[SCM] Samba Shared Repository - branch v4-0-test updated

Karolin Seeger Tue, 30 Apr 2013 02:18:04 -0700

The branch, v4-0-test has been updated
       via  ae3aa28 BUG 9817: Fix 'map untrusted to domain' with NTLMv2.
       via  ad6f289 bug 9830: fix panic in nt_printer_publish_ads
       via  6886a68 s3:librpc: add support for PFC_FLAG_OBJECT_UUID when 
parsing packets (bug #9382)
      from  7e140cf Ensure the RECVFILE path in vfs_pwrite_data() operates on a 
blocking socket.


http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test


- Log -----------------------------------------------------------------
commit ae3aa281ab43f67d4f8337bafdefc08bd44712ea
Author: Andreas Schneider <a...@samba.org>
Date:   Wed Apr 24 15:27:21 2013 +0200

    BUG 9817: Fix 'map untrusted to domain' with NTLMv2.
    
    Signed-off-by: Andreas Schneider <a...@samba.org>
    Reviewed-by: Günther Deschner <g...@samba.org>
    Reviewed-by: Stefan Metzmacher <me...@samba.org>
    
    Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org>
    Autobuild-Date(master): Wed Apr 24 17:14:48 CEST 2013 on sn-devel-104
    
    Autobuild-User(v4-0-test): Karolin Seeger <ksee...@samba.org>
    Autobuild-Date(v4-0-test): Tue Apr 30 11:16:19 CEST 2013 on sn-devel-104

commit ad6f2896dc558e7020d2727ed559b71f1c857098
Author: David Disseldorp <dd...@samba.org>
Date:   Thu Apr 25 16:41:17 2013 +0200

    bug 9830: fix panic in nt_printer_publish_ads
    
    Check for ads_find_machine_acct() errors, to ensure a NULL LDAPMessage
    pointer doesn't get passed to ldap_get_dn().
    
    Signed-off-by: David Disseldorp <dd...@samba.org>
    Reviewed-By: Günther Deschner <g...@samba.org>

commit 6886a687388c33e48ce3c6caf7bd3cd392d6140e
Author: Stefan Metzmacher <me...@samba.org>
Date:   Mon Nov 12 10:16:50 2012 +0100

    s3:librpc: add support for PFC_FLAG_OBJECT_UUID when parsing packets (bug 
#9382)
    
    Now the logic matches the one in dcerpc_read_ncacn_packet_done().
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Michael Adam <ob...@samba.org>
    Reviewed-by: David Disseldorp <dd...@suse.de>

-----------------------------------------------------------------------

Summary of changes:
 source3/auth/auth_winbind.c         |   10 ++++++++--
 source3/librpc/rpc/dcerpc_helpers.c |    4 ++++
 source3/printing/nt_printing_ads.c  |   10 ++++++++--
 3 files changed, 20 insertions(+), 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c
index d4ace2c..2b5c84d 100644
--- a/source3/auth/auth_winbind.c
+++ b/source3/auth/auth_winbind.c
@@ -62,9 +62,15 @@ static NTSTATUS check_winbind_security(const struct 
auth_context *auth_context,
        }
 
        /* Send off request */
-
        params.account_name     = user_info->client.account_name;
-       params.domain_name      = user_info->mapped.domain_name;
+       /*
+        * We need to send the domain name from the client to the DC. With
+        * NTLMv2 the domain name is part of the hashed second challenge,
+        * if we change the domain name, the DC will fail to verify the
+        * challenge cause we changed the domain name, this is like a
+        * man in the middle attack.
+        */
+       params.domain_name      = user_info->client.domain_name;
        params.workstation_name = user_info->workstation_name;
 
        params.flags            = 0;
diff --git a/source3/librpc/rpc/dcerpc_helpers.c 
b/source3/librpc/rpc/dcerpc_helpers.c
index 5f8c793..d36c2da 100644
--- a/source3/librpc/rpc/dcerpc_helpers.c
+++ b/source3/librpc/rpc/dcerpc_helpers.c
@@ -111,6 +111,10 @@ NTSTATUS dcerpc_pull_ncacn_packet(TALLOC_CTX *mem_ctx,
                ndr->flags |= LIBNDR_FLAG_BIGENDIAN;
        }
 
+       if (CVAL(blob->data, DCERPC_PFC_OFFSET) & DCERPC_PFC_FLAG_OBJECT_UUID) {
+               ndr->flags |= LIBNDR_FLAG_OBJECT_PRESENT;
+       }
+
        ndr_err = ndr_pull_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, r);
 
        if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
diff --git a/source3/printing/nt_printing_ads.c 
b/source3/printing/nt_printing_ads.c
index b99a972..3a2baf4 100644
--- a/source3/printing/nt_printing_ads.c
+++ b/source3/printing/nt_printing_ads.c
@@ -192,17 +192,23 @@ static WERROR nt_printer_publish_ads(struct 
messaging_context *msg_ctx,
        DEBUG(5, ("publishing printer %s\n", printer));
 
        /* figure out where to publish */
-       ads_find_machine_acct(ads, &res, lp_netbios_name());
+       ads_rc = ads_find_machine_acct(ads, &res, lp_netbios_name());
+       if (!ADS_ERR_OK(ads_rc)) {
+               DEBUG(0, ("failed to find machine account for %s\n",
+                         lp_netbios_name()));
+               TALLOC_FREE(ctx);
+               return WERR_NOT_FOUND;
+       }
 
        /* We use ldap_get_dn here as we need the answer
         * in utf8 to call ldap_explode_dn(). JRA. */
 
        srv_dn_utf8 = ldap_get_dn((LDAP *)ads->ldap.ld, (LDAPMessage *)res);
+       ads_msgfree(ads, res);
        if (!srv_dn_utf8) {
                TALLOC_FREE(ctx);
                return WERR_SERVER_UNAVAILABLE;
        }
-       ads_msgfree(ads, res);
        srv_cn_utf8 = ldap_explode_dn(srv_dn_utf8, 1);
        if (!srv_cn_utf8) {
                TALLOC_FREE(ctx);


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-0-test updated

Reply via email to