Commits · iboukris-winbind-hang · The Samba Team / Upstream Samba Development / samba

This project is mirrored from https://gitlab.com/samba-team/samba.git. Pull mirroring updated Aug 16, 2022.

06 Oct, 2020 1 commit
- reinterpret startup_time · 973875c3
  Isaac Boukris authored Oct 06, 2020
  
  973875c3
02 Oct, 2020 2 commits
- call find_domain_from_sid_noinit even for local sam · 08fe606a
  Isaac Boukris authored Oct 02, 2020
  
  08fe606a
- fixup · 9e28be0a
  Isaac Boukris authored Oct 02, 2020
  
  9e28be0a
23 Sep, 2020 3 commits
- Only try to keep our primary domain online · 655281d7
  Isaac Boukris authored Sep 23, 2020
  
  655281d7
- Tell the parent if we think we are online · 10aba654
  Isaac Boukris authored Sep 23, 2020
  
  10aba654
- rework? · 05a7527f
  Isaac Boukris authored Sep 22, 2020
  
  05a7527f
21 Sep, 2020 4 commits
- don't reschedule on failure in child, the parent does it already · 97a041d6
  Isaac Boukris authored Sep 17, 2020
  
  97a041d6
- don't connect over the network in main winbind process, PING_DC instead · 528ede17
  Isaac Boukris authored Sep 16, 2020
```
and remove fork_child_dc_connect()!
```
  528ede17
- use domain as mem_ctx for scheduling check_domain_online_handler() · 56813d1f
  Isaac Boukris authored Sep 17, 2020
  
  56813d1f
- s3: fix fcntl waf configure check · 454ccd98
  Ralph Böhme authored Sep 21, 2020 and VL committed Sep 21, 2020
```
RN: Fix fcntl waf configure check
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14503

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Sep 21 07:26:54 UTC 2020 on sn-devel-184
```
  454ccd98
18 Sep, 2020 22 commits

CVE-2020-1472(ZeroLogon): s4 torture rpc: repeated bytes in client challenge · 9945f3e3

Gary Lockyer authored Sep 18, 2020 and

Stefan Metzmacher committed Sep 18, 2020

Ensure that client challenges with the first 5 bytes identical are
rejected.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Sep 18 14:13:17 UTC 2020 on sn-devel-184

9945f3e3

CVE-2020-1472(ZeroLogon): s4 torture rpc: Test empty machine acct pwd · 4b262b03

Gary Lockyer authored Sep 18, 2020 and

Stefan Metzmacher committed Sep 18, 2020

Ensure that an empty machine account password can't be set by
netr_ServerPasswordSet2

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

4b262b03

CVE-2020-1472(ZeroLogon): docs-xml: document 'server require schannel:COMPUTERACCOUNT' · d1790a0b

Stefan Metzmacher authored Sep 17, 2020

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

d1790a0b

CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: log warnings about unsecure configurations · b8e4b0f4

Günther Deschner authored Sep 17, 2020 and

Stefan Metzmacher committed Sep 18, 2020

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497



Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

b8e4b0f4

CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: support "server require... · b74017d2

Günther Deschner authored Sep 17, 2020 and

Stefan Metzmacher committed Sep 18, 2020

CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: support "server require schannel:WORKSTATION$ = no"

This allows to add expections for individual workstations, when using "server schannel = yes".
"server schannel = auto" is very insecure and will be removed soon.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

b74017d2

CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: refactor dcesrv_netr_creds_server_step_check() · 9ef5b63e

Günther Deschner authored Sep 17, 2020 and

Stefan Metzmacher committed Sep 18, 2020

We should debug more details about the failing request.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497



Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

9ef5b63e

CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: log warnings about unsecure configurations · ca8a0098

Stefan Metzmacher authored Sep 17, 2020

This should give admins wawrnings until they have a secure
configuration.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

ca8a0098

CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: support "server require... · f9b772bf

Stefan Metzmacher authored Sep 16, 2020

CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: support "server require schannel:WORKSTATION$ = no"

This allows to add expections for individual workstations, when using "server schannel = yes".
"server schannel = auto" is very insecure and will be removed soon.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

f9b772bf

CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: refactor dcesrv_netr_creds_server_step_check() · be8e6394

Stefan Metzmacher authored Sep 16, 2020

We should debug more details about the failing request.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

be8e6394

CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: protect... · 82d41977

Jeremy Allison authored Sep 16, 2020 and

Stefan Metzmacher committed Sep 18, 2020

CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: protect netr_ServerPasswordSet2 against unencrypted passwords

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497



Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

82d41977

CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Fix mem leak onto p->mem_ctx... · 9ec8b59b

Jeremy Allison authored Sep 16, 2020 and

Stefan Metzmacher committed Sep 18, 2020

CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Fix mem leak onto p->mem_ctx in error path of _netr_ServerPasswordSet2().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

9ec8b59b

CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: protect... · d8a6e654

Stefan Metzmacher authored Sep 16, 2020

CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: protect netr_ServerPasswordSet2 against unencrypted passwords

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

d8a6e654

CVE-2020-1472(ZeroLogon): libcli/auth: reject weak client challenges in... · d3123858

Stefan Metzmacher authored Sep 16, 2020

CVE-2020-1472(ZeroLogon): libcli/auth: reject weak client challenges in netlogon_creds_server_init()

This implements the note from MS-NRPC 3.1.4.1 Session-Key Negotiation:

 7. If none of the first 5 bytes of the client challenge is unique, the
    server MUST fail session-key negotiation without further processing of
    the following steps.

It lets ./zerologon_tester.py from
https://github.com/SecuraBV/CVE-2020-1472.git
report: "Attack failed. Target is probably patched."

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

d3123858

CVE-2020-1472(ZeroLogon): libcli/auth: add... · 53528c71

Stefan Metzmacher authored Sep 16, 2020

CVE-2020-1472(ZeroLogon): libcli/auth: add netlogon_creds_is_random_challenge() to avoid weak values

This is the check Windows is using, so we won't generate challenges,
which are rejected by Windows DCs (and future Samba DCs).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

53528c71

CVE-2020-1472(ZeroLogon): s4:rpc_server:netlogon: make use of netlogon_creds_random_challenge() · 74eb448a

Stefan Metzmacher authored Sep 16, 2020

This is not strictly needed, but makes things more clear.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

74eb448a

CVE-2020-1472(ZeroLogon): s3:rpc_server:netlogon: make use of netlogon_creds_random_challenge() · caba2d80

Stefan Metzmacher authored Sep 16, 2020

This is not strictly needed, but makes things more clear.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

caba2d80

CVE-2020-1472(ZeroLogon): libcli/auth: make use of... · 46642fd3

Stefan Metzmacher authored Sep 16, 2020

CVE-2020-1472(ZeroLogon): libcli/auth: make use of netlogon_creds_random_challenge() in netlogon_creds_cli.c

This will avoid getting rejected by the server if we generate
a weak challenge.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

46642fd3

CVE-2020-1472(ZeroLogon): s4:torture/rpc: make use of netlogon_creds_random_challenge() · 355efadc

Stefan Metzmacher authored Sep 16, 2020

This will avoid getting flakey tests once our server starts to
reject weak challenges.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

355efadc

CVE-2020-1472(ZeroLogon): libcli/auth: add netlogon_creds_random_challenge() · b813cdca

Stefan Metzmacher authored Sep 16, 2020

It's good to have just a single isolated function that will generate
random challenges, in future we can add some logic in order to
avoid weak values, which are likely to be rejected by a server.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

b813cdca

nt_printing_ads: add missing printShareName attribute when publishing printers · 380938b0

Björn Jacke authored Sep 07, 2020 and

Jeremy Allison committed Sep 18, 2020

Without printShareName attribute in LDAP, Windows doesn't list the pinters at all.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9771

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep 18 01:58:22 UTC 2020 on sn-devel-184

380938b0

cli_winreg_spoolss: handle also printer sharename · 787d7756

Björn Jacke authored Sep 07, 2020 and

Jeremy Allison committed Sep 18, 2020

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9771

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

787d7756

srv_spoolss_nt.c: fix wrong value in debug message · 7651c026
Björn Jacke authored Sep 07, 2020 and Jeremy Allison committed Sep 18, 2020
```
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
```
7651c026

17 Sep, 2020 1 commit

tests: Disable kerberos for weak crypto test · ed625d66

Samuel Cabrero authored Sep 15, 2020 and

David Disseldorp committed Sep 17, 2020



Otherwise the test fails because the client is authenticated using
spnego and gse_krb5, not triggering the weak crypto restrictions.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Thu Sep 17 00:05:51 UTC 2020 on sn-devel-184

ed625d66

16 Sep, 2020 2 commits

selftest: set pid directory in client's smb.conf · 63b0d2dc

Samuel Cabrero authored Sep 15, 2020 and

David Disseldorp committed Sep 16, 2020



Set a pid file directory to avoid the following testparm error:

ERROR: pid directory /usr/local/samba/var/run does not exist
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

63b0d2dc

selftest: Create client directories in a loop · ebada816
Samuel Cabrero authored Sep 16, 2020 and David Disseldorp committed Sep 16, 2020
```
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
```
ebada816

15 Sep, 2020 5 commits

s3: libsmb: Cleanup - in internal_resolve_name() only write the out parameters on success. · 67498ffd

Jeremy Allison authored Sep 09, 2020



All callers already correctly initialize them.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Tue Sep 15 11:33:35 UTC 2020 on sn-devel-184

67498ffd

s3: Remove struct ip_service. · c1d39295

Jeremy Allison authored Sep 09, 2020



                           ---------------
                          /               \
                         /      REST       \
                        /        IN         \
                       /        PEACE        \
                      /                       \
                      |                       |
                      |   struct ip_service   |
                      |                       |
                      |                       |
                      |       9 August        |
                      |   In the year of the  |
                      |        pandemic       |
                      |          2020         |
                     *|     *  *  *           | *
            _________)/\\_//(\/(/\)/\//\/\////|_)_______
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

c1d39295

s3: libsmb: namequery. Rename remove_duplicate_addrs2_sa() to remove_duplicate_addrs2() · 526fdaa7
Jeremy Allison authored Sep 09, 2020
```
It's now the only function.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
```
526fdaa7
s3: libsmb: namequery.c: Remove unused remove_duplicate_addrs2(). · d627ef14
Jeremy Allison authored Sep 09, 2020
```
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
```
d627ef14
s3: libsmb: namequery.c: Remove now unused internal_resolve_name() wrapper. · 5b6245d1
Jeremy Allison authored Sep 09, 2020
```
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
```
5b6245d1