The branch, v4-2-test has been updated
via 92cc4e0 s3: winbind: Prevent null ptr access by returning error if
no creds available
via d9afa70 s3: rpcclient: Prevent null ptr access by returning error
if no creds available
via 01ca2cf s3: smbd: If EA's are turned off on a share don't allow an
SMB2 create containing them.
via c63638e vfs_gpfs: Re-enable share modes
from 95232e6 Changing log level of two entries to from 1 to 3
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-2-test
- Log -----------------------------------------------------------------
commit 92cc4e07f9558b2d4b7510f9ed4b769c9f467941
Author: Noel Power <[email protected]>
Date: Thu Oct 22 12:37:17 2015 +0100
s3: winbind: Prevent null ptr access by returning error if no creds
available
Prevent rpccli_netlogon_network_logon/rpccli_netlogon_password_logon
being called with 'NULL' credentials
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11569
Signed-off-by: Noel Power <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
Reviewed-by: Stefan Metzmacher <[email protected]>
(cherry picked from commit e8fab02773892812f563eea7098847618df76e1b)
Autobuild-User(v4-2-test): Karolin Seeger <[email protected]>
Autobuild-Date(v4-2-test): Mon Nov 16 12:55:13 CET 2015 on sn-devel-104
commit d9afa70503d93460da27c887241fd6a59ec49f0a
Author: Noel Power <[email protected]>
Date: Mon Nov 2 09:59:12 2015 +0000
s3: rpcclient: Prevent null ptr access by returning error if no creds
available
Prevent rpccli_netlogon_password_logon being called with 'NULL' credentials.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11569
Signed-off-by: Noel Power <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
Reviewed-by: Stefan Metzmacher <[email protected]>
(cherry picked from commit 89940f39c6d2db03b3a468942d686e762f126f9f)
commit 01ca2cffd7aa7b12173d7aefe43ce39c6532ae33
Author: Jeremy Allison <[email protected]>
Date: Wed Nov 4 09:34:57 2015 -0800
s3: smbd: If EA's are turned off on a share don't allow an SMB2 create
containing them.
Otherwise a create that should have failed may succeed.
Based on an original patch from John Mulligan <[email protected]>
and comments from Uri Simchoni <[email protected]>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11589
Signed-off-by: Jeremy Allison <[email protected]>
Reviewed-by: Uri Simchoni <[email protected]>
Autobuild-User(master): Uri Simchoni <[email protected]>
Autobuild-Date(master): Wed Nov 4 22:14:22 CET 2015 on sn-devel-104
(cherry picked from commit aa3cc0b459124c66de0aad8ff41908e1bf261222)
commit c63638e217ad5e3866a31968bd7d568685e0e987
Author: Volker Lendecke <[email protected]>
Date: Thu Nov 5 13:22:33 2015 +0100
vfs_gpfs: Re-enable share modes
is_ntfs_default_stream_smb_fname returns false for a NULL stream name, so
for
streamless filenames we do not set gpfs share modes without this patch.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11243
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Stefan Metzmacher <[email protected]>
Autobuild-User(master): Volker Lendecke <[email protected]>
Autobuild-Date(master): Fri Nov 6 03:21:01 CET 2015 on sn-devel-104
-----------------------------------------------------------------------
Summary of changes:
source3/modules/vfs_gpfs.c | 3 ++-
source3/rpcclient/cmd_netlogon.c | 5 +++++
source3/smbd/smb2_create.c | 6 ++++++
source3/winbindd/winbindd_pam.c | 7 +++++--
4 files changed, 18 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c
index 4d64983..2939689 100644
--- a/source3/modules/vfs_gpfs.c
+++ b/source3/modules/vfs_gpfs.c
@@ -91,7 +91,8 @@ static int vfs_gpfs_kernel_flock(vfs_handle_struct *handle,
files_struct *fsp,
* fd, so lacking a distinct fd for the stream we have to skip
* kernel_flock and set_gpfs_sharemode for stream.
*/
- if (!is_ntfs_default_stream_smb_fname(fsp->fsp_name)) {
+ if (is_ntfs_stream_smb_fname(fsp->fsp_name) &&
+ !is_ntfs_default_stream_smb_fname(fsp->fsp_name)) {
DEBUG(2,("%s: kernel_flock on stream\n", fsp_str_dbg(fsp)));
return 0;
}
diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cmd_netlogon.c
index 2d1c351..ea63602 100644
--- a/source3/rpcclient/cmd_netlogon.c
+++ b/source3/rpcclient/cmd_netlogon.c
@@ -800,6 +800,11 @@ static NTSTATUS cmd_netlogon_sam_logon(struct
rpc_pipe_client *cli,
if (argc == 6)
sscanf(argv[5], "%x", &logon_param);
+ if (rpcclient_netlogon_creds == NULL) {
+ result = NT_STATUS_UNSUCCESSFUL;
+ goto done;
+ }
+
/* Perform the sam logon */
result = rpccli_netlogon_password_logon(rpcclient_netlogon_creds,
diff --git a/source3/smbd/smb2_create.c b/source3/smbd/smb2_create.c
index 2f9d500..ecedd08 100644
--- a/source3/smbd/smb2_create.c
+++ b/source3/smbd/smb2_create.c
@@ -695,6 +695,12 @@ static struct tevent_req *smbd_smb2_create_send(TALLOC_CTX
*mem_ctx,
}
if (exta) {
+ if (!lp_ea_support(SNUM(smb2req->tcon->compat))) {
+ tevent_req_nterror(req,
+ NT_STATUS_EAS_NOT_SUPPORTED);
+ return tevent_req_post(req, ev);
+ }
+
ea_list = read_nttrans_ea_list(mem_ctx,
(const char *)exta->data.data,
exta->data.length);
if (!ea_list) {
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index bed2220..a09143f 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1367,8 +1367,11 @@ static NTSTATUS winbind_samlogon_retry_loop(struct
winbindd_domain *domain,
return result;
}
netr_attempts = 0;
-
- if (interactive && username != NULL && password != NULL) {
+ if (domain->conn.netlogon_creds == NULL) {
+ DEBUG(3, ("No security credentials available for "
+ "domain [%s]\n", domainname));
+ result = NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+ } else if (interactive && username != NULL && password != NULL)
{
result =
rpccli_netlogon_password_logon(domain->conn.netlogon_creds,
netlogon_pipe->binding_handle,
mem_ctx,
--
Samba Shared Repository
