The branch, master has been updated via b04b8b5 wbclient: gr_mem can be NULL via a163284 wbclient: paranoid check for double free via ff515ff tdb: added TDB_NO_FSYNC env variable via a394a81 torture/raw Allow one more 'not implemented' status return as a valid response via 4083b8a s4-torture assert that we get a temp datagram socket. via 6832d5e libcli/auth/ntlmssp Be clear about talloc parents for session keys via d5a4e53 s4-kdc: prevent segfault on bad trust strings via dc59de5 s4-netlogon: added IDL for netr_DsrUpdateReadOnlyServerDnsRecords via 5958997 s4-rpcserver: allow saving of bad RPC packets via 83a24ff pidl: prevent ndr_print_*() dying on NULL pointers from 14340a4 idl: Added EPMAPPER_STATUS_CANT_PERFORM_OP.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit b04b8b5610f23cd50c9a7a00eeca81229acd36d5 Author: Andrew Tridgell <tri...@samba.org> Date: Thu Sep 16 20:12:20 2010 +1000 wbclient: gr_mem can be NULL if the structure was partly created and an error occurred, then don't crash Pair-Programmed-With: Andrew Bartlett <abart...@samba.org> commit a16328449171c1138bce3a9f32b7c1fa211e58d2 Author: Andrew Tridgell <tri...@samba.org> Date: Thu Sep 16 20:11:47 2010 +1000 wbclient: paranoid check for double free added while tracking down a crash in the wbinfo blackbox test Pair-Programmed-With: Andrew Bartlett <abart...@samba.org> commit ff515ff4772a555facce75eead91ceff271713f5 Author: Andrew Tridgell <tri...@samba.org> Date: Thu Sep 16 20:06:44 2010 +1000 tdb: added TDB_NO_FSYNC env variable this might help reduce test times and load on test machines commit a394a8104eb2cebdcda44510c6ed86b6f773a06d Author: Andrew Bartlett <abart...@samba.org> Date: Thu Sep 16 17:53:36 2010 +1000 torture/raw Allow one more 'not implemented' status return as a valid response The Samba4 server responds to most ioctl calls with NT_STATUS_NOT_SUPPORTED Andrew Bartlett Signed-off-by: Andrew Tridgell <tri...@samba.org> commit 4083b8ac6ca9c107e50503f41b66077fb65eb2d9 Author: Andrew Bartlett <abart...@samba.org> Date: Thu Sep 16 15:47:42 2010 +1000 s4-torture assert that we get a temp datagram socket. I've seen a segfault because we failed to check this isn't NULL before we use it. This will still of course fail, but not so spectacularly. Andrew Bartlett Signed-off-by: Andrew Tridgell <tri...@samba.org> commit 6832d5e9334f93d2b41fa50580379a2381311748 Author: Andrew Bartlett <abart...@samba.org> Date: Thu Sep 16 14:37:20 2010 +1000 libcli/auth/ntlmssp Be clear about talloc parents for session keys The previous API was not clear as to who owned the returned session key. This fixes a valgrind-found use-after-free in the NTLMSSP key derivation code, and avoids making allocations - we steal and zero instead. Andrew Bartlett Signed-off-by: Andrew Tridgell <tri...@samba.org> commit d5a4e53ad8dd572b9469530dfcd37601e2905a88 Author: Andrew Tridgell <tri...@samba.org> Date: Thu Sep 16 17:20:08 2010 +1000 s4-kdc: prevent segfault on bad trust strings Pair-Programmed-With: Andrew Bartlett <abart...@samba.org> commit dc59de562774a1ee09e3c819c3523e66da975f24 Author: Andrew Tridgell <tri...@samba.org> Date: Thu Sep 16 17:05:58 2010 +1000 s4-netlogon: added IDL for netr_DsrUpdateReadOnlyServerDnsRecords this is used by a RODC to do DNS updates, as TSIG updates are not allowed by RODCs Pair-Programmed-With: Andrew Bartlett <abart...@samba.org> commit 5958997a9bc44876c6f3b810689f52e5e3bd6ded Author: Andrew Tridgell <tri...@samba.org> Date: Thu Sep 16 17:04:53 2010 +1000 s4-rpcserver: allow saving of bad RPC packets use: dcesrv:stubs directory = . to save files like this: RPC-netlogon-48-pullfail.dat when a RPC packet can't be parsed or is unknown. Only enabled in developer builds Pair-Programmed-With: Andrew Bartlett <abart...@samba.org> commit 83a24ff2efd48b0e192024798695f6cfec9000b5 Author: Andrew Tridgell <tri...@samba.org> Date: Thu Sep 16 16:57:21 2010 +1000 pidl: prevent ndr_print_*() dying on NULL pointers when using ndrdump you can get uninitialised structures containing pointers. Don't segfault when trying to print them ----------------------------------------------------------------------- Summary of changes: lib/tdb/common/open.c | 4 ++ libcli/auth/ntlmssp.h | 4 +- libcli/auth/ntlmssp_server.c | 12 ++---- librpc/idl/netlogon.idl | 55 +++++++++++++++++++++++++ librpc/ndr/libndr.h | 1 + librpc/ndr/ndr_basic.c | 10 +++++ nsswitch/libwbclient/wbc_pwd.c | 5 ++ nsswitch/libwbclient/wbclient.c | 5 ++ pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 2 + source3/auth/auth_ntlmssp.c | 25 +++++++---- source3/rpc_server/srv_netlog_nt.c | 19 +++++++++ source3/smbd/sesssetup.c | 1 + source3/utils/ntlm_auth.c | 12 +++-- source4/auth/ntlmssp/ntlmssp_server.c | 5 ++ source4/kdc/db-glue.c | 12 ++++-- source4/rpc_server/dcerpc_server.c | 30 +++++++++++++- source4/rpc_server/netlogon/dcerpc_netlogon.c | 20 +++++++++ source4/torture/nbt/dgram.c | 12 ++++-- source4/torture/raw/ioctl.c | 3 +- 19 files changed, 203 insertions(+), 34 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/tdb/common/open.c b/lib/tdb/common/open.c index 401fa74..d195c1c 100644 --- a/lib/tdb/common/open.c +++ b/lib/tdb/common/open.c @@ -228,6 +228,10 @@ struct tdb_context *tdb_open_ex(const char *name, int hash_size, int tdb_flags, goto fail; } + if (getenv("TDB_NO_FSYNC")) { + tdb->flags |= TDB_NOSYNC; + } + /* * TDB_ALLOW_NESTING is the default behavior. * Note: this may change in future versions! diff --git a/libcli/auth/ntlmssp.h b/libcli/auth/ntlmssp.h index d0a282c..dead412 100644 --- a/libcli/auth/ntlmssp.h +++ b/libcli/auth/ntlmssp.h @@ -129,11 +129,13 @@ struct ntlmssp_state * * The callback must reads the feilds of this structure for the information it needs on the user * @param ntlmssp_state This structure + * @param mem_ctx Talloc context for LM and NT session key to be returned on * @param nt_session_key If an NT session key is returned by the authentication process, return it here * @param lm_session_key If an LM session key is returned by the authentication process, return it here * */ - NTSTATUS (*check_password)(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *nt_session_key, DATA_BLOB *lm_session_key); + NTSTATUS (*check_password)(struct ntlmssp_state *ntlmssp_state, TALLOC_CTX *mem_ctx, + DATA_BLOB *nt_session_key, DATA_BLOB *lm_session_key); union ntlmssp_crypt_state *crypt; }; diff --git a/libcli/auth/ntlmssp_server.c b/libcli/auth/ntlmssp_server.c index 3627c4d..f78698a 100644 --- a/libcli/auth/ntlmssp_server.c +++ b/libcli/auth/ntlmssp_server.c @@ -478,7 +478,6 @@ static NTSTATUS ntlmssp_server_postauth(struct ntlmssp_state *ntlmssp_state, if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) { if (!state->encrypted_session_key.data || state->encrypted_session_key.length != 16) { - data_blob_free(&state->encrypted_session_key); DEBUG(1, ("Client-supplied KEY_EXCH session key was of invalid length (%u)!\n", (unsigned)state->encrypted_session_key.length)); return NT_STATUS_INVALID_PARAMETER; @@ -486,6 +485,7 @@ static NTSTATUS ntlmssp_server_postauth(struct ntlmssp_state *ntlmssp_state, DEBUG(5, ("server session key is invalid (len == %u), cannot do KEY_EXCH!\n", (unsigned int)session_key.length)); ntlmssp_state->session_key = session_key; + talloc_steal(ntlmssp_state, session_key.data); } else { dump_data_pw("KEY_EXCH session key (enc):\n", state->encrypted_session_key.data, @@ -499,10 +499,10 @@ static NTSTATUS ntlmssp_server_postauth(struct ntlmssp_state *ntlmssp_state, dump_data_pw("KEY_EXCH session key:\n", state->encrypted_session_key.data, state->encrypted_session_key.length); - talloc_free(session_key.data); } } else { ntlmssp_state->session_key = session_key; + talloc_steal(ntlmssp_state, session_key.data); } if (ntlmssp_state->session_key.length) { @@ -555,6 +555,7 @@ NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, /* Finally, actually ask if the password is OK */ nt_status = ntlmssp_state->check_password(ntlmssp_state, + state, &state->user_session_key, &state->lm_session_key); if (!NT_STATUS_IS_OK(nt_status)) { @@ -567,11 +568,6 @@ NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, can be done in a callback */ nt_status = ntlmssp_server_postauth(ntlmssp_state, state); - if (!NT_STATUS_IS_OK(nt_status)) { - TALLOC_FREE(state); - return nt_status; - } - TALLOC_FREE(state); - return NT_STATUS_OK; + return nt_status; } diff --git a/librpc/idl/netlogon.idl b/librpc/idl/netlogon.idl index 7670d34..62d2af5 100644 --- a/librpc/idl/netlogon.idl +++ b/librpc/idl/netlogon.idl @@ -1674,4 +1674,59 @@ interface netlogon [out,ref] samr_Password *old_owf_password, [out,ref] netr_TrustInfo **trust_info ); + + /****************/ + /* Function 0x2f */ + + NTSTATUS netr_Unused47(void); + + + /****************/ + /* Function 0x30 */ + + typedef enum { + NlDnsLdapAtSite = 22, + NlDnsGcAtSite = 25, + NlDnsDsaCname = 28, + NlDnsKdcAtSite = 30, + NlDnsDcAtSite = 32, + NlDnsRfc1510KdcAtSite = 34, + NlDnsGenericGcAtSite = 36 + } netr_DnsType; + + typedef enum { + NlDnsInfoTypeNone = 0, + NlDnsDomainName = 1, + NlDnsDomainNameAlias = 2, + NlDnsForestName = 3, + NlDnsForestNameAlias = 4, + NlDnsNdncDomainName = 5, + NlDnsRecordName = 6 + } netr_DnsDomainInfoType; + + typedef struct { + netr_DnsType type; + [string,charset(UTF16)] uint16 *dns_domain_info; + netr_DnsDomainInfoType dns_domain_info_type; + uint32 priority; + uint32 weight; + uint32 port; + boolean32 dns_register; + uint32 status; + } NL_DNS_NAME_INFO; + + typedef struct { + uint32 count; + [size_is(count)] NL_DNS_NAME_INFO *names; + } NL_DNS_NAME_INFO_ARRAY; + + NTSTATUS netr_DsrUpdateReadOnlyServerDnsRecords( + [in,unique] [string,charset(UTF16)] uint16 *server_name, + [in,ref] [string,charset(UTF16)] uint16 *computer_name, + [in, ref] netr_Authenticator *credential, + [out,ref] netr_Authenticator *return_authenticator, + [in,unique] [string,charset(UTF16)] uint16 *site_name, + [in] uint32 dns_ttl, + [in,out,ref] NL_DNS_NAME_INFO_ARRAY *dns_names + ); } diff --git a/librpc/ndr/libndr.h b/librpc/ndr/libndr.h index 9134efa..5ad05be 100644 --- a/librpc/ndr/libndr.h +++ b/librpc/ndr/libndr.h @@ -520,6 +520,7 @@ enum ndr_err_code ndr_push_unique_ptr(struct ndr_push *ndr, const void *p); enum ndr_err_code ndr_push_full_ptr(struct ndr_push *ndr, const void *p); enum ndr_err_code ndr_push_ref_ptr(struct ndr_push *ndr); void ndr_print_struct(struct ndr_print *ndr, const char *name, const char *type); +void ndr_print_null(struct ndr_print *ndr); void ndr_print_enum(struct ndr_print *ndr, const char *name, const char *type, const char *val, uint32_t value); void ndr_print_bitmap_flag(struct ndr_print *ndr, size_t size, const char *flag_name, uint32_t flag, uint32_t value); void ndr_print_bitmap_flag(struct ndr_print *ndr, size_t size, const char *flag_name, uint32_t flag, uint32_t value); diff --git a/librpc/ndr/ndr_basic.c b/librpc/ndr/ndr_basic.c index 58d4e46..c27faa2 100644 --- a/librpc/ndr/ndr_basic.c +++ b/librpc/ndr/ndr_basic.c @@ -854,6 +854,11 @@ _PUBLIC_ void ndr_print_struct(struct ndr_print *ndr, const char *name, const ch ndr->print(ndr, "%s: struct %s", name, type); } +_PUBLIC_ void ndr_print_null(struct ndr_print *ndr) +{ + ndr->print(ndr, "UNEXPECTED NULL POINTER"); +} + _PUBLIC_ void ndr_print_enum(struct ndr_print *ndr, const char *name, const char *type, const char *val, uint32_t value) { @@ -1005,6 +1010,11 @@ _PUBLIC_ void ndr_print_array_uint8(struct ndr_print *ndr, const char *name, { int i; + if (data == NULL) { + ndr->print(ndr, "%s: ARRAY(%d) : NULL", name, count); + return; + } + if (count <= 600 && (ndr->flags & LIBNDR_PRINT_ARRAY_HEX)) { char s[1202]; for (i=0;i<count;i++) { diff --git a/nsswitch/libwbclient/wbc_pwd.c b/nsswitch/libwbclient/wbc_pwd.c index c7bfdb8..1527808 100644 --- a/nsswitch/libwbclient/wbc_pwd.c +++ b/nsswitch/libwbclient/wbc_pwd.c @@ -100,6 +100,11 @@ static void wbcGroupDestructor(void *ptr) free(gr->gr_name); free(gr->gr_passwd); + /* if the array was partly created this can be NULL */ + if (gr->gr_mem == NULL) { + return; + } + for (i=0; gr->gr_mem[i] != NULL; i++) { free(gr->gr_mem[i]); } diff --git a/nsswitch/libwbclient/wbclient.c b/nsswitch/libwbclient/wbclient.c index 15be255..19bb3e9 100644 --- a/nsswitch/libwbclient/wbclient.c +++ b/nsswitch/libwbclient/wbclient.c @@ -148,6 +148,7 @@ const char *wbcErrorString(wbcErr error) } #define WBC_MAGIC (0x7a2b0e1e) +#define WBC_MAGIC_FREE (0x875634fe) struct wbcMemPrefix { uint32_t magic; @@ -197,6 +198,10 @@ void wbcFreeMemory(void *p) if (wbcMem->magic != WBC_MAGIC) { return; } + + /* paranoid check to ensure we don't double free */ + wbcMem->magic = WBC_MAGIC_FREE; + if (wbcMem->destructor != NULL) { wbcMem->destructor(p); } diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm index 83bca28..b389cfb 100644 --- a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm +++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm @@ -1466,6 +1466,7 @@ sub ParseStructPrint($$$$$) $self->DeclareArrayVariables($_) foreach (@{$struct->{ELEMENTS}}); $self->pidl("ndr_print_struct($ndr, name, \"$name\");"); + $self->pidl("if (r == NULL) { ndr_print_null($ndr); return; }"); $self->start_flags($struct, $ndr); @@ -2039,6 +2040,7 @@ sub ParseFunctionPrint($$) } $self->pidl("ndr_print_struct($ndr, name, \"$fn->{NAME}\");"); + $self->pidl("if (r == NULL) { ndr_print_null($ndr); return; }"); $self->pidl("$ndr->depth++;"); $self->pidl("if (flags & NDR_SET_VALUES) {"); diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c index aa7998c..af3a6f3 100644 --- a/source3/auth/auth_ntlmssp.c +++ b/source3/auth/auth_ntlmssp.c @@ -26,12 +26,13 @@ #include "../librpc/gen_ndr/netlogon.h" NTSTATUS auth_ntlmssp_steal_server_info(TALLOC_CTX *mem_ctx, - struct auth_ntlmssp_state *auth_ntlmssp_state, - struct auth_serversupplied_info **server_info) + struct auth_ntlmssp_state *auth_ntlmssp_state, + struct auth_serversupplied_info **server_info) { /* Free the current server_info user_session_key and reset it from the * current ntlmssp_state session_key */ data_blob_free(&auth_ntlmssp_state->server_info->user_session_key); + /* Set up the final session key for the connection */ auth_ntlmssp_state->server_info->user_session_key = data_blob_talloc( auth_ntlmssp_state->server_info, @@ -105,7 +106,8 @@ static NTSTATUS auth_ntlmssp_set_challenge(struct ntlmssp_state *ntlmssp_state, * Return the session keys used on the connection. */ -static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key) +static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, TALLOC_CTX *mem_ctx, + DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key) { struct auth_ntlmssp_state *auth_ntlmssp_state = (struct auth_ntlmssp_state *)ntlmssp_state->callback_private; @@ -160,19 +162,24 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, return nt_status; } + /* Clear out the session keys, and pass them to the caller. + * They will not be used in this form again - instead the + * NTLMSSP code will decide on the final correct session key, + * and put it back here at the end of + * auth_ntlmssp_steal_server_info */ if (auth_ntlmssp_state->server_info->user_session_key.length) { DEBUG(10, ("Got NT session key of length %u\n", (unsigned int)auth_ntlmssp_state->server_info->user_session_key.length)); - *user_session_key = data_blob_talloc(auth_ntlmssp_state, - auth_ntlmssp_state->server_info->user_session_key.data, - auth_ntlmssp_state->server_info->user_session_key.length); + *user_session_key = auth_ntlmssp_state->server_info->user_session_key; + talloc_steal(mem_ctx, auth_ntlmssp_state->server_info->user_session_key.data); + auth_ntlmssp_state->server_info->user_session_key = data_blob_null; } if (auth_ntlmssp_state->server_info->lm_session_key.length) { DEBUG(10, ("Got LM session key of length %u\n", (unsigned int)auth_ntlmssp_state->server_info->lm_session_key.length)); - *lm_session_key = data_blob_talloc(auth_ntlmssp_state, - auth_ntlmssp_state->server_info->lm_session_key.data, - auth_ntlmssp_state->server_info->lm_session_key.length); + *lm_session_key = auth_ntlmssp_state->server_info->lm_session_key; + talloc_steal(mem_ctx, auth_ntlmssp_state->server_info->lm_session_key.data); + auth_ntlmssp_state->server_info->lm_session_key = data_blob_null; } return nt_status; } diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 171f30b..4b692b3 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -2014,3 +2014,22 @@ NTSTATUS _netr_ServerGetTrustInfo(struct pipes_struct *p, return NT_STATUS_NOT_IMPLEMENTED; } +/**************************************************************** +****************************************************************/ + +NTSTATUS _netr_Unused47(struct pipes_struct *p, + struct netr_Unused47 *r) +{ + p->rng_fault_state = true; + return NT_STATUS_NOT_IMPLEMENTED; +} + +/**************************************************************** +****************************************************************/ + +NTSTATUS _netr_DsrUpdateReadOnlyServerDnsRecords(struct pipes_struct *p, + struct netr_DsrUpdateReadOnlyServerDnsRecords *r) +{ + p->rng_fault_state = true; + return NT_STATUS_NOT_IMPLEMENTED; +} diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 58b446d..0b999b3 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -405,6 +405,7 @@ static void reply_spnego_kerberos(struct smb_request *req, } data_blob_free(&server_info->user_session_key); + /* Set the kerberos-derived session key onto the server_info */ server_info->user_session_key = session_key; talloc_steal(server_info, session_key.data); diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index 82819cf..38ed9f7 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -565,7 +565,8 @@ static NTSTATUS contact_winbind_change_pswd_auth_crap(const char *username, return nt_status; } -static NTSTATUS winbind_pw_check(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key) +static NTSTATUS winbind_pw_check(struct ntlmssp_state *ntlmssp_state, TALLOC_CTX *mem_ctx, + DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key) { static const char zeros[16] = { 0, }; NTSTATUS nt_status; @@ -585,13 +586,13 @@ static NTSTATUS winbind_pw_check(struct ntlmssp_state *ntlmssp_state, DATA_BLOB if (NT_STATUS_IS_OK(nt_status)) { if (memcmp(lm_key, zeros, 8) != 0) { - *lm_session_key = data_blob_talloc(ntlmssp_state, NULL, 16); + *lm_session_key = data_blob_talloc(mem_ctx, NULL, 16); memcpy(lm_session_key->data, lm_key, 8); memset(lm_session_key->data+8, '\0', 8); } if (memcmp(user_sess_key, zeros, 16) != 0) { - *user_session_key = data_blob_talloc(ntlmssp_state, user_sess_key, 16); + *user_session_key = data_blob_talloc(mem_ctx, user_sess_key, 16); } ntlmssp_state->callback_private = talloc_strdup(ntlmssp_state, unix_name); @@ -609,14 +610,15 @@ static NTSTATUS winbind_pw_check(struct ntlmssp_state *ntlmssp_state, DATA_BLOB return nt_status; } -static NTSTATUS local_pw_check(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key) +static NTSTATUS local_pw_check(struct ntlmssp_state *ntlmssp_state, TALLOC_CTX *mem_ctx, + DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key) { NTSTATUS nt_status; struct samr_Password lm_pw, nt_pw; nt_lm_owf_gen (opt_password, nt_pw.hash, lm_pw.hash); - nt_status = ntlm_password_check(ntlmssp_state, + nt_status = ntlm_password_check(mem_ctx, true, true, 0, &ntlmssp_state->chal, &ntlmssp_state->lm_resp, diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c index 6e3cf8a..8623c1d 100644 --- a/source4/auth/ntlmssp/ntlmssp_server.c +++ b/source4/auth/ntlmssp/ntlmssp_server.c @@ -149,6 +149,7 @@ static NTSTATUS auth_ntlmssp_set_challenge(struct ntlmssp_state *ntlmssp_state, */ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, + TALLOC_CTX *mem_ctx, DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key) { struct gensec_ntlmssp_context *gensec_ntlmssp = @@ -188,11 +189,15 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, DEBUG(10, ("Got NT session key of length %u\n", (unsigned)gensec_ntlmssp->server_info->user_session_key.length)); *user_session_key = gensec_ntlmssp->server_info->user_session_key; + talloc_steal(mem_ctx, user_session_key->data); + gensec_ntlmssp->server_info->user_session_key = data_blob_null; } if (gensec_ntlmssp->server_info->lm_session_key.length) { DEBUG(10, ("Got LM session key of length %u\n", (unsigned)gensec_ntlmssp->server_info->lm_session_key.length)); *lm_session_key = gensec_ntlmssp->server_info->lm_session_key; + talloc_steal(mem_ctx, lm_session_key->data); + gensec_ntlmssp->server_info->lm_session_key = data_blob_null; } return nt_status; } diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c index 8e311b4..68f1e4b 100644 --- a/source4/kdc/db-glue.c +++ b/source4/kdc/db-glue.c @@ -1041,7 +1041,6 @@ static krb5_error_code samba_kdc_fetch_krbtgt(krb5_context context, krb5_error_code ret; struct ldb_message *msg = NULL; struct ldb_dn *realm_dn = ldb_get_default_basedn(kdc_db_ctx->samdb); - const char *realm; krb5_principal alloc_principal = NULL; if (principal->name.name_string.len != 2 @@ -1109,6 +1108,7 @@ static krb5_error_code samba_kdc_fetch_krbtgt(krb5_context context, } else { enum trust_direction direction = UNKNOWN; + const char *realm = NULL; /* Either an inbound or outbound trust */ @@ -1116,12 +1116,16 @@ static krb5_error_code samba_kdc_fetch_krbtgt(krb5_context context, /* look for inbound trust */ direction = INBOUND; realm = principal->name.name_string.val[1]; - } - - if (strcasecmp(lpcfg_realm(lp_ctx), principal->name.name_string.val[1]) == 0) { + } else if (strcasecmp(lpcfg_realm(lp_ctx), principal->name.name_string.val[1]) == 0) { /* look for outbound trust */ direction = OUTBOUND; realm = principal->realm; + } else { + krb5_warnx(context, "samba_kdc_fetch: not our realm for trusts ('%s', '%s')", + principal->realm, principal->name.name_string.val[1]); + krb5_set_error_message(context, HDB_ERR_NOENTRY, "samba_kdc_fetch: not our realm for trusts ('%s', '%s')", + principal->realm, principal->name.name_string.val[1]); + return HDB_ERR_NOENTRY; } /* Trusted domains are under CN=system */ diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c index 09b9b2a..7bd8dca 100644 --- a/source4/rpc_server/dcerpc_server.c +++ b/source4/rpc_server/dcerpc_server.c @@ -944,6 +944,30 @@ static NTSTATUS dcesrv_alter(struct dcesrv_call_state *call) } /* + possibly save the call for inspection with ndrdump + */ +static void dcesrv_save_call(struct dcesrv_call_state *call, const char *why) +{ +#ifdef DEVELOPER + char *fname; + char *dump_dir; + dump_dir = lpcfg_parm_string(call->conn->dce_ctx->lp_ctx, NULL, "dcesrv", "stubs directory"); + if (!dump_dir) { + return; + } + fname = talloc_asprintf(call, "%s/RPC-%s-%u-%s.dat", + dump_dir, + call->context->iface->name, + call->pkt.u.request.opnum, + why); + if (file_save(fname, call->pkt.u.request.stub_and_verifier.data, call->pkt.u.request.stub_and_verifier.length)) { + DEBUG(0,("RPC SAVED %s\n", fname)); + } + talloc_free(fname); +#endif +} + +/* handle a dcerpc request packet */ -- Samba Shared Repository