[SCM] Samba Shared Repository - branch v4-0-test updated
Karolin Seeger
kseeger at samba.org
Thu Nov 7 02:44:05 MST 2013
The branch, v4-0-test has been updated
via de4e721 s4-dns: dlz_bind9: Create dns-HOSTNAME account disabled
via c07a730 libcli/smb: fix smb2cli_ioctl*() against Windows 2008.
from 8d4f270 nsswitch: Fix short writes in winbind_write_sock
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -----------------------------------------------------------------
commit de4e72152d83cf03e86c3531f43a9f2bed4967ac
Author: Samuel Cabrero <scabrero at zentyal.com>
Date: Thu Oct 24 17:37:06 2013 +0200
s4-dns: dlz_bind9: Create dns-HOSTNAME account disabled
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Oct 25 00:39:21 CEST 2013 on sn-devel-104
(cherry picked from commit d3aee80928dc7ccde9441309bf946c2503f7714a)
Part of a fix for bug #9091 - When replicating DNS for bind9_dlz we need to
create the server-DNS account remotely.
Autobuild-User(v4-0-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-0-test): Thu Nov 7 10:43:12 CET 2013 on sn-devel-104
commit c07a73007198dc51161c73e4a360334bb80b4908
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Oct 28 15:43:03 2013 +0100
libcli/smb: fix smb2cli_ioctl*() against Windows 2008.
The subsections of [MS-SMB2] "3.2.5.14 Receiving an SMB2 IOCTL Response"
say the client should ignore the InputOffset/InputCount.
We do that only if we ask for max_input_length = 0.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10232
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Oct 31 01:16:10 CET 2013 on sn-devel-104
(cherry picked from commit 127fc670a39d15eaa3869045fca0287ba7df9efa)
-----------------------------------------------------------------------
Summary of changes:
libcli/smb/smb2cli_ioctl.c | 33 +++++++++++++++++++++++++++++----
python/samba/join.py | 11 +++++++----
2 files changed, 36 insertions(+), 8 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/smb/smb2cli_ioctl.c b/libcli/smb/smb2cli_ioctl.c
index 687c9d5..90c3a2c 100644
--- a/libcli/smb/smb2cli_ioctl.c
+++ b/libcli/smb/smb2cli_ioctl.c
@@ -201,7 +201,21 @@ static void smb2cli_ioctl_done(struct tevent_req *subreq)
return;
}
- if (input_buffer_length < dyn_len) {
+ ofs = input_buffer_length;
+ ofs = NDR_ROUND(ofs, 8);
+
+ if (state->max_input_length == 0) {
+ /*
+ * If max_input_length is 0 we ignore
+ * the input_buffer_length, because
+ * Windows 2008 echos the DCERPC request
+ * from the requested input_buffer
+ * to the response input_buffer.
+ */
+ input_buffer_length = 0;
+ }
+
+ if (input_buffer_length > dyn_len) {
tevent_req_nterror(
req, NT_STATUS_INVALID_NETWORK_RESPONSE);
return;
@@ -216,8 +230,11 @@ static void smb2cli_ioctl_done(struct tevent_req *subreq)
state->out_input_buffer.data = dyn;
state->out_input_buffer.length = input_buffer_length;
- ofs = input_buffer_length;
- ofs = NDR_ROUND(ofs, 8);
+ if (ofs > dyn_len) {
+ tevent_req_nterror(
+ req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
dyn_ofs += ofs;
dyn += ofs;
@@ -231,7 +248,15 @@ static void smb2cli_ioctl_done(struct tevent_req *subreq)
return;
}
- if (output_buffer_length < dyn_len) {
+ if (state->max_output_length == 0) {
+ /*
+ * We do the same logic as for
+ * max_input_length.
+ */
+ output_buffer_length = 0;
+ }
+
+ if (output_buffer_length > dyn_len) {
tevent_req_nterror(
req, NT_STATUS_INVALID_NETWORK_RESPONSE);
return;
diff --git a/python/samba/join.py b/python/samba/join.py
index b2f4da4..bdd3629 100644
--- a/python/samba/join.py
+++ b/python/samba/join.py
@@ -606,15 +606,18 @@ class dc_join(object):
"DNSNAME" : ctx.dnshostname}))
for changetype, msg in recs:
assert changetype == ldb.CHANGETYPE_NONE
+ dns_acct_dn = msg["dn"]
print "Adding DNS account %s with dns/ SPN" % msg["dn"]
# Remove dns password (we will set it as a modify, as we can't do clearTextPassword over LDAP)
del msg["clearTextPassword"]
# Remove isCriticalSystemObject for similar reasons, it cannot be set over LDAP
del msg["isCriticalSystemObject"]
+ # Disable account until password is set
+ msg["userAccountControl"] = str(samba.dsdb.UF_NORMAL_ACCOUNT |
+ samba.dsdb.UF_ACCOUNTDISABLE)
try:
ctx.samdb.add(msg)
- dns_acct_dn = msg["dn"]
except ldb.LdbError, (num, _):
if num != ldb.ERR_ENTRY_ALREADY_EXISTS:
raise
@@ -624,7 +627,7 @@ class dc_join(object):
# connections which are hard to set up and otherwise refuse with
# ERR_UNWILLING_TO_PERFORM. In this case we fall back to libnet
# over SAMR.
- print "Setting account password for %s" % ctx.samname
+ print "Setting account password for dns-%s" % ctx.myname
try:
ctx.samdb.setpassword("(&(objectClass=user)(samAccountName=dns-%s))"
% ldb.binary_encode(ctx.myname),
@@ -633,8 +636,8 @@ class dc_join(object):
username=ctx.samname)
except ldb.LdbError, (num, _):
if num != ldb.ERR_UNWILLING_TO_PERFORM:
- pass
- ctx.net.set_password(account_name="dns-" % ctx.myname,
+ raise
+ ctx.net.set_password(account_name="dns-%s" % ctx.myname,
domain_name=ctx.domain_name,
newpassword=ctx.dnspass)
--
Samba Shared Repository
More information about the samba-cvs
mailing list