The branch, v3-4-stable has been updated
via 1dcf7aab1d69a6283b8e5839ca6f659613e2a458 (commit)
via 5404f974f012590b13249e015fa40f33a896d774 (commit)
via 6fdbdfb3668df2ec9d2f4a8108c91bc89b725a07 (commit)
via fe95c192ff07f930c7dddff8dbf1efb6bdbd96fe (commit)
from c7449bd0ae1f60d18816e8a34be7de4fe4394fd5 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-stable
- Log -----------------------------------------------------------------
commit 1dcf7aab1d69a6283b8e5839ca6f659613e2a458
Author: Karolin Seeger <[email protected]>
Date: Tue Sep 1 09:49:04 2009 +0200
WHATSNEW: Update changes since 3.4.0.
Karolin
(cherry picked from commit c424fce877806bc6aef57941f6e4268300af21bf)
commit 5404f974f012590b13249e015fa40f33a896d774
Author: Olaf Flebbe <[email protected]>
Date: Mon Aug 17 17:31:01 2009 +0200
make smbcontrol smbd ping work proper checking for arguments handle short
pid_t correctly
Fixes bug #6655.
(cherry picked from commit 5359e397ff190c35414f6961be61a5110e237dd5)
(cherry picked from commit 86c1dbb473323ef9480cb57584be9e02363e80af)
commit 6fdbdfb3668df2ec9d2f4a8108c91bc89b725a07
Author: Volker Lendecke <[email protected]>
Date: Tue Jul 14 23:12:59 2009 +0200
Fix bug 5886
Ok, that's a very long-standing one. I finally got around to install a
recent
OpenLDAP and test the different variants of setting a NULL password etc.
Thanks all for your patience!
Volker
(cherry picked from commit 6fb3222504a0d2b42cd9292f9e11b2ff246d5c19)
commit fe95c192ff07f930c7dddff8dbf1efb6bdbd96fe
Author: Stefan Metzmacher <[email protected]>
Date: Thu Aug 27 13:16:15 2009 +0200
s3:netlogon: replace cred_hash3 by des_crypt112_16
This makes sure we don't truncate the session key to 8 bytes
Fixes bug #6664
metze
(cherry picked from commit 2467671ba55c5ac834a8aa7ae8ad736958baab1d)
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 8 +++++++-
source3/lib/util.c | 22 ++++++++++++++++------
source3/passdb/pdb_ldap.c | 34 ++++++++++++++++++++++++++--------
source3/rpc_client/cli_netlogon.c | 6 +++---
source3/rpc_server/srv_netlog_nt.c | 3 +--
source3/utils/smbcontrol.c | 13 +++++--------
6 files changed, 58 insertions(+), 28 deletions(-)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 923c95d..6c131a8 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,6 +1,6 @@
=============================
Release Notes for Samba 3.4.1
- August , 2009
+ September 3, 2009
=============================
@@ -46,11 +46,16 @@ o Günther Deschner <[email protected]>
* BUG 6607: Fix crash bug in spoolss_addprinterex_level_2.
+o Olaf Flebbe <[email protected]>
+ * BUG 6655: Fix 'smbcontrol smbd ping'.
+
+
o Matt Kraai <[email protected]>
* BUG 6630: Fix opening of sockets on QNX.
o Volker Lendecke <[email protected]>
+ * BUG 5886: Fix password change propagation with ldapsam.
* BUG 6585: Fix unqualified "net join".
* BUG 6611: Fix a valgrind error in chain_reply.
* Fix linking on Solaris.
@@ -61,6 +66,7 @@ o Stefan Metzmacher <[email protected]>
* BUG 6532: Fix the build with external talloc.
* BUG 6538: Cancel all locks that are made before the first failure.
* BUG 6627: Raise the timeout for lsa_Lookup*() calls from 10 to 35
seconds.
+ * BUG 6664: Fix truncation of the session key.
o Tim Prouty <[email protected]>
diff --git a/source3/lib/util.c b/source3/lib/util.c
index 61a73e6..3d7336f 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -2743,14 +2743,15 @@ bool procid_is_me(const struct server_id *pid)
struct server_id interpret_pid(const char *pid_string)
{
-#ifdef CLUSTER_SUPPORT
- unsigned int vnn, pid;
struct server_id result;
- if (sscanf(pid_string, "%u:%u", &vnn, &pid) == 2) {
+ int pid;
+#ifdef CLUSTER_SUPPORT
+ unsigned int vnn;
+ if (sscanf(pid_string, "%u:%d", &vnn, &pid) == 2) {
result.vnn = vnn;
result.pid = pid;
}
- else if (sscanf(pid_string, "%u", &pid) == 1) {
+ else if (sscanf(pid_string, "%d", &pid) == 1) {
result.vnn = get_my_vnn();
result.pid = pid;
}
@@ -2758,10 +2759,19 @@ struct server_id interpret_pid(const char *pid_string)
result.vnn = NONCLUSTER_VNN;
result.pid = -1;
}
- return result;
#else
- return pid_to_procid(atoi(pid_string));
+ if (sscanf(pid_string, "%d", &pid) != 1) {
+ result.pid = -1;
+ } else {
+ result.pid = pid;
+ }
#endif
+ /* Assigning to result.pid may have overflowed
+ Map negative pid to -1: i.e. error */
+ if (result.pid < 0) {
+ result.pid = -1;
+ }
+ return result;
}
char *procid_str(TALLOC_CTX *mem_ctx, const struct server_id *pid)
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 0886a10..cf4889b 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -1700,6 +1700,7 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods
*my_methods,
char *utf8_password;
char *utf8_dn;
size_t converted_size;
+ int ret;
if (!ldap_state->is_nds_ldap) {
@@ -1731,14 +1732,31 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods
*my_methods,
}
if ((ber_printf (ber, "{") < 0) ||
- (ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_ID,
utf8_dn) < 0) ||
- (ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_NEW,
utf8_password) < 0) ||
- (ber_printf (ber, "n}") < 0)) {
- DEBUG(0,("ldapsam_modify_entry: ber_printf returns a
value <0\n"));
- ber_free(ber,1);
- SAFE_FREE(utf8_dn);
- SAFE_FREE(utf8_password);
- return NT_STATUS_UNSUCCESSFUL;
+ (ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_ID,
+ utf8_dn) < 0)) {
+ DEBUG(0,("ldapsam_modify_entry: ber_printf returns a "
+ "value <0\n"));
+ ber_free(ber,1);
+ SAFE_FREE(utf8_dn);
+ SAFE_FREE(utf8_password);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ if ((utf8_password != NULL) && (*utf8_password != '\0')) {
+ ret = ber_printf(ber, "ts}",
+ LDAP_TAG_EXOP_MODIFY_PASSWD_NEW,
+ utf8_password);
+ } else {
+ ret = ber_printf(ber, "}");
+ }
+
+ if (ret < 0) {
+ DEBUG(0,("ldapsam_modify_entry: ber_printf returns a "
+ "value <0\n"));
+ ber_free(ber,1);
+ SAFE_FREE(utf8_dn);
+ SAFE_FREE(utf8_password);
+ return NT_STATUS_UNSUCCESSFUL;
}
if ((rc = ber_flatten (ber, &bv))<0) {
diff --git a/source3/rpc_client/cli_netlogon.c
b/source3/rpc_client/cli_netlogon.c
index 5f115e5..4d7347f 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -601,9 +601,9 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct
rpc_pipe_client *cli,
struct samr_Password new_password;
- cred_hash3(new_password.hash,
- new_trust_passwd_hash,
- cli->dc->sess_key, 1);
+ des_crypt112_16(new_password.hash,
+ new_trust_passwd_hash,
+ cli->dc->sess_key, 1);
result = rpccli_netr_ServerPasswordSet(cli, mem_ctx,
cli->dc->remote_machine,
diff --git a/source3/rpc_server/srv_netlog_nt.c
b/source3/rpc_server/srv_netlog_nt.c
index 79606ab..3337c87 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -741,8 +741,7 @@ NTSTATUS _netr_ServerPasswordSet(pipes_struct *p,
return NT_STATUS_ACCOUNT_DISABLED;
}
- /* Woah - what does this to to the credential chain ? JRA */
- cred_hash3(pwd, r->in.new_password->hash, p->dc->sess_key, 0);
+ des_crypt112_16(pwd, r->in.new_password->hash, p->dc->sess_key, 0);
DEBUG(100,("_netr_ServerPasswordSet: new given value was :\n"));
for(i = 0; i < sizeof(pwd); i++)
diff --git a/source3/utils/smbcontrol.c b/source3/utils/smbcontrol.c
index fc7d0aa..7fab6eb 100644
--- a/source3/utils/smbcontrol.c
+++ b/source3/utils/smbcontrol.c
@@ -1247,15 +1247,12 @@ static struct server_id parse_dest(const char *dest)
dest = "winbindd";
}
- if (!(strequal(dest, "winbindd") || strequal(dest, "nmbd"))) {
- /* Check for numeric pid number */
+ /* Check for numeric pid number */
+ result = interpret_pid(dest);
- result = interpret_pid(dest);
-
- /* Zero isn't valid if not smbd. */
- if (result.pid && procid_valid(&result)) {
- return result;
- }
+ /* Zero isn't valid if not "all". */
+ if (result.pid && procid_valid(&result)) {
+ return result;
}
/* Look up other destinations in pidfile directory */
--
Samba Shared Repository
