[SCM] Samba Shared Repository - branch v4-1-test updated

Karolin Seeger kseeger at samba.org
Thu Jan 15 04:11:33 MST 2015


The branch, v4-1-test has been updated
       via  c4e46cd VERSION: Bump version up to 4.1.17.
       via  af5c876 Merge tag 'samba-4.1.16' into v4-1-test
       via  1c6bcc0 smbd: Fix CID 1063259 Uninitialized scalar variable
       via  5bbf2df s3-libads: Fix a possible segfault in kerberos_fetch_pac().
       via  e968af8 spoolss: clear PrinterInfo on GetPrinter error
       via  fd9daf3 spoolss: clear info on GetPrinterDriverDirectory error
       via  fcbeb46 spoolss: clear info on GetPrintProcessorDirectory error
       via  50a72f0 spoolss: clear FormInfo on GetForm error
       via  1719bda spoolss: clear DriverInfo on GetPrinterDriver2 error
       via  a9dab56 spoolss: clear JobInfo on GetJob error
       via  c5cff32 vfs: Add glusterfs manpage.
       via  ecb145c net: Fix sam addgroupmem
       via  333d257 dsdb: Add tokenGroupsGlobalAndUniversal, tokenGroups, tokenGroupsNoGCAcceptable
       via  2baeba4 s3-util: Fix authentication with long hostnames.
       via  1e682c3 VERSION: Disable git snapshots for the 4.1.16 release.
       via  8010553 WHATSNEW: Add release notes for Samba 4.1.16.
       via  5cc1c0e CVE-2014-8143:dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl
       via  3c93b57 CVE-2014-8143:dsdb: Allow use of dsdb_autotransaction_request outside util.c
       via  f2cb9b9 CVE-2014-8143:pydsdb: Pull in UF_USE_AES_KEYS flag
       via  9e15786 CVE-2014-8143:auth: Force talloc type of session_info pointer to match
       via  cc49a60 VERSION: Bump version up to 4.1.16...
      from  9f52de7 VERSION: Bump version up to 4.1.16...

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-1-test


- Log -----------------------------------------------------------------
commit c4e46cd4e32ef5bf25f3a21f74bb40dfb1dd3c0d
Author: Karolin Seeger <kseeger at samba.org>
Date:   Thu Jan 15 12:10:58 2015 +0100

    VERSION: Bump version up to 4.1.17.
    
    Signed-off-by: Karolin Seeger <kseeger at samba.org>

commit af5c87631de5712b2b31856233c23ca772eb8aa4
Merge: 1c6bcc0 1e682c3
Author: Karolin Seeger <kseeger at samba.org>
Date:   Thu Jan 15 12:10:22 2015 +0100

    Merge tag 'samba-4.1.16' into v4-1-test
    
    samba: tag release samba-4.1.16

commit 1c6bcc0d7f63fe3b18500bd2a5d532746302345c
Author: Volker Lendecke <vl at samba.org>
Date:   Sun Aug 18 20:35:32 2013 +0000

    smbd: Fix CID 1063259 Uninitialized scalar variable
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=11041
    
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    (cherry picked from commit cc983c9a6a92f3d127ec6461b15aed3fa90e6d30)
    Reviewed-by: David Disseldorp <ddiss at samba.org>

commit 5bbf2df3fe60ed124a05a515d7128fe5e750f29b
Author: Andreas Schneider <asn at samba.org>
Date:   Wed Jan 7 17:12:54 2015 +0100

    s3-libads: Fix a possible segfault in kerberos_fetch_pac().
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=11037
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit a13e29cc4345d85ab6fe4482119386b87e4e8673)

commit e968af8e5e7e1d19b7da2222270e8af01f1ea49a
Author: David Disseldorp <ddiss at samba.org>
Date:   Wed Dec 17 16:54:42 2014 +0100

    spoolss: clear PrinterInfo on GetPrinter error
    
    If an error is returned without zeroing a pre-allocated @info pointer,
    then marshalling of the response will fail.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984
    
    Signed-off-by: David Disseldorp <ddiss at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    (cherry picked from commit a11e97b79645ff0d9e7d20f5318a979194a858fe)

commit fd9daf39e7faa76a5b8b47c316a16ed257dea837
Author: David Disseldorp <ddiss at samba.org>
Date:   Wed Dec 17 16:47:50 2014 +0100

    spoolss: clear info on GetPrinterDriverDirectory error
    
    If an error is returned without zeroing a pre-allocated @info pointer,
    then marshalling of the response will fail.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984
    
    Signed-off-by: David Disseldorp <ddiss at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    (cherry picked from commit c9fccb5018f9a19bb654b9ad79aa716e37a274d6)

commit fcbeb4638d2120c20ff361720723554cbf1e4c3a
Author: David Disseldorp <ddiss at samba.org>
Date:   Wed Dec 17 15:54:22 2014 +0100

    spoolss: clear info on GetPrintProcessorDirectory error
    
    If an error is returned without zeroing a pre-allocated @info pointer,
    then marshalling of the response will fail.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984
    
    Signed-off-by: David Disseldorp <ddiss at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    (cherry picked from commit 679c781112ce6b7cffca11c28e58ae5f9a0d717d)

commit 50a72f093547d543036ea7a3df3d1ef49590af17
Author: David Disseldorp <ddiss at samba.org>
Date:   Wed Dec 17 15:29:52 2014 +0100

    spoolss: clear FormInfo on GetForm error
    
    In handling a spoolss GetForm request, the handler may return an
    immediate error if one of the input parameters is invalid.  If this is
    done without zeroing the pre-allocated @info pointer, then marshalling
    of the response will fail.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984
    
    Signed-off-by: David Disseldorp <ddiss at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    (cherry picked from commit b113ed6043622cdec68f3a70631b363594f3a8d0)

commit 1719bdaffe2a13166256aa24526dbd0b3aaeb0ca
Author: David Disseldorp <ddiss at samba.org>
Date:   Wed Dec 17 15:21:33 2014 +0100

    spoolss: clear DriverInfo on GetPrinterDriver2 error
    
    In handling a spoolss GetPrinterDriver2 request, the handler may
    return an immediate error if one of the input parameters is invalid.
    If this is done without zeroing the pre-allocated @info pointer, then
    marshalling of the response will fail.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984
    
    Signed-off-by: David Disseldorp <ddiss at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    (cherry picked from commit fb9ecb044ee986ab3496da6cbad162a224378475)

commit a9dab567e882a6ffd376c5f39112cf00866c2d63
Author: David Disseldorp <ddiss at samba.org>
Date:   Thu Dec 4 20:03:39 2014 +0100

    spoolss: clear JobInfo on GetJob error
    
    In handling a spoolss GetJob request, the _spoolss_GetJob() handler may
    return an immediate error if one of the input parameters is invalid. If
    this is done without zeroing the pre-allocated @info pointer, then
    api_spoolss_GetJob() will attempt to marshall @info, which in the case
    of an @offered value of zero results in a marshalling error:
    
    ndr_push_error(7): Bad subcontext (PUSH) content_size 64 is larger
    than size_is(0)
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984
    
    Signed-off-by: David Disseldorp <ddiss at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    (cherry picked from commit 89869e090c56a3f83b451b437f9c3f40a231dd24)

commit c5cff323b43d9c9785cce4495921dc755da8991a
Author: Günther Deschner <gd at samba.org>
Date:   Wed Dec 17 13:48:53 2014 +0100

    vfs: Add glusterfs manpage.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=10240
    
    Guenther
    
    Signed-off-by: Günther Deschner <gd at samba.org>
    Reviewed-by: Michael Adam <obnox at samba.org>
    
    Autobuild-User(master): Günther Deschner <gd at samba.org>
    Autobuild-Date(master): Wed Jan  7 20:57:57 CET 2015 on sn-devel-104

commit ecb145cb1400aa68903b2ee25476f6a4768f193f
Author: Volker Lendecke <vl at samba.org>
Date:   Tue Jan 13 12:51:13 2015 +0100

    net: Fix sam addgroupmem
    
    Domain local groups come across as SID_TYPE_ALIAS and are sent to us in the
    PAC/Info3 struct. We should allow this in net sam addgroupmem.
    
    Volker
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=11051
    
    Autobuild-User(master): Günther Deschner <gd at samba.org>
    Autobuild-Date(master): Tue Jan 13 15:28:16 CET 2015 on sn-devel-104

commit 333d25739eb5a0d347ff8c57726ea184af4c1ec9
Author: Garming Sam <garming at catalyst.net.nz>
Date:   Thu Dec 4 11:53:12 2014 +1300

    dsdb: Add tokenGroupsGlobalAndUniversal, tokenGroups, tokenGroupsNoGCAcceptable
    
    This includes additional tests based directly on the docs, rather than
    simply testing our internal implementation in client and server contexts,
    that create a user and groups.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=11022
    
    Pair-programmed-with: Garming Sam <garming at catalyst.net.nz>
    Signed-off-by: Garming-Sam <garming at catalyst.net.nz>
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    
    Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
    Autobuild-Date(master): Mon Dec 22 17:17:02 CET 2014 on sn-devel-104
    
    (similar to commit e4213512d0a967e87a74a1ae816c903fb38dd8b9)

commit 2baeba404c3d18d032860503385f174c269fc991
Author: Andreas Schneider <asn at samba.org>
Date:   Mon Jan 12 18:12:13 2015 +0100

    s3-util: Fix authentication with long hostnames.
    
    If the hostname is longer than MAX_NETBIOSNAME_LEN we fail to correctly
    check the hostname.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=11008
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    (cherry picked from commit da2611adef32107f5a0eec97501c01232ab72efc)
    Signed-off-by: Andreas Schneider <asn at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 VERSION                                      |   2 +-
 WHATSNEW.txt                                 |  55 ++++-
 docs-xml/manpages/vfs_glusterfs.8.xml        | 151 ++++++++++++
 docs-xml/wscript_build                       |   1 +
 librpc/idl/security.idl                      |  13 +-
 source3/lib/util.c                           |   4 +-
 source3/libads/authdata.c                    |   8 +-
 source3/rpc_server/spoolss/srv_spoolss_nt.c  |  78 ++++--
 source3/smbd/process.c                       |   1 +
 source3/utils/net_sam.c                      |   8 +-
 source4/auth/session.c                       |   5 +
 source4/dsdb/common/util.c                   |   4 +-
 source4/dsdb/pydsdb.c                        |   1 +
 source4/dsdb/samdb/ldb_modules/operational.c |  66 ++++-
 source4/dsdb/samdb/ldb_modules/samldb.c      | 192 ++++++++++++++-
 source4/dsdb/samdb/samdb.h                   |   6 +
 source4/dsdb/tests/python/token_group.py     | 347 ++++++++++++++++++++++++++-
 source4/rpc_server/lsa/dcesrv_lsa.c          |  15 +-
 source4/setup/schema_samba4.ldif             |   1 +
 19 files changed, 898 insertions(+), 60 deletions(-)
 create mode 100644 docs-xml/manpages/vfs_glusterfs.8.xml


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index 63725ef..d5fd4a8 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 ########################################################
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=1
-SAMBA_VERSION_RELEASE=16
+SAMBA_VERSION_RELEASE=17
 
 ########################################################
 # If a official release has a serious bug              #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index fe8cbeb..81a1d56 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,55 @@
                    ==============================
+                   Release Notes for Samba 4.1.16
+                          January 15, 2015
+                   ==============================
+
+
+This is a security release in order to address CVE-2014-8143 (Elevation
+of privilege to Active Directory Domain Controller).
+
+o  CVE-2014-8143:
+   Samba's AD DC allows the administrator to delegate
+   creation of user or computer accounts to specific users or groups.
+
+   However, all released versions of Samba's AD DC did not implement the
+   additional required check on the UF_SERVER_TRUST_ACCOUNT bit in the
+   userAccountControl attributes.
+
+
+Changes since 4.1.15:
+---------------------
+
+o   Andrew Bartlett <abartlet at samba.org>
+    * BUG 10993: CVE-2014-8143: dsdb-samldb: Check for extended access
+      rights before we allow changes to userAccountControl.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the Samba 4.1 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+======================================================================
+
+                   ==============================
                    Release Notes for Samba 4.1.15
                           January 12, 2015
                    ==============================
@@ -78,10 +129,8 @@ database (https://bugzilla.samba.org/).
 ======================================================================
 
 
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
 
-======================================================================
 
                    ==============================
                    Release Notes for Samba 4.1.14
diff --git a/docs-xml/manpages/vfs_glusterfs.8.xml b/docs-xml/manpages/vfs_glusterfs.8.xml
new file mode 100644
index 0000000..83032cc
--- /dev/null
+++ b/docs-xml/manpages/vfs_glusterfs.8.xml
@@ -0,0 +1,151 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<refentry id="vfs_glusterfs.8">
+
+<refmeta>
+	<refentrytitle>vfs_glusterfs</refentrytitle>
+	<manvolnum>8</manvolnum>
+	<refmiscinfo class="source">Samba</refmiscinfo>
+	<refmiscinfo class="manual">System Administration tools</refmiscinfo>
+	<refmiscinfo class="version">4.2</refmiscinfo>
+</refmeta>
+
+
+<refnamediv>
+	<refname>vfs_glusterfs</refname>
+	<refpurpose>
+		Utilize features provided by GlusterFS
+	</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+	<cmdsynopsis>
+		<command>vfs objects = glusterfs</command>
+	</cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+	<title>DESCRIPTION</title>
+
+	<para>This VFS module is part of the
+	<citerefentry><refentrytitle>samba</refentrytitle>
+	<manvolnum>8</manvolnum></citerefentry> suite.</para>
+
+	<para>
+		The <command>vfs_glusterfs</command> VFS module exposes
+		GlusterFS specific features for use by Samba.
+	</para>
+
+	<para>
+		GlusterFS is a clustered file system, capable of scaling
+		to several peta-bytes. It aggregates various storage bricks
+		over Infiniband RDMA or TCP/IP and interconnect into one large
+		parallel network file system. Storage bricks can be made of any
+		commodity hardware, such as x86-64 server with SATA-II RAID and
+		Infiniband HBA.
+
+		GlusterFS is fully POSIX compliant file system. It supports
+		standard clients running standard applications over any standard
+		IP network and also FUSE. It works seemlessly on
+		different operating systems, currently supported on GNU/Linux
+		and Solaris.
+	</para>
+
+	<para>
+		This module is stackable, provided glusterfs lies in the bottom
+		of the stack.
+	</para>
+</refsect1>
+
+<refsect1>
+	<title>CONFIGURATION</title>
+
+	<para>
+		<command>vfs_glusterfs</command> requires that the underlying share
+		path is a Gluster filesystem.
+	</para>
+
+	<programlisting>
+		<smbconfsection name="[share]"/>
+		<smbconfoption name="vfs objects">glusterfs</smbconfoption>
+	</programlisting>
+</refsect1>
+
+<refsect1>
+	<title>OPTIONS</title>
+
+	<variablelist>
+
+		<varlistentry>
+		<term>glusterfs:logfile = path</term>
+		<listitem>
+		<para>
+			Defines whether and where to store a vfs_glusterfs specific
+			logfile. Client variable substitution is supported (i.e.
+			%M, %m, %I), hence per client log file can be
+			%specified.
+		</para>
+		<para>
+			Example: glusterfs:logfile =
+			%/var/log/samba/glusterfs-vol2.%M.log
+		</para>
+		</listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term>glusterfs:loglevel = 0-9</term>
+		<listitem>
+		<para>
+			Defines the level of logging, with higher numbers corresponding to more verbosity.
+			0 - No logs; 9 - Trace log level; 7 being the info log level is preferred.
+		</para>
+		<para>
+			If this option is not defined with an explicit loglevel,
+			the glusterfs default is used (currently loglevel 7).
+		</para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term>glusterfs:volfile_server = servername</term>
+		<listitem>
+		<para>
+			Defines which volfile server to use, defaults to
+			localhost.
+		</para>
+		</listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term>glusterfs:volume = volumename</term>
+		<listitem>
+		<para>
+			Defines the glusterfs volumename to use for this share.
+		</para>
+		</listitem>
+
+		</varlistentry>
+	</variablelist>
+
+</refsect1>
+
+<refsect1>
+	<title>VERSION</title>
+
+	<para>
+		This man page is correct for version 4.2.0 of the Samba suite.
+	</para>
+</refsect1>
+
+<refsect1>
+	<title>AUTHOR</title>
+
+	<para>The original Samba software and related utilities
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar
+	to the way the Linux kernel is developed.</para>
+
+</refsect1>
+
+</refentry>
diff --git a/docs-xml/wscript_build b/docs-xml/wscript_build
index 7af0f68..fa8fc4d 100644
--- a/docs-xml/wscript_build
+++ b/docs-xml/wscript_build
@@ -61,6 +61,7 @@ manpages='''
          manpages/vfs_fake_perms.8
          manpages/vfs_fileid.8
          manpages/vfs_full_audit.8
+         manpages/vfs_glusterfs.8
          manpages/vfs_gpfs.8
          manpages/vfs_linux_xfs_sgid.8
          manpages/vfs_media_harmony.8
diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl
index eb80a86..78c13c9 100644
--- a/librpc/idl/security.idl
+++ b/librpc/idl/security.idl
@@ -674,14 +674,21 @@ interface security
 	const string GUID_DRS_CHANGE_RID_MASTER       = "d58d5f36-0a98-11d1-adbb-00c04fd8d5cd";
 	const string GUID_DRS_CHANGE_SCHEMA_MASTER    = "e12b56b6-0a95-11d1-adbb-00c04fd8d5cd";
 	const string GUID_DRS_GET_CHANGES             = "1131f6aa-9c07-11d1-f79f-00c04fc2dcd2";
+	const string GUID_DRS_REPL_SYNCRONIZE         = "1131f6ab-9c07-11d1-f79f-00c04fc2dcd2";
+	const string GUID_DRS_MANAGE_TOPOLOGY         = "1131f6ac-9c07-11d1-f79f-00c04fc2dcd2";
 	const string GUID_DRS_GET_ALL_CHANGES         = "1131f6ad-9c07-11d1-f79f-00c04fc2dcd2";
+	const string GUID_DRS_RO_REPL_SECRET_SYNC     = "1131f6ae-9c07-11d1-f79f-00c04fc2dcd2";
 	const string GUID_DRS_GET_FILTERED_ATTRIBUTES = "89e95b76-444d-4c62-991a-0facbeda640c";
-	const string GUID_DRS_MANAGE_TOPOLOGY         = "1131f6ac-9c07-11d1-f79f-00c04fc2dcd2";
 	const string GUID_DRS_MONITOR_TOPOLOGY        = "f98340fb-7c5b-4cdb-a00b-2ebdfa115a96";
-	const string GUID_DRS_REPL_SYNCRONIZE         = "1131f6ab-9c07-11d1-f79f-00c04fc2dcd2";
-	const string GUID_DRS_RO_REPL_SECRET_SYNC     = "1131f6ae-9c07-11d1-f79f-00c04fc2dcd2";
 	const string GUID_DRS_USER_CHANGE_PASSWORD    = "ab721a53-1e2f-11d0-9819-00aa0040529b";
 	const string GUID_DRS_FORCE_CHANGE_PASSWORD   = "00299570-246d-11d0-a768-00aa006e0529";
+        const string GUID_DRS_UPDATE_PASSWORD_NOT_REQUIRED_BIT
+	                                              = "280f369c-67c7-438e-ae98-1d46f3c6f541";
+        const string GUID_DRS_UNEXPIRE_PASSWORD       = "ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501";
+        const string GUID_DRS_ENABLE_PER_USER_REVERSIBLY_ENCRYPTED_PASSWORD
+	                                              = "05c74c5e-4deb-43b4-bd9f-86664c2a7fd5";
+        const string GUID_DRS_DS_INSTALL_REPLICA      = "9923a32a-3607-11d2-b9be-0000f87a36b2";
+
 
 	/***************************************************************/
 	/* validated writes guids */
diff --git a/source3/lib/util.c b/source3/lib/util.c
index f64e2a3..9e6ac9c 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -1192,7 +1192,9 @@ bool is_myname(const char *s)
 	bool ret = False;
 
 	for (n=0; my_netbios_names(n); n++) {
-		if (strequal(my_netbios_names(n), s)) {
+		const char *nbt_name = my_netbios_names(n);
+
+		if (strncasecmp_m(nbt_name, s, strlen(nbt_name)) == 0) {
 			ret=True;
 			break;
 		}
diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
index 2c667a6..b4aee72 100644
--- a/source3/libads/authdata.c
+++ b/source3/libads/authdata.c
@@ -59,17 +59,17 @@ static NTSTATUS kerberos_fetch_pac(struct auth4_context *auth_ctx,
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	if (pac_blob) {
+	if (pac_blob != NULL) {
 		status = kerberos_pac_logon_info(tmp_ctx, *pac_blob, NULL, NULL,
 						 NULL, NULL, 0, &logon_info);
 		if (!NT_STATUS_IS_OK(status)) {
 			goto done;
 		}
-	}
 
-	talloc_set_name_const(logon_info, "struct PAC_LOGON_INFO");
+		talloc_set_name_const(logon_info, "struct PAC_LOGON_INFO");
 
-	auth_ctx->private_data = talloc_steal(auth_ctx, logon_info);
+		auth_ctx->private_data = talloc_steal(auth_ctx, logon_info);
+	}
 	*session_info = talloc_zero(mem_ctx, struct auth_session_info);
 	if (!*session_info) {
 		status = NT_STATUS_NO_MEMORY;
diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c
index c451212..17eee50 100644
--- a/source3/rpc_server/spoolss/srv_spoolss_nt.c
+++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c
@@ -4773,17 +4773,20 @@ WERROR _spoolss_GetPrinter(struct pipes_struct *p,
 	/* that's an [in out] buffer */
 
 	if (!r->in.buffer && (r->in.offered != 0)) {
-		return WERR_INVALID_PARAM;
+		result = WERR_INVALID_PARAM;
+		goto err_info_free;
 	}
 
 	*r->out.needed = 0;
 
 	if (Printer == NULL) {
-		return WERR_BADFID;
+		result = WERR_BADFID;
+		goto err_info_free;
 	}
 
 	if (!get_printer_snum(p, r->in.handle, &snum, NULL)) {
-		return WERR_BADFID;
+		result = WERR_BADFID;
+		goto err_info_free;
 	}
 
 	result = winreg_get_printer_internal(p->mem_ctx,
@@ -4792,7 +4795,7 @@ WERROR _spoolss_GetPrinter(struct pipes_struct *p,
 				    lp_const_servicename(snum),
 				    &info2);
 	if (!W_ERROR_IS_OK(result)) {
-		goto out;
+		goto err_info_free;
 	}
 
 	switch (r->in.level) {
@@ -4852,12 +4855,10 @@ WERROR _spoolss_GetPrinter(struct pipes_struct *p,
 	}
 	TALLOC_FREE(info2);
 
- out:
 	if (!W_ERROR_IS_OK(result)) {
 		DEBUG(0, ("_spoolss_GetPrinter: failed to construct printer info level %d - %s\n",
 			  r->in.level, win_errstr(result)));
-		TALLOC_FREE(r->out.info);
-		return result;
+		goto err_info_free;
 	}
 
 	*r->out.needed	= SPOOLSS_BUFFER_UNION(spoolss_PrinterInfo,
@@ -4865,6 +4866,10 @@ WERROR _spoolss_GetPrinter(struct pipes_struct *p,
 	r->out.info	= SPOOLSS_BUFFER_OK(r->out.info, NULL);
 
 	return SPOOLSS_BUFFER_OK(WERR_OK, WERR_INSUFFICIENT_BUFFER);
+
+err_info_free:
+	TALLOC_FREE(r->out.info);
+	return result;
 }
 
 /********************************************************************
@@ -5681,14 +5686,16 @@ WERROR _spoolss_GetPrinterDriver2(struct pipes_struct *p,
 	/* that's an [in out] buffer */
 
 	if (!r->in.buffer && (r->in.offered != 0)) {
-		return WERR_INVALID_PARAM;
+		result = WERR_INVALID_PARAM;
+		goto err_info_free;
 	}
 
 	DEBUG(4,("_spoolss_GetPrinterDriver2\n"));
 
 	if (!(printer = find_printer_index_by_hnd(p, r->in.handle))) {
 		DEBUG(0,("_spoolss_GetPrinterDriver2: invalid printer handle!\n"));
-		return WERR_INVALID_PRINTER_NAME;
+		result = WERR_INVALID_PRINTER_NAME;
+		goto err_info_free;
 	}
 
 	*r->out.needed = 0;
@@ -5696,7 +5703,8 @@ WERROR _spoolss_GetPrinterDriver2(struct pipes_struct *p,
 	*r->out.server_minor_version = 0;
 
 	if (!get_printer_snum(p, r->in.handle, &snum, NULL)) {
-		return WERR_BADFID;
+		result = WERR_BADFID;
+		goto err_info_free;
 	}
 
 	if (r->in.client_major_version == SPOOLSS_DRIVER_VERSION_2012) {
@@ -5713,8 +5721,7 @@ WERROR _spoolss_GetPrinterDriver2(struct pipes_struct *p,
 						     r->in.architecture,
 						     version);
 	if (!W_ERROR_IS_OK(result)) {
-		TALLOC_FREE(r->out.info);
-		return result;
+		goto err_info_free;
 	}
 
 	*r->out.needed	= SPOOLSS_BUFFER_UNION(spoolss_DriverInfo,
@@ -5722,6 +5729,10 @@ WERROR _spoolss_GetPrinterDriver2(struct pipes_struct *p,
 	r->out.info	= SPOOLSS_BUFFER_OK(r->out.info, NULL);
 
 	return SPOOLSS_BUFFER_OK(WERR_OK, WERR_INSUFFICIENT_BUFFER);
+
+err_info_free:
+	TALLOC_FREE(r->out.info);
+	return result;
 }
 
 
@@ -7842,6 +7853,7 @@ WERROR _spoolss_GetForm(struct pipes_struct *p,
 	/* that's an [in out] buffer */
 
 	if (!r->in.buffer && (r->in.offered != 0)) {
+		TALLOC_FREE(r->out.info);
 		return WERR_INVALID_PARAM;
 	}
 
@@ -8532,6 +8544,7 @@ WERROR _spoolss_GetPrinterDriverDirectory(struct pipes_struct *p,
 	/* that's an [in out] buffer */
 
 	if (!r->in.buffer && (r->in.offered != 0)) {
+		TALLOC_FREE(r->out.info);
 		return WERR_INVALID_PARAM;
 	}
 
@@ -9479,7 +9492,8 @@ WERROR _spoolss_GetJob(struct pipes_struct *p,
 	/* that's an [in out] buffer */
 
 	if (!r->in.buffer && (r->in.offered != 0)) {
-		return WERR_INVALID_PARAM;
+		result = WERR_INVALID_PARAM;
+		goto err_jinfo_free;
 	}
 
 	DEBUG(5,("_spoolss_GetJob\n"));
@@ -9487,12 +9501,14 @@ WERROR _spoolss_GetJob(struct pipes_struct *p,
 	*r->out.needed = 0;
 
 	if (!get_printer_snum(p, r->in.handle, &snum, NULL)) {
-		return WERR_BADFID;
+		result = WERR_BADFID;
+		goto err_jinfo_free;
 	}
 
 	svc_name = lp_const_servicename(snum);
 	if (svc_name == NULL) {
-		return WERR_INVALID_PARAM;
+		result = WERR_INVALID_PARAM;
+		goto err_jinfo_free;
 	}
 
 	result = winreg_get_printer_internal(p->mem_ctx,
@@ -9501,22 +9517,22 @@ WERROR _spoolss_GetJob(struct pipes_struct *p,
 				    svc_name,
 				    &pinfo2);
 	if (!W_ERROR_IS_OK(result)) {
-		return result;
+		goto err_jinfo_free;
 	}
 
 	pdb = get_print_db_byname(svc_name);
 	if (pdb == NULL) {
 		DEBUG(3, ("failed to get print db for svc %s\n", svc_name));
-		TALLOC_FREE(pinfo2);
-		return WERR_INVALID_PARAM;
+		result = WERR_INVALID_PARAM;
+		goto err_pinfo_free;
 	}
 
 	sysjob = jobid_to_sysjob_pdb(pdb, r->in.job_id);
 	release_print_db(pdb);
 	if (sysjob == -1) {
 		DEBUG(3, ("no sysjob for spoolss jobid %u\n", r->in.job_id));


-- 
Samba Shared Repository


More information about the samba-cvs mailing list