[SCM] Samba Shared Repository - branch v3-6-stable updated

Karolin Seeger kseeger at samba.org
Wed May 8 02:15:26 MDT 2013


The branch, v3-6-stable has been updated
       via  e0c2e3c WHATSNEW: Prepare release notes for Samba 3.6.15.
       via  07f930e winbind: Fix bug 9854 -- NULL pointer dereference
       via  6c5c055 BUG 9817: Fix 'map untrusted to domain' with NTLMv2.
       via  76d9020 bug 9830: fix panic in nt_printer_publish_ads
       via  b633e71 s3:librpc: add support for PFC_FLAG_OBJECT_UUID when parsing packets (bug #9382)
       via  6f14d3b s3-smbd: Split make_serverinfo_from_username guest parameters into two parts
      from  abe0fec WHATSNEW: Start release notes for Samba 3.6.15.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-stable


- Log -----------------------------------------------------------------
commit e0c2e3cd1579d89b2e3f8d1bce2019e61104441e
Author: Karolin Seeger <kseeger at samba.org>
Date:   Wed May 8 10:15:32 2013 +0200

    WHATSNEW: Prepare release notes for Samba 3.6.15.
    
    Signed-off-by: Karolin Seeger <kseeger at samba.org>
    (cherry picked from commit 8a3db2e8ef12d259feaa2af5092ddda74c5b4def)

commit 07f930e32cdc0d8a317d4b14285b2fb1f15f0c46
Author: Volker Lendecke <vl at samba.org>
Date:   Tue May 7 12:39:16 2013 +0200

    winbind: Fix bug 9854 -- NULL pointer dereference
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Michael Adam <obnox at samba.org>
    
    Autobuild-User(master): Michael Adam <obnox at samba.org>
    Autobuild-Date(master): Tue May  7 14:49:07 CEST 2013 on sn-devel-104
    (cherry picked from commit 8c1283a89f746a108e8014b6fbc9a58a371950cf)
    (cherry picked from commit 0872d998cd2bcfa274283bd7dd1d70010ca33166)

commit 6c5c055ab1a83c71adf26b2089e51715833b2c31
Author: Andreas Schneider <asn at samba.org>
Date:   Wed Apr 24 15:27:21 2013 +0200

    BUG 9817: Fix 'map untrusted to domain' with NTLMv2.
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Günther Deschner <gd at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    
    Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
    Autobuild-Date(master): Wed Apr 24 17:14:48 CEST 2013 on sn-devel-104
    (cherry picked from commit 62873916076d748f7c91868a6cd28d35e64d8dca)

commit 76d90201a02511429bf0f658c1564ccc78f26e6d
Author: David Disseldorp <ddiss at samba.org>
Date:   Thu Apr 25 16:01:54 2013 +0200

    bug 9830: fix panic in nt_printer_publish_ads
    
    Check for ads_find_machine_acct() errors, to ensure a NULL LDAPMessage
    pointer doesn't get passed to ldap_get_dn().
    
    Signed-off-by: David Disseldorp <ddiss at samba.org>
    (cherry picked from commit dd07b3c4973b169f07d227869dba8d0f4a76569a)

commit b633e710743aff595a87782507429e68d94ce80e
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Nov 12 10:16:50 2012 +0100

    s3:librpc: add support for PFC_FLAG_OBJECT_UUID when parsing packets (bug #9382)
    
    Now the logic matches the one in dcerpc_read_ncacn_packet_done().
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Michael Adam <obnox at samba.org>
    Reviewed-by: David Disseldorp <ddiss at suse.de>
    (cherry picked from commit 65860c540faba0ca3542ee2edc0a16fa76a2bcde)

commit 6f14d3be50c0f45fa8f2afc2d42f229a05a6056d
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Thu Apr 4 09:53:34 2013 +1100

    s3-smbd: Split make_serverinfo_from_username guest parameters into two parts
    
    This handles differently the case where we are the guest (from security=share) and
    when we are forced to be a different user with force user.  We want to maintain
    only the is_guest flag if were forced to become any other user, we need the rest
    of the token to change.
    
    Andrew Bartlett
    
    Fix bug #9746 - guest ok + force user + force group doesn't work.
    (cherry picked from commit 24d68d799553b0806e580a47aed70a4eaac09191)

-----------------------------------------------------------------------

Summary of changes:
 WHATSNEW.txt                        |   20 +++++++++++++++++---
 source3/auth/auth_util.c            |    3 ++-
 source3/auth/auth_winbind.c         |   10 ++++++++--
 source3/auth/proto.h                |    1 +
 source3/librpc/rpc/dcerpc_helpers.c |    4 ++++
 source3/printing/nt_printing_ads.c  |   10 ++++++++--
 source3/smbd/service.c              |    4 ++--
 source3/winbindd/winbindd_cache.c   |    6 +++---
 8 files changed, 45 insertions(+), 13 deletions(-)


Changeset truncated at 500 lines:

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 6b986c2..461ed76 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,6 +1,6 @@
                    ==============================
                    Release Notes for Samba 3.6.15
-                           June 10, 2013
+                            May 08, 2013
                    ==============================
 
 
@@ -8,12 +8,26 @@ This is is the latest stable release of Samba 3.6.
 
 Major enhancements in Samba 3.6.15 include:
 
-o  
+o  Fix crash bug in Winbind (bug #9854).
+
 
 Changes since 3.6.14:
 ---------------------
 
-o   Jeremy Allison <jra at samba.org>
+o   Andrew Bartlett <abartlet at samba.org>
+    * BUG 9746: Fix "guest ok", "force user" and "force group" for guest users.
+
+
+o   David Disseldorp <ddiss at samba.org>
+    * BUG 9830: Fix panic in nt_printer_publish_ads.
+
+
+o   Volker Lendecke <vl at samba.org>
+    * BUG 9854: Fix crash bug in Winbind.
+
+
+o   Andreas Schneider <asn at samba.org>
+    * BUG 9817: Fix 'map untrusted to domain' with NTLMv2.
 
 
 ######################################################################
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 0e1f437..288f461 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -902,6 +902,7 @@ static NTSTATUS make_new_session_info_system(TALLOC_CTX *mem_ctx,
 
 NTSTATUS make_serverinfo_from_username(TALLOC_CTX *mem_ctx,
 				       const char *username,
+				       bool use_guest_token,
 				       bool is_guest,
 				       struct auth_serversupplied_info **presult)
 {
@@ -925,7 +926,7 @@ NTSTATUS make_serverinfo_from_username(TALLOC_CTX *mem_ctx,
 	result->nss_token = true;
 	result->guest = is_guest;
 
-	if (is_guest) {
+	if (use_guest_token) {
 		status = make_server_info_guest(mem_ctx, &result);
 	} else {
 		status = create_local_token(result);
diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c
index 2143353..57a8866 100644
--- a/source3/auth/auth_winbind.c
+++ b/source3/auth/auth_winbind.c
@@ -62,9 +62,15 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
 	}
 
 	/* Send off request */
-
 	params.account_name	= user_info->client.account_name;
-	params.domain_name	= user_info->mapped.domain_name;
+	/*
+	 * We need to send the domain name from the client to the DC. With
+	 * NTLMv2 the domain name is part of the hashed second challenge,
+	 * if we change the domain name, the DC will fail to verify the
+	 * challenge cause we changed the domain name, this is like a
+	 * man in the middle attack.
+	 */
+	params.domain_name	= user_info->client.domain_name;
 	params.workstation_name	= user_info->workstation_name;
 
 	params.flags		= 0;
diff --git a/source3/auth/proto.h b/source3/auth/proto.h
index b23d827..3d1fa06 100644
--- a/source3/auth/proto.h
+++ b/source3/auth/proto.h
@@ -149,6 +149,7 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info,
 			     struct passwd *pwd);
 NTSTATUS make_serverinfo_from_username(TALLOC_CTX *mem_ctx,
 				       const char *username,
+				       bool use_guest_token,
 				       bool is_guest,
 				       struct auth_serversupplied_info **presult);
 struct auth_serversupplied_info *copy_serverinfo(TALLOC_CTX *mem_ctx,
diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c
index 7520d76..469e308 100644
--- a/source3/librpc/rpc/dcerpc_helpers.c
+++ b/source3/librpc/rpc/dcerpc_helpers.c
@@ -113,6 +113,10 @@ NTSTATUS dcerpc_pull_ncacn_packet(TALLOC_CTX *mem_ctx,
 		ndr->flags |= LIBNDR_FLAG_BIGENDIAN;
 	}
 
+	if (CVAL(blob->data, DCERPC_PFC_OFFSET) & DCERPC_PFC_FLAG_OBJECT_UUID) {
+		ndr->flags |= LIBNDR_FLAG_OBJECT_PRESENT;
+	}
+
 	ndr_err = ndr_pull_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, r);
 
 	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
diff --git a/source3/printing/nt_printing_ads.c b/source3/printing/nt_printing_ads.c
index 5a0cd24..219124f 100644
--- a/source3/printing/nt_printing_ads.c
+++ b/source3/printing/nt_printing_ads.c
@@ -192,17 +192,23 @@ static WERROR nt_printer_publish_ads(struct messaging_context *msg_ctx,
 	DEBUG(5, ("publishing printer %s\n", printer));
 
 	/* figure out where to publish */
-	ads_find_machine_acct(ads, &res, global_myname());
+	ads_rc = ads_find_machine_acct(ads, &res, global_myname());
+	if (!ADS_ERR_OK(ads_rc)) {
+		DEBUG(0, ("failed to find machine account for %s\n",
+			  global_myname()));
+		TALLOC_FREE(ctx);
+		return WERR_NOT_FOUND;
+	}
 
 	/* We use ldap_get_dn here as we need the answer
 	 * in utf8 to call ldap_explode_dn(). JRA. */
 
 	srv_dn_utf8 = ldap_get_dn((LDAP *)ads->ldap.ld, (LDAPMessage *)res);
+	ads_msgfree(ads, res);
 	if (!srv_dn_utf8) {
 		TALLOC_FREE(ctx);
 		return WERR_SERVER_UNAVAILABLE;
 	}
-	ads_msgfree(ads, res);
 	srv_cn_utf8 = ldap_explode_dn(srv_dn_utf8, 1);
 	if (!srv_cn_utf8) {
 		TALLOC_FREE(ctx);
diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index 6c8c8d3..a22b0df 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -656,7 +656,7 @@ static NTSTATUS create_connection_session_info(struct smbd_server_connection *sc
 			return NT_STATUS_WRONG_PASSWORD;
                 }
 
-		return make_serverinfo_from_username(mem_ctx, user, guest,
+		return make_serverinfo_from_username(mem_ctx, user, guest, guest,
 						     presult);
         }
 
@@ -690,7 +690,7 @@ NTSTATUS set_conn_force_user_group(connection_struct *conn, int snum)
 		}
 
 		status = make_serverinfo_from_username(
-			conn, fuser, conn->session_info->guest,
+			conn, fuser, false, conn->session_info->guest,
 			&forced_serverinfo);
 		if (!NT_STATUS_IS_OK(status)) {
 			return status;
diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index 033ea77..0a65953 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -946,7 +946,7 @@ static void wcache_save_name_to_sid(struct winbindd_domain *domain,
 	if (!centry)
 		return;
 
-	if (domain_name[0] == '\0') {
+	if ((domain_name == NULL) || (domain_name[0] == '\0')) {
 		struct winbindd_domain *mydomain =
 			find_domain_from_sid_noinit(sid);
 		if (mydomain != NULL) {
@@ -974,7 +974,7 @@ static void wcache_save_sid_to_name(struct winbindd_domain *domain, NTSTATUS sta
 	if (!centry)
 		return;
 
-	if (domain_name[0] == '\0') {
+	if ((domain_name == NULL) || (domain_name[0] == '\0')) {
 		struct winbindd_domain *mydomain =
 			find_domain_from_sid_noinit(sid);
 		if (mydomain != NULL) {
@@ -1798,7 +1798,7 @@ NTSTATUS wcache_name_to_sid(struct winbindd_domain *domain,
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	if (domain_name[0] == '\0') {
+	if ((domain_name == NULL) || (domain_name[0] == '\0')) {
 		domain_name = domain->name;
 	}
 


-- 
Samba Shared Repository


More information about the samba-cvs mailing list