[SCM] Samba Shared Repository - branch master updated

Andreas Schneider asn at samba.org
Mon Jul 24 16:46:02 UTC 2017 

The branch, master has been updated
       via  9b64b11 mit-kdb: Fix NULL pointer check after malloc
       via  314cf60 s4:kcc: Add a NULL check before qsort()
       via  9d4a9bd smb.conf: Explain that "ntlm auth" is a per-passdb setting
      from  eb2e779 samdb/cracknames: support user and service principal as desired format

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 9b64b11c2f2c1bc77ae887b34d7efcb9f1452da7
Author: Andreas Schneider <asn at samba.org>
Date:   Mon Jul 24 12:19:27 2017 +0200

    mit-kdb: Fix NULL pointer check after malloc
    
    This fixes building with GCC 7.1.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    
    Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
    Autobuild-Date(master): Mon Jul 24 18:45:34 CEST 2017 on sn-devel-144

commit 314cf608932c21d593afd04769b07435bcd4fc53
Author: Andreas Schneider <asn at samba.org>
Date:   Mon Jul 24 12:13:50 2017 +0200

    s4:kcc: Add a NULL check before qsort()
    
    This fixes building with GCC 7.1.1
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>

commit 9d4a9bd3cc6d5031b4cb6120be8d261350a8bdfc
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Mon Jul 24 14:09:19 2017 +1200

    smb.conf: Explain that "ntlm auth" is a per-passdb setting
    
    This parameter has always applied to this passdb only, not to domain
    authentication.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=12929
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 docs-xml/smbdotconf/security/ntlmauth.xml | 18 ++++++++++++++----
 source4/dsdb/kcc/kcc_topology.c           |  4 ++++
 source4/kdc/mit-kdb/kdb_samba_pac.c       |  2 +-
 3 files changed, 19 insertions(+), 5 deletions(-)


Changeset truncated at 500 lines:

diff --git a/docs-xml/smbdotconf/security/ntlmauth.xml b/docs-xml/smbdotconf/security/ntlmauth.xml
index f0969bf..dceae44 100644
--- a/docs-xml/smbdotconf/security/ntlmauth.xml
+++ b/docs-xml/smbdotconf/security/ntlmauth.xml
@@ -6,8 +6,18 @@
 <description>
     <para>This parameter determines whether or not <citerefentry><refentrytitle>smbd</refentrytitle>
     <manvolnum>8</manvolnum></citerefentry> will attempt to
-    authenticate users using the NTLM encrypted password response.
-    If disabled, NTLM and LanMan authencication is disabled server-wide.</para>
+    authenticate users using the NTLM encrypted password response for
+    this local passdb (SAM or account database). </para>
+
+    <para>If disabled, both NTLM and LanMan authencication against the
+    local passdb is disabled.</para>
+
+    <para>Note that these settings apply only to local users,
+    authentication will still be forwarded to and NTLM authentication
+    accepted against any domain we are joined to, and any trusted
+    domain, even if disabled or if NTLMv2-only is enforced here.  To
+    control NTLM authentiation for domain users, this must option must
+    be configured on each DC.</para>
 
     <para>By default with <command moreinfo="none">lanman
     auth</command> set to <constant>no</constant> and
@@ -41,8 +51,8 @@
         </listitem>
 
         <listitem>
-          <para><constant>disabled</constant> - Do not allow NTLM (or
-          LanMan) authentication of any level as a server, nor permit
+          <para><constant>disabled</constant> - Do not accept NTLM (or
+          LanMan) authentication of any level, nor permit
           NTLM password changes.</para>
         </listitem>
 
diff --git a/source4/dsdb/kcc/kcc_topology.c b/source4/dsdb/kcc/kcc_topology.c
index cd4dcc5..0e136ed 100644
--- a/source4/dsdb/kcc/kcc_topology.c
+++ b/source4/dsdb/kcc/kcc_topology.c
@@ -2445,6 +2445,10 @@ static NTSTATUS kcctpl_kruskal(TALLOC_CTX *mem_ctx, struct kcctpl_graph *graph,
 	uint32_t i, num_expected_tree_edges, cst_edges;
 	struct kcctpl_multi_edge_list output_edges;
 
+	if (internal_edges.data == NULL || internal_edges.count == 0) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
 	num_expected_tree_edges = 0;
 	for (i = 0; i < graph->vertices.count; i++) {
 		struct kcctpl_vertex *vertex = &graph->vertices.data[i];
diff --git a/source4/kdc/mit-kdb/kdb_samba_pac.c b/source4/kdc/mit-kdb/kdb_samba_pac.c
index 0ab8c37..1549760 100644
--- a/source4/kdc/mit-kdb/kdb_samba_pac.c
+++ b/source4/kdc/mit-kdb/kdb_samba_pac.c
@@ -87,7 +87,7 @@ krb5_error_code kdb_samba_dbekd_encrypt_key_data(krb5_context context,
 	key_data->key_data_kvno = keyver;
 	key_data->key_data_type[0] = kkey->enctype;
 	key_data->key_data_contents[0] = malloc(kkey->length);
-	if (key_data->key_data_contents[0]) {
+	if (key_data->key_data_contents[0] == NULL) {
 		return ENOMEM;
 	}
 	memcpy(key_data->key_data_contents[0],


-- 
Samba Shared Repository

More information about the samba-cvs mailing list