Andrew Bartlett [Wed, 20 Nov 2019 21:21:54 +0000 (10:21 +1300)]
lib/fuzzing: Add oss-fuzz info to README.md
Note that Samba has not been accepted yet, but will be soon once some requirements
are addressed per:
https://github.com/google/oss-fuzz/pull/2993
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Nov 21 00:45:33 UTC 2019 on sn-devel-184
Andrew Bartlett [Thu, 7 Nov 2019 01:22:07 +0000 (14:22 +1300)]
lib/fuzzing/oss-fuzz: copy required libraries to the build target
This is an alternative to static linking as we do not have static source
libraries for all the things we depend on.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Uri Simchoni <uri@samba.org>
Andrew Bartlett [Thu, 7 Nov 2019 04:17:40 +0000 (17:17 +1300)]
lib/fuzzing/oss-fuzz: Install chrpath as we use it in the build.sh script to set -rpath
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Uri Simchoni <uri@samba.org>
Douglas Bagnall [Wed, 20 Nov 2019 20:59:24 +0000 (09:59 +1300)]
lib/fuzzing/oss-fuzz: Add build_image.sh using Samba's bootstrap tools
Google's oss-fuzz environment is Ubuntu 16.04 based so we can
just use the maintained bootstrap system rather than a manual
package list here that will get out of date.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Uri Simchoni <uri@samba.org>
Pair-programmed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Wed, 20 Nov 2019 21:29:57 +0000 (10:29 +1300)]
lib/fuzzing/oss-fuzz: add stub build.sh that will not change often
This makes local development of build_samba.sh easier as it will remain in the source tree.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Uri Simchoni <uri@samba.org>
Andrew Bartlett [Wed, 20 Nov 2019 01:03:13 +0000 (14:03 +1300)]
lib/fuzzing/oss-fuzz: Add build_samba.sh for oss-fuzz
We work hard to put the primary logic for oss-fuzz here, and
where possible into waf, so that only a tiny stub needs to
be maintained in the Google oss-fuzz repo.
This will be called by build.sh (not copied directly because
it is too easy to forget to copy in an updated version when
doing development in the docker image).
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Uri Simchoni <uri@samba.org>
Andrew Bartlett [Tue, 5 Nov 2019 23:24:18 +0000 (12:24 +1300)]
lib/fuzzing: Use --fuzz-target-ldflags if specified
This makes integration with oss-fuzz possible. Only the fuzzer binaries should be
linked with libFuzzer, not things like asn1_compile, so this can not be done via
the global ADDITIONAL_LDFLAGS.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Uri Simchoni <uri@samba.org>
Douglas Bagnall [Fri, 1 Nov 2019 04:18:24 +0000 (17:18 +1300)]
build: Set fuzzer=True on fuzzer binaries
This ensures that the binaries are the only binaries built
when configured for fuzzing.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 15 Nov 2019 12:34:08 +0000 (13:34 +0100)]
s4:rpc_server: Return the status code from dcesrv_transport_session_key()
Normally this returns the right status code, which normally is:
NT_STATUS_NO_USER_SESSION_KEY
This is consitent with the source3 samr server implmentation.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Autobuild-User(master): Isaac Boukris <iboukris@samba.org>
Autobuild-Date(master): Wed Nov 20 22:29:35 UTC 2019 on sn-devel-184
Volker Lendecke [Wed, 20 Nov 2019 10:08:06 +0000 (11:08 +0100)]
vfs: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Nov 20 15:23:10 UTC 2019 on sn-devel-184
Andrew Bartlett [Tue, 19 Nov 2019 04:38:50 +0000 (17:38 +1300)]
librpc: Check for NULL pointer in value() in ntlmssp_AUTHENTICATE
This allows ndrdump --validate to avoid following a NULL pointer when re-pushing
a valid but unusual input.
It also avoids an issue if the Samba server code were to provide a response
without an EncryptedRandomSessionKey.
At this stage ntlmssp.idl is not used for this, instead the packets are
generated with msrpc_gen().
Found by Douglas Bagnall using Hongfuzz and the new fuzz_ndr_X
fuzzer.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Nov 20 06:06:29 UTC 2019 on sn-devel-184
Andrew Bartlett [Tue, 19 Nov 2019 23:14:52 +0000 (12:14 +1300)]
selftest: Test repushing an ntlmssp AUTHENTICATE_MESSAGE
This demonstrates a bug found by Douglas Bagnall using Hongfuzz and the new fuzz_ndr_X
fuzzer where the value() evaluatuion could segfault if it was made to follow a NULL
pointer.
This also demonstrates that the --base64 mode works on file inputs.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Tue, 19 Nov 2019 22:40:51 +0000 (11:40 +1300)]
selftest: Confirm that NDR bugs are fixed in DCOM code
Test input provided by Michael Hanselmann and found using Hongfuzz.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13875
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Douglas Bagnall [Wed, 30 Oct 2019 20:35:19 +0000 (09:35 +1300)]
pidl: check the size of pulled arrays of arrays
We were accidentally checking the memory just past the array instead of
checking each member.
This could have led to the size of some arrays not being checked.
Found by Michael Hanselmann using Honggfuzz and an fuzzer for Samba's
NDR layer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13877
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 30 Oct 2019 02:02:49 +0000 (15:02 +1300)]
ndr_orpc: properly allocate empty DUALSTRINGARRAY
When there is no data we still need to allocate for the terminating NULL.
Found by Michael Hanselmann using Honggfuzz and an fuzzer for Samba's
NDR layer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13875
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 19 Nov 2019 21:56:14 +0000 (10:56 +1300)]
selftest: Confirm that --base64-input and --input work and a PIDL bug is fixed.
The PIDL bug is in the handling of arrays of arrays.
Test input provided by Michael Hanselmann and found using Hongfuzz.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13875
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Tue, 19 Nov 2019 21:55:18 +0000 (10:55 +1300)]
python: Return the stdout when also checking error codes
This will aid in checking that ndrdump behaves as expected when
failing to parse
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Tue, 19 Nov 2019 21:45:02 +0000 (10:45 +1300)]
ndrdump: Still print --dump bytes after parse failure
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Wed, 20 Nov 2019 00:26:11 +0000 (13:26 +1300)]
ndrdump: Invert sense of --stop-on-parse-failure into --print-after-parse-failure
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Tue, 19 Nov 2019 21:39:54 +0000 (10:39 +1300)]
ndrdump: Return a different error code for ndr_pull() failures
This may assist in distinguishing between "runner" and "pull" failures.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Tue, 19 Nov 2019 21:00:52 +0000 (10:00 +1300)]
ndrdump: Allow for base64-encoded input in a file and on the command line
It has become customary to provide reproduction steps for fuzzing failures
in terms of an ndrdump command line. This allows the input to be provided
as a argument or in a file rather than via base64 -d. This makes reproducing
the issue easier as everything can be put in a plaintext bug report.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Tue, 19 Nov 2019 20:59:07 +0000 (09:59 +1300)]
ndrdump: Check for input decode failures
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Tue, 19 Nov 2019 20:58:15 +0000 (09:58 +1300)]
ndrdump: Add const
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 18 Nov 2019 00:46:53 +0000 (13:46 +1300)]
ndrdump: TALLOC_FREE() on each exit path to allow running with leak detection
This allows us to learn if there are other memory leaks not on the mem_ctx
during the processing of the packet.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 18 Nov 2019 00:44:02 +0000 (13:44 +1300)]
ndrdump: print structure name when failing to setup
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Tue, 19 Nov 2019 23:17:37 +0000 (12:17 +1300)]
ndrdump: Fix one more NTSTATUS rather than friendly ndr message
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 11 Nov 2019 02:02:30 +0000 (15:02 +1300)]
librpc: Unify packet dumping on ndr_pull() failure
There were two duplicate implementations of packet dumping just for the s4 RPC server!
This unifies them and makes them easier to find because they are not triggered
from the generated server stub any more.
The behaviour have unified on setting "dcesrv:stubs directory" and
being compiled with --enable-developer.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Nov 20 02:14:56 UTC 2019 on sn-devel-184
Christof Schmitt [Wed, 18 Sep 2019 22:41:13 +0000 (15:41 -0700)]
vfs_gpfs: Use update_stat_ex_create_time
Make the code a bit easier to read by avoiding direct access to the
statex struct.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Tue Nov 19 22:44:53 UTC 2019 on sn-devel-184
Christof Schmitt [Mon, 19 Aug 2019 23:23:11 +0000 (16:23 -0700)]
vfs_gpfs: Create fileid from filesystem metadata
MacOS SMB clients require that file ids are not quickly reused when
files are deleted and new files are created with the same name. Inode
numbers do not satisfy that requirement, as they will be quickly reused.
To address this problem, create a unique id from the available file
system specific metadata. As that id is larger than the available 64bit,
use a hash to generate a 64bit id for usage as fileid.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Christof Schmitt [Mon, 19 Aug 2019 23:06:57 +0000 (16:06 -0700)]
vfs_gpfs: Use gpfs_fstat_x in vfs_gpfs_fget_dos_attributes
This is no functional change, but allows to use additional metadata
later on.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Christof Schmitt [Mon, 19 Aug 2019 22:41:45 +0000 (15:41 -0700)]
vfs_gpfs: Use gpfs_stat_x in vfs_gpfs_get_dos_attributes
This is no functional change, but allows to use additional metadata
later on.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Christof Schmitt [Mon, 19 Aug 2019 22:35:18 +0000 (15:35 -0700)]
gpfswrap: Add wrappers for gpfs_fstat_x and gpfs_stat_x
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Volker Lendecke [Tue, 19 Nov 2019 13:29:52 +0000 (14:29 +0100)]
vfs: Fix CID
1455914 Unused value
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Nov 19 17:37:42 UTC 2019 on sn-devel-184
Volker Lendecke [Tue, 19 Nov 2019 13:23:52 +0000 (14:23 +0100)]
smbd: Fix CID
1455912 Logically dead code
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Tue, 19 Nov 2019 13:20:14 +0000 (14:20 +0100)]
winbind: Fix CID
1455915 Resource leak
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Tue, 19 Nov 2019 13:17:38 +0000 (14:17 +0100)]
librpc: Fix CID
1455913 Use after free
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Isaac Boukris [Mon, 18 Nov 2019 14:00:03 +0000 (15:00 +0100)]
whatsnew: announce removal of DES encryption type in Kerberos
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14202
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Isaac Boukris <iboukris@samba.org>
Autobuild-Date(master): Tue Nov 19 16:12:39 UTC 2019 on sn-devel-184
Isaac Boukris [Sat, 16 Nov 2019 22:03:34 +0000 (23:03 +0100)]
heimdal: do not compile weak crypto
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14202
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Isaac Boukris [Sat, 16 Nov 2019 21:46:19 +0000 (22:46 +0100)]
selftest: allow any kdc error in mitm-s4u2self test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14202
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Isaac Boukris [Tue, 12 Nov 2019 11:00:34 +0000 (12:00 +0100)]
selftest: mitm-s4u2self: use zlib for CRC32_checksum calc
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14202
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Isaac Boukris [Mon, 16 Sep 2019 12:17:08 +0000 (15:17 +0300)]
machine_account_secrets: do not generate single DES keys
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14202
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Isaac Boukris [Thu, 24 Oct 2019 16:04:51 +0000 (19:04 +0300)]
kerberos_keytab: do not add single DES keys to keytab
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14202
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Isaac Boukris [Thu, 24 Oct 2019 15:32:37 +0000 (18:32 +0300)]
password_hash: do not generate single DES keys
Per RFC-6649 single DES enctypes should not be used.
MIT has retired single DES encryption types, see:
https://web.mit.edu/kerberos/krb5-1.12/doc/admin/advanced/retiring-des.html
As a workaround, store random keys instead, making the usage of signle DES
encryption types virtually impossible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14202
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Isaac Boukris [Thu, 24 Oct 2019 15:53:34 +0000 (18:53 +0300)]
kdc/db-glue: do not fetch single DES keys from db
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14202
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Isaac Boukris [Thu, 24 Oct 2019 09:20:05 +0000 (12:20 +0300)]
kerberos: remove single DES enctypes from ENC_ALL_TYPES
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14202
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Isaac Boukris [Thu, 31 Oct 2019 18:41:46 +0000 (19:41 +0100)]
selftest: exclude msDS-SupportedEncryptionType in ldapcmp
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14202
Pair-Programmed-With: Alexander Bokovoy <ab@samba.org>
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Isaac Boukris [Wed, 6 Nov 2019 08:17:52 +0000 (09:17 +0100)]
selftest/remote_pac: remove test_PACVerify_workstation_des
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14202
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 15 Nov 2019 19:54:42 +0000 (08:54 +1300)]
ndr: Include the caller location in ndr_{pull,push}_error() messages
This should aid in debugging NDR parse failures.
Use the ABI bump to again exclude ndr_table_misc incorrectly
added in ABI 0.2.1.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Nov 19 14:47:46 UTC 2019 on sn-devel-184
Andrew Bartlett [Mon, 18 Nov 2019 03:02:39 +0000 (16:02 +1300)]
witness.idl: Change array type in IDL for the print function
It is important that the generated print function checks r->messages
before de-referencing r->messages[num] as r->num can be non-zero
while r->messages is NULL.
There is not witness server in Samba and print functions are only
used during debugging and ndrdump in any case.
The change in the IDL does not change the header and the IDL
function is already nopull,nopush so only the print function changes.
Found by Douglas Bagnall using Honggfuzz and a new fuzzer for
Samba's NDR layer.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Robert Scott [Sat, 16 Nov 2019 17:46:51 +0000 (17:46 +0000)]
utils: only compile test_oLschema2ldif if fmemopen exists
in the vein of
da87fa998ab71328f30bcdf5b41aee8675aee48a
Signed-off-by: Robert Scott <code@humanleg.org.uk>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Nov 19 06:12:29 UTC 2019 on sn-devel-184
Andreas Schneider [Mon, 18 Nov 2019 15:33:23 +0000 (16:33 +0100)]
s4:lib:tls: Fix cert and privkey types
../../source4/lib/tls/tlscert.c:42:2: warning: ‘gnutls_x509_crt’ is
deprecated [-Wdeprecated-declarations]
42 | gnutls_x509_crt cacrt, crt;
| ^~~~~~~~~~~~~~~
../../source4/lib/tls/tlscert.c:43:2: warning: ‘gnutls_x509_privkey’ is
deprecated [-Wdeprecated-declarations]
43 | gnutls_x509_privkey key, cakey;
| ^~~~~~~~~~~~~~~~~~~
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 18 Nov 2019 09:29:55 +0000 (10:29 +0100)]
libcli:auth: Remove unused E_md5hash()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 18 Nov 2019 09:28:59 +0000 (10:28 +0100)]
s3:winbind: Replace E_md5hash() with GnuTLS calls
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 18 Nov 2019 09:24:56 +0000 (10:24 +0100)]
s3:winbindd: Replace E_md5hash() with GnuTLS calls
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 18 Nov 2019 09:21:06 +0000 (10:21 +0100)]
s3:rpc_server: Replace E_md5hash() with GnuTLS calls
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Amitay Isaacs [Fri, 15 Nov 2019 02:38:43 +0000 (13:38 +1100)]
build: add missing crypt dependency for auth4_unix
Commit
dc5788056bc removed crypt library from replace. This breaks the
build on fedora 30 ppc64.
[2439/3956] Linking bin/default/source4/auth/ntlm/libauth4-samba4.so
/usr/bin/ld: source4/auth/ntlm/auth_unix.c.5.o: in function `password_check':
auth_unix.c:(.text+0x7e0): undefined reference to `crypt'
crypt library is required to build ntlm auth_unix.c.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Tue Nov 19 04:47:47 UTC 2019 on sn-devel-184
Andrew Bartlett [Thu, 7 Nov 2019 03:52:48 +0000 (16:52 +1300)]
lib/fuzzing: Free memory after successful load in fuzz_tiniparser
Otherwise we have a memory leak and so fail the Google oss-fuzz check_build test.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Nov 18 21:02:52 UTC 2019 on sn-devel-184
Andrew Bartlett [Thu, 7 Nov 2019 02:08:18 +0000 (15:08 +1300)]
lib/fuzzing: Avoid NULL pointer de-ref from 0-length input
fmemopen() does not like 0-length input.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Uri Simchoni [Sat, 16 Nov 2019 21:54:31 +0000 (23:54 +0200)]
tevent: Release tevent 0.10.2
* Upgrade waf to version 2.0.18 to fix a cross-compilation issue
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13846
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Mon Nov 18 11:44:08 UTC 2019 on sn-devel-184
Uri Simchoni [Sat, 16 Nov 2019 21:52:33 +0000 (23:52 +0200)]
tdb: Release tdb 1.4.3
* Upgrade waf to version 2.0.18 to fix a cross-compilation issue.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13846
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Uri Simchoni [Sat, 16 Nov 2019 21:45:51 +0000 (23:45 +0200)]
talloc: Release talloc 2.3.1
* Upgrade waf to 2.0.18 to fix a cross-compilation issue
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13846
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sat, 16 Nov 2019 08:25:11 +0000 (21:25 +1300)]
ndrdump: avoid use after free
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Sun Nov 17 23:54:11 UTC 2019 on sn-devel-184
Andrew Bartlett [Fri, 15 Nov 2019 06:25:54 +0000 (19:25 +1300)]
ndrdump: Use human-readable strings for NDR decode errors
These make much more sense than the NTSTATUS values they can be forced
to map to.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Thu, 14 Nov 2019 00:49:48 +0000 (13:49 +1300)]
selftest: Test fix for ndrdump of structures by number
This requires that misc.GUID not move in the IDL, so a comment is added.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14191
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Douglas Bagnall [Thu, 14 Nov 2019 00:14:08 +0000 (13:14 +1300)]
ndrdump: correctly find the public strict by number
We were finding a function that happened to have the same ordinal
number.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14191
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Mon, 11 Nov 2019 00:53:33 +0000 (13:53 +1300)]
librpc: Use the fact that file_save() now uses O_EXCL in dcerpc_log_packet()
This avoids a race with file_exist() and demostrates a better
way to use this function.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Nov 15 18:48:27 UTC 2019 on sn-devel-184
Andrew Bartlett [Mon, 11 Nov 2019 00:52:22 +0000 (13:52 +1300)]
lib/util: change file_save_mode() to use O_EXCL
Almost all the callers are debug tools or developer debugging aids
and these callers clearly expect to create a new file.
Unchanged in behaviour is:
- TLS certificate creation. This already confirms the files do no exist
prior to generation.
These will now no longer overwrite the given filename
- net ads pac save
- net eventlog export
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Björn Baumbach [Fri, 15 Nov 2019 12:21:48 +0000 (13:21 +0100)]
s3-build: add missing gnutls dependency
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Wed, 13 Nov 2019 14:41:47 +0000 (15:41 +0100)]
third_party: Update nss_wrapper to version 1.1.7
This adds missing support for Address Sanitzer.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Nov 14 23:50:06 UTC 2019 on sn-devel-184
Volker Lendecke [Wed, 13 Nov 2019 15:29:17 +0000 (16:29 +0100)]
lib: Fix an error path memleak in schannel_get_creds_state()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 13 Nov 2019 15:02:11 +0000 (16:02 +0100)]
vfs: Use dbwrap_delete() in acl_tdb_delete()
Use the wrapper function that's already available for exactly this
purpose.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 13 Nov 2019 15:02:11 +0000 (16:02 +0100)]
vfs: Use dbwrap_store() in store_acl_blob_fsp()
Use the wrapper function that's already available for exactly this
purpose.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 13 Nov 2019 14:59:54 +0000 (15:59 +0100)]
vfs: Use direct struct assignment in store_acl_blob_fsp()
2 lines less code
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andrew Bartlett [Tue, 29 Oct 2019 21:19:05 +0000 (21:19 +0000)]
pidl: Handle obtaining objects from a fixed-size array
Previously we would assume the array head was the talloc context
however this is not the case if the array is a fixed size inline array
within the parent struct.
In that case the overall object's talloc context is the correct
context to reference.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Thu Nov 14 17:36:49 UTC 2019 on sn-devel-184
Douglas Bagnall [Mon, 28 Oct 2019 22:58:32 +0000 (11:58 +1300)]
pidl/python: allocate objects with ref pointers
Struct members that are marked as ref pointers need to have an object
allocated for them.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Douglas Bagnall [Tue, 29 Oct 2019 22:11:41 +0000 (22:11 +0000)]
pytests/segfault: pidl inline arrays
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Douglas Bagnall [Mon, 28 Oct 2019 23:02:04 +0000 (12:02 +1300)]
pytests/segfaults: dcerpc ref elements segfault
These are just a couple of examples.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Douglas Bagnall [Wed, 23 Oct 2019 21:41:28 +0000 (10:41 +1300)]
pytests: rpc echo should not segfault
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Douglas Bagnall [Wed, 24 Jul 2019 05:50:35 +0000 (17:50 +1200)]
s4/rpc/dcerpc_connect: no crash on NULL dest_host
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Amitay Isaacs [Mon, 11 Nov 2019 07:32:49 +0000 (18:32 +1100)]
ctdb-tests: Add tests for cmdline_add() api
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Nov 14 12:03:46 UTC 2019 on sn-devel-184
Amitay Isaacs [Mon, 11 Nov 2019 06:32:50 +0000 (17:32 +1100)]
ctdb-common: Add api to add new section/commands to cmdline
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Mon, 11 Nov 2019 06:29:26 +0000 (17:29 +1100)]
ctdb-common: Change cmdline implementation to support multiple sections
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Mon, 11 Nov 2019 06:05:53 +0000 (17:05 +1100)]
ctdb-tests: Update cmdline tests for section name
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Mon, 11 Nov 2019 06:01:43 +0000 (17:01 +1100)]
ctdb-common: Add section to group commands in cmdline
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Mon, 9 Jul 2018 05:37:52 +0000 (15:37 +1000)]
ctdb-common: Generate usage message from cmdline_parse()
If any of the option parsing or command parsing fails, generate usage
message.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Andrew Bartlett [Wed, 13 Nov 2019 22:16:09 +0000 (11:16 +1300)]
libcli:auth Check return code of netlogon_creds_aes_encrypt()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Nov 14 09:25:36 UTC 2019 on sn-devel-184
Andreas Schneider [Wed, 13 Nov 2019 09:13:53 +0000 (10:13 +0100)]
libcli:auth: Check return code of netlogon_creds_step_crypt()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Wed, 13 Nov 2019 09:12:41 +0000 (10:12 +0100)]
libcli:auth: Check return code of netlogon_creds_step()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Wed, 13 Nov 2019 09:06:20 +0000 (10:06 +0100)]
s4:librpc: Check return code of netlogon_creds_client_authenticator()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Wed, 13 Nov 2019 09:06:20 +0000 (10:06 +0100)]
libcli:auth: Check return code of netlogon_creds_client_authenticator()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Wed, 13 Nov 2019 09:06:20 +0000 (10:06 +0100)]
auth:pycreds: Check return code of netlogon_creds_client_authenticator()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Wed, 13 Nov 2019 08:52:53 +0000 (09:52 +0100)]
libcli:auth: Return NTSTATUS for netlogon_creds_client_authenticator()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Wed, 13 Nov 2019 08:44:32 +0000 (09:44 +0100)]
libcli:auth: Check return status of netlogon_creds_first_step()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Wed, 13 Nov 2019 08:41:18 +0000 (09:41 +0100)]
libcli:auth: Check return status of netlogon_creds_init_64bit()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Wed, 13 Nov 2019 08:39:19 +0000 (09:39 +0100)]
libcli:auth: Check return value of netlogon_creds_init_128bit()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Wed, 13 Nov 2019 13:01:46 +0000 (14:01 +0100)]
s4:torture: Remove calls to gnutls_global_(de)init() in backupkey test
This is handled by the gnutls library constructor/destructor.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Wed, 13 Nov 2019 12:59:30 +0000 (13:59 +0100)]
s4:lib: Remove gnutls_global_(de)init() from libtls
This is handled by the gnutls library constructor/destructor.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Wed, 13 Nov 2019 12:57:53 +0000 (13:57 +0100)]
s4:rpc_server: Remove gnutls_global_(de)init()
This is done by the gnutls library constructor/destructor.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Wed, 13 Nov 2019 11:52:44 +0000 (12:52 +0100)]
libcli:auth: Check return code of SMBOWFencrypt_ntv2()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Wed, 13 Nov 2019 11:48:18 +0000 (12:48 +0100)]
libcli:auth: Return NTSTATUS for SMBOWFencrypt_ntv2()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>