[SCM] Samba Shared Repository - branch master updated

2013-04-30 Thread Stefan Metzmacher 
The branch, master has been updated
   via  5f82641 libsmb: Use sizeof instead of explicit numbers
   via  b8c1e30 libsmb: Use smb2_lease_push in smb2_create_send
   via  a8edad3 libcli: Add smb2_lease marshalling
   via  96a8f6e libsmb: Move "struct smb2_lease" to common
  from  7e80793 check_parent_exists() can change errno. Ensure we preserve 
it across calls.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 5f82641553e33bc236b6c8a4f5cfc1cf3b722eea
Author: Volker Lendecke 
Date:   Thu Apr 25 14:24:08 2013 +0200

libsmb: Use sizeof instead of explicit numbers

Signed-off-by: Volker Lendecke 
Reviewed-by: Stefan Metzmacher 

Autobuild-User(master): Stefan Metzmacher 
Autobuild-Date(master): Tue Apr 30 16:02:19 CEST 2013 on sn-devel-104

commit b8c1e30a6f2213c0dbb43a55bd5e1f498a610cab
Author: Volker Lendecke 
Date:   Thu Apr 25 14:19:36 2013 +0200

libsmb: Use smb2_lease_push in smb2_create_send

Signed-off-by: Volker Lendecke 
Reviewed-by: Stefan Metzmacher 

commit a8edad3743a60b9521b2cd759e22e6350c41cc06
Author: Volker Lendecke 
Date:   Wed Apr 17 17:04:38 2013 +0200

libcli: Add smb2_lease marshalling

Signed-off-by: Volker Lendecke 
Reviewed-by: Stefan Metzmacher 

commit 96a8f6e0fb9042fe125c9552dfb4c3f6d19cb225
Author: Volker Lendecke 
Date:   Wed Apr 17 16:48:21 2013 +0200

libsmb: Move "struct smb2_lease" to common

Signed-off-by: Volker Lendecke 
Reviewed-by: Stefan Metzmacher 

---

Summary of changes:
 libcli/smb/smb2_lease.c |   86 +++
 libcli/smb/smb2_lease.h |   50 ++
 libcli/smb/smb_common.h |1 +
 libcli/smb/wscript  |2 +
 source4/libcli/raw/interfaces.h |   17 
 source4/libcli/smb2/create.c|   34 +++
 6 files changed, 155 insertions(+), 35 deletions(-)
 create mode 100644 libcli/smb/smb2_lease.c
 create mode 100644 libcli/smb/smb2_lease.h


Changeset truncated at 500 lines:

diff --git a/libcli/smb/smb2_lease.c b/libcli/smb/smb2_lease.c
new file mode 100644
index 000..10beaca
--- /dev/null
+++ b/libcli/smb/smb2_lease.c
@@ -0,0 +1,86 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   SMB2 Lease context handling
+
+   Copyright (C) Stefan Metzmacher 2012
+   Copyright (C) Volker Lendecke 2013
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see .
+*/
+
+#include "includes.h"
+#include "../libcli/smb/smb_common.h"
+
+ssize_t smb2_lease_pull(uint8_t *buf, size_t len, struct smb2_lease *lease)
+{
+   int version;
+
+   switch (len) {
+   case 32:
+   version = 1;
+   break;
+   case 52:
+   version = 2;
+   break;
+   default:
+   return -1;
+   }
+
+   memcpy(&lease->lease_key, buf, 16);
+   lease->lease_state = IVAL(buf, 16);
+   lease->lease_flags = IVAL(buf, 20);
+   lease->lease_duration = BVAL(buf, 24);
+
+   switch (version) {
+   case 1:
+   memcpy(&lease->parent_lease_key, buf+32, 16);
+   lease->lease_epoch = SVAL(buf, 48);
+   break;
+   case 2:
+   ZERO_STRUCT(lease->parent_lease_key);
+   lease->lease_epoch = 0;
+   break;
+   }
+
+   return len;
+}
+
+bool smb2_lease_push(const struct smb2_lease *lease, uint8_t *buf, size_t len)
+{
+   int version;
+
+   switch (len) {
+   case 32:
+   version = 1;
+   break;
+   case 52:
+   version = 2;
+   break;
+   default:
+   return false;
+   }
+
+   memcpy(&buf[0], &lease->lease_key, 16);
+   SIVAL(buf, 16, lease->lease_state);
+   SIVAL(buf, 20, lease->lease_flags);
+   SBVAL(buf, 24, lease->lease_duration);
+
+   if (version == 2) {
+   memcpy(&buf[32], &lease->parent_lease_key, 16);
+   SIVAL(buf, 48, lease->lease_epoch);
+   }
+
+   return true;
+}
diff --git a/libcli/smb/smb2_lease.h b/libcli/smb/smb2_lease.h
new file mode 100644
index 000..fa8e7af
--- /dev/null
+++ b/libcli/smb/smb2_lease.h
@@ -0,0 +1,50 @@
+/*
+   Unix SMB/CIFS implementation.
+
+

autobuild: intermittent test failure detected

2013-04-30 Thread autobuild 
The autobuild test system has detected an intermittent failing test in 
the current master tree.

The autobuild log of the failure is available here:

   http://git.samba.org/autobuild.flakey/2013-04-30-1232/flakey.log

The samba3 build logs are available here:

   http://git.samba.org/autobuild.flakey/2013-04-30-1232/samba3.stderr
   http://git.samba.org/autobuild.flakey/2013-04-30-1232/samba3.stdout

The source4 build logs are available here:

   http://git.samba.org/autobuild.flakey/2013-04-30-1232/samba.stderr
   http://git.samba.org/autobuild.flakey/2013-04-30-1232/samba.stdout
  
The top commit at the time of the failure was:

commit 7e807934e6550308efed814a20ce6d6dabbad557
Author: Anand Avati 
Date:   Mon Apr 29 15:21:00 2013 -0700

check_parent_exists() can change errno. Ensure we preserve it across calls.

Reviewed-by: Jeremy Allison 
Reviewed-by: Volker Lendecke 

Autobuild-User(master): Volker Lendecke 
Autobuild-Date(master): Tue Apr 30 11:00:11 CEST 2013 on sn-devel-104

[SCM] Samba Shared Repository - branch v4-0-test updated

2013-04-30 Thread Karolin Seeger 
The branch, v4-0-test has been updated
   via  ae3aa28 BUG 9817: Fix 'map untrusted to domain' with NTLMv2.
   via  ad6f289 bug 9830: fix panic in nt_printer_publish_ads
   via  6886a68 s3:librpc: add support for PFC_FLAG_OBJECT_UUID when 
parsing packets (bug #9382)
  from  7e140cf Ensure the RECVFILE path in vfs_pwrite_data() operates on a 
blocking socket.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test


- Log -
commit ae3aa281ab43f67d4f8337bafdefc08bd44712ea
Author: Andreas Schneider 
Date:   Wed Apr 24 15:27:21 2013 +0200

BUG 9817: Fix 'map untrusted to domain' with NTLMv2.

Signed-off-by: Andreas Schneider 
Reviewed-by: Günther Deschner 
Reviewed-by: Stefan Metzmacher 

Autobuild-User(master): Andreas Schneider 
Autobuild-Date(master): Wed Apr 24 17:14:48 CEST 2013 on sn-devel-104

Autobuild-User(v4-0-test): Karolin Seeger 
Autobuild-Date(v4-0-test): Tue Apr 30 11:16:19 CEST 2013 on sn-devel-104

commit ad6f2896dc558e7020d2727ed559b71f1c857098
Author: David Disseldorp 
Date:   Thu Apr 25 16:41:17 2013 +0200

bug 9830: fix panic in nt_printer_publish_ads

Check for ads_find_machine_acct() errors, to ensure a NULL LDAPMessage
pointer doesn't get passed to ldap_get_dn().

Signed-off-by: David Disseldorp 
Reviewed-By: Günther Deschner 

commit 6886a687388c33e48ce3c6caf7bd3cd392d6140e
Author: Stefan Metzmacher 
Date:   Mon Nov 12 10:16:50 2012 +0100

s3:librpc: add support for PFC_FLAG_OBJECT_UUID when parsing packets (bug 
#9382)

Now the logic matches the one in dcerpc_read_ncacn_packet_done().

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Michael Adam 
Reviewed-by: David Disseldorp 

---

Summary of changes:
 source3/auth/auth_winbind.c |   10 --
 source3/librpc/rpc/dcerpc_helpers.c |4 
 source3/printing/nt_printing_ads.c  |   10 --
 3 files changed, 20 insertions(+), 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c
index d4ace2c..2b5c84d 100644
--- a/source3/auth/auth_winbind.c
+++ b/source3/auth/auth_winbind.c
@@ -62,9 +62,15 @@ static NTSTATUS check_winbind_security(const struct 
auth_context *auth_context,
}
 
/* Send off request */
-
params.account_name = user_info->client.account_name;
-   params.domain_name  = user_info->mapped.domain_name;
+   /*
+* We need to send the domain name from the client to the DC. With
+* NTLMv2 the domain name is part of the hashed second challenge,
+* if we change the domain name, the DC will fail to verify the
+* challenge cause we changed the domain name, this is like a
+* man in the middle attack.
+*/
+   params.domain_name  = user_info->client.domain_name;
params.workstation_name = user_info->workstation_name;
 
params.flags= 0;
diff --git a/source3/librpc/rpc/dcerpc_helpers.c 
b/source3/librpc/rpc/dcerpc_helpers.c
index 5f8c793..d36c2da 100644
--- a/source3/librpc/rpc/dcerpc_helpers.c
+++ b/source3/librpc/rpc/dcerpc_helpers.c
@@ -111,6 +111,10 @@ NTSTATUS dcerpc_pull_ncacn_packet(TALLOC_CTX *mem_ctx,
ndr->flags |= LIBNDR_FLAG_BIGENDIAN;
}
 
+   if (CVAL(blob->data, DCERPC_PFC_OFFSET) & DCERPC_PFC_FLAG_OBJECT_UUID) {
+   ndr->flags |= LIBNDR_FLAG_OBJECT_PRESENT;
+   }
+
ndr_err = ndr_pull_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, r);
 
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
diff --git a/source3/printing/nt_printing_ads.c 
b/source3/printing/nt_printing_ads.c
index b99a972..3a2baf4 100644
--- a/source3/printing/nt_printing_ads.c
+++ b/source3/printing/nt_printing_ads.c
@@ -192,17 +192,23 @@ static WERROR nt_printer_publish_ads(struct 
messaging_context *msg_ctx,
DEBUG(5, ("publishing printer %s\n", printer));
 
/* figure out where to publish */
-   ads_find_machine_acct(ads, &res, lp_netbios_name());
+   ads_rc = ads_find_machine_acct(ads, &res, lp_netbios_name());
+   if (!ADS_ERR_OK(ads_rc)) {
+   DEBUG(0, ("failed to find machine account for %s\n",
+ lp_netbios_name()));
+   TALLOC_FREE(ctx);
+   return WERR_NOT_FOUND;
+   }
 
/* We use ldap_get_dn here as we need the answer
 * in utf8 to call ldap_explode_dn(). JRA. */
 
srv_dn_utf8 = ldap_get_dn((LDAP *)ads->ldap.ld, (LDAPMessage *)res);
+   ads_msgfree(ads, res);
if (!srv_dn_utf8) {
TALLOC_FREE(ctx);
return WERR_SERVER_UNAVAILABLE;
}
-   ads_msgfree(ads, res);
srv_cn_utf8 = ldap_explode_dn(srv_dn_utf8, 1);
if (!srv_cn_utf8) {
TALLOC_FREE(ctx);


-- 
Samba Shar

[SCM] Samba Shared Repository - branch master updated

2013-04-30 Thread Volker Lendecke 
The branch, master has been updated
   via  7e80793 check_parent_exists() can change errno. Ensure we preserve 
it across calls.
   via  c672ef1 winbind4: Fix bug 9832 -- talloc use after free
  from  08d7cae regedit: Use color only when available.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 7e807934e6550308efed814a20ce6d6dabbad557
Author: Anand Avati 
Date:   Mon Apr 29 15:21:00 2013 -0700

check_parent_exists() can change errno. Ensure we preserve it across calls.

Reviewed-by: Jeremy Allison 
Reviewed-by: Volker Lendecke 

Autobuild-User(master): Volker Lendecke 
Autobuild-Date(master): Tue Apr 30 11:00:11 CEST 2013 on sn-devel-104

commit c672ef11b1ed663b6366f321d3628acf05b3d0fe
Author: Volker Lendecke 
Date:   Mon Apr 29 18:40:08 2013 +0200

winbind4: Fix bug 9832 -- talloc use after free

Signed-off-by: Volker Lendecke 
Reviewed-by: Stefan Metzmacher 

---

Summary of changes:
 source3/smbd/filename.c |9 -
 source4/winbind/wb_server.c |2 +-
 2 files changed, 9 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c
index efa39f4..03e1d2d 100644
--- a/source3/smbd/filename.c
+++ b/source3/smbd/filename.c
@@ -450,13 +450,17 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx,
 
if (errno == ENOENT) {
/* Optimization when creating a new file - only
-  the last component doesn't exist. */
+  the last component doesn't exist.
+  NOTE : check_parent_exists() doesn't preserve errno.
+   */
+   int saved_errno = errno;
status = check_parent_exists(ctx,
conn,
posix_pathnames,
smb_fname,
&dirpath,
&start);
+   errno = saved_errno;
if (!NT_STATUS_IS_OK(status)) {
goto fail;
}
@@ -529,13 +533,16 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx,
 * Optimization for common case where the wildcard
 * is in the last component and the client already
 * sent the correct case.
+* NOTE : check_parent_exists() doesn't preserve errno.
 */
+   int saved_errno = errno;
status = check_parent_exists(ctx,
conn,
posix_pathnames,
smb_fname,
&dirpath,
&start);
+   errno = saved_errno;
if (!NT_STATUS_IS_OK(status)) {
goto fail;
}
diff --git a/source4/winbind/wb_server.c b/source4/winbind/wb_server.c
index f036749..335bdbc 100644
--- a/source4/winbind/wb_server.c
+++ b/source4/winbind/wb_server.c
@@ -75,7 +75,7 @@ static void wbsrv_call_loop(struct tevent_req *subreq)
if (!NT_STATUS_IS_OK(status)) {
const char *reason;
 
-   reason = talloc_asprintf(call, "wbsrv_call_loop: "
+   reason = talloc_asprintf(wbsrv_conn, "wbsrv_call_loop: "
 "tstream_read_pdu_blob_recv() - %s",
 nt_errstr(status));
if (!reason) {


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-6-test updated

2013-04-30 Thread Karolin Seeger 
The branch, v3-6-test has been updated
   via  6287391 BUG 9817: Fix 'map untrusted to domain' with NTLMv2.
  from  dd07b3c bug 9830: fix panic in nt_printer_publish_ads

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test


- Log -
commit 62873916076d748f7c91868a6cd28d35e64d8dca
Author: Andreas Schneider 
Date:   Wed Apr 24 15:27:21 2013 +0200

BUG 9817: Fix 'map untrusted to domain' with NTLMv2.

Signed-off-by: Andreas Schneider 
Reviewed-by: Günther Deschner 
Reviewed-by: Stefan Metzmacher 

Autobuild-User(master): Andreas Schneider 
Autobuild-Date(master): Wed Apr 24 17:14:48 CEST 2013 on sn-devel-104

---

Summary of changes:
 source3/auth/auth_winbind.c |   10 --
 1 files changed, 8 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c
index 2143353..57a8866 100644
--- a/source3/auth/auth_winbind.c
+++ b/source3/auth/auth_winbind.c
@@ -62,9 +62,15 @@ static NTSTATUS check_winbind_security(const struct 
auth_context *auth_context,
}
 
/* Send off request */
-
params.account_name = user_info->client.account_name;
-   params.domain_name  = user_info->mapped.domain_name;
+   /*
+* We need to send the domain name from the client to the DC. With
+* NTLMv2 the domain name is part of the hashed second challenge,
+* if we change the domain name, the DC will fail to verify the
+* challenge cause we changed the domain name, this is like a
+* man in the middle attack.
+*/
+   params.domain_name  = user_info->client.domain_name;
params.workstation_name = user_info->workstation_name;
 
params.flags= 0;


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-6-test updated

2013-04-30 Thread Karolin Seeger 
The branch, v3-6-test has been updated
   via  dd07b3c bug 9830: fix panic in nt_printer_publish_ads
  from  65860c5 s3:librpc: add support for PFC_FLAG_OBJECT_UUID when 
parsing packets (bug #9382)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test


- Log -
commit dd07b3c4973b169f07d227869dba8d0f4a76569a
Author: David Disseldorp 
Date:   Thu Apr 25 16:01:54 2013 +0200

bug 9830: fix panic in nt_printer_publish_ads

Check for ads_find_machine_acct() errors, to ensure a NULL LDAPMessage
pointer doesn't get passed to ldap_get_dn().

Signed-off-by: David Disseldorp 

---

Summary of changes:
 source3/printing/nt_printing_ads.c |   10 --
 1 files changed, 8 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/printing/nt_printing_ads.c 
b/source3/printing/nt_printing_ads.c
index 5a0cd24..219124f 100644
--- a/source3/printing/nt_printing_ads.c
+++ b/source3/printing/nt_printing_ads.c
@@ -192,17 +192,23 @@ static WERROR nt_printer_publish_ads(struct 
messaging_context *msg_ctx,
DEBUG(5, ("publishing printer %s\n", printer));
 
/* figure out where to publish */
-   ads_find_machine_acct(ads, &res, global_myname());
+   ads_rc = ads_find_machine_acct(ads, &res, global_myname());
+   if (!ADS_ERR_OK(ads_rc)) {
+   DEBUG(0, ("failed to find machine account for %s\n",
+ global_myname()));
+   TALLOC_FREE(ctx);
+   return WERR_NOT_FOUND;
+   }
 
/* We use ldap_get_dn here as we need the answer
 * in utf8 to call ldap_explode_dn(). JRA. */
 
srv_dn_utf8 = ldap_get_dn((LDAP *)ads->ldap.ld, (LDAPMessage *)res);
+   ads_msgfree(ads, res);
if (!srv_dn_utf8) {
TALLOC_FREE(ctx);
return WERR_SERVER_UNAVAILABLE;
}
-   ads_msgfree(ads, res);
srv_cn_utf8 = ldap_explode_dn(srv_dn_utf8, 1);
if (!srv_cn_utf8) {
TALLOC_FREE(ctx);


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-6-test updated

2013-04-30 Thread Karolin Seeger 
The branch, v3-6-test has been updated
   via  65860c5 s3:librpc: add support for PFC_FLAG_OBJECT_UUID when 
parsing packets (bug #9382)
  from  24d68d7 s3-smbd: Split make_serverinfo_from_username guest 
parameters into two parts

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test


- Log -
commit 65860c540faba0ca3542ee2edc0a16fa76a2bcde
Author: Stefan Metzmacher 
Date:   Mon Nov 12 10:16:50 2012 +0100

s3:librpc: add support for PFC_FLAG_OBJECT_UUID when parsing packets (bug 
#9382)

Now the logic matches the one in dcerpc_read_ncacn_packet_done().

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Michael Adam 
Reviewed-by: David Disseldorp 

---

Summary of changes:
 source3/librpc/rpc/dcerpc_helpers.c |4 
 1 files changed, 4 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/librpc/rpc/dcerpc_helpers.c 
b/source3/librpc/rpc/dcerpc_helpers.c
index 7520d76..469e308 100644
--- a/source3/librpc/rpc/dcerpc_helpers.c
+++ b/source3/librpc/rpc/dcerpc_helpers.c
@@ -113,6 +113,10 @@ NTSTATUS dcerpc_pull_ncacn_packet(TALLOC_CTX *mem_ctx,
ndr->flags |= LIBNDR_FLAG_BIGENDIAN;
}
 
+   if (CVAL(blob->data, DCERPC_PFC_OFFSET) & DCERPC_PFC_FLAG_OBJECT_UUID) {
+   ndr->flags |= LIBNDR_FLAG_OBJECT_PRESENT;
+   }
+
ndr_err = ndr_pull_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, r);
 
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {


-- 
Samba Shared Repository