[prev in list] [next in list] [prev in thread] [next in thread]
List: samba-cvs
Subject: [SCM] Samba Shared Repository - branch v4-1-test updated
From: kseeger () samba ! org (Karolin Seeger)
Date: 2015-06-30 2:19:06
Message-ID: 20150630021906.942DE140457 () sn ! samba ! org
[Download RAW message or body]
The branch, v4-1-test has been updated
via 7434e77 docs: overhaul the description of "smb encrypt" to include SMB3 \
encryption.
via 972a97b docs: Change smb encrypt default in docs to match s3 and \
lib/param via 290c1ae s3: smbd: Codenomicon crash in do_smb_load_module().
via 81dde5e s3:winbindd: make sure we pass a valid server to \
rpccli_netlogon_sam_network_logon*()
via e700e9d s3: smbd: Use separate flag to track \
become_root()/unbecome_root() state. via af4617a s3:param/loadparm fix testparm \
--show-all-parameters from 9a67af3 VERSION: Bump version up to 4.1.20...
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-1-test
- Log -----------------------------------------------------------------
commit 7434e77e6f899d8fb88a25360ba06bdc281236ac
Author: Michael Adam <obnox@samba.org>
Date: Thu Apr 23 10:38:15 2015 +0200
docs: overhaul the description of "smb encrypt" to include SMB3 encryption.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11366
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Apr 24 00:53:20 CEST 2015 on sn-devel-104
(cherry picked from commit 51ae17b0703eaa481d602ffc7d8231a629fcb5fd)
Autobuild-User(v4-1-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-1-test): Tue Jun 30 04:18:41 CEST 2015 on sn-devel-104
commit 972a97bc9f37253d0db32216dabef87c67ca5723
Author: Andrew Bartlett <abartlet@samba.org>
Date: Thu Jan 9 14:34:05 2014 +1300
docs: Change smb encrypt default in docs to match s3 and lib/param
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11366
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit dba465b6c72c76781e8ca3909233d07028f99724)
commit 290c1ae0ff8dc75fa06e5463d55987918ee3c999
Author: Jeremy Allison <jra@samba.org>
Date: Thu Jun 18 10:21:07 2015 -0700
s3: smbd: Codenomicon crash in do_smb_load_module().
Inside api_pipe_bind_req() we look for a pipe module name using
dcerpc_default_transport_endpoint(pkt,
NCACN_NP, table)
which returns NULL when given invalid pkt data from the Codenomicon fuzzer.
This gets passed directly to smb_probe_module(), which then calls
do_smb_load_module() which tries to deref the (NULL) module name.
https://bugzilla.samba.org/show_bug.cgi?id=11342
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun 18 22:14:01 CEST 2015 on sn-devel-104
(cherry picked from commit 5a82cc21379e3fe28441cd82647313c9390b41e7)
commit 81dde5e1e3692b86d04084f1a5ca9c842172f7d3
Author: Stefan Metzmacher <metze@samba.org>
Date: Wed Jun 24 11:46:33 2015 +0200
s3:winbindd: make sure we pass a valid server to \
rpccli_netlogon_sam_network_logon*()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11081
Signed-off-by: Stefan Metzmacher <metze@samba.org>
commit e700e9d4312a77066b344a763b2f05be7190e257
Author: Jeremy Allison <jra@samba.org>
Date: Wed Jun 17 10:23:30 2015 -0700
s3: smbd: Use separate flag to track become_root()/unbecome_root() state.
Early function exit can mean backup_priv is set but we haven't called
become_root(). *Lots* of work by the reviewers went in to checking this
isn't a security issue.
Found by Codenomicon at the Redmond plugfest.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11339
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun 25 22:14:58 CEST 2015 on sn-devel-104
(cherry picked from commit e2c4b8967d33b610f9f076c614352e4b8fc7c558)
commit af4617aea187d701d1f43cc5faefd0f2302f60f3
Author: Christian Ambach <ambi@samba.org>
Date: Mon Jun 8 23:48:54 2015 +0200
s3:param/loadparm fix testparm --show-all-parameters
it didn't know about the new types of config parameters
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11170
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Jun 9 11:49:18 CEST 2015 on sn-devel-104
-----------------------------------------------------------------------
Summary of changes:
docs-xml/smbdotconf/security/smbencrypt.xml | 234 ++++++++++++++++++++++++----
lib/util/modules.c | 5 +
source3/param/loadparm.c | 2 +-
source3/smbd/trans2.c | 8 +-
source3/winbindd/winbindd_pam.c | 7 +-
5 files changed, 214 insertions(+), 42 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/smbdotconf/security/smbencrypt.xml \
b/docs-xml/smbdotconf/security/smbencrypt.xml index 51079ae..14b32c2 100644
--- a/docs-xml/smbdotconf/security/smbencrypt.xml
+++ b/docs-xml/smbdotconf/security/smbencrypt.xml
@@ -4,41 +4,207 @@
basic="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
+ <para>
+ This parameter controls whether a remote client is allowed or required
+ to use SMB encryption. It has different effects depending on whether
+ the connection uses SMB1 or SMB2 and newer:
+ </para>
- <para>This is a new feature introduced with Samba 3.2 and above. It is an
- extension to the SMB/CIFS protocol negotiated as part of the UNIX extensions.
- SMB encryption uses the GSSAPI (SSPI on Windows) ability to encrypt
- and sign every request/response in a SMB protocol stream. When
- enabled it provides a secure method of SMB/CIFS communication,
- similar to an ssh protected session, but using SMB/CIFS authentication
- to negotiate encryption and signing keys. Currently this is only
- supported by Samba 3.2 smbclient, and hopefully soon Linux CIFSFS
- and MacOS/X clients. Windows clients do not support this feature.
- </para>
-
- <para>This controls whether the remote client is allowed or required to use SMB \
encryption. Possible values
- are <emphasis>auto</emphasis>, <emphasis>mandatory</emphasis>
- and <emphasis>disabled</emphasis>. This may be set on a per-share
- basis, but clients may chose to encrypt the entire session, not
- just traffic to a specific share. If this is set to mandatory
- then all traffic to a share <emphasis>must</emphasis>
- be encrypted once the connection has been made to the share.
- The server would return "access denied" to all non-encrypted
- requests on such a share. Selecting encrypted traffic reduces
- throughput as smaller packet sizes must be used (no huge UNIX
- style read/writes allowed) as well as the overhead of encrypting
- and signing all the data.
- </para>
-
- <para>If SMB encryption is selected, Windows style SMB signing (see
- the <smbconfoption name="server signing"/> option) is no longer necessary,
- as the GSSAPI flags use select both signing and sealing of the data.
- </para>
-
- <para>When set to auto, SMB encryption is offered, but not enforced.
- When set to mandatory, SMB encryption is required and if set
- to disabled, SMB encryption can not be negotiated.</para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ If the connection uses SMB1, then this option controls the use
+ of a Samba-specific extension to the SMB protocol introduced in
+ Samba 3.2 that makes use of the Unix extensions.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ If the connection uses SMB2 or newer, then this option controls
+ the use of the SMB-level encryption that is supported in SMB
+ version 3.0 and above and available in Windows 8 and newer.
+ </para>
+ </listitem>
+ </itemizedlist>
+
+ <para>
+ This parameter can be set globally and on a per-share bases.
+ Possible values are
+ <emphasis>off</emphasis> or <emphasis>disabled</emphasis>,
+ <emphasis>auto</emphasis> or <emphasis>enabled</emphasis>, and
+ <emphasis>mandatory</emphasis> or <emphasis>required</emphasis>.
+ A special value is <emphasis>default</emphasis> which is
+ the implicit default setting.
+ </para>
+
+ <variablelist>
+ <varlistentry>
+ <term><emphasis>Effects for SMB1</emphasis></term>
+ <listitem>
+ <para>
+ The Samba-specific encryption of SMB1 connections is an
+ extension to the SMB protocol negotiated as part of the UNIX
+ extensions. SMB encryption uses the GSSAPI (SSPI on Windows)
+ ability to encrypt and sign every request/response in a SMB
+ protocol stream. When enabled it provides a secure method of
+ SMB/CIFS communication, similar to an ssh protected session, but
+ using SMB/CIFS authentication to negotiate encryption and
+ signing keys. Currently this is only supported smbclient of by
+ Samba 3.2 and newer, and hopefully soon Linux CIFSFS and MacOS/X
+ clients. Windows clients do not support this feature.
+ </para>
+
+ <para>This may be set on a per-share
+ basis, but clients may chose to encrypt the entire session, not
+ just traffic to a specific share. If this is set to mandatory
+ then all traffic to a share <emphasis>must</emphasis>
+ be encrypted once the connection has been made to the share.
+ The server would return "access denied" to all non-encrypted
+ requests on such a share. Selecting encrypted traffic reduces
+ throughput as smaller packet sizes must be used (no huge UNIX
+ style read/writes allowed) as well as the overhead of encrypting
+ and signing all the data.
+ </para>
+
+ <para>
+ If SMB encryption is selected, Windows style SMB signing (see
+ the <smbconfoption name="server signing"/> option) is no longer
+ necessary, as the GSSAPI flags use select both signing and
+ sealing of the data.
+ </para>
+
+ <para>
+ When set to auto or default, SMB encryption is offered, but not
+ enforced. When set to mandatory, SMB encryption is required and
+ if set to disabled, SMB encryption can not be negotiated.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><emphasis>Effects for SMB2</emphasis></term>
+ <listitem>
+ <para>
+ Native SMB transport encryption is available in SMB version 3.0
+ or newer. It is only offered by Samba if
+ <emphasis>server max protocol</emphasis> is set to
+ <emphasis>SMB3</emphasis> or newer.
+ Clients supporting this type of encryption include
+ Windows 8 and newer,
+ Windows server 2012 and newer,
+ and smbclient of Samba 4.1 and newer.
+ </para>
+
+ <para>
+ The protocol implementation offers various options:
+ </para>
+
+ <itemizedlist>
+ <listitem>
+ <para>
+ The capability to perform SMB encryption can be
+ negotiated during prorocol negotiation.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Data encryption can be enabled globally. In that case,
+ an encryption-capable connection will have all traffic
+ in all its sessions encrypted. In particular all share
+ connections will be encrypted.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Data encryption can also be enabled per share if not
+ enabled globally. For an encryption-capable connection,
+ all connections to an encryption-enabled share will be
+ encrypted.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Encryption can be enforced. This means that session
+ setups will be denied on non-encryption-capable
+ connections if data encryption has been enabled
+ globally. And tree connections will be denied for
+ non-encryption capable connections to shares with data
+ encryption enabled.
+ </para>
+ </listitem>
+ </itemizedlist>
+
+ <para>
+ These features can be crontrolled with settings of
+ <emphasis>smb encrypt</emphasis> as follows:
+ </para>
+
+ <itemizedlist>
+ <listitem>
+ <para>
+ Leaving it as default or explicitly setting
+ <emphasis>default</emphasis> globally will enable
+ negotiation of encryption but will not turn on
+ data encryption globally or per share.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Setting it to <emphasis>enabled</emphasis> globally will
+ enable negotiation and turn on data encryption globally.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Setting it to <emphasis>required</emphasis> globally
+ will enable negotiation and enforce data encryption
+ globally.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Setting it to <emphasis>off</emphasis> globally will
+ completely disable the encryption feature.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Setting it to <emphasis>enabled</emphasis> on a share
+ will turn on data encryption for this share if
+ negotiation has been enabled globally.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Setting it to <emphasis>required</emphasis> on a share
+ will enforce data encryption for this share if
+ negotiation has been enabled globally. Note that this
+ allows enforcing to be controlled in Samba more
+ fine-grainedly than in Windows. This is a small
+ deviation from the MS-SMB2 protocol document.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Setting it to <emphasis>off</emphasis> for a share has
+ no effect.
+ </para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+ </varlistentry>
+ </variablelist>
</description>
-<value type="default">auto</value>
+<value type="default">default</value>
</samba:parameter>
diff --git a/lib/util/modules.c b/lib/util/modules.c
index 828f33a..1f00dd8 100644
--- a/lib/util/modules.c
+++ b/lib/util/modules.c
@@ -161,6 +161,11 @@ static NTSTATUS do_smb_load_module(const char *subsystem,
char *full_path = NULL;
TALLOC_CTX *ctx = talloc_stackframe();
+ if (module_name == NULL) {
+ TALLOC_FREE(ctx);
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
/* Check for absolute path */
DEBUG(5, ("%s module '%s'\n", is_probe ? "Probing" : "Loading", module_name));
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 4b31023..bed39a4 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -2030,7 +2030,7 @@ static void show_parameter(int parmIndex)
bool inverse;
const char *type[] = { "P_BOOL", "P_BOOLREV", "P_CHAR", "P_INTEGER",
"P_OCTAL", "P_LIST", "P_STRING", "P_USTRING",
- "P_ENUM", "P_SEP"};
+ "P_ENUM", "P_BYTES", "P_CMDLIST", "P_SEP" };
unsigned flags[] = { FLAG_BASIC, FLAG_SHARE, FLAG_PRINT, FLAG_GLOBAL,
FLAG_WIZARD, FLAG_ADVANCED, FLAG_DEVELOPER, FLAG_DEPRECATED,
FLAG_HIDE};
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 2f2bbf6..a6a8b5d 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -2363,6 +2363,7 @@ static void call_trans2findfirst(connection_struct *conn,
struct smbd_server_connection *sconn = req->sconn;
uint32_t ucf_flags = (UCF_SAVE_LCOMP | UCF_ALWAYS_ALLOW_WCARD_LCOMP);
bool backup_priv = false;
+ bool as_root = false;
if (total_params < 13) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
@@ -2428,6 +2429,7 @@ close_if_end = %d requires_resume_key = %d backup_priv = %d \
level = 0x%x, max_da
if (backup_priv) {
become_root();
+ as_root = true;
ntstatus = filename_convert_with_privilege(ctx,
conn,
req,
@@ -2683,7 +2685,7 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, \
(unsigned int)IVAL(pd }
out:
- if (backup_priv) {
+ if (as_root) {
unbecome_root();
}
@@ -2737,6 +2739,7 @@ static void call_trans2findnext(connection_struct *conn,
struct dptr_struct *dirptr;
struct smbd_server_connection *sconn = req->sconn;
bool backup_priv = false;
+ bool as_root = false;
if (total_params < 13) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
@@ -2905,6 +2908,7 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, \
(unsigned int)IVAL(pd
if (backup_priv) {
become_root();
+ as_root = true;
}
/*
@@ -2996,7 +3000,7 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, \
(unsigned int)IVAL(pd dptr_close(sconn, &dptr_num); /* This frees up the saved mask \
*/ }
- if (backup_priv) {
+ if (as_root) {
unbecome_root();
}
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index c356686..10d30d2 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1212,7 +1212,6 @@ static NTSTATUS winbindd_dual_auth_passdb(TALLOC_CTX *mem_ctx,
static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
uint32_t logon_parameters,
- const char *server,
const char *username,
const char *domainname,
const char *workstation,
@@ -1336,7 +1335,7 @@ static NTSTATUS winbind_samlogon_retry_loop(struct \
winbindd_domain *domain, netlogon_pipe,
mem_ctx,
logon_parameters,
- server, /* server name */
+ domain->dcname, /* server name */
username, /* user name */
domainname, /* target domain */
workstation, /* workstation */
@@ -1350,7 +1349,7 @@ static NTSTATUS winbind_samlogon_retry_loop(struct \
winbindd_domain *domain, netlogon_pipe,
mem_ctx,
logon_parameters,
- server, /* server name */
+ domain->dcname, /* server name */
username, /* user name */
domainname, /* target domain */
workstation, /* workstation */
@@ -1513,7 +1512,6 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(TALLOC_CTX \
*mem_ctx, result = winbind_samlogon_retry_loop(domain,
mem_ctx,
0,
- domain->dcname,
name_user,
name_domain,
lp_netbios_name(),
@@ -1936,7 +1934,6 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct \
winbindd_domain *domain, result = winbind_samlogon_retry_loop(domain,
state->mem_ctx,
state->request->data.auth_crap.logon_parameters,
- domain->dcname,
name_user,
name_domain,
/* Bug #3248 - found by Stefan Burkei. */
--
Samba Shared Repository
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic