samba.git/source3/winbindd/winbindd_pam_auth_crap.c, branch talloc-2.4.4 Unnamed repository; edit this file 'description' to name the repository. CVE-2022-2127: winbindd: Fix WINBINDD_PAM_AUTH_CRAP length checks 2023-07-21T12:05:35+00:00 Volker Lendecke vl@samba.org 2022-05-20T08:55:23+00:00 b2de71734f09ee4eb80cf70de8a66f628246f2ba With WBFLAG_BIG_NTLMV2_BLOB being set plus lm_resp_len too large you can crash winbind. We don't independently check lm_resp_len sufficiently. Discovered via Coverity ID 1504444 Out-of-bounds access BUG: https://bugzilla.samba.org/show_bug.cgi?id=15072 Signed-off-by: Volker Lendecke <vl@samba.org> 
With WBFLAG_BIG_NTLMV2_BLOB being set plus lm_resp_len too large you
can crash winbind. We don't independently check lm_resp_len
sufficiently.

Discovered via Coverity ID 1504444 Out-of-bounds access

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15072

Signed-off-by: Volker Lendecke <vl@samba.org>
s3:winbind: Convert PAM_AUTH_CRAP from struct based to NDR based 2022-04-30T00:10:34+00:00 Samuel Cabrero scabrero@samba.org 2022-02-25T10:32:14+00:00 c68f21f26f10b60ca1ac294b7294bfbf37c9bb86 Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
s3:winbind: Refactor winbindd_pam_auth_crap_{send,recv} 2022-04-30T00:10:34+00:00 Samuel Cabrero scabrero@samba.org 2022-02-24T17:02:42+00:00 dd69be802085d96af8875f2137a8261231d453b1 The winbindd_dual_pam_auth_crap() will be converted to a local RPC call handler and the winbindd_response won't be filled by the child process but in the parent's winbindd_pam_auth_crap_recv() function. Move all code filling the winbindd_response struct to a common place, winbindd_pam_auth_crap_recv(). Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
The winbindd_dual_pam_auth_crap() will be converted to a local RPC call
handler and the winbindd_response won't be filled by the child process
but in the parent's winbindd_pam_auth_crap_recv() function.

Move all code filling the winbindd_response struct to a common place,
winbindd_pam_auth_crap_recv().

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
s3:winbind: Refactor winbindd_pam_auth_crap_{send,recv} 2022-04-30T00:10:34+00:00 Samuel Cabrero scabrero@samba.org 2022-02-18T14:29:13+00:00 0b4d581d35815e7ddc7d79e1433a5a5888b31e29 Move the code filling the winbindd_response to a common place, winbindd_pam_auth_crap_recv(). Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
Move the code filling the winbindd_response to a common place,
winbindd_pam_auth_crap_recv().

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
s3:winbind: Use temp memory context in winbindd_pam_auth_pac_verify() 2022-04-30T00:10:34+00:00 Samuel Cabrero scabrero@samba.org 2022-02-25T11:11:36+00:00 f8fa3331085877e0e9dff6df1b267818d3f92423 Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
s3:winbind: Move big NTLMv2 blob checks to parent process 2022-04-30T00:10:34+00:00 Samuel Cabrero scabrero@samba.org 2022-02-24T16:48:27+00:00 74a511a8eab72cc82940738a1e20e63e12b81374 The winbindd_dual_pam_auth_crap() function will be converted to a local RPC call handler and it won't receive a winbindd_cli_state struct. Move the checks accessing this struct to the parent. Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
The winbindd_dual_pam_auth_crap() function will be converted to a local
RPC call handler and it won't receive a winbindd_cli_state struct. Move
the checks accessing this struct to the parent.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
s3:winbind: Use uint8_t for authoritative flag 2022-04-30T00:10:34+00:00 Samuel Cabrero scabrero@samba.org 2022-04-18T14:44:23+00:00 efc97296d95a6f00005a9d5313ce37c8db14b5a5 It is the type used in the winbindd_response struct. Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
It is the type used in the winbindd_response struct.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
CVE-2020-25717: s3:winbindd: make sure we default to r->out.authoritative = true 2021-11-09T19:45:32+00:00 Stefan Metzmacher metze@samba.org 2021-10-04T15:29:34+00:00 05587361498ae8131435aca2d8c860e98f605581 We need to make sure that temporary failures don't trigger a fallback to the local SAM that silently ignores the domain name part for users. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
We need to make sure that temporary failures don't trigger a fallback
to the local SAM that silently ignores the domain name part for users.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
lib: give global_contexts.c its own header file 2021-01-08T20:31:33+00:00 Volker Lendecke vl@samba.org 2021-01-03T20:53:49+00:00 d82acf7685fe0b02013794263df61c479162dd92 It's a bit shocking how many references we have to global contexts. Make this a bit more obvious. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
It's a bit shocking how many references we have to global
contexts. Make this a bit more obvious.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
s3: safe_string: do not include string_wrappers.h 2020-08-28T00:56:34+00:00 Matthew DeVore matvore@google.com 2020-08-07T18:17:34+00:00 c2ac923c6a5d089fe110eb3eb6cf78298b46992d Rather than have safe_string.h #include string_wrappers.h, make users of string_wrappers.h include it explicitly. includes.h now no longer includes string_wrappers.h transitively. Still allow includes.h to #include safe_string.h for now so that as many modules as possible get the safety checks in it. Signed-off-by: Matthew DeVore <matvore@google.com> Reviewed-by: David Mulder <dmulder@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
Rather than have safe_string.h #include string_wrappers.h, make users of
string_wrappers.h include it explicitly.

includes.h now no longer includes string_wrappers.h transitively. Still
allow includes.h to #include safe_string.h for now so that as many
modules as possible get the safety checks in it.

Signed-off-by: Matthew DeVore <matvore@google.com>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>