The branch, v4-7-test has been updated via 825aea7 s4:rpc_server: fix call_id truncation in dcesrv_find_fragmented_call() via bdfdf93 tests:dcerpc/raw_protocol: reproduce call_id truncation bug via 7a636de winbindd: initialize type = SID_NAME_UNKNOWN in wb_lookupsids_single_done() via d1869c6 winbindd: don't split the rid for SID_NAME_DOMAIN sids in wb_lookupsids from 38af417 s3:passdb: Do not return OK if we don't have pinfo set up
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test - Log ----------------------------------------------------------------- commit 825aea77e5cb4d600933b6493633c8ed0515f783 Author: Stefan Metzmacher <me...@samba.org> Date: Wed Feb 21 00:49:55 2018 +0100 s4:rpc_server: fix call_id truncation in dcesrv_find_fragmented_call() BUG: https://bugzilla.samba.org/show_bug.cgi?id=13289 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> Autobuild-User(master): Ralph Böhme <s...@samba.org> Autobuild-Date(master): Wed Feb 21 19:02:56 CET 2018 on sn-devel-144 (cherry picked from commit 5d113f80944f2e1d2a7e80f73aea7a4cfdfbd140) Autobuild-User(v4-7-test): Karolin Seeger <ksee...@samba.org> Autobuild-Date(v4-7-test): Wed Apr 25 13:15:10 CEST 2018 on sn-devel-144 commit bdfdf93f0ca2bc847d640733bbaa71efb0d8e262 Author: Stefan Metzmacher <me...@samba.org> Date: Wed Feb 21 00:50:26 2018 +0100 tests:dcerpc/raw_protocol: reproduce call_id truncation bug We need to make sure the server handles call_id values > UINT16_MAX. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13289 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> (cherry picked from commit 65e8edb382fbc7450919aad8b42cfcae9e779d11) commit 7a636de5fabdf1f46fe9f7178114540b48e00b39 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Jan 23 23:52:59 2018 +0100 winbindd: initialize type = SID_NAME_UNKNOWN in wb_lookupsids_single_done() We check for !NT_STATUS_LOOKUP_ERR(), but wb_lookupsid_recv() only initializes the results together with NT_STATUS_OK. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13280 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> (cherry picked from commit b5ffa0e21f74fa0c452df38cf50e542eb278562d) commit d1869c670fb2d9ccca0c2ad17c5901d42449d54e Author: Stefan Metzmacher <me...@samba.org> Date: Tue Jan 23 14:34:45 2018 +0100 winbindd: don't split the rid for SID_NAME_DOMAIN sids in wb_lookupsids Bug: https://bugzilla.samba.org/show_bug.cgi?id=13279 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> (cherry picked from commit 17c48f26dea5701feed1c24769348f332695391c) ----------------------------------------------------------------------- Summary of changes: python/samba/tests/dcerpc/raw_protocol.py | 2 +- source3/winbindd/wb_lookupsids.c | 6 ++++-- source4/rpc_server/dcerpc_server.c | 2 +- 3 files changed, 6 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/python/samba/tests/dcerpc/raw_protocol.py b/python/samba/tests/dcerpc/raw_protocol.py index 587df54..ff815e9 100755 --- a/python/samba/tests/dcerpc/raw_protocol.py +++ b/python/samba/tests/dcerpc/raw_protocol.py @@ -1974,7 +1974,7 @@ class TestDCERPC_BIND(RawDCERPCTest): # And now try a request without auth_info # netr_ServerReqChallenge() - req = self.generate_request(call_id = 2, + req = self.generate_request(call_id = 0x21234, pfc_flags=pfc_flags, context_id=ctx.context_id, opnum=4, diff --git a/source3/winbindd/wb_lookupsids.c b/source3/winbindd/wb_lookupsids.c index f2b2768..bd90c43 100644 --- a/source3/winbindd/wb_lookupsids.c +++ b/source3/winbindd/wb_lookupsids.c @@ -513,7 +513,7 @@ static void wb_lookupsids_single_done(struct tevent_req *subreq) req, struct wb_lookupsids_state); const char *domain_name = NULL; const char *name = NULL; - enum lsa_SidType type; + enum lsa_SidType type = SID_NAME_UNKNOWN; uint32_t res_sid_index; uint32_t src_rid; @@ -545,7 +545,9 @@ static void wb_lookupsids_single_done(struct tevent_req *subreq) */ sid_copy(&src_domain_sid, &state->sids[res_sid_index]); - sid_split_rid(&src_domain_sid, &src_rid); + if (type != SID_NAME_DOMAIN) { + sid_split_rid(&src_domain_sid, &src_rid); + } src_domain.name.string = domain_name; src_domain.sid = &src_domain_sid; diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c index 6a985c5..262eb70 100644 --- a/source4/rpc_server/dcerpc_server.c +++ b/source4/rpc_server/dcerpc_server.c @@ -239,7 +239,7 @@ const struct dcesrv_interface *find_interface_by_uuid(const struct dcesrv_endpoi /* find the earlier parts of a fragmented call awaiting reassembily */ -static struct dcesrv_call_state *dcesrv_find_fragmented_call(struct dcesrv_connection *dce_conn, uint16_t call_id) +static struct dcesrv_call_state *dcesrv_find_fragmented_call(struct dcesrv_connection *dce_conn, uint32_t call_id) { struct dcesrv_call_state *c; for (c=dce_conn->incoming_fragmented_call_list;c;c=c->next) { -- Samba Shared Repository