[SCM] Samba Shared Repository - branch v4-4-stable updated
Karolin Seeger
kseeger at samba.org
Tue Apr 12 16:58:44 UTC 2016
The branch, v4-4-stable has been updated
via 71de921 VERSION: Disable git snapshots for the 4.4.2 release.
via 370b3dd WHATSNEW: Add release notes for Samba 4.4.2.
via 87fb3b8 s3:libads: sasl wrapped LDAP connections against with kerberos and arcfour-hmac-md5
via bfc9525 VERSION: Bump version up to 4.4.2...
via c8180d1 VERSION: Disable git snapshots for the 4.4.1 release.
via bd94b86 WHATSNEW: Add release notes for Samba 4.4.1.
via 13e3e81 CVE-2015-5370: s4:selftest: run samba.tests.dcerpc.raw_protocol against ad_dc
via 2c6f01d CVE-2015-5370: python/samba/tests: add some dcerpc raw_protocol tests
via 78b84d5 CVE-2015-5370: python/samba/tests: add infrastructure to do raw protocol tests for DCERPC
via 9d953e2 CVE-2015-5370: s4:librpc/rpc: call dcerpc_connection_dead() on protocol errors
via 4a496d3 CVE-2015-5370: s3:rpc_client: disconnect connection on protocol errors
via 45a2445 CVE-2015-5370: libcli/smb: use a max timeout of 1 second in tstream_smbXcli_np_destructor()
via b65429f CVE-2015-5370: s3:rpc_server: verify auth_context_id in api_pipe_{bind_auth3,alter_context}
via 97a0811 CVE-2015-5370: s3:rpc_client: verify auth_context_id in rpc_pipe_bind_step_one_done()
via 49379e4 CVE-2015-5370: s3:librpc/rpc: verify auth_context_id in dcerpc_check_auth()
via 518f8bb CVE-2015-5370: s3:librpc/rpc: make use of auth->auth_context_id in dcerpc_add_auth_footer()
via a663ad5 CVE-2015-5370: s3:rpc_server: make use of pipe_auth_data->auth_context_id
via a3fc86d CVE-2015-5370: s3:rpc_client: make use of pipe_auth_data->auth_context_id
via 6d509e3 CVE-2015-5370: s3:librpc/rpc: add auth_context_id to struct pipe_auth_data
via 57d5a84 CVE-2015-5370: s3:rpc_client: pass struct pipe_auth_data to create_rpc_{bind_auth3,alter_context}()
via e84519d CVE-2015-5370: s3:rpc_server: don't allow an existing context to be changed in check_bind_req()
via 6fd2714 CVE-2015-5370: s3:rpc_server: check the transfer syntax in check_bind_req() first
via 7b902c3 CVE-2015-5370: s3:librpc/rpc: remove unused dcerpc_pull_dcerpc_auth()
via 5cfe5ec CVE-2015-5370: s3:rpc_server: use DCERPC_NCA_S_PROTO_ERROR FAULTs for protocol errors
via a9c46e8 CVE-2015-5370: s3:rpc_server: let a failing BIND mark the connection as broken
via 9c2592f CVE-2015-5370: s3:rpc_server: disconnect the connection after a fatal FAULT pdu
via 6456408 CVE-2015-5370: s3:rpc_server: make use of dcerpc_verify_ncacn_packet_header() to verify incoming pdus
via d2c964f CVE-2015-5370: s3:rpc_server: verify presentation context arrays
via 218bd4a CVE-2015-5370: s3:rpc_server: use 'alter' instead of 'bind' for variables in api_pipe_alter_context()
via 5148a26 CVE-2015-5370: s3:rpc_server: ensure that the message ordering doesn't violate the spec
via 198ecf4 CVE-2015-5370: s3:rpc_server: make sure auth_level isn't changed by alter_context or auth3
via bf4a716 CVE-2015-5370: s3:rpc_server: let a failing auth3 mark the authentication as invalid
via 087b363 CVE-2015-5370: s3:rpc_server: don't allow auth3 if the authentication was already finished
via e6cdac4 CVE-2015-5370: s3:rpc_server: don't ignore failures of dcerpc_push_ncacn_packet()
via 56014f6 CVE-2015-5370: s3:rpc_server: just call pipe_auth_generic_bind() in api_pipe_bind_req()
via 8c7d8c8 CVE-2015-5370: s3:rpc_server: let a failing sec_verification_trailer mark the connection as broken
via 4c51c89 CVE-2015-5370: s3:rpc_server: make use of dcerpc_pull_auth_trailer() in api_pipe_{bind_req,alter_context,bind_auth3}()
via 5c495ab CVE-2015-5370: s3:rpc_client: verify auth_{type,level} in rpc_pipe_bind_step_one_done()
via f4ef85f CVE-2015-5370: s3:rpc_client: protect rpc_api_pipe_got_pdu() against too large payloads
via 654d8a5 CVE-2015-5370: s3:rpc_client: make use of dcerpc_verify_ncacn_packet_header() in cli_pipe_validate_current_pdu()
via dfab482 CVE-2015-5370: s3:rpc_client: make use of dcerpc_pull_auth_trailer()
via 569781f CVE-2015-5370: s3:librpc/rpc: let dcerpc_check_auth() auth_{type,level} against the expected values.
via dd2c270 CVE-2015-5370: s3:librpc/rpc: remove auth trailer and possible padding within dcerpc_check_auth()
via b1b538a CVE-2015-5370: librpc/rpc: don't allow pkt->auth_length == 0 in dcerpc_pull_auth_trailer()
via ddd4d03 CVE-2015-5370: s4:rpc_server: reject DCERPC_PFC_FLAG_PENDING_CANCEL with DCERPC_FAULT_NO_CALL_ACTIVE
via 7e682ed CVE-2015-5370: s4:rpc_server: the assoc_group is relative to the connection (association)
via 9625f91 CVE-2015-5370: s4:rpc_server: only allow one fragmented call_id at a time
via 2fd10be CVE-2015-5370: s4:rpc_server: limit allocation and alloc_hint to 4 MByte
via d1ffe41 CVE-2015-5370: s4:rpc_server: check frag_length for requests
via 74347a4 CVE-2015-5370: s4:rpc_server: give the correct reject reasons for invalid auth_level values
via d7af609 CVE-2015-5370: s4:rpc_server: disconnect after a failing dcesrv_auth_request()
via a3008ec CVE-2015-5370: s4:rpc_server: let a failing auth3 mark the authentication as invalid
via 6a9b4ca CVE-2015-5370: s4:rpc_server: failing authentication should generate a SEC_PKG_ERROR
via 9e86b09 CVE-2015-5370: s4:rpc_server: fix the order of error checking in dcesrv_alter()
via 3d075a4 CVE-2015-5370: s4:rpc_server: changing an existing presentation context via alter_context is a protocol error
via cace627 CVE-2015-5370: s4:rpc_server: don't derefence an empty ctx_list array in dcesrv_alter()
via bf333e9 CVE-2015-5370: s4:rpc_server: remove pointless dcesrv_find_context() from dcesrv_bind()
via e3775db CVE-2015-5370: s4:rpc_server: let invalid request fragments disconnect the connection with a protocol error
via e365d16 CVE-2015-5370: s4:rpc_server: make sure alter_context and auth3 can't change auth_{type,level,context_id}
via af03332e CVE-2015-5370: s4:rpc_server: maintain in and out struct dcerpc_auth per dcesrv_call_state
via 503d08d CVE-2015-5370: s4:rpc_server: ensure that the message ordering doesn't violate the spec
via 75d9b58 CVE-2015-5370: s4:rpc_server: verify the protocol headers before processing pdus
via e3c1c20 CVE-2015-5370: s4:rpc_server: add infrastructure to terminate a connection after a response
via b5d0de4 CVE-2015-5370: s4:rpc_server: make dcesrv_process_ncacn_packet() static
via c8a1adb CVE-2015-5370: s4:rpc_server: return the correct secondary_address in dcesrv_bind()
via a689216 CVE-2015-5370: s4:rpc_server: add some padding to dcesrv_bind_nak() responses
via eb16dfa CVE-2015-5370: s4:rpc_server: split out a dcesrv_fault_with_flags() helper function
via 448435a CVE-2015-5370: s4:rpc_server: fill context_id in dcesrv_fault()
via 7c2984a CVE-2015-5370: s4:rpc_server: set alloc_hint = 24 in dcesrv_fault()
via f9ed1a9 CVE-2015-5370: s4:rpc_server: avoid ZERO_STRUCT() in dcesrv_fault()
via 83d93a8 CVE-2015-5370: s4:rpc_server: correctly maintain dcesrv_connection->max_{recv,xmit}_frag
via 08ec7e7 CVE-2015-5370: s4:rpc_server/netlogon: make use of dce_call->conn->auth_state.auth_{level,type}
via 62f8a54 CVE-2015-5370: s4:rpc_server/samr: make use of dce_call->conn->auth_state.auth_level
via 8ad4695 CVE-2015-5370: s4:rpc_server/lsa: make use of dce_call->conn->auth_state.auth_{level,type}
via 1ed3e26 CVE-2015-5370: s4:rpc_server: make use of dce_call->conn->auth_state.auth_* in dcesrv_request()
via dc15870 CVE-2015-5370: s4:rpc_server: maintain dcesrv_auth->auth_{type,level,context_id}
via 58b1cdf CVE-2015-5370: s4:rpc_server: check the result of dcerpc_pull_auth_trailer() in dcesrv_auth_bind()
via 8332714 CVE-2015-5370: s4:rpc_server: no authentication is indicated by pkt->auth_length == 0
via b0349be CVE-2015-5370: s4:rpc_server: make use of talloc_zero()
via 7f348a7 CVE-2015-5370: s4:librpc/rpc: protect dcerpc_request_recv_data() against too large payloads
via 50fc638 CVE-2015-5370: s4:librpc/rpc: use dcerpc_verify_ncacn_packet_header() to verify BIND_ACK,ALTER_RESP,RESPONSE pdus
via a96543e CVE-2015-5370: s4:librpc/rpc: handle DCERPC_PKT_FAULT before anything else in dcerpc_alter_context_recv_handler()
via f89c218 CVE-2015-5370: s4:librpc/rpc: make use of dcerpc_map_ack_reason() in dcerpc_bind_recv_handler()
via 94de482 CVE-2015-5370: s3:rpc_client: remove useless frag_length check in rpc_api_pipe_got_pdu()
via f64f451 CVE-2015-5370: s3:rpc_client: move AS/U hack to the top of cli_pipe_validate_current_pdu()
via ac8910f CVE-2015-5370: librpc/rpc: add a dcerpc_verify_ncacn_packet_header() helper function
via d3bb3ef CVE-2015-5370: s4:librpc/rpc: finally verify the server uses the expected auth_{type,level,context_id} values
via e05c7dd CVE-2015-5370: s4:librpc/rpc: avoid using dcecli_security->auth_info and use per request values
via 23f4243 CVE-2015-5370: s4:librpc/rpc: simplify checks if gensec is used in dcerpc_ship_next_request()
via 33ee36e CVE-2015-5370: s4:librpc/rpc: avoid dereferencing sec->auth_info in dcerpc_request_prepare_vt()
via 245fc41 CVE-2015-5370: s4:librpc/rpc: always use ncacn_pull_request_auth() for DCERPC_PKT_RESPONSE pdus
via 4907895 CVE-2015-5370: s4:librpc/rpc: avoid using c->security_state.auth_info in ncacn_pull_request_auth()
via 7ee85d6 CVE-2015-5370: s4:librpc/rpc: avoid using hs->p->conn->security_state.auth_info in dcerpc_bh_auth_info()
via 25e48af CVE-2015-5370: s4:librpc/rpc: use a local auth_info variable in ncacn_push_request_sign()
via 3f447f6 CVE-2015-5370: s4:librpc/rpc: use auth_context_id = 1
via 32d8e05 CVE-2015-5370: s4:librpc/rpc: maintain dcecli_security->auth_{type,level,context_id}
via 4867460 CVE-2015-5370: s4:librpc/rpc: send a dcerpc_sec_verification_trailer if needed
via b095508 CVE-2015-5370: s3:librpc/rpc: don't call dcerpc_pull_auth_trailer() if auth_length is 0
via b77eab0 CVE-2015-5370: librpc/rpc: simplify and harden dcerpc_pull_auth_trailer()
via 22ab56d CVE-2015-5370: dcerpc.idl: add DCERPC_{NCACN_PAYLOAD,FRAG}_MAX_SIZE defines
via fa0d681 CVE-2016-2118: s3:rpc_server/samr: allow _samr_ValidatePassword only with PRIVACY...
via e675f63 CVE-2016-2118: s4:rpc_server/samr: allow _samr_ValidatePassword only with PRIVACY...
via f425bfd CVE-2016-2118: docs-xml: default "allow dcerpc auth level connect" to "no"
via 6750ffd CVE-2016-2118: s3:rpc_server/{epmapper,echo}: allow DCERPC_AUTH_LEVEL_CONNECT by default
via ba69e95 CVE-2016-2118: s3:rpc_server/{samr,lsa,netlogon}: reject DCERPC_AUTH_LEVEL_CONNECT by default
via 3133233 CVE-2016-2118: s3:rpc_server: make use of "allow dcerpc auth level connect"
via 2e4f09b CVE-2016-2118: s4:rpc_server/rpcecho: allow DCERPC_AUTH_LEVEL_CONNECT by default
via 36278e3 CVE-2016-2118: s4:rpc_server/mgmt: allow DCERPC_AUTH_LEVEL_CONNECT by default
via 4862ee5 CVE-2016-2118: s4:rpc_server/epmapper: allow DCERPC_AUTH_LEVEL_CONNECT by default
via 6568d5d CVE-2016-2118: s4:rpc_server/netlogon: reject DCERPC_AUTH_LEVEL_CONNECT by default
via 34969d6 CVE-2016-2118: s4:rpc_server/samr: reject DCERPC_AUTH_LEVEL_CONNECT by default
via c98143b CVE-2016-2118: s4:rpc_server/lsa: reject DCERPC_AUTH_LEVEL_CONNECT by default
via 1a3c82e CVE-2016-2118: s4:rpc_server: make use of "allow dcerpc auth level connect"
via 2e9824e CVE-2016-2118: docs-xml: add "allow dcerpc auth level connect" defaulting to "yes"
via d565761 CVE-2016-2118: s4:librpc: use integrity by default for authenticated binds
via 70ba7b0 CVE-2016-2118: librpc: change the default auth level from DCERPC_AUTH_LEVEL_CONNECT to DCERPC_AUTH_LEVEL_INTEGRITY
via 6142767 CVE-2016-2118: s3: rpcclient: change the default auth level from DCERPC_AUTH_LEVEL_CONNECT to DCERPC_AUTH_LEVEL_INTEGRITY
via be98e7e CVE-2016-2118: s4:rpc_server/dnsserver: require at least DCERPC_AUTH_LEVEL_INTEGRITY
via 5d4d8ec CVE-2016-2118: python:tests/dcerpc: use [sign] for dnsserver tests
via 778dab9 CVE-2016-2118: s4:rpc_server/backupkey: require DCERPC_AUTH_LEVEL_PRIVACY
via e1de6ec CVE-2016-2118: s4:rpc_server/drsuapi: require DCERPC_AUTH_LEVEL_PRIVACY
via 3502195 CVE-2016-2118: s4:rpc_server: make it possible to define a min_auth_level on a presentation context
via d8c3cf1 CVE-2016-2115: docs-xml: always default "client ipc signing" to "mandatory"
via e7ef30e CVE-2016-2115: s3:libsmb: use SMB_SIGNING_IPC_DEFAULT and lp_client_ipc_{min,max}_protocol()
via f76e6f9 CVE-2016-2115: s3:libnet: use SMB_SIGNING_IPC_DEFAULT
via 084b20e CVE-2016-2115: s3:auth_domain: use SMB_SIGNING_IPC_DEFAULT
via fdd2807 CVE-2016-2115: s3:lib/netapi: use SMB_SIGNING_IPC_DEFAULT
via 0422c64 CVE-2016-2115: net: use SMB_SIGNING_IPC_DEFAULT
via 80102ed CVE-2016-2115: s3:libsmb: let SMB_SIGNING_IPC_DEFAULT use "client ipc min/max protocol"
via afda479 CVE-2016-2115: s3:libsmb: add signing constant SMB_SIGNING_IPC_DEFAULT
via 1309832 CVE-2016-2115: s3:winbindd: use lp_client_ipc_signing()
via f1dea29 CVE-2016-2115: s3:winbindd: use lp_client_ipc_{min,max}_protocol()
via 2c62a54 CVE-2016-2115: s4:librpc/rpc: make use of "client ipc *" options for ncacn_np
via dbe7a43 CVE-2016-2115: s4:libcli/raw: pass the minprotocol to smb_raw_negotiate*()
via ee4f114 CVE-2016-2115: s4:libcli/raw: limit maxprotocol to NT1 in smb_raw_negotiate*()
via f3da02a CVE-2016-2115: s4:libcli/smb2: use the configured min_protocol
via 8466fe8 CVE-2016-2115: s4:libcli/raw: add smbcli_options.min_protocol
via 863d419 CVE-2016-2115: docs-xml: add "client ipc signing" option
via 39282d2 CVE-2016-2115: docs-xml: add "client ipc min protocol" and "client ipc max protocol" options
via 09a7576 CVE-2016-2114: docs-xml: let the "smb signing" documentation reflect the reality
via 2c3649c CVE-2016-2114: s3:smbd: enforce "server signing = mandatory"
via 0b05bc9 CVE-2016-2114: libcli/smb: let mandatory signing imply allowed signing
via cc8bbc3 CVE-2016-2114: s3:smbd: use the correct default values for "smb signing"
via 4177489 CVE-2016-2114: s4:smb2_server: fix session setup with required signing
via b2af10b CVE-2016-2113: docs-xml: let "tls verify peer" default to "as_strict_as_possible"
via 2ced06d CVE-2016-2113: selftest: use "tls verify peer = no_check"
via 5c94dfa CVE-2016-2113: selftest: test all "tls verify peer" combinations with ldaps
via 660dbb8 CVE-2016-2113: s4:librpc/rpc: verify the rpc_proxy certificate and hostname if configured
via a443abe CVE-2016-2113: s4:libcli/ldap: verify the server certificate and hostname if configured
via cd4b292 CVE-2016-2113: s4:selftest: explicitly use '--option="tlsverifypeer=no_check" for some ldaps tests
via 5ec881c CVE-2016-2113: docs-xml: add "tls verify peer" option defaulting to "no_check"
via 36ec246 CVE-2016-2113: s4:lib/tls: implement infrastructure to do peer verification
via 2d2ab58 CVE-2016-2113: s4:lib/tls: create better certificates and sign the host cert with the ca cert
via 6db65fb CVE-2016-2112: docs-xml: change the default of "ldap server require strong auth" to "yes"
via 5fbce21 CVE-2016-2112: s4:selftest: run some ldap test against ad_dc_ntvfs, fl2008r2dc and fl2003dc
via 39c169b CVE-2016-2112: selftest: servers with explicit "ldap server require strong auth" options
via d68c225 CVE-2016-2112: s4:selftest: run samba4.ldap.bind against fl2008r2dc
via f44664d CVE-2016-2112: s4:ldap_server: implement "ldap server require strong auth" option
via 8105ff1 CVE-2016-2112: docs-xml: add "ldap server require strong auth" option
via 483a926 CVE-2016-2112: s4:ldap_server: reduce scope of old_session_info variable
via 52ae0cc CVE-2016-2112: s4:selftest: use --option=clientldapsaslwrapping=plain for plain connections
via c4f9336 CVE-2016-2112: s4:libcli/ldap: auto upgrade to SIGN after STRONG_AUTH_REQUIRED
via 01acb21 CVE-2016-2112: s4:libcli/ldap: make sure we detect downgrade attacks
via 76b1826 CVE-2016-2112: s4:libcli/ldap: honour "client ldap sasl wrapping" option
via 187e32b CVE-2016-2112: s3:libads: make sure we detect downgrade attacks
via 0d2e185 CVE-2016-2111: docs-xml/smbdotconf: default "raw NTLMv2 auth" to "no"
via be45c4b CVE-2016-2111: selftest:Samba3: use "raw NTLMv2 auth = yes" for nt4_dc
via ae29971 CVE-2016-2111: s4:smb_server: implement "raw NTLMv2 auth" checks
via 560213f CVE-2016-2111: s3:auth: implement "raw NTLMv2 auth" checks
via 5d69272 CVE-2016-2111: docs-xml: add "raw NTLMv2 auth" defaulting to "yes"
via 7bad35b CVE-2016-2111: docs-xml: document the new "client NTLMv2 auth" and "client use spnego" interaction
via f5035af CVE-2016-2111: s3:libsmb: don't send a raw NTLMv2 response when we want to use spnego
via acd6697 CVE-2016-2111: s4:libcli: don't send a raw NTLMv2 response when we want to use spnego
via 7e5966f CVE-2016-2111: s4:param: use "client use spnego" to initialize options->use_spnego
via dc359da CVE-2016-2111: s4:libcli: don't allow the LANMAN2 session setup without "client lanman auth = yes"
via 379604a CVE-2016-2111: s4:torture/base: don't use ntlmv2 for dos connection in base.samba3error
via 7f303d7 CVE-2016-2111: s4:torture/raw: don't use ntlmv2 for dos connection in raw.samba3badpath
via b38d560 CVE-2016-2111: s3:rpc_server/netlogon: check NTLMv2_RESPONSE values for SEC_CHAN_WKSTA
via 54fef0f CVE-2016-2111: s4:rpc_server/netlogon: check NTLMv2_RESPONSE values for SEC_CHAN_WKSTA
via 8421d13 CVE-2016-2111: libcli/auth: add NTLMv2_RESPONSE_verify_netlogon_creds() helper function
via 80401c9 CVE-2016-2111: s4:torture/rpc: fix rpc.pac ntlmv2 test
via a193154 CVE-2016-2111: s4:torture/rpc: fix rpc.samba3.netlogon ntlmv2 test
via ab0e71b CVE-2016-2111: s3:rpc_server/netlogon: require DCERPC_AUTH_LEVEL_PRIVACY for validation level 6
via aaf3893 CVE-2016-2111: s4:rpc_server/netlogon: require DCERPC_AUTH_LEVEL_PRIVACY for validation level 6
via 1d33ade CVE-2016-2111: s3:rpc_server/netlogon: always go through netr_creds_server_step_check()
via d960002 CVE-2016-2111: s4:rpc_server: implement 'server schannel = yes' restriction
via e1101a6 CVE-2016-2111: auth/gensec: correctly report GENSEC_FEATURE_{SIGN,SEAL} in schannel_have_feature()
via 0654735 CVE-2016-2111: auth/gensec: require DCERPC_AUTH_LEVEL_INTEGRITY or higher in schannel_update()
via 861b86d CVE-2016-2110: auth/ntlmssp: implement new_spnego support including MIC generation (as client)
via 4956428 CVE-2016-2110: auth/ntlmssp: implement new_spnego support including MIC checking (as server)
via c5032e9 CVE-2016-2110: ntlmssp.idl: add NTLMSSP_MIC_{OFFSET,SIZE}
via d35bc35 CVE-2016-2110: libcli/auth: pass server_timestamp to SMBNTLMv2encrypt_hash()
via f77cf81 CVE-2016-2110: auth/credentials: pass server_timestamp to cli_credentials_get_ntlm_response()
via 95af5d9 CVE-2016-2110: auth/credentials: clear the LMv2 key for NTLMv2 in cli_credentials_get_ntlm_response()
via 769eec8 CVE-2016-2110: auth/ntlmssp: implement gensec_ntlmssp_may_reset_crypto()
via 6b0ee68 CVE-2016-2110: auth/ntlmssp: call ntlmssp_sign_init if we provide GENSEC_FEATURE_SIGN
via 6675796 CVE-2016-2110: auth/gensec: add gensec_may_reset_crypto() infrastructure
via ce87fef CVE-2016-2110: auth/gensec: require spnego mechListMIC exchange for new_spnego backends
via 6a56dd2 CVE-2016-2110: auth/gensec: fix the client side of a spnego downgrade
via 77d59f1 CVE-2016-2110: auth/gensec: fix the client side of a new_spnego exchange
via beb1f96 CVE-2016-2110: libcli/auth: add SPNEGO_REQUEST_MIC to enum spnego_negResult
via 3a934e1 CVE-2016-2110: libcli/auth: use enum spnego_negResult instead of uint8_t
via fc3582b CVE-2016-2110: winbindd: add new_spnego to the WINBINDD_CCACHE_NTLMAUTH response
via 03ccba7 CVE-2016-2110: auth/ntlmssp: let gensec_ntlmssp_client_start require NTLM2 (EXTENDED_SESSIONSECURITY) when using ntlmv2
via 45a1008 CVE-2016-2110: auth/ntlmssp: let gensec_ntlmssp_client_start require flags depending on the requested features
via 67787ff CVE-2016-2110: auth/ntlmssp: don't let ntlmssp_handle_neg_flags() change ntlmssp_state->use_ntlmv2
via 5b86a859 CVE-2016-2110: auth/ntlmssp: don't allow a downgrade from NTLMv2 to LM_AUTH
via e6e8da9 CVE-2016-2110: auth/ntlmssp: split allow_lm_response from allow_lm_key
via 00d1eaa9 CVE-2016-2110: auth/ntlmssp: maintain conf_flags and required_flags variables
via ebd79e5 CVE-2016-2110: auth/ntlmssp: let ntlmssp_handle_neg_flags() return NTSTATUS
via 1437724 s3:ntlm_auth: pass manage_squid_request() needs a valid struct ntlm_auth_state from within get_password()
via b4125aa s3:rpc_server/samr: correctly handle session_extract_session_key() failures
via 54cd107 s4:selftest: run rpc.netlogon.admin also over ncalrpc and ncacn_ip_tcp
via 40b3284 libads: Fix CID 1356316 Uninitialized pointer read
via 9af768f libsmb: Fix CID 1356312 Explicit null dereferenced
via 9f3ae00 s3-auth: check for return code of cli_credentials_set_machine_account().
via 1b646bb s4-smb_server: check for return code of cli_credentials_set_machine_account().
via 168b015 s4:rpc_server: require access to the machine account credentials
via cbeff28 auth/gensec: split out a gensec_verify_dcerpc_auth_level() function
via 2779ec8 auth/gensec: make sure gensec_security_by_auth_type() returns NULL for AUTH_TYPE_NONE
via 2c1fa78 s4:torture/rpc/schannel: don't use validation level 6 without privacy
via eef3a10 s4:torture/rpc: correctly use torture_skip() for test_ManyGetDCName() without NCACN_NP
via dba5783 s4:torture/rpc/samlogon: use DCERPC_SEAL for netr_LogonSamLogonEx and validation level 6
via 8dea510 s4:torture/rpc/samr: use DCERPC_SEAL in setup_schannel_netlogon_pipe()
via 10eda28 s4:torture/netlogon: add/use test_SetupCredentialsPipe() helper function
via 402d4ac s3:test_rpcclient_samlogon.sh: test samlogon with schannel
via ff65d5b s3:selftest: rpc.samr.passwords.validate should run with [seal] in order to be realistic
via 8b90698 selftest: setup information of new samba.example.com CA in the client environment
via 46fa417 selftest: set tls crlfile if it exist
via 5e62983 selftest: use Samba::prepare_keyblobs() and use the certs from the new CA
via 0e5d2dd selftest: add Samba::prepare_keyblobs() helper function
via 91d2c97 selftest: mark commands in manage-CA-samba.example.com.sh as DONE
via bbb66a9 selftest: add CA-samba.example.com (non-binary) files
via 6a09084 selftest: add config and script to create a samba.example.com CA
via 03479af selftest: add some helper scripts to mange a CA
via da66e65 selftest: s!addc.samba.example.com!addom.samba.example.com!
via df14c6a s4:rpc_server: dcesrv_generic_session_key should only work on local transports
via bb63122 s4:rpc_server/samr: hide a possible NO_USER_SESSION_KEY error
via 511dfb4 s4:librpc/rpc: dcerpc_generic_session_key() should only be available on local transports
via 934f731 s4:torture:samba3rpc: use an authenticated SMB connection and an anonymous DCERPC connection on top
via fe4cdee s4:selftest: run rpc.samr over ncacn_np instead of ncacn_ip_tcp
via 528db7f s4:torture: the backupkey tests need to use ncacn_np: for LSA calls
via b282ac7 s4:torture/rpc: do testjoin only via ncalrpc or ncacn_np
via 5a8126d s3:libsmb: remove unused functions in clispnego.c
via 506ac99 s3:libsmb: remove unused cli_session_setup_kerberos*() functions
via d1921c6 s3:libsmb: make use of cli_session_setup_gensec*() for Kerberos
via a167728 s3:libsmb: call cli_state_remote_realm() within cli_session_setup_spnego_send()
via a7f8e94 s3:libsmb: provide generic cli_session_setup_gensec_send/recv() pair
via 4b55e96 s3:libsmb: let cli_session_setup_ntlmssp*() use gensec_update_send/recv()
via 20c847f s3:libsmb: unused ntlmssp.c
via 7767d82 s3:libsmb: make use gensec based SPNEGO/NTLMSSP
via a16bbec s3:libads: make use of ads_sasl_spnego_gensec_bind() for GSS-SPNEGO with Kerberos
via 6507d6f s3:libads: keep service and hostname separately in ads_service_principal
via 1571a9f s3:libads: don't pass given_principal to ads_generate_service_principal() anymore.
via 8e7229d s3:libads: provide a generic ads_sasl_spnego_gensec_bind() function
via 468c68c s3:libads: make use of GENSEC_OID_SPNEGO in ads_sasl_spnego_ntlmssp_bind()
via ea56849 s3:libads: make use of GENSEC_FEATURE_LDAP_STYLE
via 52629ac s3:libads: add missing TALLOC_FREE(frame) in error path
via c5da725 s4:ldap_server: make use of GENSEC_FEATURE_LDAP_STYLE
via 0577097 s4:selftest: simplify the loops over samba4.ldb.ldap
via ff77277 s4:selftest: we don't need to run ldap test with --option=socket:testnonblock=true
via f74c031 s4:libcli/ldap: fix retry authentication after a bad password
via 2ace844 s4:libcli/ldap: make use of GENSEC_FEATURE_LDAP_STYLE
via 482555b auth/ntlmssp: remove ntlmssp_unwrap() fallback for LDAP
via 8f747f6 auth/ntlmssp: add more compat for GENSEC_FEATURE_LDAP_STYLE
via 2a496ba auth/ntlmssp: implement GENSEC_FEATURE_LDAP_STYLE
via eafd97e auth/gensec: add GENSEC_FEATURE_LDAP_STYLE define
via c9edc04 auth/ntlmssp: use ndr_push_AV_PAIR_LIST in gensec_ntlmssp_server_negotiate().
via 5c61712 librpc/ndr: add ndr_ntlmssp_find_av() helper function
via 92d7499 ntlmssp.idl: make AV_PAIR_LIST public
via e2e7ffe ntlmssp.idl: MsAvRestrictions is MsvAvSingleHost now
via 159be66 security.idl: add LSAP_TOKEN_INFO_INTEGRITY
via 62d31f6 auth/ntlmssp: use ntlmssp_version_blob() in the server
via 47cebc5 auth/ntlmssp: let the client always include NTLMSSP_NEGOTIATE_VERSION
via 423f193 auth/ntlmssp: add ntlmssp_version_blob()
via 28725ef auth/ntlmssp: don't send domain and workstation in the NEGOTIATE_MESSAGE
via 7494612 auth/ntlmssp: set NTLMSSP_ANONYMOUS for anonymous authentication
via 3adc8f5 auth/ntlmssp: define all client neg_flags in gensec_ntlmssp_client_start()
via 2e40c60 auth/ntlmssp: NTLMSSP_NEGOTIATE_VERSION is not a negotiated option
via 2663f44 auth/ntlmssp: split out a debug_ntlmssp_flags_raw() that's more complete
via 75bdf52 s3:ntlm_auth: also use gensec for "ntlmssp-client-1" and "gss-spnego-client"
via b57c0e7 winbindd: make use of ntlmssp_resume_ccache backend for WINBINDD_CCACHE_NTLMAUTH
via 8f69094 s3:auth_generic: add "ntlmssp_resume_ccache" backend in auth_generic_client_prepare()
via cb0719d auth/ntlmssp: implement GENSEC_FEATURE_NTLM_CCACHE
via 333e02b auth/gensec: add GENSEC_FEATURE_NTLM_CCACHE define
via 4e2e1f6 auth/ntlmssp: provide a "ntlmssp_resume_ccache" backend
via 4f94262 s3:ntlmssp: remove unused libsmb/ntlmssp_wrap.c
via 17d6b17 s3:auth_generic: make use of the top level NTLMSSP client code
via 6ed7942 winbindd: pass an memory context to do_ntlm_auth_with_stored_pw()
via eab2039 s3:tests/test_ntlm_auth_s3: test ntlmssp-client-1 with cached credentials
via 06e6d37 s3:torture/test_ntlm_auth.py: add --client-use-cached-creds option
via b8eabce s3:torture/test_ntlm_auth.py: replace tabs with whitespaces
via 6b766dc s3:ntlm_auth: fix --use-cached-creds with ntlmssp-client-1
via c6aef8c auth/ntlmssp: add gensec_ntlmssp_server_domain()
via 3d0fc91 auth/ntlmssp: keep ntlmssp_state->server.netbios_domain on the correct talloc context
via 76e22d9 s3:auth_generic: add auth_generic_client_start_by_sasl()
via 4f97bcb s3:auth_generic: add auth_generic_client_start_by_name()
via 1317625 auth/gensec: make gensec_security_by_name() public
via 967282e auth/gensec: handle gensec_security_by_sasl_name(NULL, ...)
via 7cad825 auth/gensec: keep a pointer to a possible child/sub gensec_security context
via 9e8749a s4:pygensec: make sig_size() and sign/check_packet() available
via 028c609 s3:librpc/gse: implement gensec_gse_max_{input,wrapped}_size()
via 8614c6c s3:librpc/gse: don't log gss_acquire_creds failed at level 0
via 1448dba s3:librpc/gse: correctly support GENSEC_FEATURE_SESSION_KEY
via 55b0f3c s3:librpc/gse: set GSS_KRB5_CRED_NO_CI_FLAGS_X in gse_init_client() if available
via b10c1db s3:librpc/gse: fix debug message in gse_init_client()
via 73f2fa6 s3:librpc/gse: make use of GSS_C_EMPTY_BUFFER in gse_init_client
via 26d4f25 wscript_configure_system_mitkrb5: add configure checks for GSS_KRB5_CRED_NO_CI_FLAGS_X
via 1a5f082 s3:libads: remove unused ads_connect_gc()
via 93332f4 s4:librpc/rpc: map alter context SEC_PKG_ERROR to NT_STATUS_LOGON_FAILURE
via d356450 librpc/rpc: add error mappings for NO_CALL_ACTIVE, OUT_OF_RESOURCES and BAD_STUB_DATA
via 6ea3642 dcerpc.idl: make WERROR RPC faults available in ndr_print output
via b6a1b04 epmapper.idl: make epm_twr_t available in python bindings
via 557fc14 s3:selftest: run samba3.blackbox.smbclient_auth.plain also with $SERVER_IPV6
via 338e1a9 s3:test_smbclient_auth.sh: test using the ip address in the unc path (incl. ipv6-literal.net)
via c51b125 lib/util_net: add support for .ipv6-literal.net
via b0c603c lib/util_net: move ipv6 linklocal handling into interpret_string_addr_internal()
via 84f8c9a spnego: Correctly check asn1_tag_remaining retval
via 4d73b84 s4:torture/ntlmssp fix a compiler warning
via 2e8f4c8 s4-torture: flesh out ntlmssp_AUTHENTICATE_MESSAGE_check().
via baa0a10 s4-torture: add ndr pullpush validation for NTLMSSP CHALLENGE and AUTHENTICATE messages.
via f39d6d4 s4-torture: flesh out ntlmssp_CHALLENGE_MESSAGE_check().
via dd6b293 s4-torture: activate testing of CHALLENGE and AUTHENTICATE ntlmssp messages.
via 98466ff s4-torture: fill in ntlmssp_NEGOTIATE_MESSAGE_check().
via b1f72ca ntlmssp: when pulling messages it is important to clear memory first.
via 3b93cf0 ntlmssp: properly document version defines in IDL (from MS-NLMP).
via 9ed62a3 ntlmssp: fix copy/paste typo in CHALLENGE_MESSAGE in IDL.
via 0c1671a ntlmssp: add some missing defines from MS-NLMP to our IDL.
via 2a33a44 VERSION: Bump version up to 4.0.1...
from 30812c4 VERSION: Set version to 4.4.0...
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-4-stable
- Log -----------------------------------------------------------------
commit 71de9213a6e0bdff902ca9dca1d39d9c2e1c5020
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Apr 11 09:18:51 2016 +0200
VERSION: Disable git snapshots for the 4.4.2 release.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 370b3dd84435e0bb4d337c53f0ff134594bdc524
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Apr 11 09:07:39 2016 +0200
WHATSNEW: Add release notes for Samba 4.4.2.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11744
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
commit 87fb3b8f61d2b48e4aad4d62d0305f49a4a05dc3
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Apr 8 10:05:38 2016 +0200
s3:libads: sasl wrapped LDAP connections against with kerberos and arcfour-hmac-md5
This fixes a regression in commit 2cb07ba50decdfd6d08271cd2b3d893ff95f5af9
(s3:libads: make use of ads_sasl_spnego_gensec_bind() for GSS-SPNEGO with Kerberos)
that prevents things like 'net ads join' from working against a Windows 2003 domain.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit bfc952521f209aef04d1892dc0569d2b65dc091e
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Apr 8 13:55:33 2016 +0200
VERSION: Bump version up to 4.4.2...
and re-enable git snapshots.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit c8180d1f65fe205e8847b08355622e8cec162a1d
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Mar 29 14:55:19 2016 +0200
VERSION: Disable git snapshots for the 4.4.1 release.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit bd94b8623fc486c787ca85d386712ac862ca965a
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Mar 29 00:26:48 2016 +0200
WHATSNEW: Add release notes for Samba 4.4.1.
o CVE-2015-5370 (Multiple errors in DCE-RPC code)
o CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP)
o CVE-2016-2111 (NETLOGON Spoofing Vulnerability)
o CVE-2016-2112 (LDAP client and server don't enforce integrity)
o CVE-2016-2113 (Missing TLS certificate validation)
o CVE-2016-2114 ("server signing = mandatory" not enforced)
o CVE-2016-2115 (SMB IPC traffic is not integrity protected)
o CVE-2016-2118 (SAMR and LSA man in the middle attacks possible)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11744
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 13e3e81de8eb7c18b873bbdf0d00691429ea6dff
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 21:05:53 2015 +0200
CVE-2015-5370: s4:selftest: run samba.tests.dcerpc.raw_protocol against ad_dc
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 2c6f01dd6668d97b522c76d3d489582c6b479bed
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Mar 26 22:42:19 2014 +0100
CVE-2015-5370: python/samba/tests: add some dcerpc raw_protocol tests
These are independent from our client library and allow
testing of invalid pdus.
It can be used like this in standalone mode:
SMB_CONF_PATH=/dev/null SERVER=172.31.9.188 python/samba/tests/dcerpc/raw_protocol.py
or
SMB_CONF_PATH=/dev/null SERVER=172.31.9.188 python/samba/tests/dcerpc/raw_protocol.py -v -f TestDCERPC_BIND.test_invalid_auth_noctx
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 78b84d56839d1636436e39750a816bd4f74ac8b2
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Mar 26 22:42:19 2014 +0100
CVE-2015-5370: python/samba/tests: add infrastructure to do raw protocol tests for DCERPC
These are independent from our client library and allow
testing of invalid pdus.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 9d953e266951443ffb35e6ab24048839998296f4
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 22 21:13:41 2015 +0100
CVE-2015-5370: s4:librpc/rpc: call dcerpc_connection_dead() on protocol errors
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 4a496d3b22bcb79a1458a7cc7d0b3d995338c237
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 22 21:23:14 2015 +0100
CVE-2015-5370: s3:rpc_client: disconnect connection on protocol errors
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 45a24456325d57c359f9591f141f3d3c100a7f90
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 23 11:05:45 2015 +0100
CVE-2015-5370: libcli/smb: use a max timeout of 1 second in tstream_smbXcli_np_destructor()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit b65429f71c87a5a5279a170d4c26ccd57fb2f6d3
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jul 8 00:01:37 2015 +0200
CVE-2015-5370: s3:rpc_server: verify auth_context_id in api_pipe_{bind_auth3,alter_context}
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 97a081142d9ea0477fdeee5ad9642606a38951cb
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 7 22:51:18 2015 +0200
CVE-2015-5370: s3:rpc_client: verify auth_context_id in rpc_pipe_bind_step_one_done()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 49379e498c885f998d0a1ed75374f6c2b78edc97
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jul 8 00:01:37 2015 +0200
CVE-2015-5370: s3:librpc/rpc: verify auth_context_id in dcerpc_check_auth()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 518f8bba579022a95e4b252b7d6f1421797705f6
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jul 8 00:01:37 2015 +0200
CVE-2015-5370: s3:librpc/rpc: make use of auth->auth_context_id in dcerpc_add_auth_footer()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit a663ad5e255d3b0a14960b7d3da5e6d63829e397
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jul 8 00:01:37 2015 +0200
CVE-2015-5370: s3:rpc_server: make use of pipe_auth_data->auth_context_id
This is better than using hardcoded values.
We need to use the value the client used in the BIND request.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit a3fc86d3912078c445a933d167b4aff63bdeff37
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jul 8 00:01:37 2015 +0200
CVE-2015-5370: s3:rpc_client: make use of pipe_auth_data->auth_context_id
This is better than using hardcoded values.
We need to use auth_context_id = 1 for authenticated
connections, as old Samba server (before this patchset)
will use a hardcoded value of 1.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 6d509e3e7517c1de73818695ef79b42aa7d0e6bb
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jul 8 00:01:37 2015 +0200
CVE-2015-5370: s3:librpc/rpc: add auth_context_id to struct pipe_auth_data
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 57d5a84f3b61f1baceb2a634f575cdb6c53d74bb
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jul 8 00:01:37 2015 +0200
CVE-2015-5370: s3:rpc_client: pass struct pipe_auth_data to create_rpc_{bind_auth3,alter_context}()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit e84519d2044a098ea66886633458be1ff8aaabdf
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 7 13:05:01 2015 +0200
CVE-2015-5370: s3:rpc_server: don't allow an existing context to be changed in check_bind_req()
An alter context can't change the syntax of an existing context,
a new context_id will be used for that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 6fd27147684197ab1dc66fcdf95c5a094ae9ace0
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 7 13:05:01 2015 +0200
CVE-2015-5370: s3:rpc_server: check the transfer syntax in check_bind_req() first
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 7b902c397a248b1fe4fa05df6229c633e796191f
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jul 11 10:58:07 2015 +0200
CVE-2015-5370: s3:librpc/rpc: remove unused dcerpc_pull_dcerpc_auth()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 5cfe5ec17c1ea07711b19bc301ccb0e603cc3656
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 23 12:38:55 2015 +0100
CVE-2015-5370: s3:rpc_server: use DCERPC_NCA_S_PROTO_ERROR FAULTs for protocol errors
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit a9c46e84a17e7f68c54aa3c66f0637c770e21655
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 23 12:38:55 2015 +0100
CVE-2015-5370: s3:rpc_server: let a failing BIND mark the connection as broken
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 9c2592f4046319e70e60012810ff004bb544611f
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 23 12:40:58 2015 +0100
CVE-2015-5370: s3:rpc_server: disconnect the connection after a fatal FAULT pdu
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 64564081b2768543dadd8fc4494e77658ecfc513
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 7 16:06:59 2015 +0200
CVE-2015-5370: s3:rpc_server: make use of dcerpc_verify_ncacn_packet_header() to verify incoming pdus
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit d2c964f6caa0bc7a8afc74c523673418d3ff791a
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 7 16:06:59 2015 +0200
CVE-2015-5370: s3:rpc_server: verify presentation context arrays
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 218bd4a2dcb5a607737ba4f911e4d2388522c599
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 7 16:06:59 2015 +0200
CVE-2015-5370: s3:rpc_server: use 'alter' instead of 'bind' for variables in api_pipe_alter_context()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 5148a264e12e0cb74e0dd38af86549be342dd432
Author: Jeremy Allison <jra at samba.org>
Date: Tue Jul 7 09:15:39 2015 +0200
CVE-2015-5370: s3:rpc_server: ensure that the message ordering doesn't violate the spec
The first pdu is always a BIND.
REQUEST pdus are only allowed once the authentication
is finished.
A simple anonymous authentication is finished after the BIND.
Real authentication may need additional ALTER or AUTH3 exchanges.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 198ecf4f17897bfd38e6e976405fd19e826d0646
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 7 13:05:01 2015 +0200
CVE-2015-5370: s3:rpc_server: make sure auth_level isn't changed by alter_context or auth3
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit bf4a7165251c2229ea65d5b3e75af77da1f91fec
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 14 16:18:45 2015 +0200
CVE-2015-5370: s3:rpc_server: let a failing auth3 mark the authentication as invalid
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 087b363efd45a6c0f8549bae9c8e8543b392a911
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 7 13:05:01 2015 +0200
CVE-2015-5370: s3:rpc_server: don't allow auth3 if the authentication was already finished
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit e6cdac436a0d53f6b94804fc2c2d189a8c105f50
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 7 13:05:01 2015 +0200
CVE-2015-5370: s3:rpc_server: don't ignore failures of dcerpc_push_ncacn_packet()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 56014f6d04717194611c24d9d2934c7774619cb9
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 7 13:05:01 2015 +0200
CVE-2015-5370: s3:rpc_server: just call pipe_auth_generic_bind() in api_pipe_bind_req()
pipe_auth_generic_bind() does all the required checks already
and an explicit DCERPC_AUTH_TYPE_NONE is not supported.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 8c7d8c82a8bc0fe41891832b371fdf1abb428402
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 23 12:38:55 2015 +0100
CVE-2015-5370: s3:rpc_server: let a failing sec_verification_trailer mark the connection as broken
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 4c51c89ca3ab74ea95ce3bbabea47c89ae12dc3e
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 7 13:05:01 2015 +0200
CVE-2015-5370: s3:rpc_server: make use of dcerpc_pull_auth_trailer() in api_pipe_{bind_req,alter_context,bind_auth3}()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 5c495ab1e62b64cc2899725eb908b08e351753d9
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 7 22:51:18 2015 +0200
CVE-2015-5370: s3:rpc_client: verify auth_{type,level} in rpc_pipe_bind_step_one_done()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit f4ef85fd47b6176d6133fb1aa04cff1541314191
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jul 10 14:48:38 2015 +0200
CVE-2015-5370: s3:rpc_client: protect rpc_api_pipe_got_pdu() against too large payloads
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 654d8a5d12129e085ce1122a70c6ddd1b6b5dd36
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 7 13:05:01 2015 +0200
CVE-2015-5370: s3:rpc_client: make use of dcerpc_verify_ncacn_packet_header() in cli_pipe_validate_current_pdu()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit dfab4826348473cda626016df1268f4bd2667929
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 7 13:05:01 2015 +0200
CVE-2015-5370: s3:rpc_client: make use of dcerpc_pull_auth_trailer()
The does much more validation than dcerpc_pull_dcerpc_auth().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 569781f85853f2fdb8efcbe30048baaaeb23e1f8
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jul 9 07:59:24 2015 +0200
CVE-2015-5370: s3:librpc/rpc: let dcerpc_check_auth() auth_{type,level} against the expected values.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit dd2c27082e620407c6effdaae5b84d94eea68918
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jul 9 07:59:24 2015 +0200
CVE-2015-5370: s3:librpc/rpc: remove auth trailer and possible padding within dcerpc_check_auth()
This simplifies the callers a lot.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit b1b538a2c41f3327f979352d9e292931ff5f84ec
Author: Stefan Metzmacher <metze at samba.org>
Date: Sun Jun 28 01:19:57 2015 +0200
CVE-2015-5370: librpc/rpc: don't allow pkt->auth_length == 0 in dcerpc_pull_auth_trailer()
All callers should have already checked that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit ddd4d03be2751ecfa890e889925a10352b6b61b0
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jul 15 10:18:13 2015 +0200
CVE-2015-5370: s4:rpc_server: reject DCERPC_PFC_FLAG_PENDING_CANCEL with DCERPC_FAULT_NO_CALL_ACTIVE
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 7e682ed7f12ec07608dc7cdc5a2cebf3ee0c3000
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jul 15 10:18:13 2015 +0200
CVE-2015-5370: s4:rpc_server: the assoc_group is relative to the connection (association)
All presentation contexts of a connection use the same association group.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 9625f9173f6fd327bff46dff6d6dea7fd16c8a29
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jul 17 05:01:26 2015 +0200
CVE-2015-5370: s4:rpc_server: only allow one fragmented call_id at a time
It's a protocol error if the client doesn't send all fragments of
a request in one go.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 2fd10be6be632f4ca7c063036814712a8d0fcd73
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Jun 29 14:18:09 2015 +0200
CVE-2015-5370: s4:rpc_server: limit allocation and alloc_hint to 4 MByte
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit d1ffe41f058f2e7d21f407aeb61dc012cdc0729e
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jul 15 17:21:05 2015 +0200
CVE-2015-5370: s4:rpc_server: check frag_length for requests
Note this is not the negotiated fragment size, but a hardcoded maximum.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 74347a4d8811caea3ccddc498896e84bf4499c03
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jul 10 13:55:27 2015 +0200
CVE-2015-5370: s4:rpc_server: give the correct reject reasons for invalid auth_level values
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit d7af609b58fb926e4e9026039a22914d44d896df
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: disconnect after a failing dcesrv_auth_request()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit a3008ec93b67a088c38643848268255fbaab1904
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 14 16:18:45 2015 +0200
CVE-2015-5370: s4:rpc_server: let a failing auth3 mark the authentication as invalid
Following requests will generate a fault with ACCESS_DENIED.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 6a9b4ca5cb11c4398c06d6f65953510217cf20e1
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: failing authentication should generate a SEC_PKG_ERROR
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 9e86b0964137851b3081973e3c8879a868b6a2f1
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: fix the order of error checking in dcesrv_alter()
The basically matches Windows 2012R2, it's not 100%
but it's enough for our raw protocol tests to pass.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 3d075a4e3df6267d168e3f0cc4f5ce6845c6a573
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: changing an existing presentation context via alter_context is a protocol error
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit cace6273fc93e5c6a790ceb1a9438bfbf3485539
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: don't derefence an empty ctx_list array in dcesrv_alter()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit bf333e99c60d3c7a7af1c0b8fd01eb35c37ed027
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: remove pointless dcesrv_find_context() from dcesrv_bind()
BIND is the first pdu, which means the list of contexts is always empty.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit e3775dbf0a1cb3db3c747e0ba25fdf886aa8d8c2
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: let invalid request fragments disconnect the connection with a protocol error
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit e365d1601bf24dc85099247c3806bc31683da18b
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: make sure alter_context and auth3 can't change auth_{type,level,context_id}
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit af03332e8deafee514d3b573bbe99064d60338cf
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: maintain in and out struct dcerpc_auth per dcesrv_call_state
We should not use one "global" per connection variable to hold the
incoming and outgoing auth_info.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 503d08d971343659762566daebccfe23ea83e183
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: ensure that the message ordering doesn't violate the spec
The first pdu is always a BIND.
REQUEST pdus are only allowed once the authentication
is finished.
A simple anonymous authentication is finished after the BIND.
Real authentication may need additional ALTER or AUTH3 exchanges.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 75d9b583f029f8bdf1fba70c03330da82fae645f
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: verify the protocol headers before processing pdus
On protocol errors we should send BIND_NAK or FAULT and mark the
connection as to be terminated.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit e3c1c206909a8f2ec4b9fe64ba7b40fa52c8be76
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: add infrastructure to terminate a connection after a response
BIND_NAK or FAULT may mark a connection as to be terminated.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit b5d0de4016fc215f7c8d775728b19d0106fdb1f5
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: make dcesrv_process_ncacn_packet() static
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit c8a1adb147ccb2666148503b34edaa7b37d17add
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: return the correct secondary_address in dcesrv_bind()
For now we still force \\PIPE\\ in upper case, we may be able to remove
this and change it in our idl files later. But for now we better
behave like a windows server without changing too much.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit a689216225bd249a1f725825eefe25e3f315af12
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: add some padding to dcesrv_bind_nak() responses
This matches Windows 2012R2.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit eb16dfae9f1d4c7211407d2111ae9904f930b6c0
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: split out a dcesrv_fault_with_flags() helper function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 448435a24dcaebec517bf26d817053c045e58eff
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: fill context_id in dcesrv_fault()
This depends on the type of the incoming pdu.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 7c2984ad5e4d43b35f1d4b62ae683c519e99482d
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: set alloc_hint = 24 in dcesrv_fault()
This matches a Windows 2012R2 server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit f9ed1a9c14c9175ae490736f4587fda38a1c32de
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: avoid ZERO_STRUCT() in dcesrv_fault()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 83d93a871b44f38f415e08b685581148c5e3da9e
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: correctly maintain dcesrv_connection->max_{recv,xmit}_frag
These values are controlled by the client but only in a range between
2048 and 5840 (including these values in 8 byte steps).
recv and xmit result always in same min value.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 08ec7e73a465024fbdadd4d5fcf15b2135dc4252
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server/netlogon: make use of dce_call->conn->auth_state.auth_{level,type}
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 62f8a5487fabf08e425aee013b5f8edaa2171058
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server/samr: make use of dce_call->conn->auth_state.auth_level
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 8ad4695bf103ce59b3939601a4b1b47cd75f3a5b
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server/lsa: make use of dce_call->conn->auth_state.auth_{level,type}
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 1ed3e2605ee7f2c2ab337b275b3f25a11760aeea
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Mar 10 16:02:31 2016 +0100
CVE-2015-5370: s4:rpc_server: make use of dce_call->conn->auth_state.auth_* in dcesrv_request()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit dc158708d51e879527c449007ea73cdecca89848
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Jun 29 11:03:58 2015 +0200
CVE-2015-5370: s4:rpc_server: maintain dcesrv_auth->auth_{type,level,context_id}
This will simplify checks in the following commits and avoids
derefencing dcesrv_auth->auth_info which is not always arround.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 58b1cdf6d41ebb46c1676111c1bd30e14fcad406
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: check the result of dcerpc_pull_auth_trailer() in dcesrv_auth_bind()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 83327148d44df920d6cf80bf4fffc5c6e04b8fee
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: no authentication is indicated by pkt->auth_length == 0
pkt->u.*.auth_info.length is not the correct thing to check.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit b0349be0ec2f0ba743a0f0ae4b1d37dd64319110
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: make use of talloc_zero()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 7f348a7dda892a05bb2ea8f7ef206fd7b1e46e59
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jul 10 14:08:46 2015 +0200
CVE-2015-5370: s4:librpc/rpc: protect dcerpc_request_recv_data() against too large payloads
We should only allow a combined payload of a response of at max 4 MBytes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 50fc6389b68ea63a3cedf31f18232103d9b0279c
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jun 27 10:31:48 2015 +0200
CVE-2015-5370: s4:librpc/rpc: use dcerpc_verify_ncacn_packet_header() to verify BIND_ACK,ALTER_RESP,RESPONSE pdus
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit a96543eb7976c451b563e3c7430f78d6a9a752b7
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jun 27 10:31:48 2015 +0200
CVE-2015-5370: s4:librpc/rpc: handle DCERPC_PKT_FAULT before anything else in dcerpc_alter_context_recv_handler()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit f89c218477e7a14a6558b780eb581957a168b8d3
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jun 27 10:31:48 2015 +0200
CVE-2015-5370: s4:librpc/rpc: make use of dcerpc_map_ack_reason() in dcerpc_bind_recv_handler()
This should give better error messages if the server doesn't support
a specific abstract/transfer syntax.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 94de482c06f859bb7fbf18e95fc71958b08c9b4b
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 7 13:05:01 2015 +0200
CVE-2015-5370: s3:rpc_client: remove useless frag_length check in rpc_api_pipe_got_pdu()
dcerpc_pull_ncacn_packet() already verifies this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit f64f451f5ccad742e59ca47f33900d39162602a9
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 7 13:05:01 2015 +0200
CVE-2015-5370: s3:rpc_client: move AS/U hack to the top of cli_pipe_validate_current_pdu()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit ac8910fb696227cfd31e013fa4c5c5e7be710879
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: librpc/rpc: add a dcerpc_verify_ncacn_packet_header() helper function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit d3bb3efae18450fa19187d05b689a0776076eb15
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jun 27 10:31:48 2015 +0200
CVE-2015-5370: s4:librpc/rpc: finally verify the server uses the expected auth_{type,level,context_id} values
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit e05c7dd9116e43a6c2aa99f439a3e2426ca8efe0
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jun 27 10:31:48 2015 +0200
CVE-2015-5370: s4:librpc/rpc: avoid using dcecli_security->auth_info and use per request values
We now avoid reusing the same auth_info structure for incoming and outgoing
values. We need to make sure that the remote server doesn't overwrite our own
values.
This will trigger some failures with our currently broken server,
which will be fixed in the next commits.
The broken server requires an dcerpc_auth structure with no credentials
in order to do an alter_context request that just creates a presentation
context without doing authentication.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 23f424349654eb55b0405b4e677bd611adc9e903
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jun 27 10:31:48 2015 +0200
CVE-2015-5370: s4:librpc/rpc: simplify checks if gensec is used in dcerpc_ship_next_request()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 33ee36eba6693b9c56202a2fd0b39453b75cb96f
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jun 27 10:31:48 2015 +0200
CVE-2015-5370: s4:librpc/rpc: avoid dereferencing sec->auth_info in dcerpc_request_prepare_vt()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 245fc412d622087e4738a73873de5ee7688ab444
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jun 27 10:31:48 2015 +0200
CVE-2015-5370: s4:librpc/rpc: always use ncacn_pull_request_auth() for DCERPC_PKT_RESPONSE pdus
It handles the case of DCERPC_AUTH_TYPE_NONE just fine and it makes it
possible to do some verification in future.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 490789502b56745490c7a9aa72a110e8889c6697
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jun 27 10:31:48 2015 +0200
CVE-2015-5370: s4:librpc/rpc: avoid using c->security_state.auth_info in ncacn_pull_request_auth()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 7ee85d6ead80213f03c98e84608ad9ca3ed1d47c
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jun 27 10:31:48 2015 +0200
CVE-2015-5370: s4:librpc/rpc: avoid using hs->p->conn->security_state.auth_info in dcerpc_bh_auth_info()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 25e48af0ff22baae95be864851a69e3098fdbc80
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jun 27 10:31:48 2015 +0200
CVE-2015-5370: s4:librpc/rpc: use a local auth_info variable in ncacn_push_request_sign()
We should avoid using the global dcecli_security->auth_info struct for
individual requests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 3f447f696cd7b8329f873ea30268e9143516b177
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jun 27 10:31:48 2015 +0200
CVE-2015-5370: s4:librpc/rpc: use auth_context_id = 1
In future we want to verify that the auth_context_id from the server
is what we expect.
As Samba (<= 4.2.3) use a hardcoded value of 1 in responses, we
need to use that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 32d8e050d75e049e813eb4ce489b01f5cba5a77f
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jun 27 10:31:48 2015 +0200
CVE-2015-5370: s4:librpc/rpc: maintain dcecli_security->auth_{type,level,context_id}
This will simplify the following commits and avoids dereferencing
dcecli_security->auth_info.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 4867460e76d1a2b20ebf4d6a943f8fb0627eb33d
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jul 8 16:25:48 2015 +0200
CVE-2015-5370: s4:librpc/rpc: send a dcerpc_sec_verification_trailer if needed
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit b0955089db1d6f5ab7b9ed2fff90d4f7df7d46f1
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Jun 29 10:24:45 2015 +0200
CVE-2015-5370: s3:librpc/rpc: don't call dcerpc_pull_auth_trailer() if auth_length is 0
All other paranoia checks are done within dcerpc_pull_auth_trailer()
now.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit b77eab06ebdb0e1667a4639329848139ab9f3aeb
Author: Stefan Metzmacher <metze at samba.org>
Date: Sun Jun 28 01:19:57 2015 +0200
CVE-2015-5370: librpc/rpc: simplify and harden dcerpc_pull_auth_trailer()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 22ab56d56e34d38156ade3d15716d8f03bc566f7
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jul 16 22:46:05 2015 +0200
CVE-2015-5370: dcerpc.idl: add DCERPC_{NCACN_PAYLOAD,FRAG}_MAX_SIZE defines
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit fa0d68159907b0dedd6d03d7bb93f5dc18f22e86
Author: Stefan Metzmacher <metze at samba.org>
Date: Sun Feb 28 22:48:11 2016 +0100
CVE-2016-2118: s3:rpc_server/samr: allow _samr_ValidatePassword only with PRIVACY...
This requires transport encryption.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit e675f63787ded2fdf61a19b202debeece58edd64
Author: Stefan Metzmacher <metze at samba.org>
Date: Sun Feb 28 22:48:11 2016 +0100
CVE-2016-2118: s4:rpc_server/samr: allow _samr_ValidatePassword only with PRIVACY...
This requires transport encryption.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit f425bfde8b2ceda1975b0e75247a875ef5034a71
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Mar 10 17:03:59 2016 +0100
CVE-2016-2118: docs-xml: default "allow dcerpc auth level connect" to "no"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit 6750ffd8cd362fdbdd958375f73c94f63b27c146
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Mar 26 08:47:42 2016 +0100
CVE-2016-2118: s3:rpc_server/{epmapper,echo}: allow DCERPC_AUTH_LEVEL_CONNECT by default
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit ba69e95b3f2200162074126b51acdb0df3e921a8
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 7 09:50:30 2015 +0200
CVE-2016-2118: s3:rpc_server/{samr,lsa,netlogon}: reject DCERPC_AUTH_LEVEL_CONNECT by default
This prevents man in the middle downgrade attacks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
Pair-Programmed-With: Günther Deschner <gd at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Günther Deschner <gd at samba.org>
commit 31332331b882b338e2a6045707eb6d6f04b04c5a
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 18 04:40:30 2016 +0100
CVE-2016-2118: s3:rpc_server: make use of "allow dcerpc auth level connect"
With this option turned off we only allow DCERPC_AUTH_LEVEL_{NONE,INTEGRITY,PRIVACY},
this means the reject any request with AUTH_LEVEL_CONNECT with ACCESS_DENIED.
We sadly need to keep this enabled by default for now.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
Pair-Programmed-With: Günther Deschner <gd at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Günther Deschner <gd at samba.org>
commit 2e4f09bf48978901da600210d486657cca4158a6
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Mar 26 19:19:04 2016 +0100
CVE-2016-2118: s4:rpc_server/rpcecho: allow DCERPC_AUTH_LEVEL_CONNECT by default
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit 36278e38efa2bbe483b9e51b83b660983a2b948d
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Mar 26 19:18:42 2016 +0100
CVE-2016-2118: s4:rpc_server/mgmt: allow DCERPC_AUTH_LEVEL_CONNECT by default
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit 4862ee5f2046a7c00831afdc6e268469ddec7ad3
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Mar 26 19:17:40 2016 +0100
CVE-2016-2118: s4:rpc_server/epmapper: allow DCERPC_AUTH_LEVEL_CONNECT by default
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit 6568d5d4019a071f0fc1cb782f433a9961e91dc3
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 7 13:52:48 2015 +0200
CVE-2016-2118: s4:rpc_server/netlogon: reject DCERPC_AUTH_LEVEL_CONNECT by default
This prevents man in the middle downgrade attacks.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 34969d66f8854c836639996cea4d2f47d95dfd9e
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 7 09:50:30 2015 +0200
CVE-2016-2118: s4:rpc_server/samr: reject DCERPC_AUTH_LEVEL_CONNECT by default
This prevents man in the middle downgrade attacks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit c98143bb1a9f11de08dacbbba1e69d9b5fced988
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 7 09:50:30 2015 +0200
CVE-2016-2118: s4:rpc_server/lsa: reject DCERPC_AUTH_LEVEL_CONNECT by default
This prevents man in the middle downgrade attacks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 1a3c82eab26c72c5631c437f7b06e4965ce00048
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Mar 10 02:46:59 2016 +0100
CVE-2016-2118: s4:rpc_server: make use of "allow dcerpc auth level connect"
With this option turned off we only allow DCERPC_AUTH_LEVEL_{NONE,INTEGRITY,PRIVACY},
this means the reject any request with AUTH_LEVEL_CONNECT with ACCESS_DENIED.
We sadly need to keep this enabled by default for now.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 2e9824e96e961bf3b7b776a7a5fed4f2439ae067
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Mar 10 17:03:59 2016 +0100
CVE-2016-2118: docs-xml: add "allow dcerpc auth level connect" defaulting to "yes"
We sadly need to allow this for now by default.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit d565761ff3438326a06a929b483e081bd03717e4
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 11 16:02:25 2016 +0100
CVE-2016-2118: s4:librpc: use integrity by default for authenticated binds
ncacn_ip_tcp:server should get the same protection as ncacn_np:server
if authentication and smb signing is used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 70ba7b0d4460c5e927ede5ceffa49462bf6faae7
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 15 14:49:36 2015 +0100
CVE-2016-2118: librpc: change the default auth level from DCERPC_AUTH_LEVEL_CONNECT to DCERPC_AUTH_LEVEL_INTEGRITY
ncacn_ip_tcp:server should get the same protection as ncacn_np:server
if authentication and smb signing is used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 6142767917a4d95dd6310857edf5dba999dc5dbc
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 15 14:49:36 2015 +0100
CVE-2016-2118: s3: rpcclient: change the default auth level from DCERPC_AUTH_LEVEL_CONNECT to DCERPC_AUTH_LEVEL_INTEGRITY
ncacn_ip_tcp:server should get the same protection as ncacn_np:server
if authentication and smb signing is used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit be98e7ec130a67f5624a073717d5c9e4640f01b6
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Mar 10 04:06:04 2016 +0100
CVE-2016-2118: s4:rpc_server/dnsserver: require at least DCERPC_AUTH_LEVEL_INTEGRITY
This matches windows and prevents man in the middle downgrade attacks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 5d4d8ecfbce4cf9065a72aed08638e34ca167c51
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Mar 14 22:15:00 2016 +0100
CVE-2016-2118: python:tests/dcerpc: use [sign] for dnsserver tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 778dab905617a3c9d0eb4097b2357d6e568ac745
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 14 09:13:00 2015 +0200
CVE-2016-2118: s4:rpc_server/backupkey: require DCERPC_AUTH_LEVEL_PRIVACY
This is required for the whole interface (which has just one opnum for now).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit e1de6ec2db283cd5d079480c6399a390b0f8a303
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 14 09:13:00 2015 +0200
CVE-2016-2118: s4:rpc_server/drsuapi: require DCERPC_AUTH_LEVEL_PRIVACY
This matches windows and prevents man in the middle downgrade attacks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 35021952e35f9a922f973b349c3e85cfe7ab6065
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 14 09:12:18 2015 +0200
CVE-2016-2118: s4:rpc_server: make it possible to define a min_auth_level on a presentation context
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit d8c3cf12859e43117a628c760f846cb830d1f1a5
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Mar 15 23:52:30 2016 +0100
CVE-2016-2115: docs-xml: always default "client ipc signing" to "mandatory"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit e7ef30e8bfb54e8f53b56b6594e7b80f196bab4a
Author: Ralph Boehme <slow at samba.org>
Date: Wed Dec 16 10:04:35 2015 +0100
CVE-2016-2115: s3:libsmb: use SMB_SIGNING_IPC_DEFAULT and lp_client_ipc_{min,max}_protocol()
Use SMB_SIGNING_IPC_DEFAULT and lp_client_ipc_{min,max}_protocol() for RPC connections.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit f76e6f9625b853d706cec5b8af88000cf129d77e
Author: Ralph Boehme <slow at samba.org>
Date: Wed Dec 16 10:03:52 2015 +0100
CVE-2016-2115: s3:libnet: use SMB_SIGNING_IPC_DEFAULT
Use SMB_SIGNING_IPC_DEFAULT for RPC connections.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 084b20ea907e16914c0a9fb0e2d42ce472395dae
Author: Ralph Boehme <slow at samba.org>
Date: Wed Dec 16 10:03:13 2015 +0100
CVE-2016-2115: s3:auth_domain: use SMB_SIGNING_IPC_DEFAULT
Use SMB_SIGNING_IPC_DEFAULT for RPC connections.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit fdd2807afe8da9bccda872db8b57ed747216311d
Author: Ralph Boehme <slow at samba.org>
Date: Wed Dec 16 10:01:59 2015 +0100
CVE-2016-2115: s3:lib/netapi: use SMB_SIGNING_IPC_DEFAULT
Use SMB_SIGNING_IPC_DEFAULT for RPC connections.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 0422c640e88c4b7a30242e81fdd053dd0822af76
Author: Ralph Boehme <slow at samba.org>
Date: Wed Dec 16 10:00:09 2015 +0100
CVE-2016-2115: net: use SMB_SIGNING_IPC_DEFAULT
Use SMB_SIGNING_IPC_DEFAULT for RPC connections.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 80102ed0c40d3c9a1ce2adeb1d773e4a22efcf63
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Dec 18 17:16:04 2015 +0100
CVE-2016-2115: s3:libsmb: let SMB_SIGNING_IPC_DEFAULT use "client ipc min/max protocol"
We need NT1 => LATEST in order to work against all servers which support
DCERPC over ncacn_np.
This is a mini step in using SMB2/3 in our client side by default.
This gives us a higher chance that SMB signing is supported by the
server (as it can't be turned off for SMB2 and higher).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit afda479dd28ca0d7cb5b69aedba2a5d1e9344d57
Author: Ralph Boehme <slow at samba.org>
Date: Wed Dec 16 09:55:37 2015 +0100
CVE-2016-2115: s3:libsmb: add signing constant SMB_SIGNING_IPC_DEFAULT
SMB_SIGNING_IPC_DEFAULT must be used from s3 client code when opening
RPC connections.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 1309832f6a89edaa935c791dea5d66f94e14a976
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Dec 21 13:22:16 2015 +0100
CVE-2016-2115: s3:winbindd: use lp_client_ipc_signing()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit f1dea298891df45eeb8ec40d3afc43567b421db0
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Feb 27 04:23:58 2016 +0100
CVE-2016-2115: s3:winbindd: use lp_client_ipc_{min,max}_protocol()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 2c62a54ce1463b0349fed092cf3c8f9d13fea86d
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 28 13:44:29 2014 +0100
CVE-2016-2115: s4:librpc/rpc: make use of "client ipc *" options for ncacn_np
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit dbe7a439bb4802c48bd630de490b3c00b2dc7636
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Feb 27 04:15:38 2016 +0100
CVE-2016-2115: s4:libcli/raw: pass the minprotocol to smb_raw_negotiate*()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit ee4f114083794118fb1c0f78375d0caf405b23bd
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Feb 27 04:15:38 2016 +0100
CVE-2016-2115: s4:libcli/raw: limit maxprotocol to NT1 in smb_raw_negotiate*()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit f3da02a80f0f21e12f5b5980f56f8b7d568a96da
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Feb 27 04:14:39 2016 +0100
CVE-2016-2115: s4:libcli/smb2: use the configured min_protocol
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 8466fe8ac8658b103c0069a4347e08ad9571d6bf
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Feb 27 04:13:11 2016 +0100
CVE-2016-2115: s4:libcli/raw: add smbcli_options.min_protocol
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 863d41961ead835e2212abf6ea8bb1d987f57e65
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Feb 27 03:43:58 2016 +0100
CVE-2016-2115: docs-xml: add "client ipc signing" option
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 39282d2ce75c2874712aa0ab795371382a35e450
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Feb 27 03:45:43 2016 +0100
CVE-2016-2115: docs-xml: add "client ipc min protocol" and "client ipc max protocol" options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11796
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 09a757685d2c7fd968fed1522ccc132cb1385608
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jul 15 10:57:03 2015 +0200
CVE-2016-2114: docs-xml: let the "smb signing" documentation reflect the reality
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11687
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 2c3649c46b7682ecdaae61a46419060ec70e04e1
Author: Ralph Boehme <slow at samba.org>
Date: Tue Mar 22 16:30:42 2016 +0100
CVE-2016-2114: s3:smbd: enforce "server signing = mandatory"
This fixes a regression that was introduced by commit
abb24bf8e874d525382e994af7ae432212775153
("s3:smbd: make use of better SMB signing negotiation").
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11687
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 0b05bc97d72fd15c6cb7c2115dd3c34f1d5fc225
Author: Ralph Boehme <slow at samba.org>
Date: Tue Mar 22 16:25:32 2016 +0100
CVE-2016-2114: libcli/smb: let mandatory signing imply allowed signing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11687
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit cc8bbc363c2a5d59ce7a83d3b70885092a69a275
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jul 15 10:57:03 2015 +0200
CVE-2016-2114: s3:smbd: use the correct default values for "smb signing"
This means an ad_dc will now require signing by default.
This matches the default behavior of Windows dc and avoids
man in the middle attacks.
The main logic for this hides in lpcfg_server_signing_allowed().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11687
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 4177489b900609ec728b7a638fe513b78dbcacec
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jul 16 04:45:16 2015 +0200
CVE-2016-2114: s4:smb2_server: fix session setup with required signing
The client can't sign the session setup request...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11687
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit b2af10b1c25c32845856de912fccb4f029d9d49a
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Mar 16 13:03:08 2016 +0100
CVE-2016-2113: docs-xml: let "tls verify peer" default to "as_strict_as_possible"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit 2ced06d13adefdaa7fceaea48c81e255b5b7ca2f
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Mar 26 08:38:46 2016 +0100
CVE-2016-2113: selftest: use "tls verify peer = no_check"
Individual tests will check the more secure values.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit 5c94dfae90d3e39ba74aa1732ea7b098f6f67b1e
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Mar 16 15:07:36 2016 +0100
CVE-2016-2113: selftest: test all "tls verify peer" combinations with ldaps
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 660dbb8edd25d354f2597ac137ac992792213924
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 23 16:17:04 2015 +0100
CVE-2016-2113: s4:librpc/rpc: verify the rpc_proxy certificate and hostname if configured
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit a443abeec989db0e7f396c2d74c4022e515116f0
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 23 16:17:04 2015 +0100
CVE-2016-2113: s4:libcli/ldap: verify the server certificate and hostname if configured
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit cd4b292d5e91f6889ff8ef4d1b588ab9859aaca6
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Mar 21 03:56:22 2016 +0100
CVE-2016-2113: s4:selftest: explicitly use '--option="tlsverifypeer=no_check" for some ldaps tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 5ec881c7a8e48cb09720e549cd3a488e0bf4e70d
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 23 22:12:56 2015 +0100
CVE-2016-2113: docs-xml: add "tls verify peer" option defaulting to "no_check"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 36ec2465b30cf0c99cc26d0e04e20825d7df3f67
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 23 16:17:04 2015 +0100
CVE-2016-2113: s4:lib/tls: implement infrastructure to do peer verification
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 2d2ab58882675ad51a6e07a2d2970c4c182cc112
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 23 15:39:48 2015 +0100
CVE-2016-2113: s4:lib/tls: create better certificates and sign the host cert with the ca cert
The generated ca cert (in ca.pem) was completely useless,
it could be replaced by cert.pem.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 6db65fb478dda5620a2617e0aa6f9bf36b9eb44b
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 25 19:24:20 2016 +0100
CVE-2016-2112: docs-xml: change the default of "ldap server require strong auth" to "yes"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit 5fbce217258ffc5bfe1acf5a32440afb0ce295c0
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Dec 21 10:04:48 2015 +0100
CVE-2016-2112: s4:selftest: run some ldap test against ad_dc_ntvfs, fl2008r2dc and fl2003dc
We want to test against all "ldap server require strong auth" combinations.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit 39c169bb59cf89787cb00a614509aaf7eb9e7ca8
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Dec 21 10:27:33 2015 +0100
CVE-2016-2112: selftest: servers with explicit "ldap server require strong auth" options
The default is "ldap server require strong auth = yes",
ad_dc_ntvfs uses "ldap server require strong auth = allow_sasl_over_tls",
fl2008r2dc uses "ldap server require strong auth = no".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit d68c225d0d1506196b5f91b202a030c5ee4d5742
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Mar 26 18:07:02 2016 +0100
CVE-2016-2112: s4:selftest: run samba4.ldap.bind against fl2008r2dc
This uses "ldap server require strong auth = no".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit f44664db30df44449926ff186af748e481ee4b13
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 28 12:19:37 2015 +0200
CVE-2016-2112: s4:ldap_server: implement "ldap server require strong auth" option
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 8105ff10f569be63c7c583e1e52b4b1f95db5d25
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Dec 21 12:03:56 2015 +0100
CVE-2016-2112: docs-xml: add "ldap server require strong auth" option
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 483a9263e45404df314a59c8aa9b8a90041314d8
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Dec 18 12:45:56 2015 +0100
CVE-2016-2112: s4:ldap_server: reduce scope of old_session_info variable
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 52ae0cc7a40ef9243481683dbe74956197e16a14
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Dec 18 11:56:29 2015 +0100
CVE-2016-2112: s4:selftest: use --option=clientldapsaslwrapping=plain for plain connections
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit c4f9336ba52064899b7fd5fb64b51e30c3d2e1bb
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Dec 18 08:29:50 2015 +0100
CVE-2016-2112: s4:libcli/ldap: auto upgrade to SIGN after STRONG_AUTH_REQUIRED
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 01acb212bbbbd9e34b41004bc3ca2c11af908e44
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Dec 18 08:29:50 2015 +0100
CVE-2016-2112: s4:libcli/ldap: make sure we detect downgrade attacks
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 76b18260a3633085e7eccd95c1d52a4f25fb0071
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Dec 18 08:29:50 2015 +0100
CVE-2016-2112: s4:libcli/ldap: honour "client ldap sasl wrapping" option
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 187e32b593c437d76f32e195c2a53e972e4c8b6f
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Mar 24 15:50:49 2016 +0100
CVE-2016-2112: s3:libads: make sure we detect downgrade attacks
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Pair-programmed-with: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
commit 0d2e185c7205dde94193135262d20b9cb4ae8a9d
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Mar 15 21:59:42 2016 +0100
CVE-2016-2111: docs-xml/smbdotconf: default "raw NTLMv2 auth" to "no"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit be45c4bb71026e1c9afc0c1af2402bb72945c9f7
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Mar 26 22:08:38 2016 +0100
CVE-2016-2111: selftest:Samba3: use "raw NTLMv2 auth = yes" for nt4_dc
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit ae299716f2ce509c73e24c16e8adc140ac6122b0
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Mar 1 10:25:54 2016 +0100
CVE-2016-2111: s4:smb_server: implement "raw NTLMv2 auth" checks
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 560213f028529c2200b481724d75c8df81a7ba01
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Mar 1 10:25:54 2016 +0100
CVE-2016-2111: s3:auth: implement "raw NTLMv2 auth" checks
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 5d69272aa77cd612ef6a27cfeac995d020905251
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Mar 15 21:02:34 2016 +0100
CVE-2016-2111: docs-xml: add "raw NTLMv2 auth" defaulting to "yes"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 7bad35be20158d23283d3e078f8626eb4bd7c572
Author: Stefan Metzmacher <metze at samba.org>
Date: Sun Mar 27 01:09:05 2016 +0100
CVE-2016-2111: docs-xml: document the new "client NTLMv2 auth" and "client use spnego" interaction
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit f5035af1f51fa49ee021bea65053221b63b086e1
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Mar 26 18:08:16 2016 +0100
CVE-2016-2111: s3:libsmb: don't send a raw NTLMv2 response when we want to use spnego
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit acd6697b4c44fcb234f87b7f0b3c10e4fedd9e0e
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Mar 26 18:08:16 2016 +0100
CVE-2016-2111: s4:libcli: don't send a raw NTLMv2 response when we want to use spnego
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit 7e5966feca7c7ca21549b0b64fcf92b65ecb24e6
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Mar 26 18:08:16 2016 +0100
CVE-2016-2111: s4:param: use "client use spnego" to initialize options->use_spnego
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit dc359daebeb587adb5e8008c5aebbf73dc898347
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Mar 26 18:08:16 2016 +0100
CVE-2016-2111: s4:libcli: don't allow the LANMAN2 session setup without "client lanman auth = yes"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit 379604a44c4f600ad2e0c3778c12a65bb0581973
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Mar 26 22:24:23 2016 +0100
CVE-2016-2111: s4:torture/base: don't use ntlmv2 for dos connection in base.samba3error
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit 7f303d79b321f39312d705b706af89a360f8dad3
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Mar 26 22:24:23 2016 +0100
CVE-2016-2111: s4:torture/raw: don't use ntlmv2 for dos connection in raw.samba3badpath
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit b38d560aaefd4203281b9bbcab678f340f833ffb
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 9 13:12:43 2015 +0100
CVE-2016-2111: s3:rpc_server/netlogon: check NTLMv2_RESPONSE values for SEC_CHAN_WKSTA
This prevents spoofing like Microsoft's CVE-2015-0005.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 54fef0f57e13d53ddf317f43ca68b83919cab6fa
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 9 13:12:43 2015 +0100
CVE-2016-2111: s4:rpc_server/netlogon: check NTLMv2_RESPONSE values for SEC_CHAN_WKSTA
This prevents spoofing like Microsoft's CVE-2015-0005.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 8421d130d2e2ff4c8887b68706db1ff020002374
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Feb 23 19:08:31 2016 +0100
CVE-2016-2111: libcli/auth: add NTLMv2_RESPONSE_verify_netlogon_creds() helper function
This is the function that prevents spoofing like
Microsoft's CVE-2015-0005.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 80401c953d57e8a796477ee84eb8af713c116799
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Dec 12 22:23:18 2015 +0100
CVE-2016-2111: s4:torture/rpc: fix rpc.pac ntlmv2 test
The computer name of the NTLMv2 blob needs to match
the schannel connection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit a193154ade14cd3b3a9659e784f92a2c113c62f2
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Dec 12 22:23:18 2015 +0100
CVE-2016-2111: s4:torture/rpc: fix rpc.samba3.netlogon ntlmv2 test
The computer name of the NTLMv2 blob needs to match
the schannel connection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit ab0e71bd44d35ca335c2c8fd3e93a950d79e1750
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 7 13:33:17 2015 +0200
CVE-2016-2111: s3:rpc_server/netlogon: require DCERPC_AUTH_LEVEL_PRIVACY for validation level 6
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit aaf3893c92e27dfc64f5d9c01a00b697f30a4af7
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 7 13:33:17 2015 +0200
CVE-2016-2111: s4:rpc_server/netlogon: require DCERPC_AUTH_LEVEL_PRIVACY for validation level 6
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 1d33ade7fb1eef8fb47f28ad292e32f9d0dbe3bc
Author: Günther Deschner <gd at samba.org>
Date: Sat Sep 26 01:29:10 2015 +0200
CVE-2016-2111: s3:rpc_server/netlogon: always go through netr_creds_server_step_check()
The ensures we apply the "server schannel = yes" restrictions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Guenther Deschner <gd at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit d96000235f334d7915222a6bb7503d587fa40f0e
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Mar 9 15:31:23 2016 +0100
CVE-2016-2111: s4:rpc_server: implement 'server schannel = yes' restriction
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit e1101a62952ed37634db1da21a37d4a7145f7330
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 15 15:10:20 2015 +0100
CVE-2016-2111: auth/gensec: correctly report GENSEC_FEATURE_{SIGN,SEAL} in schannel_have_feature()
This depends on the DCERPC auth level.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 0654735dfb5f40f1e73307934f7e0a8aada47cdb
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 15 15:11:32 2015 +0100
CVE-2016-2111: auth/gensec: require DCERPC_AUTH_LEVEL_INTEGRITY or higher in schannel_update()
It doesn't make any sense to allow other auth levels.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 861b86dcbb291999273c94ce358c3333cfb80bab
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Nov 19 16:26:49 2015 +0100
CVE-2016-2110: auth/ntlmssp: implement new_spnego support including MIC generation (as client)
We now detect a MsvAvTimestamp in target info as indication
of the server to support NTLMSSP_MIC in the AUTH_MESSAGE.
If the client uses NTLMv2 we provide
NTLMSSP_AVFLAG_MIC_IN_AUTHENTICATE_MESSAGE and valid MIC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 4956428bce800a0602ce4ed25e8b4a08032335a6
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Nov 19 16:02:58 2015 +0100
CVE-2016-2110: auth/ntlmssp: implement new_spnego support including MIC checking (as server)
We now include a MsvAvTimestamp in our target info as indication
for the client to include a NTLMSSP_MIC in the AUTH_MESSAGE.
If the client uses NTLMv2 we check NTLMSSP_AVFLAG_MIC_IN_AUTHENTICATE_MESSAGE
and require a valid MIC.
This is still disabled if the "map to guest" feature is used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit c5032e97896ce3ed6416aaf3b727c99741916564
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 30 09:13:14 2015 +0100
CVE-2016-2110: ntlmssp.idl: add NTLMSSP_MIC_{OFFSET,SIZE}
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit d35bc356122d44c4c20bec62266af7a84247b358
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 20 09:31:35 2015 +0100
CVE-2016-2110: libcli/auth: pass server_timestamp to SMBNTLMv2encrypt_hash()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit f77cf8170fef95a790d61209d01dc2cac277aaaf
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 20 09:29:11 2015 +0100
CVE-2016-2110: auth/credentials: pass server_timestamp to cli_credentials_get_ntlm_response()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 95af5d9dc965c761625c2442ccc8c25b8588f3d9
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Nov 24 21:24:47 2015 +0100
CVE-2016-2110: auth/credentials: clear the LMv2 key for NTLMv2 in cli_credentials_get_ntlm_response()
If we clear CLI_CRED_LANMAN_AUTH and we should also clear the lm_response buffer
and don't send it over the net.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 769eec817d8f9ccb651ffb25abdcd248d48f25cb
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 17 11:49:31 2013 +0100
CVE-2016-2110: auth/ntlmssp: implement gensec_ntlmssp_may_reset_crypto()
[MS-SPNG] requires the NTLMSSP RC4 states to be reset after
the SPNEGO exchange with mechListMic verification (new_spnego).
The 'reset_full' parameter is needed to support the broken
behavior that windows only resets the RC4 states but not the
sequence numbers. Which means this functionality is completely
useless... But we want to work against all windows versions...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 6b0ee687528a1c46bb8ca7871ca18b8a7c2ed539
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Dec 16 11:27:27 2013 +0100
CVE-2016-2110: auth/ntlmssp: call ntlmssp_sign_init if we provide GENSEC_FEATURE_SIGN
It's important to check if got the GENSEC_FEATURE_SIGN and if the caller
wanted it.
The caller may only asked for GENSEC_FEATURE_SESSION_KEY which implicitly
negotiates NTLMSSP_NEGOTIATE_SIGN, which might indicate GENSEC_FEATURE_SIGN
to the SPNEGO glue code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 6675796974a15bdf2495a48225aa26f39d801997
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 17 11:49:31 2013 +0100
CVE-2016-2110: auth/gensec: add gensec_may_reset_crypto() infrastructure
[MS-SPNG] requires the NTLMSSP RC4 states to be reset after
the SPNEGO exchange with mechListMic verification (new_spnego).
This provides the infrastructure for this feature.
The 'reset_full' parameter is needed to support the broken
behavior that windows only resets the RC4 states but not the
sequence numbers. Which means this functionality is completely
useless... But we want to work against all windows versions...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit ce87fef8bab8ddab827d0b8427e3fc08001ad077
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Nov 24 20:13:24 2015 +0100
CVE-2016-2110: auth/gensec: require spnego mechListMIC exchange for new_spnego backends
This used to work more or less before, but only for krb5 with the
server finishing first.
With NTLMSSP and new_spnego the client will finish first.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 6a56dd286b545c1e5b336e9faca089374a68a878
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 20 11:42:55 2015 +0100
CVE-2016-2110: auth/gensec: fix the client side of a spnego downgrade
New servers response with SPNEGO_REQUEST_MIC instead of
SPNEGO_ACCEPT_INCOMPLETE to a downgrade.
With just KRB5 and NTLMSSP this doesn't happen, but we
want to be prepared for the future.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 77d59f1f9982ba8d26af53c9935efed503aebedc
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 20 11:42:55 2015 +0100
CVE-2016-2110: auth/gensec: fix the client side of a new_spnego exchange
Even for SMB where the server provides its mech list,
the client needs to remember its own mech list for the
mechListMIC calculation.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit beb1f960ad5f6bd68d6657b6bbc4ab6cdb7a208b
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 17 12:42:35 2013 +0100
CVE-2016-2110: libcli/auth: add SPNEGO_REQUEST_MIC to enum spnego_negResult
This is defined in http://www.ietf.org/rfc/rfc4178.txt.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 3a934e1d4e0b2bb26fc94a786b4107aa9ce44db2
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 17 12:42:06 2013 +0100
CVE-2016-2110: libcli/auth: use enum spnego_negResult instead of uint8_t
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit fc3582bfde2042c424a6b0fadffa04b4eac4bdd5
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 20 14:06:18 2015 +0100
CVE-2016-2110: winbindd: add new_spnego to the WINBINDD_CCACHE_NTLMAUTH response
We don't need to change the protocol version because:
1. An old client may provide the "initial_blob"
(which was and is still ignored when going
via the wbcCredentialCache() function)
and the new winbindd won't use new_spnego.
2. A new client will just get a zero byte
from an old winbindd. As it uses talloc_zero() to
create struct winbindd_response.
3. Changing the version number would introduce problems
with backports to older Samba versions.
New clients which are capable of using the new_spnego field
will use "negotiate_blob" instead of "initial_blob".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 03ccba784ca8c190faf66cd2f23e961d38f0da8d
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 1 14:54:13 2015 +0100
CVE-2016-2110: auth/ntlmssp: let gensec_ntlmssp_client_start require NTLM2 (EXTENDED_SESSIONSECURITY) when using ntlmv2
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 45a1008abac0da30710c7e5f5a256b52825693ec
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 1 14:54:13 2015 +0100
CVE-2016-2110: auth/ntlmssp: let gensec_ntlmssp_client_start require flags depending on the requested features
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 67787ff475ebe65553221ef413c91df3e7dcd36f
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 1 15:06:09 2015 +0100
CVE-2016-2110: auth/ntlmssp: don't let ntlmssp_handle_neg_flags() change ntlmssp_state->use_ntlmv2
ntlmssp_handle_neg_flags() can only disable flags, but not
set them. All supported flags are set at start time.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 5b86a859f5d1c832c14d12662b1e38cc28258343
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 1 15:01:09 2015 +0100
CVE-2016-2110: auth/ntlmssp: don't allow a downgrade from NTLMv2 to LM_AUTH
man smb.conf says "client ntlmv2 auth = yes" the default disables,
"client lanman auth = yes":
...
Likewise, if the client ntlmv2 auth parameter is enabled, then only NTLMv2
logins will be attempted.
...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit e6e8da90139740b4286b374530a03e944e1ce170
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 1 14:58:19 2015 +0100
CVE-2016-2110: auth/ntlmssp: split allow_lm_response from allow_lm_key
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 00d1eaa917b60d5c086640ee72ce62b54a7543bc
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 1 11:01:24 2015 +0100
CVE-2016-2110: auth/ntlmssp: maintain conf_flags and required_flags variables
We now give an error when required flags are missing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit ebd79e5c448021a7f1a35821154db38a360650b7
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 1 08:46:45 2015 +0100
CVE-2016-2110: auth/ntlmssp: let ntlmssp_handle_neg_flags() return NTSTATUS
In future we can do a more fine granted negotiation
and assert specific security features.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 143772447758cf2aa869acd569054bcdf11a9534
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Mar 21 19:41:53 2016 +0100
s3:ntlm_auth: pass manage_squid_request() needs a valid struct ntlm_auth_state from within get_password()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Mar 22 19:20:38 CET 2016 on sn-devel-144
(cherry picked from commit ef1ad0e122659b5ff9097f0f7046f10fc2f3ec30)
commit b4125aa1120026303081082dd620f14b12600074
Author: Stefan Metzmacher <metze at samba.org>
Date: Sun Feb 28 23:32:50 2016 +0100
s3:rpc_server/samr: correctly handle session_extract_session_key() failures
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 0906d61bb2f3446483d82928b55f5b797bac4804)
commit 54cd1078ebdc4bd323c22b4103a3bbef8a688e06
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Dec 18 15:30:00 2015 +0100
s4:selftest: run rpc.netlogon.admin also over ncalrpc and ncacn_ip_tcp
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Mar 18 12:39:51 CET 2016 on sn-devel-144
(cherry picked from commit e8e2386bf6bd05c60a0f897587a9a676c86dee76)
commit 40b32849cb456d1d19cb49a3fc1448c2058e49e9
Author: Volker Lendecke <vl at samba.org>
Date: Tue Mar 15 20:34:27 2016 +0100
libads: Fix CID 1356316 Uninitialized pointer read
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit dcaa88158e6f0a9964ad051b4062d82e9f279b8c)
commit 9af768fe07b8d1fee101cb6ed53e058f2287a9ab
Author: Volker Lendecke <vl at samba.org>
Date: Tue Mar 15 21:00:30 2016 +0100
libsmb: Fix CID 1356312 Explicit null dereferenced
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit f50c3fb1c58700522f1b742539dab9bd9ae7fd39)
commit 9f3ae002abbce5b4bbbc8fd39fa0f019c6354236
Author: Günther Deschner <gd at samba.org>
Date: Sat Sep 26 02:20:50 2015 +0200
s3-auth: check for return code of cli_credentials_set_machine_account().
Guenther
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Mar 17 20:43:19 CET 2016 on sn-devel-144
(cherry picked from commit c06058a99be4cf3ad3431dc263d4595ffc226fcf)
commit 1b646bbc0ae1b179f8fb9745caf28f239e9f47ef
Author: Günther Deschner <gd at samba.org>
Date: Sat Sep 26 02:18:44 2015 +0200
s4-smb_server: check for return code of cli_credentials_set_machine_account().
We keep anonymous server_credentials structure in order to let
the rpc.spoolss.notify start it's test server.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Günther Deschner <gd at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit fe93a09889a854d7c93f9b349d5794bdbb9403ba)
commit 168b01588d2ccb29cd20025faa999a32dd94b48a
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
s4:rpc_server: require access to the machine account credentials
Even a standalone server should be selfjoined.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit 31f07d05629bc05ef99edc86ad2a3e95ec8599f1)
commit cbeff28e1b35ad3d823aaba6c7c4effd3f575e2d
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 15 15:08:43 2015 +0100
auth/gensec: split out a gensec_verify_dcerpc_auth_level() function
We only need this logic once.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit 57946ac7c19c4e9bd8893c3acb9daf7c4bd02159)
commit 2779ec8d1229e377f2a56ab621cb99c395715203
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jul 10 13:01:47 2015 +0200
auth/gensec: make sure gensec_security_by_auth_type() returns NULL for AUTH_TYPE_NONE
ops->auth_type == 0, means the backend doesn't support DCERPC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit cc3dea5a8104eef2cfd1f8c05e25da186c334320)
commit 2c1fa784bde13f3c35969c771ecc69d35daee70a
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 11 02:55:30 2016 +0100
s4:torture/rpc/schannel: don't use validation level 6 without privacy
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit 733ccd13209c20f8e76ae7b47e1741791c1cd6ba)
commit eef3a10cbe2ceef4d4971d3d7aa5552dd9297a84
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 11 18:09:26 2016 +0100
s4:torture/rpc: correctly use torture_skip() for test_ManyGetDCName() without NCACN_NP
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit 50581689d924032de1765ec884dbd160652888be)
commit dba5783df6d01d6637a7c91d449208bce9e6d8a4
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Mar 14 01:56:07 2016 +0100
s4:torture/rpc/samlogon: use DCERPC_SEAL for netr_LogonSamLogonEx and validation level 6
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit 050a1d0653716fd7c166d35a7236a014bf1d1516)
commit 8dea51045df8ecd0efaabfa227965ccde27fb857
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Mar 10 17:24:03 2016 +0100
s4:torture/rpc/samr: use DCERPC_SEAL in setup_schannel_netlogon_pipe()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit 26e5ef68188d2e44d42f75ed6aabf2557c9ce5ce)
commit 10eda287b44b7e34965ad58aad20cb57394a7e62
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 22 12:10:12 2015 +0100
s4:torture/netlogon: add/use test_SetupCredentialsPipe() helper function
This create a schannel connection to netlogon, this makes the tests
more realistic.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit 1a7d8b8602a687ff6eef45f15f597694e94e14b1)
commit 402d4acb3bf6012b83dd913b838723d41dad2b75
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 22 09:13:46 2015 +0100
s3:test_rpcclient_samlogon.sh: test samlogon with schannel
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit f9a1915238dc7a573c58dd8c7bac3637689af265)
commit ff65d5b2a9c36417f75c7e8bbf0d46b16b528584
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Dec 18 07:10:06 2015 +0100
s3:selftest: rpc.samr.passwords.validate should run with [seal] in order to be realistic
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit 2c36501640207604a5c66fb582c2d5981619147e)
commit 8b906988f91e55276d37f84cb12ddc9de3e90bd0
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jan 9 21:21:25 2016 +0100
selftest: setup information of new samba.example.com CA in the client environment
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit b00c38afc6203f1e1f566db31a63cedba632dfab)
commit 46fa41783189f064ff5dcafb3dd875b1f3809a4e
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jan 9 21:21:25 2016 +0100
selftest: set tls crlfile if it exist
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit b2c0f71db026353060ad47fd0a85241a3df8c703)
commit 5e6298333dbc91356fa2a725f3a3581f1d660fb0
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jan 9 21:21:25 2016 +0100
selftest: use Samba::prepare_keyblobs() and use the certs from the new CA
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit c321a59f267d1a997eff6f864a79437ef759adeb)
commit 0e5d2dda9b8b80830aec021e7c4cb7fdfc89f4e1
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jan 9 21:21:25 2016 +0100
selftest: add Samba::prepare_keyblobs() helper function
This copies the certificates from the samba.example.com CA if they
exist.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit a6447fd6d010b525d235b894d5be62c807922cb5)
commit 91d2c97894590457670430177cfc93a7ce9f4d10
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jan 9 01:06:05 2016 +0100
selftest: mark commands in manage-CA-samba.example.com.sh as DONE
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit 2a96885ac706ae3e7c6fd7aaff0215f3f171bc27)
commit bbb66a95ccc9240622d49da119f0020e35208e14
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jan 9 01:09:31 2016 +0100
selftest: add CA-samba.example.com (non-binary) files
The binary files will follow in the next, this allows the next
commit to be skipped as the binary files are not used by samba yet.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(similar to commit 520c85a15fa1f4718e2e793303327abea22db149)
commit 6a09084d01f3d1a71429fa772b836343b2e9125b
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jan 9 01:08:02 2016 +0100
selftest: add config and script to create a samba.example.com CA
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit bdc1f036a8a66256afe8dc88f8a9dc47655640bd)
commit 03479af3f70921debe2638b9c327a0dd5b7004bb
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jan 9 01:06:05 2016 +0100
selftest: add some helper scripts to mange a CA
This is partly based on the SmartCard HowTo from:
https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit b0bdbeeef44259782c9941b5cfff7d4925e1f2f2)
commit da66e65cc38f8ba62c2a26985fe20ea965879b75
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jan 16 13:57:47 2016 +0100
selftest: s!addc.samba.example.com!addom.samba.example.com!
It's confusing to have addc.samba.example.com as domain name
and addc.addc.samba.example.com as hostname.
We now have addom.samba.example.com as domain name
and addc.addom.samba.example.com as hostname.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit c561a42ff68bc4561147839e3a65951924f6af21)
commit df14c6a92b5fbfefe5e453e93abbcb597fb42f0b
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Nov 10 10:25:10 2015 +0100
s4:rpc_server: dcesrv_generic_session_key should only work on local transports
This matches modern Windows servers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Mar 10 10:15:21 CET 2016 on sn-devel-144
(cherry picked from commit 645e777b0aca7d997867e0b3f0b48bfb138cc25c)
commit bb6312226bef2413af4c8e3b411b3f459213c545
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Feb 26 16:41:10 2016 +0100
s4:rpc_server/samr: hide a possible NO_USER_SESSION_KEY error
Windows servers doesn't return the raw NT_STATUS_NO_USER_SESSION_KEY
error, but return WRONG_PASSWORD or even hide the error by using a random
session key, that results in an invalid, unknown, random NTHASH.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 58b33896b65c5b51486eaf01f5f935ace2369fd0)
commit 511dfb42a685e373dc447401dbdb6c18b4bb521e
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Nov 10 10:25:10 2015 +0100
s4:librpc/rpc: dcerpc_generic_session_key() should only be available on local transports
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 5a397216d40ff18fd1c0980cd9b7b7c0a970bbbb)
commit 934f731a55149ca0d5cb3f8d268d746fcf6ce54d
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 15 22:44:24 2015 +0100
s4:torture:samba3rpc: use an authenticated SMB connection and an anonymous DCERPC connection on top
This is the only way to get a reliable transport session key.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit af8c4ebf9be314ddd13ef9ca17a0237927dd2ede)
commit fe4cdee4e2ec1dfa3a7a0445f3648c9635441229
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Dec 18 20:18:42 2015 +0100
s4:selftest: run rpc.samr over ncacn_np instead of ncacn_ip_tcp
It requires a transport session key, which is only reliable available
over SMB.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit f699eb3b1a0660ace3ca99d3f3b5d79ed5537c80)
commit 528db7f74e10525f5eb20d3f4159ec5f85c51f72
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Feb 29 07:47:39 2016 +0100
s4:torture: the backupkey tests need to use ncacn_np: for LSA calls
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit c793b23ddb7c048110bc4718574e5b99d5bbcfae)
commit b282ac7451b691c31f72e6bf7d2eb548c410a3c4
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Dec 17 08:55:03 2015 +0100
s4:torture/rpc: do testjoin only via ncalrpc or ncacn_np
ncacn_ip_tcp doesn't have the required session key.
It used to be the wellknown "SystemLibraryDTC" constant,
but that's not available in modern systems anymore.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 0400f301e3bcf495748cff009755426a040596fa)
commit 5a8126dd506b4386f445451a0be3217f88f9d759
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Mar 2 07:27:41 2016 +0100
s3:libsmb: remove unused functions in clispnego.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 14335018229801dd6d2b18f8d19ab5b45b8394fc)
commit 506ac998f8551ae054ac8f3ab31ecd5e5d726d30
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Mar 2 07:27:16 2016 +0100
s3:libsmb: remove unused cli_session_setup_kerberos*() functions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 95b953950d1fd454121ff23a43a8b13a34385ef1)
commit d1921c6461bb7ea097ff03ee6cf7f4581f3e259f
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Mar 2 14:58:30 2016 +0100
s3:libsmb: make use of cli_session_setup_gensec*() for Kerberos
This pares a fix for https://bugzilla.samba.org/show_bug.cgi?id=10288
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 0e1b2ebf884c6f2033b3b9aa7b6f72af54a716b2)
commit a1677281a00fbe913b3c1bfdc96aa59c42e3a6d9
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Mar 2 14:35:21 2016 +0100
s3:libsmb: call cli_state_remote_realm() within cli_session_setup_spnego_send()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 907e2b1f665cdafc863f4702ede5dcf16e6cc269)
commit a7f8e942ca72f673e2228776222abfe16c2e7b88
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Mar 1 15:47:11 2016 +0100
s3:libsmb: provide generic cli_session_setup_gensec_send/recv() pair
It will be possible to use this for more than just NTLMSSP in future.
This prepares a fix for https://bugzilla.samba.org/show_bug.cgi?id=10288
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 285c342f01a6e9a892f03360f8d2d0097e7a41cb)
commit 4b55e96dd6ac59598c877825c2a4a72f1cff370c
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Mar 1 18:31:50 2016 +0100
s3:libsmb: let cli_session_setup_ntlmssp*() use gensec_update_send/recv()
This pares a fix for https://bugzilla.samba.org/show_bug.cgi?id=10288
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 576257f6e1488a623306dc368c806e218b1fcdf2)
commit 20c847ff52cf6d290157768946b6fa899141a9e1
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 9 11:49:37 2015 +0100
s3:libsmb: unused ntlmssp.c
Everything uses the top level ntlmssp code via gensec now.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit afffe797547a97ec839913e1ca89045989bbea49)
commit 7767d82ccb8f0af908bf5ea576101e696824589b
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Nov 26 14:34:46 2015 +0100
s3:libsmb: make use gensec based SPNEGO/NTLMSSP
This pares a fix for https://bugzilla.samba.org/show_bug.cgi?id=10288
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 4f6fe27c7020822dd1ce88b7dd63725d6082b190)
commit a16bbecfd8998191fc6646c8258f05ad39d14fb1
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Mar 2 11:42:51 2016 +0100
s3:libads: make use of ads_sasl_spnego_gensec_bind() for GSS-SPNEGO with Kerberos
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 2cb07ba50decdfd6d08271cd2b3d893ff95f5af9)
commit 6507d6fcb818bac50e931c2291df2346b029cb8e
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Mar 2 11:33:04 2016 +0100
s3:libads: keep service and hostname separately in ads_service_principal
Caller will use them instead of the full principal in future.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit c5d7956364047925dee5d6f71a5b92a38c73e5a6)
commit 1571a9ff8b19a35493cf9c4f2c54d1aca4a6ed7d
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Mar 2 11:31:01 2016 +0100
s3:libads: don't pass given_principal to ads_generate_service_principal() anymore.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 0c204e11925982d8bd835830985479792b8cc820)
commit 8e7229d2f90848ef75299c37c8f23cec849a5ccb
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 9 13:14:05 2015 +0100
s3:libads: provide a generic ads_sasl_spnego_gensec_bind() function
It will be possible to use this for more than just NTLMSSP in future.
Similar to https://bugzilla.samba.org/show_bug.cgi?id=10288
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 139ce7d8b687cc54560ce353ea6f86a4d2d2ae04)
commit 468c68cf0eb2520841eb2de7074ebd5cd7966b92
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 9 15:02:29 2015 +0100
s3:libads: make use of GENSEC_OID_SPNEGO in ads_sasl_spnego_ntlmssp_bind()
This avoids using the hand made spnego code, that
doesn't support the GENSEC_FEATURE_NEW_SPNEGO protection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit c6f79cfa86e23217a510c6fe205da0c18ef2a9b2)
commit ea56849c22c1da6a152eb3e0c062790e7f056e27
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 9 15:04:02 2015 +0100
s3:libads: make use of GENSEC_FEATURE_LDAP_STYLE
This is more generic and will handle the
ntlmssp_[un]wrap() behaviour at the right level.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 357d37fa11b7d944e9f5fe2e0cc6730d498bc2dc)
commit 52629acbf8c7859a725026dffcbc1a42ada86855
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Mar 5 02:53:45 2016 +0100
s3:libads: add missing TALLOC_FREE(frame) in error path
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 8f9a9633e4f55f85a3f68bf2e8c78414f31511ea)
commit c5da725f40a4c9ae19e3fedc52045c0a5a143085
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 9 14:51:57 2015 +0100
s4:ldap_server: make use of GENSEC_FEATURE_LDAP_STYLE
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit 0ebe929810e922e7cf7742a1f3e4ad222006377f)
commit 0577097560298be63fcd76da0c68e25c4cf9ac53
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Dec 18 11:46:22 2015 +0100
s4:selftest: simplify the loops over samba4.ldb.ldap
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit c431543fb989938898e33e1ffdb80cb97e4a3bb2)
commit ff77277f54faa374b473abb7c14326b13017eeb2
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Dec 18 09:54:08 2015 +0100
s4:selftest: we don't need to run ldap test with --option=socket:testnonblock=true
The LDAP client library uses tstream and that handles non blocking
sockets natively.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit 5cf8546674a4f49618bdade1567fac00d72db454)
commit f74c031ebb9ee53c993b76fafd2c729f5052ae42
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Dec 18 13:10:58 2015 +0100
s4:libcli/ldap: fix retry authentication after a bad password
We need to start with an empty input buffer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit d9d0d2d5a2667ea8984772b678272650a8719c21)
commit 2ace8440cb105cb3eb67043119b35eb5e118f7ef
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 9 14:51:57 2015 +0100
s4:libcli/ldap: make use of GENSEC_FEATURE_LDAP_STYLE
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit d04663b8b075a69141fe2f45d0906b528d99ab85)
commit 482555b187fdcc6d9150c673a4525f2c75107f4d
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Mar 8 12:58:51 2016 +0100
auth/ntlmssp: remove ntlmssp_unwrap() fallback for LDAP
This is now handled by GENSEC_FEATURE_LDAP_STYLE.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 59301830e27bf537d04808d2ac37d6cf9ef56713)
commit 8f747f6dc8b09c71d9dda958cea0e129f96178bb
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 9 14:48:14 2015 +0100
auth/ntlmssp: add more compat for GENSEC_FEATURE_LDAP_STYLE
We want also work against old Samba servers which didn't had
GENSEC_FEATURE_LDAP_STYLE we negotiate SEAL too. We may remove this in a few
years. As all servers should support GENSEC_FEATURE_LDAP_STYLE by then.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit 122a5f6b58e6cead061a7ee64033ccc1940742ed)
commit 2a496ba92b52ea13137eecb16ad1e15eee7be5d5
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 9 14:48:14 2015 +0100
auth/ntlmssp: implement GENSEC_FEATURE_LDAP_STYLE
We need to handle NTLMSSP_NEGOTIATE_SIGN as
NTLMSSP_NEGOTIATE_SEAL if GENSEC_FEATURE_LDAP_STYLE
is requested.
This works arround a bug in Windows, which allow signed only
messages using NTLMSSP and LDAP.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit f3dbe19e14eaf7a462f14485c6a9138a7348db2e)
commit eafd97efa1a4a48342010230c98b34f218b0c15e
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 9 14:48:14 2015 +0100
auth/gensec: add GENSEC_FEATURE_LDAP_STYLE define
This will be used for LDAP connections and may trigger
backend specific behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit 069aee42c2f12ed5feb23c19dc0a4771d913619a)
commit c9edc04d6db05eec29d0621e0210a6c44461f58a
Author: Günther Deschner <gd at samba.org>
Date: Wed Aug 19 00:40:12 2009 +0200
auth/ntlmssp: use ndr_push_AV_PAIR_LIST in gensec_ntlmssp_server_negotiate().
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Günther Deschner <gd at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit f6b9e1feab8d435b1e44fef81e867c01ed01db95)
commit 5c617122479e419e03174c0a0732da30c4801409
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Nov 24 15:40:29 2015 +0100
librpc/ndr: add ndr_ntlmssp_find_av() helper function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit c1e2a1f0a75605a8792b615a41392fc018198a10)
commit 92d7499c4e0a761bfdbf86cf1d55a00ee7a7fd9c
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Nov 19 15:38:02 2015 +0100
ntlmssp.idl: make AV_PAIR_LIST public
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit f4ff3510164748977de056bb8cdbbd22e5fedb3c)
commit e2e7ffe6bffcaaebd933ce6777b8adbc7e77cb78
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Dec 21 09:07:57 2015 +0100
ntlmssp.idl: MsAvRestrictions is MsvAvSingleHost now
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit ab54e0fd7040e7717fe979b54fb4dfa16813524f)
commit 159be66873b6b3f93454cc5b63b0921e14a3bacc
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Dec 21 09:06:56 2015 +0100
security.idl: add LSAP_TOKEN_INFO_INTEGRITY
This is used in [MS-KILE] and implicit in [MS-NLMP].
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit 1f88812316144b06b11eb3dc90a6081cb57783da)
commit 62d31f6496cd831a7b171998c1a6026e3b7f3071
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Nov 24 14:07:23 2015 +0100
auth/ntlmssp: use ntlmssp_version_blob() in the server
We already set NTLMSSP_NEGOTIATE_VERSION in
gensec_ntlmssp_server_start(), so it's always
set in chal_flags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit 8af6b8d2eb6b873620131b4b5b570ec24985d86a)
commit 47cebc557af9cc172144f9aaea9fd55320bd4013
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 20 10:52:29 2015 +0100
auth/ntlmssp: let the client always include NTLMSSP_NEGOTIATE_VERSION
This matches a modern Windows client.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit 4a1809cb14dcb03e9ba386af5b90650400377875)
commit 423f1935e38b710a3c13b376f9711ad40d01e363
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Nov 24 14:05:17 2015 +0100
auth/ntlmssp: add ntlmssp_version_blob()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit a61ab398ccc1036edce677e00569fd7f58b70995)
commit 28725efdd47d07d59c560aa01bb7759aa271bfa9
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 20 10:52:29 2015 +0100
auth/ntlmssp: don't send domain and workstation in the NEGOTIATE_MESSAGE
We don't set NTLMSSP_NEGOTIATE_OEM_{DOMAIN,WORKSTATION}_SUPPLIED anyway.
This matches modern Windows clients.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit 4fca8eaaae23955e704dc9c45d373fe78bf88201)
commit 74946128c50f883ec55bb6e2d1d58eaecc28c7ff
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 8 13:59:42 2015 +0100
auth/ntlmssp: set NTLMSSP_ANONYMOUS for anonymous authentication
This matches a modern Windows client.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit efd4986794889f1315dbd011b94b8673d785053a)
commit 3adc8f5be9e265a76394ea5ea6938244d31eeb71
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 1 11:01:24 2015 +0100
auth/ntlmssp: define all client neg_flags in gensec_ntlmssp_client_start()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit afba38dbf5c954abbcfc485a81f510255b69a426)
commit 2e40c60988421991507c9405382dcd5f9697a835
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 20 10:52:29 2015 +0100
auth/ntlmssp: NTLMSSP_NEGOTIATE_VERSION is not a negotiated option
NTLMSSP_NEGOTIATE_VERSION only indicates the existence of the version
information in the packet.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit 30d626024c7e8f275d64f835632717b0130be4b2)
commit 2663f442606f4eaf686b0046fc3bccfd610f3df0
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 1 11:16:02 2015 +0100
auth/ntlmssp: split out a debug_ntlmssp_flags_raw() that's more complete
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit e63442a1c27c475e373048893d9cf04859dd1792)
commit 75bdf5202eb539501e5286986bd4de7eb2929f65
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 9 10:54:56 2015 +0100
s3:ntlm_auth: also use gensec for "ntlmssp-client-1" and "gss-spnego-client"
This implicitly fixes bug #10708.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10708
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit 279d58c1e68c9466a76e4a67d2cfea22e8719d31)
commit b57c0e73adb9de0f3e5eaf81decd1f0e5060f7a0
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Nov 26 11:46:52 2015 +0100
winbindd: make use of ntlmssp_resume_ccache backend for WINBINDD_CCACHE_NTLMAUTH
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit 716e78f3b294210130f3cf253f496391534819b0)
commit 8f6909453202e7056c929ae5bcfc1971f974790b
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Dec 10 15:42:51 2015 +0100
s3:auth_generic: add "ntlmssp_resume_ccache" backend in auth_generic_client_prepare()
This will be used by winbindd in order to correctly implement WINBINDD_CCACHE_NTLMAUTH.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit 8bcde9ec625547df42915e9138d696deeabdb62d)
commit cb0719d66d1f9024f52f3c2be1e3c0e434b85da5
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 27 15:35:40 2015 +0100
auth/ntlmssp: implement GENSEC_FEATURE_NTLM_CCACHE
This can used in order to use the WINBINDD_CCACHE_NTLMAUTH
code of winbindd to do NTLMSSP authentication with a cached
password.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit b133f66e0da5ed05bbe81098e52c744bac4b48ac)
commit 333e02b18d90cc485e7295a82ab08151d900f81d
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 27 13:42:30 2015 +0100
auth/gensec: add GENSEC_FEATURE_NTLM_CCACHE define
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit 0a93cad337578a7ba61f12726c9a15ecf869db7b)
commit 4e2e1f62db348e61adb0b56c603321c1118af755
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 25 21:41:23 2015 +0100
auth/ntlmssp: provide a "ntlmssp_resume_ccache" backend
These can be used to implement the winbindd side of
the WINBINDD_CCACHE_NTLMAUTH call.
It can properly get the initial NEGOTIATE messages
injected if available.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit b3d4523ff7810279dc4d3201a09a868545d4d253)
commit 4f9426239029be7786dade1c01a1a4b8e8f204de
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Dec 11 12:47:40 2015 +0100
s3:ntlmssp: remove unused libsmb/ntlmssp_wrap.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit 52c03c07151a12e84fb4d34443864e59583c0db9)
commit 17d6b179c0bdea97e2b431627538ffd44317a3c7
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Nov 26 11:45:33 2015 +0100
s3:auth_generic: make use of the top level NTLMSSP client code
There's no reason to use gensec_ntlmssp3_client_ops, the
WINBINDD_CCACHE_NTLMAUTH isn't available via gensec anyway.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit 0d66e2d34f656028eb3adb35acb653a45c041890)
commit 6ed79425d8c68de38132e9aa1da59ea80371cd94
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 15 09:07:33 2015 +0100
winbindd: pass an memory context to do_ntlm_auth_with_stored_pw()
We should avoid using NULL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit 871e8a9fd029bbcbccb79bd17f9c6a2617b8be55)
commit eab2039912f91c86ad1140e8161834445fa3ab9b
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 9 16:15:13 2015 +0100
s3:tests/test_ntlm_auth_s3: test ntlmssp-client-1 with cached credentials
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11776
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit 9bd1ecffffd070333a22ef2449a179cee3effe5d)
commit 06e6d372c2949679f330c77e29f8fd847aa42368
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 9 16:15:13 2015 +0100
s3:torture/test_ntlm_auth.py: add --client-use-cached-creds option
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11776
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit 1289130ad2aeded63990bf1bde6f169505c62280)
commit b8eabce67ac07c774f2fd0c02e754d4f0a2dd6f6
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Dec 11 12:11:05 2015 +0100
s3:torture/test_ntlm_auth.py: replace tabs with whitespaces
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit cf2ea04135774853d1cebca82c60bed890135163)
commit 6b766dc50238bdc50a0f0fb4ed2752023e882732
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 9 21:23:33 2015 +0100
s3:ntlm_auth: fix --use-cached-creds with ntlmssp-client-1
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11776
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit 69a7ec794213e8adec5dcbd9ca45172df13292c1)
commit c6aef8c9779d4a97077e72fcaeb72518774e5556
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Mar 2 12:06:50 2016 +0100
auth/ntlmssp: add gensec_ntlmssp_server_domain()
This is a hack in order to temporary export the server domain
from NTLMSSP through the gensec stack.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit a85a02b631609cd9c16e1048c62dbe9661128279)
commit 3d0fc91a875006159f60f330fd305ee3d1d1019a
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Mar 2 22:15:50 2016 +0100
auth/ntlmssp: keep ntlmssp_state->server.netbios_domain on the correct talloc context
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 0a9e37a0db86815d2baf7ab791721b6a7e04a717)
commit 76e22d9ae2b27700b2b9c22592e25ec1817c5c22
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Mar 1 19:39:04 2016 +0100
s3:auth_generic: add auth_generic_client_start_by_sasl()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 79a6fc0532936558421eb4321f795655b5280763)
commit 4f97bcb4f9c93e27b35a16a3888282c614890788
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Nov 26 11:44:02 2015 +0100
s3:auth_generic: add auth_generic_client_start_by_name()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit ccfd2647c7e65c3e2ad92dbc27c21570da0706d4)
commit 131762580543996d947c5ac68269a9c29227df9e
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Nov 26 11:43:02 2015 +0100
auth/gensec: make gensec_security_by_name() public
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit 8efcb4943585f015c9956118d8f42be89d5c7677)
commit 967282e26e304fb0ed800571cd346d47c672f46a
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Mar 1 19:29:40 2016 +0100
auth/gensec: handle gensec_security_by_sasl_name(NULL, ...)
We do that for all other gensec_security_by_*() functions already.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 64364e365c56c93e86305a536c5c68450d154d2a)
commit 7cad825ed74d839f8b41d3d4bbd0f574822c9e4e
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Mar 2 12:06:50 2016 +0100
auth/gensec: keep a pointer to a possible child/sub gensec_security context
This is a hack in order to temporary implement something like:
gensec_ntlmssp_server_domain(), which may be used within spnego.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 5e913af833721733c4f79f2636fc3ae19d5f42f0)
commit 9e8749a10875ffd84bff4878187ede3ae43415a3
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 19 10:53:34 2015 +0200
s4:pygensec: make sig_size() and sign/check_packet() available
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 0f6713826dfe73b7f338b8110c53ce52d42efbda)
commit 028c6094c4b43ee4633e5579a88907f6a1cf9621
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Mar 5 02:52:29 2016 +0100
s3:librpc/gse: implement gensec_gse_max_{input,wrapped}_size()
This is important in order to support gensec_[un]wrap() with GENSEC_SEAL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit dec9d085f3eea8d49fa129c05c030bdd779cba54)
commit 8614c6c3084e7c8886abf154b07335739fd7903a
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Mar 2 07:42:41 2016 +0100
s3:librpc/gse: don't log gss_acquire_creds failed at level 0
Some callers just retry after a kinit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 79bf88353488b5912435e0c7f8e77f2d075ce134)
commit 1448dba39606d2aab6b99b56b05a221a810772f7
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Mar 1 17:37:38 2016 +0100
s3:librpc/gse: correctly support GENSEC_FEATURE_SESSION_KEY
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit e4aebd7e28e7b00a13246b367eb2e7de5ae7b57b)
commit 55b0f3cfc340ba07f751ea0e1d6ab297b4d1ced0
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Jun 22 15:22:44 2015 +0200
s3:librpc/gse: set GSS_KRB5_CRED_NO_CI_FLAGS_X in gse_init_client() if available
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit a8fa078f1acbd9fb1a1681033922731dce855aad)
commit b10c1db5c60ed241b7112b7d5b021476793f6cac
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Jun 22 15:21:53 2015 +0200
s3:librpc/gse: fix debug message in gse_init_client()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 84c66f1a388c8b5105f3740a3cd5d4d5a27f6ee8)
commit 73f2fa69a433b78673a4440c57221077daf0b0b2
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Jun 22 15:21:05 2015 +0200
s3:librpc/gse: make use of GSS_C_EMPTY_BUFFER in gse_init_client
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 46b92525181fa32c5797c914e8de92f3c226e3c7)
commit 26d4f25b8b7780b8018e499f7e7a3c2fee0d8d1a
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Jun 22 15:18:22 2015 +0200
wscript_configure_system_mitkrb5: add configure checks for GSS_KRB5_CRED_NO_CI_FLAGS_X
Newer MIT versions (maybe krb5-1.14) will also support this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 1fd5bdafbddfd0ad2926ef50a0cb7d07956ddd44)
commit 1a5f08299d0cf7446f98448e232b889afddc3c09
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Mar 2 14:36:14 2016 +0100
s3:libads: remove unused ads_connect_gc()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit cd8af25d4bf87a9156cb2afb3dd206c68b1bedd7)
commit 93332f4c2a909f633e9d288dd6422526bdb29486
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 23 11:06:47 2015 +0100
s4:librpc/rpc: map alter context SEC_PKG_ERROR to NT_STATUS_LOGON_FAILURE
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 960b0adfb398eeabd48213393bc560654baeed5b)
commit d3564500f6c7695809bd74f34d7bdcdf83ea6422
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jul 17 03:36:36 2015 +0200
librpc/rpc: add error mappings for NO_CALL_ACTIVE, OUT_OF_RESOURCES and BAD_STUB_DATA
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit e9e9ba7eaecf2b6d95e79fbe424e1479e9468d63)
commit 6ea3642d35a9915e3539032a8e7daa0e07f3d42e
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jul 17 03:35:19 2015 +0200
dcerpc.idl: make WERROR RPC faults available in ndr_print output
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit 5afc2d85b3d17b32ca9bd2856958114af146f80e)
commit b6a1b04c44adbf959779a0e3f137c5842bed61b5
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jul 16 17:15:24 2015 +0200
epmapper.idl: make epm_twr_t available in python bindings
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 2e71f5d9351b9660a5ef94309674e09fdeb7ab48)
commit 557fc14284e79dae2040b7f9312888fff63d5aa2
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Mar 8 15:53:21 2016 +0100
s3:selftest: run samba3.blackbox.smbclient_auth.plain also with $SERVER_IPV6
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 2c9f9557e4d7e02b4f588aa0a6551a6881ac57af)
commit 338e1a9e1957b88f84f85c60d432950d2e16d70a
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Mar 8 15:47:59 2016 +0100
s3:test_smbclient_auth.sh: test using the ip address in the unc path (incl. ipv6-literal.net)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit e906739553ee6112426af0cf29e33ef1920a316c)
commit c51b125b4cab26d07518f5871d373ef653d4fac4
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 4 02:18:38 2016 +0100
lib/util_net: add support for .ipv6-literal.net
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 6400bbb5eee958babbdd578c2f80b0c65d6f6e7a)
commit b0c603c37d0ddfd7a0e94a06b73879cb4060df2b
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 4 02:18:38 2016 +0100
lib/util_net: move ipv6 linklocal handling into interpret_string_addr_internal()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 771042a2387b596fff2ab59a1a68d75c6c27b2cc)
commit 84f8c9a00c59cc913458ec2390f32f94b4497064
Author: Volker Lendecke <vl at samba.org>
Date: Mon Jan 11 21:49:21 2016 +0100
spnego: Correctly check asn1_tag_remaining retval
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 024c619fa82960ae4f8af029b6872102202ffd07)
commit 4d73b8432369e216343d6306da89d53289f2b293
Author: Christian Ambach <ambi at samba.org>
Date: Mon Feb 8 23:20:19 2016 +0100
s4:torture/ntlmssp fix a compiler warning
about invalid array subscript
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Christian Ambach <ambi at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 8ca0f14b5c4ac85e40c9c96f8f5ebb569335f031)
commit 2e8f4c85effbcec5e089f10ea44ae7a45aac78a3
Author: Günther Deschner <gd at samba.org>
Date: Tue Nov 17 18:35:29 2015 +0100
s4-torture: flesh out ntlmssp_AUTHENTICATE_MESSAGE_check().
Guenther
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit e073f3c0b622f49ffad7082b9b4fbc429c48d530)
commit baa0a10d979aef1491efc9eb3aa85374f1f808b4
Author: Günther Deschner <gd at samba.org>
Date: Tue Nov 17 18:32:28 2015 +0100
s4-torture: add ndr pullpush validation for NTLMSSP CHALLENGE and AUTHENTICATE messages.
Guenther
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 68b9b18e6cd346e2aa32418642b0746cee593be3)
commit f39d6d4986cbf8c19422a19549561877b5ae1482
Author: Günther Deschner <gd at samba.org>
Date: Tue Nov 17 18:30:16 2015 +0100
s4-torture: flesh out ntlmssp_CHALLENGE_MESSAGE_check().
Guenther
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit fe1be37c71a816458173082fa9213a3f279a0b79)
commit dd6b2931e34d4c6cccdd39bcb382f85a6d7303ca
Author: Günther Deschner <gd at samba.org>
Date: Tue Nov 17 18:29:16 2015 +0100
s4-torture: activate testing of CHALLENGE and AUTHENTICATE ntlmssp messages.
Guenther
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 4ac7a6572149ec5b43a91a303c2008e73e467a56)
commit 98466fff65c2fa1cca000861322df41e41fa6cc5
Author: Günther Deschner <gd at samba.org>
Date: Tue Nov 17 18:27:29 2015 +0100
s4-torture: fill in ntlmssp_NEGOTIATE_MESSAGE_check().
Guenther
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 68d043faa0aa9e5e0d289806e1aa2acba3f07af5)
commit b1f72ca143d32763e017f1317bdcc0ab823bac44
Author: Günther Deschner <gd at samba.org>
Date: Tue Nov 17 15:35:29 2015 +0100
ntlmssp: when pulling messages it is important to clear memory first.
Guenther
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 30386c23ae0a6afd2060e626c73df9a3691a71fb)
commit 3b93cf00e3ebbcc261cbf4796d72fe4a58bbc18e
Author: Günther Deschner <gd at samba.org>
Date: Tue Nov 17 15:34:47 2015 +0100
ntlmssp: properly document version defines in IDL (from MS-NLMP).
Guenther
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit ded0f3c8b7b4132d250907022ba59e88b45a6ed0)
commit 9ed62a3d16e8cfc2bc5e96c044a0faf6ce11dc12
Author: Günther Deschner <gd at samba.org>
Date: Tue Nov 17 16:42:08 2015 +0100
ntlmssp: fix copy/paste typo in CHALLENGE_MESSAGE in IDL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 4be7451d9a7ed122c61a08bcf977bebeef4749dd)
commit 0c1671a7585595b377d9c508854f5d2cf1d3c921
Author: Günther Deschner <gd at samba.org>
Date: Mon Nov 16 16:31:27 2015 +0100
ntlmssp: add some missing defines from MS-NLMP to our IDL.
Guenther
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit feb4ee62c5271b45877c1d3bc1d8b327439e5fd4)
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 550 ++++
auth/credentials/credentials.h | 5 +-
auth/credentials/credentials_ntlm.c | 12 +-
auth/gensec/gensec.c | 113 +-
auth/gensec/gensec.h | 4 +
auth/gensec/gensec_internal.h | 7 +
auth/gensec/gensec_start.c | 18 +-
auth/gensec/schannel.c | 22 +-
auth/gensec/spnego.c | 289 ++-
auth/ntlmssp/gensec_ntlmssp.c | 9 +
auth/ntlmssp/gensec_ntlmssp_server.c | 44 +-
auth/ntlmssp/ntlmssp.c | 91 +-
auth/ntlmssp/ntlmssp.h | 17 +
auth/ntlmssp/ntlmssp_client.c | 513 +++-
auth/ntlmssp/ntlmssp_ndr.c | 1 +
auth/ntlmssp/ntlmssp_private.h | 10 +-
auth/ntlmssp/ntlmssp_server.c | 424 +++-
auth/ntlmssp/ntlmssp_sign.c | 103 +-
auth/ntlmssp/ntlmssp_util.c | 176 +-
auth/ntlmssp/wscript_build | 2 +-
.../ldap/ldapserverrequirestrongauth.xml | 26 +
.../smbdotconf/protocol/clientipcmaxprotocol.xml | 29 +
.../smbdotconf/protocol/clientipcminprotocol.xml | 29 +
docs-xml/smbdotconf/protocol/clientmaxprotocol.xml | 9 +-
docs-xml/smbdotconf/protocol/clientminprotocol.xml | 6 +
docs-xml/smbdotconf/protocol/clientusespnego.xml | 5 +
.../security/allowdcerpcauthlevelconnect.xml | 27 +
docs-xml/smbdotconf/security/clientipcsigning.xml | 26 +
docs-xml/smbdotconf/security/clientntlmv2auth.xml | 5 +
docs-xml/smbdotconf/security/clientsigning.xml | 12 +-
docs-xml/smbdotconf/security/rawntlmv2auth.xml | 19 +
docs-xml/smbdotconf/security/serversigning.xml | 2 +-
docs-xml/smbdotconf/security/tlsverifypeer.xml | 47 +
lib/param/loadparm.c | 47 +-
lib/param/loadparm.h | 6 +
lib/param/param_table.c | 27 +
lib/util/util_net.c | 247 +-
lib/util/util_net.h | 1 +
libcli/auth/proto.h | 6 +
libcli/auth/smbencrypt.c | 170 +-
libcli/auth/spnego.h | 8 +-
libcli/auth/spnego_parse.c | 5 +-
libcli/smb/smbXcli_base.c | 1 +
libcli/smb/smb_constants.h | 1 +
libcli/smb/smb_signing.c | 4 +
libcli/smb/tstream_smbXcli_np.c | 4 +
librpc/idl/dcerpc.idl | 15 +-
librpc/idl/epmapper.idl | 2 +-
librpc/idl/ntlmssp.idl | 48 +-
librpc/idl/security.idl | 9 +
librpc/ndr/ndr_ntlmssp.c | 16 +
librpc/ndr/ndr_ntlmssp.h | 2 +
librpc/rpc/binding.c | 2 +-
librpc/rpc/dcerpc_error.c | 6 +-
librpc/rpc/dcerpc_util.c | 141 +-
librpc/rpc/rpc_common.h | 9 +-
nsswitch/libwbclient/wbc_pam.c | 21 +-
nsswitch/winbind_struct_protocol.h | 1 +
python/samba/tests/__init__.py | 525 ++++
python/samba/tests/dcerpc/dnsserver.py | 2 +-
python/samba/tests/dcerpc/raw_protocol.py | 2623 ++++++++++++++++++++
selftest/knownfail | 28 +
.../DC-addc.addom.samba.example.com-S02-cert.pem | 191 ++
.../DC-addc.addom.samba.example.com-S02-key.pem | 54 +
...DC-addc.addom.samba.example.com-S02-openssl.cnf | 250 ++
...ddc.addom.samba.example.com-S02-private-key.pem | 51 +
.../DC-addc.addom.samba.example.com-S02-req.pem | 30 +
.../DC-addc.addom.samba.example.com-cert.pem | 1 +
...DC-addc.addom.samba.example.com-private-key.pem | 1 +
.../DC-localdc.samba.example.com-S00-cert.pem | 190 ++
.../DC-localdc.samba.example.com-S00-key.pem | 54 +
.../DC-localdc.samba.example.com-S00-openssl.cnf | 250 ++
...C-localdc.samba.example.com-S00-private-key.pem | 51 +
.../DC-localdc.samba.example.com-S00-req.pem | 30 +
.../DC-localdc.samba.example.com-cert.pem | 1 +
.../DC-localdc.samba.example.com-private-key.pem | 1 +
.../manage-ca/CA-samba.example.com/NewCerts/00.pem | 190 ++
.../manage-ca/CA-samba.example.com/NewCerts/01.pem | 169 ++
.../manage-ca/CA-samba.example.com/NewCerts/02.pem | 191 ++
.../manage-ca/CA-samba.example.com/NewCerts/03.pem | 169 ++
.../Private/CA-samba.example.com-crlnumber.txt | 1 +
.../Private/CA-samba.example.com-crlnumber.txt.old | 1 +
.../Private/CA-samba.example.com-index.txt | 4 +
.../Private/CA-samba.example.com-index.txt.attr | 1 +
.../CA-samba.example.com-index.txt.attr.old | 1 +
.../Private/CA-samba.example.com-index.txt.old | 3 +
.../Private/CA-samba.example.com-openssl.cnf | 203 ++
.../Private/CA-samba.example.com-private-key.pem | 102 +
.../Private/CA-samba.example.com-serial.txt | 1 +
.../Private/CA-samba.example.com-serial.txt.old | 1 +
.../Public/CA-samba.example.com-cert.pem | 62 +
.../Public/CA-samba.example.com-crl.pem | 32 +
...inistrator at addom.samba.example.com-S03-cert.pem | 169 ++
...ministrator at addom.samba.example.com-S03-key.pem | 30 +
...strator at addom.samba.example.com-S03-openssl.cnf | 242 ++
...tor at addom.samba.example.com-S03-private-key.pem | 27 +
...ministrator at addom.samba.example.com-S03-req.pem | 19 +
...-administrator at addom.samba.example.com-cert.pem | 1 +
...strator at addom.samba.example.com-private-key.pem | 1 +
...ER-administrator at samba.example.com-S01-cert.pem | 169 ++
...SER-administrator at samba.example.com-S01-key.pem | 30 +
...administrator at samba.example.com-S01-openssl.cnf | 242 ++
...nistrator at samba.example.com-S01-private-key.pem | 27 +
...SER-administrator at samba.example.com-S01-req.pem | 19 +
.../USER-administrator at samba.example.com-cert.pem | 1 +
...administrator at samba.example.com-private-key.pem | 1 +
selftest/manage-ca/manage-CA-samba.example.com.cnf | 21 +
selftest/manage-ca/manage-CA-samba.example.com.sh | 18 +
selftest/manage-ca/manage-ca.sh | 387 +++
.../manage-CA-example.com.cnf | 17 +
.../openssl-BASE-template.cnf | 201 ++
.../manage-ca.templates.d/openssl-CA-template.cnf | 2 +
.../manage-ca.templates.d/openssl-DC-template.cnf | 49 +
.../openssl-USER-template.cnf | 41 +
selftest/selftest.pl | 40 +
selftest/target/Samba.pm | 105 +
selftest/target/Samba3.pm | 1 +
selftest/target/Samba4.pm | 232 +-
source3/auth/auth_domain.c | 2 +-
source3/auth/auth_samba4.c | 4 +-
source3/auth/auth_util.c | 15 +
source3/include/auth_generic.h | 7 +-
source3/include/proto.h | 48 +-
source3/lib/netapi/cm.c | 2 +-
source3/libads/ads_proto.h | 1 -
source3/libads/ldap.c | 134 -
source3/libads/sasl.c | 671 ++---
source3/libnet/libnet_join.c | 6 +-
source3/librpc/crypto/gse.c | 81 +-
source3/librpc/rpc/dcerpc.h | 10 +-
source3/librpc/rpc/dcerpc_helpers.c | 98 +-
source3/libsmb/auth_generic.c | 51 +-
source3/libsmb/cliconnect.c | 669 ++---
source3/libsmb/clientgen.c | 9 +
source3/libsmb/clispnego.c | 282 ---
source3/libsmb/ntlmssp.c | 765 ------
source3/libsmb/ntlmssp_wrap.c | 135 -
source3/libsmb/passchange.c | 7 +-
source3/param/loadparm.c | 43 +-
source3/rpc_client/cli_pipe.c | 314 ++-
source3/rpc_server/netlogon/srv_netlog_nt.c | 57 +-
source3/rpc_server/rpc_handles.c | 1 +
source3/rpc_server/rpc_ncacn_np.c | 3 +-
source3/rpc_server/rpc_pipes.h | 11 +
source3/rpc_server/rpc_server.c | 12 +
source3/rpc_server/samr/srv_samr_nt.c | 21 +-
source3/rpc_server/srv_pipe.c | 494 ++--
source3/rpcclient/rpcclient.c | 5 +-
source3/script/tests/test_ntlm_auth_s3.sh | 2 +
source3/script/tests/test_rpcclient_samlogon.sh | 11 +-
source3/script/tests/test_smbclient_auth.sh | 11 +
source3/selftest/tests.py | 7 +-
source3/smbd/negprot.c | 6 +-
source3/smbd/sesssetup.c | 4 +-
source3/smbd/smb2_negprot.c | 10 +-
source3/smbd/smb2_sesssetup.c | 3 +-
source3/torture/test_ntlm_auth.py | 553 +++--
source3/utils/net_ads.c | 2 +-
source3/utils/net_rpc.c | 2 +-
source3/utils/net_util.c | 2 +-
source3/utils/ntlm_auth.c | 803 +-----
source3/winbindd/winbindd_ccache_access.c | 44 +-
source3/winbindd/winbindd_cm.c | 6 +-
source3/wscript_build | 10 +-
source4/auth/gensec/pygensec.c | 83 +
source4/auth/ntlm/auth_util.c | 4 +-
source4/ldap_server/ldap_bind.c | 50 +-
source4/ldap_server/ldap_server.c | 6 +
source4/ldap_server/ldap_server.h | 2 +
source4/lib/tls/tls.h | 23 +
source4/lib/tls/tls_tstream.c | 249 ++
source4/lib/tls/tlscert.c | 18 +-
source4/lib/tls/wscript | 5 +
source4/libcli/cliconnect.c | 2 +-
source4/libcli/ldap/ldap_bind.c | 62 +-
source4/libcli/ldap/ldap_client.c | 9 +-
source4/libcli/raw/libcliraw.h | 1 +
source4/libcli/raw/rawnegotiate.c | 11 +-
source4/libcli/smb2/connect.c | 7 +-
source4/libcli/smb_composite/connect.c | 1 +
source4/libcli/smb_composite/sesssetup.c | 35 +-
source4/librpc/rpc/dcerpc.c | 351 ++-
source4/librpc/rpc/dcerpc.h | 14 +-
source4/librpc/rpc/dcerpc_auth.c | 93 +-
source4/librpc/rpc/dcerpc_connect.c | 22 +
source4/librpc/rpc/dcerpc_roh.c | 13 +-
source4/librpc/rpc/dcerpc_util.c | 22 +-
source4/param/loadparm.c | 3 +-
source4/rpc_server/backupkey/dcesrv_backupkey.c | 13 +-
.../backupkey/dcesrv_backupkey_heimdal.c | 12 +-
source4/rpc_server/common/reply.c | 49 +-
source4/rpc_server/dcerpc_server.c | 812 ++++--
source4/rpc_server/dcerpc_server.h | 57 +-
source4/rpc_server/dcesrv_auth.c | 261 +-
source4/rpc_server/dcesrv_mgmt.c | 8 +
source4/rpc_server/dnsserver/dcerpc_dnsserver.c | 8 +
source4/rpc_server/drsuapi/dcesrv_drsuapi.c | 8 +
source4/rpc_server/echo/rpc_echo.c | 7 +
source4/rpc_server/epmapper/rpc_epmapper.c | 8 +
source4/rpc_server/handles.c | 8 +-
source4/rpc_server/lsa/dcesrv_lsa.c | 8 +
source4/rpc_server/lsa/lsa_lookup.c | 12 +-
source4/rpc_server/netlogon/dcerpc_netlogon.c | 46 +-
source4/rpc_server/remote/dcesrv_remote.c | 8 +-
source4/rpc_server/samr/dcesrv_samr.c | 12 +
source4/rpc_server/samr/samr_password.c | 25 +-
source4/selftest/tests.py | 75 +-
source4/smb_server/smb/negprot.c | 6 +-
source4/smb_server/smb/sesssetup.c | 10 +
source4/smb_server/smb2/negprot.c | 7 +-
source4/smb_server/smb2/sesssetup.c | 8 -
source4/torture/basic/base.c | 20 +-
source4/torture/ndr/ntlmssp.c | 183 +-
source4/torture/raw/samba3misc.c | 7 +
source4/torture/rpc/backupkey.c | 19 +-
source4/torture/rpc/backupkey_heimdal.c | 19 +-
source4/torture/rpc/forest_trust.c | 12 +-
source4/torture/rpc/lsa.c | 14 +-
source4/torture/rpc/netlogon.c | 101 +-
source4/torture/rpc/netlogon.h | 7 +
source4/torture/rpc/remote_pac.c | 39 +-
source4/torture/rpc/samba3rpc.c | 61 +-
source4/torture/rpc/samlogon.c | 3 +-
source4/torture/rpc/samr.c | 4 +-
source4/torture/rpc/schannel.c | 29 +-
source4/torture/rpc/testjoin.c | 35 +-
testprogs/blackbox/test_ldb_simple.sh | 41 +
wscript_configure_system_mitkrb5 | 4 +-
229 files changed, 14845 insertions(+), 4750 deletions(-)
create mode 100644 docs-xml/smbdotconf/ldap/ldapserverrequirestrongauth.xml
create mode 100644 docs-xml/smbdotconf/protocol/clientipcmaxprotocol.xml
create mode 100644 docs-xml/smbdotconf/protocol/clientipcminprotocol.xml
create mode 100644 docs-xml/smbdotconf/security/allowdcerpcauthlevelconnect.xml
create mode 100644 docs-xml/smbdotconf/security/clientipcsigning.xml
create mode 100644 docs-xml/smbdotconf/security/rawntlmv2auth.xml
create mode 100644 docs-xml/smbdotconf/security/tlsverifypeer.xml
create mode 100755 python/samba/tests/dcerpc/raw_protocol.py
create mode 100644 selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-cert.pem
create mode 100644 selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-key.pem
create mode 100644 selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-openssl.cnf
create mode 100644 selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-private-key.pem
create mode 100644 selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-S02-req.pem
create mode 120000 selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-cert.pem
create mode 120000 selftest/manage-ca/CA-samba.example.com/DCs/addc.addom.samba.example.com/DC-addc.addom.samba.example.com-private-key.pem
create mode 100644 selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-cert.pem
create mode 100644 selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-key.pem
create mode 100644 selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-openssl.cnf
create mode 100644 selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-private-key.pem
create mode 100644 selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-S00-req.pem
create mode 120000 selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-cert.pem
create mode 120000 selftest/manage-ca/CA-samba.example.com/DCs/localdc.samba.example.com/DC-localdc.samba.example.com-private-key.pem
create mode 100644 selftest/manage-ca/CA-samba.example.com/NewCerts/00.pem
create mode 100644 selftest/manage-ca/CA-samba.example.com/NewCerts/01.pem
create mode 100644 selftest/manage-ca/CA-samba.example.com/NewCerts/02.pem
create mode 100644 selftest/manage-ca/CA-samba.example.com/NewCerts/03.pem
create mode 100644 selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-crlnumber.txt
create mode 100644 selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-crlnumber.txt.old
create mode 100644 selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-index.txt
create mode 100644 selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-index.txt.attr
create mode 100644 selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-index.txt.attr.old
create mode 100644 selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-index.txt.old
create mode 100644 selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-openssl.cnf
create mode 100644 selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-private-key.pem
create mode 100644 selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-serial.txt
create mode 100644 selftest/manage-ca/CA-samba.example.com/Private/CA-samba.example.com-serial.txt.old
create mode 100644 selftest/manage-ca/CA-samba.example.com/Public/CA-samba.example.com-cert.pem
create mode 100644 selftest/manage-ca/CA-samba.example.com/Public/CA-samba.example.com-crl.pem
create mode 100644 selftest/manage-ca/CA-samba.example.com/Users/administrator at addom.samba.example.com/USER-administrator at addom.samba.example.com-S03-cert.pem
create mode 100644 selftest/manage-ca/CA-samba.example.com/Users/administrator at addom.samba.example.com/USER-administrator at addom.samba.example.com-S03-key.pem
create mode 100644 selftest/manage-ca/CA-samba.example.com/Users/administrator at addom.samba.example.com/USER-administrator at addom.samba.example.com-S03-openssl.cnf
create mode 100644 selftest/manage-ca/CA-samba.example.com/Users/administrator at addom.samba.example.com/USER-administrator at addom.samba.example.com-S03-private-key.pem
create mode 100644 selftest/manage-ca/CA-samba.example.com/Users/administrator at addom.samba.example.com/USER-administrator at addom.samba.example.com-S03-req.pem
create mode 120000 selftest/manage-ca/CA-samba.example.com/Users/administrator at addom.samba.example.com/USER-administrator at addom.samba.example.com-cert.pem
create mode 120000 selftest/manage-ca/CA-samba.example.com/Users/administrator at addom.samba.example.com/USER-administrator at addom.samba.example.com-private-key.pem
create mode 100644 selftest/manage-ca/CA-samba.example.com/Users/administrator at samba.example.com/USER-administrator at samba.example.com-S01-cert.pem
create mode 100644 selftest/manage-ca/CA-samba.example.com/Users/administrator at samba.example.com/USER-administrator at samba.example.com-S01-key.pem
create mode 100644 selftest/manage-ca/CA-samba.example.com/Users/administrator at samba.example.com/USER-administrator at samba.example.com-S01-openssl.cnf
create mode 100644 selftest/manage-ca/CA-samba.example.com/Users/administrator at samba.example.com/USER-administrator at samba.example.com-S01-private-key.pem
create mode 100644 selftest/manage-ca/CA-samba.example.com/Users/administrator at samba.example.com/USER-administrator at samba.example.com-S01-req.pem
create mode 120000 selftest/manage-ca/CA-samba.example.com/Users/administrator at samba.example.com/USER-administrator at samba.example.com-cert.pem
create mode 120000 selftest/manage-ca/CA-samba.example.com/Users/administrator at samba.example.com/USER-administrator at samba.example.com-private-key.pem
create mode 100644 selftest/manage-ca/manage-CA-samba.example.com.cnf
create mode 100644 selftest/manage-ca/manage-CA-samba.example.com.sh
create mode 100755 selftest/manage-ca/manage-ca.sh
create mode 100644 selftest/manage-ca/manage-ca.templates.d/manage-CA-example.com.cnf
create mode 100644 selftest/manage-ca/manage-ca.templates.d/openssl-BASE-template.cnf
create mode 100644 selftest/manage-ca/manage-ca.templates.d/openssl-CA-template.cnf
create mode 100644 selftest/manage-ca/manage-ca.templates.d/openssl-DC-template.cnf
create mode 100644 selftest/manage-ca/manage-ca.templates.d/openssl-USER-template.cnf
delete mode 100644 source3/libsmb/ntlmssp.c
delete mode 100644 source3/libsmb/ntlmssp_wrap.c
create mode 100755 testprogs/blackbox/test_ldb_simple.sh
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index 437e544..8f6c55c 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=4
-SAMBA_VERSION_RELEASE=0
+SAMBA_VERSION_RELEASE=2
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 396ce6e..cea4492 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,553 @@
+ =============================
+ Release Notes for Samba 4.4.2
+ April 12, 2016
+ =============================
+
+This is a security release containing one additional
+regression fix for the security release 4.4.1.
+
+This fixes a regression that prevents things like 'net ads join'
+from working against a Windows 2003 domain.
+
+Changes since 4.4.1:
+====================
+
+o Stefan Metzmacher <metze at samba.org>
+ * Bug 11804 - prerequisite backports for the security release on
+ April 12th, 2016
+
+Release notes for the original 4.4.1 release follows:
+-----------------------------------------------------
+
+ =============================
+ Release Notes for Samba 4.4.1
+ April 12, 2016
+ =============================
+
+
+This is a security release in order to address the following CVEs:
+
+o CVE-2015-5370 (Multiple errors in DCE-RPC code)
+
+o CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP)
+
+o CVE-2016-2111 (NETLOGON Spoofing Vulnerability)
+
+o CVE-2016-2112 (LDAP client and server don't enforce integrity)
+
+o CVE-2016-2113 (Missing TLS certificate validation)
+
+o CVE-2016-2114 ("server signing = mandatory" not enforced)
+
+o CVE-2016-2115 (SMB IPC traffic is not integrity protected)
+
+o CVE-2016-2118 (SAMR and LSA man in the middle attacks possible)
+
+The number of changes are rather huge for a security release,
+compared to typical security releases.
+
+Given the number of problems and the fact that they are all related
+to man in the middle attacks we decided to fix them all at once
+instead of splitting them.
+
+In order to prevent the man in the middle attacks it was required
+to change the (default) behavior for some protocols. Please see the
+"New smb.conf options" and "Behavior changes" sections below.
+
+=======
+Details
+=======
+
+o CVE-2015-5370
+
+ Versions of Samba from 3.6.0 to 4.4.0 inclusive are vulnerable to
+ denial of service attacks (crashes and high cpu consumption)
+ in the DCE-RPC client and server implementations. In addition,
+ errors in validation of the DCE-RPC packets can lead to a downgrade
+ of a secure connection to an insecure one.
+
+ While we think it is unlikely, there's a nonzero chance for
+ a remote code execution attack against the client components,
+ which are used by smbd, winbindd and tools like net, rpcclient and
+ others. This may gain root access to the attacker.
+
+ The above applies all possible server roles Samba can operate in.
+
+ Note that versions before 3.6.0 had completely different marshalling
+ functions for the generic DCE-RPC layer. It's quite possible that
+ that code has similar problems!
+
+ The downgrade of a secure connection to an insecure one may
+ allow an attacker to take control of Active Directory object
+ handles created on a connection created from an Administrator
+ account and re-use them on the now non-privileged connection,
+ compromising the security of the Samba AD-DC.
+
+o CVE-2016-2110:
+
+ There are several man in the middle attacks possible with
+ NTLMSSP authentication.
+
+ E.g. NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL
+ can be cleared by a man in the middle.
+
+ This was by protocol design in earlier Windows versions.
+
+ Windows Server 2003 RTM and Vista RTM introduced a way
+ to protect against the trivial downgrade.
+
+ See MsvAvFlags and flag 0x00000002 in
+ https://msdn.microsoft.com/en-us/library/cc236646.aspx
+
+ This new feature also implies support for a mechlistMIC
+ when used within SPNEGO, which may prevent downgrades
+ from other SPNEGO mechs, e.g. Kerberos, if sign or
+ seal is finally negotiated.
+
+ The Samba implementation doesn't enforce the existence of
+ required flags, which were requested by the application layer,
+ e.g. LDAP or SMB1 encryption (via the unix extensions).
+ As a result a man in the middle can take over the connection.
+ It is also possible to misguide client and/or
+ server to send unencrypted traffic even if encryption
+ was explicitly requested.
+
+ LDAP (with NTLMSSP authentication) is used as a client
+ by various admin tools of the Samba project,
+ e.g. "net", "samba-tool", "ldbsearch", "ldbedit", ...
+
+ As an active directory member server LDAP is also used
+ by the winbindd service when connecting to domain controllers.
+
+ Samba also offers an LDAP server when running as
+ active directory domain controller.
+
+ The NTLMSSP authentication used by the SMB1 encryption
+ is protected by smb signing, see CVE-2015-5296.
+
+o CVE-2016-2111:
+
+ It's basically the same as CVE-2015-0005 for Windows:
+
+ The NETLOGON service in Microsoft Windows Server 2003 SP2,
+ Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold
+ and R2, when a Domain Controller is configured, allows remote
+ attackers to spoof the computer name of a secure channel's
+ endpoint, and obtain sensitive session information, by running a
+ crafted application and leveraging the ability to sniff network
+ traffic, aka "NETLOGON Spoofing Vulnerability".
+
+ The vulnerability in Samba is worse as it doesn't require
+ credentials of a computer account in the domain.
+
+ This only applies to Samba running as classic primary domain controller,
+ classic backup domain controller or active directory domain controller.
+
+ The security patches introduce a new option called "raw NTLMv2 auth"
+ ("yes" or "no") for the [global] section in smb.conf.
+ Samba (the smbd process) will reject client using raw NTLMv2
+ without using NTLMSSP.
+
+ Note that this option also applies to Samba running as
+ standalone server and member server.
+
+ You should also consider using "lanman auth = no" (which is already the default)
+ and "ntlm auth = no". Have a look at the smb.conf manpage for further details,
+ as they might impact compatibility with older clients. These also
+ apply for all server roles.
+
+o CVE-2016-2112:
+
+ Samba uses various LDAP client libraries, a builtin one and/or the system
+ ldap libraries (typically openldap).
+
+ As active directory domain controller Samba also provides an LDAP server.
+
+ Samba takes care of doing SASL (GSS-SPNEGO) authentication with Kerberos or NTLMSSP
+ for LDAP connections, including possible integrity (sign) and privacy (seal)
+ protection.
+
+ Samba has support for an option called "client ldap sasl wrapping" since version
+ 3.2.0. Its default value has changed from "plain" to "sign" with version 4.2.0.
+
+ Tools using the builtin LDAP client library do not obey the
+ "client ldap sasl wrapping" option. This applies to tools like:
+ "samba-tool", "ldbsearch", "ldbedit" and more. Some of them have command line
+ options like "--sign" and "--encrypt". With the security update they will
+ also obey the "client ldap sasl wrapping" option as default.
+
+ In all cases, even if explicitly request via "client ldap sasl wrapping",
+ "--sign" or "--encrypt", the protection can be downgraded by a man in the
+ middle.
+
+ The LDAP server doesn't have an option to enforce strong authentication
+ yet. The security patches will introduce a new option called
+ "ldap server require strong auth", possible values are "no",
+ "allow_sasl_over_tls" and "yes".
+
+ As the default behavior was as "no" before, you may
+ have to explicitly change this option until all clients have
+ been adjusted to handle LDAP_STRONG_AUTH_REQUIRED errors.
+ Windows clients and Samba member servers already use
+ integrity protection.
+
+o CVE-2016-2113:
+
+ Samba has support for TLS/SSL for some protocols:
+ ldap and http, but currently certificates are not
+ validated at all. While we have a "tls cafile" option,
+ the configured certificate is not used to validate
+ the server certificate.
+
+ This applies to ldaps:// connections triggered by tools like:
+ "ldbsearch", "ldbedit" and more. Note that it only applies
+ to the ldb tools when they are built as part of Samba or with Samba
+ extensions installed, which means the Samba builtin LDAP client library is
+ used.
+
+ It also applies to dcerpc client connections using ncacn_http (with https://),
+ which are only used by the openchange project. Support for ncacn_http
+ was introduced in version 4.2.0.
+
+ The security patches will introduce a new option called
+ "tls verify peer". Possible values are "no_check", "ca_only",
+ "ca_and_name_if_available", "ca_and_name" and "as_strict_as_possible".
+
+ If you use the self-signed certificates which are auto-generated
+ by Samba, you won't have a crl file and need to explicitly
+ set "tls verify peer = ca_and_name".
+
+o CVE-2016-2114
+
+ Due to a regression introduced in Samba 4.0.0,
+ an explicit "server signing = mandatory" in the [global] section
+ of the smb.conf was not enforced for clients using the SMB1 protocol.
+
+ As a result it does not enforce smb signing and allows man in the middle attacks.
+
+ This problem applies to all possible server roles:
+ standalone server, member server, classic primary domain controller,
+ classic backup domain controller and active directory domain controller.
+
+ In addition, when Samba is configured with "server role = active directory domain controller"
+ the effective default for the "server signing" option should be "mandatory".
+
+ During the early development of Samba 4 we had a new experimental
+ file server located under source4/smb_server. But before
+ the final 4.0.0 release we switched back to the file server
+ under source3/smbd.
+
+ But the logic for the correct default of "server signing" was not
+ ported correctly ported.
+
+ Note that the default for server roles other than active directory domain
+ controller, is "off" because of performance reasons.
+
+o CVE-2016-2115:
+
+ Samba has an option called "client signing", this is turned off by default
+ for performance reasons on file transfers.
+
+ This option is also used when using DCERPC with ncacn_np.
+
+ In order to get integrity protection for ipc related communication
+ by default the "client ipc signing" option is introduced.
+ The effective default for this new option is "mandatory".
+
+ In order to be compatible with more SMB server implementations,
+ the following additional options are introduced:
+ "client ipc min protocol" ("NT1" by default) and
+ "client ipc max protocol" (the highest support SMB2/3 dialect by default).
+ These options overwrite the "client min protocol" and "client max protocol"
+ options, because the default for "client max protocol" is still "NT1".
+ The reason for this is the fact that all SMB2/3 support SMB signing,
+ while there are still SMB1 implementations which don't offer SMB signing
+ by default (this includes Samba versions before 4.0.0).
+
+ Note that winbindd (in versions 4.2.0 and higher) enforces SMB signing
+ against active directory domain controllers despite of the
+ "client signing" and "client ipc signing" options.
+
+o CVE-2016-2118 (a.k.a. BADLOCK):
+
+ The Security Account Manager Remote Protocol [MS-SAMR] and the
+ Local Security Authority (Domain Policy) Remote Protocol [MS-LSAD]
+ are both vulnerable to man in the middle attacks. Both are application level
+ protocols based on the generic DCE 1.1 Remote Procedure Call (DCERPC) protocol.
+
+ These protocols are typically available on all Windows installations
+ as well as every Samba server. They are used to maintain
+ the Security Account Manager Database. This applies to all
+ roles, e.g. standalone, domain member, domain controller.
+
+ Any authenticated DCERPC connection a client initiates against a server
+ can be used by a man in the middle to impersonate the authenticated user
+ against the SAMR or LSAD service on the server.
+
+ The client chosen application protocol, auth type (e.g. Kerberos or NTLMSSP)
+ and auth level (NONE, CONNECT, PKT_INTEGRITY, PKT_PRIVACY) do not matter
+ in this case. A man in the middle can change auth level to CONNECT
+ (which means authentication without message protection) and take over
+ the connection.
+
+ As a result, a man in the middle is able to get read/write access to the
+ Security Account Manager Database, which reveals all passwords
+ and any other potential sensitive information.
+
+ Samba running as an active directory domain controller is additionally
+ missing checks to enforce PKT_PRIVACY for the
+ Directory Replication Service Remote Protocol [MS-DRSR] (drsuapi)
+ and the BackupKey Remote Protocol [MS-BKRP] (backupkey).
+ The Domain Name Service Server Management Protocol [MS-DNSP] (dnsserver)
+ is not enforcing at least PKT_INTEGRITY.
+
+====================
+New smb.conf options
+====================
+
+ allow dcerpc auth level connect (G)
+
+ This option controls whether DCERPC services are allowed to be used with
+ DCERPC_AUTH_LEVEL_CONNECT, which provides authentication, but no per
+ message integrity nor privacy protection.
+
+ Some interfaces like samr, lsarpc and netlogon have a hard-coded default
+ of no and epmapper, mgmt and rpcecho have a hard-coded default of yes.
+
+ The behavior can be overwritten per interface name (e.g. lsarpc,
+ netlogon, samr, srvsvc, winreg, wkssvc ...) by using
+ 'allow dcerpc auth level connect:interface = yes' as option.
+
+ This option yields precedence to the implementation specific restrictions.
+ E.g. the drsuapi and backupkey protocols require DCERPC_AUTH_LEVEL_PRIVACY.
+ The dnsserver protocol requires DCERPC_AUTH_LEVEL_INTEGRITY.
+
+ Default: allow dcerpc auth level connect = no
+
+ Example: allow dcerpc auth level connect = yes
+
+ client ipc signing (G)
+
+ This controls whether the client is allowed or required to use
+ SMB signing for IPC$ connections as DCERPC transport. Possible
+ values are auto, mandatory and disabled.
+
+ When set to mandatory or default, SMB signing is required.
+
+ When set to auto, SMB signing is offered, but not enforced and
+ if set to disabled, SMB signing is not offered either.
+
+ Connections from winbindd to Active Directory Domain Controllers
+ always enforce signing.
+
+ Default: client ipc signing = default
+
+ client ipc max protocol (G)
+
+ The value of the parameter (a string) is the highest protocol level that will
+ be supported for IPC$ connections as DCERPC transport.
+
+ Normally this option should not be set as the automatic negotiation phase
+ in the SMB protocol takes care of choosing the appropriate protocol.
+
+ The value default refers to the latest supported protocol, currently SMB3_11.
+
+ See client max protocol for a full list of available protocols.
+ The values CORE, COREPLUS, LANMAN1, LANMAN2 are silently upgraded to NT1.
+
+ Default: client ipc max protocol = default
+
+ Example: client ipc max protocol = SMB2_10
+
+ client ipc min protocol (G)
+
+ This setting controls the minimum protocol version that the will be
+ attempted to use for IPC$ connections as DCERPC transport.
+
+ Normally this option should not be set as the automatic negotiation phase
+ in the SMB protocol takes care of choosing the appropriate protocol.
+
+ The value default refers to the higher value of NT1 and the
+ effective value of "client min protocol".
+
+ See client max protocol for a full list of available protocols.
+ The values CORE, COREPLUS, LANMAN1, LANMAN2 are silently upgraded to NT1.
+
+ Default: client ipc min protocol = default
+
+ Example: client ipc min protocol = SMB3_11
+
+ ldap server require strong auth (G)
+
+ The ldap server require strong auth defines whether the
+ ldap server requires ldap traffic to be signed or
+ signed and encrypted (sealed). Possible values are no,
+ allow_sasl_over_tls and yes.
+
+ A value of no allows simple and sasl binds over all transports.
+
+ A value of allow_sasl_over_tls allows simple and sasl binds (without sign or seal)
+ over TLS encrypted connections. Unencrypted connections only
+ allow sasl binds with sign or seal.
+
+ A value of yes allows only simple binds over TLS encrypted connections.
+ Unencrypted connections only allow sasl binds with sign or seal.
+
+ Default: ldap server require strong auth = yes
+
+ raw NTLMv2 auth (G)
+
+ This parameter determines whether or not smbd(8) will allow SMB1 clients
+ without extended security (without SPNEGO) to use NTLMv2 authentication.
+
+ If this option, lanman auth and ntlm auth are all disabled, then only
+ clients with SPNEGO support will be permitted. That means NTLMv2 is only
+ supported within NTLMSSP.
+
+ Default: raw NTLMv2 auth = no
+
+ tls verify peer (G)
+
+ This controls if and how strict the client will verify the peer's
+ certificate and name. Possible values are (in increasing order): no_check,
+ ca_only, ca_and_name_if_available, ca_and_name and as_strict_as_possible.
+
+ When set to no_check the certificate is not verified at all,
+ which allows trivial man in the middle attacks.
+
+ When set to ca_only the certificate is verified to be signed from a ca
+ specified in the "tls ca file" option. Setting "tls ca file" to a valid file
+ is required. The certificate lifetime is also verified. If the "tls crl file"
+ option is configured, the certificate is also verified against
+ the ca crl.
+
+ When set to ca_and_name_if_available all checks from ca_only are performed.
+ In addition, the peer hostname is verified against the certificate's
+ name, if it is provided by the application layer and not given as
+ an ip address string.
+
+ When set to ca_and_name all checks from ca_and_name_if_available are performed.
+ In addition the peer hostname needs to be provided and even an ip
+ address is checked against the certificate's name.
+
+ When set to as_strict_as_possible all checks from ca_and_name are performed.
+ In addition the "tls crl file" needs to be configured. Future versions
+ of Samba may implement additional checks.
+
+ Default: tls verify peer = as_strict_as_possible
+
+ tls priority (G) (backported from Samba 4.3 to Samba 4.2)
+
+ This option can be set to a string describing the TLS protocols to be
+ supported in the parts of Samba that use GnuTLS, specifically the AD DC.
+
+ The default turns off SSLv3, as this protocol is no longer considered
+ secure after CVE-2014-3566 (otherwise known as POODLE) impacted SSLv3 use
+ in HTTPS applications.
+
+ The valid options are described in the GNUTLS Priority-Strings
+ documentation at http://gnutls.org/manual/html_node/Priority-Strings.html
+
+ Default: tls priority = NORMAL:-VERS-SSL3.0
+
+================
+Behavior changes
+================
+
+o The default auth level for authenticated binds has changed from
+ DCERPC_AUTH_LEVEL_CONNECT to DCERPC_AUTH_LEVEL_INTEGRITY.
+ That means ncacn_ip_tcp:server is now implicitly the same
+ as ncacn_ip_tcp:server[sign] and offers a similar protection
+ as ncacn_np:server, which relies on smb signing.
+
+o The following constraints are applied to SMB1 connections:
+
+ - "client lanman auth = yes" is now consistently
+ required for authenticated connections using the
+ SMB1 LANMAN2 dialect.
+ - "client ntlmv2 auth = yes" and "client use spnego = yes"
+ (both the default values), require extended security (SPNEGO)
+ support from the server. That means NTLMv2 is only used within
+ NTLMSSP.
+
+o Tools like "samba-tool", "ldbsearch", "ldbedit" and more obey the
+ default of "client ldap sasl wrapping = sign". Even with
+ "client ldap sasl wrapping = plain" they will automatically upgrade
+ to "sign" when getting LDAP_STRONG_AUTH_REQUIRED from the LDAP
+ server.
+
+Changes since 4.4.0:
+====================
+
+o Jeremy Allison <jra at samba.org>
--
Samba Shared Repository
More information about the samba-cvs
mailing list