The branch, master has been updated
via 0dbab0e libnet: make Kerberos domain join site-aware
via 6d71740 dsgetdcname: fix flag check
via ef84f4c dsgetdcname: return an IP address on rediscovery
via 980f8cf idmap_autorid: Protect against corrupt databases
via 5652810 idmap_autorid: Fix a use-after-free
from f4b4872 s3: smbd: Change open_streams_for_delete() to take a struct
smb_filename *.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 0dbab0e33e9efc46f72b6a8b0dc894ea251df9aa
Author: Uri Simchoni <[email protected]>
Date: Thu Mar 3 09:18:58 2016 +0200
libnet: make Kerberos domain join site-aware
When joining a domain using Kerberos authentication, create a
configuration file for the Kerberos libs to prefer on-site
domain controllers, without relying on the winbindd Kerberos
locator, which many not be operational at this stage.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11769
Signed-off-by: Uri Simchoni <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
Autobuild-User(master): Jeremy Allison <[email protected]>
Autobuild-Date(master): Tue Mar 8 01:30:35 CET 2016 on sn-devel-144
commit 6d717402e42131298ba670ee47686379854ec56d
Author: Uri Simchoni <[email protected]>
Date: Thu Mar 3 09:18:57 2016 +0200
dsgetdcname: fix flag check
Fix the check for zero requseted flags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11769
Signed-off-by: Uri Simchoni <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
commit ef84f4c018424b1fcc232a4780dc2c0435701d86
Author: Uri Simchoni <[email protected]>
Date: Thu Mar 3 09:18:44 2016 +0200
dsgetdcname: return an IP address on rediscovery
When dsgetdcname return its result based on discovery
process (instead of retrieving cached value), always
return the found server's IP address in dc_address field,
rather than its netbios name.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11769
Signed-off-by: Uri Simchoni <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
commit 980f8cfe30577f2b14dfd2ac53a785f4395d980f
Author: Volker Lendecke <[email protected]>
Date: Wed Feb 10 09:02:12 2016 +0100
idmap_autorid: Protect against corrupt databases
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
commit 565281029546bd5ec06eb943da063894aeac97c4
Author: Volker Lendecke <[email protected]>
Date: Sun Mar 6 16:39:58 2016 +0100
idmap_autorid: Fix a use-after-free
Parsing the domain_range_index references data.dptr
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
source3/libnet/libnet_join.c | 52 ++++++++++++++++++++++++++++++++++++++++
source3/libsmb/dsgetdcname.c | 16 ++++++-------
source3/winbindd/idmap_autorid.c | 12 +++++++++-
3 files changed, 71 insertions(+), 9 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 6dce03c..fc737a2 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -2157,6 +2157,17 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx,
#ifdef HAVE_ADS
ADS_STATUS ads_status;
#endif /* HAVE_ADS */
+ const char *pre_connect_realm = NULL;
+ const char *numeric_dcip = NULL;
+ const char *sitename = NULL;
+
+ /* Before contacting a DC, we can securely know
+ * the realm only if the user specifies it.
+ */
+ if (r->in.use_kerberos &&
+ r->in.domain_name_type == JoinDomNameTypeDNS) {
+ pre_connect_realm = r->in.domain_name;
+ }
if (!r->in.dc_name) {
struct netr_DsRGetDCNameInfo *info;
@@ -2189,6 +2200,47 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx,
dc = strip_hostname(info->dc_unc);
r->in.dc_name = talloc_strdup(mem_ctx, dc);
W_ERROR_HAVE_NO_MEMORY(r->in.dc_name);
+
+ if (info->dc_address == NULL || info->dc_address[0] != '\\' ||
+ info->dc_address[1] != '\\') {
+ DBG_ERR("ill-formed DC address '%s'\n",
+ info->dc_address);
+ return WERR_DCNOTFOUND;
+ }
+
+ numeric_dcip = info->dc_address + 2;
+ sitename = info->dc_site_name;
+ /* info goes out of scope but the memory stays
+ allocated on the talloc context */
+ }
+
+ if (pre_connect_realm != NULL) {
+ struct sockaddr_storage ss = {0};
+
+ if (numeric_dcip != NULL) {
+ if (!interpret_string_addr(&ss, numeric_dcip,
+ AI_NUMERICHOST)) {
+ DBG_ERR(
+ "cannot parse IP address '%s' of DC '%s'\n",
+ numeric_dcip, r->in.dc_name);
+ return WERR_DCNOTFOUND;
+ }
+ } else {
+ if (!interpret_string_addr(&ss, r->in.dc_name, 0)) {
+ DBG_WARNING(
+ "cannot resolve IP address of DC '%s'\n",
+ r->in.dc_name);
+ return WERR_DCNOTFOUND;
+ }
+ }
+
+ /* The domain parameter is only used as modifier
+ * to krb5.conf file name. .JOIN is is not a valid
+ * NetBIOS name so it cannot clash with another domain
+ * -- Uri.
+ */
+ create_local_private_krb5_conf_for_domain(
+ pre_connect_realm, ".JOIN", sitename, &ss);
}
status = libnet_join_lookup_dc_rpc(mem_ctx, r, &cli);
diff --git a/source3/libsmb/dsgetdcname.c b/source3/libsmb/dsgetdcname.c
index a63ba5a..b5bc51df 100644
--- a/source3/libsmb/dsgetdcname.c
+++ b/source3/libsmb/dsgetdcname.c
@@ -284,7 +284,7 @@ static uint32_t get_cldap_reply_server_flags(struct
netlogon_samlogon_response *
static bool check_cldap_reply_required_flags(uint32_t ret_flags,
uint32_t req_flags)
{
- if (ret_flags == 0) {
+ if (req_flags == 0) {
return true;
}
@@ -792,14 +792,14 @@ static NTSTATUS make_dc_info_from_cldap_reply(TALLOC_CTX
*mem_ctx,
print_sockaddr(addr, sizeof(addr), ss);
dc_address = addr;
dc_address_type = DS_ADDRESS_TYPE_INET;
- }
-
- if (!ss && r->sockaddr.pdc_ip) {
- dc_address = r->sockaddr.pdc_ip;
- dc_address_type = DS_ADDRESS_TYPE_INET;
} else {
- dc_address = r->pdc_name;
- dc_address_type = DS_ADDRESS_TYPE_NETBIOS;
+ if (r->sockaddr.pdc_ip) {
+ dc_address = r->sockaddr.pdc_ip;
+ dc_address_type = DS_ADDRESS_TYPE_INET;
+ } else {
+ dc_address = r->pdc_name;
+ dc_address_type = DS_ADDRESS_TYPE_NETBIOS;
+ }
}
map_dc_and_domain_names(flags,
diff --git a/source3/winbindd/idmap_autorid.c b/source3/winbindd/idmap_autorid.c
index 76dccaa..20cd5b7 100644
--- a/source3/winbindd/idmap_autorid.c
+++ b/source3/winbindd/idmap_autorid.c
@@ -217,6 +217,13 @@ static NTSTATUS idmap_autorid_id_to_sid(struct
autorid_global_config *cfg,
return NT_STATUS_OK;
}
+ if (data.dptr[data.dsize-1] != '\0') {
+ DBG_WARNING("Invalid range %"PRIu32"\n", range_number);
+ TALLOC_FREE(data.dptr);
+ map->status = ID_UNKNOWN;
+ return NT_STATUS_OK;
+ }
+
if (strncmp((const char *)data.dptr,
ALLOC_RANGE,
strlen(ALLOC_RANGE)) == 0) {
@@ -231,8 +238,8 @@ static NTSTATUS idmap_autorid_id_to_sid(struct
autorid_global_config *cfg,
}
ok = dom_sid_parse_endp((const char *)data.dptr, &domsid, &q);
- TALLOC_FREE(data.dptr);
if (!ok) {
+ TALLOC_FREE(data.dptr);
map->status = ID_UNKNOWN;
return NT_STATUS_OK;
}
@@ -240,10 +247,13 @@ static NTSTATUS idmap_autorid_id_to_sid(struct
autorid_global_config *cfg,
if (sscanf(q+1, "%"SCNu32, &domain_range_index) != 1) {
DEBUG(10, ("Domain range index not found, "
"ignoring mapping request\n"));
+ TALLOC_FREE(data.dptr);
map->status = ID_UNKNOWN;
return NT_STATUS_OK;
}
+ TALLOC_FREE(data.dptr);
+
reduced_rid = normalized_id % cfg->rangesize;
rid = reduced_rid + domain_range_index * cfg->rangesize;
--
Samba Shared Repository
