The branch, master has been updated
via 4cced4d s3:client: The smbspool krb5 wrapper needs negotiate for
authentication
via 5fe76a5 s3: smbd: Fix a read after free if a chained SMB1 call goes
async.
via 7f4e7cf s3/notifyd: ensure notifyd doesn't return from
smbd_notifyd_init
from 85b10a6 s3: drop build_env
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 4cced4da4ca97f0c6db227e6b2c7e03c2e5c1f28
Author: Andreas Schneider <[email protected]>
Date: Fri Jul 7 14:08:49 2017 +0200
s3:client: The smbspool krb5 wrapper needs negotiate for authentication
If you create a new printer it doesn't have AuthInfoRequired set and so
cups calls the backend with:
AUTH_INFO_REQUIRED=none
In this case we need to return:
ATTR: auth-info-required=negotiate
and return an error that we require authentication.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12886
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
Autobuild-User(master): Jeremy Allison <[email protected]>
Autobuild-Date(master): Sat Jul 15 06:43:47 CEST 2017 on sn-devel-144
commit 5fe76a5474823ed7602938a07c9c43226a7882a3
Author: Jeremy Allison <[email protected]>
Date: Thu Jul 13 12:06:58 2017 -0700
s3: smbd: Fix a read after free if a chained SMB1 call goes async.
Reported to the Samba Team by Yihan Lian <[email protected]>, a security
researcher of Qihoo 360 GearTeam. Thanks a lot!
smb1_parse_chain() incorrectly used talloc_tos() for the memory
context of the chained smb1 requests. This gets freed between
requests so if a chained request goes async, the saved request
array also is freed, which causes a crash on resume.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12836
Signed-off-by: Jeremy Allison <[email protected]>
Reviewed-by: Stefan Metzmacher <[email protected]>
commit 7f4e7cfd1b0bd917395c631a1a8195fffd13bbad
Author: Ralph Boehme <[email protected]>
Date: Fri Jul 14 16:38:36 2017 +0200
s3/notifyd: ensure notifyd doesn't return from smbd_notifyd_init
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12910
Signed-off-by: Ralph Boehme <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
source3/client/smbspool_krb5_wrapper.c | 29 +++++++++++++++++++----------
source3/smbd/process.c | 2 +-
source3/smbd/server.c | 8 +++++++-
3 files changed, 27 insertions(+), 12 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/client/smbspool_krb5_wrapper.c
b/source3/client/smbspool_krb5_wrapper.c
index bf97d82..a72006a 100644
--- a/source3/client/smbspool_krb5_wrapper.c
+++ b/source3/client/smbspool_krb5_wrapper.c
@@ -95,17 +95,26 @@ int main(int argc, char *argv[])
/* If not set, then just call smbspool. */
if (env == NULL) {
- CUPS_SMB_ERROR("AUTH_INFO_REQUIRED is not set");
- goto smbspool;
+ CUPS_SMB_DEBUG("AUTH_INFO_REQUIRED is not set - "
+ "execute smbspool");
+ goto smbspool;
} else {
- CUPS_SMB_DEBUG("AUTH_INFO_REQUIRED=%s", env);
- cmp = strcmp(env, "negotiate");
- /* If AUTH_INFO_REQUIRED != "negotiate" then call smbspool. */
- if (cmp != 0) {
- CUPS_SMB_ERROR(
- "AUTH_INFO_REQUIRED is not set to negotiate");
- goto smbspool;
- }
+ CUPS_SMB_DEBUG("AUTH_INFO_REQUIRED=%s", env);
+
+ cmp = strcmp(env, "username,password");
+ if (cmp == 0) {
+ CUPS_SMB_DEBUG("Authenticate using username/password - "
+ "execute smbspool");
+ goto smbspool;
+ }
+
+ /* if AUTH_INFO_REQUIRED=none */
+ cmp = strcmp(env, "negotiate");
+ if (cmp != 0) {
+ CUPS_SMB_ERROR("Authentication unsupported");
+ fprintf(stderr, "ATTR: auth-info-required=negotiate\n");
+ return CUPS_BACKEND_AUTH_REQUIRED;
+ }
}
uid = getuid();
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index a19b8b7..3765739 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -1785,7 +1785,7 @@ static void construct_reply_chain(struct
smbXsrv_connection *xconn,
unsigned num_reqs;
bool ok;
- ok = smb1_parse_chain(talloc_tos(), (uint8_t *)inbuf, xconn, encrypted,
+ ok = smb1_parse_chain(xconn, (uint8_t *)inbuf, xconn, encrypted,
seqnum, &reqs, &num_reqs);
if (!ok) {
char errbuf[smb_size];
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index e18a4e5..181bcd1 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -390,6 +390,7 @@ static bool smbd_notifyd_init(struct messaging_context
*msg, bool interactive,
struct tevent_req *req;
pid_t pid;
NTSTATUS status;
+ bool ok;
if (interactive) {
req = notifyd_req(msg, ev);
@@ -431,7 +432,12 @@ static bool smbd_notifyd_init(struct messaging_context
*msg, bool interactive,
messaging_send(msg, pid_to_procid(getppid()), MSG_SMB_NOTIFY_STARTED,
NULL);
- return tevent_req_poll(req, ev);
+ ok = tevent_req_poll(req, ev);
+ if (!ok) {
+ DBG_WARNING("tevent_req_poll returned %s\n", strerror(errno));
+ exit(1);
+ }
+ exit(0);
}
static void notifyd_init_trigger(struct tevent_req *req);
--
Samba Shared Repository
