The branch, master has been updated
via 84d4270 nmblookup: Warn user if netbios name is too long.
via a782ae1 nss-wins: Do not lookup invalid netbios names
via a5e3a19 libsmb: Do not lookup invalid netbios names.
via eb05766 Revert "s3: smbd: signing. Ensure we respond correctly to
an SMB2 negprot with SMB2_NEGOTIATE_SIGNING_REQUIRED."
from c0a463d waf: Only build the wrappers if we enable selftest
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 84d4270c8e4ec18e9f83722d6df1a07f70acaade
Author: Andreas Schneider <a...@samba.org>
Date: Fri Jan 30 14:37:06 2015 +0100
nmblookup: Warn user if netbios name is too long.
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
Autobuild-User(master): Jeremy Allison <j...@samba.org>
Autobuild-Date(master): Tue Feb 24 01:01:10 CET 2015 on sn-devel-104
commit a782ae1da463433b6f5199acd0d093583780dd20
Author: Andreas Schneider <a...@samba.org>
Date: Fri Jan 30 14:29:26 2015 +0100
nss-wins: Do not lookup invalid netbios names
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit a5e3a198d0a1c36a3798935595e4844588caba68
Author: Andreas Schneider <a...@samba.org>
Date: Fri Jan 30 14:28:48 2015 +0100
libsmb: Do not lookup invalid netbios names.
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit eb05766a8c539b1b7d8de8481686556f6bdcc6db
Author: Jeremy Allison <j...@samba.org>
Date: Mon Feb 23 10:15:05 2015 -0800
Revert "s3: smbd: signing. Ensure we respond correctly to an SMB2 negprot
with SMB2_NEGOTIATE_SIGNING_REQUIRED."
Even though the MS-SMB2 spec says so, Windows doesn't behave
like this.
This reverts commit 1cea6e5b6f8c0e28d5ba2d296c831c4878fca304.
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: "Stefan (metze) Metzmacher" <me...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
libcli/nbt/tools/nmblookup.c | 13 +++++++++++++
nsswitch/wins.c | 14 +++++++++++++-
source3/libsmb/namequery.c | 17 ++++++++++++++---
source3/smbd/smb2_negprot.c | 3 +--
source3/smbd/smb2_sesssetup.c | 4 +---
source3/utils/nmblookup.c | 9 +++++++++
6 files changed, 51 insertions(+), 9 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/nbt/tools/nmblookup.c b/libcli/nbt/tools/nmblookup.c
index 9b875b0..afb81c7 100644
--- a/libcli/nbt/tools/nmblookup.c
+++ b/libcli/nbt/tools/nmblookup.c
@@ -32,6 +32,10 @@
#include "../libcli/nbt/libnbt.h"
#include "param/param.h"
+#include <string.h>
+
+#define MAX_NETBIOSNAME_LEN 16
+
/* command line options */
static struct {
const char *broadcast_address;
@@ -190,6 +194,7 @@ static bool process_one(struct loadparm_context *lp_ctx,
struct tevent_context *
struct socket_address *all_zero_addr;
struct nbt_name_socket *nbtsock;
NTSTATUS status = NT_STATUS_OK;
+ size_t nbt_len;
bool ret = true;
if (!options.case_sensitive) {
@@ -212,6 +217,14 @@ static bool process_one(struct loadparm_context *lp_ctx,
struct tevent_context *
node_name = talloc_strdup(tmp_ctx, name);
}
+ nbt_len = strlen(node_name);
+ if (nbt_len > MAX_NETBIOSNAME_LEN - 1) {
+ printf("The specified netbios name [%s] is too long.\n",
+ node_name);
+ talloc_free(tmp_ctx);
+ return false;
+ }
+
nbtsock = nbt_name_socket_init(tmp_ctx, ev);
if (options.root_port) {
diff --git a/nsswitch/wins.c b/nsswitch/wins.c
index d63968b..5127ee4 100644
--- a/nsswitch/wins.c
+++ b/nsswitch/wins.c
@@ -59,10 +59,12 @@ static void nss_wins_init(void)
static struct in_addr *lookup_byname_backend(const char *name, int *count)
{
- TALLOC_CTX *frame = talloc_stackframe();
+ TALLOC_CTX *frame;
struct sockaddr_storage *address = NULL;
struct in_addr *ret = NULL;
NTSTATUS status;
+ const char *p;
+ size_t nbt_len;
int j;
if (!initialised) {
@@ -71,6 +73,16 @@ static struct in_addr *lookup_byname_backend(const char
*name, int *count)
*count = 0;
+ nbt_len = strlen(name);
+ if (nbt_len > MAX_NETBIOSNAME_LEN - 1) {
+ return NULL;
+ }
+ p = strchr(name, '.');
+ if (p != NULL) {
+ return NULL;
+ }
+
+ frame = talloc_stackframe();
/* always try with wins first */
status = resolve_wins(name, 0x00, talloc_tos(),
&address, count);
diff --git a/source3/libsmb/namequery.c b/source3/libsmb/namequery.c
index c80e255..85af6ed 100644
--- a/source3/libsmb/namequery.c
+++ b/source3/libsmb/namequery.c
@@ -2566,6 +2566,8 @@ NTSTATUS internal_resolve_name(const char *name,
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
int i;
TALLOC_CTX *frame = NULL;
+ bool do_nbt_lookup = true;
+ size_t nbt_len;
*return_iplist = NULL;
*return_count = 0;
@@ -2626,6 +2628,15 @@ NTSTATUS internal_resolve_name(const char *name,
}
/* iterate through the name resolution backends */
+ nbt_len = strlen(name);
+ if (nbt_len > MAX_NETBIOSNAME_LEN - 1) {
+ do_nbt_lookup = false;
+ } else {
+ const char *p = strchr(name, '.');
+ if (p != NULL) {
+ do_nbt_lookup = false;
+ }
+ }
frame = talloc_stackframe();
for (i=0; resolve_order[i]; i++) {
@@ -2656,13 +2667,13 @@ NTSTATUS internal_resolve_name(const char *name,
if (NT_STATUS_IS_OK(status)) {
goto done;
}
- } else if(strequal( tok, "lmhosts")) {
+ } else if (do_nbt_lookup && strequal(tok, "lmhosts")) {
status = resolve_lmhosts(name, name_type,
return_iplist, return_count);
if (NT_STATUS_IS_OK(status)) {
goto done;
}
- } else if(strequal( tok, "wins")) {
+ } else if (do_nbt_lookup && strequal(tok, "wins")) {
/* don't resolve 1D via WINS */
struct sockaddr_storage *ss_list;
if (name_type != 0x1D) {
@@ -2679,7 +2690,7 @@ NTSTATUS internal_resolve_name(const char *name,
goto done;
}
}
- } else if(strequal( tok, "bcast")) {
+ } else if (do_nbt_lookup && strequal(tok, "bcast")) {
struct sockaddr_storage *ss_list;
status = name_resolve_bcast(
name, name_type, talloc_tos(),
diff --git a/source3/smbd/smb2_negprot.c b/source3/smbd/smb2_negprot.c
index 02f6882..9a1ca9c 100644
--- a/source3/smbd/smb2_negprot.c
+++ b/source3/smbd/smb2_negprot.c
@@ -221,8 +221,7 @@ NTSTATUS smbd_smb2_request_process_negprot(struct
smbd_smb2_request *req)
}
security_mode = SMB2_NEGOTIATE_SIGNING_ENABLED;
- if (lp_server_signing() == SMB_SIGNING_REQUIRED ||
- (in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED)) {
+ if (lp_server_signing() == SMB_SIGNING_REQUIRED) {
security_mode |= SMB2_NEGOTIATE_SIGNING_REQUIRED;
}
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index f918328..2f58e44 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -186,9 +186,7 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct
smbXsrv_session *session,
struct smbXsrv_connection *xconn = smb2req->xconn;
if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) ||
- lp_server_signing() == SMB_SIGNING_REQUIRED ||
- (xconn->smb2.server.security_mode &
- SMB2_NEGOTIATE_SIGNING_REQUIRED)) {
+ lp_server_signing() == SMB_SIGNING_REQUIRED) {
x->global->signing_required = true;
}
diff --git a/source3/utils/nmblookup.c b/source3/utils/nmblookup.c
index 78548e9..a119b3e 100644
--- a/source3/utils/nmblookup.c
+++ b/source3/utils/nmblookup.c
@@ -320,6 +320,7 @@ int main(int argc, const char *argv[])
while(poptPeekArg(pc)) {
char *p;
struct in_addr ip;
+ size_t nbt_len;
fstrcpy(lookup,poptGetArg(pc));
@@ -349,6 +350,14 @@ int main(int argc, const char *argv[])
sscanf(++p,"%x",&lookup_type);
}
+ nbt_len = strlen(lookup);
+ if (nbt_len > MAX_NETBIOSNAME_LEN - 1) {
+ d_printf("The specified netbios name [%s] is too
long!\n",
+ lookup);
+ continue;
+ }
+
+
if (!query_one(lookup, lookup_type)) {
rc = 1;
d_printf( "name_query failed to find name %s", lookup );
--
Samba Shared Repository
