The branch, master has been updated via a26f535dedc s3:libads: Clear previous CLDAP ping flags when reusing the ADS_STRUCT via 4dde5e747d2 s3:libnet: Fix talloc frame not freed in order via 11e0eb6f938 s3:libads: Print 'gc' and 'no_fallback' fields in ndr_print_ads_struct() via 02a9a160e2d python/gp_cert_auto_enroll: Fix bitwise test in expression via 3bb6b05781f s3:lib: Fix use_after_free: Using freed pointer "p" from d19dfe1efb2 third_party: Update waf to version 2.0.24
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit a26f535dedc651afa2a25dd37113ac71787197ff Author: Samuel Cabrero <scabr...@suse.de> Date: Mon May 23 14:11:24 2022 +0200 s3:libads: Clear previous CLDAP ping flags when reusing the ADS_STRUCT Before commit 1d066f37b9217a475b6b84a935ad51fbec88fe04, when the LDAP connection wasn't established yet (ads->ldap.ld == NULL), the ads_current_time() function always allocated and initialized a new ADS_STRUCT even when ads->ldap.ss had a good address after having called ads_find_dc(). After that commit, when the ADS_STRUCT is reused and passed to the ads_connect() call, ads_try_connect() may fail depending on the contacted DC because ads->config.flags field can contain the flags returned by the previous CLDAP call. For example, when having 5 DCs: * 192.168.101.31 has PDC FSMO role * 192.168.101.32 * 192.168.101.33 * 192.168.101.34 * 192.168.101.35 $> net ads info -S 192.168.101.35 net_ads_info() ads_startup_nobind() ads_startup_int() ads_init() ads_connect() ads_try_connect(192.168.101.35) check_cldap_reply_required_flags(returned=0xF1FC, required=0x0) ads_current_time() ads_connect() ads_try_connect(192.168.101.35) check_cldap_reply_required_flags(returned=0xF1FC, required=0xF1FC) The check_cldap_reply_required_flags() call fails because ads->config.flags contain the flags returned by the previous CLDAP call, even when the returned and required values match because they have different semantics: if (req_flags & DS_PDC_REQUIRED) RETURN_ON_FALSE(ret_flags & NBT_SERVER_PDC); translates to: if (0xF1FC & 0x80) RETURN_ON_FALSE(0xF1FC & 0x01); which returns false because 192.168.101.35 has no PDC FSMO role. The easiest fix for now is to reset ads->config.flags in ads_current_time() when reusing an ADS_STRUCT before calling ads_connect(), but we should consider storing the required and returned flags in different fields or at least use the same bitmap for them because check_cldap_reply_required_flags() is checking a netr_DsRGetDCName_flags value using the nbt_server_type bitmap. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14674 Signed-off-by: Samuel Cabrero <scabr...@samba.org> Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Mon May 23 19:18:38 UTC 2022 on sn-devel-184 commit 4dde5e747d2633f88eb4cc17d81f6dc4218b32be Author: Samuel Cabrero <scabr...@suse.de> Date: Mon May 23 11:51:32 2022 +0200 s3:libnet: Fix talloc frame not freed in order Signed-off-by: Samuel Cabrero <scabr...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 11e0eb6f938002d93169c0293d7ec5e0488df307 Author: Samuel Cabrero <scabr...@suse.de> Date: Mon May 23 11:43:29 2022 +0200 s3:libads: Print 'gc' and 'no_fallback' fields in ndr_print_ads_struct() Signed-off-by: Samuel Cabrero <scabr...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 02a9a160e2d6d14b6dc04dcda1a136484f5edd95 Author: Pavel Filipenský <pfili...@redhat.com> Date: Mon May 23 13:10:31 2022 +0200 python/gp_cert_auto_enroll: Fix bitwise test in expression Found by covscan. result_independent_of_operands: "(e.data & 4) == 1" is always false regardless of the values of its operands. This occurs as the operand of assignment. Signed-off-by: Pavel Filipenský <pfili...@redhat.com> Reviewed-by: Andreas Schneider <a...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 3bb6b05781fa79de697d859d18c4fc252831fdef Author: Pavel Filipenský <pfili...@redhat.com> Date: Mon May 23 12:57:42 2022 +0200 s3:lib: Fix use_after_free: Using freed pointer "p" Found by covscan. Signed-off-by: Pavel Filipenský <pfili...@redhat.com> Reviewed-by: Andreas Schneider <a...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> ----------------------------------------------------------------------- Summary of changes: python/samba/gp_cert_auto_enroll_ext.py | 6 +++--- source3/lib/netapi/examples/common.c | 1 + source3/libads/ldap.c | 7 +++++++ source3/libads/ndr.c | 2 ++ source3/libnet/libnet_join.c | 2 +- 5 files changed, 14 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/python/samba/gp_cert_auto_enroll_ext.py b/python/samba/gp_cert_auto_enroll_ext.py index 680525c9ced..585dc560550 100644 --- a/python/samba/gp_cert_auto_enroll_ext.py +++ b/python/samba/gp_cert_auto_enroll_ext.py @@ -358,9 +358,9 @@ class gp_cert_auto_enroll_ext(gp_pol_ext): # This policy applies as specified in [MS-CAESO] 4.4.5.1 if e.data == 0x8000: continue # The policy is disabled - enroll = e.data & 0x1 == 1 - manage = e.data & 0x2 == 1 - retrive_pending = e.data & 0x4 == 1 + enroll = e.data & 0x1 == 0x1 + manage = e.data & 0x2 == 0x2 + retrive_pending = e.data & 0x4 == 0x4 if enroll: self.__enroll(pol_conf.entries, trust_dir, private_dir) diff --git a/source3/lib/netapi/examples/common.c b/source3/lib/netapi/examples/common.c index 66b2bd3b6d0..72d7150b4ea 100644 --- a/source3/lib/netapi/examples/common.c +++ b/source3/lib/netapi/examples/common.c @@ -140,6 +140,7 @@ char *netapi_read_file(const char *filename, uint32_t *psize) tmp = realloc(p, sizeof(char) * newbufsize); if (tmp == NULL) { free(p); + p = NULL; goto fail; } p = tmp; diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 647cdbd0459..6caeebe6037 100755 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -3305,6 +3305,13 @@ ADS_STATUS ads_current_time(ADS_STRUCT *ads) goto done; } } + + /* + * Reset ads->config.flags as it can contain the flags + * returned by the previous CLDAP ping when reusing the struct. + */ + ads_s->config.flags = 0; + ads_s->auth.flags = ADS_AUTH_ANON_BIND; status = ads_connect( ads_s ); if ( !ADS_ERR_OK(status)) diff --git a/source3/libads/ndr.c b/source3/libads/ndr.c index 1b586c34282..07f0f7e948a 100644 --- a/source3/libads/ndr.c +++ b/source3/libads/ndr.c @@ -51,6 +51,8 @@ void ndr_print_ads_struct(struct ndr_print *ndr, const char *name, const struct ndr_print_string(ndr, "realm", r->server.realm); ndr_print_string(ndr, "workgroup", r->server.workgroup); ndr_print_string(ndr, "ldap_server", r->server.ldap_server); + ndr_print_bool(ndr, "gc", r->server.gc); + ndr_print_bool(ndr, "no_fallback", r->server.no_fallback); ndr->depth--; ndr_print_struct(ndr, name, "auth"); ndr->depth++; diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 5069e7546ef..f59fea992b8 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -543,7 +543,7 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx, status = libnet_join_find_machine_acct(mem_ctx, r); if (!ADS_ERR_OK(status)) { - return status; + goto done; } status = libnet_join_get_machine_spns(frame, -- Samba Shared Repository