[SCM] Samba Shared Repository - branch master updated
Andreas Schneider
asn at samba.org
Wed Oct 16 18:01:02 UTC 2019
The branch, master has been updated
via aed4d063767 libcli smb smb1cli_trans: fix ubsan warning
via 50cce842a23 docs: Add 'net gpo command' text in man net
via eb093c5d2ac s3:winbind: Don't abort when receiving a NULL SID
from d023b29876d selftest: Disable RTLD_DEEPBIND if running with ASAN
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit aed4d0637675629a33585a0198c8cbbb64371638
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Thu Jun 6 08:40:42 2019 +1200
libcli smb smb1cli_trans: fix ubsan warning
Fix ubsan warning null pointer passed as argument 2 when the source
pointer is NULL. The calls to memcpy are now guarded by an
if (len > 0)
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Oct 16 18:00:31 UTC 2019 on sn-devel-184
commit 50cce842a230f82018be62fca8fe1374b9b0dcd1
Author: Amit Kumar <amitkuma at redhat.com>
Date: Thu Jun 6 01:54:31 2019 +0530
docs: Add 'net gpo command' text in man net
This change adds contents to man net for 'net ads gpo' command
set based on results got after executing:
'# net ads gpo help' and subcommands
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13986
Signed-off-by: Amit Kumar <amitkuma at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit eb093c5d2ac77889215356ffabb915861cd4e9d5
Author: Amit Kumar <amitkuma at redhat.com>
Date: Fri May 31 18:57:52 2019 +0530
s3:winbind: Don't abort when receiving a NULL SID
Source code in winbind_rpc.c states that if the trusted domain
has no SID, winbindd just aborts the session. This happens with
MIT Kerberos realm added as trust to AD and winbindd just returns
without processing further as there is no SID returned for the
Linux system having kerberos support.
This fix makes winbindd to skip the domain having NULL SID instead
of aborting the request completely.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13913
Signed-off-by: Amit Kumar <amitkuma at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
-----------------------------------------------------------------------
Summary of changes:
docs-xml/manpages/net.8.xml | 40 ++++++++++++++++++++++++++++++++++++++++
libcli/smb/smb1cli_trans.c | 6 ++++--
source3/winbindd/winbindd_rpc.c | 16 +++++++---------
3 files changed, 51 insertions(+), 11 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml
index f64efde0061..e585f247728 100644
--- a/docs-xml/manpages/net.8.xml
+++ b/docs-xml/manpages/net.8.xml
@@ -1334,6 +1334,46 @@ against an NT4 Domain Controller.
</refsect2>
+<refsect2>
+
+<title>ADS GPO</title>
+<refsect3>
+<title>ADS GPO APPLY <USERNAME|MACHINENAME> </title>
+<para>Apply GPOs for a username or machine name. Either username or machine name should be provided to the command, not both. </para>
+</refsect3>
+
+<refsect3>
+<title>ADS GPO GETGPO [<replaceable>GPO</replaceable>]</title>
+<para>List specified GPO.</para>
+</refsect3>
+
+<refsect3>
+<title>ADS GPO LINKADD [<replaceable>LINKDN</replaceable>] [<replaceable>GPODN</replaceable>]</title>
+<para>Link a container to a GPO. <replaceable>LINKDN</replaceable> Container to link to a GPO. <replaceable>GPODN</replaceable> GPO to link container to. DNs must be provided properly escaped. See RFC 4514 for details.</para>
+</refsect3>
+
+<refsect3>
+<title>ADS GPO LINKGET [<replaceable>CONTAINER</replaceable>]</title>
+<para>Lists gPLink of a containter.</para>
+</refsect3>
+
+<refsect3>
+<title>ADS GPO LIST <USERNAME|MACHINENAME> </title>
+<para>Lists all GPOs for a username or machine name. Either username or machine name should be provided to the command, not both. </para>
+</refsect3>
+
+<refsect3>
+<title>ADS GPO LISTALL</title>
+<para>Lists all GPOs on a DC.</para>
+</refsect3>
+
+<refsect3>
+<title>ADS GPO REFRESH [<replaceable>USERNAME</replaceable>] [<replaceable>MACHINENAME</replaceable>]</title>
+<para>Lists all GPOs assigned to an account and download them. <replaceable>USERNAME</replaceable> User to refresh GPOs for. <replaceable>MACHINENAME</replaceable> Machine to refresh GPOs for.</para>
+</refsect3>
+
+</refsect2>
+
<refsect2>
<title>ADS LEAVE [--keep-account]</title>
diff --git a/libcli/smb/smb1cli_trans.c b/libcli/smb/smb1cli_trans.c
index c305463846d..99021ce2b47 100644
--- a/libcli/smb/smb1cli_trans.c
+++ b/libcli/smb/smb1cli_trans.c
@@ -351,8 +351,10 @@ static void smb1cli_trans_format(struct smb1cli_trans_state *state,
SSVAL(vwv +12, 0, data_offset);
SCVAL(vwv +13, 0, state->num_setup);
SCVAL(vwv +13, 1, 0); /* reserved */
- memcpy(vwv + 14, state->setup,
- sizeof(uint16_t) * state->num_setup);
+ if (state->num_setup > 0) {
+ memcpy(vwv + 14, state->setup,
+ sizeof(uint16_t) * state->num_setup);
+ }
break;
case SMBtranss:
case SMBtranss2:
diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c
index ffbaabcfe49..793ebe0df56 100644
--- a/source3/winbindd/winbindd_rpc.c
+++ b/source3/winbindd/winbindd_rpc.c
@@ -952,26 +952,24 @@ NTSTATUS rpc_trusted_domains(TALLOC_CTX *mem_ctx,
return NT_STATUS_NO_MEMORY;
}
+ if (dom_list_ex.domains[i].sid == NULL) {
+ DBG_ERR("Trusted domain %s has no SID, "
+ "skipping!\n",
+ trust->dns_name);
+ continue;
+ }
+
if (has_ex) {
trust->netbios_name = talloc_move(array,
&dom_list_ex.domains[i].netbios_name.string);
trust->dns_name = talloc_move(array,
&dom_list_ex.domains[i].domain_name.string);
- if (dom_list_ex.domains[i].sid == NULL) {
- DEBUG(0, ("Trusted Domain %s has no SID, aborting!\n", trust->dns_name));
- return NT_STATUS_INVALID_NETWORK_RESPONSE;
- }
sid_copy(sid, dom_list_ex.domains[i].sid);
} else {
trust->netbios_name = talloc_move(array,
&dom_list.domains[i].name.string);
trust->dns_name = NULL;
- if (dom_list.domains[i].sid == NULL) {
- DEBUG(0, ("Trusted Domain %s has no SID, aborting!\n", trust->netbios_name));
- return NT_STATUS_INVALID_NETWORK_RESPONSE;
- }
-
sid_copy(sid, dom_list.domains[i].sid);
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list