[SCM] Samba Shared Repository - branch v4-2-test updated
Karolin Seeger
kseeger at samba.org
Tue Dec 16 15:37:07 MST 2014
The branch, v4-2-test has been updated
via 27219c0 libcli/smb: only force signing of smb2 session setups when binding a new session
via 8bb6039 s3:smb2_server: allow reauthentication without signing
via c0aee74 vfs_streams_xattr: add missing call to SMB_VFS_NEXT_CONNECT
via 4190813 testprogs/test_ldb: check rootdse search with extended-dn control
via 23e43c3 s4:dsdb/rootdse: expand extended dn values with the AS_SYSTEM control
via 02ad559 s3:utils/profiles fix a use after free
via adb4618 s3:registry/regfio fix some valgrind warnings
via 238eb48 s3:registry/regfio read SD from the correct location
from 0055b0d ctdb-tests: Need to drop public IPs in kill-failover tests
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-2-test
- Log -----------------------------------------------------------------
commit 27219c0aa670f2a162d8bba103c50e728f8406ec
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Dec 12 13:55:38 2014 +0000
libcli/smb: only force signing of smb2 session setups when binding a new session
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10958
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Dec 12 23:11:40 CET 2014 on sn-devel-104
(cherry picked from commit daff0f5d709eca621a7f319c892ecaba7b03e5c2)
Autobuild-User(v4-2-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-2-test): Tue Dec 16 23:36:50 CET 2014 on sn-devel-104
commit 8bb60396560842d01ea04250c9a91bb63b14bab2
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Dec 12 09:22:15 2014 +0100
s3:smb2_server: allow reauthentication without signing
If signing is not required we should not require it for reauthentication.
Windows clients would otherwise fail to reauthenticate.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10958
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 382019656ee164fd21455ed7d7b5e9e18bd0ca72)
commit c0aee74f7cfd45d07f82d14645a7f977f8280e24
Author: Ralph Boehme <slow at samba.org>
Date: Thu Dec 11 19:06:11 2014 +0100
vfs_streams_xattr: add missing call to SMB_VFS_NEXT_CONNECT
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11005
Signed-off-by: Ralph Boehme <slow at samba.org>
Rewviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Dec 12 02:09:24 CET 2014 on sn-devel-104
(cherry picked from commit 3554d88a589c079edea068867601c2d25b966932)
commit 4190813eb6f0dd180e97cdca99902110b8f8b272
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 21 14:11:54 2014 +0100
testprogs/test_ldb: check rootdse search with extended-dn control
Verifies BUG: https://bugzilla.samba.org/show_bug.cgi?id=10949
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Fri Dec 12 20:15:46 CET 2014 on sn-devel-104
(cherry picked from commit 7e81fe282540a5b52dcb8c5396321a67733790d2)
commit 23e43c3e2be6926b7717c059664fd166d0a98140
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Nov 20 14:21:06 2014 +0100
s4:dsdb/rootdse: expand extended dn values with the AS_SYSTEM control
Otherwise we can't find the GUID of the 'serverName' attribute
as ANONYMOUS.
This results in
root at ub1204-161:~# ldbsearch -U% -H ldap://172.31.9.161 -b '' -s base --extended-dn serverName
search error - LDAP error 1 LDAP_OPERATIONS_ERROR - <00002020: operations error at ../source4/dsdb/samdb/ldb_modules/rootdse.c:567> <>
While it works as system:
root at ub1204-161:~# ldbsearch -U% -H /var/lib/samba/private/sam.ldb -b '' -s base --extended-dn serverName
# record 1
dn:
serverName: <GUID=348c35e1-04e3-4988-a32c-32478d584551>;CN=UB1204-161,CN=Serve
rs,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=s4xdom,DC=base
# returned 1 records
# 1 entries
# 0 referrals
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10949
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit a6ecef4532e4529a819219cd814e2979c2df0797)
commit 02ad5591695d06f82308c524757655db2d587241
Author: Christian Ambach <ambi at samba.org>
Date: Tue Nov 4 23:51:23 2014 +0100
s3:utils/profiles fix a use after free
path is a talloc-child of subkeys, so subkeys should not be freed before calling
verbose_output
Signed-off-by: Christian Ambach <ambi at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Christian Ambach <ambi at samba.org>
Autobuild-Date(master): Wed Dec 3 00:43:19 CET 2014 on sn-devel-104
(cherry picked from commit 3b90bfb1089e6a4b7e05e7ed62bb642521f57917)
commit adb461866962f98b8a2c45a4a436acf37c9784a3
Author: Christian Ambach <ambi at samba.org>
Date: Tue Nov 4 23:50:07 2014 +0100
s3:registry/regfio fix some valgrind warnings
Signed-off-by: Christian Ambach <ambi at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 4b41489901b7f1a78ffd479128c3e0d309e53b53)
commit 238eb48f9919e4ce3e520a7e3c6b618b145bf0c0
Author: Christian Ambach <ambi at samba.org>
Date: Tue Nov 4 23:47:26 2014 +0100
s3:registry/regfio read SD from the correct location
try to find the security descriptor at the data pointer, not at the beginning of the hbin
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9629
Signed-off-by: Christian Ambach <ambi at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 217a0189c15761f6c7b24c9d7bfdbccf85de8e1d)
-----------------------------------------------------------------------
Summary of changes:
libcli/smb/smbXcli_base.c | 7 ++++++-
source3/modules/vfs_streams_xattr.c | 6 ++++++
source3/registry/regfio.c | 10 ++++++----
source3/smbd/smb2_server.c | 5 -----
source3/smbd/smb2_sesssetup.c | 4 ++++
source3/utils/profiles.c | 6 +++---
source4/dsdb/samdb/ldb_modules/rootdse.c | 6 ++----
testprogs/blackbox/test_ldb.sh | 2 ++
8 files changed, 29 insertions(+), 17 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index e0c5ff9..2fe6a5a 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -2677,7 +2677,12 @@ struct tevent_req *smb2cli_req_create(TALLOC_CTX *mem_ctx,
state->smb2.should_encrypt = session->smb2->should_encrypt;
if (cmd == SMB2_OP_SESSSETUP &&
- session->smb2->signing_key.length != 0) {
+ session->smb2_channel.signing_key.length == 0 &&
+ session->smb2->signing_key.length != 0)
+ {
+ /*
+ * a session bind needs to be signed
+ */
state->smb2.should_sign = true;
}
diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c
index 5c5a9a1..b3c1df1 100644
--- a/source3/modules/vfs_streams_xattr.c
+++ b/source3/modules/vfs_streams_xattr.c
@@ -879,6 +879,12 @@ static int streams_xattr_connect(vfs_handle_struct *handle,
struct streams_xattr_config *config;
const char *default_prefix = SAMBA_XATTR_DOSSTREAM_PREFIX;
const char *prefix;
+ int rc;
+
+ rc = SMB_VFS_NEXT_CONNECT(handle, service, user);
+ if (rc != 0) {
+ return rc;
+ }
config = talloc_zero(handle->conn, struct streams_xattr_config);
if (config == NULL) {
diff --git a/source3/registry/regfio.c b/source3/registry/regfio.c
index fe80094..e49de26 100644
--- a/source3/registry/regfio.c
+++ b/source3/registry/regfio.c
@@ -768,8 +768,10 @@ static bool hbin_prs_sk_rec( const char *desc, REGF_HBIN *hbin, int depth, REGF_
if (!prs_copy_data_in(&hbin->ps, (const char *)blob.data, blob.length))
return False;
} else {
- blob = data_blob_const(prs_data_p(&hbin->ps),
- prs_data_size(&hbin->ps));
+ blob = data_blob_const(
+ prs_data_p(&hbin->ps) + prs_offset(&hbin->ps),
+ prs_data_size(&hbin->ps) - prs_offset(&hbin->ps)
+ );
status = unmarshall_sec_desc(mem_ctx,
blob.data, blob.length,
&sk->sec_desc);
@@ -1739,7 +1741,7 @@ static bool create_vk_record(REGF_FILE *file, REGF_VK_REC *vk,
/* make sure we don't try to copy from a NULL value pointer */
if ( vk->data_size != 0 )
- memcpy( &vk->data_off, regval_data_p(value), sizeof(uint32) );
+ memcpy( &vk->data_off, regval_data_p(value), vk->data_size);
vk->data_size |= VK_DATA_IN_OFFSET;
}
@@ -1804,7 +1806,7 @@ static int hashrec_cmp( REGF_HASH_REC *h1, REGF_HASH_REC *h2 )
REGF_HASH_REC *hash = &parent->subkeys.hashes[parent->subkey_index];
hash->nk_off = prs_offset( &nk->hbin->ps ) + nk->hbin->first_hbin_off - HBIN_HDR_SIZE;
- memcpy( hash->keycheck, name, sizeof(uint32) );
+ memcpy(hash->keycheck, name, MIN(strlen(name),sizeof(uint32)));
hash->fullname = talloc_strdup( file->mem_ctx, name );
parent->subkey_index++;
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index 31ec70b..39155b8 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -1987,11 +1987,6 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
if (x != NULL) {
signing_required = x->global->signing_required;
encryption_required = x->global->encryption_required;
-
- if (opcode == SMB2_OP_SESSSETUP &&
- x->global->signing_key.length > 0) {
- signing_required = true;
- }
}
req->do_signing = false;
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 366ca58..57f623a 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -422,6 +422,10 @@ static NTSTATUS smbd_smb2_reauth_generic_return(struct smbXsrv_session *session,
conn_clear_vuid_caches(smb2req->sconn, session->compat->vuid);
+ if (security_session_user_level(session_info, NULL) >= SECURITY_USER) {
+ smb2req->do_signing = true;
+ }
+
*out_session_id = session->global->session_wire_id;
return NT_STATUS_OK;
diff --git a/source3/utils/profiles.c b/source3/utils/profiles.c
index 0f274ad..22c8f72 100644
--- a/source3/utils/profiles.c
+++ b/source3/utils/profiles.c
@@ -189,12 +189,12 @@ static bool copy_registry_tree( REGF_FILE *infile, REGF_NK_REC *nk,
}
}
- /* values is a talloc()'d child of subkeys here so just throw it all away */
-
- TALLOC_FREE( subkeys );
verbose_output("[%s]\n", path);
+ /* values is a talloc()'d child of subkeys here so just throw it all away */
+ TALLOC_FREE(subkeys);
+
return True;
}
diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c
index b13dc9e..111266f 100644
--- a/source4/dsdb/samdb/ldb_modules/rootdse.c
+++ b/source4/dsdb/samdb/ldb_modules/rootdse.c
@@ -142,10 +142,8 @@ static int expand_dn_in_message(struct ldb_module *module, struct ldb_message *m
return ret;
}
-
- ret = ldb_request_add_control(req2,
- LDB_CONTROL_EXTENDED_DN_OID,
- edn_control->critical, edn);
+ ret = dsdb_request_add_controls(req2, DSDB_FLAG_AS_SYSTEM |
+ DSDB_SEARCH_SHOW_EXTENDED_DN);
if (ret != LDB_SUCCESS) {
talloc_free(tmp_ctx);
return ldb_error(ldb, ret, "Failed to add control");
diff --git a/testprogs/blackbox/test_ldb.sh b/testprogs/blackbox/test_ldb.sh
index f326672..60bad44 100755
--- a/testprogs/blackbox/test_ldb.sh
+++ b/testprogs/blackbox/test_ldb.sh
@@ -37,6 +37,8 @@ export PATH="$BINDIR:$PATH"
ldbsearch="$VALGRIND ldbsearch"
check "RootDSE" $ldbsearch $CONFIGURATION $options --basedn='' -H $p://$SERVER -s base DUMMY=x dnsHostName highestCommittedUSN || failed=`expr $failed + 1`
+check "RootDSE (full)" $ldbsearch $CONFIGURATION $options --basedn='' -H $p://$SERVER -s base '(objectClass=*)' || failed=`expr $failed + 1`
+check "RootDSE (extended)" $ldbsearch $CONFIGURATION $options --basedn='' -H $p://$SERVER -s base '(objectClass=*)' --extended-dn || failed=`expr $failed + 1`
echo "Getting defaultNamingContext"
BASEDN=`$ldbsearch $CONFIGURATION $options --basedn='' -H $p://$SERVER -s base DUMMY=x defaultNamingContext | grep defaultNamingContext | awk '{print $2}'`
--
Samba Shared Repository
More information about the samba-cvs
mailing list