The branch, master has been updated
via b04b8b5 wbclient: gr_mem can be NULL
via a163284 wbclient: paranoid check for double free
via ff515ff tdb: added TDB_NO_FSYNC env variable
via a394a81 torture/raw Allow one more 'not implemented' status return
as a valid response
via 4083b8a s4-torture assert that we get a temp datagram socket.
via 6832d5e libcli/auth/ntlmssp Be clear about talloc parents for
session keys
via d5a4e53 s4-kdc: prevent segfault on bad trust strings
via dc59de5 s4-netlogon: added IDL for
netr_DsrUpdateReadOnlyServerDnsRecords
via 5958997 s4-rpcserver: allow saving of bad RPC packets
via 83a24ff pidl: prevent ndr_print_*() dying on NULL pointers
from 14340a4 idl: Added EPMAPPER_STATUS_CANT_PERFORM_OP.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit b04b8b5610f23cd50c9a7a00eeca81229acd36d5
Author: Andrew Tridgell <tri...@samba.org>
Date: Thu Sep 16 20:12:20 2010 +1000
wbclient: gr_mem can be NULL
if the structure was partly created and an error occurred, then don't
crash
Pair-Programmed-With: Andrew Bartlett <abart...@samba.org>
commit a16328449171c1138bce3a9f32b7c1fa211e58d2
Author: Andrew Tridgell <tri...@samba.org>
Date: Thu Sep 16 20:11:47 2010 +1000
wbclient: paranoid check for double free
added while tracking down a crash in the wbinfo blackbox test
Pair-Programmed-With: Andrew Bartlett <abart...@samba.org>
commit ff515ff4772a555facce75eead91ceff271713f5
Author: Andrew Tridgell <tri...@samba.org>
Date: Thu Sep 16 20:06:44 2010 +1000
tdb: added TDB_NO_FSYNC env variable
this might help reduce test times and load on test machines
commit a394a8104eb2cebdcda44510c6ed86b6f773a06d
Author: Andrew Bartlett <abart...@samba.org>
Date: Thu Sep 16 17:53:36 2010 +1000
torture/raw Allow one more 'not implemented' status return as a valid
response
The Samba4 server responds to most ioctl calls with NT_STATUS_NOT_SUPPORTED
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tri...@samba.org>
commit 4083b8ac6ca9c107e50503f41b66077fb65eb2d9
Author: Andrew Bartlett <abart...@samba.org>
Date: Thu Sep 16 15:47:42 2010 +1000
s4-torture assert that we get a temp datagram socket.
I've seen a segfault because we failed to check this isn't NULL
before we use it. This will still of course fail, but not so
spectacularly.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tri...@samba.org>
commit 6832d5e9334f93d2b41fa50580379a2381311748
Author: Andrew Bartlett <abart...@samba.org>
Date: Thu Sep 16 14:37:20 2010 +1000
libcli/auth/ntlmssp Be clear about talloc parents for session keys
The previous API was not clear as to who owned the returned session key.
This fixes a valgrind-found use-after-free in the NTLMSSP key derivation
code,
and avoids making allocations - we steal and zero instead.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tri...@samba.org>
commit d5a4e53ad8dd572b9469530dfcd37601e2905a88
Author: Andrew Tridgell <tri...@samba.org>
Date: Thu Sep 16 17:20:08 2010 +1000
s4-kdc: prevent segfault on bad trust strings
Pair-Programmed-With: Andrew Bartlett <abart...@samba.org>
commit dc59de562774a1ee09e3c819c3523e66da975f24
Author: Andrew Tridgell <tri...@samba.org>
Date: Thu Sep 16 17:05:58 2010 +1000
s4-netlogon: added IDL for netr_DsrUpdateReadOnlyServerDnsRecords
this is used by a RODC to do DNS updates, as TSIG updates are not
allowed by RODCs
Pair-Programmed-With: Andrew Bartlett <abart...@samba.org>
commit 5958997a9bc44876c6f3b810689f52e5e3bd6ded
Author: Andrew Tridgell <tri...@samba.org>
Date: Thu Sep 16 17:04:53 2010 +1000
s4-rpcserver: allow saving of bad RPC packets
use:
dcesrv:stubs directory = .
to save files like this:
RPC-netlogon-48-pullfail.dat
when a RPC packet can't be parsed or is unknown. Only enabled in
developer builds
Pair-Programmed-With: Andrew Bartlett <abart...@samba.org>
commit 83a24ff2efd48b0e192024798695f6cfec9000b5
Author: Andrew Tridgell <tri...@samba.org>
Date: Thu Sep 16 16:57:21 2010 +1000
pidl: prevent ndr_print_*() dying on NULL pointers
when using ndrdump you can get uninitialised structures containing
pointers. Don't segfault when trying to print them
-----------------------------------------------------------------------
Summary of changes:
lib/tdb/common/open.c | 4 ++
libcli/auth/ntlmssp.h | 4 +-
libcli/auth/ntlmssp_server.c | 12 ++----
librpc/idl/netlogon.idl | 55 +++++++++++++++++++++++++
librpc/ndr/libndr.h | 1 +
librpc/ndr/ndr_basic.c | 10 +++++
nsswitch/libwbclient/wbc_pwd.c | 5 ++
nsswitch/libwbclient/wbclient.c | 5 ++
pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 2 +
source3/auth/auth_ntlmssp.c | 25 +++++++----
source3/rpc_server/srv_netlog_nt.c | 19 +++++++++
source3/smbd/sesssetup.c | 1 +
source3/utils/ntlm_auth.c | 12 +++--
source4/auth/ntlmssp/ntlmssp_server.c | 5 ++
source4/kdc/db-glue.c | 12 ++++--
source4/rpc_server/dcerpc_server.c | 30 +++++++++++++-
source4/rpc_server/netlogon/dcerpc_netlogon.c | 20 +++++++++
source4/torture/nbt/dgram.c | 12 ++++--
source4/torture/raw/ioctl.c | 3 +-
19 files changed, 203 insertions(+), 34 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/tdb/common/open.c b/lib/tdb/common/open.c
index 401fa74..d195c1c 100644
--- a/lib/tdb/common/open.c
+++ b/lib/tdb/common/open.c
@@ -228,6 +228,10 @@ struct tdb_context *tdb_open_ex(const char *name, int
hash_size, int tdb_flags,
goto fail;
}
+ if (getenv("TDB_NO_FSYNC")) {
+ tdb->flags |= TDB_NOSYNC;
+ }
+
/*
* TDB_ALLOW_NESTING is the default behavior.
* Note: this may change in future versions!
diff --git a/libcli/auth/ntlmssp.h b/libcli/auth/ntlmssp.h
index d0a282c..dead412 100644
--- a/libcli/auth/ntlmssp.h
+++ b/libcli/auth/ntlmssp.h
@@ -129,11 +129,13 @@ struct ntlmssp_state
*
* The callback must reads the feilds of this structure for the
information it needs on the user
* @param ntlmssp_state This structure
+ * @param mem_ctx Talloc context for LM and NT session key to be
returned on
* @param nt_session_key If an NT session key is returned by the
authentication process, return it here
* @param lm_session_key If an LM session key is returned by the
authentication process, return it here
*
*/
- NTSTATUS (*check_password)(struct ntlmssp_state *ntlmssp_state,
DATA_BLOB *nt_session_key, DATA_BLOB *lm_session_key);
+ NTSTATUS (*check_password)(struct ntlmssp_state *ntlmssp_state,
TALLOC_CTX *mem_ctx,
+ DATA_BLOB *nt_session_key, DATA_BLOB
*lm_session_key);
union ntlmssp_crypt_state *crypt;
};
diff --git a/libcli/auth/ntlmssp_server.c b/libcli/auth/ntlmssp_server.c
index 3627c4d..f78698a 100644
--- a/libcli/auth/ntlmssp_server.c
+++ b/libcli/auth/ntlmssp_server.c
@@ -478,7 +478,6 @@ static NTSTATUS ntlmssp_server_postauth(struct
ntlmssp_state *ntlmssp_state,
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) {
if (!state->encrypted_session_key.data
|| state->encrypted_session_key.length != 16) {
- data_blob_free(&state->encrypted_session_key);
DEBUG(1, ("Client-supplied KEY_EXCH session key was of
invalid length (%u)!\n",
(unsigned)state->encrypted_session_key.length));
return NT_STATUS_INVALID_PARAMETER;
@@ -486,6 +485,7 @@ static NTSTATUS ntlmssp_server_postauth(struct
ntlmssp_state *ntlmssp_state,
DEBUG(5, ("server session key is invalid (len == %u),
cannot do KEY_EXCH!\n",
(unsigned int)session_key.length));
ntlmssp_state->session_key = session_key;
+ talloc_steal(ntlmssp_state, session_key.data);
} else {
dump_data_pw("KEY_EXCH session key (enc):\n",
state->encrypted_session_key.data,
@@ -499,10 +499,10 @@ static NTSTATUS ntlmssp_server_postauth(struct
ntlmssp_state *ntlmssp_state,
dump_data_pw("KEY_EXCH session key:\n",
state->encrypted_session_key.data,
state->encrypted_session_key.length);
- talloc_free(session_key.data);
}
} else {
ntlmssp_state->session_key = session_key;
+ talloc_steal(ntlmssp_state, session_key.data);
}
if (ntlmssp_state->session_key.length) {
@@ -555,6 +555,7 @@ NTSTATUS ntlmssp_server_auth(struct ntlmssp_state
*ntlmssp_state,
/* Finally, actually ask if the password is OK */
nt_status = ntlmssp_state->check_password(ntlmssp_state,
+ state,
&state->user_session_key,
&state->lm_session_key);
if (!NT_STATUS_IS_OK(nt_status)) {
@@ -567,11 +568,6 @@ NTSTATUS ntlmssp_server_auth(struct ntlmssp_state
*ntlmssp_state,
can be done in a callback */
nt_status = ntlmssp_server_postauth(ntlmssp_state, state);
- if (!NT_STATUS_IS_OK(nt_status)) {
- TALLOC_FREE(state);
- return nt_status;
- }
-
TALLOC_FREE(state);
- return NT_STATUS_OK;
+ return nt_status;
}
diff --git a/librpc/idl/netlogon.idl b/librpc/idl/netlogon.idl
index 7670d34..62d2af5 100644
--- a/librpc/idl/netlogon.idl
+++ b/librpc/idl/netlogon.idl
@@ -1674,4 +1674,59 @@ interface netlogon
[out,ref] samr_Password *old_owf_password,
[out,ref] netr_TrustInfo **trust_info
);
+
+ /****************/
+ /* Function 0x2f */
+
+ NTSTATUS netr_Unused47(void);
+
+
+ /****************/
+ /* Function 0x30 */
+
+ typedef enum {
+ NlDnsLdapAtSite = 22,
+ NlDnsGcAtSite = 25,
+ NlDnsDsaCname = 28,
+ NlDnsKdcAtSite = 30,
+ NlDnsDcAtSite = 32,
+ NlDnsRfc1510KdcAtSite = 34,
+ NlDnsGenericGcAtSite = 36
+ } netr_DnsType;
+
+ typedef enum {
+ NlDnsInfoTypeNone = 0,
+ NlDnsDomainName = 1,
+ NlDnsDomainNameAlias = 2,
+ NlDnsForestName = 3,
+ NlDnsForestNameAlias = 4,
+ NlDnsNdncDomainName = 5,
+ NlDnsRecordName = 6
+ } netr_DnsDomainInfoType;
+
+ typedef struct {
+ netr_DnsType type;
+ [string,charset(UTF16)] uint16 *dns_domain_info;
+ netr_DnsDomainInfoType dns_domain_info_type;
+ uint32 priority;
+ uint32 weight;
+ uint32 port;
+ boolean32 dns_register;
+ uint32 status;
+ } NL_DNS_NAME_INFO;
+
+ typedef struct {
+ uint32 count;
+ [size_is(count)] NL_DNS_NAME_INFO *names;
+ } NL_DNS_NAME_INFO_ARRAY;
+
+ NTSTATUS netr_DsrUpdateReadOnlyServerDnsRecords(
+ [in,unique] [string,charset(UTF16)] uint16 *server_name,
+ [in,ref] [string,charset(UTF16)] uint16 *computer_name,
+ [in, ref] netr_Authenticator *credential,
+ [out,ref] netr_Authenticator *return_authenticator,
+ [in,unique] [string,charset(UTF16)] uint16 *site_name,
+ [in] uint32 dns_ttl,
+ [in,out,ref] NL_DNS_NAME_INFO_ARRAY *dns_names
+ );
}
diff --git a/librpc/ndr/libndr.h b/librpc/ndr/libndr.h
index 9134efa..5ad05be 100644
--- a/librpc/ndr/libndr.h
+++ b/librpc/ndr/libndr.h
@@ -520,6 +520,7 @@ enum ndr_err_code ndr_push_unique_ptr(struct ndr_push *ndr,
const void *p);
enum ndr_err_code ndr_push_full_ptr(struct ndr_push *ndr, const void *p);
enum ndr_err_code ndr_push_ref_ptr(struct ndr_push *ndr);
void ndr_print_struct(struct ndr_print *ndr, const char *name, const char
*type);
+void ndr_print_null(struct ndr_print *ndr);
void ndr_print_enum(struct ndr_print *ndr, const char *name, const char *type,
const char *val, uint32_t value);
void ndr_print_bitmap_flag(struct ndr_print *ndr, size_t size, const char
*flag_name, uint32_t flag, uint32_t value);
void ndr_print_bitmap_flag(struct ndr_print *ndr, size_t size, const char
*flag_name, uint32_t flag, uint32_t value);
diff --git a/librpc/ndr/ndr_basic.c b/librpc/ndr/ndr_basic.c
index 58d4e46..c27faa2 100644
--- a/librpc/ndr/ndr_basic.c
+++ b/librpc/ndr/ndr_basic.c
@@ -854,6 +854,11 @@ _PUBLIC_ void ndr_print_struct(struct ndr_print *ndr,
const char *name, const ch
ndr->print(ndr, "%s: struct %s", name, type);
}
+_PUBLIC_ void ndr_print_null(struct ndr_print *ndr)
+{
+ ndr->print(ndr, "UNEXPECTED NULL POINTER");
+}
+
_PUBLIC_ void ndr_print_enum(struct ndr_print *ndr, const char *name, const
char *type,
const char *val, uint32_t value)
{
@@ -1005,6 +1010,11 @@ _PUBLIC_ void ndr_print_array_uint8(struct ndr_print
*ndr, const char *name,
{
int i;
+ if (data == NULL) {
+ ndr->print(ndr, "%s: ARRAY(%d) : NULL", name, count);
+ return;
+ }
+
if (count <= 600 && (ndr->flags & LIBNDR_PRINT_ARRAY_HEX)) {
char s[1202];
for (i=0;i<count;i++) {
diff --git a/nsswitch/libwbclient/wbc_pwd.c b/nsswitch/libwbclient/wbc_pwd.c
index c7bfdb8..1527808 100644
--- a/nsswitch/libwbclient/wbc_pwd.c
+++ b/nsswitch/libwbclient/wbc_pwd.c
@@ -100,6 +100,11 @@ static void wbcGroupDestructor(void *ptr)
free(gr->gr_name);
free(gr->gr_passwd);
+ /* if the array was partly created this can be NULL */
+ if (gr->gr_mem == NULL) {
+ return;
+ }
+
for (i=0; gr->gr_mem[i] != NULL; i++) {
free(gr->gr_mem[i]);
}
diff --git a/nsswitch/libwbclient/wbclient.c b/nsswitch/libwbclient/wbclient.c
index 15be255..19bb3e9 100644
--- a/nsswitch/libwbclient/wbclient.c
+++ b/nsswitch/libwbclient/wbclient.c
@@ -148,6 +148,7 @@ const char *wbcErrorString(wbcErr error)
}
#define WBC_MAGIC (0x7a2b0e1e)
+#define WBC_MAGIC_FREE (0x875634fe)
struct wbcMemPrefix {
uint32_t magic;
@@ -197,6 +198,10 @@ void wbcFreeMemory(void *p)
if (wbcMem->magic != WBC_MAGIC) {
return;
}
+
+ /* paranoid check to ensure we don't double free */
+ wbcMem->magic = WBC_MAGIC_FREE;
+
if (wbcMem->destructor != NULL) {
wbcMem->destructor(p);
}
diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm
b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm
index 83bca28..b389cfb 100644
--- a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm
+++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm
@@ -1466,6 +1466,7 @@ sub ParseStructPrint($$$$$)
$self->DeclareArrayVariables($_) foreach (@{$struct->{ELEMENTS}});
$self->pidl("ndr_print_struct($ndr, name, \"$name\");");
+ $self->pidl("if (r == NULL) { ndr_print_null($ndr); return; }");
$self->start_flags($struct, $ndr);
@@ -2039,6 +2040,7 @@ sub ParseFunctionPrint($$)
}
$self->pidl("ndr_print_struct($ndr, name, \"$fn->{NAME}\");");
+ $self->pidl("if (r == NULL) { ndr_print_null($ndr); return; }");
$self->pidl("$ndr->depth++;");
$self->pidl("if (flags & NDR_SET_VALUES) {");
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index aa7998c..af3a6f3 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -26,12 +26,13 @@
#include "../librpc/gen_ndr/netlogon.h"
NTSTATUS auth_ntlmssp_steal_server_info(TALLOC_CTX *mem_ctx,
- struct auth_ntlmssp_state *auth_ntlmssp_state,
- struct auth_serversupplied_info **server_info)
+ struct auth_ntlmssp_state
*auth_ntlmssp_state,
+ struct auth_serversupplied_info
**server_info)
{
/* Free the current server_info user_session_key and reset it from the
* current ntlmssp_state session_key */
data_blob_free(&auth_ntlmssp_state->server_info->user_session_key);
+ /* Set up the final session key for the connection */
auth_ntlmssp_state->server_info->user_session_key =
data_blob_talloc(
auth_ntlmssp_state->server_info,
@@ -105,7 +106,8 @@ static NTSTATUS auth_ntlmssp_set_challenge(struct
ntlmssp_state *ntlmssp_state,
* Return the session keys used on the connection.
*/
-static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state
*ntlmssp_state, DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key)
+static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state
*ntlmssp_state, TALLOC_CTX *mem_ctx,
+ DATA_BLOB *user_session_key,
DATA_BLOB *lm_session_key)
{
struct auth_ntlmssp_state *auth_ntlmssp_state =
(struct auth_ntlmssp_state *)ntlmssp_state->callback_private;
@@ -160,19 +162,24 @@ static NTSTATUS auth_ntlmssp_check_password(struct
ntlmssp_state *ntlmssp_state,
return nt_status;
}
+ /* Clear out the session keys, and pass them to the caller.
+ * They will not be used in this form again - instead the
+ * NTLMSSP code will decide on the final correct session key,
+ * and put it back here at the end of
+ * auth_ntlmssp_steal_server_info */
if (auth_ntlmssp_state->server_info->user_session_key.length) {
DEBUG(10, ("Got NT session key of length %u\n",
(unsigned
int)auth_ntlmssp_state->server_info->user_session_key.length));
- *user_session_key = data_blob_talloc(auth_ntlmssp_state,
-
auth_ntlmssp_state->server_info->user_session_key.data,
-
auth_ntlmssp_state->server_info->user_session_key.length);
+ *user_session_key =
auth_ntlmssp_state->server_info->user_session_key;
+ talloc_steal(mem_ctx,
auth_ntlmssp_state->server_info->user_session_key.data);
+ auth_ntlmssp_state->server_info->user_session_key =
data_blob_null;
}
if (auth_ntlmssp_state->server_info->lm_session_key.length) {
DEBUG(10, ("Got LM session key of length %u\n",
(unsigned
int)auth_ntlmssp_state->server_info->lm_session_key.length));
- *lm_session_key = data_blob_talloc(auth_ntlmssp_state,
-
auth_ntlmssp_state->server_info->lm_session_key.data,
-
auth_ntlmssp_state->server_info->lm_session_key.length);
+ *lm_session_key =
auth_ntlmssp_state->server_info->lm_session_key;
+ talloc_steal(mem_ctx,
auth_ntlmssp_state->server_info->lm_session_key.data);
+ auth_ntlmssp_state->server_info->lm_session_key =
data_blob_null;
}
return nt_status;
}
diff --git a/source3/rpc_server/srv_netlog_nt.c
b/source3/rpc_server/srv_netlog_nt.c
index 171f30b..4b692b3 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -2014,3 +2014,22 @@ NTSTATUS _netr_ServerGetTrustInfo(struct pipes_struct *p,
return NT_STATUS_NOT_IMPLEMENTED;
}
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _netr_Unused47(struct pipes_struct *p,
+ struct netr_Unused47 *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _netr_DsrUpdateReadOnlyServerDnsRecords(struct pipes_struct *p,
+ struct
netr_DsrUpdateReadOnlyServerDnsRecords *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 58b446d..0b999b3 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -405,6 +405,7 @@ static void reply_spnego_kerberos(struct smb_request *req,
}
data_blob_free(&server_info->user_session_key);
+ /* Set the kerberos-derived session key onto the server_info */
server_info->user_session_key = session_key;
talloc_steal(server_info, session_key.data);
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index 82819cf..38ed9f7 100644
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -565,7 +565,8 @@ static NTSTATUS contact_winbind_change_pswd_auth_crap(const
char *username,
return nt_status;
}
-static NTSTATUS winbind_pw_check(struct ntlmssp_state *ntlmssp_state,
DATA_BLOB *user_session_key, DATA_BLOB *lm_session_key)
+static NTSTATUS winbind_pw_check(struct ntlmssp_state *ntlmssp_state,
TALLOC_CTX *mem_ctx,
+ DATA_BLOB *user_session_key, DATA_BLOB
*lm_session_key)
{
static const char zeros[16] = { 0, };
NTSTATUS nt_status;
@@ -585,13 +586,13 @@ static NTSTATUS winbind_pw_check(struct ntlmssp_state
*ntlmssp_state, DATA_BLOB
if (NT_STATUS_IS_OK(nt_status)) {
if (memcmp(lm_key, zeros, 8) != 0) {
- *lm_session_key = data_blob_talloc(ntlmssp_state, NULL,
16);
+ *lm_session_key = data_blob_talloc(mem_ctx, NULL, 16);
memcpy(lm_session_key->data, lm_key, 8);
memset(lm_session_key->data+8, '\0', 8);
}
if (memcmp(user_sess_key, zeros, 16) != 0) {
- *user_session_key = data_blob_talloc(ntlmssp_state,
user_sess_key, 16);
+ *user_session_key = data_blob_talloc(mem_ctx,
user_sess_key, 16);
}
ntlmssp_state->callback_private = talloc_strdup(ntlmssp_state,
unix_name);
@@ -609,14 +610,15 @@ static NTSTATUS winbind_pw_check(struct ntlmssp_state
*ntlmssp_state, DATA_BLOB
return nt_status;
}
-static NTSTATUS local_pw_check(struct ntlmssp_state *ntlmssp_state, DATA_BLOB
*user_session_key, DATA_BLOB *lm_session_key)
+static NTSTATUS local_pw_check(struct ntlmssp_state *ntlmssp_state, TALLOC_CTX
*mem_ctx,
+ DATA_BLOB *user_session_key, DATA_BLOB
*lm_session_key)
{
NTSTATUS nt_status;
struct samr_Password lm_pw, nt_pw;
nt_lm_owf_gen (opt_password, nt_pw.hash, lm_pw.hash);
- nt_status = ntlm_password_check(ntlmssp_state,
+ nt_status = ntlm_password_check(mem_ctx,
true, true, 0,
&ntlmssp_state->chal,
&ntlmssp_state->lm_resp,
diff --git a/source4/auth/ntlmssp/ntlmssp_server.c
b/source4/auth/ntlmssp/ntlmssp_server.c
index 6e3cf8a..8623c1d 100644
--- a/source4/auth/ntlmssp/ntlmssp_server.c
+++ b/source4/auth/ntlmssp/ntlmssp_server.c
@@ -149,6 +149,7 @@ static NTSTATUS auth_ntlmssp_set_challenge(struct
ntlmssp_state *ntlmssp_state,
*/
static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state
*ntlmssp_state,
+ TALLOC_CTX *mem_ctx,
DATA_BLOB *user_session_key,
DATA_BLOB *lm_session_key)
{
struct gensec_ntlmssp_context *gensec_ntlmssp =
@@ -188,11 +189,15 @@ static NTSTATUS auth_ntlmssp_check_password(struct
ntlmssp_state *ntlmssp_state,
DEBUG(10, ("Got NT session key of length %u\n",
(unsigned)gensec_ntlmssp->server_info->user_session_key.length));
*user_session_key =
gensec_ntlmssp->server_info->user_session_key;
+ talloc_steal(mem_ctx, user_session_key->data);
+ gensec_ntlmssp->server_info->user_session_key = data_blob_null;
}
if (gensec_ntlmssp->server_info->lm_session_key.length) {
DEBUG(10, ("Got LM session key of length %u\n",
(unsigned)gensec_ntlmssp->server_info->lm_session_key.length));
*lm_session_key = gensec_ntlmssp->server_info->lm_session_key;
+ talloc_steal(mem_ctx, lm_session_key->data);
+ gensec_ntlmssp->server_info->lm_session_key = data_blob_null;
}
return nt_status;
}
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index 8e311b4..68f1e4b 100644
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -1041,7 +1041,6 @@ static krb5_error_code
samba_kdc_fetch_krbtgt(krb5_context context,
krb5_error_code ret;
struct ldb_message *msg = NULL;
struct ldb_dn *realm_dn = ldb_get_default_basedn(kdc_db_ctx->samdb);
- const char *realm;
krb5_principal alloc_principal = NULL;
if (principal->name.name_string.len != 2
@@ -1109,6 +1108,7 @@ static krb5_error_code
samba_kdc_fetch_krbtgt(krb5_context context,
} else {
enum trust_direction direction = UNKNOWN;
+ const char *realm = NULL;
/* Either an inbound or outbound trust */
@@ -1116,12 +1116,16 @@ static krb5_error_code
samba_kdc_fetch_krbtgt(krb5_context context,
/* look for inbound trust */
direction = INBOUND;
realm = principal->name.name_string.val[1];
- }
-
- if (strcasecmp(lpcfg_realm(lp_ctx),
principal->name.name_string.val[1]) == 0) {
+ } else if (strcasecmp(lpcfg_realm(lp_ctx),
principal->name.name_string.val[1]) == 0) {
/* look for outbound trust */
direction = OUTBOUND;
realm = principal->realm;
+ } else {
+ krb5_warnx(context, "samba_kdc_fetch: not our realm for
trusts ('%s', '%s')",
+ principal->realm,
principal->name.name_string.val[1]);
+ krb5_set_error_message(context, HDB_ERR_NOENTRY,
"samba_kdc_fetch: not our realm for trusts ('%s', '%s')",
+ principal->realm,
principal->name.name_string.val[1]);
+ return HDB_ERR_NOENTRY;
}
/* Trusted domains are under CN=system */
diff --git a/source4/rpc_server/dcerpc_server.c
b/source4/rpc_server/dcerpc_server.c
index 09b9b2a..7bd8dca 100644
--- a/source4/rpc_server/dcerpc_server.c
+++ b/source4/rpc_server/dcerpc_server.c
@@ -944,6 +944,30 @@ static NTSTATUS dcesrv_alter(struct dcesrv_call_state
*call)
}
/*
+ possibly save the call for inspection with ndrdump
+ */
+static void dcesrv_save_call(struct dcesrv_call_state *call, const char *why)
+{
+#ifdef DEVELOPER
+ char *fname;
+ char *dump_dir;
+ dump_dir = lpcfg_parm_string(call->conn->dce_ctx->lp_ctx, NULL,
"dcesrv", "stubs directory");
+ if (!dump_dir) {
+ return;
+ }
+ fname = talloc_asprintf(call, "%s/RPC-%s-%u-%s.dat",
+ dump_dir,
+ call->context->iface->name,
+ call->pkt.u.request.opnum,
+ why);
+ if (file_save(fname, call->pkt.u.request.stub_and_verifier.data,
call->pkt.u.request.stub_and_verifier.length)) {
+ DEBUG(0,("RPC SAVED %s\n", fname));
+ }
+ talloc_free(fname);
+#endif
+}
+
+/*
handle a dcerpc request packet
*/
--
Samba Shared Repository
