The branch, master has been updated via 0dbab0e libnet: make Kerberos domain join site-aware via 6d71740 dsgetdcname: fix flag check via ef84f4c dsgetdcname: return an IP address on rediscovery via 980f8cf idmap_autorid: Protect against corrupt databases via 5652810 idmap_autorid: Fix a use-after-free from f4b4872 s3: smbd: Change open_streams_for_delete() to take a struct smb_filename *.
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 0dbab0e33e9efc46f72b6a8b0dc894ea251df9aa Author: Uri Simchoni <u...@samba.org> Date: Thu Mar 3 09:18:58 2016 +0200 libnet: make Kerberos domain join site-aware When joining a domain using Kerberos authentication, create a configuration file for the Kerberos libs to prefer on-site domain controllers, without relying on the winbindd Kerberos locator, which many not be operational at this stage. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11769 Signed-off-by: Uri Simchoni <u...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Tue Mar 8 01:30:35 CET 2016 on sn-devel-144 commit 6d717402e42131298ba670ee47686379854ec56d Author: Uri Simchoni <u...@samba.org> Date: Thu Mar 3 09:18:57 2016 +0200 dsgetdcname: fix flag check Fix the check for zero requseted flags. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11769 Signed-off-by: Uri Simchoni <u...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit ef84f4c018424b1fcc232a4780dc2c0435701d86 Author: Uri Simchoni <u...@samba.org> Date: Thu Mar 3 09:18:44 2016 +0200 dsgetdcname: return an IP address on rediscovery When dsgetdcname return its result based on discovery process (instead of retrieving cached value), always return the found server's IP address in dc_address field, rather than its netbios name. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11769 Signed-off-by: Uri Simchoni <u...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 980f8cfe30577f2b14dfd2ac53a785f4395d980f Author: Volker Lendecke <v...@samba.org> Date: Wed Feb 10 09:02:12 2016 +0100 idmap_autorid: Protect against corrupt databases Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 565281029546bd5ec06eb943da063894aeac97c4 Author: Volker Lendecke <v...@samba.org> Date: Sun Mar 6 16:39:58 2016 +0100 idmap_autorid: Fix a use-after-free Parsing the domain_range_index references data.dptr Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> ----------------------------------------------------------------------- Summary of changes: source3/libnet/libnet_join.c | 52 ++++++++++++++++++++++++++++++++++++++++ source3/libsmb/dsgetdcname.c | 16 ++++++------- source3/winbindd/idmap_autorid.c | 12 +++++++++- 3 files changed, 71 insertions(+), 9 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 6dce03c..fc737a2 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -2157,6 +2157,17 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, #ifdef HAVE_ADS ADS_STATUS ads_status; #endif /* HAVE_ADS */ + const char *pre_connect_realm = NULL; + const char *numeric_dcip = NULL; + const char *sitename = NULL; + + /* Before contacting a DC, we can securely know + * the realm only if the user specifies it. + */ + if (r->in.use_kerberos && + r->in.domain_name_type == JoinDomNameTypeDNS) { + pre_connect_realm = r->in.domain_name; + } if (!r->in.dc_name) { struct netr_DsRGetDCNameInfo *info; @@ -2189,6 +2200,47 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, dc = strip_hostname(info->dc_unc); r->in.dc_name = talloc_strdup(mem_ctx, dc); W_ERROR_HAVE_NO_MEMORY(r->in.dc_name); + + if (info->dc_address == NULL || info->dc_address[0] != '\\' || + info->dc_address[1] != '\\') { + DBG_ERR("ill-formed DC address '%s'\n", + info->dc_address); + return WERR_DCNOTFOUND; + } + + numeric_dcip = info->dc_address + 2; + sitename = info->dc_site_name; + /* info goes out of scope but the memory stays + allocated on the talloc context */ + } + + if (pre_connect_realm != NULL) { + struct sockaddr_storage ss = {0}; + + if (numeric_dcip != NULL) { + if (!interpret_string_addr(&ss, numeric_dcip, + AI_NUMERICHOST)) { + DBG_ERR( + "cannot parse IP address '%s' of DC '%s'\n", + numeric_dcip, r->in.dc_name); + return WERR_DCNOTFOUND; + } + } else { + if (!interpret_string_addr(&ss, r->in.dc_name, 0)) { + DBG_WARNING( + "cannot resolve IP address of DC '%s'\n", + r->in.dc_name); + return WERR_DCNOTFOUND; + } + } + + /* The domain parameter is only used as modifier + * to krb5.conf file name. .JOIN is is not a valid + * NetBIOS name so it cannot clash with another domain + * -- Uri. + */ + create_local_private_krb5_conf_for_domain( + pre_connect_realm, ".JOIN", sitename, &ss); } status = libnet_join_lookup_dc_rpc(mem_ctx, r, &cli); diff --git a/source3/libsmb/dsgetdcname.c b/source3/libsmb/dsgetdcname.c index a63ba5a..b5bc51df 100644 --- a/source3/libsmb/dsgetdcname.c +++ b/source3/libsmb/dsgetdcname.c @@ -284,7 +284,7 @@ static uint32_t get_cldap_reply_server_flags(struct netlogon_samlogon_response * static bool check_cldap_reply_required_flags(uint32_t ret_flags, uint32_t req_flags) { - if (ret_flags == 0) { + if (req_flags == 0) { return true; } @@ -792,14 +792,14 @@ static NTSTATUS make_dc_info_from_cldap_reply(TALLOC_CTX *mem_ctx, print_sockaddr(addr, sizeof(addr), ss); dc_address = addr; dc_address_type = DS_ADDRESS_TYPE_INET; - } - - if (!ss && r->sockaddr.pdc_ip) { - dc_address = r->sockaddr.pdc_ip; - dc_address_type = DS_ADDRESS_TYPE_INET; } else { - dc_address = r->pdc_name; - dc_address_type = DS_ADDRESS_TYPE_NETBIOS; + if (r->sockaddr.pdc_ip) { + dc_address = r->sockaddr.pdc_ip; + dc_address_type = DS_ADDRESS_TYPE_INET; + } else { + dc_address = r->pdc_name; + dc_address_type = DS_ADDRESS_TYPE_NETBIOS; + } } map_dc_and_domain_names(flags, diff --git a/source3/winbindd/idmap_autorid.c b/source3/winbindd/idmap_autorid.c index 76dccaa..20cd5b7 100644 --- a/source3/winbindd/idmap_autorid.c +++ b/source3/winbindd/idmap_autorid.c @@ -217,6 +217,13 @@ static NTSTATUS idmap_autorid_id_to_sid(struct autorid_global_config *cfg, return NT_STATUS_OK; } + if (data.dptr[data.dsize-1] != '\0') { + DBG_WARNING("Invalid range %"PRIu32"\n", range_number); + TALLOC_FREE(data.dptr); + map->status = ID_UNKNOWN; + return NT_STATUS_OK; + } + if (strncmp((const char *)data.dptr, ALLOC_RANGE, strlen(ALLOC_RANGE)) == 0) { @@ -231,8 +238,8 @@ static NTSTATUS idmap_autorid_id_to_sid(struct autorid_global_config *cfg, } ok = dom_sid_parse_endp((const char *)data.dptr, &domsid, &q); - TALLOC_FREE(data.dptr); if (!ok) { + TALLOC_FREE(data.dptr); map->status = ID_UNKNOWN; return NT_STATUS_OK; } @@ -240,10 +247,13 @@ static NTSTATUS idmap_autorid_id_to_sid(struct autorid_global_config *cfg, if (sscanf(q+1, "%"SCNu32, &domain_range_index) != 1) { DEBUG(10, ("Domain range index not found, " "ignoring mapping request\n")); + TALLOC_FREE(data.dptr); map->status = ID_UNKNOWN; return NT_STATUS_OK; } + TALLOC_FREE(data.dptr); + reduced_rid = normalized_id % cfg->rangesize; rid = reduced_rid + domain_range_index * cfg->rangesize; -- Samba Shared Repository