The branch, v4-0-test has been updated via ae3aa28 BUG 9817: Fix 'map untrusted to domain' with NTLMv2. via ad6f289 bug 9830: fix panic in nt_printer_publish_ads via 6886a68 s3:librpc: add support for PFC_FLAG_OBJECT_UUID when parsing packets (bug #9382) from 7e140cf Ensure the RECVFILE path in vfs_pwrite_data() operates on a blocking socket.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log ----------------------------------------------------------------- commit ae3aa281ab43f67d4f8337bafdefc08bd44712ea Author: Andreas Schneider <a...@samba.org> Date: Wed Apr 24 15:27:21 2013 +0200 BUG 9817: Fix 'map untrusted to domain' with NTLMv2. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Günther Deschner <g...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org> Autobuild-Date(master): Wed Apr 24 17:14:48 CEST 2013 on sn-devel-104 Autobuild-User(v4-0-test): Karolin Seeger <ksee...@samba.org> Autobuild-Date(v4-0-test): Tue Apr 30 11:16:19 CEST 2013 on sn-devel-104 commit ad6f2896dc558e7020d2727ed559b71f1c857098 Author: David Disseldorp <dd...@samba.org> Date: Thu Apr 25 16:41:17 2013 +0200 bug 9830: fix panic in nt_printer_publish_ads Check for ads_find_machine_acct() errors, to ensure a NULL LDAPMessage pointer doesn't get passed to ldap_get_dn(). Signed-off-by: David Disseldorp <dd...@samba.org> Reviewed-By: Günther Deschner <g...@samba.org> commit 6886a687388c33e48ce3c6caf7bd3cd392d6140e Author: Stefan Metzmacher <me...@samba.org> Date: Mon Nov 12 10:16:50 2012 +0100 s3:librpc: add support for PFC_FLAG_OBJECT_UUID when parsing packets (bug #9382) Now the logic matches the one in dcerpc_read_ncacn_packet_done(). Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Michael Adam <ob...@samba.org> Reviewed-by: David Disseldorp <dd...@suse.de> ----------------------------------------------------------------------- Summary of changes: source3/auth/auth_winbind.c | 10 ++++++++-- source3/librpc/rpc/dcerpc_helpers.c | 4 ++++ source3/printing/nt_printing_ads.c | 10 ++++++++-- 3 files changed, 20 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c index d4ace2c..2b5c84d 100644 --- a/source3/auth/auth_winbind.c +++ b/source3/auth/auth_winbind.c @@ -62,9 +62,15 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context, } /* Send off request */ - params.account_name = user_info->client.account_name; - params.domain_name = user_info->mapped.domain_name; + /* + * We need to send the domain name from the client to the DC. With + * NTLMv2 the domain name is part of the hashed second challenge, + * if we change the domain name, the DC will fail to verify the + * challenge cause we changed the domain name, this is like a + * man in the middle attack. + */ + params.domain_name = user_info->client.domain_name; params.workstation_name = user_info->workstation_name; params.flags = 0; diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c index 5f8c793..d36c2da 100644 --- a/source3/librpc/rpc/dcerpc_helpers.c +++ b/source3/librpc/rpc/dcerpc_helpers.c @@ -111,6 +111,10 @@ NTSTATUS dcerpc_pull_ncacn_packet(TALLOC_CTX *mem_ctx, ndr->flags |= LIBNDR_FLAG_BIGENDIAN; } + if (CVAL(blob->data, DCERPC_PFC_OFFSET) & DCERPC_PFC_FLAG_OBJECT_UUID) { + ndr->flags |= LIBNDR_FLAG_OBJECT_PRESENT; + } + ndr_err = ndr_pull_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, r); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { diff --git a/source3/printing/nt_printing_ads.c b/source3/printing/nt_printing_ads.c index b99a972..3a2baf4 100644 --- a/source3/printing/nt_printing_ads.c +++ b/source3/printing/nt_printing_ads.c @@ -192,17 +192,23 @@ static WERROR nt_printer_publish_ads(struct messaging_context *msg_ctx, DEBUG(5, ("publishing printer %s\n", printer)); /* figure out where to publish */ - ads_find_machine_acct(ads, &res, lp_netbios_name()); + ads_rc = ads_find_machine_acct(ads, &res, lp_netbios_name()); + if (!ADS_ERR_OK(ads_rc)) { + DEBUG(0, ("failed to find machine account for %s\n", + lp_netbios_name())); + TALLOC_FREE(ctx); + return WERR_NOT_FOUND; + } /* We use ldap_get_dn here as we need the answer * in utf8 to call ldap_explode_dn(). JRA. */ srv_dn_utf8 = ldap_get_dn((LDAP *)ads->ldap.ld, (LDAPMessage *)res); + ads_msgfree(ads, res); if (!srv_dn_utf8) { TALLOC_FREE(ctx); return WERR_SERVER_UNAVAILABLE; } - ads_msgfree(ads, res); srv_cn_utf8 = ldap_explode_dn(srv_dn_utf8, 1); if (!srv_cn_utf8) { TALLOC_FREE(ctx); -- Samba Shared Repository