The branch, v3-6-stable has been updated
via e0c2e3c WHATSNEW: Prepare release notes for Samba 3.6.15.
via 07f930e winbind: Fix bug 9854 -- NULL pointer dereference
via 6c5c055 BUG 9817: Fix 'map untrusted to domain' with NTLMv2.
via 76d9020 bug 9830: fix panic in nt_printer_publish_ads
via b633e71 s3:librpc: add support for PFC_FLAG_OBJECT_UUID when
parsing packets (bug #9382)
via 6f14d3b s3-smbd: Split make_serverinfo_from_username guest
parameters into two parts
from abe0fec WHATSNEW: Start release notes for Samba 3.6.15.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-stable
- Log -----------------------------------------------------------------
commit e0c2e3cd1579d89b2e3f8d1bce2019e61104441e
Author: Karolin Seeger <ksee...@samba.org>
Date: Wed May 8 10:15:32 2013 +0200
WHATSNEW: Prepare release notes for Samba 3.6.15.
Signed-off-by: Karolin Seeger <ksee...@samba.org>
(cherry picked from commit 8a3db2e8ef12d259feaa2af5092ddda74c5b4def)
commit 07f930e32cdc0d8a317d4b14285b2fb1f15f0c46
Author: Volker Lendecke <v...@samba.org>
Date: Tue May 7 12:39:16 2013 +0200
winbind: Fix bug 9854 -- NULL pointer dereference
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Michael Adam <ob...@samba.org>
Autobuild-User(master): Michael Adam <ob...@samba.org>
Autobuild-Date(master): Tue May 7 14:49:07 CEST 2013 on sn-devel-104
(cherry picked from commit 8c1283a89f746a108e8014b6fbc9a58a371950cf)
(cherry picked from commit 0872d998cd2bcfa274283bd7dd1d70010ca33166)
commit 6c5c055ab1a83c71adf26b2089e51715833b2c31
Author: Andreas Schneider <a...@samba.org>
Date: Wed Apr 24 15:27:21 2013 +0200
BUG 9817: Fix 'map untrusted to domain' with NTLMv2.
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Günther Deschner <g...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org>
Autobuild-Date(master): Wed Apr 24 17:14:48 CEST 2013 on sn-devel-104
(cherry picked from commit 62873916076d748f7c91868a6cd28d35e64d8dca)
commit 76d90201a02511429bf0f658c1564ccc78f26e6d
Author: David Disseldorp <dd...@samba.org>
Date: Thu Apr 25 16:01:54 2013 +0200
bug 9830: fix panic in nt_printer_publish_ads
Check for ads_find_machine_acct() errors, to ensure a NULL LDAPMessage
pointer doesn't get passed to ldap_get_dn().
Signed-off-by: David Disseldorp <dd...@samba.org>
(cherry picked from commit dd07b3c4973b169f07d227869dba8d0f4a76569a)
commit b633e710743aff595a87782507429e68d94ce80e
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Nov 12 10:16:50 2012 +0100
s3:librpc: add support for PFC_FLAG_OBJECT_UUID when parsing packets (bug
#9382)
Now the logic matches the one in dcerpc_read_ncacn_packet_done().
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Michael Adam <ob...@samba.org>
Reviewed-by: David Disseldorp <dd...@suse.de>
(cherry picked from commit 65860c540faba0ca3542ee2edc0a16fa76a2bcde)
commit 6f14d3be50c0f45fa8f2afc2d42f229a05a6056d
Author: Andrew Bartlett <abart...@samba.org>
Date: Thu Apr 4 09:53:34 2013 +1100
s3-smbd: Split make_serverinfo_from_username guest parameters into two parts
This handles differently the case where we are the guest (from
security=share) and
when we are forced to be a different user with force user. We want to
maintain
only the is_guest flag if were forced to become any other user, we need the
rest
of the token to change.
Andrew Bartlett
Fix bug #9746 - guest ok + force user + force group doesn't work.
(cherry picked from commit 24d68d799553b0806e580a47aed70a4eaac09191)
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 20 +++++++++++++++++---
source3/auth/auth_util.c | 3 ++-
source3/auth/auth_winbind.c | 10 ++++++++--
source3/auth/proto.h | 1 +
source3/librpc/rpc/dcerpc_helpers.c | 4 ++++
source3/printing/nt_printing_ads.c | 10 ++++++++--
source3/smbd/service.c | 4 ++--
source3/winbindd/winbindd_cache.c | 6 +++---
8 files changed, 45 insertions(+), 13 deletions(-)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 6b986c2..461ed76 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,6 +1,6 @@
==============================
Release Notes for Samba 3.6.15
- June 10, 2013
+ May 08, 2013
==============================
@@ -8,12 +8,26 @@ This is is the latest stable release of Samba 3.6.
Major enhancements in Samba 3.6.15 include:
-o
+o Fix crash bug in Winbind (bug #9854).
+
Changes since 3.6.14:
---------------------
-o Jeremy Allison <j...@samba.org>
+o Andrew Bartlett <abart...@samba.org>
+ * BUG 9746: Fix "guest ok", "force user" and "force group" for guest users.
+
+
+o David Disseldorp <dd...@samba.org>
+ * BUG 9830: Fix panic in nt_printer_publish_ads.
+
+
+o Volker Lendecke <v...@samba.org>
+ * BUG 9854: Fix crash bug in Winbind.
+
+
+o Andreas Schneider <a...@samba.org>
+ * BUG 9817: Fix 'map untrusted to domain' with NTLMv2.
######################################################################
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 0e1f437..288f461 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -902,6 +902,7 @@ static NTSTATUS make_new_session_info_system(TALLOC_CTX
*mem_ctx,
NTSTATUS make_serverinfo_from_username(TALLOC_CTX *mem_ctx,
const char *username,
+ bool use_guest_token,
bool is_guest,
struct auth_serversupplied_info
**presult)
{
@@ -925,7 +926,7 @@ NTSTATUS make_serverinfo_from_username(TALLOC_CTX *mem_ctx,
result->nss_token = true;
result->guest = is_guest;
- if (is_guest) {
+ if (use_guest_token) {
status = make_server_info_guest(mem_ctx, &result);
} else {
status = create_local_token(result);
diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c
index 2143353..57a8866 100644
--- a/source3/auth/auth_winbind.c
+++ b/source3/auth/auth_winbind.c
@@ -62,9 +62,15 @@ static NTSTATUS check_winbind_security(const struct
auth_context *auth_context,
}
/* Send off request */
-
params.account_name = user_info->client.account_name;
- params.domain_name = user_info->mapped.domain_name;
+ /*
+ * We need to send the domain name from the client to the DC. With
+ * NTLMv2 the domain name is part of the hashed second challenge,
+ * if we change the domain name, the DC will fail to verify the
+ * challenge cause we changed the domain name, this is like a
+ * man in the middle attack.
+ */
+ params.domain_name = user_info->client.domain_name;
params.workstation_name = user_info->workstation_name;
params.flags = 0;
diff --git a/source3/auth/proto.h b/source3/auth/proto.h
index b23d827..3d1fa06 100644
--- a/source3/auth/proto.h
+++ b/source3/auth/proto.h
@@ -149,6 +149,7 @@ NTSTATUS make_server_info_pw(struct
auth_serversupplied_info **server_info,
struct passwd *pwd);
NTSTATUS make_serverinfo_from_username(TALLOC_CTX *mem_ctx,
const char *username,
+ bool use_guest_token,
bool is_guest,
struct auth_serversupplied_info
**presult);
struct auth_serversupplied_info *copy_serverinfo(TALLOC_CTX *mem_ctx,
diff --git a/source3/librpc/rpc/dcerpc_helpers.c
b/source3/librpc/rpc/dcerpc_helpers.c
index 7520d76..469e308 100644
--- a/source3/librpc/rpc/dcerpc_helpers.c
+++ b/source3/librpc/rpc/dcerpc_helpers.c
@@ -113,6 +113,10 @@ NTSTATUS dcerpc_pull_ncacn_packet(TALLOC_CTX *mem_ctx,
ndr->flags |= LIBNDR_FLAG_BIGENDIAN;
}
+ if (CVAL(blob->data, DCERPC_PFC_OFFSET) & DCERPC_PFC_FLAG_OBJECT_UUID) {
+ ndr->flags |= LIBNDR_FLAG_OBJECT_PRESENT;
+ }
+
ndr_err = ndr_pull_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, r);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
diff --git a/source3/printing/nt_printing_ads.c
b/source3/printing/nt_printing_ads.c
index 5a0cd24..219124f 100644
--- a/source3/printing/nt_printing_ads.c
+++ b/source3/printing/nt_printing_ads.c
@@ -192,17 +192,23 @@ static WERROR nt_printer_publish_ads(struct
messaging_context *msg_ctx,
DEBUG(5, ("publishing printer %s\n", printer));
/* figure out where to publish */
- ads_find_machine_acct(ads, &res, global_myname());
+ ads_rc = ads_find_machine_acct(ads, &res, global_myname());
+ if (!ADS_ERR_OK(ads_rc)) {
+ DEBUG(0, ("failed to find machine account for %s\n",
+ global_myname()));
+ TALLOC_FREE(ctx);
+ return WERR_NOT_FOUND;
+ }
/* We use ldap_get_dn here as we need the answer
* in utf8 to call ldap_explode_dn(). JRA. */
srv_dn_utf8 = ldap_get_dn((LDAP *)ads->ldap.ld, (LDAPMessage *)res);
+ ads_msgfree(ads, res);
if (!srv_dn_utf8) {
TALLOC_FREE(ctx);
return WERR_SERVER_UNAVAILABLE;
}
- ads_msgfree(ads, res);
srv_cn_utf8 = ldap_explode_dn(srv_dn_utf8, 1);
if (!srv_cn_utf8) {
TALLOC_FREE(ctx);
diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index 6c8c8d3..a22b0df 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -656,7 +656,7 @@ static NTSTATUS create_connection_session_info(struct
smbd_server_connection *sc
return NT_STATUS_WRONG_PASSWORD;
}
- return make_serverinfo_from_username(mem_ctx, user, guest,
+ return make_serverinfo_from_username(mem_ctx, user, guest,
guest,
presult);
}
@@ -690,7 +690,7 @@ NTSTATUS set_conn_force_user_group(connection_struct *conn,
int snum)
}
status = make_serverinfo_from_username(
- conn, fuser, conn->session_info->guest,
+ conn, fuser, false, conn->session_info->guest,
&forced_serverinfo);
if (!NT_STATUS_IS_OK(status)) {
return status;
diff --git a/source3/winbindd/winbindd_cache.c
b/source3/winbindd/winbindd_cache.c
index 033ea77..0a65953 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -946,7 +946,7 @@ static void wcache_save_name_to_sid(struct winbindd_domain
*domain,
if (!centry)
return;
- if (domain_name[0] == '\0') {
+ if ((domain_name == NULL) || (domain_name[0] == '\0')) {
struct winbindd_domain *mydomain =
find_domain_from_sid_noinit(sid);
if (mydomain != NULL) {
@@ -974,7 +974,7 @@ static void wcache_save_sid_to_name(struct winbindd_domain
*domain, NTSTATUS sta
if (!centry)
return;
- if (domain_name[0] == '\0') {
+ if ((domain_name == NULL) || (domain_name[0] == '\0')) {
struct winbindd_domain *mydomain =
find_domain_from_sid_noinit(sid);
if (mydomain != NULL) {
@@ -1798,7 +1798,7 @@ NTSTATUS wcache_name_to_sid(struct winbindd_domain
*domain,
return NT_STATUS_NO_MEMORY;
}
- if (domain_name[0] == '\0') {
+ if ((domain_name == NULL) || (domain_name[0] == '\0')) {
domain_name = domain->name;
}
--
Samba Shared Repository
