[SCM] Samba Shared Repository - branch master updated
Stefan Metzmacher
metze at samba.org
Tue Apr 12 21:03:04 UTC 2016
The branch, master has been updated
via 2ec4e16 s3:libads: sasl wrapped LDAP connections against with kerberos and arcfour-hmac-md5
via 4ec5ff4 CVE-2015-5370: s4:selftest: run samba.tests.dcerpc.raw_protocol against ad_dc
via 4a53c8a CVE-2015-5370: python/samba/tests: add some dcerpc raw_protocol tests
via 782e8e2 CVE-2015-5370: python/samba/tests: add infrastructure to do raw protocol tests for DCERPC
via 3b359d0 CVE-2015-5370: s4:librpc/rpc: call dcerpc_connection_dead() on protocol errors
via 7e0b9c2 CVE-2015-5370: s3:rpc_client: disconnect connection on protocol errors
via e31d8de CVE-2015-5370: libcli/smb: use a max timeout of 1 second in tstream_smbXcli_np_destructor()
via 65d9ab0 CVE-2015-5370: s3:rpc_server: verify auth_context_id in api_pipe_{bind_auth3,alter_context}
via f37f965 CVE-2015-5370: s3:rpc_client: verify auth_context_id in rpc_pipe_bind_step_one_done()
via 97ee4d8 CVE-2015-5370: s3:librpc/rpc: verify auth_context_id in dcerpc_check_auth()
via 9dedf27 CVE-2015-5370: s3:librpc/rpc: make use of auth->auth_context_id in dcerpc_add_auth_footer()
via 1c0f927 CVE-2015-5370: s3:rpc_server: make use of pipe_auth_data->auth_context_id
via f564287 CVE-2015-5370: s3:rpc_client: make use of pipe_auth_data->auth_context_id
via ce8d2d6 CVE-2015-5370: s3:librpc/rpc: add auth_context_id to struct pipe_auth_data
via 6923621 CVE-2015-5370: s3:rpc_client: pass struct pipe_auth_data to create_rpc_{bind_auth3,alter_context}()
via dc91d35 CVE-2015-5370: s3:rpc_server: don't allow an existing context to be changed in check_bind_req()
via 3fdc4de CVE-2015-5370: s3:rpc_server: check the transfer syntax in check_bind_req() first
via 0f8d4a5 CVE-2015-5370: s3:librpc/rpc: remove unused dcerpc_pull_dcerpc_auth()
via 28661ca CVE-2015-5370: s3:rpc_server: use DCERPC_NCA_S_PROTO_ERROR FAULTs for protocol errors
via 6c9a2d3 CVE-2015-5370: s3:rpc_server: let a failing BIND mark the connection as broken
via cd1c7d2 CVE-2015-5370: s3:rpc_server: disconnect the connection after a fatal FAULT pdu
via a18a811 CVE-2015-5370: s3:rpc_server: make use of dcerpc_verify_ncacn_packet_header() to verify incoming pdus
via ab29002 CVE-2015-5370: s3:rpc_server: verify presentation context arrays
via e4fa243 CVE-2015-5370: s3:rpc_server: use 'alter' instead of 'bind' for variables in api_pipe_alter_context()
via f74c4c8 CVE-2015-5370: s3:rpc_server: ensure that the message ordering doesn't violate the spec
via 302d927 CVE-2015-5370: s3:rpc_server: make sure auth_level isn't changed by alter_context or auth3
via 46436d0 CVE-2015-5370: s3:rpc_server: let a failing auth3 mark the authentication as invalid
via f8aa62d CVE-2015-5370: s3:rpc_server: don't allow auth3 if the authentication was already finished
via b4e38e2 CVE-2015-5370: s3:rpc_server: don't ignore failures of dcerpc_push_ncacn_packet()
via 84027af CVE-2015-5370: s3:rpc_server: just call pipe_auth_generic_bind() in api_pipe_bind_req()
via ca96d57 CVE-2015-5370: s3:rpc_server: let a failing sec_verification_trailer mark the connection as broken
via 3f02e04 CVE-2015-5370: s3:rpc_server: make use of dcerpc_pull_auth_trailer() in api_pipe_{bind_req,alter_context,bind_auth3}()
via 2e56192 CVE-2015-5370: s3:rpc_client: verify auth_{type,level} in rpc_pipe_bind_step_one_done()
via 574eca7 CVE-2015-5370: s3:rpc_client: protect rpc_api_pipe_got_pdu() against too large payloads
via a4811d3 CVE-2015-5370: s3:rpc_client: make use of dcerpc_verify_ncacn_packet_header() in cli_pipe_validate_current_pdu()
via 7123204 CVE-2015-5370: s3:rpc_client: make use of dcerpc_pull_auth_trailer()
via 8a62408 CVE-2015-5370: s3:librpc/rpc: let dcerpc_check_auth() auth_{type,level} against the expected values.
via 642fe0a CVE-2015-5370: s3:librpc/rpc: remove auth trailer and possible padding within dcerpc_check_auth()
via 5108d26 CVE-2015-5370: librpc/rpc: don't allow pkt->auth_length == 0 in dcerpc_pull_auth_trailer()
via c0f3f30 CVE-2015-5370: s4:rpc_server: reject DCERPC_PFC_FLAG_PENDING_CANCEL with DCERPC_FAULT_NO_CALL_ACTIVE
via 0b16561 CVE-2015-5370: s4:rpc_server: the assoc_group is relative to the connection (association)
via ad6a5cf CVE-2015-5370: s4:rpc_server: only allow one fragmented call_id at a time
via 4b6197f CVE-2015-5370: s4:rpc_server: limit allocation and alloc_hint to 4 MByte
via 6b5144c CVE-2015-5370: s4:rpc_server: check frag_length for requests
via aef225a CVE-2015-5370: s4:rpc_server: give the correct reject reasons for invalid auth_level values
via 818e09f CVE-2015-5370: s4:rpc_server: disconnect after a failing dcesrv_auth_request()
via a30eee5 CVE-2015-5370: s4:rpc_server: let a failing auth3 mark the authentication as invalid
via 04e9245 CVE-2015-5370: s4:rpc_server: failing authentication should generate a SEC_PKG_ERROR
via ed066b6 CVE-2015-5370: s4:rpc_server: fix the order of error checking in dcesrv_alter()
via 1f7dc72 CVE-2015-5370: s4:rpc_server: changing an existing presentation context via alter_context is a protocol error
via f2dbb1c CVE-2015-5370: s4:rpc_server: don't derefence an empty ctx_list array in dcesrv_alter()
via 909538c CVE-2015-5370: s4:rpc_server: remove pointless dcesrv_find_context() from dcesrv_bind()
via 57afdaa CVE-2015-5370: s4:rpc_server: let invalid request fragments disconnect the connection with a protocol error
via 5cb1250 CVE-2015-5370: s4:rpc_server: make sure alter_context and auth3 can't change auth_{type,level,context_id}
via cb8e2ab CVE-2015-5370: s4:rpc_server: maintain in and out struct dcerpc_auth per dcesrv_call_state
via 0ba1b18 CVE-2015-5370: s4:rpc_server: ensure that the message ordering doesn't violate the spec
via c0d74ca CVE-2015-5370: s4:rpc_server: verify the protocol headers before processing pdus
via caa1e75 CVE-2015-5370: s4:rpc_server: add infrastructure to terminate a connection after a response
via 57b0758 CVE-2015-5370: s4:rpc_server: make dcesrv_process_ncacn_packet() static
via 3c6fef3 CVE-2015-5370: s4:rpc_server: return the correct secondary_address in dcesrv_bind()
via 7bde997 CVE-2015-5370: s4:rpc_server: add some padding to dcesrv_bind_nak() responses
via 254048f CVE-2015-5370: s4:rpc_server: split out a dcesrv_fault_with_flags() helper function
via 5c76e84 CVE-2015-5370: s4:rpc_server: fill context_id in dcesrv_fault()
via c58dbe4 CVE-2015-5370: s4:rpc_server: set alloc_hint = 24 in dcesrv_fault()
via e3c3499 CVE-2015-5370: s4:rpc_server: avoid ZERO_STRUCT() in dcesrv_fault()
via e6f6b4b CVE-2015-5370: s4:rpc_server: correctly maintain dcesrv_connection->max_{recv,xmit}_frag
via 4624c83 CVE-2015-5370: s4:rpc_server/netlogon: make use of dce_call->conn->auth_state.auth_{level,type}
via f91da2a CVE-2015-5370: s4:rpc_server/samr: make use of dce_call->conn->auth_state.auth_level
via 8305c0a CVE-2015-5370: s4:rpc_server/lsa: make use of dce_call->conn->auth_state.auth_{level,type}
via 06b9c93 CVE-2015-5370: s4:rpc_server: make use of dce_call->conn->auth_state.auth_* in dcesrv_request()
via accac3a CVE-2015-5370: s4:rpc_server: maintain dcesrv_auth->auth_{type,level,context_id}
via f97d9d1 CVE-2015-5370: s4:rpc_server: check the result of dcerpc_pull_auth_trailer() in dcesrv_auth_bind()
via b6ac227 CVE-2015-5370: s4:rpc_server: no authentication is indicated by pkt->auth_length == 0
via 2396086 CVE-2015-5370: s4:rpc_server: make use of talloc_zero()
via def0019 CVE-2015-5370: s4:librpc/rpc: protect dcerpc_request_recv_data() against too large payloads
via 3bf4763 CVE-2015-5370: s4:librpc/rpc: use dcerpc_verify_ncacn_packet_header() to verify BIND_ACK,ALTER_RESP,RESPONSE pdus
via 9f4d962 CVE-2015-5370: s4:librpc/rpc: handle DCERPC_PKT_FAULT before anything else in dcerpc_alter_context_recv_handler()
via 02a74dd CVE-2015-5370: s4:librpc/rpc: make use of dcerpc_map_ack_reason() in dcerpc_bind_recv_handler()
via 8cba1c3 CVE-2015-5370: s3:rpc_client: remove useless frag_length check in rpc_api_pipe_got_pdu()
via 6cef082 CVE-2015-5370: s3:rpc_client: move AS/U hack to the top of cli_pipe_validate_current_pdu()
via 0fa8378 CVE-2015-5370: librpc/rpc: add a dcerpc_verify_ncacn_packet_header() helper function
via cdba091 CVE-2015-5370: s4:librpc/rpc: finally verify the server uses the expected auth_{type,level,context_id} values
via ace2364 CVE-2015-5370: s4:librpc/rpc: avoid using dcecli_security->auth_info and use per request values
via 98ef1d6 CVE-2015-5370: s4:librpc/rpc: simplify checks if gensec is used in dcerpc_ship_next_request()
via 46be379 CVE-2015-5370: s4:librpc/rpc: avoid dereferencing sec->auth_info in dcerpc_request_prepare_vt()
via d4e735c CVE-2015-5370: s4:librpc/rpc: always use ncacn_pull_request_auth() for DCERPC_PKT_RESPONSE pdus
via 8a93fbc CVE-2015-5370: s4:librpc/rpc: avoid using c->security_state.auth_info in ncacn_pull_request_auth()
via a735892 CVE-2015-5370: s4:librpc/rpc: avoid using hs->p->conn->security_state.auth_info in dcerpc_bh_auth_info()
via 3e3ea1b CVE-2015-5370: s4:librpc/rpc: use a local auth_info variable in ncacn_push_request_sign()
via 8f6cffc CVE-2015-5370: s4:librpc/rpc: use auth_context_id = 1
via 27da35f CVE-2015-5370: s4:librpc/rpc: maintain dcecli_security->auth_{type,level,context_id}
via 335b3ce CVE-2015-5370: s4:librpc/rpc: send a dcerpc_sec_verification_trailer if needed
via 67f6fd3 CVE-2015-5370: s3:librpc/rpc: don't call dcerpc_pull_auth_trailer() if auth_length is 0
via 8e19ce7 CVE-2015-5370: librpc/rpc: simplify and harden dcerpc_pull_auth_trailer()
via 63a7d05 CVE-2015-5370: dcerpc.idl: add DCERPC_{NCACN_PAYLOAD,FRAG}_MAX_SIZE defines
via 14e5f9a CVE-2016-2118: s3:rpc_server/samr: allow _samr_ValidatePassword only with PRIVACY...
via 521316d CVE-2016-2118: s4:rpc_server/samr: allow _samr_ValidatePassword only with PRIVACY...
via f762be4 CVE-2016-2118: docs-xml: default "allow dcerpc auth level connect" to "no"
via 339e306 CVE-2016-2118: s3:rpc_server/{epmapper,echo}: allow DCERPC_AUTH_LEVEL_CONNECT by default
via 41bccb5 CVE-2016-2118: s3:rpc_server/{samr,lsa,netlogon}: reject DCERPC_AUTH_LEVEL_CONNECT by default
via 7fab11e CVE-2016-2118: s3:rpc_server: make use of "allow dcerpc auth level connect"
via 5c9b10d CVE-2016-2118: s4:rpc_server/rpcecho: allow DCERPC_AUTH_LEVEL_CONNECT by default
via 4dbf6f8 CVE-2016-2118: s4:rpc_server/mgmt: allow DCERPC_AUTH_LEVEL_CONNECT by default
via b6b726c CVE-2016-2118: s4:rpc_server/epmapper: allow DCERPC_AUTH_LEVEL_CONNECT by default
via ea3f14c CVE-2016-2118: s4:rpc_server/netlogon: reject DCERPC_AUTH_LEVEL_CONNECT by default
via 398a21c CVE-2016-2118: s4:rpc_server/samr: reject DCERPC_AUTH_LEVEL_CONNECT by default
via fcdd15a CVE-2016-2118: s4:rpc_server/lsa: reject DCERPC_AUTH_LEVEL_CONNECT by default
via 991dddd CVE-2016-2118: s4:rpc_server: make use of "allow dcerpc auth level connect"
via 06b038c CVE-2016-2118: docs-xml: add "allow dcerpc auth level connect" defaulting to "yes"
via 9085300 CVE-2016-2118: s4:librpc: use integrity by default for authenticated binds
via d1c2ad4 CVE-2016-2118: librpc: change the default auth level from DCERPC_AUTH_LEVEL_CONNECT to DCERPC_AUTH_LEVEL_INTEGRITY
via 6a47994 CVE-2016-2118: s3: rpcclient: change the default auth level from DCERPC_AUTH_LEVEL_CONNECT to DCERPC_AUTH_LEVEL_INTEGRITY
via e9a51ad CVE-2016-2118: s4:rpc_server/dnsserver: require at least DCERPC_AUTH_LEVEL_INTEGRITY
via 85972a5 CVE-2016-2118: python:tests/dcerpc: use [sign] for dnsserver tests
via c32548f CVE-2016-2118: s4:rpc_server/backupkey: require DCERPC_AUTH_LEVEL_PRIVACY
via 80dae9a CVE-2016-2118: s4:rpc_server/drsuapi: require DCERPC_AUTH_LEVEL_PRIVACY
via 51aa7bd CVE-2016-2118: s4:rpc_server: make it possible to define a min_auth_level on a presentation context
via c52097a CVE-2016-2115: docs-xml: always default "client ipc signing" to "mandatory"
via 1667e73 CVE-2016-2115: s3:libsmb: use SMB_SIGNING_IPC_DEFAULT and lp_client_ipc_{min,max}_protocol()
via 121196e CVE-2016-2115: s3:libnet: use SMB_SIGNING_IPC_DEFAULT
via eaa7f66 CVE-2016-2115: s3:auth_domain: use SMB_SIGNING_IPC_DEFAULT
via 983a55b CVE-2016-2115: s3:lib/netapi: use SMB_SIGNING_IPC_DEFAULT
via e9c0adf CVE-2016-2115: net: use SMB_SIGNING_IPC_DEFAULT
via 5c8721e CVE-2016-2115: s3:libsmb: let SMB_SIGNING_IPC_DEFAULT use "client ipc min/max protocol"
via b720575 CVE-2016-2115: s3:libsmb: add signing constant SMB_SIGNING_IPC_DEFAULT
via a046ffd CVE-2016-2115: s3:winbindd: use lp_client_ipc_signing()
via 57b04e8 CVE-2016-2115: s3:winbindd: use lp_client_ipc_{min,max}_protocol()
via b6debbc CVE-2016-2115: s4:librpc/rpc: make use of "client ipc *" options for ncacn_np
via 68d6c10 CVE-2016-2115: s4:libcli/raw: pass the minprotocol to smb_raw_negotiate*()
via 57f0b0c CVE-2016-2115: s4:libcli/raw: limit maxprotocol to NT1 in smb_raw_negotiate*()
via 5721234 CVE-2016-2115: s4:libcli/smb2: use the configured min_protocol
via 35ce75e CVE-2016-2115: s4:libcli/raw: add smbcli_options.min_protocol
via f65f618 CVE-2016-2115: docs-xml: add "client ipc signing" option
via 8ff6a95 CVE-2016-2115: docs-xml: add "client ipc min protocol" and "client ipc max protocol" options
via 1dd4378 CVE-2016-2114: docs-xml: let the "smb signing" documentation reflect the reality
via 99f2bbc CVE-2016-2114: s3:smbd: enforce "server signing = mandatory"
via 80adeb0 CVE-2016-2114: libcli/smb: let mandatory signing imply allowed signing
via 5cb4ee2 CVE-2016-2114: s3:smbd: use the correct default values for "smb signing"
via 44dd523 CVE-2016-2114: s4:smb2_server: fix session setup with required signing
via 6ad9ba7 CVE-2016-2113: docs-xml: let "tls verify peer" default to "as_strict_as_possible"
via 7cf3318 CVE-2016-2113: selftest: use "tls verify peer = no_check"
via 942e4ed CVE-2016-2113: selftest: test all "tls verify peer" combinations with ldaps
via 45ff760 CVE-2016-2113: s4:librpc/rpc: verify the rpc_proxy certificate and hostname if configured
via 4b679c3 CVE-2016-2113: s4:libcli/ldap: verify the server certificate and hostname if configured
via e72b2c9 CVE-2016-2113: s4:selftest: explicitly use '--option="tlsverifypeer=no_check" for some ldaps tests
via 2362c03 CVE-2016-2113: docs-xml: add "tls verify peer" option defaulting to "no_check"
via 64a9cd2 CVE-2016-2113: s4:lib/tls: implement infrastructure to do peer verification
via b5681c4 CVE-2016-2113: s4:lib/tls: create better certificates and sign the host cert with the ca cert
via 6e22abd CVE-2016-2112: docs-xml: change the default of "ldap server require strong auth" to "yes"
via 2b40fb8 CVE-2016-2112: s4:selftest: run some ldap test against ad_dc_ntvfs, fl2008r2dc and fl2003dc
via e71be80 CVE-2016-2112: selftest: servers with explicit "ldap server require strong auth" options
via c5c5735 CVE-2016-2112: s4:selftest: run samba4.ldap.bind against fl2008r2dc
via 28f1af7 CVE-2016-2112: s4:ldap_server: implement "ldap server require strong auth" option
via 0cd2ace CVE-2016-2112: docs-xml: add "ldap server require strong auth" option
via dedba1f CVE-2016-2112: s4:ldap_server: reduce scope of old_session_info variable
via 98ff297 CVE-2016-2112: s4:selftest: use --option=clientldapsaslwrapping=plain for plain connections
via 05692ec CVE-2016-2112: s4:libcli/ldap: auto upgrade to SIGN after STRONG_AUTH_REQUIRED
via 1da744b CVE-2016-2112: s4:libcli/ldap: make sure we detect downgrade attacks
via ed863ef CVE-2016-2112: s4:libcli/ldap: honour "client ldap sasl wrapping" option
via 20859a2 CVE-2016-2112: s3:libads: make sure we detect downgrade attacks
via 1dc40a0 CVE-2016-2111: docs-xml/smbdotconf: default "raw NTLMv2 auth" to "no"
via 5ab1db0 CVE-2016-2111: selftest:Samba3: use "raw NTLMv2 auth = yes" for nt4_dc
via 70452c9 CVE-2016-2111: s4:smb_server: implement "raw NTLMv2 auth" checks
via 4fb6867 CVE-2016-2111: s3:auth: implement "raw NTLMv2 auth" checks
via a1900b5 CVE-2016-2111: docs-xml: add "raw NTLMv2 auth" defaulting to "yes"
via 6cd48ad CVE-2016-2111: docs-xml: document the new "client NTLMv2 auth" and "client use spnego" interaction
via 2c73047 CVE-2016-2111: s3:libsmb: don't send a raw NTLMv2 response when we want to use spnego
via a711399 CVE-2016-2111: s4:libcli: don't send a raw NTLMv2 response when we want to use spnego
via 894aad5 CVE-2016-2111: s4:param: use "client use spnego" to initialize options->use_spnego
via c985ffd CVE-2016-2111: s4:libcli: don't allow the LANMAN2 session setup without "client lanman auth = yes"
via f10589c CVE-2016-2111: s4:torture/base: don't use ntlmv2 for dos connection in base.samba3error
via bbb066a CVE-2016-2111: s4:torture/raw: don't use ntlmv2 for dos connection in raw.samba3badpath
via 93e3f25 CVE-2016-2111: s3:rpc_server/netlogon: check NTLMv2_RESPONSE values for SEC_CHAN_WKSTA
via fb20f13 CVE-2016-2111: s4:rpc_server/netlogon: check NTLMv2_RESPONSE values for SEC_CHAN_WKSTA
via 423e95b CVE-2016-2111: libcli/auth: add NTLMv2_RESPONSE_verify_netlogon_creds() helper function
via 847192d CVE-2016-2111: s4:torture/rpc: fix rpc.pac ntlmv2 test
via 5adad29 CVE-2016-2111: s4:torture/rpc: fix rpc.samba3.netlogon ntlmv2 test
via 9ed1197 CVE-2016-2111: s3:rpc_server/netlogon: require DCERPC_AUTH_LEVEL_PRIVACY for validation level 6
via 5fe7085 CVE-2016-2111: s4:rpc_server/netlogon: require DCERPC_AUTH_LEVEL_PRIVACY for validation level 6
via d4a64ba CVE-2016-2111: s3:rpc_server/netlogon: always go through netr_creds_server_step_check()
via afe48e9 CVE-2016-2111: s4:rpc_server: implement 'server schannel = yes' restriction
via 7074b1a CVE-2016-2111: auth/gensec: correctly report GENSEC_FEATURE_{SIGN,SEAL} in schannel_have_feature()
via 2200d49 CVE-2016-2111: auth/gensec: require DCERPC_AUTH_LEVEL_INTEGRITY or higher in schannel_update()
via 0d641ee CVE-2016-2110: auth/ntlmssp: implement new_spnego support including MIC generation (as client)
via c0fc6a6 CVE-2016-2110: auth/ntlmssp: implement new_spnego support including MIC checking (as server)
via 8b76b05 CVE-2016-2110: ntlmssp.idl: add NTLMSSP_MIC_{OFFSET,SIZE}
via 4c48296 CVE-2016-2110: libcli/auth: pass server_timestamp to SMBNTLMv2encrypt_hash()
via bbaba64 CVE-2016-2110: auth/credentials: pass server_timestamp to cli_credentials_get_ntlm_response()
via 8a647ae CVE-2016-2110: auth/credentials: clear the LMv2 key for NTLMv2 in cli_credentials_get_ntlm_response()
via 8cd1a2a CVE-2016-2110: auth/ntlmssp: implement gensec_ntlmssp_may_reset_crypto()
via fa8c656 CVE-2016-2110: auth/ntlmssp: call ntlmssp_sign_init if we provide GENSEC_FEATURE_SIGN
via 1e3bd3e CVE-2016-2110: auth/gensec: add gensec_may_reset_crypto() infrastructure
via a4dd512 CVE-2016-2110: auth/gensec: require spnego mechListMIC exchange for new_spnego backends
via 4ec38db CVE-2016-2110: auth/gensec: fix the client side of a spnego downgrade
via 4106fde CVE-2016-2110: auth/gensec: fix the client side of a new_spnego exchange
via 574535c CVE-2016-2110: libcli/auth: add SPNEGO_REQUEST_MIC to enum spnego_negResult
via 001735a CVE-2016-2110: libcli/auth: use enum spnego_negResult instead of uint8_t
via 2063692 CVE-2016-2110: winbindd: add new_spnego to the WINBINDD_CCACHE_NTLMAUTH response
via 83c7158 CVE-2016-2110: auth/ntlmssp: let gensec_ntlmssp_client_start require NTLM2 (EXTENDED_SESSIONSECURITY) when using ntlmv2
via 858ef6a CVE-2016-2110: auth/ntlmssp: let gensec_ntlmssp_client_start require flags depending on the requested features
via 1668367 CVE-2016-2110: auth/ntlmssp: don't let ntlmssp_handle_neg_flags() change ntlmssp_state->use_ntlmv2
via dc6e28d CVE-2016-2110: auth/ntlmssp: don't allow a downgrade from NTLMv2 to LM_AUTH
via 7a6b3ef CVE-2016-2110: auth/ntlmssp: split allow_lm_response from allow_lm_key
via 2843f01 CVE-2016-2110: auth/ntlmssp: maintain conf_flags and required_flags variables
via 61ec7f0 CVE-2016-2110: auth/ntlmssp: let ntlmssp_handle_neg_flags() return NTSTATUS
via e4bab3a Revert "selftest: dbcheck should not be marked flapping"
from e6ed803 tdb mutex check: Fix CID 1358473 Uninitialized scalar variable
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 2ec4e165e4199e611449830dbb8416d33911c981
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Apr 8 10:05:38 2016 +0200
s3:libads: sasl wrapped LDAP connections against with kerberos and arcfour-hmac-md5
This fixes a regression in commit 2cb07ba50decdfd6d08271cd2b3d893ff95f5af9
(s3:libads: make use of ads_sasl_spnego_gensec_bind() for GSS-SPNEGO with Kerberos)
that prevents things like 'net ads join' from working against a Windows 2003 domain.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Apr 12 23:02:56 CEST 2016 on sn-devel-144
commit 4ec5ff49b8cc124db75d3e4635630a8936fd81d4
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 21:05:53 2015 +0200
CVE-2015-5370: s4:selftest: run samba.tests.dcerpc.raw_protocol against ad_dc
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 4a53c8a588dc4cbc57575a7a817e2a776bbf644b
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Mar 26 22:42:19 2014 +0100
CVE-2015-5370: python/samba/tests: add some dcerpc raw_protocol tests
These are independent from our client library and allow
testing of invalid pdus.
It can be used like this in standalone mode:
SMB_CONF_PATH=/dev/null SERVER=172.31.9.188 python/samba/tests/dcerpc/raw_protocol.py
or
SMB_CONF_PATH=/dev/null SERVER=172.31.9.188 python/samba/tests/dcerpc/raw_protocol.py -v -f TestDCERPC_BIND.test_invalid_auth_noctx
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 782e8e2abd861bc6a96d51ba199ab21192e4786b
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Mar 26 22:42:19 2014 +0100
CVE-2015-5370: python/samba/tests: add infrastructure to do raw protocol tests for DCERPC
These are independent from our client library and allow
testing of invalid pdus.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 3b359d0a8d1aab3010932d2c79bde53d530538aa
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 22 21:13:41 2015 +0100
CVE-2015-5370: s4:librpc/rpc: call dcerpc_connection_dead() on protocol errors
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 7e0b9c2f4bd25853e25a7aa4f3c1773a100be65c
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 22 21:23:14 2015 +0100
CVE-2015-5370: s3:rpc_client: disconnect connection on protocol errors
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit e31d8ded956b3ca379fb31480b7f423f1bcda458
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 23 11:05:45 2015 +0100
CVE-2015-5370: libcli/smb: use a max timeout of 1 second in tstream_smbXcli_np_destructor()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 65d9ab05400f36ad5e279797b9b6461984e3b813
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jul 8 00:01:37 2015 +0200
CVE-2015-5370: s3:rpc_server: verify auth_context_id in api_pipe_{bind_auth3,alter_context}
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit f37f965e23c6b1f9100be1f85377553a23e0bc5e
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 7 22:51:18 2015 +0200
CVE-2015-5370: s3:rpc_client: verify auth_context_id in rpc_pipe_bind_step_one_done()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 97ee4d82b197138b7537a023cc1e0b413bb795bb
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jul 8 00:01:37 2015 +0200
CVE-2015-5370: s3:librpc/rpc: verify auth_context_id in dcerpc_check_auth()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 9dedf276f04401be1095da4c16a3aac1efb49ffe
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jul 8 00:01:37 2015 +0200
CVE-2015-5370: s3:librpc/rpc: make use of auth->auth_context_id in dcerpc_add_auth_footer()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 1c0f927a4efa753af98fdcf405d81c0567fce139
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jul 8 00:01:37 2015 +0200
CVE-2015-5370: s3:rpc_server: make use of pipe_auth_data->auth_context_id
This is better than using hardcoded values.
We need to use the value the client used in the BIND request.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit f56428760aedca26967a565ce3738a379c50ca5a
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jul 8 00:01:37 2015 +0200
CVE-2015-5370: s3:rpc_client: make use of pipe_auth_data->auth_context_id
This is better than using hardcoded values.
We need to use auth_context_id = 1 for authenticated
connections, as old Samba server (before this patchset)
will use a hardcoded value of 1.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit ce8d2d6a70e0dd65664cc3bb0514e359414a35a6
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jul 8 00:01:37 2015 +0200
CVE-2015-5370: s3:librpc/rpc: add auth_context_id to struct pipe_auth_data
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 69236215a9b18fadc021dbc69068c96d9d3c3413
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jul 8 00:01:37 2015 +0200
CVE-2015-5370: s3:rpc_client: pass struct pipe_auth_data to create_rpc_{bind_auth3,alter_context}()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit dc91d352578bbc4a4f1d2d6022f486c1ae89773b
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 7 13:05:01 2015 +0200
CVE-2015-5370: s3:rpc_server: don't allow an existing context to be changed in check_bind_req()
An alter context can't change the syntax of an existing context,
a new context_id will be used for that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 3fdc4de983bfa31cf41912f56b075b7f942c9580
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 7 13:05:01 2015 +0200
CVE-2015-5370: s3:rpc_server: check the transfer syntax in check_bind_req() first
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 0f8d4a50f8066c76b105fcf3f9f2fbcd645e354c
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jul 11 10:58:07 2015 +0200
CVE-2015-5370: s3:librpc/rpc: remove unused dcerpc_pull_dcerpc_auth()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 28661caa9f549e2ef286d3cb4ebe3d99a73a8b6b
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 23 12:38:55 2015 +0100
CVE-2015-5370: s3:rpc_server: use DCERPC_NCA_S_PROTO_ERROR FAULTs for protocol errors
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 6c9a2d38946a0c32c295e6e99b5228b8e0a1a9e7
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 23 12:38:55 2015 +0100
CVE-2015-5370: s3:rpc_server: let a failing BIND mark the connection as broken
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit cd1c7d227fabdd6629105a4cc04334b3f0d9e7e9
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 23 12:40:58 2015 +0100
CVE-2015-5370: s3:rpc_server: disconnect the connection after a fatal FAULT pdu
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit a18a811ce4ff4ecce61e932df9d43a6801f14bf4
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 7 16:06:59 2015 +0200
CVE-2015-5370: s3:rpc_server: make use of dcerpc_verify_ncacn_packet_header() to verify incoming pdus
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit ab29002ddcb3d8291e10de9bc51d282933d10701
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 7 16:06:59 2015 +0200
CVE-2015-5370: s3:rpc_server: verify presentation context arrays
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit e4fa243aa3b54592c4f930c4dd32631cb0e9c406
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 7 16:06:59 2015 +0200
CVE-2015-5370: s3:rpc_server: use 'alter' instead of 'bind' for variables in api_pipe_alter_context()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit f74c4c833540ca88bf32b7853169139b31f3c23d
Author: Jeremy Allison <jra at samba.org>
Date: Tue Jul 7 09:15:39 2015 +0200
CVE-2015-5370: s3:rpc_server: ensure that the message ordering doesn't violate the spec
The first pdu is always a BIND.
REQUEST pdus are only allowed once the authentication
is finished.
A simple anonymous authentication is finished after the BIND.
Real authentication may need additional ALTER or AUTH3 exchanges.
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Jeremy Allison <jra at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 302d927ac2f7d132d3db068de9b12bb666c4cfaf
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 7 13:05:01 2015 +0200
CVE-2015-5370: s3:rpc_server: make sure auth_level isn't changed by alter_context or auth3
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 46436d01da9cfb5e2b08a57e02cfa482d7847137
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 14 16:18:45 2015 +0200
CVE-2015-5370: s3:rpc_server: let a failing auth3 mark the authentication as invalid
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit f8aa62d6979e39f796eede866633c78e3f01fa0c
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 7 13:05:01 2015 +0200
CVE-2015-5370: s3:rpc_server: don't allow auth3 if the authentication was already finished
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit b4e38e29e88998bdabd669581dc6b74b58195c0f
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 7 13:05:01 2015 +0200
CVE-2015-5370: s3:rpc_server: don't ignore failures of dcerpc_push_ncacn_packet()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 84027af3ab1bc275d5989bf22408bfa69074bcad
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 7 13:05:01 2015 +0200
CVE-2015-5370: s3:rpc_server: just call pipe_auth_generic_bind() in api_pipe_bind_req()
pipe_auth_generic_bind() does all the required checks already
and an explicit DCERPC_AUTH_TYPE_NONE is not supported.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit ca96d57816378fee2305ec3071489e51bef87da9
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 23 12:38:55 2015 +0100
CVE-2015-5370: s3:rpc_server: let a failing sec_verification_trailer mark the connection as broken
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 3f02e042217c58d1de60ac393da3491928d61126
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 7 13:05:01 2015 +0200
CVE-2015-5370: s3:rpc_server: make use of dcerpc_pull_auth_trailer() in api_pipe_{bind_req,alter_context,bind_auth3}()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 2e561921bc983e9da964667715ae0fba0f28846b
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 7 22:51:18 2015 +0200
CVE-2015-5370: s3:rpc_client: verify auth_{type,level} in rpc_pipe_bind_step_one_done()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 574eca7655787a7a98df814de389dba14f0520cd
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jul 10 14:48:38 2015 +0200
CVE-2015-5370: s3:rpc_client: protect rpc_api_pipe_got_pdu() against too large payloads
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit a4811d325a49c01393d6415baf05b602ba02b522
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 7 13:05:01 2015 +0200
CVE-2015-5370: s3:rpc_client: make use of dcerpc_verify_ncacn_packet_header() in cli_pipe_validate_current_pdu()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 712320489d6b65f87bbdf0cd91ef4f3e55ece9eb
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 7 13:05:01 2015 +0200
CVE-2015-5370: s3:rpc_client: make use of dcerpc_pull_auth_trailer()
The does much more validation than dcerpc_pull_dcerpc_auth().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 8a6240872c405169176ad7314da9594afb4f8fa1
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jul 9 07:59:24 2015 +0200
CVE-2015-5370: s3:librpc/rpc: let dcerpc_check_auth() auth_{type,level} against the expected values.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 642fe0aa16b6485a9ec83f2eef917272fa2d0997
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jul 9 07:59:24 2015 +0200
CVE-2015-5370: s3:librpc/rpc: remove auth trailer and possible padding within dcerpc_check_auth()
This simplifies the callers a lot.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 5108d26add4d20edf00429d00a0375034adb263e
Author: Stefan Metzmacher <metze at samba.org>
Date: Sun Jun 28 01:19:57 2015 +0200
CVE-2015-5370: librpc/rpc: don't allow pkt->auth_length == 0 in dcerpc_pull_auth_trailer()
All callers should have already checked that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit c0f3f308dae897dc7d58d920dc9448dddb706060
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jul 15 10:18:13 2015 +0200
CVE-2015-5370: s4:rpc_server: reject DCERPC_PFC_FLAG_PENDING_CANCEL with DCERPC_FAULT_NO_CALL_ACTIVE
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 0b1656199a0d73889418ae8eedc85b11d7e15e34
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jul 15 10:18:13 2015 +0200
CVE-2015-5370: s4:rpc_server: the assoc_group is relative to the connection (association)
All presentation contexts of a connection use the same association group.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit ad6a5cfd2d173e98d9620324f8adc5ecfbf401ba
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jul 17 05:01:26 2015 +0200
CVE-2015-5370: s4:rpc_server: only allow one fragmented call_id at a time
It's a protocol error if the client doesn't send all fragments of
a request in one go.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 4b6197f08cb8b207e9c1581da0c72526138f519b
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Jun 29 14:18:09 2015 +0200
CVE-2015-5370: s4:rpc_server: limit allocation and alloc_hint to 4 MByte
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 6b5144c20464fbff908675579c8db50868d2f1e5
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jul 15 17:21:05 2015 +0200
CVE-2015-5370: s4:rpc_server: check frag_length for requests
Note this is not the negotiated fragment size, but a hardcoded maximum.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit aef225aaca2daba3fbafe3937356cabf521aa208
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jul 10 13:55:27 2015 +0200
CVE-2015-5370: s4:rpc_server: give the correct reject reasons for invalid auth_level values
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 818e09fff2ffdac0518fdbc0dcf7a3c3e37d2b48
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: disconnect after a failing dcesrv_auth_request()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit a30eee5745af275861aaa64d8c11cf5abc52eee2
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 14 16:18:45 2015 +0200
CVE-2015-5370: s4:rpc_server: let a failing auth3 mark the authentication as invalid
Following requests will generate a fault with ACCESS_DENIED.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 04e92459a4ea897e22374df996bf74cfb2d6530c
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: failing authentication should generate a SEC_PKG_ERROR
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit ed066b6ca482f7a71e8aeacc1e40dcfd5d637abe
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: fix the order of error checking in dcesrv_alter()
The basically matches Windows 2012R2, it's not 100%
but it's enough for our raw protocol tests to pass.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 1f7dc721e7907274abda720afd4dbe43e79d2e45
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: changing an existing presentation context via alter_context is a protocol error
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit f2dbb1c8b6427213bc2ff0929ffa7cf6f29764d6
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: don't derefence an empty ctx_list array in dcesrv_alter()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 909538c8854b2f6f771d878b79c1cb380effd128
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: remove pointless dcesrv_find_context() from dcesrv_bind()
BIND is the first pdu, which means the list of contexts is always empty.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 57afdaa79b91063bff135777543d91e0c2124cf4
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: let invalid request fragments disconnect the connection with a protocol error
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 5cb125045768d7b4fcd7f55fc2eefca0bf316e12
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: make sure alter_context and auth3 can't change auth_{type,level,context_id}
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit cb8e2abe520ca50eeb7e8cdf3a7dc3f3adefbd85
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: maintain in and out struct dcerpc_auth per dcesrv_call_state
We should not use one "global" per connection variable to hold the
incoming and outgoing auth_info.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 0ba1b1867c3ed388358adc6ae0b583fdc7775795
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: ensure that the message ordering doesn't violate the spec
The first pdu is always a BIND.
REQUEST pdus are only allowed once the authentication
is finished.
A simple anonymous authentication is finished after the BIND.
Real authentication may need additional ALTER or AUTH3 exchanges.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit c0d74ca7af9a9aafe81787bcd540af56e048cca3
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: verify the protocol headers before processing pdus
On protocol errors we should send BIND_NAK or FAULT and mark the
connection as to be terminated.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit caa1e75661a59843e06139ed91462681a26acf3c
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: add infrastructure to terminate a connection after a response
BIND_NAK or FAULT may mark a connection as to be terminated.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 57b07589e79f966ffdf92c2a87c2f1d8bbd7f66e
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: make dcesrv_process_ncacn_packet() static
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 3c6fef3aa597f83805245a702132c78c08fe0a68
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: return the correct secondary_address in dcesrv_bind()
For now we still force \\PIPE\\ in upper case, we may be able to remove
this and change it in our idl files later. But for now we better
behave like a windows server without changing too much.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 7bde997594688baae00e5ef49a1b9b86d89edf4d
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: add some padding to dcesrv_bind_nak() responses
This matches Windows 2012R2.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 254048f9a5873c9e1fd6367ffb8d104d2dcfbaf2
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: split out a dcesrv_fault_with_flags() helper function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 5c76e84663b8084a1e24f564325853eed7e80e26
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: fill context_id in dcesrv_fault()
This depends on the type of the incoming pdu.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit c58dbe45a22dbee7c186aa09deedf436cd467a2b
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: set alloc_hint = 24 in dcesrv_fault()
This matches a Windows 2012R2 server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit e3c3499a8ba8fd100d030e99301ee412ac292acf
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: avoid ZERO_STRUCT() in dcesrv_fault()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit e6f6b4be9adae0a576e93f238b055db5e90701bb
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: correctly maintain dcesrv_connection->max_{recv,xmit}_frag
These values are controlled by the client but only in a range between
2048 and 5840 (including these values in 8 byte steps).
recv and xmit result always in same min value.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 4624c838c890672be6d40208333d5bee11e0ea95
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server/netlogon: make use of dce_call->conn->auth_state.auth_{level,type}
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit f91da2a4a03217be8c61252bb1deca44f7f5b8d3
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server/samr: make use of dce_call->conn->auth_state.auth_level
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 8305c0a8fc76324d9ef4414f17f1c2a554c9cc3a
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server/lsa: make use of dce_call->conn->auth_state.auth_{level,type}
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 06b9c93d397b5f63ab163c1027549ee881f9ff55
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Mar 10 16:02:31 2016 +0100
CVE-2015-5370: s4:rpc_server: make use of dce_call->conn->auth_state.auth_* in dcesrv_request()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit accac3a3bd3d0b43a737b2e85d316481130045aa
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Jun 29 11:03:58 2015 +0200
CVE-2015-5370: s4:rpc_server: maintain dcesrv_auth->auth_{type,level,context_id}
This will simplify checks in the following commits and avoids
derefencing dcesrv_auth->auth_info which is not always arround.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit f97d9d1d11723b076d037f054ed01ec3a3b99294
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: check the result of dcerpc_pull_auth_trailer() in dcesrv_auth_bind()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit b6ac2275c39955cc0184fbc7b2fbe520a59f5a9e
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: no authentication is indicated by pkt->auth_length == 0
pkt->u.*.auth_info.length is not the correct thing to check.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 2396086678ca98d8bd97cb268cd69c9af5e9b4f3
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: s4:rpc_server: make use of talloc_zero()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit def00193c51a2d429a28347ecabf41bf9af5ef24
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jul 10 14:08:46 2015 +0200
CVE-2015-5370: s4:librpc/rpc: protect dcerpc_request_recv_data() against too large payloads
We should only allow a combined payload of a response of at max 4 MBytes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 3bf476345f47b4f29e995e9879cc8876d639a316
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jun 27 10:31:48 2015 +0200
CVE-2015-5370: s4:librpc/rpc: use dcerpc_verify_ncacn_packet_header() to verify BIND_ACK,ALTER_RESP,RESPONSE pdus
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 9f4d962206d09d92c99fe349c95abca9955737b5
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jun 27 10:31:48 2015 +0200
CVE-2015-5370: s4:librpc/rpc: handle DCERPC_PKT_FAULT before anything else in dcerpc_alter_context_recv_handler()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 02a74ddc6019493bc5c091c0fc28a8e8860cb9fa
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jun 27 10:31:48 2015 +0200
CVE-2015-5370: s4:librpc/rpc: make use of dcerpc_map_ack_reason() in dcerpc_bind_recv_handler()
This should give better error messages if the server doesn't support
a specific abstract/transfer syntax.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 8cba1c3550eff895d1f7a040ca17ef46a4d1c293
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 7 13:05:01 2015 +0200
CVE-2015-5370: s3:rpc_client: remove useless frag_length check in rpc_api_pipe_got_pdu()
dcerpc_pull_ncacn_packet() already verifies this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 6cef082193784ad17d65d35301d7bb89e1e5cdf0
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 7 13:05:01 2015 +0200
CVE-2015-5370: s3:rpc_client: move AS/U hack to the top of cli_pipe_validate_current_pdu()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 0fa8378fc51a030efc9a6bf566681b1a398d8acc
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 26 08:10:46 2015 +0200
CVE-2015-5370: librpc/rpc: add a dcerpc_verify_ncacn_packet_header() helper function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit cdba091867061a9ed805f02a170938fa7de85e7e
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jun 27 10:31:48 2015 +0200
CVE-2015-5370: s4:librpc/rpc: finally verify the server uses the expected auth_{type,level,context_id} values
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit ace23643d13ba49d51121463733be137ec070984
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jun 27 10:31:48 2015 +0200
CVE-2015-5370: s4:librpc/rpc: avoid using dcecli_security->auth_info and use per request values
We now avoid reusing the same auth_info structure for incoming and outgoing
values. We need to make sure that the remote server doesn't overwrite our own
values.
This will trigger some failures with our currently broken server,
which will be fixed in the next commits.
The broken server requires an dcerpc_auth structure with no credentials
in order to do an alter_context request that just creates a presentation
context without doing authentication.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 98ef1d67e369c00d0a4b8e17b6d725bfebb0b7df
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jun 27 10:31:48 2015 +0200
CVE-2015-5370: s4:librpc/rpc: simplify checks if gensec is used in dcerpc_ship_next_request()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 46be37936c4ec1b999c345868291b936bacf9654
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jun 27 10:31:48 2015 +0200
CVE-2015-5370: s4:librpc/rpc: avoid dereferencing sec->auth_info in dcerpc_request_prepare_vt()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit d4e735ce6ad18447dd4d16b92dd0c8217cc6c6de
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jun 27 10:31:48 2015 +0200
CVE-2015-5370: s4:librpc/rpc: always use ncacn_pull_request_auth() for DCERPC_PKT_RESPONSE pdus
It handles the case of DCERPC_AUTH_TYPE_NONE just fine and it makes it
possible to do some verification in future.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 8a93fbc7e3be5332e3cd82ad0b16a607987ec364
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jun 27 10:31:48 2015 +0200
CVE-2015-5370: s4:librpc/rpc: avoid using c->security_state.auth_info in ncacn_pull_request_auth()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit a735892f51bdb2f59eedcfe9650c73d3bd2bf2bf
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jun 27 10:31:48 2015 +0200
CVE-2015-5370: s4:librpc/rpc: avoid using hs->p->conn->security_state.auth_info in dcerpc_bh_auth_info()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 3e3ea1bdd812a80f5a6e23e834e8786235f2c820
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jun 27 10:31:48 2015 +0200
CVE-2015-5370: s4:librpc/rpc: use a local auth_info variable in ncacn_push_request_sign()
We should avoid using the global dcecli_security->auth_info struct for
individual requests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 8f6cffcb3c19f55999fc7df7f338a01bf409f70f
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jun 27 10:31:48 2015 +0200
CVE-2015-5370: s4:librpc/rpc: use auth_context_id = 1
In future we want to verify that the auth_context_id from the server
is what we expect.
As Samba (<= 4.2.3) use a hardcoded value of 1 in responses, we
need to use that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 27da35f8dfbdc191f72087e5f139cbe2ac68462b
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jun 27 10:31:48 2015 +0200
CVE-2015-5370: s4:librpc/rpc: maintain dcecli_security->auth_{type,level,context_id}
This will simplify the following commits and avoids dereferencing
dcecli_security->auth_info.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 335b3cee5c7789a68629948ba6f3096847550c58
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jul 8 16:25:48 2015 +0200
CVE-2015-5370: s4:librpc/rpc: send a dcerpc_sec_verification_trailer if needed
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 67f6fd305c88c288523ffa3b4550d6a2d02e5d9a
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Jun 29 10:24:45 2015 +0200
CVE-2015-5370: s3:librpc/rpc: don't call dcerpc_pull_auth_trailer() if auth_length is 0
All other paranoia checks are done within dcerpc_pull_auth_trailer()
now.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 8e19ce76dafef5ed00ad406b95bb739950063e14
Author: Stefan Metzmacher <metze at samba.org>
Date: Sun Jun 28 01:19:57 2015 +0200
CVE-2015-5370: librpc/rpc: simplify and harden dcerpc_pull_auth_trailer()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 63a7d05d8ca1a6b48d6d21f5c43cac9908ec87c3
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jul 16 22:46:05 2015 +0200
CVE-2015-5370: dcerpc.idl: add DCERPC_{NCACN_PAYLOAD,FRAG}_MAX_SIZE defines
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 14e5f9a25ea6ed1cd6f0ba0dfc3cb8bb80fdef7a
Author: Stefan Metzmacher <metze at samba.org>
Date: Sun Feb 28 22:48:11 2016 +0100
CVE-2016-2118: s3:rpc_server/samr: allow _samr_ValidatePassword only with PRIVACY...
This requires transport encryption.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 521316d749b54fececf696b40643a8e9d04ee742
Author: Stefan Metzmacher <metze at samba.org>
Date: Sun Feb 28 22:48:11 2016 +0100
CVE-2016-2118: s4:rpc_server/samr: allow _samr_ValidatePassword only with PRIVACY...
This requires transport encryption.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit f762be4343c0f031baa5b03b4e1239708059d586
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Mar 10 17:03:59 2016 +0100
CVE-2016-2118: docs-xml: default "allow dcerpc auth level connect" to "no"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit 339e306672d17ebe49ed25f38c489a1a1ac3fd59
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Mar 26 08:47:42 2016 +0100
CVE-2016-2118: s3:rpc_server/{epmapper,echo}: allow DCERPC_AUTH_LEVEL_CONNECT by default
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit 41bccb5ae5d8523fab74e461f0e2b89f4ef312a8
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 7 09:50:30 2015 +0200
CVE-2016-2118: s3:rpc_server/{samr,lsa,netlogon}: reject DCERPC_AUTH_LEVEL_CONNECT by default
This prevents man in the middle downgrade attacks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
Pair-Programmed-With: Günther Deschner <gd at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Günther Deschner <gd at samba.org>
commit 7fab11e2eb6fb3af7a138e74ed423145d11343af
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 18 04:40:30 2016 +0100
CVE-2016-2118: s3:rpc_server: make use of "allow dcerpc auth level connect"
With this option turned off we only allow DCERPC_AUTH_LEVEL_{NONE,INTEGRITY,PRIVACY},
this means the reject any request with AUTH_LEVEL_CONNECT with ACCESS_DENIED.
We sadly need to keep this enabled by default for now.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
Pair-Programmed-With: Günther Deschner <gd at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Günther Deschner <gd at samba.org>
commit 5c9b10df18cc5abd1582fcf9a19f761ed838b3e6
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Mar 26 19:19:04 2016 +0100
CVE-2016-2118: s4:rpc_server/rpcecho: allow DCERPC_AUTH_LEVEL_CONNECT by default
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit 4dbf6f80b831e7463e3711727f41c4425d7435d7
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Mar 26 19:18:42 2016 +0100
CVE-2016-2118: s4:rpc_server/mgmt: allow DCERPC_AUTH_LEVEL_CONNECT by default
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit b6b726ca8488ae958b0a55f572371b2d705fe59b
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Mar 26 19:17:40 2016 +0100
CVE-2016-2118: s4:rpc_server/epmapper: allow DCERPC_AUTH_LEVEL_CONNECT by default
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit ea3f14c3f8297a08896af3fc87c7937b1e7e12c3
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 7 13:52:48 2015 +0200
CVE-2016-2118: s4:rpc_server/netlogon: reject DCERPC_AUTH_LEVEL_CONNECT by default
This prevents man in the middle downgrade attacks.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 398a21c57c7a35ee6c6834d36907d9f9fee14515
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 7 09:50:30 2015 +0200
CVE-2016-2118: s4:rpc_server/samr: reject DCERPC_AUTH_LEVEL_CONNECT by default
This prevents man in the middle downgrade attacks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit fcdd15a93f670b6e306a59941cff663e840078a1
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 7 09:50:30 2015 +0200
CVE-2016-2118: s4:rpc_server/lsa: reject DCERPC_AUTH_LEVEL_CONNECT by default
This prevents man in the middle downgrade attacks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 991dddd06d6aa62375d47dfdea7fea6501b93e0c
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Mar 10 02:46:59 2016 +0100
CVE-2016-2118: s4:rpc_server: make use of "allow dcerpc auth level connect"
With this option turned off we only allow DCERPC_AUTH_LEVEL_{NONE,INTEGRITY,PRIVACY},
this means the reject any request with AUTH_LEVEL_CONNECT with ACCESS_DENIED.
We sadly need to keep this enabled by default for now.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 06b038c017234f1eae35f4c316a0d105cc4d1061
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Mar 10 17:03:59 2016 +0100
CVE-2016-2118: docs-xml: add "allow dcerpc auth level connect" defaulting to "yes"
We sadly need to allow this for now by default.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 9085300e90fd06242ca03e426c09b01ed610c45a
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 11 16:02:25 2016 +0100
CVE-2016-2118: s4:librpc: use integrity by default for authenticated binds
ncacn_ip_tcp:server should get the same protection as ncacn_np:server
if authentication and smb signing is used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit d1c2ad4e16096c00259f45e59e1258a67ef8ef03
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 15 14:49:36 2015 +0100
CVE-2016-2118: librpc: change the default auth level from DCERPC_AUTH_LEVEL_CONNECT to DCERPC_AUTH_LEVEL_INTEGRITY
ncacn_ip_tcp:server should get the same protection as ncacn_np:server
if authentication and smb signing is used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 6a47994cdb2ad414381063c482bd6056419ee48c
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 15 14:49:36 2015 +0100
CVE-2016-2118: s3: rpcclient: change the default auth level from DCERPC_AUTH_LEVEL_CONNECT to DCERPC_AUTH_LEVEL_INTEGRITY
ncacn_ip_tcp:server should get the same protection as ncacn_np:server
if authentication and smb signing is used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit e9a51ad590f45d6486cb6ce1d37fb4b02fff640d
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Mar 10 04:06:04 2016 +0100
CVE-2016-2118: s4:rpc_server/dnsserver: require at least DCERPC_AUTH_LEVEL_INTEGRITY
This matches windows and prevents man in the middle downgrade attacks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 85972a559fd6d10b718c21183f11a21ee0c9163e
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Mar 14 22:15:00 2016 +0100
CVE-2016-2118: python:tests/dcerpc: use [sign] for dnsserver tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit c32548fecb13f35a880d8b9d55b9bfce58427b03
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 14 09:13:00 2015 +0200
CVE-2016-2118: s4:rpc_server/backupkey: require DCERPC_AUTH_LEVEL_PRIVACY
This is required for the whole interface (which has just one opnum for now).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 80dae9afda18724935c2ab006db509ddbb8a66e5
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 14 09:13:00 2015 +0200
CVE-2016-2118: s4:rpc_server/drsuapi: require DCERPC_AUTH_LEVEL_PRIVACY
This matches windows and prevents man in the middle downgrade attacks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 51aa7bd3115d2962bc2f6f8c1ea2fa80998d119f
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jul 14 09:12:18 2015 +0200
CVE-2016-2118: s4:rpc_server: make it possible to define a min_auth_level on a presentation context
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit c52097ae1739c5aab6306ce43b3029b5deabe8f3
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Mar 15 23:52:30 2016 +0100
CVE-2016-2115: docs-xml: always default "client ipc signing" to "mandatory"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit 1667e73ada0047bc74461423f85de14cd8ef00c2
Author: Ralph Boehme <slow at samba.org>
Date: Wed Dec 16 10:04:35 2015 +0100
CVE-2016-2115: s3:libsmb: use SMB_SIGNING_IPC_DEFAULT and lp_client_ipc_{min,max}_protocol()
Use SMB_SIGNING_IPC_DEFAULT and lp_client_ipc_{min,max}_protocol() for RPC connections.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 121196e187298add8bc7242cb68870e4eedf4498
Author: Ralph Boehme <slow at samba.org>
Date: Wed Dec 16 10:03:52 2015 +0100
CVE-2016-2115: s3:libnet: use SMB_SIGNING_IPC_DEFAULT
Use SMB_SIGNING_IPC_DEFAULT for RPC connections.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit eaa7f66d35035488eeadcaed61bff160f3e6d0c1
Author: Ralph Boehme <slow at samba.org>
Date: Wed Dec 16 10:03:13 2015 +0100
CVE-2016-2115: s3:auth_domain: use SMB_SIGNING_IPC_DEFAULT
Use SMB_SIGNING_IPC_DEFAULT for RPC connections.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 983a55bc4503c99525a9e0ac89a262b6aa72848a
Author: Ralph Boehme <slow at samba.org>
Date: Wed Dec 16 10:01:59 2015 +0100
CVE-2016-2115: s3:lib/netapi: use SMB_SIGNING_IPC_DEFAULT
Use SMB_SIGNING_IPC_DEFAULT for RPC connections.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit e9c0adffdaa0b9b792a8fb628a3403264281bb58
Author: Ralph Boehme <slow at samba.org>
Date: Wed Dec 16 10:00:09 2015 +0100
CVE-2016-2115: net: use SMB_SIGNING_IPC_DEFAULT
Use SMB_SIGNING_IPC_DEFAULT for RPC connections.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 5c8721ebf3839dac107327a1682d36b2f82e36d9
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Dec 18 17:16:04 2015 +0100
CVE-2016-2115: s3:libsmb: let SMB_SIGNING_IPC_DEFAULT use "client ipc min/max protocol"
We need NT1 => LATEST in order to work against all servers which support
DCERPC over ncacn_np.
This is a mini step in using SMB2/3 in our client side by default.
This gives us a higher chance that SMB signing is supported by the
server (as it can't be turned off for SMB2 and higher).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit b720575f16d8a2006d10eb8a94c7134a30d5309d
Author: Ralph Boehme <slow at samba.org>
Date: Wed Dec 16 09:55:37 2015 +0100
CVE-2016-2115: s3:libsmb: add signing constant SMB_SIGNING_IPC_DEFAULT
SMB_SIGNING_IPC_DEFAULT must be used from s3 client code when opening
RPC connections.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit a046ffd6cd9ab81af33d4ccf2e683acf5bb6c5eb
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Dec 21 13:22:16 2015 +0100
CVE-2016-2115: s3:winbindd: use lp_client_ipc_signing()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 57b04e805d1b6a8857547d511d551637c49d3d32
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Feb 27 04:23:58 2016 +0100
CVE-2016-2115: s3:winbindd: use lp_client_ipc_{min,max}_protocol()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit b6debbcfec1dd87028a37027539f0480e09080be
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 28 13:44:29 2014 +0100
CVE-2016-2115: s4:librpc/rpc: make use of "client ipc *" options for ncacn_np
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 68d6c10e5e7f14bc2473d53fde38593ff280a439
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Feb 27 04:15:38 2016 +0100
CVE-2016-2115: s4:libcli/raw: pass the minprotocol to smb_raw_negotiate*()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 57f0b0c6c085bfac4b25b3711dfa671152e180c4
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Feb 27 04:15:38 2016 +0100
CVE-2016-2115: s4:libcli/raw: limit maxprotocol to NT1 in smb_raw_negotiate*()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 57212343283b2b43c67ee05db2fb2d8d527054bf
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Feb 27 04:14:39 2016 +0100
CVE-2016-2115: s4:libcli/smb2: use the configured min_protocol
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 35ce75ec9eb0e3f2113a089b59967dddf3a122f9
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Feb 27 04:13:11 2016 +0100
CVE-2016-2115: s4:libcli/raw: add smbcli_options.min_protocol
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit f65f618e9634d75f0074b2031f856f0ed605d705
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Feb 27 03:43:58 2016 +0100
CVE-2016-2115: docs-xml: add "client ipc signing" option
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 8ff6a955f51ccb64cc6679bb457064659f030ab8
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Feb 27 03:45:43 2016 +0100
CVE-2016-2115: docs-xml: add "client ipc min protocol" and "client ipc max protocol" options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11796
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 1dd4378b3418dfda60ee4a42a4821b9e7ec2482b
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jul 15 10:57:03 2015 +0200
CVE-2016-2114: docs-xml: let the "smb signing" documentation reflect the reality
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11687
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 99f2bbccbd16a2ba396345f0cfa9b693c8a4d627
Author: Ralph Boehme <slow at samba.org>
Date: Tue Mar 22 16:30:42 2016 +0100
CVE-2016-2114: s3:smbd: enforce "server signing = mandatory"
This fixes a regression that was introduced by commit
abb24bf8e874d525382e994af7ae432212775153
("s3:smbd: make use of better SMB signing negotiation").
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11687
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 80adeb01fee5aef5cd05963c4ceb9f1319bc390b
Author: Ralph Boehme <slow at samba.org>
Date: Tue Mar 22 16:25:32 2016 +0100
CVE-2016-2114: libcli/smb: let mandatory signing imply allowed signing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11687
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 5cb4ee27f8eb9f77d7c5a5353cf4b4f0f91db850
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Jul 15 10:57:03 2015 +0200
CVE-2016-2114: s3:smbd: use the correct default values for "smb signing"
This means an ad_dc will now require signing by default.
This matches the default behavior of Windows dc and avoids
man in the middle attacks.
The main logic for this hides in lpcfg_server_signing_allowed().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11687
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 44dd523d6c91745edecb1fc66b4abc54a6a94c30
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jul 16 04:45:16 2015 +0200
CVE-2016-2114: s4:smb2_server: fix session setup with required signing
The client can't sign the session setup request...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11687
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 6ad9ba72a7739ca9da5d9c2f3c6c680d69d15251
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Mar 16 13:03:08 2016 +0100
CVE-2016-2113: docs-xml: let "tls verify peer" default to "as_strict_as_possible"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit 7cf3318fa99aa52c9baf669c6cf5ab440ff2b801
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Mar 26 08:38:46 2016 +0100
CVE-2016-2113: selftest: use "tls verify peer = no_check"
Individual tests will check the more secure values.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit 942e4ed8512c86e5aafe1fd7cf7bef1809de0953
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Mar 16 15:07:36 2016 +0100
CVE-2016-2113: selftest: test all "tls verify peer" combinations with ldaps
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 45ff760cf35af1215f494328f433deed3e6bc4bd
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 23 16:17:04 2015 +0100
CVE-2016-2113: s4:librpc/rpc: verify the rpc_proxy certificate and hostname if configured
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 4b679c350a7fdaab114b6c7d05e6a6b12e903c3d
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 23 16:17:04 2015 +0100
CVE-2016-2113: s4:libcli/ldap: verify the server certificate and hostname if configured
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit e72b2c94b56b30cce5a2f47a080e70a83a551d19
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Mar 21 03:56:22 2016 +0100
CVE-2016-2113: s4:selftest: explicitly use '--option="tlsverifypeer=no_check" for some ldaps tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 2362c0353b5c8601eda61875f0fea84c8f76e06d
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 23 22:12:56 2015 +0100
CVE-2016-2113: docs-xml: add "tls verify peer" option defaulting to "no_check"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 64a9cd2a38d8a9503560524f5a6feea25651f11c
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 23 16:17:04 2015 +0100
CVE-2016-2113: s4:lib/tls: implement infrastructure to do peer verification
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit b5681c4125806af47a4842c02f8f5e0a1eb69e59
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 23 15:39:48 2015 +0100
CVE-2016-2113: s4:lib/tls: create better certificates and sign the host cert with the ca cert
The generated ca cert (in ca.pem) was completely useless,
it could be replaced by cert.pem.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 6e22abd9775e69aed018d04e5488757910862436
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Mar 25 19:24:20 2016 +0100
CVE-2016-2112: docs-xml: change the default of "ldap server require strong auth" to "yes"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit 2b40fb850925477d82db39d188da84123b121bdf
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Dec 21 10:04:48 2015 +0100
CVE-2016-2112: s4:selftest: run some ldap test against ad_dc_ntvfs, fl2008r2dc and fl2003dc
We want to test against all "ldap server require strong auth" combinations.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit e71be8099af8347a487e63b2044d41e9c5dabfc8
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Dec 21 10:27:33 2015 +0100
CVE-2016-2112: selftest: servers with explicit "ldap server require strong auth" options
The default is "ldap server require strong auth = yes",
ad_dc_ntvfs uses "ldap server require strong auth = allow_sasl_over_tls",
fl2008r2dc uses "ldap server require strong auth = no".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit c5c5735c1fab19da235af65dd910fcd547cdfa14
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Mar 26 18:07:02 2016 +0100
CVE-2016-2112: s4:selftest: run samba4.ldap.bind against fl2008r2dc
This uses "ldap server require strong auth = no".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit 28f1af7e50d79127fb35776488759e2e869baadb
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 28 12:19:37 2015 +0200
CVE-2016-2112: s4:ldap_server: implement "ldap server require strong auth" option
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 0cd2acef79ec0da2a2181554a0d2e4886b83b084
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Dec 21 12:03:56 2015 +0100
CVE-2016-2112: docs-xml: add "ldap server require strong auth" option
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit dedba1f0701a0ff0296a3228d8a84676e6a56d3f
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Dec 18 12:45:56 2015 +0100
CVE-2016-2112: s4:ldap_server: reduce scope of old_session_info variable
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 98ff297ed05972c5286f71c693beb7ceb4dd0299
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Dec 18 11:56:29 2015 +0100
CVE-2016-2112: s4:selftest: use --option=clientldapsaslwrapping=plain for plain connections
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 05692ec958e64cca8ef19795e51bb39a242c3dd4
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Dec 18 08:29:50 2015 +0100
CVE-2016-2112: s4:libcli/ldap: auto upgrade to SIGN after STRONG_AUTH_REQUIRED
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 1da744b2f9371c005c68a89f72b475e42e8b2b64
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Dec 18 08:29:50 2015 +0100
CVE-2016-2112: s4:libcli/ldap: make sure we detect downgrade attacks
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit ed863ef46a7bbc09e0d3a11a11a790dc2d7567ec
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Dec 18 08:29:50 2015 +0100
CVE-2016-2112: s4:libcli/ldap: honour "client ldap sasl wrapping" option
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 20859a22c4a8fcf3dc9dfe314546197f39e644c9
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Mar 24 15:50:49 2016 +0100
CVE-2016-2112: s3:libads: make sure we detect downgrade attacks
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Pair-programmed-with: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
commit 1dc40a08f0c93e5da556bfcf6d14830d5823163c
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Mar 15 21:59:42 2016 +0100
CVE-2016-2111: docs-xml/smbdotconf: default "raw NTLMv2 auth" to "no"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit 5ab1db006e36bea0394d7f24111dc8712643360b
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Mar 26 22:08:38 2016 +0100
CVE-2016-2111: selftest:Samba3: use "raw NTLMv2 auth = yes" for nt4_dc
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit 70452c90a51a16be0e20517bd1936149490fc947
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Mar 1 10:25:54 2016 +0100
CVE-2016-2111: s4:smb_server: implement "raw NTLMv2 auth" checks
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 4fb68674953b9814cae67c371baab5a0f76d6c2c
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Mar 1 10:25:54 2016 +0100
CVE-2016-2111: s3:auth: implement "raw NTLMv2 auth" checks
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit a1900b5bd6722900b42d4580fd47038e8cf5b3ca
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Mar 15 21:02:34 2016 +0100
CVE-2016-2111: docs-xml: add "raw NTLMv2 auth" defaulting to "yes"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 6cd48add111a6655791226593cc28ac9d2596602
Author: Stefan Metzmacher <metze at samba.org>
Date: Sun Mar 27 01:09:05 2016 +0100
CVE-2016-2111: docs-xml: document the new "client NTLMv2 auth" and "client use spnego" interaction
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit 2c73047ecfc863d7b73449ecef0037804560a448
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Mar 26 18:08:16 2016 +0100
CVE-2016-2111: s3:libsmb: don't send a raw NTLMv2 response when we want to use spnego
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit a711399d30a9568a08e43b20ebcf5421508e5834
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Mar 26 18:08:16 2016 +0100
CVE-2016-2111: s4:libcli: don't send a raw NTLMv2 response when we want to use spnego
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit 894aad5f71382ece490c03ab92a9ff881ad0c98b
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Mar 26 18:08:16 2016 +0100
CVE-2016-2111: s4:param: use "client use spnego" to initialize options->use_spnego
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit c985ffd884aa6377fd7a7934fc82ea411842b5ae
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Mar 26 18:08:16 2016 +0100
CVE-2016-2111: s4:libcli: don't allow the LANMAN2 session setup without "client lanman auth = yes"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit f10589c0e1b60bde05fd14469db392019347b518
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Mar 26 22:24:23 2016 +0100
CVE-2016-2111: s4:torture/base: don't use ntlmv2 for dos connection in base.samba3error
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit bbb066a12ad59604dafc739cc98ddb727aa969d5
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Mar 26 22:24:23 2016 +0100
CVE-2016-2111: s4:torture/raw: don't use ntlmv2 for dos connection in raw.samba3badpath
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
commit 93e3f25d42c1e3501bb70fec93fa014854f0afe0
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 9 13:12:43 2015 +0100
CVE-2016-2111: s3:rpc_server/netlogon: check NTLMv2_RESPONSE values for SEC_CHAN_WKSTA
This prevents spoofing like Microsoft's CVE-2015-0005.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit fb20f135f0e6808b2173bf89389df03f23472e71
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Dec 9 13:12:43 2015 +0100
CVE-2016-2111: s4:rpc_server/netlogon: check NTLMv2_RESPONSE values for SEC_CHAN_WKSTA
This prevents spoofing like Microsoft's CVE-2015-0005.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 423e95b430eea1bb55cddf6c0eedd10dec7b03a1
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Feb 23 19:08:31 2016 +0100
CVE-2016-2111: libcli/auth: add NTLMv2_RESPONSE_verify_netlogon_creds() helper function
This is the function that prevents spoofing like
Microsoft's CVE-2015-0005.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 847192d4939401d7bc2dec495082f08bffc1c6cc
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Dec 12 22:23:18 2015 +0100
CVE-2016-2111: s4:torture/rpc: fix rpc.pac ntlmv2 test
The computer name of the NTLMv2 blob needs to match
the schannel connection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 5adad299c2409691ece4a09daa99f696f972f444
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Dec 12 22:23:18 2015 +0100
CVE-2016-2111: s4:torture/rpc: fix rpc.samba3.netlogon ntlmv2 test
The computer name of the NTLMv2 blob needs to match
the schannel connection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 9ed11972d2cb0d75610c6fbdf32e13c7d6b2e263
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 7 13:33:17 2015 +0200
CVE-2016-2111: s3:rpc_server/netlogon: require DCERPC_AUTH_LEVEL_PRIVACY for validation level 6
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 5fe7085e3b18a7879dcb4ac0bc14a1b8ccabb268
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 7 13:33:17 2015 +0200
CVE-2016-2111: s4:rpc_server/netlogon: require DCERPC_AUTH_LEVEL_PRIVACY for validation level 6
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit d4a64baf91b541a6b09bae804c2c831c13947a36
Author: Günther Deschner <gd at samba.org>
Date: Sat Sep 26 01:29:10 2015 +0200
CVE-2016-2111: s3:rpc_server/netlogon: always go through netr_creds_server_step_check()
The ensures we apply the "server schannel = yes" restrictions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Guenther Deschner <gd at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit afe48e960bc9179622a3dd3016d0818228f0ad96
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Mar 9 15:31:23 2016 +0100
CVE-2016-2111: s4:rpc_server: implement 'server schannel = yes' restriction
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 7074b1aa16b940930a11db29309a47cbf310b8b7
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 15 15:10:20 2015 +0100
CVE-2016-2111: auth/gensec: correctly report GENSEC_FEATURE_{SIGN,SEAL} in schannel_have_feature()
This depends on the DCERPC auth level.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 2200d49cc6452e15a4429f5cb0aaa27eecd13243
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 15 15:11:32 2015 +0100
CVE-2016-2111: auth/gensec: require DCERPC_AUTH_LEVEL_INTEGRITY or higher in schannel_update()
It doesn't make any sense to allow other auth levels.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 0d641ee36ae2c2e47708587c5fc20eb1dc5d92d0
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Nov 19 16:26:49 2015 +0100
CVE-2016-2110: auth/ntlmssp: implement new_spnego support including MIC generation (as client)
We now detect a MsvAvTimestamp in target info as indication
of the server to support NTLMSSP_MIC in the AUTH_MESSAGE.
If the client uses NTLMv2 we provide
NTLMSSP_AVFLAG_MIC_IN_AUTHENTICATE_MESSAGE and valid MIC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit c0fc6a6d7f7a9d709f35c1a7e4812c0a89285977
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Nov 19 16:02:58 2015 +0100
CVE-2016-2110: auth/ntlmssp: implement new_spnego support including MIC checking (as server)
We now include a MsvAvTimestamp in our target info as indication
for the client to include a NTLMSSP_MIC in the AUTH_MESSAGE.
If the client uses NTLMv2 we check NTLMSSP_AVFLAG_MIC_IN_AUTHENTICATE_MESSAGE
and require a valid MIC.
This is still disabled if the "map to guest" feature is used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 8b76b05fe7aafe4b2bdc32d477bf2a20be71b6f3
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 30 09:13:14 2015 +0100
CVE-2016-2110: ntlmssp.idl: add NTLMSSP_MIC_{OFFSET,SIZE}
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 4c4829634f76d7b67eec3b420f58419ff6ae5d02
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 20 09:31:35 2015 +0100
CVE-2016-2110: libcli/auth: pass server_timestamp to SMBNTLMv2encrypt_hash()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit bbaba64329f21bb89fd83f2fff8bdfe8f97b15eb
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 20 09:29:11 2015 +0100
CVE-2016-2110: auth/credentials: pass server_timestamp to cli_credentials_get_ntlm_response()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 8a647ae1e1c355f48b0d2a5a6c8bb0105e3d2318
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Nov 24 21:24:47 2015 +0100
CVE-2016-2110: auth/credentials: clear the LMv2 key for NTLMv2 in cli_credentials_get_ntlm_response()
If we clear CLI_CRED_LANMAN_AUTH and we should also clear the lm_response buffer
and don't send it over the net.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 8cd1a2a118b544af7d08a3b79cdbd09384d86af3
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 17 11:49:31 2013 +0100
CVE-2016-2110: auth/ntlmssp: implement gensec_ntlmssp_may_reset_crypto()
[MS-SPNG] requires the NTLMSSP RC4 states to be reset after
the SPNEGO exchange with mechListMic verification (new_spnego).
The 'reset_full' parameter is needed to support the broken
behavior that windows only resets the RC4 states but not the
sequence numbers. Which means this functionality is completely
useless... But we want to work against all windows versions...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit fa8c65626e33be66c707931f7a4fc1e2798823a4
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Dec 16 11:27:27 2013 +0100
CVE-2016-2110: auth/ntlmssp: call ntlmssp_sign_init if we provide GENSEC_FEATURE_SIGN
It's important to check if got the GENSEC_FEATURE_SIGN and if the caller
wanted it.
The caller may only asked for GENSEC_FEATURE_SESSION_KEY which implicitly
negotiates NTLMSSP_NEGOTIATE_SIGN, which might indicate GENSEC_FEATURE_SIGN
to the SPNEGO glue code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 1e3bd3e6ac9d5bc97d6361d89abd7990bcaf91b8
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 17 11:49:31 2013 +0100
CVE-2016-2110: auth/gensec: add gensec_may_reset_crypto() infrastructure
[MS-SPNG] requires the NTLMSSP RC4 states to be reset after
the SPNEGO exchange with mechListMic verification (new_spnego).
This provides the infrastructure for this feature.
The 'reset_full' parameter is needed to support the broken
behavior that windows only resets the RC4 states but not the
sequence numbers. Which means this functionality is completely
useless... But we want to work against all windows versions...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit a4dd51294603e3ad92d204ca3d8436de29c926e6
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Nov 24 20:13:24 2015 +0100
CVE-2016-2110: auth/gensec: require spnego mechListMIC exchange for new_spnego backends
This used to work more or less before, but only for krb5 with the
server finishing first.
With NTLMSSP and new_spnego the client will finish first.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 4ec38db6f17a4f998a8e38291b599dd08b6a6192
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 20 11:42:55 2015 +0100
CVE-2016-2110: auth/gensec: fix the client side of a spnego downgrade
New servers response with SPNEGO_REQUEST_MIC instead of
SPNEGO_ACCEPT_INCOMPLETE to a downgrade.
With just KRB5 and NTLMSSP this doesn't happen, but we
want to be prepared for the future.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 4106fde3186e410a32af2fdfc765398c9eb530dc
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 20 11:42:55 2015 +0100
CVE-2016-2110: auth/gensec: fix the client side of a new_spnego exchange
Even for SMB where the server provides its mech list,
the client needs to remember its own mech list for the
mechListMIC calculation.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 574535c74dca47f34749ce05b3333dd7a3c50bca
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 17 12:42:35 2013 +0100
CVE-2016-2110: libcli/auth: add SPNEGO_REQUEST_MIC to enum spnego_negResult
This is defined in http://www.ietf.org/rfc/rfc4178.txt.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 001735a804914de936699e95fce898a593ba24ec
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 17 12:42:06 2013 +0100
CVE-2016-2110: libcli/auth: use enum spnego_negResult instead of uint8_t
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 2063692367429d0767153b6a0d22627cb2c27d5f
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 20 14:06:18 2015 +0100
CVE-2016-2110: winbindd: add new_spnego to the WINBINDD_CCACHE_NTLMAUTH response
We don't need to change the protocol version because:
1. An old client may provide the "initial_blob"
(which was and is still ignored when going
via the wbcCredentialCache() function)
and the new winbindd won't use new_spnego.
2. A new client will just get a zero byte
from an old winbindd. As it uses talloc_zero() to
create struct winbindd_response.
3. Changing the version number would introduce problems
with backports to older Samba versions.
New clients which are capable of using the new_spnego field
will use "negotiate_blob" instead of "initial_blob".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 83c71586dc4d46ecc4a129e23f11aa192ca8002f
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 1 14:54:13 2015 +0100
CVE-2016-2110: auth/ntlmssp: let gensec_ntlmssp_client_start require NTLM2 (EXTENDED_SESSIONSECURITY) when using ntlmv2
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 858ef6a663ba7e47fd5dcd53962d350f4b5af0e5
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 1 14:54:13 2015 +0100
CVE-2016-2110: auth/ntlmssp: let gensec_ntlmssp_client_start require flags depending on the requested features
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 1668367d91f79d0862b195cb899d73ff67ca88dd
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 1 15:06:09 2015 +0100
CVE-2016-2110: auth/ntlmssp: don't let ntlmssp_handle_neg_flags() change ntlmssp_state->use_ntlmv2
ntlmssp_handle_neg_flags() can only disable flags, but not
set them. All supported flags are set at start time.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit dc6e28d69a7fcc299c08e4368d8f137e6b59ed3a
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 1 15:01:09 2015 +0100
CVE-2016-2110: auth/ntlmssp: don't allow a downgrade from NTLMv2 to LM_AUTH
man smb.conf says "client ntlmv2 auth = yes" the default disables,
"client lanman auth = yes":
...
Likewise, if the client ntlmv2 auth parameter is enabled, then only NTLMv2
logins will be attempted.
...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 7a6b3efdc6451c3cbb157ad8d808f86d154625dd
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 1 14:58:19 2015 +0100
CVE-2016-2110: auth/ntlmssp: split allow_lm_response from allow_lm_key
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 2843f012b6bfb6d56e11b1723c0b35531ebf669f
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 1 11:01:24 2015 +0100
CVE-2016-2110: auth/ntlmssp: maintain conf_flags and required_flags variables
We now give an error when required flags are missing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit 61ec7f069d777e2688657b490c07ce7499bd7221
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Dec 1 08:46:45 2015 +0100
CVE-2016-2110: auth/ntlmssp: let ntlmssp_handle_neg_flags() return NTSTATUS
In future we can do a more fine granted negotiation
and assert specific security features.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
commit e4bab3a8282d263eb2391bc7e8a6fd64ae068935
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Mar 14 02:00:14 2016 +0100
Revert "selftest: dbcheck should not be marked flapping"
This reverts commit a7b242aa61429fc41449d2d8f3f96d3b76ff12a1.
-----------------------------------------------------------------------
Summary of changes:
auth/credentials/credentials.h | 5 +-
auth/credentials/credentials_ntlm.c | 12 +-
auth/gensec/gensec.c | 10 +
auth/gensec/gensec_internal.h | 5 +
auth/gensec/schannel.c | 22 +-
auth/gensec/spnego.c | 286 ++-
auth/ntlmssp/gensec_ntlmssp.c | 9 +
auth/ntlmssp/gensec_ntlmssp_server.c | 35 +-
auth/ntlmssp/ntlmssp.c | 25 +
auth/ntlmssp/ntlmssp.h | 12 +
auth/ntlmssp/ntlmssp_client.c | 259 +-
auth/ntlmssp/ntlmssp_private.h | 4 +-
auth/ntlmssp/ntlmssp_server.c | 358 ++-
auth/ntlmssp/ntlmssp_sign.c | 40 +-
auth/ntlmssp/ntlmssp_util.c | 62 +-
.../ldap/ldapserverrequirestrongauth.xml | 26 +
.../smbdotconf/protocol/clientipcmaxprotocol.xml | 29 +
.../smbdotconf/protocol/clientipcminprotocol.xml | 29 +
docs-xml/smbdotconf/protocol/clientmaxprotocol.xml | 9 +-
docs-xml/smbdotconf/protocol/clientminprotocol.xml | 6 +
docs-xml/smbdotconf/protocol/clientusespnego.xml | 5 +
.../security/allowdcerpcauthlevelconnect.xml | 27 +
docs-xml/smbdotconf/security/clientipcsigning.xml | 26 +
docs-xml/smbdotconf/security/clientntlmv2auth.xml | 5 +
docs-xml/smbdotconf/security/clientsigning.xml | 12 +-
docs-xml/smbdotconf/security/rawntlmv2auth.xml | 19 +
docs-xml/smbdotconf/security/serversigning.xml | 2 +-
docs-xml/smbdotconf/security/tlsverifypeer.xml | 47 +
lib/param/loadparm.c | 47 +-
lib/param/loadparm.h | 6 +
lib/param/param_table.c | 27 +
libcli/auth/proto.h | 6 +
libcli/auth/smbencrypt.c | 170 +-
libcli/auth/spnego.h | 8 +-
libcli/auth/spnego_parse.c | 5 +-
libcli/smb/smbXcli_base.c | 1 +
libcli/smb/smb_constants.h | 1 +
libcli/smb/smb_signing.c | 4 +
libcli/smb/tstream_smbXcli_np.c | 4 +
librpc/idl/dcerpc.idl | 2 +
librpc/idl/ntlmssp.idl | 9 +-
librpc/rpc/binding.c | 2 +-
librpc/rpc/dcerpc_util.c | 141 +-
librpc/rpc/rpc_common.h | 9 +-
nsswitch/libwbclient/wbc_pam.c | 21 +-
nsswitch/winbind_struct_protocol.h | 1 +
python/samba/tests/__init__.py | 525 ++++
python/samba/tests/dcerpc/dnsserver.py | 2 +-
python/samba/tests/dcerpc/raw_protocol.py | 2623 ++++++++++++++++++++
selftest/flapping | 1 +
selftest/knownfail | 24 +
selftest/selftest.pl | 1 +
selftest/target/Samba3.pm | 1 +
selftest/target/Samba4.pm | 9 +-
source3/auth/auth_domain.c | 2 +-
source3/auth/auth_util.c | 15 +
source3/include/proto.h | 4 +-
source3/lib/netapi/cm.c | 2 +-
source3/libads/sasl.c | 39 +-
source3/libnet/libnet_join.c | 6 +-
source3/librpc/rpc/dcerpc.h | 10 +-
source3/librpc/rpc/dcerpc_helpers.c | 98 +-
source3/libsmb/cliconnect.c | 25 +-
source3/libsmb/clientgen.c | 9 +
source3/libsmb/passchange.c | 7 +-
source3/param/loadparm.c | 43 +-
source3/rpc_client/cli_pipe.c | 314 ++-
source3/rpc_server/netlogon/srv_netlog_nt.c | 57 +-
source3/rpc_server/rpc_handles.c | 1 +
source3/rpc_server/rpc_ncacn_np.c | 3 +-
source3/rpc_server/rpc_pipes.h | 11 +
source3/rpc_server/rpc_server.c | 12 +
source3/rpc_server/samr/srv_samr_nt.c | 5 +
source3/rpc_server/srv_pipe.c | 494 ++--
source3/rpcclient/rpcclient.c | 5 +-
source3/smbd/negprot.c | 6 +-
source3/smbd/sesssetup.c | 4 +-
source3/smbd/smb2_negprot.c | 10 +-
source3/smbd/smb2_sesssetup.c | 3 +-
source3/utils/net_ads.c | 2 +-
source3/utils/net_rpc.c | 2 +-
source3/utils/net_util.c | 2 +-
source3/winbindd/winbindd_ccache_access.c | 8 +-
source3/winbindd/winbindd_cm.c | 6 +-
source4/auth/ntlm/auth_util.c | 4 +-
source4/ldap_server/ldap_bind.c | 49 +-
source4/ldap_server/ldap_server.c | 6 +
source4/ldap_server/ldap_server.h | 2 +
source4/lib/tls/tls.h | 23 +
source4/lib/tls/tls_tstream.c | 249 ++
source4/lib/tls/tlscert.c | 18 +-
source4/lib/tls/wscript | 5 +
source4/libcli/cliconnect.c | 2 +-
source4/libcli/ldap/ldap_bind.c | 51 +-
source4/libcli/ldap/ldap_client.c | 9 +-
source4/libcli/raw/libcliraw.h | 1 +
source4/libcli/raw/rawnegotiate.c | 11 +-
source4/libcli/smb2/connect.c | 7 +-
source4/libcli/smb_composite/connect.c | 1 +
source4/libcli/smb_composite/sesssetup.c | 35 +-
source4/librpc/rpc/dcerpc.c | 348 ++-
source4/librpc/rpc/dcerpc.h | 14 +-
source4/librpc/rpc/dcerpc_auth.c | 93 +-
source4/librpc/rpc/dcerpc_connect.c | 22 +
source4/librpc/rpc/dcerpc_roh.c | 13 +-
source4/librpc/rpc/dcerpc_util.c | 12 +-
source4/param/loadparm.c | 3 +-
source4/rpc_server/backupkey/dcesrv_backupkey.c | 13 +-
.../backupkey/dcesrv_backupkey_heimdal.c | 12 +-
source4/rpc_server/common/reply.c | 42 +-
source4/rpc_server/dcerpc_server.c | 812 ++++--
source4/rpc_server/dcerpc_server.h | 57 +-
source4/rpc_server/dcesrv_auth.c | 253 +-
source4/rpc_server/dcesrv_mgmt.c | 8 +
source4/rpc_server/dnsserver/dcerpc_dnsserver.c | 8 +
source4/rpc_server/drsuapi/dcesrv_drsuapi.c | 8 +
source4/rpc_server/echo/rpc_echo.c | 7 +
source4/rpc_server/epmapper/rpc_epmapper.c | 8 +
source4/rpc_server/handles.c | 8 +-
source4/rpc_server/lsa/dcesrv_lsa.c | 8 +
source4/rpc_server/lsa/lsa_lookup.c | 12 +-
source4/rpc_server/netlogon/dcerpc_netlogon.c | 46 +-
source4/rpc_server/remote/dcesrv_remote.c | 8 +-
source4/rpc_server/samr/dcesrv_samr.c | 12 +
source4/selftest/tests.py | 66 +-
source4/smb_server/smb/sesssetup.c | 10 +
source4/smb_server/smb2/negprot.c | 1 +
source4/smb_server/smb2/sesssetup.c | 8 -
source4/torture/basic/base.c | 20 +-
source4/torture/raw/samba3misc.c | 7 +
source4/torture/rpc/netlogon.c | 1 +
source4/torture/rpc/remote_pac.c | 5 +-
source4/torture/rpc/samba3rpc.c | 6 +-
source4/torture/rpc/samr.c | 1 +
source4/torture/rpc/schannel.c | 2 +
testprogs/blackbox/test_ldb_simple.sh | 41 +
136 files changed, 7694 insertions(+), 1015 deletions(-)
create mode 100644 docs-xml/smbdotconf/ldap/ldapserverrequirestrongauth.xml
create mode 100644 docs-xml/smbdotconf/protocol/clientipcmaxprotocol.xml
create mode 100644 docs-xml/smbdotconf/protocol/clientipcminprotocol.xml
create mode 100644 docs-xml/smbdotconf/security/allowdcerpcauthlevelconnect.xml
create mode 100644 docs-xml/smbdotconf/security/clientipcsigning.xml
create mode 100644 docs-xml/smbdotconf/security/rawntlmv2auth.xml
create mode 100644 docs-xml/smbdotconf/security/tlsverifypeer.xml
create mode 100755 python/samba/tests/dcerpc/raw_protocol.py
create mode 100755 testprogs/blackbox/test_ldb_simple.sh
Changeset truncated at 500 lines:
diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h
index fdedd63..3779ec0 100644
--- a/auth/credentials/credentials.h
+++ b/auth/credentials/credentials.h
@@ -22,6 +22,7 @@
#ifndef __CREDENTIALS_H__
#define __CREDENTIALS_H__
+#include "../lib/util/time.h"
#include "../lib/util/data_blob.h"
#include "librpc/gen_ndr/misc.h"
@@ -80,7 +81,9 @@ void cli_credentials_get_ntlm_username_domain(struct cli_credentials *cred, TALL
const char **domain);
NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred, TALLOC_CTX *mem_ctx,
int *flags,
- DATA_BLOB challenge, DATA_BLOB target_info,
+ DATA_BLOB challenge,
+ const NTTIME *server_timestamp,
+ DATA_BLOB target_info,
DATA_BLOB *_lm_response, DATA_BLOB *_nt_response,
DATA_BLOB *_lm_session_key, DATA_BLOB *_session_key);
const char *cli_credentials_get_realm(struct cli_credentials *cred);
diff --git a/auth/credentials/credentials_ntlm.c b/auth/credentials/credentials_ntlm.c
index 4e12277..0abbb5c 100644
--- a/auth/credentials/credentials_ntlm.c
+++ b/auth/credentials/credentials_ntlm.c
@@ -30,7 +30,9 @@
_PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred, TALLOC_CTX *mem_ctx,
int *flags,
- DATA_BLOB challenge, DATA_BLOB target_info,
+ DATA_BLOB challenge,
+ const NTTIME *server_timestamp,
+ DATA_BLOB target_info,
DATA_BLOB *_lm_response, DATA_BLOB *_nt_response,
DATA_BLOB *_lm_session_key, DATA_BLOB *_session_key)
{
@@ -102,7 +104,7 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred
user,
domain,
nt_hash->hash, &challenge,
- &target_info,
+ server_timestamp, &target_info,
&lm_response, &nt_response,
NULL, &session_key)) {
return NT_STATUS_NO_MEMORY;
@@ -110,6 +112,12 @@ _PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred
/* LM Key is incompatible... */
*flags &= ~CLI_CRED_LANMAN_AUTH;
+ if (lm_response.length != 0) {
+ /*
+ * We should not expose the lm key.
+ */
+ memset(lm_response.data, 0, lm_response.length);
+ }
} else if (*flags & CLI_CRED_NTLM2) {
MD5_CTX md5_session_nonce_ctx;
uint8_t session_nonce[16];
diff --git a/auth/gensec/gensec.c b/auth/gensec/gensec.c
index e3b1352..2a8bba8 100644
--- a/auth/gensec/gensec.c
+++ b/auth/gensec/gensec.c
@@ -30,6 +30,16 @@
#include "auth/gensec/gensec_internal.h"
#include "librpc/gen_ndr/dcerpc.h"
+_PRIVATE_ NTSTATUS gensec_may_reset_crypto(struct gensec_security *gensec_security,
+ bool full_reset)
+{
+ if (!gensec_security->ops->may_reset_crypto) {
+ return NT_STATUS_OK;
+ }
+
+ return gensec_security->ops->may_reset_crypto(gensec_security, full_reset);
+}
+
/*
wrappers for the gensec function pointers
*/
diff --git a/auth/gensec/gensec_internal.h b/auth/gensec/gensec_internal.h
index 2751196..5535241 100644
--- a/auth/gensec/gensec_internal.h
+++ b/auth/gensec/gensec_internal.h
@@ -47,6 +47,8 @@ struct gensec_security_ops {
NTSTATUS (*update_recv)(struct tevent_req *req,
TALLOC_CTX *out_mem_ctx,
DATA_BLOB *out);
+ NTSTATUS (*may_reset_crypto)(struct gensec_security *gensec_security,
+ bool full_reset);
NTSTATUS (*seal_packet)(struct gensec_security *gensec_security, TALLOC_CTX *sig_mem_ctx,
uint8_t *data, size_t length,
const uint8_t *whole_pdu, size_t pdu_length,
@@ -121,4 +123,7 @@ struct gensec_critical_sizes {
int sizeof_gensec_security;
};
+NTSTATUS gensec_may_reset_crypto(struct gensec_security *gensec_security,
+ bool full_reset);
+
#endif /* __GENSEC_H__ */
diff --git a/auth/gensec/schannel.c b/auth/gensec/schannel.c
index 9b28c45..8baf803 100644
--- a/auth/gensec/schannel.c
+++ b/auth/gensec/schannel.c
@@ -467,6 +467,16 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_
*out = data_blob(NULL, 0);
+ if (gensec_security->dcerpc_auth_level < DCERPC_AUTH_LEVEL_INTEGRITY) {
+ switch (gensec_security->gensec_role) {
+ case GENSEC_CLIENT:
+ return NT_STATUS_INVALID_PARAMETER_MIX;
+ case GENSEC_SERVER:
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
switch (gensec_security->gensec_role) {
case GENSEC_CLIENT:
if (state != NULL) {
@@ -662,9 +672,15 @@ static NTSTATUS schannel_client_start(struct gensec_security *gensec_security)
static bool schannel_have_feature(struct gensec_security *gensec_security,
uint32_t feature)
{
- if (feature & (GENSEC_FEATURE_SIGN |
- GENSEC_FEATURE_SEAL)) {
- return true;
+ if (gensec_security->dcerpc_auth_level >= DCERPC_AUTH_LEVEL_INTEGRITY) {
+ if (feature & GENSEC_FEATURE_SIGN) {
+ return true;
+ }
+ }
+ if (gensec_security->dcerpc_auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
+ if (feature & GENSEC_FEATURE_SEAL) {
+ return true;
+ }
}
if (feature & GENSEC_FEATURE_DCE_STYLE) {
return true;
diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c
index 0079bb8..2922478 100644
--- a/auth/gensec/spnego.c
+++ b/auth/gensec/spnego.c
@@ -53,6 +53,11 @@ struct spnego_state {
const char *neg_oid;
DATA_BLOB mech_types;
+ size_t num_targs;
+ bool mic_requested;
+ bool needs_mic_sign;
+ bool needs_mic_check;
+ bool done_mic_check;
/*
* The following is used to implement
@@ -416,6 +421,11 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_
spnego_state->neg_oid = all_sec[i].oid;
*unwrapped_out = data_blob_null;
nt_status = NT_STATUS_MORE_PROCESSING_REQUIRED;
+ /*
+ * Indicate the downgrade and request a
+ * mic.
+ */
+ spnego_state->mic_requested = true;
break;
}
@@ -674,22 +684,27 @@ static NTSTATUS gensec_spnego_server_negTokenTarg(struct spnego_state *spnego_st
/* compose reply */
spnego_out.type = SPNEGO_NEG_TOKEN_TARG;
spnego_out.negTokenTarg.responseToken = unwrapped_out;
- spnego_out.negTokenTarg.mechListMIC = null_data_blob;
+ spnego_out.negTokenTarg.mechListMIC = mech_list_mic;
spnego_out.negTokenTarg.supportedMech = NULL;
if (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
spnego_out.negTokenTarg.supportedMech = spnego_state->neg_oid;
- spnego_out.negTokenTarg.negResult = SPNEGO_ACCEPT_INCOMPLETE;
+ if (spnego_state->mic_requested) {
+ spnego_out.negTokenTarg.negResult = SPNEGO_REQUEST_MIC;
+ spnego_state->mic_requested = false;
+ } else {
+ spnego_out.negTokenTarg.negResult = SPNEGO_ACCEPT_INCOMPLETE;
+ }
spnego_state->state_position = SPNEGO_SERVER_TARG;
} else if (NT_STATUS_IS_OK(nt_status)) {
if (unwrapped_out.data) {
spnego_out.negTokenTarg.supportedMech = spnego_state->neg_oid;
}
spnego_out.negTokenTarg.negResult = SPNEGO_ACCEPT_COMPLETED;
- spnego_out.negTokenTarg.mechListMIC = mech_list_mic;
spnego_state->state_position = SPNEGO_DONE;
} else {
spnego_out.negTokenTarg.negResult = SPNEGO_REJECT;
+ spnego_out.negTokenTarg.mechListMIC = null_data_blob;
DEBUG(2, ("SPNEGO login failed: %s\n", nt_errstr(nt_status)));
spnego_state->state_position = SPNEGO_DONE;
}
@@ -700,6 +715,7 @@ static NTSTATUS gensec_spnego_server_negTokenTarg(struct spnego_state *spnego_st
}
spnego_state->expected_packet = SPNEGO_NEG_TOKEN_TARG;
+ spnego_state->num_targs++;
return nt_status;
}
@@ -784,6 +800,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
const char *my_mechs[] = {NULL, NULL};
NTSTATUS nt_status = NT_STATUS_INVALID_PARAMETER;
+ bool ok;
if (!in.length) {
/* client to produce negTokenInit */
@@ -846,6 +863,14 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
return NT_STATUS_INVALID_PARAMETER;
}
+ ok = spnego_write_mech_types(spnego_state,
+ my_mechs,
+ &spnego_state->mech_types);
+ if (!ok) {
+ DEBUG(1, ("SPNEGO: Failed to write mechTypes\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
/* set next state */
spnego_state->expected_packet = SPNEGO_NEG_TOKEN_TARG;
spnego_state->state_position = SPNEGO_CLIENT_TARG;
@@ -883,18 +908,57 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
return NT_STATUS_INVALID_PARAMETER;
}
+ spnego_state->num_targs++;
+
if (!spnego_state->sub_sec_security) {
DEBUG(1, ("SPNEGO: Did not setup a mech in NEG_TOKEN_INIT\n"));
spnego_free_data(&spnego);
return NT_STATUS_INVALID_PARAMETER;
}
+ if (spnego_state->needs_mic_check) {
+ if (spnego.negTokenTarg.responseToken.length != 0) {
+ DEBUG(1, ("SPNEGO: Did not setup a mech in NEG_TOKEN_INIT\n"));
+ spnego_free_data(&spnego);
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ nt_status = gensec_check_packet(spnego_state->sub_sec_security,
+ spnego_state->mech_types.data,
+ spnego_state->mech_types.length,
+ spnego_state->mech_types.data,
+ spnego_state->mech_types.length,
+ &spnego.negTokenTarg.mechListMIC);
+ if (NT_STATUS_IS_OK(nt_status)) {
+ spnego_state->needs_mic_check = false;
+ spnego_state->done_mic_check = true;
+ } else {
+ DEBUG(2,("GENSEC SPNEGO: failed to verify mechListMIC: %s\n",
+ nt_errstr(nt_status)));
+ }
+ goto server_response;
+ }
+
nt_status = gensec_update_ev(spnego_state->sub_sec_security,
- out_mem_ctx, ev,
- spnego.negTokenTarg.responseToken,
- &unwrapped_out);
- if (NT_STATUS_IS_OK(nt_status) && spnego.negTokenTarg.mechListMIC.length > 0) {
+ out_mem_ctx, ev,
+ spnego.negTokenTarg.responseToken,
+ &unwrapped_out);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ goto server_response;
+ }
+
+ new_spnego = gensec_have_feature(spnego_state->sub_sec_security,
+ GENSEC_FEATURE_NEW_SPNEGO);
+ if (spnego.negTokenTarg.mechListMIC.length > 0) {
new_spnego = true;
+ }
+
+ if (new_spnego) {
+ spnego_state->needs_mic_check = true;
+ spnego_state->needs_mic_sign = true;
+ }
+
+ if (spnego.negTokenTarg.mechListMIC.length > 0) {
nt_status = gensec_check_packet(spnego_state->sub_sec_security,
spnego_state->mech_types.data,
spnego_state->mech_types.length,
@@ -904,9 +968,14 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(2,("GENSEC SPNEGO: failed to verify mechListMIC: %s\n",
nt_errstr(nt_status)));
+ goto server_response;
}
+
+ spnego_state->needs_mic_check = false;
+ spnego_state->done_mic_check = true;
}
- if (NT_STATUS_IS_OK(nt_status) && new_spnego) {
+
+ if (spnego_state->needs_mic_sign) {
nt_status = gensec_sign_packet(spnego_state->sub_sec_security,
out_mem_ctx,
spnego_state->mech_types.data,
@@ -917,9 +986,16 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(2,("GENSEC SPNEGO: failed to sign mechListMIC: %s\n",
nt_errstr(nt_status)));
+ goto server_response;
}
+ spnego_state->needs_mic_sign = false;
}
+ if (spnego_state->needs_mic_check) {
+ nt_status = NT_STATUS_MORE_PROCESSING_REQUIRED;
+ }
+
+ server_response:
nt_status = gensec_spnego_server_negTokenTarg(spnego_state,
out_mem_ctx,
nt_status,
@@ -933,7 +1009,8 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
}
case SPNEGO_CLIENT_TARG:
{
- NTSTATUS nt_status;
+ NTSTATUS nt_status = NT_STATUS_INTERNAL_ERROR;
+
if (!in.length) {
return NT_STATUS_INVALID_PARAMETER;
}
@@ -955,19 +1032,27 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
return NT_STATUS_INVALID_PARAMETER;
}
+ spnego_state->num_targs++;
+
if (spnego.negTokenTarg.negResult == SPNEGO_REJECT) {
spnego_free_data(&spnego);
return NT_STATUS_LOGON_FAILURE;
}
+ if (spnego.negTokenTarg.negResult == SPNEGO_REQUEST_MIC) {
+ spnego_state->mic_requested = true;
+ }
+
/* Server didn't like our choice of mech, and chose something else */
- if ((spnego.negTokenTarg.negResult == SPNEGO_ACCEPT_INCOMPLETE) &&
+ if (((spnego.negTokenTarg.negResult == SPNEGO_ACCEPT_INCOMPLETE) ||
+ (spnego.negTokenTarg.negResult == SPNEGO_REQUEST_MIC)) &&
spnego.negTokenTarg.supportedMech &&
strcmp(spnego.negTokenTarg.supportedMech, spnego_state->neg_oid) != 0) {
DEBUG(3,("GENSEC SPNEGO: client preferred mech (%s) not accepted, server wants: %s\n",
- gensec_get_name_by_oid(gensec_security, spnego.negTokenTarg.supportedMech),
- gensec_get_name_by_oid(gensec_security, spnego_state->neg_oid)));
+ gensec_get_name_by_oid(gensec_security, spnego_state->neg_oid),
+ gensec_get_name_by_oid(gensec_security, spnego.negTokenTarg.supportedMech)));
+ spnego_state->no_response_expected = false;
talloc_free(spnego_state->sub_sec_security);
nt_status = gensec_subcontext_start(spnego_state,
gensec_security,
@@ -984,64 +1069,143 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
return nt_status;
}
- nt_status = gensec_update_ev(spnego_state->sub_sec_security,
- out_mem_ctx, ev,
- spnego.negTokenTarg.responseToken,
- &unwrapped_out);
- spnego_state->neg_oid = talloc_strdup(spnego_state, spnego.negTokenTarg.supportedMech);
- } else if (spnego_state->no_response_expected) {
- if (spnego.negTokenTarg.negResult != SPNEGO_ACCEPT_COMPLETED) {
- DEBUG(3,("GENSEC SPNEGO: client GENSEC accepted, but server rejected (bad password?)\n"));
- nt_status = NT_STATUS_INVALID_PARAMETER;
- } else if (spnego.negTokenTarg.responseToken.length) {
- DEBUG(2,("GENSEC SPNEGO: client GENSEC accepted, but server continued negotiation!\n"));
- nt_status = NT_STATUS_INVALID_PARAMETER;
- } else {
- nt_status = NT_STATUS_OK;
+ spnego_state->neg_oid = talloc_strdup(spnego_state,
+ spnego.negTokenTarg.supportedMech);
+ if (spnego_state->neg_oid == NULL) {
+ spnego_free_data(&spnego);
+ return NT_STATUS_NO_MEMORY;
+ };
+ }
+
+ if (spnego.negTokenTarg.mechListMIC.length > 0) {
+ if (spnego_state->no_response_expected) {
+ spnego_state->needs_mic_check = true;
}
- if (NT_STATUS_IS_OK(nt_status) && spnego.negTokenTarg.mechListMIC.length > 0) {
- nt_status = gensec_check_packet(spnego_state->sub_sec_security,
- spnego_state->mech_types.data,
- spnego_state->mech_types.length,
- spnego_state->mech_types.data,
- spnego_state->mech_types.length,
- &spnego.negTokenTarg.mechListMIC);
- if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(2,("GENSEC SPNEGO: failed to verify mechListMIC: %s\n",
- nt_errstr(nt_status)));
- }
+ }
+
+ if (spnego_state->needs_mic_check) {
+ if (spnego.negTokenTarg.responseToken.length != 0) {
+ DEBUG(1, ("SPNEGO: Did not setup a mech in NEG_TOKEN_INIT\n"));
+ spnego_free_data(&spnego);
+ return NT_STATUS_INVALID_PARAMETER;
}
- } else {
- bool new_spnego = false;
+ nt_status = gensec_check_packet(spnego_state->sub_sec_security,
+ spnego_state->mech_types.data,
+ spnego_state->mech_types.length,
+ spnego_state->mech_types.data,
+ spnego_state->mech_types.length,
+ &spnego.negTokenTarg.mechListMIC);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ DEBUG(2,("GENSEC SPNEGO: failed to verify mechListMIC: %s\n",
+ nt_errstr(nt_status)));
+ spnego_free_data(&spnego);
+ return nt_status;
+ }
+ spnego_state->needs_mic_check = false;
+ spnego_state->done_mic_check = true;
+ goto client_response;
+ }
+
+ if (!spnego_state->no_response_expected) {
nt_status = gensec_update_ev(spnego_state->sub_sec_security,
out_mem_ctx, ev,
spnego.negTokenTarg.responseToken,
&unwrapped_out);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ goto client_response;
+ }
+
+ spnego_state->no_response_expected = true;
+ } else {
+ nt_status = NT_STATUS_OK;
+ }
- if (NT_STATUS_IS_OK(nt_status)
- && spnego.negTokenTarg.negResult != SPNEGO_ACCEPT_COMPLETED) {
- new_spnego = gensec_have_feature(spnego_state->sub_sec_security,
- GENSEC_FEATURE_NEW_SPNEGO);
+ if (spnego_state->no_response_expected &&
+ !spnego_state->done_mic_check)
+ {
+ bool new_spnego = false;
+
+ new_spnego = gensec_have_feature(spnego_state->sub_sec_security,
+ GENSEC_FEATURE_NEW_SPNEGO);
+
+ switch (spnego.negTokenTarg.negResult) {
+ case SPNEGO_ACCEPT_COMPLETED:
+ case SPNEGO_NONE_RESULT:
+ if (spnego_state->num_targs == 1) {
+ /*
+ * the first exchange doesn't require
+ * verification
+ */
+ new_spnego = false;
+ }
+ break;
+
+ case SPNEGO_ACCEPT_INCOMPLETE:
+ case SPNEGO_REQUEST_MIC:
+ if (spnego.negTokenTarg.mechListMIC.length > 0) {
+ new_spnego = true;
+ }
+ break;
+ default:
+ break;
}
- if (NT_STATUS_IS_OK(nt_status) && new_spnego) {
- nt_status = gensec_sign_packet(spnego_state->sub_sec_security,
- out_mem_ctx,
- spnego_state->mech_types.data,
- spnego_state->mech_types.length,
- spnego_state->mech_types.data,
- spnego_state->mech_types.length,
- &mech_list_mic);
- if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(2,("GENSEC SPNEGO: failed to sign mechListMIC: %s\n",
- nt_errstr(nt_status)));
+
+ if (spnego_state->mic_requested) {
+ bool sign;
+
+ sign = gensec_have_feature(spnego_state->sub_sec_security,
--
Samba Shared Repository
More information about the samba-cvs
mailing list