[SCM] Samba Shared Repository - branch master updated
Andreas Schneider
asn at samba.org
Thu Feb 7 07:51:05 MST 2013
The branch, master has been updated
via 64eba0a BUG 9633: Recursive mget should continue on EPERM.
via 62e6ea4 s3-rpc_server: Fix password encoding in _netr_ServerGetTrustInfo().
via 823a25f s3-rpc_server: Dont wipe out ref pointers in _netr_ServerGetTrustInfo().
from ff496ef autoconf: rename pdb_ldap module to pdb_ldapsam
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 64eba0a8421bf4648f79085dd23b3e55d5a322df
Author: David Disseldorp <ddiss at samba.org>
Date: Mon Feb 4 19:04:39 2013 +0100
BUG 9633: Recursive mget should continue on EPERM.
Regression introduced by 14ff2e8de9bd8d0064762234555260f5eea643fe.
When downloading files recursively, smbclient halts if it encounters
a folder to which it does not have permission to traverse.
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Feb 7 15:50:36 CET 2013 on sn-devel-104
commit 62e6ea408a20197420eadb133df6ba233c7874b4
Author: Sumit Bose <sbose at redhat.com>
Date: Mon Feb 4 13:15:18 2013 +0100
s3-rpc_server: Fix password encoding in _netr_ServerGetTrustInfo().
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 823a25f6a47c311ab33874be8a889ffbaf8db527
Author: Günther Deschner <gd at samba.org>
Date: Tue Dec 11 09:29:37 2012 +0100
s3-rpc_server: Dont wipe out ref pointers in _netr_ServerGetTrustInfo().
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/client/client.c | 13 +++++++-
source3/rpc_server/netlogon/srv_netlog_nt.c | 39 ++++++++------------------
2 files changed, 23 insertions(+), 29 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/client/client.c b/source3/client/client.c
index 6aed9d3..8038021 100644
--- a/source3/client/client.c
+++ b/source3/client/client.c
@@ -1321,8 +1321,17 @@ static NTSTATUS do_mget(struct cli_state *cli_state, struct file_info *finfo,
return NT_STATUS_NO_MEMORY;
}
- status = do_list(mget_mask, FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_DIRECTORY,do_mget,false, true);
- if (!NT_STATUS_IS_OK(status)) {
+ status = do_list(mget_mask,
+ (FILE_ATTRIBUTE_SYSTEM
+ | FILE_ATTRIBUTE_HIDDEN
+ | FILE_ATTRIBUTE_DIRECTORY),
+ do_mget, false, true);
+ if (!NT_STATUS_IS_OK(status)
+ && !NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+ /*
+ * Ignore access denied errors to ensure all permitted files are
+ * pulled down.
+ */
return status;
}
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
index cfd91c2..a355dd1 100644
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -2429,29 +2429,27 @@ static NTSTATUS get_password_from_trustAuth(TALLOC_CTX *mem_ctx,
return NT_STATUS_UNSUCCESSFUL;
}
-
if (trustAuth.count != 0 && trustAuth.current.count != 0 &&
trustAuth.current.array[0].AuthType == TRUST_AUTH_TYPE_CLEAR) {
- mdfour(previous_pw_enc->hash,
+ mdfour(current_pw_enc->hash,
trustAuth.current.array[0].AuthInfo.clear.password,
trustAuth.current.array[0].AuthInfo.clear.size);
+ netlogon_creds_des_encrypt(creds, current_pw_enc);
} else {
return NT_STATUS_UNSUCCESSFUL;
}
- netlogon_creds_des_encrypt(creds, current_pw_enc);
if (trustAuth.previous.count != 0 &&
trustAuth.previous.array[0].AuthType == TRUST_AUTH_TYPE_CLEAR) {
mdfour(previous_pw_enc->hash,
trustAuth.previous.array[0].AuthInfo.clear.password,
trustAuth.previous.array[0].AuthInfo.clear.size);
+ netlogon_creds_des_encrypt(creds, previous_pw_enc);
} else {
- mdfour(previous_pw_enc->hash, NULL, 0);
+ ZERO_STRUCTP(previous_pw_enc);
}
- netlogon_creds_des_encrypt(creds, previous_pw_enc);
-
return NT_STATUS_OK;
}
@@ -2469,9 +2467,6 @@ NTSTATUS _netr_ServerGetTrustInfo(struct pipes_struct *p,
bool trusted;
struct netr_TrustInfo *trust_info;
struct pdb_trusted_domain *td;
- DATA_BLOB trustAuth_blob;
- struct samr_Password *new_owf_enc;
- struct samr_Password *old_owf_enc;
struct loadparm_context *lp_ctx;
lp_ctx = loadparm_init_s3(p->mem_ctx, loadparm_s3_helpers());
@@ -2545,34 +2540,24 @@ NTSTATUS _netr_ServerGetTrustInfo(struct pipes_struct *p,
*r->out.trust_info = trust_info;
}
- new_owf_enc = talloc_zero(p->mem_ctx, struct samr_Password);
- old_owf_enc = talloc_zero(p->mem_ctx, struct samr_Password);
- if (new_owf_enc == NULL || old_owf_enc == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
-/* TODO: which trustAuth shall we use if we have in/out trust or do they have to
- * be equal ? */
- if (td->trust_direction & NETR_TRUST_FLAG_INBOUND) {
- trustAuth_blob = td->trust_auth_incoming;
- } else if (td->trust_direction & NETR_TRUST_FLAG_OUTBOUND) {
- trustAuth_blob = td->trust_auth_outgoing;
+ if (td->trust_auth_incoming.data == NULL) {
+ return NT_STATUS_INVALID_PARAMETER;
}
- status = get_password_from_trustAuth(p->mem_ctx, &trustAuth_blob,
+ status = get_password_from_trustAuth(p->mem_ctx,
+ &td->trust_auth_incoming,
creds,
- new_owf_enc, old_owf_enc);
+ r->out.new_owf_password,
+ r->out.old_owf_password);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- r->out.new_owf_password = new_owf_enc;
- r->out.old_owf_password = old_owf_enc;
} else {
/* TODO: look for machine password */
- r->out.new_owf_password = NULL;
- r->out.old_owf_password = NULL;
+ ZERO_STRUCTP(r->out.new_owf_password);
+ ZERO_STRUCTP(r->out.old_owf_password);
return NT_STATUS_NOT_IMPLEMENTED;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list