[SCM] Samba Shared Repository - branch master updated
Andreas Schneider
asn at samba.org
Mon Jul 24 16:46:02 UTC 2017
The branch, master has been updated
via 9b64b11 mit-kdb: Fix NULL pointer check after malloc
via 314cf60 s4:kcc: Add a NULL check before qsort()
via 9d4a9bd smb.conf: Explain that "ntlm auth" is a per-passdb setting
from eb2e779 samdb/cracknames: support user and service principal as desired format
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 9b64b11c2f2c1bc77ae887b34d7efcb9f1452da7
Author: Andreas Schneider <asn at samba.org>
Date: Mon Jul 24 12:19:27 2017 +0200
mit-kdb: Fix NULL pointer check after malloc
This fixes building with GCC 7.1.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Jul 24 18:45:34 CEST 2017 on sn-devel-144
commit 314cf608932c21d593afd04769b07435bcd4fc53
Author: Andreas Schneider <asn at samba.org>
Date: Mon Jul 24 12:13:50 2017 +0200
s4:kcc: Add a NULL check before qsort()
This fixes building with GCC 7.1.1
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 9d4a9bd3cc6d5031b4cb6120be8d261350a8bdfc
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Jul 24 14:09:19 2017 +1200
smb.conf: Explain that "ntlm auth" is a per-passdb setting
This parameter has always applied to this passdb only, not to domain
authentication.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12929
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
docs-xml/smbdotconf/security/ntlmauth.xml | 18 ++++++++++++++----
source4/dsdb/kcc/kcc_topology.c | 4 ++++
source4/kdc/mit-kdb/kdb_samba_pac.c | 2 +-
3 files changed, 19 insertions(+), 5 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/smbdotconf/security/ntlmauth.xml b/docs-xml/smbdotconf/security/ntlmauth.xml
index f0969bf..dceae44 100644
--- a/docs-xml/smbdotconf/security/ntlmauth.xml
+++ b/docs-xml/smbdotconf/security/ntlmauth.xml
@@ -6,8 +6,18 @@
<description>
<para>This parameter determines whether or not <citerefentry><refentrytitle>smbd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> will attempt to
- authenticate users using the NTLM encrypted password response.
- If disabled, NTLM and LanMan authencication is disabled server-wide.</para>
+ authenticate users using the NTLM encrypted password response for
+ this local passdb (SAM or account database). </para>
+
+ <para>If disabled, both NTLM and LanMan authencication against the
+ local passdb is disabled.</para>
+
+ <para>Note that these settings apply only to local users,
+ authentication will still be forwarded to and NTLM authentication
+ accepted against any domain we are joined to, and any trusted
+ domain, even if disabled or if NTLMv2-only is enforced here. To
+ control NTLM authentiation for domain users, this must option must
+ be configured on each DC.</para>
<para>By default with <command moreinfo="none">lanman
auth</command> set to <constant>no</constant> and
@@ -41,8 +51,8 @@
</listitem>
<listitem>
- <para><constant>disabled</constant> - Do not allow NTLM (or
- LanMan) authentication of any level as a server, nor permit
+ <para><constant>disabled</constant> - Do not accept NTLM (or
+ LanMan) authentication of any level, nor permit
NTLM password changes.</para>
</listitem>
diff --git a/source4/dsdb/kcc/kcc_topology.c b/source4/dsdb/kcc/kcc_topology.c
index cd4dcc5..0e136ed 100644
--- a/source4/dsdb/kcc/kcc_topology.c
+++ b/source4/dsdb/kcc/kcc_topology.c
@@ -2445,6 +2445,10 @@ static NTSTATUS kcctpl_kruskal(TALLOC_CTX *mem_ctx, struct kcctpl_graph *graph,
uint32_t i, num_expected_tree_edges, cst_edges;
struct kcctpl_multi_edge_list output_edges;
+ if (internal_edges.data == NULL || internal_edges.count == 0) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
num_expected_tree_edges = 0;
for (i = 0; i < graph->vertices.count; i++) {
struct kcctpl_vertex *vertex = &graph->vertices.data[i];
diff --git a/source4/kdc/mit-kdb/kdb_samba_pac.c b/source4/kdc/mit-kdb/kdb_samba_pac.c
index 0ab8c37..1549760 100644
--- a/source4/kdc/mit-kdb/kdb_samba_pac.c
+++ b/source4/kdc/mit-kdb/kdb_samba_pac.c
@@ -87,7 +87,7 @@ krb5_error_code kdb_samba_dbekd_encrypt_key_data(krb5_context context,
key_data->key_data_kvno = keyver;
key_data->key_data_type[0] = kkey->enctype;
key_data->key_data_contents[0] = malloc(kkey->length);
- if (key_data->key_data_contents[0]) {
+ if (key_data->key_data_contents[0] == NULL) {
return ENOMEM;
}
memcpy(key_data->key_data_contents[0],
--
Samba Shared Repository
More information about the samba-cvs
mailing list