions(-)
copy lib/ldb/ABI/{ldb-2.8.0.sigs => ldb-2.9.2.sigs} (100%)
copy lib/ldb/ABI/{pyldb-util-2.1.0.sigs => pyldb-util-2.9.2.sigs} (100%)
create mode 100644 selftest/expectedfail.d/samba4.rpc.backupkey
create mode 100644 selftest/knownfail.d/smb2.durable-v2-open.bug15708
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index 0dd29114609..6e6adf6dfb6 100644
--- a/VERSION
+++ b/VERSION
@@ -27,7 +27,7 @@ SAMBA_COPYRIGHT_STRING="Copyright Andrew Tridgell and the
Samba Team 1992-2024"
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=20
-SAMBA_VERSION_RELEASE=5
+SAMBA_VERSION_RELEASE=6
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 7f8a626bf41..4f302a50d28 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,74 @@
+ ==============================
+ Release Notes for Samba 4.20.6
+ November 19, 2024
+ ==============================
+
+
+This is the latest stable release of the Samba 4.20 release series.
+
+
+Changes since 4.20.5
+--------------------
+
+o Douglas Bagnall <[email protected]>
+ * BUG 15590: libldb: performance issue with indexes (ldb 2.9.2 is already
+ released).
+
+o Ralph Boehme <[email protected]>
+ * BUG 15624: DH reconnect error handling can lead to stale sharemode
entries.
+ * BUG 15732: smbd fails to correctly check sharemode against OVERWRITE
+ dispositions.
+
+o Andréas Leroux <[email protected]>
+ * BUG 15692: Missing conversion for msDS-UserTGTLifetime, msDS-
+ ComputerTGTLifetime and msDS-ServiceTGTLifetime on "samba-tool
+ domain auth policy modify".
+
+o Stefan Metzmacher <[email protected]>
+ * BUG 14356: Protocol error - Unclear debug message "pad length mismatch"
for
+ invalid bind packet.
+ * BUG 15280: irpc_destructor may crash during shutdown.
+ * BUG 15425: NetrGetLogonCapabilities QueryLevel 2 needs to be implemented.
+ * BUG 15624: DH reconnect error handling can lead to stale sharemode
entries.
+ * BUG 15649: Durable handle is not granted when a previous OPEN exists with
+ NoOplock.
+ * BUG 15651: Durable handle is granted but reconnect fails.
+ * BUG 15708: Disconnected durable handles with RH lease should not be purged
+ by a new non conflicting open.
+ * BUG 15740: gss_accept_sec_context() from Heimdal does not imply
+ GSS_C_MUTUAL_FLAG with GSS_C_DCE_STYLE.
+ * BUG 15749: winbindd should call process_set_title() for locator child.
+
+o Christof Schmitt <[email protected]>
+ * BUG 15730: VFS_OPEN_HOW_WITH_BACKUP_INTENT breaks shadow_copy2.
+
+o Jones Syue <[email protected]>
+ * BUG 15706: Consistent log level for sighup handler.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
==============================
Release Notes for Samba 4.20.5
September 17, 2024
@@ -57,8 +128,7 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
==============================
Release Notes for Samba 4.20.4
August 06, 2024
diff --git a/auth/credentials/pycredentials.c b/auth/credentials/pycredentials.c
index a27e02d1aa5..35869b47478 100644
--- a/auth/credentials/pycredentials.c
+++ b/auth/credentials/pycredentials.c
@@ -1024,9 +1024,11 @@ static PyObject *py_creds_get_aes256_key(PyObject *self,
PyObject *args)
static PyObject *py_creds_encrypt_netr_crypt_password(PyObject *self,
PyObject *args)
{
- DATA_BLOB data = data_blob_null;
struct cli_credentials *creds = NULL;
struct netr_CryptPassword *pwd = NULL;
+ struct samr_CryptPassword spwd;
+ enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
+ enum dcerpc_AuthLevel auth_level = DCERPC_AUTH_LEVEL_NONE;
NTSTATUS status;
PyObject *py_cp = Py_None;
@@ -1045,9 +1047,18 @@ static PyObject
*py_creds_encrypt_netr_crypt_password(PyObject *self,
/* pytalloc_get_type sets TypeError */
return NULL;
}
- data.length = sizeof(struct netr_CryptPassword);
- data.data = (uint8_t *)pwd;
- status = netlogon_creds_session_encrypt(creds->netlogon_creds, data);
+
+ memcpy(spwd.data, pwd->data, 512);
+ PUSH_LE_U32(spwd.data, 512, pwd->length);
+
+ status =
netlogon_creds_encrypt_samr_CryptPassword(creds->netlogon_creds,
+ &spwd,
+ auth_type,
+ auth_level);
+
+ memcpy(pwd->data, spwd.data, 512);
+ pwd->length = PULL_LE_U32(spwd.data, 512);
+ ZERO_STRUCT(spwd);
PyErr_NTSTATUS_IS_ERR_RAISE(status);
@@ -1096,6 +1107,68 @@ static PyObject *py_creds_encrypt_samr_password(PyObject
*self,
Py_RETURN_NONE;
}
+static PyObject *py_creds_encrypt_netr_PasswordInfo(PyObject *self,
+ PyObject *args,
+ PyObject *kwargs)
+{
+ const char * const kwnames[] = {
+ "info",
+ "auth_type",
+ "auth_level",
+ NULL
+ };
+ struct cli_credentials *creds = NULL;
+ PyObject *py_info = Py_None;
+ enum netr_LogonInfoClass level = NetlogonInteractiveInformation;
+ union netr_LogonLevel logon = { .password = NULL, };
+ uint8_t auth_type = DCERPC_AUTH_TYPE_NONE;
+ uint8_t auth_level = DCERPC_AUTH_LEVEL_NONE;
+ NTSTATUS status;
+ bool ok;
+
+ creds = PyCredentials_AsCliCredentials(self);
+ if (creds == NULL) {
+ PyErr_Format(PyExc_TypeError, "Credentials expected");
+ return NULL;
+ }
+
+ if (creds->netlogon_creds == NULL) {
+ PyErr_Format(PyExc_ValueError, "NetLogon credentials not set");
+ return NULL;
+ }
+
+ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "Obb",
+ discard_const_p(char *, kwnames),
+ &py_info, &auth_type, &auth_level))
+ {
+ return NULL;
+ }
+
+ ok = py_check_dcerpc_type(py_info,
+ "samba.dcerpc.netlogon",
+ "netr_PasswordInfo");
+ if (!ok) {
+ /* py_check_dcerpc_type sets TypeError */
+ return NULL;
+ }
+
+ logon.password = pytalloc_get_type(py_info, struct netr_PasswordInfo);
+ if (logon.password == NULL) {
+ /* pytalloc_get_type sets TypeError */
+ return NULL;
+ }
+
+ status = netlogon_creds_encrypt_samlogon_logon(creds->netlogon_creds,
+ level,
+ &logon,
+ auth_type,
+ auth_level);
+
+ PyErr_NTSTATUS_IS_ERR_RAISE(status);
+
+ Py_RETURN_NONE;
+}
+
static PyObject *py_creds_get_smb_signing(PyObject *self, PyObject *unused)
{
enum smb_signing_setting signing_state;
@@ -1611,6 +1684,17 @@ static PyMethodDef py_creds_methods[] = {
"the negotiated encryption algorithm in place\n"
"i.e. it overwrites the original data"
},
+ {
+ .ml_name = "encrypt_netr_PasswordInfo",
+ .ml_meth = PY_DISCARD_FUNC_SIG(PyCFunction,
+ py_creds_encrypt_netr_PasswordInfo),
+ .ml_flags = METH_VARARGS | METH_KEYWORDS,
+ .ml_doc = "S.encrypt_netr_PasswordInfo(info, "
+ "auth_type, auth_level) -> None\n"
+ "Encrypt the supplied password info using the
session key and\n"
+ "the negotiated encryption algorithm in place\n"
+ "i.e. it overwrites the original data"
+ },
{
.ml_name = "get_smb_signing",
.ml_meth = py_creds_get_smb_signing,
diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c
index fcb5a06439e..9b32088a6a4 100644
--- a/auth/gensec/spnego.c
+++ b/auth/gensec/spnego.c
@@ -1775,6 +1775,7 @@ static NTSTATUS gensec_spnego_update_in(struct
gensec_security *gensec_security,
const DATA_BLOB in, TALLOC_CTX *mem_ctx,
DATA_BLOB *full_in)
{
+ DATA_BLOB consume = data_blob_null;
struct spnego_state *spnego_state =
talloc_get_type_abort(gensec_security->private_data,
struct spnego_state);
@@ -1841,17 +1842,26 @@ static NTSTATUS gensec_spnego_update_in(struct
gensec_security *gensec_security,
return NT_STATUS_INVALID_PARAMETER;
}
+ consume = in;
expected = spnego_state->in_needed - spnego_state->in_frag.length;
- if (in.length > expected) {
+ if (consume.length > expected) {
+ if (spnego_state->state_position != SPNEGO_SERVER_START) {
+ /*
+ * we got more than expected
+ */
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
/*
- * we got more than expected
+ * In SPNEGO_SERVER_START we need to ignore unexpected
+ * bytes at the end.
*/
- return NT_STATUS_INVALID_PARAMETER;
+ consume.length = expected;
}
- if (in.length == spnego_state->in_needed) {
+ if (consume.length == spnego_state->in_needed) {
/*
- * if the in.length contains the full blob
+ * if the consume.length contains the full blob
* we are done.
*
* Note: this implies spnego_state->in_frag.length == 0,
@@ -1859,13 +1869,13 @@ static NTSTATUS gensec_spnego_update_in(struct
gensec_security *gensec_security,
* because we already know that we did not get
* more than expected.
*/
- *full_in = in;
+ *full_in = consume;
spnego_state->in_needed = 0;
return NT_STATUS_OK;
}
ok = data_blob_append(spnego_state, &spnego_state->in_frag,
- in.data, in.length);
+ consume.data, consume.length);
if (!ok) {
return NT_STATUS_NO_MEMORY;
}
diff --git a/auth/ntlmssp/ntlmssp.c b/auth/ntlmssp/ntlmssp.c
index 745f2628d21..c9360a5fa2d 100644
--- a/auth/ntlmssp/ntlmssp.c
+++ b/auth/ntlmssp/ntlmssp.c
@@ -36,6 +36,8 @@ struct auth_session_info;
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
+#define NTLMSSP_MAX_UPDATE_SIZE 2888
+
/**
* Callbacks for NTLMSSP - for both client and server operating modes
*
@@ -136,6 +138,13 @@ static NTSTATUS gensec_ntlmssp_update_find(struct
gensec_security *gensec_securi
}
}
+ if (input.length > NTLMSSP_MAX_UPDATE_SIZE) {
+ DBG_WARNING("reject large command=%u message, length %zu >
%u)\n",
+ ntlmssp_command, input.length,
+ NTLMSSP_MAX_UPDATE_SIZE);
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
if (ntlmssp_command != gensec_ntlmssp->ntlmssp_state->expected_state) {
DEBUG(2, ("got NTLMSSP command %u, expected %u\n",
ntlmssp_command,
gensec_ntlmssp->ntlmssp_state->expected_state));
diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c
index d8dc1d2940b..a63cf692747 100644
--- a/auth/ntlmssp/ntlmssp_client.c
+++ b/auth/ntlmssp/ntlmssp_client.c
@@ -142,12 +142,6 @@ NTSTATUS gensec_ntlmssp_resume_ccache(struct
gensec_security *gensec_security,
/* parse the NTLMSSP packet */
- if (in.length > UINT16_MAX) {
- DEBUG(1, ("%s: reject large request of length %u\n",
- __func__, (unsigned int)in.length));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
ok = msrpc_parse(ntlmssp_state, &in, "Cdd",
"NTLMSSP",
&ntlmssp_command,
diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c
index 1e49379a8ed..2e25c4efab5 100644
--- a/auth/ntlmssp/ntlmssp_server.c
+++ b/auth/ntlmssp/ntlmssp_server.c
@@ -124,12 +124,6 @@ NTSTATUS gensec_ntlmssp_server_negotiate(struct
gensec_security *gensec_security
#endif
if (request.length) {
- if (request.length > UINT16_MAX) {
- DEBUG(1, ("ntlmssp_server_negotiate: reject large
request of length %u\n",
- (unsigned int)request.length));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
if ((request.length < 16) || !msrpc_parse(ntlmssp_state,
&request, "Cdd",
"NTLMSSP",
&ntlmssp_command,
diff --git a/lib/ldb/ABI/ldb-2.8.0.sigs b/lib/ldb/ABI/ldb-2.9.2.sigs
similarity index 100%
copy from lib/ldb/ABI/ldb-2.8.0.sigs
copy to lib/ldb/ABI/ldb-2.9.2.sigs
diff --git a/lib/ldb/ABI/pyldb-util-2.1.0.sigs
b/lib/ldb/ABI/pyldb-util-2.9.2.sigs
similarity index 100%
copy from lib/ldb/ABI/pyldb-util-2.1.0.sigs
copy to lib/ldb/ABI/pyldb-util-2.9.2.sigs
diff --git a/lib/ldb/ldb_key_value/ldb_kv_index.c
b/lib/ldb/ldb_key_value/ldb_kv_index.c
index 3f1a847f2b6..0e706366872 100644
--- a/lib/ldb/ldb_key_value/ldb_kv_index.c
+++ b/lib/ldb/ldb_key_value/ldb_kv_index.c
@@ -446,34 +446,39 @@ static int ldb_kv_dn_list_load(struct ldb_module *module,
* There is an active index sub transaction, and the record was
* found in the primary index transaction cache. A copy of the
* record needs be taken to prevent the original entry being
- * altered, until the index sub transaction is committed.
+ * altered, until the index sub transaction is committed, but we
+ * don't copy the actual values, just the array of struct ldb_val
+ * that points to the values (which are offsets into a GUID array).
+ *
+ * As a reminder, our primary cache is an in-memory tdb that
+ * maps attributes to struct dn_list objects, which point to
+ * the actual index, which is an array of struct ldb_val, the
+ * contents of which are {.data = <binary GUID>, .length =
+ * 16}. The array is sorted by GUID data, and these GUIDs are
+ * used to look up index entries in the main database. There
+ * are more layers of indirection than necessary, but what
+ * makes the index useful is we can use a binary search to
+ * find if the array contains a GUID.
+ *
+ * What we do in a sub-transaction is make a copy of the struct
+ * dn_list and the array of struct ldb_val, but *not* of the
+ * .data that they point to. This copy is put into a new
+ * in-memory tdb which masks the primary cache for the duration
+ * of the sub-transaction.
+ *
+ * In an add operation in a sub-transaction, the new ldb_val
+ * is a child of the sub-transaction dn_list, which will
+ * become the main dn_list if the transaction succeeds.
+ *
+ * These acrobatics do not affect read-only operations.
*/
-
- {
- struct ldb_val *dns = NULL;
- size_t x = 0;
-
- dns = talloc_array(
- list,
- struct ldb_val,
- list2->count);
- if (dns == NULL) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
- for (x = 0; x < list2->count; x++) {
- dns[x].length = list2->dn[x].length;
- dns[x].data = talloc_memdup(
- dns,
- list2->dn[x].data,
- list2->dn[x].length);
- if (dns[x].data == NULL) {
- TALLOC_FREE(dns);
- return LDB_ERR_OPERATIONS_ERROR;
- }
- }
- list->dn = dns;
- list->count = list2->count;
+ list->dn = talloc_memdup(list,
+ list2->dn,
+ talloc_get_size(list2->dn));
+ if (list->dn == NULL) {
+ return LDB_ERR_OPERATIONS_ERROR;
}
+ list->count = list2->count;
return LDB_SUCCESS;
/*
@@ -3852,9 +3857,7 @@ int ldb_kv_reindex(struct ldb_module *module)
* Copy the contents of the nested transaction index cache record to the
* transaction index cache.
*
- * During this 'commit' of the subtransaction to the main transaction
- * (cache), care must be taken to free any existing index at the top
- * level because otherwise we would leak memory.
+ * This is a 'commit' of the subtransaction to the main transaction cache.
*/
static int ldb_kv_sub_transaction_traverse(
struct tdb_context *tdb,
@@ -3883,8 +3886,7 @@ static int ldb_kv_sub_transaction_traverse(
/*
* Do we already have an entry in the primary transaction cache
- * If so free it's dn_list and replace it with the dn_list from
- * the secondary cache
+ * If so replace dn_list with the one from the subtransaction.
*
* The TDB and so the fetched rec contains NO DATA, just a
* pointer to data held in memory.
@@ -3897,21 +3899,41 @@ static int ldb_kv_sub_transaction_traverse(
abort();
}
/*
- * We had this key at the top level. However we made a copy
- * at the sub-transaction level so that we could possibly
- * roll back. We have to free the top level index memory
- * otherwise we would leak
+ * We had this key at the top level, and made a copy
+ * of the dn list for this sub-transaction level that
+ * borrowed the top level GUID data. We can't free the
+ * original dn list just yet.
+ *
+ * In this diagram, ... is the C pointer structure
+ * and --- is the talloc structure (::: is both).
+ *
+ * index_in_top_level ::: dn orig ..............
+ * | | :
+ * | `--GUID array :
+ * | |----- val1 data
+ * ldb_kv `----- val2 data
+ * | :
+ * index_in_subtransaction :: dn copy ..........:
+ * | :
+ * `------------ new val3 data
+ *
+ * So we don't free the index_in_top_level dn list yet,
+ * because we are (probably) borrowing most of its
+ * children. But we can save memory by discarding the
+ * values and keeping it as an almost empty talloc
+ * node.
*/
- if (index_in_top_level->count > 0) {
- TALLOC_FREE(index_in_top_level->dn);
- }
+ talloc_realloc(index_in_top_level,
+ index_in_top_level->dn, struct ldb_val, 1);
index_in_top_level->dn
= talloc_steal(index_in_top_level,
index_in_subtransaction->dn);
index_in_top_level->count = index_in_subtransaction->count;
return 0;
}
-
+ /*
+ * We found no top level index in the cache, so we put one in.
+ */
index_in_top_level = talloc(ldb_kv->idxptr, struct dn_list);
if (index_in_top_level == NULL) {
ldb_kv->idxptr->error = LDB_ERR_OPERATIONS_ERROR;
diff --git a/lib/ldb/wscript b/lib/ldb/wscript
index 936abe7e41d..be26a875d60 100644
--
Samba Shared Repository
