[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Wed Jun 18 01:43:04 MDT 2014
The branch, master has been updated
via 937d35b s4: torture : Add test case to show that a bad impersonation level causes an error on a regular file open.
via d84d0fc s3: torture test. We now pass "samba3.smb2.create.leading-slash" so remove from knownfail.
via 22c974f s3: smb2 - strictly obey file name restrictions w.r.t. the SMB2 protocol spec.
via 1c44d9a s3: smb2 - Check supplied impersonation level on SMB2_CREATE.
via 37b4c9e s3: smb2 - Negprot should return INVALID_PARAMETER if flags2 signed bit is set.
from e907f84 s3: auth: Fix winbindd_pam_auth_pac_send() to create a new info3 and merge in resource groups from a trusted PAC.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 937d35bd182a7dfb0845bc4e418ea7982538f55f
Author: Jeremy Allison <jra at samba.org>
Date: Tue Jun 17 17:02:07 2014 -0700
s4: torture : Add test case to show that a bad impersonation level causes an error on a regular file open.
An invalid impersonation level is only allowed for durable handle reopen.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ira Cooper <ira at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Jun 18 09:42:43 CEST 2014 on sn-devel-104
commit d84d0fc3797f30a78673bcba18c635902bde521d
Author: Jeremy Allison <jra at samba.org>
Date: Tue Jun 17 12:49:11 2014 -0700
s3: torture test. We now pass "samba3.smb2.create.leading-slash" so remove from knownfail.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ira Cooper <ira at samba.org>
commit 22c974f57bab050e56e268e7ccfa2f93cae2093e
Author: Jeremy Allison <jra at samba.org>
Date: Mon Jun 16 14:28:11 2014 -0700
s3: smb2 - strictly obey file name restrictions w.r.t. the SMB2 protocol spec.
MS-SMB2: 3.3.5.9 - Receiving an SMB2 CREATE Request
If the file name length is greater than zero and the
first character is a path separator character, the
server MUST fail the request with
STATUS_INVALID_PARAMETER.
Found and fix confirmed by Microsoft test tool.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ira Cooper <ira at samba.org>
commit 1c44d9a3e1f0ffdb3848c6a7b1e01057a42d5359
Author: Jeremy Allison <jra at samba.org>
Date: Mon Jun 16 14:13:02 2014 -0700
s3: smb2 - Check supplied impersonation level on SMB2_CREATE.
MS-SMB2: 2.2.13 SMB2 CREATE Request
ImpersonationLevel ... MUST contain one of the following values.
The server MUST validate this field, but otherwise ignore it.
NB. source4/torture/smb2/durable_open.c shows that
this check is only done on real opens, not on durable
handle reopens.
Found and fix confirmed by Microsoft test tool.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ira Cooper <ira at samba.org>
commit 37b4c9e08f67efc029851de7bd126aeaaceec2b1
Author: Jeremy Allison <jra at samba.org>
Date: Mon Jun 16 14:05:18 2014 -0700
s3: smb2 - Negprot should return INVALID_PARAMETER if flags2 signed bit is set.
MS-SMB2: 3.3.5.2.4 Verifying the Signature.
If the SMB2 header of the SMB2 NEGOTIATE
request has the SMB2_FLAGS_SIGNED bit set in the
Flags field, the server MUST fail the request
with STATUS_INVALID_PARAMETER.
Found and fix confirmed by Microsoft test tool.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ira Cooper <ira at samba.org>
-----------------------------------------------------------------------
Summary of changes:
selftest/knownfail | 2 +-
source3/smbd/smb2_create.c | 34 ++++++++++++++++++++++++++++++
source3/smbd/smb2_server.c | 19 +++++++++++++++-
source4/torture/smb2/create.c | 46 +++++++++++++++++++++++++++++++++++++++++
4 files changed, 98 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/selftest/knownfail b/selftest/knownfail
index 531d51b..434ce0c 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -143,6 +143,7 @@
^samba4.raw.acls.*.create_dir
^samba4.raw.acls.*.create_file
^samba4.smb2.create.*.acldir
+^samba4.smb2.create.*.impersonation
^samba4.smb2.acls.*.generic
^samba4.smb2.acls.*.inheritflags
^samba4.smb2.acls.*.owner
@@ -180,7 +181,6 @@
^samba3.smb2.create.gentest
^samba3.smb2.create.blob
^samba3.smb2.create.open
-^samba3.smb2.create.leading-slash
^samba3.smb2.notify.valid-req
^samba3.smb2.notify.dir
^samba3.smb2.notify.rec
diff --git a/source3/smbd/smb2_create.c b/source3/smbd/smb2_create.c
index 4e82e2c..4e2e6bc 100644
--- a/source3/smbd/smb2_create.c
+++ b/source3/smbd/smb2_create.c
@@ -904,6 +904,40 @@ static struct tevent_req *smbd_smb2_create_send(TALLOC_CTX *mem_ctx,
return tevent_req_post(req, ev);
}
+ /*
+ * MS-SMB2: 2.2.13 SMB2 CREATE Request
+ * ImpersonationLevel ... MUST contain one of the
+ * following values. The server MUST validate this
+ * field, but otherwise ignore it.
+ *
+ * NB. The source4/torture/smb2/durable_open.c test
+ * shows this check is only done on real opens, not
+ * on durable handle-reopens.
+ */
+
+ if (in_impersonation_level >
+ SMB2_IMPERSONATION_DELEGATE) {
+ tevent_req_nterror(req,
+ NT_STATUS_BAD_IMPERSONATION_LEVEL);
+ return tevent_req_post(req, ev);
+ }
+
+ /*
+ * We know we're going to do a local open, so now
+ * we must be protocol strict. JRA.
+ *
+ * MS-SMB2: 3.3.5.9 - Receiving an SMB2 CREATE Request
+ * If the file name length is greater than zero and the
+ * first character is a path separator character, the
+ * server MUST fail the request with
+ * STATUS_INVALID_PARAMETER.
+ */
+ if (in_name[0] == '\\' || in_name[0] == '/') {
+ tevent_req_nterror(req,
+ NT_STATUS_INVALID_PARAMETER);
+ return tevent_req_post(req, ev);
+ }
+
status = SMB_VFS_CREATE_FILE(smb1req->conn,
smb1req,
0, /* root_dir_fid */
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index 69fe9e4..166fb6b 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -2034,8 +2034,23 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
DATA_BLOB signing_key;
if (x == NULL) {
- return smbd_smb2_request_error(
- req, NT_STATUS_USER_SESSION_DELETED);
+ /*
+ * MS-SMB2: 3.3.5.2.4 Verifying the Signature.
+ * If the SMB2 header of the SMB2 NEGOTIATE
+ * request has the SMB2_FLAGS_SIGNED bit set in the
+ * Flags field, the server MUST fail the request
+ * with STATUS_INVALID_PARAMETER.
+ *
+ * Microsoft test tool checks this.
+ */
+
+ if ((opcode == SMB2_OP_NEGPROT) &&
+ (flags & SMB2_HDR_FLAG_SIGNED)) {
+ status = NT_STATUS_INVALID_PARAMETER;
+ } else {
+ status = NT_STATUS_USER_SESSION_DELETED;
+ }
+ return smbd_smb2_request_error(req, status);
}
signing_key = x->global->channels[0].signing_key;
diff --git a/source4/torture/smb2/create.c b/source4/torture/smb2/create.c
index f5b40b6..44650b5 100644
--- a/source4/torture/smb2/create.c
+++ b/source4/torture/smb2/create.c
@@ -1178,6 +1178,51 @@ static bool test_smb2_leading_slash(struct torture_context *tctx,
return ret;
}
+/*
+ test SMB2 open with an invalid impersonation level.
+ Should give NT_STATUS_BAD_IMPERSONATION_LEVEL error
+*/
+static bool test_smb2_impersonation_level(struct torture_context *tctx,
+ struct smb2_tree *tree)
+{
+ union smb_open io;
+ const char *fname = DNAME "\\torture_invalid_impersonation_level.txt";
+ NTSTATUS status;
+ struct smb2_handle h;
+ bool ret = true;
+
+ torture_comment(tctx,
+ "Testing SMB2 open with an invalid impersonation level.\n");
+
+ smb2_util_unlink(tree, fname);
+ smb2_util_rmdir(tree, DNAME);
+
+ status = torture_smb2_testdir(tree, DNAME, &h);
+ CHECK_STATUS(status, NT_STATUS_OK);
+
+ ZERO_STRUCT(io.smb2);
+ io.generic.level = RAW_OPEN_SMB2;
+ io.smb2.in.desired_access = SEC_RIGHTS_FILE_ALL;
+ io.smb2.in.alloc_size = 0;
+ io.smb2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+ io.smb2.in.share_access = NTCREATEX_SHARE_ACCESS_READ|
+ NTCREATEX_SHARE_ACCESS_WRITE|
+ NTCREATEX_SHARE_ACCESS_DELETE;
+ io.smb2.in.create_disposition = NTCREATEX_DISP_CREATE;
+ io.smb2.in.create_options = 0;
+ io.smb2.in.impersonation_level = 0x12345678;
+ io.smb2.in.security_flags = 0;
+ io.smb2.in.fname = fname;
+ io.smb2.in.create_flags = 0;
+
+ status = smb2_create(tree, tree, &(io.smb2));
+ CHECK_STATUS(status, NT_STATUS_BAD_IMPERSONATION_LEVEL);
+
+ smb2_util_close(tree, h);
+ smb2_util_unlink(tree, fname);
+ smb2_deltree(tree, DNAME);
+ return ret;
+}
static bool test_create_acl_file(struct torture_context *tctx,
struct smb2_tree *tree)
@@ -1486,6 +1531,7 @@ struct torture_suite *torture_smb2_create_init(void)
torture_suite_add_1smb2_test(suite, "multi", test_smb2_open_multi);
torture_suite_add_1smb2_test(suite, "delete", test_smb2_open_for_delete);
torture_suite_add_1smb2_test(suite, "leading-slash", test_smb2_leading_slash);
+ torture_suite_add_1smb2_test(suite, "impersonation", test_smb2_impersonation_level);
torture_suite_add_1smb2_test(suite, "aclfile", test_create_acl_file);
torture_suite_add_1smb2_test(suite, "acldir", test_create_acl_dir);
torture_suite_add_1smb2_test(suite, "nulldacl", test_create_null_dacl);
--
Samba Shared Repository
More information about the samba-cvs
mailing list