The branch, master has been updated via aed4d063767 libcli smb smb1cli_trans: fix ubsan warning via 50cce842a23 docs: Add 'net gpo command' text in man net via eb093c5d2ac s3:winbind: Don't abort when receiving a NULL SID from d023b29876d selftest: Disable RTLD_DEEPBIND if running with ASAN
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit aed4d0637675629a33585a0198c8cbbb64371638 Author: Gary Lockyer <g...@catalyst.net.nz> Date: Thu Jun 6 08:40:42 2019 +1200 libcli smb smb1cli_trans: fix ubsan warning Fix ubsan warning null pointer passed as argument 2 when the source pointer is NULL. The calls to memcpy are now guarded by an if (len > 0) Signed-off-by: Gary Lockyer <g...@catalyst.net.nz> Reviewed-by: Andreas Schneider <a...@samba.org> Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org> Autobuild-Date(master): Wed Oct 16 18:00:31 UTC 2019 on sn-devel-184 commit 50cce842a230f82018be62fca8fe1374b9b0dcd1 Author: Amit Kumar <amitk...@redhat.com> Date: Thu Jun 6 01:54:31 2019 +0530 docs: Add 'net gpo command' text in man net This change adds contents to man net for 'net ads gpo' command set based on results got after executing: '# net ads gpo help' and subcommands BUG: https://bugzilla.samba.org/show_bug.cgi?id=13986 Signed-off-by: Amit Kumar <amitk...@redhat.com> Reviewed-by: Andreas Schneider <a...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit eb093c5d2ac77889215356ffabb915861cd4e9d5 Author: Amit Kumar <amitk...@redhat.com> Date: Fri May 31 18:57:52 2019 +0530 s3:winbind: Don't abort when receiving a NULL SID Source code in winbind_rpc.c states that if the trusted domain has no SID, winbindd just aborts the session. This happens with MIT Kerberos realm added as trust to AD and winbindd just returns without processing further as there is no SID returned for the Linux system having kerberos support. This fix makes winbindd to skip the domain having NULL SID instead of aborting the request completely. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13913 Signed-off-by: Amit Kumar <amitk...@redhat.com> Reviewed-by: Andreas Schneider <a...@samba.org> Reviewed-by: Guenther Deschner <g...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> ----------------------------------------------------------------------- Summary of changes: docs-xml/manpages/net.8.xml | 40 ++++++++++++++++++++++++++++++++++++++++ libcli/smb/smb1cli_trans.c | 6 ++++-- source3/winbindd/winbindd_rpc.c | 16 +++++++--------- 3 files changed, 51 insertions(+), 11 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml index f64efde0061..e585f247728 100644 --- a/docs-xml/manpages/net.8.xml +++ b/docs-xml/manpages/net.8.xml @@ -1334,6 +1334,46 @@ against an NT4 Domain Controller. </refsect2> +<refsect2> + +<title>ADS GPO</title> +<refsect3> +<title>ADS GPO APPLY <USERNAME|MACHINENAME> </title> +<para>Apply GPOs for a username or machine name. Either username or machine name should be provided to the command, not both. </para> +</refsect3> + +<refsect3> +<title>ADS GPO GETGPO [<replaceable>GPO</replaceable>]</title> +<para>List specified GPO.</para> +</refsect3> + +<refsect3> +<title>ADS GPO LINKADD [<replaceable>LINKDN</replaceable>] [<replaceable>GPODN</replaceable>]</title> +<para>Link a container to a GPO. <replaceable>LINKDN</replaceable> Container to link to a GPO. <replaceable>GPODN</replaceable> GPO to link container to. DNs must be provided properly escaped. See RFC 4514 for details.</para> +</refsect3> + +<refsect3> +<title>ADS GPO LINKGET [<replaceable>CONTAINER</replaceable>]</title> +<para>Lists gPLink of a containter.</para> +</refsect3> + +<refsect3> +<title>ADS GPO LIST <USERNAME|MACHINENAME> </title> +<para>Lists all GPOs for a username or machine name. Either username or machine name should be provided to the command, not both. </para> +</refsect3> + +<refsect3> +<title>ADS GPO LISTALL</title> +<para>Lists all GPOs on a DC.</para> +</refsect3> + +<refsect3> +<title>ADS GPO REFRESH [<replaceable>USERNAME</replaceable>] [<replaceable>MACHINENAME</replaceable>]</title> +<para>Lists all GPOs assigned to an account and download them. <replaceable>USERNAME</replaceable> User to refresh GPOs for. <replaceable>MACHINENAME</replaceable> Machine to refresh GPOs for.</para> +</refsect3> + +</refsect2> + <refsect2> <title>ADS LEAVE [--keep-account]</title> diff --git a/libcli/smb/smb1cli_trans.c b/libcli/smb/smb1cli_trans.c index c305463846d..99021ce2b47 100644 --- a/libcli/smb/smb1cli_trans.c +++ b/libcli/smb/smb1cli_trans.c @@ -351,8 +351,10 @@ static void smb1cli_trans_format(struct smb1cli_trans_state *state, SSVAL(vwv +12, 0, data_offset); SCVAL(vwv +13, 0, state->num_setup); SCVAL(vwv +13, 1, 0); /* reserved */ - memcpy(vwv + 14, state->setup, - sizeof(uint16_t) * state->num_setup); + if (state->num_setup > 0) { + memcpy(vwv + 14, state->setup, + sizeof(uint16_t) * state->num_setup); + } break; case SMBtranss: case SMBtranss2: diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index ffbaabcfe49..793ebe0df56 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -952,26 +952,24 @@ NTSTATUS rpc_trusted_domains(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } + if (dom_list_ex.domains[i].sid == NULL) { + DBG_ERR("Trusted domain %s has no SID, " + "skipping!\n", + trust->dns_name); + continue; + } + if (has_ex) { trust->netbios_name = talloc_move(array, &dom_list_ex.domains[i].netbios_name.string); trust->dns_name = talloc_move(array, &dom_list_ex.domains[i].domain_name.string); - if (dom_list_ex.domains[i].sid == NULL) { - DEBUG(0, ("Trusted Domain %s has no SID, aborting!\n", trust->dns_name)); - return NT_STATUS_INVALID_NETWORK_RESPONSE; - } sid_copy(sid, dom_list_ex.domains[i].sid); } else { trust->netbios_name = talloc_move(array, &dom_list.domains[i].name.string); trust->dns_name = NULL; - if (dom_list.domains[i].sid == NULL) { - DEBUG(0, ("Trusted Domain %s has no SID, aborting!\n", trust->netbios_name)); - return NT_STATUS_INVALID_NETWORK_RESPONSE; - } - sid_copy(sid, dom_list.domains[i].sid); } -- Samba Shared Repository