[SCM] Samba Shared Repository - branch v4-2-test updated

Karolin Seeger kseeger at samba.org
Sun Jul 5 15:52:08 MDT 2015


The branch, v4-2-test has been updated
       via  74ae99f ncacn_http: fix GNUism
       via  4c8b66e s4:torture:vfs_fruit: check offset and length when reading AFP_AfpInfo stream
       via  0691890 vfs_fruit: check offset and length for AFP_AfpInfo read requests
       via  a70531c winbindd: disconnect child process if request is cancelled at main process
       via  1f51989 s4:selftest: also run rpc.winreg with kerberos and all possible auth options
       via  05a0995 s4:selftest: run rpc.echo tests also with krb5 krb5,sign krb5,seal
       via  30b9074 s4:rpc_server: fix padding caclucation in dcesrv_auth_response()
       via  ae37b34 s4:rpc_server: let dcesrv_auth_response() handle sig_size == 0 with auth_info as error
       via  eac0b78 s4:rpc_server: let dcesrv_reply() use a sig_size for a padded payload
       via  a0fbd5e s4:rpc_server: let dcesrv_reply() use DCERPC_AUTH_PAD_ALIGNMENT define
       via  1dae656 s4:librpc/rpc: fix padding caclucation in ncacn_push_request_sign()
       via  f9fce60 s4:librpc/rpc: let ncacn_push_request_sign() handle sig_size == 0 with auth_info as internal error
       via  97bedee s4:librpc/rpc: let dcerpc_ship_next_request() use a sig_size for a padded payload
       via  db644ad s4:librpc/rpc: let dcerpc_ship_next_request() use DCERPC_AUTH_PAD_ALIGNMENT define
       via  452a2f8 s3:rpc_server: remove pad handling from api_pipe_alter_context()
       via  8249470 s3:librpc/rpc: fix padding calculation in dcerpc_guess_sizes()
       via  dba57bd s3:librpc/rpc: allow up to DCERPC_AUTH_PAD_ALIGNMENT padding bytes in dcerpc_add_auth_footer()
       via  50d7029 librpc/rpc: add DCERPC_AUTH_PAD_LENGTH(stub_length) helper macro
       via  3467356 dcerpc.idl: add DCERPC_AUTH_PAD_ALIGNMENT (=16)
       via  f6e6167 auth/gensec: make sure gensec_start_mech_by_authtype() resets SIGN/SEAL before starting
       via  685876a auth/gensec: gensec_[un]seal_packet() should only work with GENSEC_FEATURE_DCE_STYLE
       via  c53828d s3:auth_domain: fix talloc problem in connect_to_domain_password_server()
       via  2429bd6 s3:smb2_setinfo: fix memory leak in the defer_rename case
       via  27aa4d4 winbindd: winbindd_raw_kerberos_login - ensure logon_info exists in PAC.
       via  8782e06 kerberos auth info3 should contain resource group ids available from pac_logon
      from  fcc7112 docs: overhaul the description of "smb encrypt" to include SMB3 encryption.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-2-test


- Log -----------------------------------------------------------------
commit 74ae99fb8e27d37c62b9fc7b0d6f0cde1e01ee9f
Author: Ralph Boehme <slow at samba.org>
Date:   Thu Oct 9 16:41:10 2014 +0200

    ncacn_http: fix GNUism
    
    %a format conversion is a GNU extension, use the more portable %m.
    It's at least in SUSv4, supported by glibc since 2.7 and FreeBSD 10.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=11371
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Thu Oct  9 22:05:26 CEST 2014 on sn-devel-104
    
    (cherry picked from commit 9ae65baf3cd6382678624864f13fc053d942d013)
    
    Autobuild-User(v4-2-test): Karolin Seeger <kseeger at samba.org>
    Autobuild-Date(v4-2-test): Sun Jul  5 23:51:47 CEST 2015 on sn-devel-104

commit 4c8b66eae10f8950ac06cd579058ad1ed3e4e9f5
Author: Ralph Boehme <slow at samba.org>
Date:   Thu Jun 25 16:25:05 2015 +0200

    s4:torture:vfs_fruit: check offset and length when reading AFP_AfpInfo stream
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=11363
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    
    Autobuild-User(master): Ralph Böhme <slow at samba.org>
    Autobuild-Date(master): Fri Jul  3 01:47:29 CEST 2015 on sn-devel-104
    
    (cherry picked from commit c6e044ea33d1f16809196833e9e96a10e65b092e)

commit 0691890ccdcb655ee31cb708c689630c9c0c6fd2
Author: Ralph Boehme <slow at samba.org>
Date:   Thu Jun 25 15:42:04 2015 +0200

    vfs_fruit: check offset and length for AFP_AfpInfo read requests
    
    fruit_pread doesn't check the offset and length parameters and instead
    always writes 60 bytes, the size of the AFP_AfpInfo blob, to the the
    passed buffer. If the passed in buffer is smaller, we overwrite
    something somewhere.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=11363
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    (cherry picked from commit 25f302a47c3119d454531dc992183552b9a42b13)

commit a70531c378c320e13758dc089c711f6e0425bfd2
Author: Uri Simchoni <urisimchoni at gmail.com>
Date:   Wed Jun 24 10:55:06 2015 +0300

    winbindd: disconnect child process if request is cancelled at main process
    
    When cancelling a request at the main winbindd process, that is currently
    being served by a child winbindd process, just freeing all objects related
    to the request is not enough, as the next bytes to come through the pipe
    from the child process are the response to the cancelled request, and the
    object reading those bytes will be the next request. This breaks the protocol.
    
    This change, upon canceling a request that is being served, closes the
    connection to the child process, causing the next request to be served
    by a new child process (and the detached child to die eventually).
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=11358
    
    Signed-off-by: Uri Simchoni <urisimchoni at gmail.com>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    
    Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
    Autobuild-Date(master): Mon Jun 29 14:00:24 CEST 2015 on sn-devel-104
    
    (cherry picked from commit eaf99203093cabc3069f1c69345d38d739b0663d)

commit 1f5198951fa5e4dfda6278c383bd3bc7261b4e4d
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Jun 23 10:27:27 2015 +0200

    s4:selftest: also run rpc.winreg with kerberos and all possible auth options
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    
    Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
    Autobuild-Date(master): Tue Jun 23 17:31:08 CEST 2015 on sn-devel-104
    
    (cherry picked from commit 6dd117b21ef06da68af67051f2822f71193d193a)

commit 05a099592bc1d4459ca5ed97f8b03b6be4ea4194
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Jun 19 00:35:29 2015 +0200

    s4:selftest: run rpc.echo tests also with krb5 krb5,sign krb5,seal
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    (cherry picked from commit 5b917fd6226952a1f792d1ad921d2ae54ab6ab42)

commit 30b9074a2de71bf287b3124e7931e1dffda916e8
Author: Stefan Metzmacher <metze at samba.org>
Date:   Sat Jun 20 17:49:02 2015 +0200

    s4:rpc_server: fix padding caclucation in dcesrv_auth_response()
    
    This is simplified by using DCERPC_AUTH_PAD_LENGTH() and changes the behaviour
    so that we will use no padding if the stub_length is already aligned
    to DCERPC_AUTH_PAD_ALIGNMENT (16 bytes).
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    (cherry picked from commit 69c1b4b7c10dd5fd9cacaa3a76c47bc854ee3fed)

commit ae37b34e4074413bc69c67a0e4d06a76c064d1e9
Author: Stefan Metzmacher <metze at samba.org>
Date:   Sat Jun 20 17:47:14 2015 +0200

    s4:rpc_server: let dcesrv_auth_response() handle sig_size == 0 with auth_info as error
    
    Don't send plaintext on the wire because of an internal error...
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    (cherry picked from commit 1bf7ab49b4459e81ab2b82d9668b3d7cb76372f4)

commit eac0b781f4e27918b888fb4d622857fdfd9fbea3
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Jun 19 22:35:44 2015 +0200

    s4:rpc_server: let dcesrv_reply() use a sig_size for a padded payload
    
    The sig_size could differ depending on the aligment/padding.
    So should use the same alignment as we use for the payload.
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    (cherry picked from commit 16f3837e026e4cae135bbdddf09b44a02af25b05)

commit a0fbd5e6f4da963c10894db8197c43bd85c8f9bd
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Jun 19 22:35:44 2015 +0200

    s4:rpc_server: let dcesrv_reply() use DCERPC_AUTH_PAD_ALIGNMENT define
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    (cherry picked from commit 3fbdb255e3ac7ad5261c5fa3836e4a38a0d59221)

commit 1dae656a507e1f0981239d5f3d3a73fe73beb7ac
Author: Stefan Metzmacher <metze at samba.org>
Date:   Sat Jun 20 17:49:02 2015 +0200

    s4:librpc/rpc: fix padding caclucation in ncacn_push_request_sign()
    
    This is simplified by using DCERPC_AUTH_PAD_LENGTH() and changes the behaviour
    so that we will use no padding if the stub_length is already aligned
    to DCERPC_AUTH_PAD_ALIGNMENT (16 bytes).
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    (cherry picked from commit 114c52e73ed9e0adeac8ad1bc1dc014f3c10f4d6)

commit f9fce60a2e0655376c0d60cda861fef7a30b3929
Author: Stefan Metzmacher <metze at samba.org>
Date:   Sat Jun 20 17:47:14 2015 +0200

    s4:librpc/rpc: let ncacn_push_request_sign() handle sig_size == 0 with auth_info as internal error
    
    Don't send plaintext on the wire because of an internal error...
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    (cherry picked from commit 48f2c383e1d7f52114223cd2a54857426bf64025)

commit 97bedee8a5707f8aa64bf7b3d23ccd72c4068613
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Jun 19 22:35:44 2015 +0200

    s4:librpc/rpc: let dcerpc_ship_next_request() use a sig_size for a padded payload
    
    The sig_size could differ depending on the aligment/padding.
    So should use the same alignment as we use for the payload.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    (cherry picked from commit fc249d542fcb8d043ae72eb7963d3a85eb79253a)

commit db644ad10a28469ec89e2f7935e9e115e15a8f47
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Jun 19 22:35:44 2015 +0200

    s4:librpc/rpc: let dcerpc_ship_next_request() use DCERPC_AUTH_PAD_ALIGNMENT define
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    (cherry picked from commit ef801bae95403e96042f5d8c87085bce21436013)

commit 452a2f8845097445aacb6ef3641a65b0aea6c789
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Jun 19 22:09:57 2015 +0200

    s3:rpc_server: remove pad handling from api_pipe_alter_context()
    
    This is not needed and windows doesn't use it.
    The padding is for the payload in request and response.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    (cherry picked from commit a6a6795826954eef6763a39b129a4db578edca01)

commit 82494703fa19e7d8920f3c3fb4e79108f6ccb759
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Jun 19 15:52:11 2015 +0200

    s3:librpc/rpc: fix padding calculation in dcerpc_guess_sizes()
    
    The padding needs to be relative to the payload start not to the pdu start.
    We also need align the padding to DCERPC_AUTH_PAD_ALIGNMENT (16 bytes).
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    (cherry picked from commit b2e042ad9652e2dfb39640de43e09030efc41d3d)

commit dba57bd238c5e6d1f7ae05f460918be300b905fb
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Jun 19 16:55:39 2015 +0200

    s3:librpc/rpc: allow up to DCERPC_AUTH_PAD_ALIGNMENT padding bytes in dcerpc_add_auth_footer()
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    (cherry picked from commit 3e6e9e3acd17531148457be59a32727fb87ae43d)

commit 50d702923ce24c94cb5afbca960d0610d9711bab
Author: Stefan Metzmacher <metze at samba.org>
Date:   Sat Jun 20 17:43:47 2015 +0200

    librpc/rpc: add DCERPC_AUTH_PAD_LENGTH(stub_length) helper macro
    
    This calculates the required padding DCERPC_AUTH_PAD_ALIGNMENT
    and the stub_length.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    (cherry picked from commit f1e3ad269ca8f76876afd8e3837c9c9b48688941)

commit 346735647b913449221cd1a4ebc84fadaf67b5d3
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Jun 19 16:48:48 2015 +0200

    dcerpc.idl: add DCERPC_AUTH_PAD_ALIGNMENT (=16)
    
    Windows pads the payload aligned to 16 bytes.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    (cherry picked from commit 2cb3ec5856ab5b7edad8ffd67a5d0f927c161138)

commit f6e6167655ebe8b9aaa3c6336d62f26eb732a502
Author: Stefan Metzmacher <metze at samba.org>
Date:   Sat Jun 20 16:19:31 2015 +0200

    auth/gensec: make sure gensec_start_mech_by_authtype() resets SIGN/SEAL before starting
    
    We want to set GENSEC_FEATURE_SIGN and GENSEC_FEATURE_SEAL based on the given
    auth_level and should not have GENSEC_FEATURE_SEAL if
    DCERPC_AUTH_LEVEL_INTEGRITY is desired.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=11061
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    (cherry picked from commit 756508c8c37b0370301a096e35abc171fe08d31c)

commit 685876abbcc6f1e38ec021c60ec3b651327deafe
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Jun 19 14:46:53 2015 +0200

    auth/gensec: gensec_[un]seal_packet() should only work with GENSEC_FEATURE_DCE_STYLE
    
    gensec_sig_size() also requires GENSEC_FEATURE_DCE_STYLE if
    GENSEC_FEATURE_SEAL is negotiated.
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    (cherry picked from commit 3542d33314e32279340f07f995c1dcbd16106352)

commit c53828d1427adee0fb69209af0a5eba0f45fd5a6
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Feb 9 09:33:01 2015 +0100

    s3:auth_domain: fix talloc problem in connect_to_domain_password_server()
    
    s3:auth_domain: fix talloc problem in connect_to_domain_password_server()
    
    return values of connect_to_domain_password_server() need to be exported
    to the callers memory context.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=11367
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Guenther Deschner <gd at samba.org>

commit 2429bd633c5026f3b8346453010fcf5ac30a006a
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Jun 15 08:34:12 2015 +0200

    s3:smb2_setinfo: fix memory leak in the defer_rename case
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=11329
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit bcb69499e1a9312ea3ee32561fdecb2b22835e77)

commit 27aa4d4e702117868241138d22088fa3f2988fb4
Author: Jeremy Allison <jra at samba.org>
Date:   Wed Jun 10 16:31:21 2015 -0700

    winbindd: winbindd_raw_kerberos_login - ensure logon_info exists in PAC.
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    
    Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
    Autobuild-Date(master): Thu Jun 11 07:30:38 CEST 2015 on sn-devel-104
    
    (cherry picked from commit 4c5fefe0723ae4cd3cacaabc5ae4c500d2306968)
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=11328
    we should use resource group sids obtained from pac logon_info

commit 8782e069bad6ba31a85c4b9ac30eb99c4bbcd2ef
Author: Noel Power <noel.power at suse.com>
Date:   Wed Jun 10 13:13:25 2015 +0100

    kerberos auth info3 should contain resource group ids available from pac_logon
    
    successful pam auth (e.g. from ssh) will cache group sids (but not any
    resource group sids)) The subsequent cached entry used for groups lookups
    can be missing those resource groups
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    (cherry picked from commit efadcb31215f9ccaf7942341c698a8eb2ac166ce)

-----------------------------------------------------------------------

Summary of changes:
 auth/gensec/gensec.c                | 14 ++++++
 auth/gensec/gensec_start.c          |  6 +++
 librpc/idl/dcerpc.idl               |  1 +
 librpc/rpc/rpc_common.h             |  5 ++
 source3/auth/auth_domain.c          |  7 ++-
 source3/librpc/rpc/dcerpc.h         |  2 +-
 source3/librpc/rpc/dcerpc_helpers.c | 26 +++++------
 source3/modules/vfs_fruit.c         | 16 ++++++-
 source3/rpc_client/cli_pipe.c       |  1 -
 source3/rpc_server/srv_pipe.c       | 28 +----------
 source3/smbd/smb2_setinfo.c         |  9 ++++
 source3/winbindd/winbindd_dual.c    | 50 ++++++++++++++++----
 source3/winbindd/winbindd_pam.c     | 14 +++++-
 source4/lib/http/http.c             |  4 +-
 source4/librpc/rpc/dcerpc.c         | 16 +++++--
 source4/rpc_server/common/reply.c   |  9 +++-
 source4/rpc_server/dcesrv_auth.c    |  8 +++-
 source4/selftest/tests.py           |  9 +++-
 source4/torture/vfs/fruit.c         | 92 +++++++++++++++++++++++++++++++++++++
 19 files changed, 252 insertions(+), 65 deletions(-)


Changeset truncated at 500 lines:

diff --git a/auth/gensec/gensec.c b/auth/gensec/gensec.c
index 8b5c02d..01cceaf 100644
--- a/auth/gensec/gensec.c
+++ b/auth/gensec/gensec.c
@@ -41,9 +41,15 @@ _PUBLIC_ NTSTATUS gensec_unseal_packet(struct gensec_security *gensec_security,
 	if (!gensec_security->ops->unseal_packet) {
 		return NT_STATUS_NOT_IMPLEMENTED;
 	}
+	if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
 	if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) {
 		return NT_STATUS_INVALID_PARAMETER;
 	}
+	if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_DCE_STYLE)) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
 
 	return gensec_security->ops->unseal_packet(gensec_security,
 						   data, length,
@@ -81,6 +87,9 @@ _PUBLIC_ NTSTATUS gensec_seal_packet(struct gensec_security *gensec_security,
 	if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
 		return NT_STATUS_INVALID_PARAMETER;
 	}
+	if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_DCE_STYLE)) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
 
 	return gensec_security->ops->seal_packet(gensec_security, mem_ctx, data, length, whole_pdu, pdu_length, sig);
 }
@@ -109,6 +118,11 @@ _PUBLIC_ size_t gensec_sig_size(struct gensec_security *gensec_security, size_t
 	if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
 		return 0;
 	}
+	if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) {
+		if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_DCE_STYLE)) {
+			return 0;
+		}
+	}
 
 	return gensec_security->ops->sig_size(gensec_security, data_size);
 }
diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c
index 9910f1a..b1bc1b9 100644
--- a/auth/gensec/gensec_start.c
+++ b/auth/gensec/gensec_start.c
@@ -716,6 +716,12 @@ _PUBLIC_ NTSTATUS gensec_start_mech_by_authtype(struct gensec_security *gensec_s
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 	gensec_security->dcerpc_auth_level = auth_level;
+	/*
+	 * We need to reset sign/seal in order to reset it.
+	 * We may got some default features inherited by the credentials
+	 */
+	gensec_security->want_features &= ~GENSEC_FEATURE_SIGN;
+	gensec_security->want_features &= ~GENSEC_FEATURE_SEAL;
 	gensec_want_feature(gensec_security, GENSEC_FEATURE_DCE_STYLE);
 	gensec_want_feature(gensec_security, GENSEC_FEATURE_ASYNC_REPLIES);
 	if (auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) {
diff --git a/librpc/idl/dcerpc.idl b/librpc/idl/dcerpc.idl
index 4dad126..67f4b9d 100644
--- a/librpc/idl/dcerpc.idl
+++ b/librpc/idl/dcerpc.idl
@@ -259,6 +259,7 @@ interface dcerpc
 	} dcerpc_auth;
 
 	const uint8 DCERPC_AUTH_TRAILER_LENGTH = 8;
+	const uint8 DCERPC_AUTH_PAD_ALIGNMENT = 16;
 
 	typedef [public] struct {
 		[value(0)]	      uint32    _pad;
diff --git a/librpc/rpc/rpc_common.h b/librpc/rpc/rpc_common.h
index ce7e6ea..45d3691 100644
--- a/librpc/rpc/rpc_common.h
+++ b/librpc/rpc/rpc_common.h
@@ -370,4 +370,9 @@ bool dcerpc_sec_verification_trailer_check(
 		const struct dcerpc_sec_vt_pcontext *pcontext,
 		const struct dcerpc_sec_vt_header2 *header2);
 
+#define DCERPC_AUTH_PAD_LENGTH(stub_length) (\
+	(((stub_length) % DCERPC_AUTH_PAD_ALIGNMENT) > 0)?\
+	(DCERPC_AUTH_PAD_ALIGNMENT - (stub_length) % DCERPC_AUTH_PAD_ALIGNMENT):\
+	0)
+
 #endif /* __DEFAULT_LIBRPC_RPCCOMMON_H__ */
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index 937841c..c3c54f3 100644
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -53,6 +53,7 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli_ret,
 						const char *dc_name,
 						const struct sockaddr_storage *dc_ss,
 						struct rpc_pipe_client **pipe_ret,
+						TALLOC_CTX *mem_ctx,
 						struct netlogon_creds_cli_context **creds_ret)
 {
 	TALLOC_CTX *frame = talloc_stackframe();
@@ -209,7 +210,7 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli_ret,
 
 	*cli_ret = cli;
 	*pipe_ret = netlogon_pipe;
-	*creds_ret = netlogon_creds;
+	*creds_ret = talloc_move(mem_ctx, &netlogon_creds);
 
 	TALLOC_FREE(frame);
 	return NT_STATUS_OK;
@@ -230,6 +231,7 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
 					const struct sockaddr_storage *dc_ss)
 
 {
+	TALLOC_CTX *frame = talloc_stackframe();
 	struct netr_SamInfo3 *info3 = NULL;
 	struct cli_state *cli = NULL;
 	struct rpc_pipe_client *netlogon_pipe = NULL;
@@ -255,11 +257,13 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
 							dc_name,
 							dc_ss,
 							&netlogon_pipe,
+							frame,
 							&netlogon_creds);
 	}
 
 	if ( !NT_STATUS_IS_OK(nt_status) ) {
 		DEBUG(0,("domain_client_validate: Domain password server not available.\n"));
+		TALLOC_FREE(frame);
 		if (NT_STATUS_EQUAL(nt_status, NT_STATUS_ACCESS_DENIED)) {
 			return NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE;
 		}
@@ -324,6 +328,7 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
 	   these pointers are no longer valid..... */
 
 	cli_shutdown(cli);
+	TALLOC_FREE(frame);
 	return nt_status;
 }
 
diff --git a/source3/librpc/rpc/dcerpc.h b/source3/librpc/rpc/dcerpc.h
index 42429a1..e7d66b7 100644
--- a/source3/librpc/rpc/dcerpc.h
+++ b/source3/librpc/rpc/dcerpc.h
@@ -75,7 +75,7 @@ NTSTATUS dcerpc_pull_dcerpc_auth(TALLOC_CTX *mem_ctx,
 				 bool bigendian);
 NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth,
 			    size_t header_len, size_t data_left,
-			    size_t max_xmit_frag, size_t pad_alignment,
+			    size_t max_xmit_frag,
 			    size_t *data_to_send, size_t *frag_len,
 			    size_t *auth_len, size_t *pad_len);
 NTSTATUS dcerpc_add_auth_footer(struct pipe_auth_data *auth,
diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c
index a9b24c8..1193baa 100644
--- a/source3/librpc/rpc/dcerpc_helpers.c
+++ b/source3/librpc/rpc/dcerpc_helpers.c
@@ -225,7 +225,6 @@ NTSTATUS dcerpc_pull_dcerpc_auth(TALLOC_CTX *mem_ctx,
 * @param header_len	The length of the packet header
 * @param data_left	The data left in the send buffer
 * @param max_xmit_frag	The max fragment size.
-* @param pad_alignment	The NDR padding size.
 * @param data_to_send	[out] The max data we will send in the pdu
 * @param frag_len	[out] The total length of the fragment
 * @param auth_len	[out] The length of the auth trailer
@@ -235,7 +234,7 @@ NTSTATUS dcerpc_pull_dcerpc_auth(TALLOC_CTX *mem_ctx,
 */
 NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth,
 			    size_t header_len, size_t data_left,
-			    size_t max_xmit_frag, size_t pad_alignment,
+			    size_t max_xmit_frag,
 			    size_t *data_to_send, size_t *frag_len,
 			    size_t *auth_len, size_t *pad_len)
 {
@@ -277,26 +276,23 @@ NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth,
 	case DCERPC_AUTH_TYPE_KRB5:
 	case DCERPC_AUTH_TYPE_SCHANNEL:
 		gensec_security = auth->auth_ctx;
-		*auth_len = gensec_sig_size(gensec_security, max_len);
+		mod_len = (max_len % DCERPC_AUTH_PAD_ALIGNMENT);
+		*auth_len = gensec_sig_size(gensec_security, max_len - mod_len);
+		if (*auth_len == 0) {
+			return NT_STATUS_INTERNAL_ERROR;
+		}
 		break;
 	default:
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
 	max_len -= *auth_len;
+	mod_len = (max_len % DCERPC_AUTH_PAD_ALIGNMENT);
+	max_len -= mod_len;
 
 	*data_to_send = MIN(max_len, data_left);
 
-	mod_len = (header_len + *data_to_send) % pad_alignment;
-	if (mod_len) {
-		*pad_len = pad_alignment - mod_len;
-	} else {
-		*pad_len = 0;
-	}
-
-	if (*data_to_send + *pad_len > max_len) {
-		*data_to_send -= pad_alignment;
-	}
+	*pad_len = DCERPC_AUTH_PAD_LENGTH(*data_to_send);
 
 	*frag_len = header_len + *data_to_send + *pad_len
 			+ DCERPC_AUTH_TRAILER_LENGTH + *auth_len;
@@ -422,7 +418,7 @@ NTSTATUS dcerpc_add_auth_footer(struct pipe_auth_data *auth,
 				size_t pad_len, DATA_BLOB *rpc_out)
 {
 	struct gensec_security *gensec_security;
-	char pad[CLIENT_NDR_PADDING_SIZE] = { 0, };
+	const char pad[DCERPC_AUTH_PAD_ALIGNMENT] = { 0, };
 	DATA_BLOB auth_info;
 	DATA_BLOB auth_blob;
 	NTSTATUS status;
@@ -432,6 +428,8 @@ NTSTATUS dcerpc_add_auth_footer(struct pipe_auth_data *auth,
 	}
 
 	if (pad_len) {
+		SMB_ASSERT(pad_len <= ARRAY_SIZE(pad));
+
 		/* Copy the sign/seal padding data. */
 		if (!data_blob_append(NULL, rpc_out, pad, pad_len)) {
 			return NT_STATUS_NO_MEMORY;
diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
index 8f0c4f8..d02d0fe 100644
--- a/source3/modules/vfs_fruit.c
+++ b/source3/modules/vfs_fruit.c
@@ -2617,6 +2617,17 @@ static ssize_t fruit_pread(vfs_handle_struct *handle,
 	}
 
 	if (ad->ad_type == ADOUBLE_META) {
+		char afpinfo_buf[AFP_INFO_SIZE];
+		size_t to_return;
+
+		if ((offset < 0) || (offset > AFP_INFO_SIZE)) {
+			len = 0;
+			rc = 0;
+			goto exit;
+		}
+
+		to_return = AFP_INFO_SIZE - offset;
+
 		ai = afpinfo_new(talloc_tos());
 		if (ai == NULL) {
 			rc = -1;
@@ -2632,11 +2643,14 @@ static ssize_t fruit_pread(vfs_handle_struct *handle,
 		memcpy(&ai->afpi_FinderInfo[0],
 		       ad_entry(ad, ADEID_FINDERI),
 		       ADEDLEN_FINDERI);
-		len = afpinfo_pack(ai, data);
+		len = afpinfo_pack(ai, afpinfo_buf);
 		if (len != AFP_INFO_SIZE) {
 			rc = -1;
 			goto exit;
 		}
+
+		memcpy(data, afpinfo_buf + offset, to_return);
+		len = to_return;
 	} else {
 		len = SMB_VFS_NEXT_PREAD(
 			handle, fsp, data, n,
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index dc07495..652a773 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -1398,7 +1398,6 @@ static NTSTATUS prepare_next_frag(struct rpc_api_pipe_req_state *state,
 	status = dcerpc_guess_sizes(state->cli->auth,
 				    DCERPC_REQUEST_LENGTH, total_left,
 				    state->cli->max_xmit_frag,
-				    CLIENT_NDR_PADDING_SIZE,
 				    &total_thistime,
 				    &frag_len, &auth_len, &pad_len);
 	if (!NT_STATUS_IS_OK(status)) {
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index fecbae2..77200f8 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -143,7 +143,6 @@ static NTSTATUS create_next_packet(TALLOC_CTX *mem_ctx,
 				    DCERPC_RESPONSE_LENGTH,
 				    data_left,
 				    RPC_MAX_PDU_FRAG_LEN,
-				    SERVER_NDR_PADDING_SIZE,
 				    &data_to_send, &frag_len,
 				    &auth_len, &pad_len);
 	if (!NT_STATUS_IS_OK(status)) {
@@ -944,7 +943,6 @@ static bool api_pipe_alter_context(struct pipes_struct *p,
 	struct dcerpc_ack_ctx bind_ack_ctx;
 	DATA_BLOB auth_resp = data_blob_null;
 	DATA_BLOB auth_blob = data_blob_null;
-	int pad_len = 0;
 	struct gensec_security *gensec_security;
 
 	DEBUG(5,("api_pipe_alter_context: make response. %d\n", __LINE__));
@@ -1081,19 +1079,10 @@ static bool api_pipe_alter_context(struct pipes_struct *p,
 	}
 
 	if (auth_resp.length) {
-
-		/* Work out any padding needed before the auth footer. */
-		pad_len = p->out_data.frag.length % SERVER_NDR_PADDING_SIZE;
-		if (pad_len) {
-			pad_len = SERVER_NDR_PADDING_SIZE - pad_len;
-			DEBUG(10, ("auth pad_len = %u\n",
-				   (unsigned int)pad_len));
-		}
-
 		status = dcerpc_push_dcerpc_auth(pkt,
 						 auth_info.auth_type,
 						 auth_info.auth_level,
-						 pad_len,
+						 0, /* pad_len */
 						 1, /* auth_context_id */
 						 &auth_resp,
 						 &auth_blob);
@@ -1107,22 +1096,9 @@ static bool api_pipe_alter_context(struct pipes_struct *p,
 	 * the dcerpc header */
 	dcerpc_set_frag_length(&p->out_data.frag,
 				p->out_data.frag.length +
-					pad_len + auth_blob.length);
+				auth_blob.length);
 
 	if (auth_resp.length) {
-		if (pad_len) {
-			char pad[SERVER_NDR_PADDING_SIZE];
-			memset(pad, '\0', SERVER_NDR_PADDING_SIZE);
-			if (!data_blob_append(p->mem_ctx,
-						&p->out_data.frag,
-						pad, pad_len)) {
-				DEBUG(0, ("api_pipe_bind_req: failed to add "
-					  "%u bytes of pad data.\n",
-					  (unsigned int)pad_len));
-				goto err_exit;
-			}
-		}
-
 		if (!data_blob_append(p->mem_ctx, &p->out_data.frag,
 					auth_blob.data, auth_blob.length)) {
 			DEBUG(0, ("Append of auth info failed.\n"));
diff --git a/source3/smbd/smb2_setinfo.c b/source3/smbd/smb2_setinfo.c
index e6981d1..3e15178 100644
--- a/source3/smbd/smb2_setinfo.c
+++ b/source3/smbd/smb2_setinfo.c
@@ -168,6 +168,12 @@ struct defer_rename_state {
 	int data_size;
 };
 
+static int defer_rename_state_destructor(struct defer_rename_state *rename_state)
+{
+	SAFE_FREE(rename_state->data);
+	return 0;
+}
+
 static void defer_rename_done(struct tevent_req *subreq);
 
 static struct tevent_req *delay_rename_for_lease_break(struct tevent_req *req,
@@ -240,6 +246,8 @@ static struct tevent_req *delay_rename_for_lease_break(struct tevent_req *req,
 	rename_state->data = data;
 	rename_state->data_size = data_size;
 
+	talloc_set_destructor(rename_state, defer_rename_state_destructor);
+
 	subreq = dbwrap_record_watch_send(
 				rename_state,
 				ev,
@@ -312,6 +320,7 @@ static void defer_rename_done(struct tevent_req *subreq)
 				state->data_size);
 	if (subreq) {
 		/* Yep - keep waiting. */
+		state->data = NULL;
 		TALLOC_FREE(state);
 		TALLOC_FREE(lck);
 		return;
diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/winbindd_dual.c
index de254e9..5083d042 100644
--- a/source3/winbindd/winbindd_dual.c
+++ b/source3/winbindd/winbindd_dual.c
@@ -117,6 +117,7 @@ static NTSTATUS child_write_response(int sock, struct winbindd_response *wrsp)
 
 struct wb_child_request_state {
 	struct tevent_context *ev;
+	struct tevent_req *subreq;
 	struct winbindd_child *child;
 	struct winbindd_request *request;
 	struct winbindd_response *response;
@@ -128,6 +129,9 @@ static void wb_child_request_trigger(struct tevent_req *req,
 					    void *private_data);
 static void wb_child_request_done(struct tevent_req *subreq);
 
+static void wb_child_request_cleanup(struct tevent_req *req,
+				     enum tevent_req_state req_state);
+
 struct tevent_req *wb_child_request_send(TALLOC_CTX *mem_ctx,
 					 struct tevent_context *ev,
 					 struct winbindd_child *child,
@@ -151,6 +155,9 @@ struct tevent_req *wb_child_request_send(TALLOC_CTX *mem_ctx,
 		tevent_req_oom(req);
 		return tevent_req_post(req, ev);
 	}
+
+	tevent_req_set_cleanup_fn(req, wb_child_request_cleanup);
+
 	return req;
 }
 
@@ -171,6 +178,8 @@ static void wb_child_request_trigger(struct tevent_req *req,
 	if (tevent_req_nomem(subreq, req)) {
 		return;
 	}
+
+	state->subreq = subreq;
 	tevent_req_set_callback(subreq, wb_child_request_done, req);
 	tevent_req_set_endtime(req, state->ev, timeval_current_ofs(300, 0));
 }
@@ -184,15 +193,11 @@ static void wb_child_request_done(struct tevent_req *subreq)
 	int ret, err;
 
 	ret = wb_simple_trans_recv(subreq, state, &state->response, &err);
-	TALLOC_FREE(subreq);
+	/* Freeing the subrequest is deferred until the cleanup function,
+	 * which has to know whether a subrequest exists, and consequently
+	 * decide whether to shut down the pipe to the child process.
+	 */
 	if (ret == -1) {
-		/*
-		 * The basic parent/child communication broke, close
-		 * our socket
-		 */
-		close(state->child->sock);
-		state->child->sock = -1;
-		DLIST_REMOVE(winbindd_children, state->child);
 		tevent_req_error(req, err);
 		return;
 	}
@@ -212,6 +217,35 @@ int wb_child_request_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
 	return 0;
 }
 
+static void wb_child_request_cleanup(struct tevent_req *req,
+				     enum tevent_req_state req_state)
+{
+	struct wb_child_request_state *state =
+	    tevent_req_data(req, struct wb_child_request_state);
+
+	if (state->subreq == NULL) {
+		/* nothing to cleanup */
+		return;
+	}
+
+	TALLOC_FREE(state->subreq);
+
+	if (req_state == TEVENT_REQ_DONE) {
+		/* transmitted request and got response */
+		return;
+	}
+
+	/*
+	 * Failed to transmit and receive response, or request
+	 * cancelled while being serviced.
+	 * The basic parent/child communication broke, close
+	 * our socket
+	 */
+	close(state->child->sock);
+	state->child->sock = -1;
+	DLIST_REMOVE(winbindd_children, state->child);
+}
+
 static bool winbindd_child_busy(struct winbindd_child *child)
 {
 	return tevent_queue_length(child->queue) > 0;
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 51dc2ea..bed2220 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -581,6 +581,7 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
 	struct PAC_DATA_CTR *pac_data_ctr = NULL;
 	const char *local_service;
 	int i;
+	struct netr_SamInfo3 *info3_copy = NULL;
 
 	*info3 = NULL;
 
@@ -700,11 +701,20 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
 		break;
 	}
 
-	*info3 = &logon_info->info3;
+	if (logon_info == NULL) {
+		DEBUG(10,("Missing logon_info in ticket of %s\n",
+			principal_s));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
 
 	DEBUG(10,("winbindd_raw_kerberos_login: winbindd validated ticket of %s\n",
 		principal_s));
 
+	result = create_info3_from_pac_logon_info(mem_ctx, logon_info, &info3_copy);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto failed;
+	}
+


-- 
Samba Shared Repository


More information about the samba-cvs mailing list