[SCM] Samba Shared Repository - branch master updated

Noel Power npower at samba.org
Tue Jun 4 09:40:01 UTC 2024 

The branch, master has been updated
       via  747a7fec01d s3:rpc_server: Check query level according to MS-NRPC
       via  8adbdbe50f7 s3:rpc_server: Check function code according to MS-NRPC
       via  0418b9fa929 s3/rpc_server: Fix dereference of client pointer
       via  a27525e555c s4/torture: Test with level 4 with NETLOGON_CONTROL_SET_DBFLAG function
       via  1297c7ca65b s4/torture: Prepare to handle Level 4 check with unknown func code
      from  6b3135078e0 lib: Align an integer type

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 747a7fec01d39453093ed48b167fa1d5d80aead4
Author: Jo Sutton <josutton at catalyst.net.nz>
Date:   Tue May 28 15:12:36 2024 +1200

    s3:rpc_server: Check query level according to MS-NRPC
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15465
    Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
    Reviewed-by: Noel Power <noel.power at suse.com>
    
    Autobuild-User(master): Noel Power <npower at samba.org>
    Autobuild-Date(master): Tue Jun  4 09:39:42 UTC 2024 on atb-devel-224

commit 8adbdbe50f7ac69cb815794d1c3d214bbac7c848
Author: Jo Sutton <josutton at catalyst.net.nz>
Date:   Tue May 28 15:10:51 2024 +1200

    s3:rpc_server: Check function code according to MS-NRPC
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15465
    Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
    Reviewed-by: Noel Power <noel.power at suse.com>

commit 0418b9fa929736a404b9ff976ff034009b913089
Author: Noel Power <noel.power at suse.com>
Date:   Mon Sep 25 09:58:33 2023 +0100

    s3/rpc_server: Fix dereference of client pointer
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15465
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>

commit a27525e555c2c88f3b3bbef17d6e803a3a231d2b
Author: Noel Power <noel.power at suse.com>
Date:   Sun Sep 24 01:03:37 2023 +0100

    s4/torture: Test with level 4 with NETLOGON_CONTROL_SET_DBFLAG function
    
    Change levels tested from 1 - 3 to 1 - 4 for NETLOGON_CONTROL_SET_DBFLAG
    
    This change triggers a core dump in the server and so we add a knownfail
    here. Following commit will fix (and remove known fail)
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15465
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

commit 1297c7ca65ba485febee4eabe32a8e1c793b187c
Author: Noel Power <noel.power at suse.com>
Date:   Mon Sep 25 10:30:30 2023 +0100

    s4/torture: Prepare to handle Level 4 check with unknown func code
    
    A future (next) commit will change the NETLOGON_CONTROL_SET_DBFLAG test
    to use levels 1 - 4 (current test just tests 1 - 3). A side affect of
    this test is that the following test will now test passing an unknown
    function code against against Level 4 (previously level 3).
    
    Unfortunately s4 and s3 netlogon server results differ when handling
    a level 4 request with an unknown function code.
      s3 server returns WERR_NOT_SUPPORTED and
      s4 server returns WERR_INVALID_PARAMETER.
    
    For level 3 both return WERR_NOT_SUPPORTED.
    
    MS-NRPC doesn't seem to specifically indicate the required response in
    this case.
    
    this commit modifies the test to cater for either response (for either
    level) A future commit could explore the test response combinations more
    thorougly.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15465
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

-----------------------------------------------------------------------

Summary of changes:
 source3/rpc_server/netlogon/srv_netlog_nt.c | 30 +++++++++++++++++++----------
 source4/torture/rpc/netlogon.c              |  8 ++++++--
 2 files changed, 26 insertions(+), 12 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
index fa3e597fa8e..ccae62083cc 100644
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -197,7 +197,6 @@ WERROR _netr_LogonControl2Ex(struct pipes_struct *p,
 	struct netr_NETLOGON_INFO_1 *info1;
 	struct netr_NETLOGON_INFO_2 *info2;
 	struct netr_NETLOGON_INFO_3 *info3;
-	struct netr_NETLOGON_INFO_4 *info4;
 	const char *fn;
 	NTSTATUS status;
 	struct netr_DsRGetDCNameInfo *dc_info;
@@ -264,10 +263,16 @@ WERROR _netr_LogonControl2Ex(struct pipes_struct *p,
 	case NETLOGON_CONTROL_TRUNCATE_LOG:
 	case NETLOGON_CONTROL_TRANSPORT_NOTIFY:
 	case NETLOGON_CONTROL_FORCE_DNS_REG:
+		return WERR_NOT_SUPPORTED;
 	case NETLOGON_CONTROL_QUERY_DNS_REG:
+		if (r->in.level != 1) {
+			return WERR_INVALID_PARAMETER;
+		}
 		return WERR_NOT_SUPPORTED;
-
 	case NETLOGON_CONTROL_FIND_USER:
+		if (r->in.level != 4) {
+			return WERR_INVALID_PARAMETER;
+		}
 		if (!r->in.data || !r->in.data->user) {
 			return WERR_NOT_SUPPORTED;
 		}
@@ -278,6 +283,9 @@ WERROR _netr_LogonControl2Ex(struct pipes_struct *p,
 		}
 		break;
 	case NETLOGON_CONTROL_TC_VERIFY:
+		if (r->in.level != 2) {
+			return WERR_INVALID_PARAMETER;
+		}
 		if (!r->in.data || !r->in.data->domain) {
 			return WERR_NOT_SUPPORTED;
 		}
@@ -369,6 +377,12 @@ WERROR _netr_LogonControl2Ex(struct pipes_struct *p,
 		r->out.query->info1 = info1;
 		break;
 	case 2:
+		if (r->in.function_code != NETLOGON_CONTROL_REDISCOVER &&
+		    r->in.function_code != NETLOGON_CONTROL_TC_QUERY &&
+		    r->in.function_code != NETLOGON_CONTROL_TC_VERIFY)
+		{
+			return WERR_INVALID_PARAMETER;
+		}
 		info2 = talloc_zero(p->mem_ctx, struct netr_NETLOGON_INFO_2);
 		W_ERROR_HAVE_NO_MEMORY(info2);
 
@@ -389,14 +403,10 @@ WERROR _netr_LogonControl2Ex(struct pipes_struct *p,
 		r->out.query->info3 = info3;
 		break;
 	case 4:
-		info4 = talloc_zero(p->mem_ctx, struct netr_NETLOGON_INFO_4);
-		W_ERROR_HAVE_NO_MEMORY(info4);
-
-		info4->trusted_dc_name		= dc_name;
-		info4->trusted_domain_name	= r->in.data->domain;
-
-		r->out.query->info4 = info4;
-		break;
+		if (r->in.function_code != NETLOGON_CONTROL_FIND_USER) {
+			return WERR_INVALID_PARAMETER;
+		}
+		return WERR_NOT_SUPPORTED;
 	default:
 		return WERR_INVALID_LEVEL;
 	}
diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c
index c3715619cb7..1f04af119ac 100644
--- a/source4/torture/rpc/netlogon.c
+++ b/source4/torture/rpc/netlogon.c
@@ -3993,6 +3993,7 @@ static bool test_DatabaseSync2(struct torture_context *tctx,
 /*
   try a netlogon LogonControl2Ex
 */
+
 static bool test_LogonControl2Ex(struct torture_context *tctx,
 				 struct dcerpc_pipe *p,
 				 struct cli_credentials *machine_credentials)
@@ -4066,7 +4067,7 @@ static bool test_LogonControl2Ex(struct torture_context *tctx,
 	r.in.function_code = NETLOGON_CONTROL_SET_DBFLAG;
 	r.in.data = &data;
 
-	for (i=1;i<4;i++) {
+	for (i=1;i<=4;i++) {
 		r.in.level = i;
 
 		torture_comment(tctx, "Testing LogonControl2Ex function code %s (%d) level %d\n",
@@ -4087,7 +4088,10 @@ static bool test_LogonControl2Ex(struct torture_context *tctx,
 	torture_assert_ntstatus_ok(tctx, status, "LogonControl2Ex");
 	switch (secure_channel_type) {
 	case SEC_CHAN_NULL:
-		torture_assert_werr_equal(tctx, r.out.result, WERR_NOT_SUPPORTED, "LogonControl2Ex");
+		torture_assert(tctx,
+			W_ERROR_EQUAL(r.out.result, WERR_NOT_SUPPORTED) ||
+			W_ERROR_EQUAL(r.out.result, WERR_INVALID_PARAMETER),
+			"LogonControl2Ex");
 		break;
 	default:
 		torture_assert_werr_equal(tctx, r.out.result, WERR_ACCESS_DENIED, "LogonControl2Ex");


-- 
Samba Shared Repository

More information about the samba-cvs mailing list