[SCM] Samba Shared Repository - branch master updated

Jeremy Allison jra at samba.org
Wed Jun 18 01:43:04 MDT 2014


The branch, master has been updated
       via  937d35b s4: torture : Add test case to show that a bad impersonation level causes an error on a regular file open.
       via  d84d0fc s3: torture test. We now pass "samba3.smb2.create.leading-slash" so remove from knownfail.
       via  22c974f s3: smb2 - strictly obey file name restrictions w.r.t. the SMB2 protocol spec.
       via  1c44d9a s3: smb2 - Check supplied impersonation level on SMB2_CREATE.
       via  37b4c9e s3: smb2 - Negprot should return INVALID_PARAMETER if flags2 signed bit is set.
      from  e907f84 s3: auth: Fix winbindd_pam_auth_pac_send() to create a new info3 and merge in resource groups from a trusted PAC.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 937d35bd182a7dfb0845bc4e418ea7982538f55f
Author: Jeremy Allison <jra at samba.org>
Date:   Tue Jun 17 17:02:07 2014 -0700

    s4: torture : Add test case to show that a bad impersonation level causes an error on a regular file open.
    
    An invalid impersonation level is only allowed for durable handle reopen.
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Ira Cooper <ira at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Wed Jun 18 09:42:43 CEST 2014 on sn-devel-104

commit d84d0fc3797f30a78673bcba18c635902bde521d
Author: Jeremy Allison <jra at samba.org>
Date:   Tue Jun 17 12:49:11 2014 -0700

    s3: torture test. We now pass "samba3.smb2.create.leading-slash" so remove from knownfail.
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Ira Cooper <ira at samba.org>

commit 22c974f57bab050e56e268e7ccfa2f93cae2093e
Author: Jeremy Allison <jra at samba.org>
Date:   Mon Jun 16 14:28:11 2014 -0700

    s3: smb2 - strictly obey file name restrictions w.r.t. the SMB2 protocol spec.
    
    MS-SMB2: 3.3.5.9 - Receiving an SMB2 CREATE Request
    If the file name length is greater than zero and the
    first character is a path separator character, the
    server MUST fail the request with
    STATUS_INVALID_PARAMETER.
    
    Found and fix confirmed by Microsoft test tool.
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Ira Cooper <ira at samba.org>

commit 1c44d9a3e1f0ffdb3848c6a7b1e01057a42d5359
Author: Jeremy Allison <jra at samba.org>
Date:   Mon Jun 16 14:13:02 2014 -0700

    s3: smb2 - Check supplied impersonation level on SMB2_CREATE.
    
    MS-SMB2: 2.2.13 SMB2 CREATE Request
    ImpersonationLevel ... MUST contain one of the following values.
    The server MUST validate this field, but otherwise ignore it.
    
    NB. source4/torture/smb2/durable_open.c shows that
    this check is only done on real opens, not on durable
    handle reopens.
    
    Found and fix confirmed by Microsoft test tool.
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Ira Cooper <ira at samba.org>

commit 37b4c9e08f67efc029851de7bd126aeaaceec2b1
Author: Jeremy Allison <jra at samba.org>
Date:   Mon Jun 16 14:05:18 2014 -0700

    s3: smb2 - Negprot should return INVALID_PARAMETER if flags2 signed bit is set.
    
    MS-SMB2: 3.3.5.2.4 Verifying the Signature.
    If the SMB2 header of the SMB2 NEGOTIATE
    request has the SMB2_FLAGS_SIGNED bit set in the
    Flags field, the server MUST fail the request
    with STATUS_INVALID_PARAMETER.
    
    Found and fix confirmed by Microsoft test tool.
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Ira Cooper <ira at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 selftest/knownfail            |    2 +-
 source3/smbd/smb2_create.c    |   34 ++++++++++++++++++++++++++++++
 source3/smbd/smb2_server.c    |   19 +++++++++++++++-
 source4/torture/smb2/create.c |   46 +++++++++++++++++++++++++++++++++++++++++
 4 files changed, 98 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/selftest/knownfail b/selftest/knownfail
index 531d51b..434ce0c 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -143,6 +143,7 @@
 ^samba4.raw.acls.*.create_dir
 ^samba4.raw.acls.*.create_file
 ^samba4.smb2.create.*.acldir
+^samba4.smb2.create.*.impersonation
 ^samba4.smb2.acls.*.generic
 ^samba4.smb2.acls.*.inheritflags
 ^samba4.smb2.acls.*.owner
@@ -180,7 +181,6 @@
 ^samba3.smb2.create.gentest
 ^samba3.smb2.create.blob
 ^samba3.smb2.create.open
-^samba3.smb2.create.leading-slash
 ^samba3.smb2.notify.valid-req
 ^samba3.smb2.notify.dir
 ^samba3.smb2.notify.rec
diff --git a/source3/smbd/smb2_create.c b/source3/smbd/smb2_create.c
index 4e82e2c..4e2e6bc 100644
--- a/source3/smbd/smb2_create.c
+++ b/source3/smbd/smb2_create.c
@@ -904,6 +904,40 @@ static struct tevent_req *smbd_smb2_create_send(TALLOC_CTX *mem_ctx,
 				return tevent_req_post(req, ev);
 			}
 
+			/*
+			 * MS-SMB2: 2.2.13 SMB2 CREATE Request
+			 * ImpersonationLevel ... MUST contain one of the
+			 * following values. The server MUST validate this
+			 * field, but otherwise ignore it.
+			 *
+			 * NB. The source4/torture/smb2/durable_open.c test
+			 * shows this check is only done on real opens, not
+			 * on durable handle-reopens.
+			 */
+
+			if (in_impersonation_level >
+					SMB2_IMPERSONATION_DELEGATE) {
+				tevent_req_nterror(req,
+					NT_STATUS_BAD_IMPERSONATION_LEVEL);
+				return tevent_req_post(req, ev);
+			}
+
+			/*
+			 * We know we're going to do a local open, so now
+			 * we must be protocol strict. JRA.
+			 *
+			 * MS-SMB2: 3.3.5.9 - Receiving an SMB2 CREATE Request
+			 * If the file name length is greater than zero and the
+			 * first character is a path separator character, the
+			 * server MUST fail the request with
+			 * STATUS_INVALID_PARAMETER.
+			 */
+			if (in_name[0] == '\\' || in_name[0] == '/') {
+				tevent_req_nterror(req,
+					NT_STATUS_INVALID_PARAMETER);
+				return tevent_req_post(req, ev);
+			}
+
 			status = SMB_VFS_CREATE_FILE(smb1req->conn,
 						     smb1req,
 						     0, /* root_dir_fid */
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index 69fe9e4..166fb6b 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -2034,8 +2034,23 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
 		DATA_BLOB signing_key;
 
 		if (x == NULL) {
-			return smbd_smb2_request_error(
-				req, NT_STATUS_USER_SESSION_DELETED);
+			/*
+			 * MS-SMB2: 3.3.5.2.4 Verifying the Signature.
+			 * If the SMB2 header of the SMB2 NEGOTIATE
+			 * request has the SMB2_FLAGS_SIGNED bit set in the
+			 * Flags field, the server MUST fail the request
+			 * with STATUS_INVALID_PARAMETER.
+			 *
+			 * Microsoft test tool checks this.
+			 */
+
+			if ((opcode == SMB2_OP_NEGPROT) &&
+					(flags & SMB2_HDR_FLAG_SIGNED)) {
+				status = NT_STATUS_INVALID_PARAMETER;
+			} else {
+				status = NT_STATUS_USER_SESSION_DELETED;
+			}
+			return smbd_smb2_request_error(req, status);
 		}
 
 		signing_key = x->global->channels[0].signing_key;
diff --git a/source4/torture/smb2/create.c b/source4/torture/smb2/create.c
index f5b40b6..44650b5 100644
--- a/source4/torture/smb2/create.c
+++ b/source4/torture/smb2/create.c
@@ -1178,6 +1178,51 @@ static bool test_smb2_leading_slash(struct torture_context *tctx,
 	return ret;
 }
 
+/*
+  test SMB2 open with an invalid impersonation level.
+  Should give NT_STATUS_BAD_IMPERSONATION_LEVEL error
+*/
+static bool test_smb2_impersonation_level(struct torture_context *tctx,
+				    struct smb2_tree *tree)
+{
+	union smb_open io;
+	const char *fname = DNAME "\\torture_invalid_impersonation_level.txt";
+	NTSTATUS status;
+	struct smb2_handle h;
+	bool ret = true;
+
+	torture_comment(tctx,
+		"Testing SMB2 open with an invalid impersonation level.\n");
+
+	smb2_util_unlink(tree, fname);
+	smb2_util_rmdir(tree, DNAME);
+
+	status = torture_smb2_testdir(tree, DNAME, &h);
+	CHECK_STATUS(status, NT_STATUS_OK);
+
+	ZERO_STRUCT(io.smb2);
+	io.generic.level = RAW_OPEN_SMB2;
+	io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+	io.smb2.in.alloc_size = 0;
+	io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+	io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+		NTCREATEX_SHARE_ACCESS_WRITE|
+		NTCREATEX_SHARE_ACCESS_DELETE;
+	io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+	io.smb2.in.create_options = 0;
+	io.smb2.in.impersonation_level = 0x12345678;
+	io.smb2.in.security_flags = 0;
+	io.smb2.in.fname = fname;
+	io.smb2.in.create_flags = 0;
+
+	status = smb2_create(tree, tree, &(io.smb2));
+	CHECK_STATUS(status, NT_STATUS_BAD_IMPERSONATION_LEVEL);
+
+	smb2_util_close(tree, h);
+	smb2_util_unlink(tree, fname);
+	smb2_deltree(tree, DNAME);
+	return ret;
+}
 
 static bool test_create_acl_file(struct torture_context *tctx,
     struct smb2_tree *tree)
@@ -1486,6 +1531,7 @@ struct torture_suite *torture_smb2_create_init(void)
 	torture_suite_add_1smb2_test(suite, "multi", test_smb2_open_multi);
 	torture_suite_add_1smb2_test(suite, "delete", test_smb2_open_for_delete);
 	torture_suite_add_1smb2_test(suite, "leading-slash", test_smb2_leading_slash);
+	torture_suite_add_1smb2_test(suite, "impersonation", test_smb2_impersonation_level);
 	torture_suite_add_1smb2_test(suite, "aclfile", test_create_acl_file);
 	torture_suite_add_1smb2_test(suite, "acldir", test_create_acl_dir);
 	torture_suite_add_1smb2_test(suite, "nulldacl", test_create_null_dacl);


-- 
Samba Shared Repository


More information about the samba-cvs mailing list