diff --git a/samba-4.12.0-winexe.patch b/samba-4.12.0-winexe.patch new file mode 100644 index 0000000..b5ae3bb --- /dev/null +++ b/samba-4.12.0-winexe.patch @@ -0,0 +1,438 @@ +From a1fdd83ab776f981e992c3f2fc8c341d6b37a0d4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?G=C3=BCnther=20Deschner?= +Date: Thu, 5 Mar 2020 22:45:48 +0100 +Subject: [PATCH 1/3] s4-torture: add rpc test for ChangeServiceConfigW + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=14313 + +Guenther + +Signed-off-by: Guenther Deschner +Reviewed-by: Andreas Schneider +(cherry picked from commit 0825324bc75d2ab10164a1f137be782d84c822b8) +--- + selftest/knownfail | 3 ++ + source4/torture/rpc/svcctl.c | 78 +++++++++++++++++++++++++++++++++++- + 2 files changed, 80 insertions(+), 1 deletion(-) + +diff --git a/selftest/knownfail b/selftest/knownfail +index c9ef0851172..20441c078b4 100644 +--- a/selftest/knownfail ++++ b/selftest/knownfail +@@ -234,6 +234,9 @@ + ^samba3.rpc.eventlog.eventlog.GetNumRecords\(ad_dc\) + ^samba3.rpc.eventlog.eventlog.OpenEventLog\(ad_dc\) + ^samba3.rap.basic.netsessiongetinfo\(ad_dc\) ++# not implemented ++^samba3.rpc.svcctl.svcctl.ChangeServiceConfigW\(ad_dc\) ++^samba3.rpc.svcctl.svcctl.ChangeServiceConfigW\(nt4_dc\) + # + # This makes less sense when not running against an AD DC + # +diff --git a/source4/torture/rpc/svcctl.c b/source4/torture/rpc/svcctl.c +index ebb2bc6ad0e..bd16ed4627d 100644 +--- a/source4/torture/rpc/svcctl.c ++++ b/source4/torture/rpc/svcctl.c +@@ -3,7 +3,7 @@ + test suite for svcctl rpc operations + + Copyright (C) Jelmer Vernooij 2004 +- Copyright (C) Guenther Deschner 2008,2009 ++ Copyright (C) Guenther Deschner 2008,2009,2020 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by +@@ -623,6 +623,80 @@ static bool test_SCManager(struct torture_context *tctx, + return true; + } + ++static bool test_ChangeServiceConfigW(struct torture_context *tctx, ++ struct dcerpc_pipe *p) ++{ ++ struct svcctl_ChangeServiceConfigW r; ++ struct svcctl_QueryServiceConfigW q; ++ struct policy_handle h, s; ++ NTSTATUS status; ++ struct dcerpc_binding_handle *b = p->binding_handle; ++ struct QUERY_SERVICE_CONFIG query; ++ bool ok; ++ ++ uint32_t offered = 0; ++ uint32_t needed = 0; ++ ++ ok = test_OpenSCManager(b, tctx, &h); ++ if (!ok) { ++ return false; ++ } ++ ++ ok = test_OpenService(b, tctx, &h, TORTURE_DEFAULT_SERVICE, &s); ++ if (!ok) { ++ return false; ++ } ++ ++ q.in.handle = &s; ++ q.in.offered = offered; ++ q.out.query = &query; ++ q.out.needed = &needed; ++ ++ status = dcerpc_svcctl_QueryServiceConfigW_r(b, tctx, &q); ++ torture_assert_ntstatus_ok(tctx, status, "QueryServiceConfigW failed!"); ++ ++ if (W_ERROR_EQUAL(q.out.result, WERR_INSUFFICIENT_BUFFER)) { ++ q.in.offered = needed; ++ status = dcerpc_svcctl_QueryServiceConfigW_r(b, tctx, &q); ++ torture_assert_ntstatus_ok(tctx, status, "QueryServiceConfigW failed!"); ++ } ++ torture_assert_werr_ok(tctx, q.out.result, "QueryServiceConfigW failed!"); ++ ++ r.in.handle = &s; ++ r.in.type = query.service_type; ++ r.in.start_type = query.start_type; ++ r.in.error_control = query.error_control; ++ ++ /* ++ * according to MS-SCMR 3.1.4.11 NULL params are supposed to leave the ++ * existing values intact. ++ */ ++ ++ r.in.binary_path = NULL; ++ r.in.load_order_group = NULL; ++ r.in.dependencies = NULL; ++ r.in.service_start_name = NULL; ++ r.in.password = NULL; ++ r.in.display_name = NULL; ++ r.out.tag_id = NULL; ++ ++ status = dcerpc_svcctl_ChangeServiceConfigW_r(b, tctx, &r); ++ torture_assert_ntstatus_ok(tctx, status, "ChangeServiceConfigW failed!"); ++ torture_assert_werr_ok(tctx, r.out.result, "ChangeServiceConfigW failed!"); ++ ++ ok = test_CloseServiceHandle(b, tctx, &s); ++ if (!ok) { ++ return false; ++ } ++ ++ ok = test_CloseServiceHandle(b, tctx, &h); ++ if (!ok) { ++ return false; ++ } ++ ++ return true; ++} ++ + struct torture_suite *torture_rpc_svcctl(TALLOC_CTX *mem_ctx) + { + struct torture_suite *suite = torture_suite_create(mem_ctx, "svcctl"); +@@ -652,6 +726,8 @@ struct torture_suite *torture_rpc_svcctl(TALLOC_CTX *mem_ctx) + test_StartServiceW); + torture_rpc_tcase_add_test(tcase, "ControlService", + test_ControlService); ++ torture_rpc_tcase_add_test(tcase, "ChangeServiceConfigW", ++ test_ChangeServiceConfigW); + + return suite; + } +-- +2.24.1 + + +From 1168f1c392b3e315b5a4af9be793b93234420786 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?G=C3=BCnther=20Deschner?= +Date: Thu, 5 Mar 2020 20:42:21 +0100 +Subject: [PATCH 2/3] s4-torture: add ndr svcctl testsuite + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=14313 + +Guenther + +Signed-off-by: Guenther Deschner +Reviewed-by: Andreas Schneider +(cherry picked from commit c3fa0b2df9fc53dddcc3160b6a3dc751bbb389a4) +--- + librpc/idl/svcctl.idl | 2 +- + selftest/knownfail | 5 +++ + source4/torture/ndr/ndr.c | 1 + + source4/torture/ndr/svcctl.c | 85 +++++++++++++++++++++++++++++++++++ + source4/torture/wscript_build | 1 + + 5 files changed, 93 insertions(+), 1 deletion(-) + create mode 100644 source4/torture/ndr/svcctl.c + +diff --git a/librpc/idl/svcctl.idl b/librpc/idl/svcctl.idl +index 671a1dc47be..e909bf2dbed 100644 +--- a/librpc/idl/svcctl.idl ++++ b/librpc/idl/svcctl.idl +@@ -188,7 +188,7 @@ import "misc.idl", "security.idl"; + SVCCTL_DISABLED = 0x00000004 + } svcctl_StartType; + +- WERROR svcctl_ChangeServiceConfigW( ++ [public] WERROR svcctl_ChangeServiceConfigW( + [in,ref] policy_handle *handle, + [in] uint32 type, + [in] svcctl_StartType start_type, +diff --git a/selftest/knownfail b/selftest/knownfail +index 20441c078b4..c5d4cdd9419 100644 +--- a/selftest/knownfail ++++ b/selftest/knownfail +@@ -237,6 +237,11 @@ + # not implemented + ^samba3.rpc.svcctl.svcctl.ChangeServiceConfigW\(ad_dc\) + ^samba3.rpc.svcctl.svcctl.ChangeServiceConfigW\(nt4_dc\) ++# broken IDL ++^samba4.local.ndr.svcctl_ChangeServiceConfigW_NDR_IN ++^samba4.local.ndr.svcctl_ChangeServiceConfigW_NDR_OUT ++^samba4.local.ndr.system.iconv.svcctl_ChangeServiceConfigW_NDR_IN ++^samba4.local.ndr.system.iconv.svcctl_ChangeServiceConfigW_NDR_OUT + # + # This makes less sense when not running against an AD DC + # +diff --git a/source4/torture/ndr/ndr.c b/source4/torture/ndr/ndr.c +index 32efe90757d..690301f31b1 100644 +--- a/source4/torture/ndr/ndr.c ++++ b/source4/torture/ndr/ndr.c +@@ -708,6 +708,7 @@ struct torture_suite *torture_local_ndr(TALLOC_CTX *mem_ctx) + torture_suite_add_suite(suite, ndr_krb5pac_suite(suite)); + torture_suite_add_suite(suite, ndr_cabinet_suite(suite)); + torture_suite_add_suite(suite, ndr_charset_suite(suite)); ++ torture_suite_add_suite(suite, ndr_svcctl_suite(suite)); + + torture_suite_add_simple_test(suite, "string terminator", + test_check_string_terminator); +diff --git a/source4/torture/ndr/svcctl.c b/source4/torture/ndr/svcctl.c +new file mode 100644 +index 00000000000..1c9404597cd +--- /dev/null ++++ b/source4/torture/ndr/svcctl.c +@@ -0,0 +1,85 @@ ++/* ++ Unix SMB/CIFS implementation. ++ test suite for svcctl ndr operations ++ ++ Copyright (C) Guenther Deschner 2020 ++ ++ This program is free software; you can redistribute it and/or modify ++ it under the terms of the GNU General Public License as published by ++ the Free Software Foundation; either version 3 of the License, or ++ (at your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License ++ along with this program. If not, see . ++*/ ++ ++#include "includes.h" ++#include "torture/ndr/ndr.h" ++#include "librpc/gen_ndr/ndr_svcctl.h" ++#include "torture/ndr/proto.h" ++#include "param/param.h" ++ ++static const uint8_t svcctl_ChangeServiceConfigW_req_data[] = { ++ 0x00, 0x00, 0x00, 0x00, 0xcd, 0x94, 0x05, 0x40, 0x30, 0x28, 0x00, 0x49, ++ 0x8d, 0xe4, 0x8e, 0x85, 0xb7, 0x19, 0x5c, 0x83, 0x10, 0x01, 0x00, 0x00, ++ 0x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ++}; ++ ++static bool svcctl_ChangeServiceConfigW_req_check(struct torture_context *tctx, ++ struct svcctl_ChangeServiceConfigW *r) ++{ ++ struct policy_handle handle = { 0 }; ++ GUID_from_string("400594cd-2830-4900-8de4-8e85b7195c83", &handle.uuid); ++ ++ torture_assert_guid_equal(tctx, r->in.handle->uuid, handle.uuid, "handle"); ++ torture_assert_u32_equal(tctx, r->in.type, 0x00000110, "type"); ++ torture_assert_u32_equal(tctx, r->in.start_type, SVCCTL_AUTO_START, "start_type"); ++ torture_assert_u32_equal(tctx, r->in.error_control, SVCCTL_SVC_ERROR_NORMAL, "error_control"); ++ torture_assert_str_equal(tctx, r->in.binary_path, NULL, "binary_path"); ++ torture_assert_str_equal(tctx, r->in.load_order_group, NULL, "load_order_group"); ++ torture_assert_str_equal(tctx, r->in.dependencies, NULL, "dependencies"); ++ torture_assert_str_equal(tctx, r->in.service_start_name, NULL, "service_start_name"); ++ torture_assert_str_equal(tctx, r->in.password, NULL, "password"); ++ torture_assert_str_equal(tctx, r->in.display_name, NULL, "display_name"); ++ ++ return true; ++} ++ ++static const uint8_t svcctl_ChangeServiceConfigW_rep_data[] = { ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ++}; ++ ++static bool svcctl_ChangeServiceConfigW_rep_check(struct torture_context *tctx, ++ struct svcctl_ChangeServiceConfigW *r) ++{ ++ torture_assert(tctx, r->out.tag_id == NULL, "tag_id"); ++ torture_assert_werr_ok(tctx, r->out.result, "result"); ++ ++ return true; ++} ++ ++struct torture_suite *ndr_svcctl_suite(TALLOC_CTX *ctx) ++{ ++ struct torture_suite *suite = torture_suite_create(ctx, "svcctl"); ++ ++ torture_suite_add_ndr_pull_fn_test(suite, ++ svcctl_ChangeServiceConfigW, ++ svcctl_ChangeServiceConfigW_req_data, ++ NDR_IN, ++ svcctl_ChangeServiceConfigW_req_check); ++ ++ torture_suite_add_ndr_pull_fn_test(suite, ++ svcctl_ChangeServiceConfigW, ++ svcctl_ChangeServiceConfigW_rep_data, ++ NDR_OUT, ++ svcctl_ChangeServiceConfigW_rep_check); ++ return suite; ++} +diff --git a/source4/torture/wscript_build b/source4/torture/wscript_build +index 65af160b322..05a6fbcbf14 100644 +--- a/source4/torture/wscript_build ++++ b/source4/torture/wscript_build +@@ -71,6 +71,7 @@ bld.SAMBA_SUBSYSTEM('TORTURE_NDR', + ndr/winspool.c + ndr/cabinet.c + ndr/charset.c ++ ndr/svcctl.c + ''', + autoproto='ndr/proto.h', + deps='torture krb5samba', +-- +2.24.1 + + +From 28d86d48adfee6c1d03ea192b69be87a0b9ce400 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?G=C3=BCnther=20Deschner?= +Date: Wed, 4 Mar 2020 15:23:43 +0100 +Subject: [PATCH 3/3] librpc: fix IDL for svcctl_ChangeServiceConfigW + +Found while trying to run winexe against Windows Server 2019. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=14313 + +Guenther + +Signed-off-by: Guenther Deschner +Reviewed-by: Andreas Schneider +(cherry picked from commit ebda529b59105e9b70cc74377fe4d54cc16b4f37) +--- + examples/winexe/winexe.c | 2 ++ + librpc/idl/svcctl.idl | 23 ++++++++++++++++++----- + selftest/knownfail | 5 ----- + source4/torture/ndr/svcctl.c | 3 +++ + source4/torture/rpc/svcctl.c | 3 +++ + 5 files changed, 26 insertions(+), 10 deletions(-) + +diff --git a/examples/winexe/winexe.c b/examples/winexe/winexe.c +index 22f748b1d45..fc6b15f8e52 100644 +--- a/examples/winexe/winexe.c ++++ b/examples/winexe/winexe.c +@@ -625,8 +625,10 @@ static NTSTATUS winexe_svc_install( + NULL, /* load_order_group */ + NULL, /* tag_id */ + NULL, /* dependencies */ ++ 0, /* dwDependSize */ + NULL, /* service_start_name */ + NULL, /* password */ ++ 0, /* dwPwSize */ + NULL, /* display_name */ + &werr); + +diff --git a/librpc/idl/svcctl.idl b/librpc/idl/svcctl.idl +index e909bf2dbed..a9dd3dec990 100644 +--- a/librpc/idl/svcctl.idl ++++ b/librpc/idl/svcctl.idl +@@ -13,6 +13,17 @@ import "misc.idl", "security.idl"; + helpstring("Service Control") + ] interface svcctl + { ++ const int MAX_SERVICE_NAME_LENGTH = 256; ++ const short SC_MAX_DEPEND_SIZE = 4 * 1024; ++ const short SC_MAX_NAME_LENGTH = MAX_SERVICE_NAME_LENGTH + 1; ++ const short SC_MAX_PATH_LENGTH = 32 * 1024; ++ const short SC_MAX_PWD_SIZE = 514; ++ const short SC_MAX_COMPUTER_NAME_LENGTH = 1024; ++ const short SC_MAX_ACCOUNT_NAME_LENGTH = 2 * 1024; ++ const short SC_MAX_COMMENT_LENGTH = 128; ++ const short SC_MAX_ARGUMENT_LENGTH = 1024; ++ const short SC_MAX_ARGUMENTS = 1024; ++ + typedef struct { + uint32 is_locked; + [string,charset(UTF16)] uint16 *lock_owner; +@@ -195,11 +206,13 @@ import "misc.idl", "security.idl"; + [in] svcctl_ErrorControl error_control, + [in,unique] [string,charset(UTF16)] uint16 *binary_path, + [in,unique] [string,charset(UTF16)] uint16 *load_order_group, +- [out,ref] uint32 *tag_id, +- [in,unique] [string,charset(UTF16)] uint16 *dependencies, +- [in,unique] [string,charset(UTF16)] uint16 *service_start_name, +- [in,unique] [string,charset(UTF16)] uint16 *password, +- [in,unique] [string,charset(UTF16)] uint16 *display_name ++ [in,out,unique] uint32 *tag_id, ++ [in,unique,size_is(dwDependSize)] [string,charset(UTF16)] uint16 *dependencies, ++ [in,range(0, SC_MAX_DEPEND_SIZE)] uint32 dwDependSize, ++ [in,unique,range(0, SC_MAX_ACCOUNT_NAME_LENGTH)] [string,charset(UTF16)] uint16 *service_start_name, ++ [in,unique,size_is(dwPwSize)] [string,charset(UTF16)] uint16 *password, ++ [in,range(0, SC_MAX_PWD_SIZE)] uint32 dwPwSize, ++ [in,unique,range(0, SC_MAX_NAME_LENGTH)] [string,charset(UTF16)] uint16 *display_name + ); + + /*****************/ +diff --git a/selftest/knownfail b/selftest/knownfail +index c5d4cdd9419..20441c078b4 100644 +--- a/selftest/knownfail ++++ b/selftest/knownfail +@@ -237,11 +237,6 @@ + # not implemented + ^samba3.rpc.svcctl.svcctl.ChangeServiceConfigW\(ad_dc\) + ^samba3.rpc.svcctl.svcctl.ChangeServiceConfigW\(nt4_dc\) +-# broken IDL +-^samba4.local.ndr.svcctl_ChangeServiceConfigW_NDR_IN +-^samba4.local.ndr.svcctl_ChangeServiceConfigW_NDR_OUT +-^samba4.local.ndr.system.iconv.svcctl_ChangeServiceConfigW_NDR_IN +-^samba4.local.ndr.system.iconv.svcctl_ChangeServiceConfigW_NDR_OUT + # + # This makes less sense when not running against an AD DC + # +diff --git a/source4/torture/ndr/svcctl.c b/source4/torture/ndr/svcctl.c +index 1c9404597cd..6592beda02e 100644 +--- a/source4/torture/ndr/svcctl.c ++++ b/source4/torture/ndr/svcctl.c +@@ -45,9 +45,12 @@ static bool svcctl_ChangeServiceConfigW_req_check(struct torture_context *tctx, + torture_assert_u32_equal(tctx, r->in.error_control, SVCCTL_SVC_ERROR_NORMAL, "error_control"); + torture_assert_str_equal(tctx, r->in.binary_path, NULL, "binary_path"); + torture_assert_str_equal(tctx, r->in.load_order_group, NULL, "load_order_group"); ++ torture_assert(tctx, r->in.tag_id == NULL, "tag_id"); + torture_assert_str_equal(tctx, r->in.dependencies, NULL, "dependencies"); ++ torture_assert_u32_equal(tctx, r->in.dwDependSize, 0, "dwDependSize"); + torture_assert_str_equal(tctx, r->in.service_start_name, NULL, "service_start_name"); + torture_assert_str_equal(tctx, r->in.password, NULL, "password"); ++ torture_assert_u32_equal(tctx, r->in.dwPwSize, 0, "dwPwSize"); + torture_assert_str_equal(tctx, r->in.display_name, NULL, "display_name"); + + return true; +diff --git a/source4/torture/rpc/svcctl.c b/source4/torture/rpc/svcctl.c +index bd16ed4627d..746b399360e 100644 +--- a/source4/torture/rpc/svcctl.c ++++ b/source4/torture/rpc/svcctl.c +@@ -675,9 +675,12 @@ static bool test_ChangeServiceConfigW(struct torture_context *tctx, + r.in.binary_path = NULL; + r.in.load_order_group = NULL; + r.in.dependencies = NULL; ++ r.in.dwDependSize = 0; + r.in.service_start_name = NULL; + r.in.password = NULL; ++ r.in.dwPwSize = 0; + r.in.display_name = NULL; ++ r.in.tag_id = NULL; + r.out.tag_id = NULL; + + status = dcerpc_svcctl_ChangeServiceConfigW_r(b, tctx, &r); +-- +2.24.1 + diff --git a/samba.spec b/samba.spec index 96a9ffe..6ea36db 100644 --- a/samba.spec +++ b/samba.spec @@ -8,7 +8,7 @@ %define samba_requires_eq() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version}\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not") -%define main_release 4 +%define main_release 5 %define samba_version 4.12.0 %define talloc_version 2.3.1 @@ -83,6 +83,11 @@ %global with_clustering_support 1 %endif +%global with_winexe 1 +%if 0%{?rhel} +%global with_winexe 0 +%endif + %global _systemd_extra "Environment=KRB5CCNAME=FILE:/run/samba/krb5cc_samba" Name: samba @@ -120,6 +125,7 @@ Source14: samba.pamd Source201: README.downgrade Patch100: new_mit_118.patch +Patch101: samba-4.12.0-winexe.patch Requires(pre): /usr/sbin/groupadd Requires(post): systemd @@ -182,6 +188,10 @@ BuildRequires: libtirpc-devel BuildRequires: libuuid-devel BuildRequires: libxslt BuildRequires: lmdb +%if %{with_winexe} +BuildRequires: mingw32-gcc +BuildRequires: mingw64-gcc +%endif BuildRequires: ncurses-devel BuildRequires: openldap-devel BuildRequires: pam-devel @@ -732,6 +742,16 @@ Requires: pam The samba-winbind-modules package provides the NSS library and a PAM module necessary to communicate to the Winbind Daemon +### WINEXE +%if %{with_winexe} +%package winexe +Summary: Samba Winexe Windows Binary +License: GPLv3 + +%description winexe +Winexe is a Remote Windows®-command executor +%endif + ### CTDB %if %with_clustering_support %package -n ctdb @@ -869,6 +889,9 @@ export LDFLAGS="%{__global_ldflags} -fuse-ld=gold" %endif %if %{with testsuite} --enable-selftest \ +%endif +%if ! %with_winexe + --without-winexe \ %endif --with-systemd \ --systemd-install-services \ @@ -3530,9 +3553,16 @@ fi #endif with_clustering_support %endif +%if %{with_winexe} +### WINEXE +%files winexe +%{_bindir}/winexe +%endif + %changelog -* Tue Mar 10 2020 Guenther Deschner - 4.12.0-4 +* Tue Mar 10 2020 Guenther Deschner - 4.12.0-5 - Add build requirement for perl-FindBin +- resolves: #1661213 - Add winexe subpackage for remote windows command execution * Tue Mar 03 2020 Guenther Deschner - 4.12.0-3 - Update to Samba 4.12.0