The branch, v4-8-test has been updated
       via  60c7969 WHATSNEW: Domain member setups require winbindd
       via  e73deca nsswitch: fix wbinfo -m --verbose trust type "Local"
       via  d6753a1 libsmb: Use smb2 tcon if conn_protocol >= SMB2_02
       via  e176cab s3:smbd: Do not crash if we fail to init the session table
      from  efaf354 VERSION: Bump version up to 4.8.0rc5...

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-test


- Log -----------------------------------------------------------------
commit 60c7969e20ddc72d1d2a9dd1bd116d47df07ab02
Author: Stefan Metzmacher <me...@samba.org>
Date:   Fri Mar 2 16:16:41 2018 +0100

    WHATSNEW: Domain member setups require winbindd
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Ralph Boehme <s...@samba.org>
    
    Autobuild-User(v4-8-test): Stefan Metzmacher <me...@samba.org>
    Autobuild-Date(v4-8-test): Wed Mar  7 20:18:51 CET 2018 on sn-devel-144

commit e73deca6e359ff2a5e8c5d62c0cc8bebcb809ec3
Author: Ralph Boehme <s...@samba.org>
Date:   Thu Mar 1 11:43:39 2018 +0100

    nsswitch: fix wbinfo -m --verbose trust type "Local"
    
    Remove wrong "Local" strcmp(), there's another one, the correct one, a few 
lines
    below. Since commit 95e3307917b5731ab883ee5fce530c5b559b4934
    WBC_DOMINFO_TRUSTTYPE_NONE, which corresponded to the string "None" in the
    winbindd response, is not used anymore.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13313
    
    Signed-off-by: Ralph Boehme <s...@samba.org>
    Reviewed-by: Stefan Metzmacher <me...@samba.org>
    
    Autobuild-User(master): Jeremy Allison <j...@samba.org>
    Autobuild-Date(master): Fri Mar  2 05:49:18 CET 2018 on sn-devel-144
    
    (cherry picked from commit f59f6cefa11c4866d2ede47d9c9b415e3d5e233d)

commit d6753a1c87ab3c0320694e3ec6bf59e123162933
Author: Dan Robertson <drobert...@tripwire.com>
Date:   Thu Feb 22 20:47:11 2018 +0000

    libsmb: Use smb2 tcon if conn_protocol >= SMB2_02
    
    When the connection protocol is SMB2 the tid from the smb1 member is
    used instead of smb2 in cli_state_set_tid which often results in a null
    deref.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13310
    
    Signed-off-by: Dan Robertson <drobert...@tripwire.com>
    Reviewed-by: Jeremy Allison <j...@samba.org>
    Reviewed-by: Andreas Schneider <a...@samba.org>
    (cherry picked from commit b67ffaf518c971817b167b41bf6226cddfdcfd2f)

commit e176cabddd32168b0ee5f3493ff78eaadf6940e8
Author: Andreas Schneider <a...@samba.org>
Date:   Mon Feb 19 18:07:50 2018 +0100

    s3:smbd: Do not crash if we fail to init the session table
    
    This should the following segfault with SMB1:
    
      #6  sig_fault (sig=<optimized out>) at ../lib/util/fault.c:94
      #7  <signal handler called>
      #8  smbXsrv_session_create (conn=conn@entry=0x5654d3512af0, 
now=now@entry=131594481900356690, _session=_session@entry=0x7ffc93a778e8)
          at ../source3/smbd/smbXsrv_session.c:1212
      #9  0x00007f7618aa21ef in reply_sesssetup_and_X 
(req=req@entry=0x5654d35174b0) at ../source3/smbd/sesssetup.c:961
      #10 0x00007f7618ae17b0 in switch_message (type=<optimized out>, 
req=req@entry=0x5654d35174b0) at ../source3/smbd/process.c:1726
      #11 0x00007f7618ae3550 in construct_reply (deferred_pcd=0x0, 
encrypted=false, seqnum=0, unread_bytes=0, size=140, inbuf=0x0, 
xconn=0x5654d35146d0)
          at ../source3/smbd/process.c:1762
      #12 process_smb (xconn=xconn@entry=0x5654d3512af0, inbuf=<optimized out>, 
nread=140, unread_bytes=0, seqnum=0, encrypted=<optimized out>,
          deferred_pcd=deferred_pcd@entry=0x0) at ../source3/smbd/process.c:2008
      #13 0x00007f7618ae4c41 in smbd_server_connection_read_handler 
(xconn=0x5654d3512af0, fd=40) at ../source3/smbd/process.c:2608
      #14 0x00007f761587eedb in epoll_event_loop_once () from 
/lib64/libtevent.so.0
    
    Inspection the core shows that:
      conn->client-session_table is NULL
      conn->protocol is PROTOCOL_NONE
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13315
    
    Signed-off-by: Andreas Schneider <a...@samba.org>
    Reviewed-by: Jeremy Allison <j...@samba.org>
    (cherry picked from commit a89a7146563f2d9eb8bc02f1c090158ee499c878)

-----------------------------------------------------------------------

Summary of changes:
 WHATSNEW.txt                    |  7 +++++++
 nsswitch/libwbclient/wbc_util.c |  4 +---
 source3/libsmb/clientgen.c      |  2 +-
 source3/smbd/negprot.c          | 23 ++++++++++++++++++++---
 4 files changed, 29 insertions(+), 7 deletions(-)


Changeset truncated at 500 lines:

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 5151564..7692c5b 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -22,6 +22,13 @@ Unlike in previous releases a transparent downgrade is not 
possible.
 If you wish to downgrade such a DB to a Samba 4.7 or earlier version,
 please run the source4/scripting/bin/sambaundoguididx script first.
 
+Domain member setups require winbindd
+-------------------------------------
+
+Setups with "security = domain" or "security = ads" require a
+running 'winbindd' now. The fallback that smbd directly contacts
+domain controllers is gone.
+
 smbclient reparse point symlink parameters reversed
 ---------------------------------------------------
 
diff --git a/nsswitch/libwbclient/wbc_util.c b/nsswitch/libwbclient/wbc_util.c
index ecfcaa0..fc6a840 100644
--- a/nsswitch/libwbclient/wbc_util.c
+++ b/nsswitch/libwbclient/wbc_util.c
@@ -455,9 +455,7 @@ static wbcErr process_domain_info_string(struct 
wbcDomainInfo *info,
        *s = '\0';
        s++;
 
-       if (strcmp(r, "Local") == 0) {
-               info->trust_type = WBC_DOMINFO_TRUSTTYPE_NONE;
-       } else if (strncmp(r, "Routed", strlen("Routed")) == 0) {
+       if (strncmp(r, "Routed", strlen("Routed")) == 0) {
                info->trust_type = WBC_DOMINFO_TRUSTTYPE_NONE;
                info->trust_routing = strdup(r);
                BAIL_ON_PTR_ERROR(info->trust_routing, wbc_status);
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index 44afee1..2e4dd15 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -371,7 +371,7 @@ uint32_t cli_state_set_tid(struct cli_state *cli, uint32_t 
tid)
        uint32_t ret;
        if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
                ret = smb2cli_tcon_current_id(cli->smb2.tcon);
-               smb2cli_tcon_set_id(cli->smb1.tcon, tid);
+               smb2cli_tcon_set_id(cli->smb2.tcon, tid);
        } else {
                ret = smb1cli_tcon_current_id(cli->smb1.tcon);
                smb1cli_tcon_set_id(cli->smb1.tcon, tid);
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index 3a9363d..a36822e 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -65,6 +65,8 @@ static void reply_lanman1(struct smb_request *req, uint16_t 
choice)
        time_t t = time(NULL);
        struct smbXsrv_connection *xconn = req->xconn;
        uint16_t raw;
+       NTSTATUS status;
+
        if (lp_async_smb_echo_handler()) {
                raw = 0;
        } else {
@@ -88,7 +90,11 @@ static void reply_lanman1(struct smb_request *req, uint16_t 
choice)
                SSVAL(req->outbuf,smb_vwv11, 8);
        }
 
-       smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN1);
+       status = smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN1);
+       if (!NT_STATUS_IS_OK(status)) {
+               reply_nterror(req, status);
+               return;
+       }
 
        /* Reply, SMBlockread, SMBwritelock supported. */
        SCVAL(req->outbuf,smb_flg, FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
@@ -115,6 +121,8 @@ static void reply_lanman2(struct smb_request *req, uint16_t 
choice)
        time_t t = time(NULL);
        struct smbXsrv_connection *xconn = req->xconn;
        uint16_t raw;
+       NTSTATUS status;
+
        if (lp_async_smb_echo_handler()) {
                raw = 0;
        } else {
@@ -140,7 +148,11 @@ static void reply_lanman2(struct smb_request *req, 
uint16_t choice)
                SSVAL(req->outbuf,smb_vwv11, 8);
        }
 
-       smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN2);
+       status = smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN2);
+       if (!NT_STATUS_IS_OK(status)) {
+               reply_nterror(req, status);
+               return;
+       }
 
        /* Reply, SMBlockread, SMBwritelock supported. */
        SCVAL(req->outbuf,smb_flg,FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
@@ -260,6 +272,7 @@ static void reply_nt1(struct smb_request *req, uint16_t 
choice)
        struct smbXsrv_connection *xconn = req->xconn;
        bool signing_desired = false;
        bool signing_required = false;
+       NTSTATUS status;
 
        xconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
 
@@ -336,7 +349,11 @@ static void reply_nt1(struct smb_request *req, uint16_t 
choice)
        SSVAL(req->outbuf,smb_vwv0,choice);
        SCVAL(req->outbuf,smb_vwv1,secword);
 
-       smbXsrv_connection_init_tables(xconn, PROTOCOL_NT1);
+       status = smbXsrv_connection_init_tables(xconn, PROTOCOL_NT1);
+       if (!NT_STATUS_IS_OK(status)) {
+               reply_nterror(req, status);
+               return;
+       }
 
        SSVAL(req->outbuf,smb_vwv1+1, lp_max_mux()); /* maxmpx */
        SSVAL(req->outbuf,smb_vwv2+1, 1); /* num vcs */


-- 
Samba Shared Repository

Reply via email to