[SCM] Samba Shared Repository - branch v4-0-test updated
Karolin Seeger
kseeger at samba.org
Tue Apr 30 03:17:05 MDT 2013
The branch, v4-0-test has been updated
via ae3aa28 BUG 9817: Fix 'map untrusted to domain' with NTLMv2.
via ad6f289 bug 9830: fix panic in nt_printer_publish_ads
via 6886a68 s3:librpc: add support for PFC_FLAG_OBJECT_UUID when parsing packets (bug #9382)
from 7e140cf Ensure the RECVFILE path in vfs_pwrite_data() operates on a blocking socket.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -----------------------------------------------------------------
commit ae3aa281ab43f67d4f8337bafdefc08bd44712ea
Author: Andreas Schneider <asn at samba.org>
Date: Wed Apr 24 15:27:21 2013 +0200
BUG 9817: Fix 'map untrusted to domain' with NTLMv2.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Apr 24 17:14:48 CEST 2013 on sn-devel-104
Autobuild-User(v4-0-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-0-test): Tue Apr 30 11:16:19 CEST 2013 on sn-devel-104
commit ad6f2896dc558e7020d2727ed559b71f1c857098
Author: David Disseldorp <ddiss at samba.org>
Date: Thu Apr 25 16:41:17 2013 +0200
bug 9830: fix panic in nt_printer_publish_ads
Check for ads_find_machine_acct() errors, to ensure a NULL LDAPMessage
pointer doesn't get passed to ldap_get_dn().
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-By: Günther Deschner <gd at samba.org>
commit 6886a687388c33e48ce3c6caf7bd3cd392d6140e
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 12 10:16:50 2012 +0100
s3:librpc: add support for PFC_FLAG_OBJECT_UUID when parsing packets (bug #9382)
Now the logic matches the one in dcerpc_read_ncacn_packet_done().
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
Reviewed-by: David Disseldorp <ddiss at suse.de>
-----------------------------------------------------------------------
Summary of changes:
source3/auth/auth_winbind.c | 10 ++++++++--
source3/librpc/rpc/dcerpc_helpers.c | 4 ++++
source3/printing/nt_printing_ads.c | 10 ++++++++--
3 files changed, 20 insertions(+), 4 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c
index d4ace2c..2b5c84d 100644
--- a/source3/auth/auth_winbind.c
+++ b/source3/auth/auth_winbind.c
@@ -62,9 +62,15 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
}
/* Send off request */
-
params.account_name = user_info->client.account_name;
- params.domain_name = user_info->mapped.domain_name;
+ /*
+ * We need to send the domain name from the client to the DC. With
+ * NTLMv2 the domain name is part of the hashed second challenge,
+ * if we change the domain name, the DC will fail to verify the
+ * challenge cause we changed the domain name, this is like a
+ * man in the middle attack.
+ */
+ params.domain_name = user_info->client.domain_name;
params.workstation_name = user_info->workstation_name;
params.flags = 0;
diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c
index 5f8c793..d36c2da 100644
--- a/source3/librpc/rpc/dcerpc_helpers.c
+++ b/source3/librpc/rpc/dcerpc_helpers.c
@@ -111,6 +111,10 @@ NTSTATUS dcerpc_pull_ncacn_packet(TALLOC_CTX *mem_ctx,
ndr->flags |= LIBNDR_FLAG_BIGENDIAN;
}
+ if (CVAL(blob->data, DCERPC_PFC_OFFSET) & DCERPC_PFC_FLAG_OBJECT_UUID) {
+ ndr->flags |= LIBNDR_FLAG_OBJECT_PRESENT;
+ }
+
ndr_err = ndr_pull_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, r);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
diff --git a/source3/printing/nt_printing_ads.c b/source3/printing/nt_printing_ads.c
index b99a972..3a2baf4 100644
--- a/source3/printing/nt_printing_ads.c
+++ b/source3/printing/nt_printing_ads.c
@@ -192,17 +192,23 @@ static WERROR nt_printer_publish_ads(struct messaging_context *msg_ctx,
DEBUG(5, ("publishing printer %s\n", printer));
/* figure out where to publish */
- ads_find_machine_acct(ads, &res, lp_netbios_name());
+ ads_rc = ads_find_machine_acct(ads, &res, lp_netbios_name());
+ if (!ADS_ERR_OK(ads_rc)) {
+ DEBUG(0, ("failed to find machine account for %s\n",
+ lp_netbios_name()));
+ TALLOC_FREE(ctx);
+ return WERR_NOT_FOUND;
+ }
/* We use ldap_get_dn here as we need the answer
* in utf8 to call ldap_explode_dn(). JRA. */
srv_dn_utf8 = ldap_get_dn((LDAP *)ads->ldap.ld, (LDAPMessage *)res);
+ ads_msgfree(ads, res);
if (!srv_dn_utf8) {
TALLOC_FREE(ctx);
return WERR_SERVER_UNAVAILABLE;
}
- ads_msgfree(ads, res);
srv_cn_utf8 = ldap_explode_dn(srv_dn_utf8, 1);
if (!srv_cn_utf8) {
TALLOC_FREE(ctx);
--
Samba Shared Repository
More information about the samba-cvs
mailing list