[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 112faff82f9 dsdb: modify unicodePwd requires encrypted connection via 928de1d61c8 dsdb/tests: Add test for modification of unicodePwd over a cleartext/signed connection via 5abda27f0e2 dsdb: fix spelling in password_hash.c via 479634e4cd6 dsdb/tests: Double number of expressions in large_ldap.py ldap_timeout test via e1c0c2066c2 dsdb/tests: Move SD modification on class-created objects to classSetUp from b74b9f4b06c CVE-2023-0922 set default ldap client sasl wrapping to seal https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 112faff82f93f9b16f67905c5cbdd5806bd7c214 Author: Rob van der Linde Date: Mon Feb 20 11:50:36 2023 +1300 dsdb: modify unicodePwd requires encrypted connection Signed-off-by: Rob van der Linde Reviewed-by: Andrew Bartlett Reviewed-by: Joseph Sutton Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Thu Apr 6 01:33:05 UTC 2023 on atb-devel-224 commit 928de1d61c884c7691b57fbe5fffa8f792ce68fd Author: Rob van der Linde Date: Wed Apr 5 12:30:03 2023 +1200 dsdb/tests: Add test for modification of unicodePwd over a cleartext/signed connection This demonstrates that the server did not detect CVE-2023-0922 Signed-off-by: Andrew Bartlett Signed-off-by: Rob van der Linde Reviewed-by: Joseph Sutton commit 5abda27f0e2db9738f81c86a25929462ed6189ce Author: Rob van der Linde Date: Thu Feb 16 13:23:42 2023 +1300 dsdb: fix spelling in password_hash.c Signed-off-by: Rob van der Linde Reviewed-by: Andrew Bartlett Reviewed-by: Joseph Sutton commit 479634e4cd6543d489eb4700aebde1a479b94fe5 Author: Andrew Bartlett Date: Thu Apr 6 08:59:17 2023 +1200 dsdb/tests: Double number of expressions in large_ldap.py ldap_timeout test By slowing the filter down more this makes the test reliable on the autobuild host. This is not a long-term solution, but is a quick tweak that can be done today to address current issues with getting commits past the host-based (compared with cloud-based) autobuild. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15351 Signed-off-by: Andrew Bartlett Reviewed-by: Joseph Sutton commit e1c0c2066c2f29bb614e3386b796eec3cb289aea Author: Andrew Bartlett Date: Thu Apr 6 08:54:02 2023 +1200 dsdb/tests: Move SD modification on class-created objects to classSetUp These modifications persist, so should be done at the class level, not in the test. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15351 Signed-off-by: Andrew Bartlett Reviewed-by: Joseph Sutton --- Summary of changes: source4/dsdb/samdb/ldb_modules/password_hash.c| 24 +++- source4/dsdb/samdb/samdb.h| 5 + source4/dsdb/tests/python/large_ldap.py | 20 ++- source4/dsdb/tests/python/unicodepwd_encrypted.py | 151 ++ source4/ldap_server/ldap_backend.c| 23 source4/selftest/tests.py | 1 + 6 files changed, 211 insertions(+), 13 deletions(-) create mode 100644 source4/dsdb/tests/python/unicodepwd_encrypted.py Changeset truncated at 500 lines: diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 6a713b86736..417e34b79e6 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -252,7 +252,7 @@ static int password_hash_bypass(struct ldb_module *module, struct ldb_request *r GET_VALUES(nte, "unicodePwd"); /* -* Even as Samba contiuues to ignore the LM hash, and reset it +* Even as Samba continues to ignore the LM hash, and reset it * when practical, we keep the constraint that it must be a 16 * byte value if specified. */ @@ -2869,6 +2869,8 @@ static int check_password_restrictions(struct setup_password_fields_io *io, WERR struct loadparm_context *lp_ctx = talloc_get_type(ldb_get_opaque(ldb, "loadparm"), struct loadparm_context); + struct dsdb_encrypted_connection_state *opaque_connection_state = + ldb_get_opaque(ldb,DSDB_OPAQUE_ENCRYPTED_CONNECTION_STATE_NAME); *werror = WERR_INVALID_PARAMETER; @@ -2876,10 +2878,28 @@ static int check_password_restrictions(struct setup_password_fields_io *io, WERR return LDB_SUCCESS; } + /* +* Prevent update password on an insecure connection. +* The opaque is added in the ldap backend init. +*/ + if (opaque_connection_state != NULL && + !opaque_connection_state->using_encrypted_connection)
[SCM] Samba Shared Repository - branch v4-17-test updated
The branch, v4-17-test has been updated
via 7fe8a7d710d s3: libcli: Refuse to connect to any server with zero
values for max_trans_size, max_read_size, max_write_size.
via f7e888f78ec tests: Add samba3.blackbox.zero_readsize test.
from e2df45934ab dsdb: Avoid ERROR(ldb): uncaught exception - Deleted
target CN=NTDS Settings... in join
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-17-test
- Log -
commit 7fe8a7d710d939c8db0f107e6fd3cf7f0da128c8
Author: Jeremy Allison
Date: Tue Mar 21 10:34:46 2023 -0700
s3: libcli: Refuse to connect to any server with zero values for
max_trans_size, max_read_size, max_write_size.
There's nothing we can do to such a server (this
now matches the behavior for SMB1).
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15306
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Wed Mar 29 18:58:33 UTC 2023 on atb-devel-224
(cherry picked from commit 76573d6d8f168d6e6107af26a434b8c71aaf93af)
Autobuild-User(v4-17-test): Jule Anger
Autobuild-Date(v4-17-test): Wed Apr 5 14:08:23 UTC 2023 on sn-devel-184
commit f7e888f78ec86f34ab72640fc805df5bb9e78cbc
Author: Jeremy Allison
Date: Tue Mar 21 10:31:36 2023 -0700
tests: Add samba3.blackbox.zero_readsize test.
smbclient crashes when smbd has "smb2 max read = 0"
in the [global] section of smb.conf.
We should fail the protocol negotiation with
NT_STATUS_INVALID_NETWORK_RESPONSE in this case.
Adds knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15306
Signed-off-by: Jeremy Allison
Reviewed-by: Ralph Boehme
(Back-ported from commit 006fe806782c42e860ed2cf2bc9f6b1b82c3a307)
---
Summary of changes:
libcli/smb/smbXcli_base.c | 11
source3/script/tests/test_zero_readsize.sh | 101 +
2 files changed, 112 insertions(+)
create mode 100755 source3/script/tests/test_zero_readsize.sh
Changeset truncated at 500 lines:
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index c5d13bd5837..1500d484e83 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -5088,6 +5088,17 @@ static void smbXcli_negprot_smb2_done(struct tevent_req
*subreq)
conn->smb2.server.system_time = BVAL(body, 40);
conn->smb2.server.start_time= BVAL(body, 48);
+ if (conn->smb2.server.max_trans_size == 0 ||
+ conn->smb2.server.max_read_size == 0 ||
+ conn->smb2.server.max_write_size == 0) {
+ /*
+* We can't connect to servers we can't
+* do any operations on.
+*/
+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+
security_offset = SVAL(body, 56);
security_length = SVAL(body, 58);
diff --git a/source3/script/tests/test_zero_readsize.sh
b/source3/script/tests/test_zero_readsize.sh
new file mode 100755
index 000..f859599ba89
--- /dev/null
+++ b/source3/script/tests/test_zero_readsize.sh
@@ -0,0 +1,101 @@
+#!/usr/bin/env bash
+#
+# Test setting smb2 max read = 0.
+#
+# BUG: https://bugzilla.samba.org/show_bug.cgi?id=15306
+#
+
+if [ $# -lt 6 ]; then
+ cat <"$global_inject_conf"
+ ${SMBCONTROL} ${CONF} smbd reload-config
+}
+
+do_cleanup()
+{
+ rm -f "${PREFIX}/zero_read_testfile"
+ rm -f "${PREFIX}/zero_read_testfile_get"
+ global_inject_conf="$(dirname "${SERVERCONFFILE}")/global_inject.conf"
+ rm "$global_inject_conf"
+ ${SMBCONTROL} ${CONF} smbd reload-config
+}
+
+test_smb2_zero_readsize()
+{
+ local tmpfile="$PREFIX/smbclient.in.$$"
+
+ cat >"$tmpfile" <
[SCM] Samba Shared Repository - branch v4-18-test updated
The branch, v4-18-test has been updated via 7e6dc45f7e6 selftest: fix flapping samba-tool drs showrepl test via 5382bf6344c selftest: make two samba-tool drs tests generic via e9f5d1c03bc python: Replace calls to deprecated methods via e59e9eadd0e s3: libcli: Refuse to connect to any server with zero values for max_trans_size, max_read_size, max_write_size. via 05fcd4f3035 tests: Add samba3.blackbox.zero_readsize test. from 4022ee96aef python:netcmd: Decode return value of find_netbios() from bytes into string https://git.samba.org/?p=samba.git;a=shortlog;h=v4-18-test - Log - commit 7e6dc45f7e61dfad2d56ff58f31664cefb96281c Author: Rob van der Linde Date: Thu Feb 23 16:56:30 2023 +1300 selftest: fix flapping samba-tool drs showrepl test Test should have been using "schema_pair_dc", it was picking this up from the variable env in the loop above it. However, it was hardcoded to use promoted_dc. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15316 Signed-off-by: Rob van der Linde Reviewed-by: Andrew Bartlett Reviewed-by: Joseph Sutton (cherry picked from commit 3687ab318a9553883d8c0d1214e2d49b83ec91ba) Autobuild-User(v4-18-test): Jule Anger Autobuild-Date(v4-18-test): Wed Apr 5 13:02:59 UTC 2023 on atb-devel-224 commit 5382bf6344cc417144136957cc5e04f6f0aa1fcd Author: Rob van der Linde Date: Thu Feb 23 16:56:07 2023 +1300 selftest: make two samba-tool drs tests generic BUG: https://bugzilla.samba.org/show_bug.cgi?id=15316 Signed-off-by: Rob van der Linde Reviewed-by: Andrew Bartlett Reviewed-by: Joseph Sutton (cherry picked from commit 1368e359b2a75b6b683aff274b2b2084f3cd469b) commit e9f5d1c03bcb800fc6e01a11c49cf5c193d6a00c Author: Joseph Sutton Date: Thu Jan 19 08:37:03 2023 +1300 python: Replace calls to deprecated methods These aliases are deprecated and have been removed in Python 3.12. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15343 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15316 Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett (cherry picked from commit 41aa379abb391ffab77238d65ee5ba11b9ab8538) [abart...@samba.org BUG tag added as required patch for bug 15316] commit e59e9eadd0e86126c56107be08c2f5b25c6bc484 Author: Jeremy Allison Date: Tue Mar 21 10:34:46 2023 -0700 s3: libcli: Refuse to connect to any server with zero values for max_trans_size, max_read_size, max_write_size. There's nothing we can do to such a server (this now matches the behavior for SMB1). Remove knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15306 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Mar 29 18:58:33 UTC 2023 on atb-devel-224 (cherry picked from commit 76573d6d8f168d6e6107af26a434b8c71aaf93af) commit 05fcd4f3035442df1e7fc2db0c4d4e74f6f36050 Author: Jeremy Allison Date: Tue Mar 21 10:31:36 2023 -0700 tests: Add samba3.blackbox.zero_readsize test. smbclient crashes when smbd has "smb2 max read = 0" in the [global] section of smb.conf. We should fail the protocol negotiation with NT_STATUS_INVALID_NETWORK_RESPONSE in this case. Adds knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15306 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme (cherry picked from commit 006fe806782c42e860ed2cf2bc9f6b1b82c3a307) --- Summary of changes: libcli/smb/smbXcli_base.c | 11 +++ python/samba/tests/audit_log_dsdb.py | 40 python/samba/tests/audit_log_pass_change.py| 28 +++--- python/samba/tests/gpo.py | 16 ++-- python/samba/tests/group_audit.py | 48 +- python/samba/tests/prefork_restart.py | 18 ++-- python/samba/tests/samba_tool/computer.py | 6 +- python/samba/tests/samba_tool/contact.py | 6 +- .../samba_tool/drs_clone_dc_data_lmdb_size.py | 10 +- python/samba/tests/samba_tool/join_lmdb_size.py| 10 +- python/samba/tests/samba_tool/ou.py| 6 +- python/samba/tests/samba_tool/passwordsettings.py | 4 +- .../samba/tests/samba_tool/promote_dc_lmdb_size.py | 10 +- .../samba/tests/samba_tool/provision_lmdb_size.py | 10 +- .../tests/samba_tool/provision_password_check.py | 4 +- python/samba/tests/upgradeprovisionneeddc.py | 8 +- source3/script/tests/test_zero_readsize.sh | 101 + source3/selftest/tests.py | 12 +++ source4/dsdb/tests/python/urgent_replication.py| 20
[SCM] Samba Shared Repository - branch v4-18-test updated
The branch, v4-18-test has been updated via 4022ee96aef python:netcmd: Decode return value of find_netbios() from bytes into string via 50f68094f68 dsdb: Avoid ERROR(ldb): uncaught exception - Deleted target CN=NTDS Settings... in join via e804b5b7808 selftest/drs: Demonstrate ERROR(ldb): uncaught exception - Deleted target CN=NTDS Settings... in join via 1a119c757df tsocket: Increase tcp_user_timeout max_loops via f968514c4d4 idmap_hash: remember new domain sids in idmap_hash_sid_to_id() via 750865aca3a idmap_hash: don't return ID_REQUIRE_TYPE if the domain is known in the netsamlogon cache via eb4129d3cc7 idmap_hash: only return ID_REQUIRE_TYPE if we don't know about the domain yet via e79be5ed069 idmap_hash: return ID_REQUIRE_TYPE only if there's a chance to get a mapping later via da963496278 idmap_hash: split out a idmap_hash_sid_to_id() helper function via 31cedf58e69 idmap_hash: split out a idmap_hash_id_to_sid() helper function via 54e872cdf05 idmap_hash: mirror the NT_STATUS_NONE_MAPPED/STATUS_SOME_UNMAPPED logic from idmap_autorid via 678c66f1327 idmap_hash: we don't need to call idmap_hash_initialize() over an over again via bbd1f56b78c idmap_hash: remove unused error checks via 00909630b0d idmap_hash: fix comments about the algorithm via e804feaf76d idmap_hash: provide ID_TYPE_BOTH mappings also for unixids_to_sids via fd7e0aaa196 idmap_autorid: fix ID_REQUIRE_TYPE for more than one SID for an unknown domain via 5c68985b278 winbindd: don't call set_domain_online_request() in the idmap child from 5db0223764d VERSION: Bump version up to Samba 4.18.2... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-18-test - Log - commit 4022ee96aef8184f7d1a4686e06113cda7e29ac3 Author: Andreas Schneider Date: Fri Mar 10 09:08:48 2023 +0100 python:netcmd: Decode return value of find_netbios() from bytes into string ERROR(): uncaught exception - replace() argument 1 must be str, not bytes File "bin/python/samba/netcmd/__init__.py", line 230, in _run return self.run(*args, **kwargs) ^ File "bin/python/samba/netcmd/ldapcmp.py", line 966, in run if b1.diff(b2): ^^^ File "bin/python/samba/netcmd/ldapcmp.py", line 790, in diff if object1 == object2: ^^ File "bin/python/samba/netcmd/ldapcmp.py", line 557, in __eq__ return self.cmp_attrs(other) ^ File "bin/python/samba/netcmd/ldapcmp.py", line 656, in cmp_attrs p = [self.fix_domain_netbios(j) for j in m] ^^^ File "bin/python/samba/netcmd/ldapcmp.py", line 656, in p = [self.fix_domain_netbios(j) for j in m] ^^ File "bin/python/samba/netcmd/ldapcmp.py", line 542, in fix_domain_netbios res = res.replace(self.con.domain_netbios.lower(), self.con.domain_netbios.upper()) ^ BUGS: https://bugzilla.samba.org/show_bug.cgi?id=15330 Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett (cherry picked from commit 4fa0242b9d34decd8dbd813be40655a593df3db9) Autobuild-User(v4-18-test): Jule Anger Autobuild-Date(v4-18-test): Wed Apr 5 11:41:32 UTC 2023 on atb-devel-224 commit 50f68094f68078072510d9193e72eef56c70c6d5 Author: Andrew Bartlett Date: Thu Mar 9 20:25:06 2023 +1300 dsdb: Avoid ERROR(ldb): uncaught exception - Deleted target CN=NTDS Settings... in join "samba-tool domain join" uses the replication API in a strange way, perhaps no longer required, except that we often still have folks upgrading from very old Samba versions. When deferring the writing out to the DB of link replication to the very end, there is a greater opportunity for the deletion of an object to have been sent with the other objects, and have the link applied later. This tells the repl_meta_data code to behave as if GET_TGT had been sent at the time the link was returned, allowing a link to a deleted object to be silently discarded. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15329 Signed-off-by: Andrew Bartlett Reviewed-by: Joseph Sutton (cherry picked from commit bfc33b47bb428233e100f75e7a725ac52179f823) commit e804b5b7808f5fafaf61c19476cee98c475fab8a Author: Andrew Bartlett Date: Thu Mar 9 17:02:35 2023 +1300 selftest/drs: Demonstrate ERROR(ldb): uncaught exception - Deleted target CN=NTDS Settings... in join "samba-tool domain join" uses the replication API in a strange way, perhaps no longer required, except
