[SCM] Samba Shared Repository - branch master updated

Jeremy Allison jra at samba.org
Sat Jul 15 04:44:02 UTC 2017 

The branch, master has been updated
       via  4cced4d s3:client: The smbspool krb5 wrapper needs negotiate for authentication
       via  5fe76a5 s3: smbd: Fix a read after free if a chained SMB1 call goes async.
       via  7f4e7cf s3/notifyd: ensure notifyd doesn't return from smbd_notifyd_init
      from  85b10a6 s3: drop build_env

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 4cced4da4ca97f0c6db227e6b2c7e03c2e5c1f28
Author: Andreas Schneider <asn at samba.org>
Date:   Fri Jul 7 14:08:49 2017 +0200

    s3:client: The smbspool krb5 wrapper needs negotiate for authentication
    
    If you create a new printer it doesn't have AuthInfoRequired set and so
    cups calls the backend with:
    
      AUTH_INFO_REQUIRED=none
    
    In this case we need to return:
    
      ATTR: auth-info-required=negotiate
    
    and return an error that we require authentication.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=12886
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Sat Jul 15 06:43:47 CEST 2017 on sn-devel-144

commit 5fe76a5474823ed7602938a07c9c43226a7882a3
Author: Jeremy Allison <jra at samba.org>
Date:   Thu Jul 13 12:06:58 2017 -0700

    s3: smbd: Fix a read after free if a chained SMB1 call goes async.
    
    Reported to the Samba Team by Yihan Lian <lianyihan at 360.cn>, a security
    researcher of Qihoo 360 GearTeam. Thanks a lot!
    
    smb1_parse_chain() incorrectly used talloc_tos() for the memory
    context of the chained smb1 requests. This gets freed between
    requests so if a chained request goes async, the saved request
    array also is freed, which causes a crash on resume.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=12836
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit 7f4e7cfd1b0bd917395c631a1a8195fffd13bbad
Author: Ralph Boehme <slow at samba.org>
Date:   Fri Jul 14 16:38:36 2017 +0200

    s3/notifyd: ensure notifyd doesn't return from smbd_notifyd_init
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=12910
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source3/client/smbspool_krb5_wrapper.c | 29 +++++++++++++++++++----------
 source3/smbd/process.c                 |  2 +-
 source3/smbd/server.c                  |  8 +++++++-
 3 files changed, 27 insertions(+), 12 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/client/smbspool_krb5_wrapper.c b/source3/client/smbspool_krb5_wrapper.c
index bf97d82..a72006a 100644
--- a/source3/client/smbspool_krb5_wrapper.c
+++ b/source3/client/smbspool_krb5_wrapper.c
@@ -95,17 +95,26 @@ int main(int argc, char *argv[])
 
         /* If not set, then just call smbspool. */
 	if (env == NULL) {
-		CUPS_SMB_ERROR("AUTH_INFO_REQUIRED is not set");
-                goto smbspool;
+		CUPS_SMB_DEBUG("AUTH_INFO_REQUIRED is not set - "
+			       "execute smbspool");
+		goto smbspool;
 	} else {
-                CUPS_SMB_DEBUG("AUTH_INFO_REQUIRED=%s", env);
-                cmp = strcmp(env, "negotiate");
-                /* If AUTH_INFO_REQUIRED != "negotiate" then call smbspool. */
-                if (cmp != 0) {
-                          CUPS_SMB_ERROR(
-                            "AUTH_INFO_REQUIRED is not set to negotiate");
-                          goto smbspool;
-                }
+		CUPS_SMB_DEBUG("AUTH_INFO_REQUIRED=%s", env);
+
+		cmp = strcmp(env, "username,password");
+		if (cmp == 0) {
+			CUPS_SMB_DEBUG("Authenticate using username/password - "
+				       "execute smbspool");
+			goto smbspool;
+		}
+
+		/* if AUTH_INFO_REQUIRED=none */
+		cmp = strcmp(env, "negotiate");
+		if (cmp != 0) {
+			CUPS_SMB_ERROR("Authentication unsupported");
+			fprintf(stderr, "ATTR: auth-info-required=negotiate\n");
+			return CUPS_BACKEND_AUTH_REQUIRED;
+		}
 	}
 
 	uid = getuid();
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index a19b8b7..3765739 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -1785,7 +1785,7 @@ static void construct_reply_chain(struct smbXsrv_connection *xconn,
 	unsigned num_reqs;
 	bool ok;
 
-	ok = smb1_parse_chain(talloc_tos(), (uint8_t *)inbuf, xconn, encrypted,
+	ok = smb1_parse_chain(xconn, (uint8_t *)inbuf, xconn, encrypted,
 			      seqnum, &reqs, &num_reqs);
 	if (!ok) {
 		char errbuf[smb_size];
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index e18a4e5..181bcd1 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -390,6 +390,7 @@ static bool smbd_notifyd_init(struct messaging_context *msg, bool interactive,
 	struct tevent_req *req;
 	pid_t pid;
 	NTSTATUS status;
+	bool ok;
 
 	if (interactive) {
 		req = notifyd_req(msg, ev);
@@ -431,7 +432,12 @@ static bool smbd_notifyd_init(struct messaging_context *msg, bool interactive,
 	messaging_send(msg, pid_to_procid(getppid()), MSG_SMB_NOTIFY_STARTED,
 		       NULL);
 
-	return tevent_req_poll(req, ev);
+	ok = tevent_req_poll(req, ev);
+	if (!ok) {
+		DBG_WARNING("tevent_req_poll returned %s\n", strerror(errno));
+		exit(1);
+	}
+	exit(0);
 }
 
 static void notifyd_init_trigger(struct tevent_req *req);


-- 
Samba Shared Repository

More information about the samba-cvs mailing list