[Pkg-samba-maint] r3614 - in trunk/samba: . lib/util/charset libcli/auth librpc/gen_ndr librpc/ndr nsswitch packaging/RHEL packaging/RHEL-CTDB pidl/lib/Parse/Pidl/Samba3 source3 source3/include source3/lib source3/lib/netapi source3/libads source3/libsmb source3/modules source3/printing source3/registry source3/rpc_client source3/rpc_server source3/rpcclient source3/smbd source3/utils source3/winbindd
bubulle at alioth.debian.org
bubulle at alioth.debian.org
Sun Oct 10 07:35:35 UTC 2010
Author: bubulle
Date: 2010-10-10 07:35:30 +0000 (Sun, 10 Oct 2010)
New Revision: 3614
Modified:
trunk/samba/WHATSNEW.txt
trunk/samba/lib/util/charset/charset.h
trunk/samba/libcli/auth/credentials.c
trunk/samba/libcli/auth/proto.h
trunk/samba/librpc/gen_ndr/cli_epmapper.c
trunk/samba/librpc/gen_ndr/cli_ntsvcs.c
trunk/samba/librpc/gen_ndr/cli_winreg.c
trunk/samba/librpc/ndr/libndr.h
trunk/samba/librpc/ndr/uuid.c
trunk/samba/nsswitch/wb_common.c
trunk/samba/packaging/RHEL-CTDB/samba.spec
trunk/samba/packaging/RHEL/makerpms.sh
trunk/samba/packaging/RHEL/samba.spec
trunk/samba/pidl/lib/Parse/Pidl/Samba3/ClientNDR.pm
trunk/samba/source3/Makefile.in
trunk/samba/source3/VERSION
trunk/samba/source3/configure
trunk/samba/source3/configure.in
trunk/samba/source3/include/config.h.in
trunk/samba/source3/include/proto.h
trunk/samba/source3/include/version.h
trunk/samba/source3/lib/netapi/cm.c
trunk/samba/source3/lib/netapi/netapi_private.h
trunk/samba/source3/lib/system.c
trunk/samba/source3/lib/tdb_validate.c
trunk/samba/source3/libads/sasl.c
trunk/samba/source3/libsmb/cliconnect.c
trunk/samba/source3/libsmb/clikrb5.c
trunk/samba/source3/libsmb/climessage.c
trunk/samba/source3/libsmb/clispnego.c
trunk/samba/source3/libsmb/nmblib.c
trunk/samba/source3/modules/vfs_acl_common.c
trunk/samba/source3/printing/load.c
trunk/samba/source3/printing/nt_printing.c
trunk/samba/source3/registry/reg_api.c
trunk/samba/source3/rpc_client/cli_pipe.c
trunk/samba/source3/rpc_client/init_spoolss.c
trunk/samba/source3/rpc_server/srv_pipe.c
trunk/samba/source3/rpc_server/srv_spoolss_nt.c
trunk/samba/source3/rpc_server/srv_winreg_nt.c
trunk/samba/source3/rpcclient/cmd_spoolss.c
trunk/samba/source3/rpcclient/rpcclient.c
trunk/samba/source3/smbd/fileio.c
trunk/samba/source3/smbd/notify.c
trunk/samba/source3/smbd/open.c
trunk/samba/source3/smbd/oplock.c
trunk/samba/source3/smbd/process.c
trunk/samba/source3/smbd/reply.c
trunk/samba/source3/smbd/sesssetup.c
trunk/samba/source3/smbd/trans2.c
trunk/samba/source3/utils/net_ads.c
trunk/samba/source3/utils/net_rpc_printer.c
trunk/samba/source3/utils/net_rpc_registry.c
trunk/samba/source3/utils/profiles.c
trunk/samba/source3/utils/smbfilter.c
trunk/samba/source3/winbindd/winbindd_cm.c
trunk/samba/source3/winbindd/winbindd_dual_srv.c
trunk/samba/source3/winbindd/winbindd_pam.c
Log:
merge upstream 3.5.6
Modified: trunk/samba/WHATSNEW.txt
===================================================================
--- trunk/samba/WHATSNEW.txt 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/WHATSNEW.txt 2010-10-10 07:35:30 UTC (rev 3614)
@@ -1,4 +1,103 @@
=============================
+ Release Notes for Samba 3.5.6
+ October 8, 2010
+ =============================
+
+
+This is the latest stable release of Samba 3.5.
+
+Major enhancements in Samba 3.5.6 include:
+
+ o Fix smbd panic on invalid NetBIOS session request (bug #7698).
+ o Fix smbd crash caused by "%D" in "printer admin" (bug #7541).
+ o Fix crash bug with invalid SPNEGO token (bug #7694).
+ o Fix Winbind internal error (bug #7636).
+
+
+Changes since 3.5.5
+-------------------
+
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 7577: Fix SPNEGO auth when contacting Win7 system using Microsoft Live
+ Sign-in Assistant.
+ * BUG 7578: Fix 'net idmap restore' setting HWM to avoid duplicates.
+ * BUG 7581: Fix "admin users" when using vfs_acl_xattr.
+ * BUG 7583: Fix smbclient to connect to Alfresco JLAN CIFS server using
+ Kerberos.
+ * BUG 7589: Fix using cached credentials in ntlm_auth.
+ * BUG 7590: Fix Winbind offline login.
+ * BUG 7617: Fix smbd coredump due to uninitialized variables in the
+ performance counter code.
+ * BUG 7636: Fix Winbind internal error.
+ * BUG 7651: Fix mknod and mkfifo failing with "No such file or
+ directory".
+ * BUG 7693: Fix smbd changing mode of files on rename.
+ * BUG 7694: Fix crash bug with invalid SPNEGO token.
+ * BUG 7698: Fix smbd panic on invalid NetBIOS session request.
+
+
+o Günther Deschner <gd at samba.org>
+ * BUG 7541: Fix smbd crash caused by "%D" in "printer admin".
+ * BUG 7568: Make sure cm_connect_lsa_tcp does not reset the secure channel.
+ * BUG 7658: Fix "dereferencing type-punned pointer will break
+ strict-aliasing rules" warnings).
+ * BUG 7665: Fix memory leak in netapi connection manager.
+
+
+o Björn Jacke <bj at sernet.de>
+ * BUG 7244: Fall back to cups-config for underlinked libs.
+ * BUG 7474: Fix build on platforms without st_blocks and st_blksize stat
+ struct members.
+
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 7336: Enable idmap_passdb module build as shared.
+ * BUG 7531: Fix the charset_pull routine.
+ * BUG 7635: Fix 'smbclient -M'.
+ * BUG 7656: Fix scalability problem with hundreds of printers.
+ * BUG 7684: Fix fd leak in libwbclient.so.
+ * BUG 7688: Fix crash bug in rpcclient.
+ * BUG 7470: Standardize S_IREAD and S_IWRITE.
+ * BUG 7715: Fix file corruption when setting Samba "write wache wize".
+
+
+o Jim McDonough <jmcd at samba.org>
+ * BUG 7280: Fix auto printers with registry config.
+
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 7538: Fix GUID_from_data_blob() with length of 32.
+
+
+o Chere Zhou <chere.zhou at isilon.com>
+ * BUG 7662: Align change notify replies on 4-byte boundary.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.5 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+ =============================
Release Notes for Samba 3.5.5
September 14, 2010
=============================
@@ -50,9 +149,9 @@
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
=============================
Release Notes for Samba 3.5.4
June 23, 2010
Modified: trunk/samba/lib/util/charset/charset.h
===================================================================
--- trunk/samba/lib/util/charset/charset.h 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/lib/util/charset/charset.h 2010-10-10 07:35:30 UTC (rev 3614)
@@ -242,7 +242,7 @@
char **outbuf, size_t *outbytesleft) \
{ \
while (*inbytesleft >= 1 && *outbytesleft >= 2) { \
- *(uint16*)(*outbuf) = to_ucs2[((unsigned char*)(*inbuf))[0]]; \
+ SSVAL(*outbuf, 0, to_ucs2[((unsigned char*)(*inbuf))[0]]); \
(*inbytesleft) -= 1; \
(*outbytesleft) -= 2; \
(*inbuf) += 1; \
Modified: trunk/samba/libcli/auth/credentials.c
===================================================================
--- trunk/samba/libcli/auth/credentials.c 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/libcli/auth/credentials.c 2010-10-10 07:35:30 UTC (rev 3614)
@@ -24,6 +24,7 @@
#include "system/time.h"
#include "../lib/crypto/crypto.h"
#include "libcli/auth/libcli_auth.h"
+#include "../libcli/security/dom_sid.h"
static void netlogon_creds_step_crypt(struct netlogon_creds_CredentialState *creds,
const struct netr_Credential *in,
@@ -202,7 +203,7 @@
struct netr_Credential *initial_credential,
uint32_t negotiate_flags)
{
- struct netlogon_creds_CredentialState *creds = talloc(mem_ctx, struct netlogon_creds_CredentialState);
+ struct netlogon_creds_CredentialState *creds = talloc_zero(mem_ctx, struct netlogon_creds_CredentialState);
if (!creds) {
return NULL;
@@ -453,3 +454,46 @@
}
}
+/*
+ copy a netlogon_creds_CredentialState struct
+*/
+
+struct netlogon_creds_CredentialState *netlogon_creds_copy(TALLOC_CTX *mem_ctx,
+ struct netlogon_creds_CredentialState *creds_in)
+{
+ struct netlogon_creds_CredentialState *creds = talloc_zero(mem_ctx, struct netlogon_creds_CredentialState);
+
+ if (!creds) {
+ return NULL;
+ }
+
+ creds->sequence = creds_in->sequence;
+ creds->negotiate_flags = creds_in->negotiate_flags;
+ creds->secure_channel_type = creds_in->secure_channel_type;
+
+ creds->computer_name = talloc_strdup(creds, creds_in->computer_name);
+ if (!creds->computer_name) {
+ talloc_free(creds);
+ return NULL;
+ }
+ creds->account_name = talloc_strdup(creds, creds_in->account_name);
+ if (!creds->account_name) {
+ talloc_free(creds);
+ return NULL;
+ }
+
+ if (creds_in->sid) {
+ creds->sid = dom_sid_dup(creds, creds_in->sid);
+ if (!creds->sid) {
+ talloc_free(creds);
+ return NULL;
+ }
+ }
+
+ memcpy(creds->session_key, creds_in->session_key, sizeof(creds->session_key));
+ memcpy(creds->seed.data, creds_in->seed.data, sizeof(creds->seed.data));
+ memcpy(creds->client.data, creds_in->client.data, sizeof(creds->client.data));
+ memcpy(creds->server.data, creds_in->server.data, sizeof(creds->server.data));
+
+ return creds;
+}
Modified: trunk/samba/libcli/auth/proto.h
===================================================================
--- trunk/samba/libcli/auth/proto.h 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/libcli/auth/proto.h 2010-10-10 07:35:30 UTC (rev 3614)
@@ -35,6 +35,8 @@
struct netr_Authenticator *next);
bool netlogon_creds_client_check(struct netlogon_creds_CredentialState *creds,
const struct netr_Credential *received_credentials);
+struct netlogon_creds_CredentialState *netlogon_creds_copy(TALLOC_CTX *mem_ctx,
+ struct netlogon_creds_CredentialState *creds_in);
/*****************************************************************
The above functions are common to the client and server interface
Modified: trunk/samba/librpc/gen_ndr/cli_epmapper.c
===================================================================
--- trunk/samba/librpc/gen_ndr/cli_epmapper.c 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/librpc/gen_ndr/cli_epmapper.c 2010-10-10 07:35:30 UTC (rev 3614)
@@ -380,7 +380,11 @@
/* Copy out parameters */
*state->orig.out.entry_handle = *state->tmp.out.entry_handle;
*state->orig.out.num_ents = *state->tmp.out.num_ents;
- memcpy(state->orig.out.entries, state->tmp.out.entries, (state->tmp.in.max_ents) * sizeof(*state->orig.out.entries));
+ if ((*state->tmp.out.num_ents) > (state->tmp.in.max_ents)) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+ memcpy(state->orig.out.entries, state->tmp.out.entries, (*state->tmp.out.num_ents) * sizeof(*state->orig.out.entries));
/* Copy result */
state->orig.out.result = state->tmp.out.result;
@@ -453,7 +457,10 @@
/* Return variables */
*entry_handle = *r.out.entry_handle;
*num_ents = *r.out.num_ents;
- memcpy(entries, r.out.entries, (r.in.max_ents) * sizeof(*entries));
+ if ((*r.out.num_ents) > (r.in.max_ents)) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+ memcpy(entries, r.out.entries, (*r.out.num_ents) * sizeof(*entries));
/* Return result */
return NT_STATUS_OK;
@@ -549,7 +556,11 @@
/* Copy out parameters */
*state->orig.out.entry_handle = *state->tmp.out.entry_handle;
*state->orig.out.num_towers = *state->tmp.out.num_towers;
- memcpy(state->orig.out.towers, state->tmp.out.towers, (state->tmp.in.max_towers) * sizeof(*state->orig.out.towers));
+ if ((*state->tmp.out.num_towers) > (state->tmp.in.max_towers)) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+ memcpy(state->orig.out.towers, state->tmp.out.towers, (*state->tmp.out.num_towers) * sizeof(*state->orig.out.towers));
/* Copy result */
state->orig.out.result = state->tmp.out.result;
@@ -618,7 +629,10 @@
/* Return variables */
*entry_handle = *r.out.entry_handle;
*num_towers = *r.out.num_towers;
- memcpy(towers, r.out.towers, (r.in.max_towers) * sizeof(*towers));
+ if ((*r.out.num_towers) > (r.in.max_towers)) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+ memcpy(towers, r.out.towers, (*r.out.num_towers) * sizeof(*towers));
/* Return result */
return NT_STATUS_OK;
Modified: trunk/samba/librpc/gen_ndr/cli_ntsvcs.c
===================================================================
--- trunk/samba/librpc/gen_ndr/cli_ntsvcs.c 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/librpc/gen_ndr/cli_ntsvcs.c 2010-10-10 07:35:30 UTC (rev 3614)
@@ -1459,7 +1459,11 @@
}
/* Copy out parameters */
- memcpy(state->orig.out.buffer, state->tmp.out.buffer, (*state->tmp.in.length) * sizeof(*state->orig.out.buffer));
+ if ((*state->tmp.out.length) > (*state->tmp.in.length)) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+ memcpy(state->orig.out.buffer, state->tmp.out.buffer, (*state->tmp.out.length) * sizeof(*state->orig.out.buffer));
*state->orig.out.length = *state->tmp.out.length;
/* Copy result */
@@ -1525,7 +1529,10 @@
}
/* Return variables */
- memcpy(buffer, r.out.buffer, (*r.in.length) * sizeof(*buffer));
+ if ((*r.out.length) > (*r.in.length)) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+ memcpy(buffer, r.out.buffer, (*r.out.length) * sizeof(*buffer));
*length = *r.out.length;
/* Return result */
@@ -1918,7 +1925,11 @@
/* Copy out parameters */
*state->orig.out.reg_data_type = *state->tmp.out.reg_data_type;
- memcpy(state->orig.out.buffer, state->tmp.out.buffer, (*state->tmp.in.buffer_size) * sizeof(*state->orig.out.buffer));
+ if ((*state->tmp.out.buffer_size) > (*state->tmp.in.buffer_size)) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+ memcpy(state->orig.out.buffer, state->tmp.out.buffer, (*state->tmp.out.buffer_size) * sizeof(*state->orig.out.buffer));
*state->orig.out.buffer_size = *state->tmp.out.buffer_size;
*state->orig.out.needed = *state->tmp.out.needed;
@@ -1992,7 +2003,10 @@
/* Return variables */
*reg_data_type = *r.out.reg_data_type;
- memcpy(buffer, r.out.buffer, (*r.in.buffer_size) * sizeof(*buffer));
+ if ((*r.out.buffer_size) > (*r.in.buffer_size)) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+ memcpy(buffer, r.out.buffer, (*r.out.buffer_size) * sizeof(*buffer));
*buffer_size = *r.out.buffer_size;
*needed = *r.out.needed;
Modified: trunk/samba/librpc/gen_ndr/cli_winreg.c
===================================================================
--- trunk/samba/librpc/gen_ndr/cli_winreg.c 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/librpc/gen_ndr/cli_winreg.c 2010-10-10 07:35:30 UTC (rev 3614)
@@ -1668,7 +1668,15 @@
*state->orig.out.type = *state->tmp.out.type;
}
if (state->orig.out.value && state->tmp.out.value) {
- memcpy(state->orig.out.value, state->tmp.out.value, (*state->tmp.in.size) * sizeof(*state->orig.out.value));
+ if ((*state->tmp.out.size) > (*state->tmp.in.size)) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+ if ((*state->tmp.out.length) > (*state->tmp.out.size)) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+ memcpy(state->orig.out.value, state->tmp.out.value, (*state->tmp.out.length) * sizeof(*state->orig.out.value));
}
if (state->orig.out.size && state->tmp.out.size) {
*state->orig.out.size = *state->tmp.out.size;
@@ -1752,7 +1760,13 @@
*type = *r.out.type;
}
if (value && r.out.value) {
- memcpy(value, r.out.value, (*r.in.size) * sizeof(*value));
+ if ((*r.out.size) > (*r.in.size)) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+ if ((*r.out.length) > (*r.out.size)) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+ memcpy(value, r.out.value, (*r.out.length) * sizeof(*value));
}
if (size && r.out.size) {
*size = *r.out.size;
@@ -2823,7 +2837,15 @@
*state->orig.out.type = *state->tmp.out.type;
}
if (state->orig.out.data && state->tmp.out.data) {
- memcpy(state->orig.out.data, state->tmp.out.data, (state->tmp.in.data_size?*state->tmp.in.data_size:0) * sizeof(*state->orig.out.data));
+ if ((state->tmp.out.data_size?*state->tmp.out.data_size:0) > (state->tmp.in.data_size?*state->tmp.in.data_size:0)) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+ if ((state->tmp.out.data_length?*state->tmp.out.data_length:0) > (state->tmp.out.data_size?*state->tmp.out.data_size:0)) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+ memcpy(state->orig.out.data, state->tmp.out.data, (state->tmp.out.data_length?*state->tmp.out.data_length:0) * sizeof(*state->orig.out.data));
}
if (state->orig.out.data_size && state->tmp.out.data_size) {
*state->orig.out.data_size = *state->tmp.out.data_size;
@@ -2904,7 +2926,13 @@
*type = *r.out.type;
}
if (data && r.out.data) {
- memcpy(data, r.out.data, (r.in.data_size?*r.in.data_size:0) * sizeof(*data));
+ if ((r.out.data_size?*r.out.data_size:0) > (r.in.data_size?*r.in.data_size:0)) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+ if ((r.out.data_length?*r.out.data_length:0) > (r.out.data_size?*r.out.data_size:0)) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+ memcpy(data, r.out.data, (r.out.data_length?*r.out.data_length:0) * sizeof(*data));
}
if (data_size && r.out.data_size) {
*data_size = *r.out.data_size;
@@ -4629,7 +4657,11 @@
/* Copy out parameters */
memcpy(state->orig.out.values, state->tmp.out.values, (state->tmp.in.num_values) * sizeof(*state->orig.out.values));
if (state->orig.out.buffer && state->tmp.out.buffer) {
- memcpy(state->orig.out.buffer, state->tmp.out.buffer, (*state->tmp.in.buffer_size) * sizeof(*state->orig.out.buffer));
+ if ((*state->tmp.out.buffer_size) > (*state->tmp.in.buffer_size)) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+ memcpy(state->orig.out.buffer, state->tmp.out.buffer, (*state->tmp.out.buffer_size) * sizeof(*state->orig.out.buffer));
}
*state->orig.out.buffer_size = *state->tmp.out.buffer_size;
@@ -4701,7 +4733,10 @@
/* Return variables */
memcpy(values, r.out.values, (r.in.num_values) * sizeof(*values));
if (buffer && r.out.buffer) {
- memcpy(buffer, r.out.buffer, (*r.in.buffer_size) * sizeof(*buffer));
+ if ((*r.out.buffer_size) > (*r.in.buffer_size)) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+ memcpy(buffer, r.out.buffer, (*r.out.buffer_size) * sizeof(*buffer));
}
*buffer_size = *r.out.buffer_size;
Modified: trunk/samba/librpc/ndr/libndr.h
===================================================================
--- trunk/samba/librpc/ndr/libndr.h 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/librpc/ndr/libndr.h 2010-10-10 07:35:30 UTC (rev 3614)
@@ -543,6 +543,7 @@
/* GUIDs */
bool GUID_equal(const struct GUID *u1, const struct GUID *u2);
+NTSTATUS GUID_from_ndr_blob(const DATA_BLOB *b, struct GUID *guid);
NTSTATUS GUID_from_data_blob(const DATA_BLOB *s, struct GUID *guid);
NTSTATUS GUID_from_string(const char *s, struct GUID *guid);
NTSTATUS NS_GUID_from_string(const char *s, struct GUID *guid);
Modified: trunk/samba/librpc/ndr/uuid.c
===================================================================
--- trunk/samba/librpc/ndr/uuid.c 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/librpc/ndr/uuid.c 2010-10-10 07:35:30 UTC (rev 3614)
@@ -25,7 +25,26 @@
#include "librpc/ndr/libndr.h"
#include "librpc/gen_ndr/ndr_misc.h"
+
/**
+ build a GUID from a NDR data blob
+*/
+_PUBLIC_ NTSTATUS GUID_from_ndr_blob(const DATA_BLOB *b, struct GUID *guid)
+{
+ enum ndr_err_code ndr_err;
+ TALLOC_CTX *mem_ctx;
+
+ mem_ctx = talloc_new(NULL);
+ NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
+
+ ndr_err = ndr_pull_struct_blob_all(b, mem_ctx, NULL, guid,
+ (ndr_pull_flags_fn_t)ndr_pull_GUID);
+ talloc_free(mem_ctx);
+ return ndr_map_error2ntstatus(ndr_err);
+}
+
+
+/**
build a GUID from a string
*/
_PUBLIC_ NTSTATUS GUID_from_data_blob(const DATA_BLOB *s, struct GUID *guid)
@@ -81,29 +100,16 @@
} else if (s->length == 32) {
size_t rlen = strhex_to_str((char *)blob16.data, blob16.length,
(const char *)s->data, s->length);
- if (rlen == blob16.length) {
- /* goto the ndr_pull_struct_blob() path */
- status = NT_STATUS_OK;
- s = &blob16;
+ if (rlen != blob16.length) {
+ return NT_STATUS_INVALID_PARAMETER;
}
+
+ s = &blob16;
+ return GUID_from_ndr_blob(s, guid);
}
if (s->length == 16) {
- enum ndr_err_code ndr_err;
- struct GUID guid2;
- TALLOC_CTX *mem_ctx;
-
- mem_ctx = talloc_new(NULL);
- NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
-
- ndr_err = ndr_pull_struct_blob(s, mem_ctx, NULL, &guid2,
- (ndr_pull_flags_fn_t)ndr_pull_GUID);
- talloc_free(mem_ctx);
- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- return ndr_map_error2ntstatus(ndr_err);
- }
- *guid = guid2;
- return NT_STATUS_OK;
+ return GUID_from_ndr_blob(s, guid);
}
if (!NT_STATUS_IS_OK(status)) {
Modified: trunk/samba/nsswitch/wb_common.c
===================================================================
--- trunk/samba/nsswitch/wb_common.c 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/nsswitch/wb_common.c 2010-10-10 07:35:30 UTC (rev 3614)
@@ -61,6 +61,9 @@
/* Close established socket */
+#if HAVE_FUNCTION_ATTRIBUTE_DESTRUCTOR
+__attribute__((destructor))
+#endif
void winbind_close_sock(void)
{
if (winbindd_fd != -1) {
Modified: trunk/samba/packaging/RHEL/makerpms.sh
===================================================================
--- trunk/samba/packaging/RHEL/makerpms.sh 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/packaging/RHEL/makerpms.sh 2010-10-10 07:35:30 UTC (rev 3614)
@@ -20,7 +20,7 @@
USERID=`id -u`
GRPID=`id -g`
-VERSION='3.5.5'
+VERSION='3.5.6'
REVISION=''
SPECFILE="samba.spec"
RPMVER=`rpm --version | awk '{print $3}'`
Modified: trunk/samba/packaging/RHEL/samba.spec
===================================================================
--- trunk/samba/packaging/RHEL/samba.spec 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/packaging/RHEL/samba.spec 2010-10-10 07:35:30 UTC (rev 3614)
@@ -5,7 +5,7 @@
Vendor: Samba Team
Packager: Samba Team <samba at samba.org>
Name: samba
-Version: 3.5.5
+Version: 3.5.6
Release: 1
Epoch: 0
License: GNU GPL version 3
Modified: trunk/samba/packaging/RHEL-CTDB/samba.spec
===================================================================
--- trunk/samba/packaging/RHEL-CTDB/samba.spec 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/packaging/RHEL-CTDB/samba.spec 2010-10-10 07:35:30 UTC (rev 3614)
@@ -5,7 +5,7 @@
Vendor: Samba Team
Packager: Samba Team <samba at samba.org>
Name: samba
-Version: 3.5.5
+Version: 3.5.6
Release: 1GITHASH
Epoch: 0
License: GNU GPL version 3
Modified: trunk/samba/pidl/lib/Parse/Pidl/Samba3/ClientNDR.pm
===================================================================
--- trunk/samba/pidl/lib/Parse/Pidl/Samba3/ClientNDR.pm 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/pidl/lib/Parse/Pidl/Samba3/ClientNDR.pm 2010-10-10 07:35:30 UTC (rev 3614)
@@ -15,7 +15,7 @@
use Parse::Pidl qw(fatal warning error);
use Parse::Pidl::Util qw(has_property ParseExpr);
use Parse::Pidl::Samba4 qw(DeclLong);
-use Parse::Pidl::Samba4::Header qw(GenerateFunctionInEnv);
+use Parse::Pidl::Samba4::Header qw(GenerateFunctionInEnv GenerateFunctionOutEnv);
use vars qw($VERSION);
$VERSION = '0.01';
@@ -71,12 +71,27 @@
}
}
-sub ParseOutputArgument($$$;$$)
+sub ParseInvalidResponse($$)
{
- my ($self, $fn, $e, $r, $o) = @_;
+ my ($self, $type) = @_;
+
+ if ($type eq "sync") {
+ $self->pidl("return NT_STATUS_INVALID_NETWORK_RESPONSE;");
+ } elsif ($type eq "async") {
+ $self->pidl("tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);");
+ $self->pidl("return;");
+ } else {
+ die("ParseInvalidResponse($type)");
+ }
+}
+
+sub ParseOutputArgument($$$;$$$)
+{
+ my ($self, $fn, $e, $r, $o, $invalid_response_type) = @_;
my $level = 0;
$r = "r." unless defined($r);
$o = "" unless defined($o);
+ $invalid_response_type = "sync" unless defined($invalid_response_type);
if ($e->{LEVELS}[0]->{TYPE} ne "POINTER" and $e->{LEVELS}[0]->{TYPE} ne "ARRAY") {
$self->pidl("return NT_STATUS_NOT_SUPPORTED;");
@@ -97,17 +112,37 @@
# Since the data is being copied into a user-provided data
# structure, the user should be able to know the size beforehand
# to allocate a structure of the right size.
- my $env = GenerateFunctionInEnv($fn, $r);
+ my $in_env = GenerateFunctionInEnv($fn, $r);
+ my $out_env = GenerateFunctionOutEnv($fn, $r);
my $l = $e->{LEVELS}[$level];
unless (defined($l->{SIZE_IS})) {
+ $self->pidl('#error No size known for [out] array `$e->{NAME}');
error($e->{ORIGINAL}, "no size known for [out] array `$e->{NAME}'");
- $self->pidl('#error No size known for [out] array `$e->{NAME}');
} else {
- my $size_is = ParseExpr($l->{SIZE_IS}, $env, $e->{ORIGINAL});
+ my $in_size_is = ParseExpr($l->{SIZE_IS}, $in_env, $e->{ORIGINAL});
+ my $out_size_is = ParseExpr($l->{SIZE_IS}, $out_env, $e->{ORIGINAL});
+ my $out_length_is = $out_size_is;
+ if (defined($l->{LENGTH_IS})) {
+ $out_length_is = ParseExpr($l->{LENGTH_IS}, $out_env, $e->{ORIGINAL});
+ }
+ if ($out_size_is ne $in_size_is) {
+ $self->pidl("if (($out_size_is) > ($in_size_is)) {");
+ $self->indent;
+ $self->ParseInvalidResponse($invalid_response_type);
+ $self->deindent;
+ $self->pidl("}");
+ }
+ if ($out_length_is ne $out_size_is) {
+ $self->pidl("if (($out_length_is) > ($out_size_is)) {");
+ $self->indent;
+ $self->ParseInvalidResponse($invalid_response_type);
+ $self->deindent;
+ $self->pidl("}");
+ }
if (has_property($e, "charset")) {
- $self->pidl("memcpy(discard_const_p(uint8_t *, $o$e->{NAME}), ${r}out.$e->{NAME}, ($size_is) * sizeof(*$o$e->{NAME}));");
+ $self->pidl("memcpy(discard_const_p(uint8_t *, $o$e->{NAME}), ${r}out.$e->{NAME}, ($out_length_is) * sizeof(*$o$e->{NAME}));");
} else {
- $self->pidl("memcpy($o$e->{NAME}, ${r}out.$e->{NAME}, ($size_is) * sizeof(*$o$e->{NAME}));");
+ $self->pidl("memcpy($o$e->{NAME}, ${r}out.$e->{NAME}, ($out_length_is) * sizeof(*$o$e->{NAME}));");
}
}
} else {
@@ -281,7 +316,10 @@
foreach my $e (@{$fn->{ELEMENTS}}) {
next unless (grep(/out/, @{$e->{DIRECTION}}));
- $self->ParseOutputArgument($fn, $e, "state->tmp.", "state->orig.out.");
+ $self->ParseOutputArgument($fn, $e,
+ "state->tmp.",
+ "state->orig.out.",
+ "async");
}
$self->pidl("");
Modified: trunk/samba/source3/Makefile.in
===================================================================
--- trunk/samba/source3/Makefile.in 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/source3/Makefile.in 2010-10-10 07:35:30 UTC (rev 3614)
@@ -2617,6 +2617,10 @@
@echo "Building plugin $@"
@$(SHLD_MODULE) winbindd/idmap_rid.o
+bin/passdb. at SHLIBEXT@: $(BINARY_PREREQS) winbindd/idmap_passdb.o
+ @echo "Building plugin $@"
+ @$(SHLD_MODULE) winbindd/idmap_passdb.o
+
bin/ad. at SHLIBEXT@: $(BINARY_PREREQS) winbindd/idmap_ad.o
@echo "Building plugin $@"
@$(SHLD_MODULE) winbindd/idmap_ad.o
Modified: trunk/samba/source3/VERSION
===================================================================
--- trunk/samba/source3/VERSION 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/source3/VERSION 2010-10-10 07:35:30 UTC (rev 3614)
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=3
SAMBA_VERSION_MINOR=5
-SAMBA_VERSION_RELEASE=5
+SAMBA_VERSION_RELEASE=6
########################################################
# Bug fix releases use a letter for the patch revision #
Modified: trunk/samba/source3/configure
===================================================================
--- trunk/samba/source3/configure 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/source3/configure 2010-10-10 07:35:30 UTC (rev 3614)
@@ -37022,12 +37022,8 @@
if test "x$CUPS_CONFIG" != x; then
- ac_save_CFLAGS=$CFLAGS
ac_save_LDFLAGS=$LDFLAGS
ac_save_PRINT_LIBS=$PRINT_LIBS
- CFLAGS="$CFLAGS `$CUPS_CONFIG --cflags`"
- LDFLAGS="$LDFLAGS `$CUPS_CONFIG --ldflags`"
- PRINT_LIBS="$PRINT_LIBS -lcups"
for ac_header in cups/cups.h cups/language.h
@@ -37180,9 +37176,108 @@
done
+
if test x"$ac_cv_header_cups_cups_h" = xyes -a \
x"$ac_cv_header_cups_language_h" = xyes; then
+ # try linking with -lcups alone first. That should work unless libcups is
+ # underlinked. With cups-config --libs we pull in unwanted and unneeded
+ # dendencies including thread libraries - use cups-config only if really
+ # required.
+
+
+ac_check_lib_ext_save_LIBS=$LIBS
+LIBS="-lcups $ac_save_PRINT_LIBS $LIBS"
+
+
+
+
+ { $as_echo "$as_me:$LINENO: checking for httpConnect in -lcups" >&5
+$as_echo_n "checking for httpConnect in -lcups... " >&6; }
+if test "${ac_cv_lib_ext_cups_httpConnect+set}" = set; then
+ $as_echo_n "(cached) " >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char httpConnect ();
+int
+main ()
+{
+return httpConnect ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext && {
+ test "$cross_compiling" = yes ||
+ $as_test_x conftest$ac_exeext
+ }; then
+ ac_cv_lib_ext_cups_httpConnect=yes;
+ ac_cv_lib_ext_cups=yes
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_lib_ext_cups_httpConnect=no;
+ ac_cv_lib_ext_cups=no
+fi
+
+rm -rf conftest.dSYM
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_lib_ext_cups_httpConnect" >&5
+$as_echo "$ac_cv_lib_ext_cups_httpConnect" >&6; }
+ if test $ac_cv_lib_ext_cups_httpConnect = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_HTTPCONNECT 1
+_ACEOF
+
+fi
+
+LIBS=$ac_check_lib_ext_save_LIBS
+
+if test $ac_cv_lib_ext_cups = yes; then
+ PRINT_LIBS"$ac_save_PRINT_LIBS -lcups"
+
+
+else
+ { $as_echo "$as_me:$LINENO: WARNING: your cups library doesn't link with -lcups alone, it might be underlinked." >&5
+$as_echo "$as_me: WARNING: your cups library doesn't link with -lcups alone, it might be underlinked." >&2;} ;
+ PRINT_LIBS="$ac_save_PRINT_LIBS `$CUPS_CONFIG --libs`"
+fi
+
+
+
cat >>confdefs.h <<\_ACEOF
#define HAVE_CUPS 1
_ACEOF
Modified: trunk/samba/source3/configure.in
===================================================================
--- trunk/samba/source3/configure.in 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/source3/configure.in 2010-10-10 07:35:30 UTC (rev 3614)
@@ -756,15 +756,21 @@
if test "x$CUPS_CONFIG" != x; then
- ac_save_CFLAGS=$CFLAGS
ac_save_LDFLAGS=$LDFLAGS
ac_save_PRINT_LIBS=$PRINT_LIBS
- CFLAGS="$CFLAGS `$CUPS_CONFIG --cflags`"
- LDFLAGS="$LDFLAGS `$CUPS_CONFIG --ldflags`"
- PRINT_LIBS="$PRINT_LIBS -lcups"
AC_CHECK_HEADERS(cups/cups.h cups/language.h)
+
if test x"$ac_cv_header_cups_cups_h" = xyes -a \
x"$ac_cv_header_cups_language_h" = xyes; then
+ # try linking with -lcups alone first. That should work unless libcups is
+ # underlinked. With cups-config --libs we pull in unwanted and unneeded
+ # dendencies including thread libraries - use cups-config only if really
+ # required.
+ AC_CHECK_LIB_EXT(cups, ac_save_PRINT_LIBS , httpConnect,
+ [PRINT_LIBS"$ac_save_PRINT_LIBS -lcups"],
+ [AC_MSG_WARN([your cups library doesn't link with -lcups alone, it might be underlinked.]) ;
+ PRINT_LIBS="$ac_save_PRINT_LIBS `$CUPS_CONFIG --libs`"])
+
AC_DEFINE(HAVE_CUPS,1,[Whether we have CUPS])
samba_cv_HAVE_CUPS=yes
AC_CHECK_LIB_EXT(cups, PRINT_LIBS, httpConnectEncrypt)
Modified: trunk/samba/source3/include/config.h.in
===================================================================
--- trunk/samba/source3/include/config.h.in 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/source3/include/config.h.in 2010-10-10 07:35:30 UTC (rev 3614)
@@ -914,6 +914,9 @@
/* Define to 1 if you have the `hstrerror' function. */
#undef HAVE_HSTRERROR
+/* Define to 1 if you have the `httpConnect' function. */
+#undef HAVE_HTTPCONNECT
+
/* Define to 1 if you have the `httpConnectEncrypt' function. */
#undef HAVE_HTTPCONNECTENCRYPT
Modified: trunk/samba/source3/include/proto.h
===================================================================
--- trunk/samba/source3/include/proto.h 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/source3/include/proto.h 2010-10-10 07:35:30 UTC (rev 3614)
@@ -3191,8 +3191,8 @@
int matching_len_bits(unsigned char *p1, unsigned char *p2, size_t len);
void sort_query_replies(char *data, int n, struct in_addr ip);
char *name_mangle(TALLOC_CTX *mem_ctx, char *In, char name_type);
-int name_extract(char *buf,int ofs, fstring name);
-int name_len(char *s1);
+int name_extract(unsigned char *buf,size_t buf_len, unsigned int ofs, fstring name);
+int name_len(unsigned char *s1, size_t buf_len);
/* The following definitions come from libsmb/nterr.c */
@@ -5595,6 +5595,8 @@
WERROR push_spoolss_PrinterData(TALLOC_CTX *mem_ctx, DATA_BLOB *blob,
enum winreg_Type type,
union spoolss_PrinterData *data);
+void spoolss_printerinfo2_to_setprinterinfo2(const struct spoolss_PrinterInfo2 *i,
+ struct spoolss_SetPrinterInfo2 *s);
/* The following definitions come from rpc_client/init_lsa.c */
@@ -6583,7 +6585,8 @@
/* The following definitions come from smbd/open.c */
-NTSTATUS smb1_file_se_access_check(const struct security_descriptor *sd,
+NTSTATUS smb1_file_se_access_check(connection_struct *conn,
+ const struct security_descriptor *sd,
const NT_USER_TOKEN *token,
uint32_t access_desired,
uint32_t *access_granted);
@@ -6856,7 +6859,7 @@
files_struct *fsp);
bool fsp_belongs_conn(connection_struct *conn, struct smb_request *req,
files_struct *fsp);
-void reply_special(char *inbuf);
+void reply_special(char *inbuf, size_t inbuf_len);
void reply_tcon(struct smb_request *req);
void reply_tcon_and_X(struct smb_request *req);
void reply_unknown_new(struct smb_request *req, uint8 type);
Modified: trunk/samba/source3/include/version.h
===================================================================
--- trunk/samba/source3/include/version.h 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/source3/include/version.h 2010-10-10 07:35:30 UTC (rev 3614)
@@ -1,8 +1,8 @@
/* Autogenerated by script/mkversion.sh */
#define SAMBA_VERSION_MAJOR 3
#define SAMBA_VERSION_MINOR 5
-#define SAMBA_VERSION_RELEASE 5
-#define SAMBA_VERSION_OFFICIAL_STRING "3.5.5"
+#define SAMBA_VERSION_RELEASE 6
+#define SAMBA_VERSION_OFFICIAL_STRING "3.5.6"
#ifdef SAMBA_VERSION_VENDOR_FUNCTION
# define SAMBA_VERSION_STRING SAMBA_VERSION_VENDOR_FUNCTION
#else /* SAMBA_VERSION_VENDOR_FUNCTION */
Modified: trunk/samba/source3/lib/netapi/cm.c
===================================================================
--- trunk/samba/source3/lib/netapi/cm.c 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/source3/lib/netapi/cm.c 2010-10-10 07:35:30 UTC (rev 3614)
@@ -25,18 +25,58 @@
/********************************************************************
********************************************************************/
+struct client_ipc_connection {
+ struct client_ipc_connection *prev, *next;
+ struct cli_state *cli;
+ struct client_pipe_connection *pipe_connections;
+};
+
+struct client_pipe_connection {
+ struct client_pipe_connection *prev, *next;
+ struct rpc_pipe_client *pipe;
+};
+
+/********************************************************************
+********************************************************************/
+
+static struct client_ipc_connection *ipc_cm_find(
+ struct libnetapi_private_ctx *priv_ctx, const char *server_name)
+{
+ struct client_ipc_connection *p;
+
+ for (p = priv_ctx->ipc_connections; p; p = p->next) {
+ if (strequal(p->cli->desthost, server_name)) {
+ return p;
+ }
+ }
+
+ return NULL;
+}
+
+/********************************************************************
+********************************************************************/
+
static WERROR libnetapi_open_ipc_connection(struct libnetapi_ctx *ctx,
const char *server_name,
- struct cli_state **cli)
+ struct client_ipc_connection **pp)
{
+ struct libnetapi_private_ctx *priv_ctx =
+ (struct libnetapi_private_ctx *)ctx->private_data;
struct user_auth_info *auth_info = NULL;
struct cli_state *cli_ipc = NULL;
+ struct client_ipc_connection *p;
- if (!ctx || !cli || !server_name) {
+ if (!ctx || !pp || !server_name) {
return WERR_INVALID_PARAM;
}
- auth_info = user_auth_info_init(NULL);
+ p = ipc_cm_find(priv_ctx, server_name);
+ if (p) {
+ *pp = p;
+ return WERR_OK;
+ }
+
+ auth_info = user_auth_info_init(ctx);
if (!auth_info) {
return WERR_NOMEM;
}
@@ -78,30 +118,29 @@
return WERR_CAN_NOT_COMPLETE;
}
- *cli = cli_ipc;
+ p = TALLOC_ZERO_P(ctx, struct client_ipc_connection);
+ if (p == NULL) {
+ return WERR_NOMEM;
+ }
+ p->cli = cli_ipc;
+ DLIST_ADD(priv_ctx->ipc_connections, p);
+
+ *pp = p;
+
return WERR_OK;
}
/********************************************************************
********************************************************************/
-struct client_pipe_connection {
- struct client_pipe_connection *prev, *next;
- struct rpc_pipe_client *pipe;
- struct cli_state *cli;
-};
-
-static struct client_pipe_connection *pipe_connections;
-
-/********************************************************************
-********************************************************************/
-
WERROR libnetapi_shutdown_cm(struct libnetapi_ctx *ctx)
{
- struct client_pipe_connection *p;
+ struct libnetapi_private_ctx *priv_ctx =
+ (struct libnetapi_private_ctx *)ctx->private_data;
+ struct client_ipc_connection *p;
- for (p = pipe_connections; p; p = p->next) {
+ for (p = priv_ctx->ipc_connections; p; p = p->next) {
cli_shutdown(p->cli);
}
@@ -111,19 +150,19 @@
/********************************************************************
********************************************************************/
-static NTSTATUS pipe_cm_find(struct cli_state *cli,
+static NTSTATUS pipe_cm_find(struct client_ipc_connection *ipc,
const struct ndr_syntax_id *interface,
struct rpc_pipe_client **presult)
{
struct client_pipe_connection *p;
- for (p = pipe_connections; p; p = p->next) {
+ for (p = ipc->pipe_connections; p; p = p->next) {
if (!rpc_pipe_np_smb_conn(p->pipe)) {
return NT_STATUS_PIPE_EMPTY;
}
- if (strequal(cli->desthost, p->pipe->desthost)
+ if (strequal(ipc->cli->desthost, p->pipe->desthost)
&& ndr_syntax_id_equal(&p->pipe->abstract_syntax,
interface)) {
*presult = p->pipe;
@@ -138,7 +177,7 @@
********************************************************************/
static NTSTATUS pipe_cm_connect(TALLOC_CTX *mem_ctx,
- struct cli_state *cli,
+ struct client_ipc_connection *ipc,
const struct ndr_syntax_id *interface,
struct rpc_pipe_client **presult)
{
@@ -150,14 +189,13 @@
return NT_STATUS_NO_MEMORY;
}
- status = cli_rpc_pipe_open_noauth(cli, interface, &p->pipe);
+ status = cli_rpc_pipe_open_noauth(ipc->cli, interface, &p->pipe);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(p);
return status;
}
- p->cli = cli;
- DLIST_ADD(pipe_connections, p);
+ DLIST_ADD(ipc->pipe_connections, p);
*presult = p->pipe;
return NT_STATUS_OK;
@@ -167,15 +205,15 @@
********************************************************************/
static NTSTATUS pipe_cm_open(TALLOC_CTX *ctx,
- struct cli_state *cli,
+ struct client_ipc_connection *ipc,
const struct ndr_syntax_id *interface,
struct rpc_pipe_client **presult)
{
- if (NT_STATUS_IS_OK(pipe_cm_find(cli, interface, presult))) {
+ if (NT_STATUS_IS_OK(pipe_cm_find(ipc, interface, presult))) {
return NT_STATUS_OK;
}
- return pipe_cm_connect(ctx, cli, interface, presult);
+ return pipe_cm_connect(ctx, ipc, interface, presult);
}
/********************************************************************
@@ -189,18 +227,18 @@
struct rpc_pipe_client *result = NULL;
NTSTATUS status;
WERROR werr;
- struct cli_state *cli = NULL;
+ struct client_ipc_connection *ipc = NULL;
if (!presult) {
return WERR_INVALID_PARAM;
}
- werr = libnetapi_open_ipc_connection(ctx, server_name, &cli);
+ werr = libnetapi_open_ipc_connection(ctx, server_name, &ipc);
if (!W_ERROR_IS_OK(werr)) {
return werr;
}
- status = pipe_cm_open(ctx, cli, interface, &result);
+ status = pipe_cm_open(ctx, ipc, interface, &result);
if (!NT_STATUS_IS_OK(status)) {
libnetapi_set_error_string(ctx, "failed to open PIPE %s: %s",
get_pipe_name_from_syntax(talloc_tos(), interface),
Modified: trunk/samba/source3/lib/netapi/netapi_private.h
===================================================================
--- trunk/samba/source3/lib/netapi/netapi_private.h 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/source3/lib/netapi/netapi_private.h 2010-10-10 07:35:30 UTC (rev 3614)
@@ -43,6 +43,7 @@
struct policy_handle builtin_handle;
} samr;
+ struct client_ipc_connection *ipc_connections;
};
NET_API_STATUS libnetapi_get_password(struct libnetapi_ctx *ctx, char **password);
Modified: trunk/samba/source3/lib/system.c
===================================================================
--- trunk/samba/source3/lib/system.c 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/source3/lib/system.c 2010-10-10 07:35:30 UTC (rev 3614)
@@ -534,8 +534,17 @@
dst->st_ex_mtime = get_mtimespec(src);
dst->st_ex_ctime = get_ctimespec(src);
make_create_timespec(src, dst, fake_dir_create_times);
+#ifdef HAVE_STAT_ST_BLKSIZE
dst->st_ex_blksize = src->st_blksize;
+#else
+ dst->st_ex_blksize = STAT_ST_BLOCKSIZE;
+#endif
+
+#ifdef HAVE_STAT_ST_BLOCKS
dst->st_ex_blocks = src->st_blocks;
+#else
+ dst->st_ex_blocks = src->st_size / dst->st_ex_blksize + 1;
+#endif
#ifdef HAVE_STAT_ST_FLAGS
dst->st_ex_flags = src->st_flags;
Modified: trunk/samba/source3/lib/tdb_validate.c
===================================================================
--- trunk/samba/source3/lib/tdb_validate.c 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/source3/lib/tdb_validate.c 2010-10-10 07:35:30 UTC (rev 3614)
@@ -192,7 +192,7 @@
DEBUG(5, ("tdb_validate_open called for tdb '%s'\n", tdb_path));
- tdb = tdb_open_log(tdb_path, 0, TDB_DEFAULT, O_RDONLY, 0);
+ tdb = tdb_open_log(tdb_path, 0, TDB_DEFAULT, O_RDWR, 0);
if (!tdb) {
DEBUG(1, ("Error opening tdb %s\n", tdb_path));
return ret;
Modified: trunk/samba/source3/libads/sasl.c
===================================================================
--- trunk/samba/source3/libads/sasl.c 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/source3/libads/sasl.c 2010-10-10 07:35:30 UTC (rev 3614)
@@ -769,7 +769,8 @@
/* the server sent us the first part of the SPNEGO exchange in the negprot
reply */
- if (!spnego_parse_negTokenInit(blob, OIDs, &given_principal)) {
+ if (!spnego_parse_negTokenInit(blob, OIDs, &given_principal) ||
+ OIDs[0] == NULL) {
data_blob_free(&blob);
status = ADS_ERROR(LDAP_OPERATIONS_ERROR);
goto failed;
Modified: trunk/samba/source3/libsmb/cliconnect.c
===================================================================
--- trunk/samba/source3/libsmb/cliconnect.c 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/source3/libsmb/cliconnect.c 2010-10-10 07:35:30 UTC (rev 3614)
@@ -1007,7 +1007,8 @@
* negprot reply. It is WRONG to depend on the principal sent in the
* negprot reply, but right now we do it. If we don't receive one,
* we try to best guess, then fall back to NTLM. */
- if (!spnego_parse_negTokenInit(blob, OIDs, &principal)) {
+ if (!spnego_parse_negTokenInit(blob, OIDs, &principal) ||
+ OIDs[0] == NULL) {
data_blob_free(&blob);
return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
}
@@ -1872,6 +1873,7 @@
{
char *p;
int len = 4;
+ int namelen = 0;
char *tmp;
/* 445 doesn't have session request */
@@ -1890,8 +1892,11 @@
}
p = cli->outbuf+len;
- memcpy(p, tmp, name_len(tmp));
- len += name_len(tmp);
+ namelen = name_len((unsigned char *)tmp, talloc_get_size(tmp));
+ if (namelen > 0) {
+ memcpy(p, tmp, namelen);
+ len += namelen;
+ }
TALLOC_FREE(tmp);
/* and my name */
@@ -1903,8 +1908,11 @@
}
p = cli->outbuf+len;
- memcpy(p, tmp, name_len(tmp));
- len += name_len(tmp);
+ namelen = name_len((unsigned char *)tmp, talloc_get_size(tmp));
+ if (namelen > 0) {
+ memcpy(p, tmp, namelen);
+ len += namelen;
+ }
TALLOC_FREE(tmp);
/* send a session request (RFC 1002) */
Modified: trunk/samba/source3/libsmb/clikrb5.c
===================================================================
--- trunk/samba/source3/libsmb/clikrb5.c 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/source3/libsmb/clikrb5.c 2010-10-10 07:35:30 UTC (rev 3614)
@@ -28,14 +28,16 @@
#define GSSAPI_CHECKSUM 0x8003 /* Checksum type value for Kerberos */
#define GSSAPI_BNDLENGTH 16 /* Bind Length (rfc-1964 pg.3) */
-#define GSSAPI_CHECKSUM_SIZE (12+GSSAPI_BNDLENGTH)
+#define GSSAPI_CHECKSUM_SIZE (4+GSSAPI_BNDLENGTH+4) /* Length of bind length,
+ bind field, flags field. */
-#if defined(TKT_FLG_OK_AS_DELEGATE ) && defined(HAVE_KRB5_FWD_TGT_CREDS) && defined(HAVE_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE) && defined(KRB5_AUTH_CONTEXT_USE_SUBKEY)
-static krb5_error_code ads_krb5_get_fwd_ticket( krb5_context context,
- krb5_auth_context *auth_context,
- krb5_creds *credsp,
- krb5_ccache ccache,
- krb5_data *authenticator);
+/* MIT krb5 1.7beta3 (in Ubuntu Karmic) is missing the prototype,
+ but still has the symbol */
+#if !HAVE_DECL_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE
+krb5_error_code krb5_auth_con_set_req_cksumtype(
+ krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_cksumtype cksumtype);
#endif
/**************************************************************
@@ -645,6 +647,92 @@
return True;
}
+/* Allocate and setup the auth context into the state we need. */
+
+static krb5_error_code setup_auth_context(krb5_context context,
+ krb5_auth_context *auth_context)
+{
+ krb5_error_code retval;
+
+ retval = krb5_auth_con_init(context, auth_context );
+ if (retval) {
+ DEBUG(1,("krb5_auth_con_init failed (%s)\n",
+ error_message(retval)));
+ return retval;
+ }
+
+ /* Ensure this is an addressless ticket. */
+ retval = krb5_auth_con_setaddrs(context, *auth_context, NULL, NULL);
+ if (retval) {
+ DEBUG(1,("krb5_auth_con_setaddrs failed (%s)\n",
+ error_message(retval)));
+ }
+
+ return retval;
+}
+
+static krb5_error_code create_gss_checksum(krb5_data *in_data, /* [inout] */
+ uint32_t gss_flags)
+{
+ unsigned int orig_length = in_data->length;
+ unsigned int base_cksum_size = GSSAPI_CHECKSUM_SIZE;
+ char *gss_cksum = NULL;
+
+ if (orig_length) {
+ /* Extra length field for delgated ticket. */
+ base_cksum_size += 4;
+ }
+
+ if ((unsigned int)base_cksum_size + orig_length <
+ (unsigned int)base_cksum_size) {
+ return EINVAL;
+ }
+
+ gss_cksum = (char *)SMB_MALLOC(base_cksum_size + orig_length);
+ if (gss_cksum == NULL) {
+ return ENOMEM;
+ }
+
+ memset(gss_cksum, '\0', base_cksum_size + orig_length);
+ SIVAL(gss_cksum, 0, GSSAPI_BNDLENGTH);
+
+ /* Precalculated MD5sum of NULL channel bindings (20 bytes) */
+ /* Channel bindings are: (all ints encoded as little endian)
+
+ [4 bytes] initiator_addrtype (255 for null bindings)
+ [4 bytes] initiator_address length
+ [n bytes] .. initiator_address data - not present
+ in null bindings.
+ [4 bytes] acceptor_addrtype (255 for null bindings)
+ [4 bytes] acceptor_address length
+ [n bytes] .. acceptor_address data - not present
+ in null bindings.
+ [4 bytes] application_data length
+ [n bytes] .. application_ data - not present
+ in null bindings.
+ MD5 of this is ""\x14\x8f\x0c\xf7\xb1u\xdey*J\x9a%\xdfV\xc5\x18"
+ */
+
+ memcpy(&gss_cksum[4],
+ "\x14\x8f\x0c\xf7\xb1u\xdey*J\x9a%\xdfV\xc5\x18",
+ GSSAPI_BNDLENGTH);
+
+ SIVAL(gss_cksum, 20, gss_flags);
+
+ if (orig_length) {
+ SSVAL(gss_cksum, 24, 1); /* The Delegation Option identifier */
+ SSVAL(gss_cksum, 26, orig_length);
+ /* Copy the kerberos KRB_CRED data */
+ memcpy(gss_cksum + 28, in_data->data, orig_length);
+ free(in_data->data);
+ in_data->data = NULL;
+ in_data->length = 0;
+ }
+ in_data->data = gss_cksum;
+ in_data->length = base_cksum_size + orig_length;
+ return 0;
+}
+
/*
we can't use krb5_mk_req because w2k wants the service to be in a particular format
*/
@@ -665,7 +753,8 @@
krb5_data in_data;
bool creds_ready = False;
int i = 0, maxtries = 3;
-
+ uint32_t gss_flags = 0;
+
ZERO_STRUCT(in_data);
retval = smb_krb5_parse_name(context, principal, &server);
@@ -735,45 +824,51 @@
*expire_time = (time_t)credsp->times.endtime;
}
-#if defined(TKT_FLG_OK_AS_DELEGATE ) && defined(HAVE_KRB5_FWD_TGT_CREDS) && defined(HAVE_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE) && defined(KRB5_AUTH_CONTEXT_USE_SUBKEY)
+ /* Allocate the auth_context. */
+ retval = setup_auth_context(context, auth_context);
+ if (retval) {
+ DEBUG(1,("setup_auth_context failed (%s)\n",
+ error_message(retval)));
+ goto cleanup_creds;
+ }
+
+#if defined(TKT_FLG_OK_AS_DELEGATE ) && defined(HAVE_KRB5_FWD_TGT_CREDS) && defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY) && defined(KRB5_AUTH_CONTEXT_USE_SUBKEY)
if( credsp->ticket_flags & TKT_FLG_OK_AS_DELEGATE ) {
/* Fetch a forwarded TGT from the KDC so that we can hand off a 2nd ticket
as part of the kerberos exchange. */
DEBUG( 3, ("ads_krb5_mk_req: server marked as OK to delegate to, building forwardable TGT\n") );
- if( *auth_context == NULL ) {
- /* Allocate if it has not yet been allocated. */
- retval = krb5_auth_con_init( context, auth_context );
- if (retval) {
- DEBUG(1,("ads_krb5_mk_req: krb5_auth_con_init failed (%s)\n",
- error_message(retval)));
- goto cleanup_creds;
- }
- }
-
- retval = krb5_auth_con_setuseruserkey( context, *auth_context, &credsp->keyblock );
+ retval = krb5_auth_con_setuseruserkey(context,
+ *auth_context,
+ &credsp->keyblock );
if (retval) {
- DEBUG(1,("ads_krb5_mk_req: krb5_auth_con_setuseruserkey failed (%s)\n",
+ DEBUG(1,("krb5_auth_con_setuseruserkey failed (%s)\n",
error_message(retval)));
goto cleanup_creds;
}
/* Must use a subkey for forwarded tickets. */
- retval = krb5_auth_con_setflags( context, *auth_context, KRB5_AUTH_CONTEXT_USE_SUBKEY);
+ retval = krb5_auth_con_setflags(context,
+ *auth_context,
+ KRB5_AUTH_CONTEXT_USE_SUBKEY);
if (retval) {
- DEBUG(1,("ads_krb5_mk_req: krb5_auth_con_setflags failed (%s)\n",
+ DEBUG(1,("krb5_auth_con_setflags failed (%s)\n",
error_message(retval)));
goto cleanup_creds;
}
- retval = ads_krb5_get_fwd_ticket( context,
- auth_context,
- credsp,
- ccache,
- &in_data );
+ retval = krb5_fwd_tgt_creds(context,/* Krb5 context [in] */
+ *auth_context, /* Authentication context [in] */
+ CONST_DISCARD(char *, KRB5_TGS_NAME), /* Ticket service name ("krbtgt") [in] */
+ credsp->client, /* Client principal for the tgt [in] */
+ credsp->server, /* Server principal for the tgt [in] */
+ ccache, /* Credential cache to use for storage [in] */
+ 1, /* Turn on for "Forwardable ticket" [in] */
+ &in_data ); /* Resulting response [out] */
+
if (retval) {
- DEBUG( 3, ("ads_krb5_get_fwd_ticket failed (%s)\n",
+ DEBUG( 3, ("krb5_fwd_tgt_creds failed (%s)\n",
error_message( retval ) ) );
/*
@@ -788,10 +883,35 @@
}
krb5_auth_con_free(context, *auth_context);
*auth_context = NULL;
+ retval = setup_auth_context(context, auth_context);
+ if (retval) {
+ DEBUG(1,("setup_auth_context failed (%s)\n",
+ error_message(retval)));
+ goto cleanup_creds;
+ }
+ } else {
+ /* We got a delegated ticket. */
+ gss_flags |= GSS_C_DELEG_FLAG;
}
}
#endif
+ /* Frees and reallocates in_data into a GSS checksum blob. */
+ retval = create_gss_checksum(&in_data, gss_flags);
+ if (retval) {
+ goto cleanup_data;
+ }
+
+#if defined(HAVE_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE)
+ /* We always want GSS-checksum types. */
+ retval = krb5_auth_con_set_req_cksumtype(context, *auth_context, GSSAPI_CHECKSUM );
+ if (retval) {
+ DEBUG(1,("krb5_auth_con_set_req_cksumtype failed (%s)\n",
+ error_message(retval)));
+ goto cleanup_data;
+ }
+#endif
+
retval = krb5_mk_req_extended(context, auth_context, ap_req_options,
&in_data, credsp, outbuf);
if (retval) {
@@ -799,6 +919,7 @@
error_message(retval)));
}
+cleanup_data:
if (in_data.data) {
free( in_data.data );
in_data.length = 0;
@@ -1846,128 +1967,6 @@
return ret;
}
-#if defined(TKT_FLG_OK_AS_DELEGATE ) && defined(HAVE_KRB5_FWD_TGT_CREDS) && defined(HAVE_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE) && defined(KRB5_AUTH_CONTEXT_USE_SUBKEY)
-/**************************************************************
-Routine: ads_krb5_get_fwd_ticket
- Description:
- When a service ticket is flagged as trusted
- for delegation we should provide a forwardable
- ticket so that the remote host can act on our
- behalf. This is done by taking the 2nd forwardable
- TGT and storing it in the GSS-API authenticator
- "checksum". This routine will populate
- the krb5_data authenticator with this TGT.
- Parameters:
- krb5_context context: The kerberos context for this authentication.
- krb5_auth_context: The authentication context.
- krb5_creds *credsp: The ticket credentials (AS-REP).
- krb5_ccache ccache: The credentials cache.
- krb5_data &authenticator: The checksum field that will store the TGT, and
- authenticator.data must be freed by the caller.
-
- Returns:
- krb5_error_code: 0 if no errors, otherwise set.
-**************************************************************/
-
-static krb5_error_code ads_krb5_get_fwd_ticket( krb5_context context,
- krb5_auth_context *auth_context,
- krb5_creds *credsp,
- krb5_ccache ccache,
- krb5_data *authenticator)
-{
- krb5_data fwdData;
- krb5_error_code retval = 0;
- char *pChksum = NULL;
- char *p = NULL;
-
-/* MIT krb5 1.7beta3 (in Ubuntu Karmic) is missing the prototype,
- but still has the symbol */
-#if !HAVE_DECL_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE
-krb5_error_code krb5_auth_con_set_req_cksumtype(
- krb5_context context,
- krb5_auth_context auth_context,
- krb5_cksumtype cksumtype);
-#endif
-
- ZERO_STRUCT(fwdData);
- ZERO_STRUCTP(authenticator);
-
- retval = krb5_fwd_tgt_creds(context,/* Krb5 context [in] */
- *auth_context, /* Authentication context [in] */
- CONST_DISCARD(char *, KRB5_TGS_NAME), /* Ticket service name ("krbtgt") [in] */
- credsp->client, /* Client principal for the tgt [in] */
- credsp->server, /* Server principal for the tgt [in] */
- ccache, /* Credential cache to use for storage [in] */
- 1, /* Turn on for "Forwardable ticket" [in] */
- &fwdData ); /* Resulting response [out] */
-
-
- if (retval) {
- DEBUG(1,("ads_krb5_get_fwd_ticket: krb5_fwd_tgt_creds failed (%s)\n",
- error_message(retval)));
- goto out;
- }
-
- if ((unsigned int)GSSAPI_CHECKSUM_SIZE + (unsigned int)fwdData.length <
- (unsigned int)GSSAPI_CHECKSUM_SIZE) {
- retval = EINVAL;
- goto out;
- }
-
- /* We're going to allocate a gssChecksum structure with a little
- extra data the length of the kerberos credentials length
- (APPLICATION 22) so that we can pack it on the end of the structure.
- */
-
- pChksum = (char *)SMB_MALLOC(GSSAPI_CHECKSUM_SIZE + fwdData.length );
- if (!pChksum) {
- retval = ENOMEM;
- goto out;
- }
-
- p = pChksum;
-
- SIVAL(p, 0, GSSAPI_BNDLENGTH);
- p += 4;
-
- /* Zero out the bindings fields */
- memset(p, '\0', GSSAPI_BNDLENGTH );
- p += GSSAPI_BNDLENGTH;
-
- SIVAL(p, 0, GSS_C_DELEG_FLAG );
- p += 4;
- SSVAL(p, 0, 1 );
- p += 2;
- SSVAL(p, 0, fwdData.length );
- p += 2;
-
- /* Migrate the kerberos KRB_CRED data to the checksum delegation */
- memcpy(p, fwdData.data, fwdData.length );
- p += fwdData.length;
-
- /* We need to do this in order to allow our GSS-API */
- retval = krb5_auth_con_set_req_cksumtype( context, *auth_context, GSSAPI_CHECKSUM );
- if (retval) {
- goto out;
- }
-
- /* We now have a service ticket, now turn it into an AP-REQ. */
- authenticator->length = fwdData.length + GSSAPI_CHECKSUM_SIZE;
-
- /* Caller should call free() when they're done with this. */
- authenticator->data = (char *)pChksum;
-
- out:
-
- /* Remove that input data, we never needed it anyway. */
- if (fwdData.length > 0) {
- krb5_free_data_contents( context, &fwdData );
- }
-
- return retval;
-}
-#endif
-
#if defined(HAVE_KRB5_GET_CREDS_OPT_SET_IMPERSONATE) && \
defined(HAVE_KRB5_GET_CREDS_OPT_ALLOC) && \
defined(HAVE_KRB5_GET_CREDS)
Modified: trunk/samba/source3/libsmb/climessage.c
===================================================================
--- trunk/samba/source3/libsmb/climessage.c 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/source3/libsmb/climessage.c 2010-10-10 07:35:30 UTC (rev 3614)
@@ -63,8 +63,10 @@
*p++ = 4;
memcpy(p, utmp, ulen);
+ p += ulen;
*p++ = 4;
memcpy(p, htmp, hlen);
+ p += hlen;
TALLOC_FREE(htmp);
TALLOC_FREE(utmp);
@@ -163,8 +165,8 @@
TALLOC_FREE(tmp);
return tevent_req_post(req, ev);
}
- SCVAL(bytes, 0, 0); /* pad */
- SSVAL(bytes, 1, msglen);
+ SCVAL(bytes, 0, 1); /* pad */
+ SSVAL(bytes+1, 0, msglen);
memcpy(bytes+3, msg, msglen);
TALLOC_FREE(tmp);
Modified: trunk/samba/source3/libsmb/clispnego.c
===================================================================
--- trunk/samba/source3/libsmb/clispnego.c 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/source3/libsmb/clispnego.c 2010-10-10 07:35:30 UTC (rev 3614)
@@ -4,7 +4,7 @@
Copyright (C) Andrew Tridgell 2001
Copyright (C) Jim McDonough <jmcd at us.ibm.com> 2002
Copyright (C) Luke Howard 2003
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
@@ -146,9 +146,16 @@
asn1_start_tag(data,ASN1_APPLICATION(0));
asn1_check_OID(data,OID_SPNEGO);
+
+ /* negTokenInit [0] NegTokenInit */
asn1_start_tag(data,ASN1_CONTEXT(0));
asn1_start_tag(data,ASN1_SEQUENCE(0));
+ /* mechTypes [0] MechTypeList OPTIONAL */
+
+ /* Not really optional, we depend on this to decide
+ * what mechanisms we have to work with. */
+
asn1_start_tag(data,ASN1_CONTEXT(0));
asn1_start_tag(data,ASN1_SEQUENCE(0));
for (i=0; asn1_tag_remaining(data) > 0 && i < ASN1_MAX_OIDS-1; i++) {
@@ -161,11 +168,45 @@
asn1_end_tag(data);
*principal = NULL;
- if (asn1_tag_remaining(data) > 0) {
+
+ /*
+ Win7 + Live Sign-in Assistant attaches a mechToken
+ ASN1_CONTEXT(2) to the negTokenInit packet
+ which breaks our negotiation if we just assume
+ the next tag is ASN1_CONTEXT(3).
+ */
+
+ if (asn1_peek_tag(data, ASN1_CONTEXT(1))) {
+ uint8 flags;
+
+ /* reqFlags [1] ContextFlags OPTIONAL */
+ asn1_start_tag(data, ASN1_CONTEXT(1));
+ asn1_start_tag(data, ASN1_BIT_STRING);
+ while (asn1_tag_remaining(data) > 0) {
+ asn1_read_uint8(data, &flags);
+ }
+ asn1_end_tag(data);
+ asn1_end_tag(data);
+ }
+
+ if (asn1_peek_tag(data, ASN1_CONTEXT(2))) {
+ /* mechToken [2] OCTET STRING OPTIONAL */
+ DATA_BLOB token;
+ asn1_start_tag(data, ASN1_CONTEXT(2));
+ asn1_read_OctetString(data, talloc_autofree_context(),
+ &token);
+ asn1_end_tag(data);
+ /* Throw away the token - not used. */
+ data_blob_free(&token);
+ }
+
+ if (asn1_peek_tag(data, ASN1_CONTEXT(3))) {
+ /* mechListMIC [3] OCTET STRING OPTIONAL */
asn1_start_tag(data, ASN1_CONTEXT(3));
asn1_start_tag(data, ASN1_SEQUENCE(0));
asn1_start_tag(data, ASN1_CONTEXT(0));
- asn1_read_GeneralString(data,talloc_autofree_context(),principal);
+ asn1_read_GeneralString(data,talloc_autofree_context(),
+ principal);
asn1_end_tag(data);
asn1_end_tag(data);
asn1_end_tag(data);
Modified: trunk/samba/source3/libsmb/nmblib.c
===================================================================
--- trunk/samba/source3/libsmb/nmblib.c 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/source3/libsmb/nmblib.c 2010-10-10 07:35:30 UTC (rev 3614)
@@ -1237,21 +1237,33 @@
/****************************************************************************
Interpret the weird netbios "name" into a unix fstring. Return the name type.
+ Returns -1 on error.
****************************************************************************/
-static int name_interpret(char *in, fstring name)
+static int name_interpret(unsigned char *buf, size_t buf_len,
+ unsigned char *in, fstring name)
{
+ unsigned char *end_ptr = buf + buf_len;
int ret;
- int len = (*in++) / 2;
+ unsigned int len;
fstring out_string;
- char *out = out_string;
+ unsigned char *out = (unsigned char *)out_string;
*out=0;
- if (len > 30 || len<1)
- return(0);
+ if (in >= end_ptr) {
+ return -1;
+ }
+ len = (*in++) / 2;
+ if (len<1) {
+ return -1;
+ }
+
while (len--) {
+ if (&in[1] >= end_ptr) {
+ return -1;
+ }
if (in[0] < 'A' || in[0] > 'P' || in[1] < 'A' || in[1] > 'P') {
*out = 0;
return(0);
@@ -1259,21 +1271,13 @@
*out = ((in[0]-'A')<<4) + (in[1]-'A');
in += 2;
out++;
+ if (PTR_DIFF(out,out_string) >= sizeof(fstring)) {
+ return -1;
+ }
}
ret = out[-1];
out[-1] = 0;
-#ifdef NETBIOS_SCOPE
- /* Handle any scope names */
- while(*in) {
- *out++ = '.'; /* Scope names are separated by periods */
- len = *(unsigned char *)in++;
- StrnCpy(out, in, len);
- out += len;
- *out=0;
- in += len;
- }
-#endif
pull_ascii_fstring(name, out_string);
return(ret);
@@ -1352,12 +1356,25 @@
Find a pointer to a netbios name.
****************************************************************************/
-static char *name_ptr(char *buf,int ofs)
+static unsigned char *name_ptr(unsigned char *buf, size_t buf_len, unsigned int ofs)
{
- unsigned char c = *(unsigned char *)(buf+ofs);
+ unsigned char c = 0;
+ if (ofs > buf_len || buf_len < 1) {
+ return NULL;
+ }
+
+ c = *(unsigned char *)(buf+ofs);
if ((c & 0xC0) == 0xC0) {
- uint16 l = RSVAL(buf, ofs) & 0x3FFF;
+ uint16 l = 0;
+
+ if (ofs > buf_len - 1) {
+ return NULL;
+ }
+ l = RSVAL(buf, ofs) & 0x3FFF;
+ if (l > buf_len) {
+ return NULL;
+ }
DEBUG(5,("name ptr to pos %d from %d is %s\n",l,ofs,buf+l));
return(buf + l);
} else {
@@ -1367,37 +1384,48 @@
/****************************************************************************
Extract a netbios name from a buf (into a unix string) return name type.
+ Returns -1 on error.
****************************************************************************/
-int name_extract(char *buf,int ofs, fstring name)
+int name_extract(unsigned char *buf, size_t buf_len, unsigned int ofs, fstring name)
{
- char *p = name_ptr(buf,ofs);
- int d = PTR_DIFF(p,buf+ofs);
+ unsigned char *p = name_ptr(buf,buf_len,ofs);
name[0] = '\0';
- if (d < -50 || d > 50)
- return(0);
- return(name_interpret(p,name));
+ if (p == NULL) {
+ return -1;
+ }
+ return(name_interpret(buf,buf_len,p,name));
}
/****************************************************************************
Return the total storage length of a mangled name.
+ Returns -1 on error.
****************************************************************************/
-int name_len(char *s1)
+int name_len(unsigned char *s1, size_t buf_len)
{
/* NOTE: this argument _must_ be unsigned */
unsigned char *s = (unsigned char *)s1;
- int len;
+ int len = 0;
+ if (buf_len < 1) {
+ return -1;
+ }
/* If the two high bits of the byte are set, return 2. */
- if (0xC0 == (*s & 0xC0))
+ if (0xC0 == (*s & 0xC0)) {
+ if (buf_len < 2) {
+ return -1;
+ }
return(2);
+ }
/* Add up the length bytes. */
for (len = 1; (*s); s += (*s) + 1) {
len += *s + 1;
- SMB_ASSERT(len < 80);
+ if (len > buf_len) {
+ return -1;
+ }
}
return(len);
Modified: trunk/samba/source3/modules/vfs_acl_common.c
===================================================================
--- trunk/samba/source3/modules/vfs_acl_common.c 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/source3/modules/vfs_acl_common.c 2010-10-10 07:35:30 UTC (rev 3614)
@@ -471,7 +471,8 @@
nt_errstr(status) ));
return status;
}
- status = smb1_file_se_access_check(parent_desc,
+ status = smb1_file_se_access_check(handle->conn,
+ parent_desc,
handle->conn->server_info->ptok,
access_mask,
&access_granted);
@@ -535,7 +536,8 @@
&pdesc);
if (NT_STATUS_IS_OK(status)) {
/* See if we can access it. */
- status = smb1_file_se_access_check(pdesc,
+ status = smb1_file_se_access_check(handle->conn,
+ pdesc,
handle->conn->server_info->ptok,
fsp->access_mask,
&access_granted);
Modified: trunk/samba/source3/printing/load.c
===================================================================
--- trunk/samba/source3/printing/load.c 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/source3/printing/load.c 2010-10-10 07:35:30 UTC (rev 3614)
@@ -31,6 +31,10 @@
char *saveptr;
if (pnum < 0)
+ if (process_registry_service(PRINTERS_NAME))
+ pnum = lp_servicenumber(PRINTERS_NAME);
+
+ if (pnum < 0)
return;
if ((str = SMB_STRDUP(lp_auto_services())) == NULL)
Modified: trunk/samba/source3/printing/nt_printing.c
===================================================================
--- trunk/samba/source3/printing/nt_printing.c 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/source3/printing/nt_printing.c 2010-10-10 07:35:30 UTC (rev 3614)
@@ -5727,7 +5727,9 @@
if (!NT_STATUS_IS_OK(status) &&
(token_contains_name_in_list(uidtoname(server_info->utok.uid),
- NULL, NULL, server_info->ptok,
+ pdb_get_domain(server_info->sam_account),
+ NULL,
+ server_info->ptok,
lp_printer_admin(snum)))) {
talloc_destroy(mem_ctx);
return True;
Modified: trunk/samba/source3/registry/reg_api.c
===================================================================
--- trunk/samba/source3/registry/reg_api.c 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/source3/registry/reg_api.c 2010-10-10 07:35:30 UTC (rev 3614)
@@ -953,7 +953,7 @@
/* open the registry file....fail if the file already exists */
regfile = regfio_open(fname, (O_RDWR|O_CREAT|O_EXCL),
- (S_IREAD|S_IWRITE));
+ (S_IRUSR|S_IWUSR));
if (regfile == NULL) {
DEBUG(0,("backup_registry_key: failed to open \"%s\" (%s)\n",
fname, strerror(errno) ));
Modified: trunk/samba/source3/rpc_client/cli_pipe.c
===================================================================
--- trunk/samba/source3/rpc_client/cli_pipe.c 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/source3/rpc_client/cli_pipe.c 2010-10-10 07:35:30 UTC (rev 3614)
@@ -3213,7 +3213,7 @@
result->a_u.schannel_auth->state = SCHANNEL_STATE_START;
result->a_u.schannel_auth->seq_num = 0;
result->a_u.schannel_auth->initiator = true;
- result->a_u.schannel_auth->creds = creds;
+ result->a_u.schannel_auth->creds = netlogon_creds_copy(result, creds);
*presult = result;
return NT_STATUS_OK;
@@ -4044,9 +4044,13 @@
/*
* The credentials on a new netlogon pipe are the ones we are passed
- * in - reference them in
+ * in - copy them over
*/
- result->dc = talloc_move(result, pdc);
+ result->dc = netlogon_creds_copy(result, *pdc);
+ if (result->dc == NULL) {
+ TALLOC_FREE(result);
+ return NT_STATUS_NO_MEMORY;
+ }
DEBUG(10,("cli_rpc_pipe_open_schannel_with_key: opened pipe %s to machine %s "
"for domain %s and bound using schannel.\n",
Modified: trunk/samba/source3/rpc_client/init_spoolss.c
===================================================================
--- trunk/samba/source3/rpc_client/init_spoolss.c 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/source3/rpc_client/init_spoolss.c 2010-10-10 07:35:30 UTC (rev 3614)
@@ -73,3 +73,32 @@
}
return WERR_OK;
}
+
+/*******************************************************************
+ ********************************************************************/
+
+void spoolss_printerinfo2_to_setprinterinfo2(const struct spoolss_PrinterInfo2 *i,
+ struct spoolss_SetPrinterInfo2 *s)
+{
+ s->servername = i->servername;
+ s->printername = i->printername;
+ s->sharename = i->sharename;
+ s->portname = i->portname;
+ s->drivername = i->drivername;
+ s->comment = i->comment;
+ s->location = i->location;
+ s->devmode_ptr = 0;
+ s->sepfile = i->sepfile;
+ s->printprocessor = i->printprocessor;
+ s->datatype = i->datatype;
+ s->parameters = i->parameters;
+ s->secdesc_ptr = 0;
+ s->attributes = i->attributes;
+ s->priority = i->priority;
+ s->defaultpriority = i->defaultpriority;
+ s->starttime = i->starttime;
+ s->untiltime = i->untiltime;
+ s->status = i->status;
+ s->cjobs = i->cjobs;
+ s->averageppm = i->averageppm;
+}
Modified: trunk/samba/source3/rpc_server/srv_pipe.c
===================================================================
--- trunk/samba/source3/rpc_server/srv_pipe.c 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/source3/rpc_server/srv_pipe.c 2010-10-10 07:35:30 UTC (rev 3614)
@@ -1184,7 +1184,8 @@
}
/* parse out the OIDs and the first sec blob */
- if (!parse_negTokenTarg(blob, OIDs, &secblob)) {
+ if (!parse_negTokenTarg(blob, OIDs, &secblob) ||
+ OIDs[0] == NULL) {
DEBUG(0,("pipe_spnego_auth_bind_negotiate: Failed to parse the security blob.\n"));
goto err;
}
Modified: trunk/samba/source3/rpc_server/srv_spoolss_nt.c
===================================================================
--- trunk/samba/source3/rpc_server/srv_spoolss_nt.c 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/source3/rpc_server/srv_spoolss_nt.c 2010-10-10 07:35:30 UTC (rev 3614)
@@ -432,6 +432,14 @@
NT_PRINTER_INFO_LEVEL *printer = NULL;
WERROR result;
+ /*
+ * Hopefully nobody names his printers like this. Maybe \ or ,
+ * are illegal in printer names even?
+ */
+ const char printer_not_found[] = "Printer \\, !@#$%^&*( not found";
+ char *cache_key;
+ char *tmp;
+
DEBUG(4,("Setting printer name=%s (len=%lu)\n", handlename,
(unsigned long)strlen(handlename)));
@@ -474,6 +482,27 @@
found = true;
}
+ /*
+ * With hundreds of printers, the "for" loop iterating all
+ * shares can be quite expensive, as it is done on every
+ * OpenPrinter. The loop maps "aprinter" to "sname", the
+ * result of which we cache in gencache.
+ */
+
+ cache_key = talloc_asprintf(talloc_tos(), "PRINTERNAME/%s",
+ aprinter);
+ if ((cache_key != NULL) && gencache_get(cache_key, &tmp, NULL)) {
+
+ found = (strcmp(tmp, printer_not_found) != 0);
+ if (!found) {
+ DEBUG(4, ("Printer %s not found\n", aprinter));
+ SAFE_FREE(tmp);
+ return false;
+ }
+ fstrcpy(sname, tmp);
+ SAFE_FREE(tmp);
+ }
+
/* Search all sharenames first as this is easier than pulling
the printer_info_2 off of disk. Don't use find_service() since
that calls out to map_username() */
@@ -539,10 +568,20 @@
free_a_printer( &printer, 2);
if ( !found ) {
+ if (cache_key != NULL) {
+ gencache_set(cache_key, printer_not_found,
+ time(NULL)+300);
+ TALLOC_FREE(cache_key);
+ }
DEBUGADD(4,("Printer not found\n"));
return false;
}
+ if (cache_key != NULL) {
+ gencache_set(cache_key, sname, time(NULL)+300);
+ TALLOC_FREE(cache_key);
+ }
+
DEBUGADD(4,("set_printer_hnd_name: Printer found: %s -> %s\n", aprinter, sname));
fstrcpy(Printer->sharename, sname);
@@ -1645,7 +1684,8 @@
&se_printop ) &&
!token_contains_name_in_list(
uidtoname(p->server_info->utok.uid),
- NULL, NULL,
+ pdb_get_domain(p->server_info->sam_account),
+ NULL,
p->server_info->ptok,
lp_printer_admin(snum))) {
close_printer_handle(p, r->out.handle);
@@ -1941,8 +1981,10 @@
if ( (p->server_info->utok.uid != sec_initial_uid())
&& !user_has_privileges(p->server_info->ptok, &se_printop )
&& !token_contains_name_in_list(
- uidtoname(p->server_info->utok.uid), NULL,
- NULL, p->server_info->ptok,
+ uidtoname(p->server_info->utok.uid),
+ pdb_get_domain(p->server_info->sam_account),
+ NULL,
+ p->server_info->ptok,
lp_printer_admin(-1)) )
{
return WERR_ACCESS_DENIED;
@@ -2040,7 +2082,9 @@
if ( (p->server_info->utok.uid != sec_initial_uid())
&& !user_has_privileges(p->server_info->ptok, &se_printop )
&& !token_contains_name_in_list(
- uidtoname(p->server_info->utok.uid), NULL, NULL,
+ uidtoname(p->server_info->utok.uid),
+ pdb_get_domain(p->server_info->sam_account),
+ NULL,
p->server_info->ptok, lp_printer_admin(-1)) )
{
return WERR_ACCESS_DENIED;
@@ -7845,7 +7889,8 @@
if ((p->server_info->utok.uid != sec_initial_uid()) &&
!user_has_privileges(p->server_info->ptok, &se_printop) &&
!token_contains_name_in_list(uidtoname(p->server_info->utok.uid),
- NULL, NULL,
+ pdb_get_domain(p->server_info->sam_account),
+ NULL,
p->server_info->ptok,
lp_printer_admin(snum))) {
DEBUG(2,("_spoolss_Addform: denied by insufficient permissions.\n"));
@@ -7926,7 +7971,8 @@
if ((p->server_info->utok.uid != sec_initial_uid()) &&
!user_has_privileges(p->server_info->ptok, &se_printop) &&
!token_contains_name_in_list(uidtoname(p->server_info->utok.uid),
- NULL, NULL,
+ pdb_get_domain(p->server_info->sam_account),
+ NULL,
p->server_info->ptok,
lp_printer_admin(snum))) {
DEBUG(2,("_spoolss_DeleteForm: denied by insufficient permissions.\n"));
@@ -8009,7 +8055,8 @@
if ((p->server_info->utok.uid != sec_initial_uid()) &&
!user_has_privileges(p->server_info->ptok, &se_printop) &&
!token_contains_name_in_list(uidtoname(p->server_info->utok.uid),
- NULL, NULL,
+ pdb_get_domain(p->server_info->sam_account),
+ NULL,
p->server_info->ptok,
lp_printer_admin(snum))) {
DEBUG(2,("_spoolss_Setform: denied by insufficient permissions.\n"));
Modified: trunk/samba/source3/rpc_server/srv_winreg_nt.c
===================================================================
--- trunk/samba/source3/rpc_server/srv_winreg_nt.c 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/source3/rpc_server/srv_winreg_nt.c 2010-10-10 07:35:30 UTC (rev 3614)
@@ -220,8 +220,8 @@
struct registry_key *regkey = find_regkey_by_hnd( p, r->in.handle );
prs_struct prs_hkpd;
- uint8_t *outbuf;
- uint32_t outbuf_size;
+ uint8_t *outbuf = NULL;
+ uint32_t outbuf_size = 0;
DATA_BLOB val_blob;
bool free_buf = False;
Modified: trunk/samba/source3/rpcclient/cmd_spoolss.c
===================================================================
--- trunk/samba/source3/rpcclient/cmd_spoolss.c 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/source3/rpcclient/cmd_spoolss.c 2010-10-10 07:35:30 UTC (rev 3614)
@@ -462,6 +462,7 @@
uint32_t info_level = 2;
union spoolss_PrinterInfo info;
struct spoolss_SetPrinterInfoCtr info_ctr;
+ struct spoolss_SetPrinterInfo2 info2;
const char *printername, *comment = NULL;
struct spoolss_DevmodeContainer devmode_ctr;
struct sec_desc_buf secdesc_ctr;
@@ -501,12 +502,11 @@
/* Modify the comment. */
- info.info2.comment = comment;
- info.info2.secdesc = NULL;
- info.info2.devmode = NULL;
+ spoolss_printerinfo2_to_setprinterinfo2(&info.info2, &info2);
+ info2.comment = comment;
info_ctr.level = 2;
- info_ctr.info.info2 = (struct spoolss_SetPrinterInfo2 *)&info.info2;
+ info_ctr.info.info2 = &info2;
status = rpccli_spoolss_SetPrinter(cli, mem_ctx,
&pol,
@@ -540,6 +540,7 @@
const char *printername,
*new_printername = NULL;
struct spoolss_SetPrinterInfoCtr info_ctr;
+ struct spoolss_SetPrinterInfo2 info2;
struct spoolss_DevmodeContainer devmode_ctr;
struct sec_desc_buf secdesc_ctr;
@@ -577,12 +578,11 @@
goto done;
/* Modify the printername. */
- info.info2.printername = new_printername;
- info.info2.devmode = NULL;
- info.info2.secdesc = NULL;
+ spoolss_printerinfo2_to_setprinterinfo2(&info.info2, &info2);
+ info2.printername = new_printername;
- info_ctr.level = info_level;
- info_ctr.info.info2 = (struct spoolss_SetPrinterInfo2 *)&info.info2;
+ info_ctr.level = 2;
+ info_ctr.info.info2 = &info2;
status = rpccli_spoolss_SetPrinter(cli, mem_ctx,
&pol,
@@ -1776,27 +1776,8 @@
/* Set the printer driver */
- info2.servername = info.info2.servername;
- info2.printername = info.info2.printername;
- info2.sharename = info.info2.sharename;
- info2.portname = info.info2.portname;
- info2.drivername = argv[2];
- info2.comment = info.info2.comment;
- info2.location = info.info2.location;
- info2.devmode_ptr = 0;
- info2.sepfile = info.info2.sepfile;
- info2.printprocessor = info.info2.printprocessor;
- info2.datatype = info.info2.datatype;
- info2.parameters = info.info2.parameters;
- info2.secdesc_ptr = 0;
- info2.attributes = info.info2.attributes;
- info2.priority = info.info2.priority;
- info2.defaultpriority = info.info2.defaultpriority;
- info2.starttime = info.info2.starttime;
- info2.untiltime = info.info2.untiltime;
- info2.status = info.info2.status;
- info2.cjobs = info.info2.cjobs;
- info2.averageppm = info.info2.averageppm;
+ spoolss_printerinfo2_to_setprinterinfo2(&info.info2, &info2);
+ info2.drivername = argv[2];
info_ctr.level = 2;
info_ctr.info.info2 = &info2;
Modified: trunk/samba/source3/rpcclient/rpcclient.c
===================================================================
--- trunk/samba/source3/rpcclient/rpcclient.c 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/source3/rpcclient/rpcclient.c 2010-10-10 07:35:30 UTC (rev 3614)
@@ -49,7 +49,7 @@
****************************************************************************/
static char **completion_fn(const char *text, int start, int end)
{
-#define MAX_COMPLETIONS 100
+#define MAX_COMPLETIONS 1000
char **matches;
int i, count=0;
struct cmd_list *commands = cmd_list;
Modified: trunk/samba/source3/smbd/fileio.c
===================================================================
--- trunk/samba/source3/smbd/fileio.c 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/source3/smbd/fileio.c 2010-10-10 07:35:30 UTC (rev 3614)
@@ -312,14 +312,15 @@
fsp->modified = True;
if (SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) == 0) {
- int dosmode;
trigger_write_time_update(fsp);
- dosmode = dos_mode(fsp->conn, fsp->fsp_name);
- if ((lp_store_dos_attributes(SNUM(fsp->conn)) ||
- MAP_ARCHIVE(fsp->conn)) &&
- !IS_DOS_ARCHIVE(dosmode)) {
- file_set_dosmode(fsp->conn, fsp->fsp_name,
+ if (!fsp->posix_open &&
+ (lp_store_dos_attributes(SNUM(fsp->conn)) ||
+ MAP_ARCHIVE(fsp->conn))) {
+ int dosmode = dos_mode(fsp->conn, fsp->fsp_name);
+ if (!IS_DOS_ARCHIVE(dosmode)) {
+ file_set_dosmode(fsp->conn, fsp->fsp_name,
dosmode | aARCH, NULL, false);
+ }
}
/*
Modified: trunk/samba/source3/smbd/notify.c
===================================================================
--- trunk/samba/source3/smbd/notify.c 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/source3/smbd/notify.c 2010-10-10 07:35:30 UTC (rev 3614)
@@ -76,6 +76,7 @@
for (i=0; i<num_changes; i++) {
struct notify_change *c;
size_t namelen;
+ int rem = 0;
uint32 u32_tmp; /* Temp arg to prs_uint32 to avoid
* signed/unsigned issues */
@@ -101,6 +102,11 @@
*/
u32_tmp = (i == num_changes-1) ? 0 : namelen + 12;
+
+ /* Align on 4-byte boundary according to MS-CIFS 2.2.7.4.2 */
+ if ((rem = u32_tmp % 4 ) != 0)
+ u32_tmp += 4 - rem;
+
if (!prs_uint32("offset", ps, 1, &u32_tmp)) goto fail;
u32_tmp = c->action;
@@ -116,6 +122,10 @@
*/
prs_set_offset(ps, prs_offset(ps)-2);
+ if (rem != 0) {
+ if (!prs_align_custom(ps, 4)) goto fail;
+ }
+
TALLOC_FREE(uni_name.buffer);
if (prs_offset(ps) > max_offset) {
Modified: trunk/samba/source3/smbd/open.c
===================================================================
--- trunk/samba/source3/smbd/open.c 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/source3/smbd/open.c 2010-10-10 07:35:30 UTC (rev 3614)
@@ -49,11 +49,23 @@
SMB1 file varient of se_access_check. Never test FILE_READ_ATTRIBUTES.
****************************************************************************/
-NTSTATUS smb1_file_se_access_check(const struct security_descriptor *sd,
+NTSTATUS smb1_file_se_access_check(connection_struct *conn,
+ const struct security_descriptor *sd,
const NT_USER_TOKEN *token,
uint32_t access_desired,
uint32_t *access_granted)
{
+ *access_granted = 0;
+
+ if (conn->server_info->utok.uid == 0 || conn->admin_user) {
+ /* I'm sorry sir, I didn't know you were root... */
+ *access_granted = access_desired;
+ if (access_desired & SEC_FLAG_MAXIMUM_ALLOWED) {
+ *access_granted |= FILE_GENERIC_ALL;
+ }
+ return NT_STATUS_OK;
+ }
+
return se_access_check(sd,
token,
(access_desired & ~FILE_READ_ATTRIBUTES),
@@ -73,17 +85,6 @@
NTSTATUS status;
struct security_descriptor *sd = NULL;
- *access_granted = 0;
-
- if (conn->server_info->utok.uid == 0 || conn->admin_user) {
- /* I'm sorry sir, I didn't know you were root... */
- *access_granted = access_mask;
- if (access_mask & SEC_FLAG_MAXIMUM_ALLOWED) {
- *access_granted |= FILE_GENERIC_ALL;
- }
- return NT_STATUS_OK;
- }
-
status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
(OWNER_SECURITY_INFORMATION |
GROUP_SECURITY_INFORMATION |
@@ -97,7 +98,8 @@
return status;
}
- status = smb1_file_se_access_check(sd,
+ status = smb1_file_se_access_check(conn,
+ sd,
conn->server_info->ptok,
access_mask,
access_granted);
@@ -1412,7 +1414,8 @@
return NT_STATUS_ACCESS_DENIED;
}
- status = smb1_file_se_access_check(sd,
+ status = smb1_file_se_access_check(conn,
+ sd,
conn->server_info->ptok,
access_mask,
&access_granted);
Modified: trunk/samba/source3/smbd/oplock.c
===================================================================
--- trunk/samba/source3/smbd/oplock.c 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/source3/smbd/oplock.c 2010-10-10 07:35:30 UTC (rev 3614)
@@ -118,6 +118,7 @@
fsp->sent_oplock_break = NO_BREAK_SENT;
flush_write_cache(fsp, OPLOCK_RELEASE_FLUSH);
+ delete_write_cache(fsp);
TALLOC_FREE(fsp->oplock_timeout);
}
Modified: trunk/samba/source3/smbd/process.c
===================================================================
--- trunk/samba/source3/smbd/process.c 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/source3/smbd/process.c 2010-10-10 07:35:30 UTC (rev 3614)
@@ -1488,7 +1488,7 @@
/*
* NetBIOS session request, keepalive, etc.
*/
- reply_special((char *)inbuf);
+ reply_special((char *)inbuf, nread);
goto done;
}
Modified: trunk/samba/source3/smbd/reply.c
===================================================================
--- trunk/samba/source3/smbd/reply.c 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/source3/smbd/reply.c 2010-10-10 07:35:30 UTC (rev 3614)
@@ -495,14 +495,11 @@
Reply to a (netbios-level) special message.
****************************************************************************/
-void reply_special(char *inbuf)
+void reply_special(char *inbuf, size_t inbuf_size)
{
int msg_type = CVAL(inbuf,0);
int msg_flags = CVAL(inbuf,1);
- fstring name1,name2;
- char name_type1, name_type2;
struct smbd_server_connection *sconn = smbd_server_conn;
-
/*
* We only really use 4 bytes of the outbuf, but for the smb_setlen
* calculation & friends (srv_send_smb uses that) we need the full smb
@@ -510,28 +507,49 @@
*/
char outbuf[smb_size];
- *name1 = *name2 = 0;
-
memset(outbuf, '\0', sizeof(outbuf));
smb_setlen(outbuf,0);
switch (msg_type) {
case 0x81: /* session request */
+ {
+ /* inbuf_size is guarenteed to be at least 4. */
+ fstring name1,name2;
+ int name_type1, name_type2;
+ int name_len1, name_len2;
+ *name1 = *name2 = 0;
+
if (sconn->nbt.got_session) {
exit_server_cleanly("multiple session request not permitted");
}
SCVAL(outbuf,0,0x82);
SCVAL(outbuf,3,0);
- if (name_len(inbuf+4) > 50 ||
- name_len(inbuf+4 + name_len(inbuf + 4)) > 50) {
+
+ /* inbuf_size is guaranteed to be at least 4. */
+ name_len1 = name_len((unsigned char *)(inbuf+4),inbuf_size - 4);
+ if (name_len1 <= 0 || name_len1 > inbuf_size - 4) {
DEBUG(0,("Invalid name length in session request\n"));
return;
}
- name_type1 = name_extract(inbuf,4,name1);
- name_type2 = name_extract(inbuf,4 + name_len(inbuf + 4),name2);
+ name_len2 = name_len((unsigned char *)(inbuf+4+name_len1),inbuf_size - 4 - name_len1);
+ if (name_len2 <= 0 || name_len2 > inbuf_size - 4 - name_len1) {
+ DEBUG(0,("Invalid name length in session request\n"));
+ return;
+ }
+
+ name_type1 = name_extract((unsigned char *)inbuf,
+ inbuf_size,(unsigned int)4,name1);
+ name_type2 = name_extract((unsigned char *)inbuf,
+ inbuf_size,(unsigned int)(4 + name_len1),name2);
+
+ if (name_type1 == -1 || name_type2 == -1) {
+ DEBUG(0,("Invalid name type in session request\n"));
+ return;
+ }
+
DEBUG(2,("netbios connect: name1=%s0x%x name2=%s0x%x\n",
name1, name_type1, name2, name_type2));
@@ -565,6 +583,7 @@
sconn->nbt.got_session = true;
break;
+ }
case 0x89: /* session keepalive request
(some old clients produce this?) */
@@ -5846,8 +5865,9 @@
"%s -> %s\n", smb_fname_str_dbg(fsp->fsp_name),
smb_fname_str_dbg(smb_fname_dst)));
- if (lp_map_archive(SNUM(conn)) ||
- lp_store_dos_attributes(SNUM(conn))) {
+ if (!lp_posix_pathnames() &&
+ (lp_map_archive(SNUM(conn)) ||
+ lp_store_dos_attributes(SNUM(conn)))) {
/* We must set the archive bit on the newly
renamed file. */
if (SMB_VFS_STAT(conn, smb_fname_dst) == 0) {
Modified: trunk/samba/source3/smbd/sesssetup.c
===================================================================
--- trunk/samba/source3/smbd/sesssetup.c 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/source3/smbd/sesssetup.c 2010-10-10 07:35:30 UTC (rev 3614)
@@ -725,7 +725,8 @@
*kerb_mechOID = NULL;
/* parse out the OIDs and the first sec blob */
- if (!parse_negTokenTarg(blob_in, OIDs, pblob_out)) {
+ if (!parse_negTokenTarg(blob_in, OIDs, pblob_out) ||
+ OIDs[0] == NULL) {
return NT_STATUS_LOGON_FAILURE;
}
Modified: trunk/samba/source3/smbd/trans2.c
===================================================================
--- trunk/samba/source3/smbd/trans2.c 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/source3/smbd/trans2.c 2010-10-10 07:35:30 UTC (rev 3614)
@@ -6594,6 +6594,7 @@
files_struct *all_fsps = NULL;
bool modify_mtime = true;
struct file_id id;
+ struct smb_filename *smb_fname_tmp = NULL;
SMB_STRUCT_STAT sbuf;
ZERO_STRUCT(ft);
@@ -6646,7 +6647,6 @@
sbuf = smb_fname->st;
if (!VALID_STAT(sbuf)) {
- struct smb_filename *smb_fname_tmp = NULL;
/*
* The only valid use of this is to create character and block
* devices, and named pipes. This is deprecated (IMHO) and
@@ -6675,7 +6675,7 @@
}
sbuf = smb_fname_tmp->st;
- TALLOC_FREE(smb_fname_tmp);
+ smb_fname = smb_fname_tmp;
/* Ensure we don't try and change anything else. */
raw_unixmode = SMB_MODE_NO_CHANGE;
Modified: trunk/samba/source3/utils/net_ads.c
===================================================================
--- trunk/samba/source3/utils/net_ads.c 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/source3/utils/net_ads.c 2010-10-10 07:35:30 UTC (rev 3614)
@@ -541,7 +541,7 @@
char *escaped_user;
DOM_SID primary_group_sid;
uint32_t group_rid;
- enum SID_NAME_USE type;
+ enum wbcSidType type;
if (argc < 1 || c->display_usage) {
return net_ads_user_usage(c, argc, argv);
@@ -596,7 +596,7 @@
wbc_status = wbcLookupSid((struct wbcDomainSid *)&primary_group_sid,
NULL, /* don't look up domain */
&primary_group,
- (enum wbcSidType *) &type);
+ &type);
if (!WBC_ERROR_IS_OK(wbc_status)) {
d_fprintf(stderr, "wbcLookupSid: %s\n",
wbcErrorString(wbc_status));
Modified: trunk/samba/source3/utils/net_rpc_printer.c
===================================================================
--- trunk/samba/source3/utils/net_rpc_printer.c 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/source3/utils/net_rpc_printer.c 2010-10-10 07:35:30 UTC (rev 3614)
@@ -754,6 +754,7 @@
WERROR result;
NTSTATUS status;
struct spoolss_SetPrinterInfoCtr info_ctr;
+ struct spoolss_SetPrinterInfo2 info2;
struct spoolss_DevmodeContainer devmode_ctr;
struct sec_desc_buf secdesc_ctr;
@@ -773,8 +774,8 @@
(void *)&info->info1;
break;
case 2:
- info_ctr.info.info2 = (struct spoolss_SetPrinterInfo2 *)
- (void *)&info->info2;
+ spoolss_printerinfo2_to_setprinterinfo2(&info->info2, &info2);
+ info_ctr.info.info2 = &info2;
break;
case 3:
info_ctr.info.info3 = (struct spoolss_SetPrinterInfo3 *)
@@ -2044,6 +2045,8 @@
/* do something for all printers */
for (i = 0; i < num_printers; i++) {
+ struct spoolss_SetPrinterInfo2 info2;
+
/* do some initialization */
printername = info_enum[i].info2.printername;
sharename = info_enum[i].info2.sharename;
@@ -2095,8 +2098,8 @@
d_printf(_("creating printer: %s\n"), printername);
info_ctr.level = level;
- info_ctr.info.info2 = (struct spoolss_SetPrinterInfo2 *)
- (void *)&info_src.info2;
+ spoolss_printerinfo2_to_setprinterinfo2(&info_src.info2, &info2);
+ info_ctr.info.info2 = &info2;
result = rpccli_spoolss_addprinterex(pipe_hnd_dst,
mem_ctx,
Modified: trunk/samba/source3/utils/net_rpc_registry.c
===================================================================
--- trunk/samba/source3/utils/net_rpc_registry.c 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/source3/utils/net_rpc_registry.c 2010-10-10 07:35:30 UTC (rev 3614)
@@ -1150,7 +1150,8 @@
d_printf(_("ok\n"));
d_printf(_("Opening %s...."), argv[1]);
- if ( !(outfile = regfio_open( argv[1], (O_RDWR|O_CREAT|O_TRUNC), (S_IREAD|S_IWRITE) )) ) {
+ if ( !(outfile = regfio_open( argv[1], (O_RDWR|O_CREAT|O_TRUNC),
+ (S_IRUSR|S_IWUSR) )) ) {
d_fprintf(stderr, _("Failed to open %s for writing\n"),argv[1]);
goto out;
}
Modified: trunk/samba/source3/utils/profiles.c
===================================================================
--- trunk/samba/source3/utils/profiles.c 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/source3/utils/profiles.c 2010-10-10 07:35:30 UTC (rev 3614)
@@ -275,7 +275,8 @@
exit (1);
}
- if ( !(outfile = regfio_open( new_filename, (O_RDWR|O_CREAT|O_TRUNC), (S_IREAD|S_IWRITE) )) ) {
+ if ( !(outfile = regfio_open( new_filename, (O_RDWR|O_CREAT|O_TRUNC),
+ (S_IRUSR|S_IWUSR) )) ) {
fprintf( stderr, "Failed to open new file %s!\n", new_filename );
fprintf( stderr, "Error was (%s)\n", strerror(errno) );
exit (1);
Modified: trunk/samba/source3/utils/smbfilter.c
===================================================================
--- trunk/samba/source3/utils/smbfilter.c 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/source3/utils/smbfilter.c 2010-10-10 07:35:30 UTC (rev 3614)
@@ -74,20 +74,44 @@
}
}
-static void filter_request(char *buf)
+static void filter_request(char *buf, size_t buf_len)
{
int msg_type = CVAL(buf,0);
int type = CVAL(buf,smb_com);
+ unsigned x;
fstring name1,name2;
- unsigned x;
+ int name_len1, name_len2;
+ int name_type1, name_type2;
if (msg_type) {
/* it's a netbios special */
- switch (msg_type) {
+ switch (msg_type)
case 0x81:
/* session request */
- name_extract(buf,4,name1);
- name_extract(buf,4 + name_len(buf + 4),name2);
+ /* inbuf_size is guaranteed to be at least 4. */
+ name_len1 = name_len((unsigned char *)(buf+4),
+ buf_len - 4);
+ if (name_len1 <= 0 || name_len1 > buf_len - 4) {
+ DEBUG(0,("Invalid name length in session request\n"));
+ return;
+ }
+ name_len2 = name_len((unsigned char *)(buf+4+name_len1),
+ buf_len - 4 - name_len1);
+ if (name_len2 <= 0 || name_len2 > buf_len - 4 - name_len1) {
+ DEBUG(0,("Invalid name length in session request\n"));
+ return;
+ }
+
+ name_type1 = name_extract((unsigned char *)buf,
+ buf_len,(unsigned int)4,name1);
+ name_type2 = name_extract((unsigned char *)buf,
+ buf_len,(unsigned int)(4 + name_len1),name2);
+
+ if (name_type1 == -1 || name_type2 == -1) {
+ DEBUG(0,("Invalid name type in session request\n"));
+ return;
+ }
+
d_printf("sesion_request: %s -> %s\n",
name1, name2);
if (netbiosname) {
@@ -97,11 +121,11 @@
/* replace the destination netbios
* name */
memcpy(buf+4, mangled,
- name_len(mangled));
+ name_len((unsigned char *)mangled,
+ talloc_get_size(mangled)));
TALLOC_FREE(mangled);
}
}
- }
return;
}
@@ -118,7 +142,6 @@
SIVAL(buf, smb_vwv11, x);
break;
}
-
}
/****************************************************************************
@@ -184,7 +207,7 @@
d_printf("client closed connection\n");
exit(0);
}
- filter_request(packet);
+ filter_request(packet, len);
if (!send_smb(s, packet)) {
d_printf("server is dead\n");
exit(1);
Modified: trunk/samba/source3/winbindd/winbindd_cm.c
===================================================================
--- trunk/samba/source3/winbindd/winbindd_cm.c 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/source3/winbindd/winbindd_cm.c 2010-10-10 07:35:30 UTC (rev 3614)
@@ -2016,30 +2016,30 @@
/**********************************************************************
***********************************************************************/
-static bool cm_get_schannel_creds(struct winbindd_domain *domain,
+static NTSTATUS cm_get_schannel_creds(struct winbindd_domain *domain,
struct netlogon_creds_CredentialState **ppdc)
{
- NTSTATUS result;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
struct rpc_pipe_client *netlogon_pipe;
if (lp_client_schannel() == False) {
- return False;
+ return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;;
}
result = cm_connect_netlogon(domain, &netlogon_pipe);
if (!NT_STATUS_IS_OK(result)) {
- return False;
+ return result;
}
/* Return a pointer to the struct netlogon_creds_CredentialState from the
netlogon pipe. */
if (!domain->conn.netlogon_pipe->dc) {
- return false;
+ return NT_STATUS_INTERNAL_ERROR; /* This shouldn't happen. */
}
*ppdc = domain->conn.netlogon_pipe->dc;
- return True;
+ return NT_STATUS_OK;
}
NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
@@ -2136,10 +2136,13 @@
/* Fall back to schannel if it's a W2K pre-SP1 box. */
- if (!cm_get_schannel_creds(domain, &p_creds)) {
+ result = cm_get_schannel_creds(domain, &p_creds);
+ if (!NT_STATUS_IS_OK(result)) {
/* If this call fails - conn->cli can now be NULL ! */
DEBUG(10, ("cm_connect_sam: Could not get schannel auth info "
- "for domain %s, trying anon\n", domain->name));
+ "for domain %s (error %s), trying anon\n",
+ domain->name,
+ nt_errstr(result) ));
goto anonymous;
}
result = cli_rpc_pipe_open_schannel_with_key
@@ -2231,6 +2234,7 @@
struct rpc_pipe_client **cli)
{
struct winbindd_cm_conn *conn;
+ struct netlogon_creds_CredentialState *creds;
NTSTATUS status;
DEBUG(10,("cm_connect_lsa_tcp\n"));
@@ -2251,14 +2255,20 @@
TALLOC_FREE(conn->lsa_pipe_tcp);
- status = cli_rpc_pipe_open_schannel(conn->cli,
- &ndr_table_lsarpc.syntax_id,
- NCACN_IP_TCP,
- DCERPC_AUTH_LEVEL_PRIVACY,
- domain->name,
- &conn->lsa_pipe_tcp);
+ status = cm_get_schannel_creds(domain, &creds);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(10,("cli_rpc_pipe_open_schannel failed: %s\n",
+ goto done;
+ }
+
+ status = cli_rpc_pipe_open_schannel_with_key(conn->cli,
+ &ndr_table_lsarpc.syntax_id,
+ NCACN_IP_TCP,
+ DCERPC_AUTH_LEVEL_PRIVACY,
+ domain->name,
+ &creds,
+ &conn->lsa_pipe_tcp);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10,("cli_rpc_pipe_open_schannel_with_key failed: %s\n",
nt_errstr(status)));
goto done;
}
@@ -2338,10 +2348,13 @@
/* Fall back to schannel if it's a W2K pre-SP1 box. */
- if (!cm_get_schannel_creds(domain, &p_creds)) {
+ result = cm_get_schannel_creds(domain, &p_creds);
+ if (!NT_STATUS_IS_OK(result)) {
/* If this call fails - conn->cli can now be NULL ! */
DEBUG(10, ("cm_connect_lsa: Could not get schannel auth info "
- "for domain %s, trying anon\n", domain->name));
+ "for domain %s (error %s), trying anon\n",
+ domain->name,
+ nt_errstr(result) ));
goto anonymous;
}
result = cli_rpc_pipe_open_schannel_with_key
Modified: trunk/samba/source3/winbindd/winbindd_dual_srv.c
===================================================================
--- trunk/samba/source3/winbindd/winbindd_dual_srv.c 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/source3/winbindd/winbindd_dual_srv.c 2010-10-10 07:35:30 UTC (rev 3614)
@@ -610,12 +610,12 @@
id.id = r->in.id;
- switch (id.type) {
+ switch (r->in.type) {
case WBINT_ID_TYPE_UID:
id.type = ID_TYPE_UID;
status = idmap_set_uid_hwm(&id);
break;
- case ID_TYPE_GID:
+ case WBINT_ID_TYPE_GID:
id.type = ID_TYPE_GID;
status = idmap_set_gid_hwm(&id);
break;
Modified: trunk/samba/source3/winbindd/winbindd_pam.c
===================================================================
--- trunk/samba/source3/winbindd/winbindd_pam.c 2010-10-09 20:34:12 UTC (rev 3613)
+++ trunk/samba/source3/winbindd/winbindd_pam.c 2010-10-10 07:35:30 UTC (rev 3614)
@@ -801,7 +801,7 @@
void winbindd_pam_auth(struct winbindd_cli_state *state)
{
struct winbindd_domain *domain;
- fstring name_domain, name_user, mapped_user;
+ fstring name_domain, name_user;
char *mapped = NULL;
NTSTATUS result;
NTSTATUS name_map_status = NT_STATUS_UNSUCCESSFUL;
@@ -828,17 +828,15 @@
state->request->data.auth.user,
&mapped);
- /* If the name normalization didnt' actually do anything,
- just use the original name */
+ /* Update the auth name if we did any mapping */
- if (NT_STATUS_IS_OK(name_map_status)
- ||NT_STATUS_EQUAL(name_map_status, NT_STATUS_FILE_RENAMED)) {
- fstrcpy(mapped_user, mapped);
- } else {
- fstrcpy(mapped_user, state->request->data.auth.user);
+ if (NT_STATUS_IS_OK(name_map_status) ||
+ NT_STATUS_EQUAL(name_map_status, NT_STATUS_FILE_RENAMED))
+ {
+ fstrcpy(state->request->data.auth.user, mapped);
}
- if (!canonicalize_username(mapped_user, name_domain, name_user)) {
+ if (!canonicalize_username(state->request->data.auth.user, name_domain, name_user)) {
result = NT_STATUS_NO_SUCH_USER;
goto done;
}
More information about the Pkg-samba-maint
mailing list