[Pkg-samba-maint] [Git][samba-team/samba][debian_4.16] 2 commits: fix-unsupported-netr_LogonGetCapabilities-l2.patch

Michael Tokarev (@mjt) gitlab at salsa.debian.org
Fri Jul 14 11:06:54 BST 2023 


Michael Tokarev pushed to branch debian_4.16 at Debian Samba Team / samba


Commits:
e9a9fa67 by Michael Tokarev at 2023-07-14T13:05:31+03:00
fix-unsupported-netr_LogonGetCapabilities-l2.patch

- - - - -
3e04817e by Michael Tokarev at 2023-07-14T13:06:12+03:00
update changelog; upload version 4.16.10+dfsg-2 to unstable

- - - - -


3 changed files:

- debian/changelog
- + debian/patches/fix-unsupported-netr_LogonGetCapabilities-l2.patch
- debian/patches/series


Changes:

=====================================
debian/changelog
=====================================
@@ -1,3 +1,11 @@
+samba (2:4.16.10+dfsg-2) unstable; urgency=medium
+
+  * +fix-unsupported-netr_LogonGetCapabilities-l2.patch
+    Fix windows logon/trust issues with 2023-07 windows updates:
+    https://bugzilla.samba.org/show_bug.cgi?id=15418
+
+ -- Michael Tokarev <mjt at tls.msk.ru>  Fri, 14 Jul 2023 13:06:05 +0300
+
 samba (2:4.16.10+dfsg-1) unstable; urgency=high
 
   * upstream stable/security/bugfix release, fixing the following issues:


=====================================
debian/patches/fix-unsupported-netr_LogonGetCapabilities-l2.patch
=====================================
@@ -0,0 +1,68 @@
+From af355243e55a4baf17126339eb66432d438c4f16 Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze at samba.org>
+Date: Fri, 14 Jul 2023 10:20:05 +0200
+Subject: [PATCH] s3+s3/rpc_server: fix unsupported netr_LogonGetCapabilities
+ level 2
+Origin: upstream, https://bugzilla.samba.org/attachment.cgi?id=17983
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15418
+---
+ source3/rpc_server/netlogon/srv_netlog_nt.c   | 9 +++++----
+ source4/rpc_server/netlogon/dcerpc_netlogon.c | 8 ++++----
+ 2 files changed, 9 insertions(+), 8 deletions(-)
+
+diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
+index 3ba58e61206f..2018dc28eb67 100644
+--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
++++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
+@@ -2284,6 +2284,11 @@ NTSTATUS _netr_LogonGetCapabilities(struct pipes_struct *p,
+ 	struct netlogon_creds_CredentialState *creds;
+ 	NTSTATUS status;
+ 
++	if (r->in.query_level != 1) {
++		p->fault_state = DCERPC_NCA_S_FAULT_INVALID_TAG;
++		return NT_STATUS_NOT_SUPPORTED;
++	}
++
+ 	become_root();
+ 	status = dcesrv_netr_creds_server_step_check(p->dce_call,
+ 						p->mem_ctx,
+@@ -2296,10 +2301,6 @@ NTSTATUS _netr_LogonGetCapabilities(struct pipes_struct *p,
+ 		return status;
+ 	}
+ 
+-	if (r->in.query_level != 1) {
+-		return NT_STATUS_NOT_SUPPORTED;
+-	}
+-
+ 	r->out.capabilities->server_capabilities = creds->negotiate_flags;
+ 
+ 	return NT_STATUS_OK;
+diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
+index 6ccba65d3bf0..c869a6d3c791 100644
+--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
++++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
+@@ -2364,6 +2364,10 @@ static NTSTATUS dcesrv_netr_LogonGetCapabilities(struct dcesrv_call_state *dce_c
+ 	struct netlogon_creds_CredentialState *creds;
+ 	NTSTATUS status;
+ 
++	if (r->in.query_level != 1) {
++		DCESRV_FAULT(DCERPC_NCA_S_FAULT_INVALID_TAG);
++	}
++
+ 	status = dcesrv_netr_creds_server_step_check(dce_call,
+ 						     mem_ctx,
+ 						     r->in.computer_name,
+@@ -2375,10 +2379,6 @@ static NTSTATUS dcesrv_netr_LogonGetCapabilities(struct dcesrv_call_state *dce_c
+ 	}
+ 	NT_STATUS_NOT_OK_RETURN(status);
+ 
+-	if (r->in.query_level != 1) {
+-		return NT_STATUS_NOT_SUPPORTED;
+-	}
+-
+ 	r->out.capabilities->server_capabilities = creds->negotiate_flags;
+ 
+ 	return NT_STATUS_OK;
+-- 
+2.41.0


=====================================
debian/patches/series
=====================================
@@ -19,3 +19,4 @@ move-msg.sock-from-var-lib-samba-to-run-samba.patch
 testparm-do-not-fail-if-pid-dir-does-not-exist.patch
 add-missing-libs-deps.diff
 dont-ignore-errors-in-random-number-generation-CVE-2022-1615.patch
+fix-unsupported-netr_LogonGetCapabilities-l2.patch



View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/7e187769d4cbeeb64ee0e76a50aeb4ae81d6ef6b...3e04817eb9b9e9f7f0272f5f4aa214515047a032

-- 
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/7e187769d4cbeeb64ee0e76a50aeb4ae81d6ef6b...3e04817eb9b9e9f7f0272f5f4aa214515047a032
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20230714/b45fe0dc/attachment-0001.htm>

More information about the Pkg-samba-maint mailing list