The branch, v4-2-stable has been updated via f03201a VERSION: Disable git snapshots for the 4.2.13 release. via 1ff9b09 WHATSNEW: Add release notes for Samba 4.2.13. via 3af9006 s3: krb5: keytab - The done label can be jumped to with context == NULL. via 4759f64 smbd: Fix an assert via 0ab3ef3 s3: auth: Move the declaration of struct dom_sid tmp_sid to function level scope. via 615516b s3:rpcclient: make use of SMB_SIGNING_IPC_DEFAULT via b6c9438 s3:smbd: fix anonymous authentication if signing is mandatory via 93155fa s3:ntlm_auth: make ntlm_auth_generate_session_info() more complete via e410d79 libcli/auth: let msrpc_parse() return talloc'ed empty strings via 0ef06ee VERSION: Bump version up to 4.2.12... from e4e16a1 VERSION: Disable git snapshots for the 4.2.12 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-2-stable - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 58 ++++++++++++++++++++++++++++++++++++++-- libcli/auth/msrpc_parse.c | 24 ++++++++++++++--- source3/auth/token_util.c | 2 +- source3/libads/kerberos_keytab.c | 18 ++++++------- source3/rpcclient/rpcclient.c | 13 ++++++++- source3/smbd/oplock.c | 1 + source3/smbd/sesssetup.c | 8 ++++-- source3/utils/ntlm_auth.c | 51 +++++++++++++++++++++++++++++++---- 9 files changed, 151 insertions(+), 26 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 9c39699..fb30286 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ ######################################################## SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=2 -SAMBA_VERSION_RELEASE=12 +SAMBA_VERSION_RELEASE=13 ######################################################## # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 8b3fcc8..d061b6c 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,59 @@ ============================== + Release Notes for Samba 4.2.13 + June 17, 2016 + ============================== + + +Although Samba 4.2 is in the security only mode, the Samba Team decided to ship +this very last bug fix release to address some important issues. + + +Changes since 4.2.12: +--------------------- + +o Jeremy Allison <j...@samba.org> + * BUG 10618: s3: auth: Move the declaration of struct dom_sid tmp_sid to + function level scope. + * BUG 11959: s3: krb5: keytab - The done label can be jumped to with + context == NULL. + + +o Volker Lendecke <v...@samba.org> + * BUG 11844: smbd: Fix an assert. + + +o Stefan Metzmacher <me...@samba.org> + * BUG 11910: s3:smbd: Fix anonymous authentication if signing is mandatory. + * BUG 11912: libcli/auth: Let msrpc_parse() return talloc'ed empty strings. + * BUG 11914: s3:ntlm_auth: Make ntlm_auth_generate_session_info() more + complete. + * BUG 11927: s3:rpcclient: Make use of SMB_SIGNING_IPC_DEFAULT. + + +####################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the "Samba 4.1 and newer" product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +Release notes for older releases follow: +---------------------------------------- + + ============================== Release Notes for Samba 4.2.12 May 02, 2016 ============================== @@ -124,8 +179,7 @@ database (https://bugzilla.samba.org/). ====================================================================== -Release notes for older releases follow: ----------------------------------------- +---------------------------------------------------------------------- ============================== diff --git a/libcli/auth/msrpc_parse.c b/libcli/auth/msrpc_parse.c index d499d9e..74a7bcc 100644 --- a/libcli/auth/msrpc_parse.c +++ b/libcli/auth/msrpc_parse.c @@ -262,7 +262,11 @@ bool msrpc_parse(TALLOC_CTX *mem_ctx, ps = va_arg(ap, char **); if (len1 == 0 && len2 == 0) { - *ps = (char *)discard_const(""); + *ps = talloc_strdup(mem_ctx, ""); + if (*ps == NULL) { + ret = false; + goto cleanup; + } } else { /* make sure its in the right format - be strict */ if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) { @@ -289,7 +293,11 @@ bool msrpc_parse(TALLOC_CTX *mem_ctx, goto cleanup; } } else { - (*ps) = (char *)discard_const(""); + *ps = talloc_strdup(mem_ctx, ""); + if (*ps == NULL) { + ret = false; + goto cleanup; + } } } break; @@ -302,7 +310,11 @@ bool msrpc_parse(TALLOC_CTX *mem_ctx, ps = (char **)va_arg(ap, char **); /* make sure its in the right format - be strict */ if (len1 == 0 && len2 == 0) { - *ps = (char *)discard_const(""); + *ps = talloc_strdup(mem_ctx, ""); + if (*ps == NULL) { + ret = false; + goto cleanup; + } } else { if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) { ret = false; @@ -325,7 +337,11 @@ bool msrpc_parse(TALLOC_CTX *mem_ctx, goto cleanup; } } else { - (*ps) = (char *)discard_const(""); + *ps = talloc_strdup(mem_ctx, ""); + if (*ps == NULL) { + ret = false; + goto cleanup; + } } } break; diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c index 9bb014c..f6ce131 100644 --- a/source3/auth/token_util.c +++ b/source3/auth/token_util.c @@ -673,6 +673,7 @@ static NTSTATUS create_token_from_sid(TALLOC_CTX *mem_ctx, gid_t *gids; struct dom_sid *group_sids; struct dom_sid unix_group_sid; + struct dom_sid tmp_sid; uint32_t num_group_sids; uint32_t num_gids; uint32_t i; @@ -756,7 +757,6 @@ static NTSTATUS create_token_from_sid(TALLOC_CTX *mem_ctx, *uid = sam_acct->unix_pw->pw_uid; } else if (sid_check_is_in_unix_users(user_sid)) { - struct dom_sid tmp_sid; uint32_t getgroups_num_group_sids; /* This is a unix user not in passdb. We need to ask nss * directly, without consulting passdb */ diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c index ae3d80e39..2068d03 100644 --- a/source3/libads/kerberos_keytab.c +++ b/source3/libads/kerberos_keytab.c @@ -742,26 +742,24 @@ done: TALLOC_FREE(oldEntries); TALLOC_FREE(frame); - { + if (context) { krb5_keytab_entry zero_kt_entry; + krb5_kt_cursor zero_csr; + ZERO_STRUCT(zero_kt_entry); + ZERO_STRUCT(zero_csr); + if (memcmp(&zero_kt_entry, &kt_entry, sizeof(krb5_keytab_entry))) { smb_krb5_kt_free_entry(context, &kt_entry); } - } - { - krb5_kt_cursor zero_csr; - ZERO_STRUCT(zero_csr); if ((memcmp(&cursor, &zero_csr, sizeof(krb5_kt_cursor)) != 0) && keytab) { krb5_kt_end_seq_get(context, keytab, &cursor); } - } - if (keytab) { - krb5_kt_close(context, keytab); - } - if (context) { + if (keytab) { + krb5_kt_close(context, keytab); + } krb5_free_context(context); } return ret; diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c index a35e422..ebe72b9 100644 --- a/source3/rpcclient/rpcclient.c +++ b/source3/rpcclient/rpcclient.c @@ -944,6 +944,7 @@ out_free: const char *binding_string = NULL; char *user, *domain, *q; const char *host; + int signing_state = SMB_SIGNING_IPC_DEFAULT; /* make sure the vars that get altered (4th field) are in a fixed location or certain compilers complain */ @@ -1116,6 +1117,16 @@ out_free: } } + signing_state = get_cmdline_auth_info_signing_state(rpcclient_auth_info); + switch (signing_state) { + case SMB_SIGNING_OFF: + lp_set_cmdline("client ipc signing", "no"); + break; + case SMB_SIGNING_REQUIRED: + lp_set_cmdline("client ipc signing", "required"); + break; + } + if (get_cmdline_auth_info_use_kerberos(rpcclient_auth_info)) { flags |= CLI_FULL_CONNECTION_USE_KERBEROS | CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS; @@ -1143,7 +1154,7 @@ out_free: get_cmdline_auth_info_domain(rpcclient_auth_info), get_cmdline_auth_info_password(rpcclient_auth_info), flags, - get_cmdline_auth_info_signing_state(rpcclient_auth_info)); + SMB_SIGNING_IPC_DEFAULT); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0,("Cannot connect to server. Error was %s\n", nt_errstr(nt_status))); diff --git a/source3/smbd/oplock.c b/source3/smbd/oplock.c index f50d3b9..9996b8b 100644 --- a/source3/smbd/oplock.c +++ b/source3/smbd/oplock.c @@ -190,6 +190,7 @@ bool update_num_read_oplocks(files_struct *fsp, struct share_mode_lock *lck) /* * If we're the only one, we don't need a brlock entry */ + remove_stale_share_mode_entries(d); SMB_ASSERT(d->num_share_modes == 1); SMB_ASSERT(EXCLUSIVE_OPLOCK_TYPE(d->share_modes[0].op_type)); return true; diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 77b8077..5d92af1 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -135,6 +135,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req) struct smbXsrv_connection *xconn = req->xconn; struct smbd_server_connection *sconn = req->sconn; uint16_t action = 0; + bool is_authenticated = false; NTTIME now = timeval_to_nttime(&req->request_time); struct smbXsrv_session *session = NULL; uint16_t smb_bufsize = SVAL(req->vwv+2, 0); @@ -328,12 +329,13 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req) sconn->num_users++; if (security_session_user_level(session_info, NULL) >= SECURITY_USER) { + is_authenticated = true; session->compat->homes_snum = register_homes_share(session_info->unix_info->unix_name); } if (srv_is_signing_negotiated(xconn) && - action == 0 && + is_authenticated && session->global->signing_key.length > 0) { /* @@ -592,6 +594,7 @@ void reply_sesssetup_and_X(struct smb_request *req) struct auth_session_info *session_info = NULL; uint16 smb_flag2 = req->flags2; uint16_t action = 0; + bool is_authenticated = false; NTTIME now = timeval_to_nttime(&req->request_time); struct smbXsrv_session *session = NULL; NTSTATUS nt_status; @@ -1029,12 +1032,13 @@ void reply_sesssetup_and_X(struct smb_request *req) sconn->num_users++; if (security_session_user_level(session_info, NULL) >= SECURITY_USER) { + is_authenticated = true; session->compat->homes_snum = register_homes_share(session_info->unix_info->unix_name); } if (srv_is_signing_negotiated(xconn) && - action == 0 && + is_authenticated && session->global->signing_key.length > 0) { /* diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index d01c522..0fa8997 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -27,6 +27,7 @@ #include "includes.h" #include "lib/param/param.h" #include "popt_common.h" +#include "libcli/security/security.h" #include "utils/ntlm_auth.h" #include "../libcli/auth/libcli_auth.h" #include "auth/ntlmssp/ntlmssp.h" @@ -705,18 +706,58 @@ static NTSTATUS ntlm_auth_generate_session_info(struct auth4_context *auth_conte uint32_t session_info_flags, struct auth_session_info **session_info_out) { - char *unix_username = (char *)server_returned_info; - struct auth_session_info *session_info = talloc_zero(mem_ctx, struct auth_session_info); - if (!session_info) { + const char *unix_username = (const char *)server_returned_info; + bool ok; + struct dom_sid *sids = NULL; + struct auth_session_info *session_info = NULL; + + session_info = talloc_zero(mem_ctx, struct auth_session_info); + if (session_info == NULL) { return NT_STATUS_NO_MEMORY; } session_info->unix_info = talloc_zero(session_info, struct auth_user_info_unix); - if (!session_info->unix_info) { + if (session_info->unix_info == NULL) { + TALLOC_FREE(session_info); + return NT_STATUS_NO_MEMORY; + } + session_info->unix_info->unix_name = talloc_strdup(session_info->unix_info, + unix_username); + if (session_info->unix_info->unix_name == NULL) { + TALLOC_FREE(session_info); + return NT_STATUS_NO_MEMORY; + } + + session_info->security_token = talloc_zero(session_info, struct security_token); + if (session_info->security_token == NULL) { TALLOC_FREE(session_info); return NT_STATUS_NO_MEMORY; } - session_info->unix_info->unix_name = talloc_steal(session_info->unix_info, unix_username); + + sids = talloc_zero_array(session_info->security_token, + struct dom_sid, 3); + if (sids == NULL) { + TALLOC_FREE(session_info); + return NT_STATUS_NO_MEMORY; + } + ok = dom_sid_parse(SID_WORLD, &sids[0]); + if (!ok) { + TALLOC_FREE(session_info); + return NT_STATUS_INTERNAL_ERROR; + } + ok = dom_sid_parse(SID_NT_NETWORK, &sids[1]); + if (!ok) { + TALLOC_FREE(session_info); + return NT_STATUS_INTERNAL_ERROR; + } + ok = dom_sid_parse(SID_NT_AUTHENTICATED_USERS, &sids[2]); + if (!ok) { + TALLOC_FREE(session_info); + return NT_STATUS_INTERNAL_ERROR; + } + + session_info->security_token->num_sids = talloc_array_length(sids); + session_info->security_token->sids = sids; *session_info_out = session_info; -- Samba Shared Repository