[SCM] Samba Shared Repository - branch v4-0-test updated

Karolin Seeger kseeger at samba.org
Tue Apr 30 03:17:05 MDT 2013 

The branch, v4-0-test has been updated
       via  ae3aa28 BUG 9817: Fix 'map untrusted to domain' with NTLMv2.
       via  ad6f289 bug 9830: fix panic in nt_printer_publish_ads
       via  6886a68 s3:librpc: add support for PFC_FLAG_OBJECT_UUID when parsing packets (bug #9382)
      from  7e140cf Ensure the RECVFILE path in vfs_pwrite_data() operates on a blocking socket.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test


- Log -----------------------------------------------------------------
commit ae3aa281ab43f67d4f8337bafdefc08bd44712ea
Author: Andreas Schneider <asn at samba.org>
Date:   Wed Apr 24 15:27:21 2013 +0200

    BUG 9817: Fix 'map untrusted to domain' with NTLMv2.
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Günther Deschner <gd at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    
    Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
    Autobuild-Date(master): Wed Apr 24 17:14:48 CEST 2013 on sn-devel-104
    
    Autobuild-User(v4-0-test): Karolin Seeger <kseeger at samba.org>
    Autobuild-Date(v4-0-test): Tue Apr 30 11:16:19 CEST 2013 on sn-devel-104

commit ad6f2896dc558e7020d2727ed559b71f1c857098
Author: David Disseldorp <ddiss at samba.org>
Date:   Thu Apr 25 16:41:17 2013 +0200

    bug 9830: fix panic in nt_printer_publish_ads
    
    Check for ads_find_machine_acct() errors, to ensure a NULL LDAPMessage
    pointer doesn't get passed to ldap_get_dn().
    
    Signed-off-by: David Disseldorp <ddiss at samba.org>
    Reviewed-By: Günther Deschner <gd at samba.org>

commit 6886a687388c33e48ce3c6caf7bd3cd392d6140e
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Nov 12 10:16:50 2012 +0100

    s3:librpc: add support for PFC_FLAG_OBJECT_UUID when parsing packets (bug #9382)
    
    Now the logic matches the one in dcerpc_read_ncacn_packet_done().
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Michael Adam <obnox at samba.org>
    Reviewed-by: David Disseldorp <ddiss at suse.de>

-----------------------------------------------------------------------

Summary of changes:
 source3/auth/auth_winbind.c         |   10 ++++++++--
 source3/librpc/rpc/dcerpc_helpers.c |    4 ++++
 source3/printing/nt_printing_ads.c  |   10 ++++++++--
 3 files changed, 20 insertions(+), 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c
index d4ace2c..2b5c84d 100644
--- a/source3/auth/auth_winbind.c
+++ b/source3/auth/auth_winbind.c
@@ -62,9 +62,15 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
 	}
 
 	/* Send off request */
-
 	params.account_name	= user_info->client.account_name;
-	params.domain_name	= user_info->mapped.domain_name;
+	/*
+	 * We need to send the domain name from the client to the DC. With
+	 * NTLMv2 the domain name is part of the hashed second challenge,
+	 * if we change the domain name, the DC will fail to verify the
+	 * challenge cause we changed the domain name, this is like a
+	 * man in the middle attack.
+	 */
+	params.domain_name	= user_info->client.domain_name;
 	params.workstation_name	= user_info->workstation_name;
 
 	params.flags		= 0;
diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c
index 5f8c793..d36c2da 100644
--- a/source3/librpc/rpc/dcerpc_helpers.c
+++ b/source3/librpc/rpc/dcerpc_helpers.c
@@ -111,6 +111,10 @@ NTSTATUS dcerpc_pull_ncacn_packet(TALLOC_CTX *mem_ctx,
 		ndr->flags |= LIBNDR_FLAG_BIGENDIAN;
 	}
 
+	if (CVAL(blob->data, DCERPC_PFC_OFFSET) & DCERPC_PFC_FLAG_OBJECT_UUID) {
+		ndr->flags |= LIBNDR_FLAG_OBJECT_PRESENT;
+	}
+
 	ndr_err = ndr_pull_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, r);
 
 	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
diff --git a/source3/printing/nt_printing_ads.c b/source3/printing/nt_printing_ads.c
index b99a972..3a2baf4 100644
--- a/source3/printing/nt_printing_ads.c
+++ b/source3/printing/nt_printing_ads.c
@@ -192,17 +192,23 @@ static WERROR nt_printer_publish_ads(struct messaging_context *msg_ctx,
 	DEBUG(5, ("publishing printer %s\n", printer));
 
 	/* figure out where to publish */
-	ads_find_machine_acct(ads, &res, lp_netbios_name());
+	ads_rc = ads_find_machine_acct(ads, &res, lp_netbios_name());
+	if (!ADS_ERR_OK(ads_rc)) {
+		DEBUG(0, ("failed to find machine account for %s\n",
+			  lp_netbios_name()));
+		TALLOC_FREE(ctx);
+		return WERR_NOT_FOUND;
+	}
 
 	/* We use ldap_get_dn here as we need the answer
 	 * in utf8 to call ldap_explode_dn(). JRA. */
 
 	srv_dn_utf8 = ldap_get_dn((LDAP *)ads->ldap.ld, (LDAPMessage *)res);
+	ads_msgfree(ads, res);
 	if (!srv_dn_utf8) {
 		TALLOC_FREE(ctx);
 		return WERR_SERVER_UNAVAILABLE;
 	}
-	ads_msgfree(ads, res);
 	srv_cn_utf8 = ldap_explode_dn(srv_dn_utf8, 1);
 	if (!srv_cn_utf8) {
 		TALLOC_FREE(ctx);


-- 
Samba Shared Repository

More information about the samba-cvs mailing list