Volker Lendecke [Wed, 20 Apr 2016 11:13:38 +0000 (13:13 +0200)]
smbd: Fix an assert
This might stumble over stale entries
Signed-off-by: Volker Lendecke <vl@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11844
Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Thu Jun 2 15:08:18 CEST 2016 on sn-devel-104
Jeremy Allison [Thu, 26 May 2016 23:42:42 +0000 (16:42 -0700)]
s3: auth: Move the declaration of struct dom_sid tmp_sid to function level scope.
It's referred to outside of the {} brace scope it was defined in by
the following code:
uid_to_unix_users_sid(*uid, &tmp_sid);
user_sid = &tmp_sid;
As tmp_sid was going out of scope, user_sid was
being incorrectly set in the token sid list.
I think this *may* be the root cause of:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10618
But even if not this is an obvious error that must
be fixed.
Back-port from master:
1b3b89345480d16222da00753f973e36e2e0f92d
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Wed Jun 1 12:35:23 CEST 2016 on sn-devel-104
Stefan Metzmacher [Thu, 19 May 2016 09:47:18 +0000 (11:47 +0200)]
s3:rpcclient: make use of SMB_SIGNING_IPC_DEFAULT
This means we'll use the "client ipc min protocol", "client ipc max protocol"
and "client ipc signing" options. But "--signing=no" or "--signing=required"
still overwrite "client ipc signing".
The following can be used to alter the max protocol
rpcclient --option="client ipc max protocol=SMB2_10" 172.31.9.163 -Uadministrator%
A1b2C3d4 -c "getusername"
Account Name: Administrator, Authority Name: W4EDOM-L4
rpcclient --option="client ipc max protocol=NT1" 172.31.9.163 -Uadministrator%
A1b2C3d4 -c "getusername"
Account Name: Administrator, Authority Name: W4EDOM-L4
rpcclient 172.31.9.163 -Uadministrator%
A1b2C3d4 -c "getusername"
Account Name: Administrator, Authority Name: W4EDOM-L4
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11927
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat May 21 05:01:15 CEST 2016 on sn-devel-144
(cherry picked from commit
2eb824fbaf61dfc5e9c735589c80c41379dabe86)
Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Mon May 30 13:55:41 CEST 2016 on sn-devel-104
Stefan Metzmacher [Wed, 18 May 2016 07:56:02 +0000 (09:56 +0200)]
s3:smbd: fix anonymous authentication if signing is mandatory
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11910
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
2b67554e6ccca6dd4616dea672890e0a56bed8bd)
Stefan Metzmacher [Wed, 11 May 2016 15:59:32 +0000 (17:59 +0200)]
s3:ntlm_auth: make ntlm_auth_generate_session_info() more complete
The generate_session_info() function maybe called more than once
per session.
Some may try to look/dereference session_info->security_token,
so we provide simplified token.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11914
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Mon, 9 May 2016 14:14:31 +0000 (16:14 +0200)]
libcli/auth: let msrpc_parse() return talloc'ed empty strings
This make it more predictable for the callers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11912
BUG: https://bugzilla.redhat.com/show_bug.cgi?id=
1334356
BUG: https://launchpad.net/bugs/
1578576
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon May 9 22:27:21 CEST 2016 on sn-devel-144
(cherry picked from commit
58a83236294117d32d9883ac3024f81fa1730a87)
Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Tue May 17 13:47:41 CEST 2016 on sn-devel-104
Karolin Seeger [Mon, 2 May 2016 08:04:54 +0000 (10:04 +0200)]
VERSION: Bump version up to 4.2.12...
and re-enable git snapshots.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Mon, 2 May 2016 08:04:10 +0000 (10:04 +0200)]
VERSION: Disable git snapshots for the 4.2.12 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Mon, 2 May 2016 08:02:59 +0000 (10:02 +0200)]
WHATSNEW: Add release date.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Fri, 29 Apr 2016 09:32:48 +0000 (11:32 +0200)]
WHATSNEW: Last bugfix release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Fri Apr 29 14:52:04 CEST 2016 on sn-devel-104
Karolin Seeger [Fri, 29 Apr 2016 09:15:16 +0000 (11:15 +0200)]
WHATSNEW: Update release notes.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Stefan Metzmacher [Mon, 25 Apr 2016 14:12:47 +0000 (16:12 +0200)]
s3:selftest: add smbclient_ntlm tests
We test all combinations of NT1 with and without spnego and SMB3
for user, anonymous and guest authentication.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11849
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Apr 28 20:16:45 CEST 2016 on sn-devel-144
(similar to commit
eee88e07b3e68efb467b390536eea4155b5ced7e)
Stefan Metzmacher [Mon, 25 Apr 2016 14:02:22 +0000 (16:02 +0200)]
selftest:Samba4: let fl2000dc use Windows2000 style SPNEGO/NTLMSSP
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11849
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(similar to commit
4de43387235cb17a185fdd1afd658972e8c174ef)
Stefan Metzmacher [Tue, 26 Apr 2016 23:00:14 +0000 (01:00 +0200)]
selftest:Samba4: let fl2000dc use Windows2000 supported_enctypes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11849
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(similar to commit
587b5db7979c1ca1055f5bfd81ab79606cd3c2dd)
Stefan Metzmacher [Tue, 26 Apr 2016 09:33:52 +0000 (11:33 +0200)]
s3:test_smbclient_auth.sh: this script reqiures 5 arguments
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11849
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
70910334caa176bf98fece7d638ed599979dc173)
Stefan Metzmacher [Tue, 26 Apr 2016 06:50:00 +0000 (08:50 +0200)]
selftest:Samba4: provide DC_* variables for fl2000dc and fl2008r2dc
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11849
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
b8055cb42cadf48367867213a35635f3391c9b8d)
Stefan Metzmacher [Mon, 25 Apr 2016 13:58:27 +0000 (15:58 +0200)]
auth/ntlmssp: add ntlmssp_{client,server}:force_old_spnego option for testing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11849
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
7a2cb2c97611171613fc677a534277839348c56f)
Stefan Metzmacher [Mon, 25 Apr 2016 12:45:55 +0000 (14:45 +0200)]
auth/spnego: add spnego:simulate_w2k option for testing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11849
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
db9c01a51975a0a3ec2564357617958c2f466091)
Stefan Metzmacher [Wed, 20 Apr 2016 16:27:34 +0000 (18:27 +0200)]
auth/ntlmssp: do map to guest checking after the authentication
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11847
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
d667520568996471b55007a42b503edbabb1eee0)
Stefan Metzmacher [Wed, 20 Apr 2016 14:34:28 +0000 (16:34 +0200)]
s3:smbd: only mark real guest sessions with the GUEST flag
Real anonymous sessions don't get it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11847
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(similar to commit
79a71545bfc87525c6ba6c8fe9fa7d8a9da33441)
Stefan Metzmacher [Mon, 18 Apr 2016 15:36:56 +0000 (17:36 +0200)]
s3:smbd: make use SMB_SETUP_GUEST constant
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11847
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
25ce97892ad3ce5028e4dbbbdd844ef6619ac396)
Stefan Metzmacher [Wed, 20 Apr 2016 14:29:42 +0000 (16:29 +0200)]
libcli/security: implement SECURITY_GUEST
SECURITY_GUEST is not exactly the same as SECURITY_ANONYMOUS.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11847
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
837e6176329330893d5a1e4ce4ac67dbac758e56)
Stefan Metzmacher [Tue, 26 Apr 2016 23:48:32 +0000 (01:48 +0200)]
s3:auth_builtin: anonymous authentication doesn't allow a password
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11847
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
ead483b0c0ec746c0869162024c97f2e08df7f4b)
Stefan Metzmacher [Tue, 26 Apr 2016 23:44:56 +0000 (01:44 +0200)]
s4:auth_anonymous: anonymous authentication doesn't allow a password
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11847
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
d247dceaaab24b568425f2360e40f5e91be452cc)
Stefan Metzmacher [Fri, 22 Apr 2016 08:04:38 +0000 (10:04 +0200)]
auth/spnego: only try to verify the mechListMic if signing was negotiated.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11847
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
65462958522baee6eedcedd4193cfcc8cf0f510e)
Stefan Metzmacher [Tue, 19 Apr 2016 05:33:03 +0000 (07:33 +0200)]
s3:libsmb: use anonymous authentication via spnego if possible
This makes the authentication consistent between
SMB1 with CAP_EXTENDED_SECURITY (introduced in Windows 2000)
and SNB2.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
e72ad193a53e20b769f798d02c0610f91859bd38)
Stefan Metzmacher [Tue, 19 Apr 2016 05:20:28 +0000 (07:20 +0200)]
s3:libsmb: don't finish the gensec handshake for guest logins
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
fa5799207e55ee8e329f36f784d027845eaf0e34)
Stefan Metzmacher [Tue, 19 Apr 2016 05:19:19 +0000 (07:19 +0200)]
s3:libsmb: record the session setup action flags
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
02c902103521e5a2b1d221db83e6c59d0ce31099)
Stefan Metzmacher [Mon, 18 Apr 2016 15:38:46 +0000 (17:38 +0200)]
libcli/smb: add smbXcli_session_is_guest() helper function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
8f4a4bec089b46bbeb0e0f37bb682acb88702bf2)
Stefan Metzmacher [Mon, 18 Apr 2016 15:34:21 +0000 (17:34 +0200)]
libcli/smb: add SMB1 session setup action flags
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
cceaa61cf064926baca6db4b303d34ea90d40d52)
Stefan Metzmacher [Mon, 18 Apr 2016 15:33:11 +0000 (17:33 +0200)]
libcli/smb: add smb1cli_session_set_action() helper function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
e6f9e176f2bb0e3e7451ac58e84ff55328219fcd)
Günther Deschner [Wed, 20 Apr 2016 18:09:53 +0000 (20:09 +0200)]
libcli/smb: fix NULL pointer derreference in smbXcli_session_is_authenticated().
Guenther
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
8e016ffeb01167bb8dec66cf9e4bc8605461c15a)
Stefan Metzmacher [Tue, 19 Apr 2016 05:31:50 +0000 (07:31 +0200)]
s3:libsmb: use password = NULL for anonymous connections
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11858
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
53be47410236ef7c90fe895f49f300e3fe47a8bf)
Stefan Metzmacher [Wed, 20 Apr 2016 16:44:21 +0000 (18:44 +0200)]
auth/ntlmssp: don't require NTLMSSP_SIGN for smb connections
Enforcement of SMB signing is done at the SMB layer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11850
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
d97b347d041f9b5c0aa71f35526cbefd56f3500b)
Stefan Metzmacher [Wed, 20 Apr 2016 16:44:21 +0000 (18:44 +0200)]
auth/ntlmssp: don't require any flags in the ccache_resume code
ntlmssp_client_challenge() already checks for required flags
before asking winbindd.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11850
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
5041adb6657596399049a33e6a739a040b4df0db)
Stefan Metzmacher [Sat, 23 Apr 2016 03:17:25 +0000 (05:17 +0200)]
auth/spnego: handle broken mechListMIC response from Windows 2000
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11870
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
032c2733dea834e2c95178cdd0deb73e7bb13621)
Stefan Metzmacher [Thu, 28 Apr 2016 10:26:16 +0000 (12:26 +0200)]
auth/spnego: change log level for 'Failed to setup SPNEGO negTokenInit request: NT_STATUS_INTERNAL_ERROR'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11872
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
9930bd17f2d39e4be1e125f83f7de489a94ea1d1)
Günther Deschner [Thu, 28 Apr 2016 10:58:33 +0000 (12:58 +0200)]
s3:librpc:crypto:gse: increase debug level for gse_init_client().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11872
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
b6595037f3fcaafb957d9c08edfb89c72cded987)
Günther Deschner [Thu, 28 Apr 2016 10:58:10 +0000 (12:58 +0200)]
lib:krb5_wrap:krb5_samba: increase debug level for smb_krb5_get_default_realm_from_ccache().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11872
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
95b8b020626ba58a77a21e3da804bac2f0cf90b1)
Stefan Metzmacher [Fri, 22 Apr 2016 14:31:55 +0000 (16:31 +0200)]
s3:libads/sasl: allow wrapped messages up to a size of 0xfffffff
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11872
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
795e796658e6da0149c9c00ece7cca4ccc457717)
Stefan Metzmacher [Fri, 22 Apr 2016 14:18:24 +0000 (16:18 +0200)]
s4:gensec_tstream: allow wrapped messages up to a size of 0xfffffff
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11872
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
8704958fb3b212b401a8e7d94fdd9c627adbde0d)
Karolin Seeger [Thu, 28 Apr 2016 09:06:43 +0000 (11:06 +0200)]
WHATSNEW: Start release notes for Samba 4.2.12.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Thu Apr 28 15:26:50 CEST 2016 on sn-devel-104
Jorge Schrauwen [Sun, 3 Apr 2016 09:43:50 +0000 (11:43 +0200)]
configure: Don't check for inotify on illumos
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11816
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
94f31295b12b20a68d596929ea428eb36f8c0d82)
Volker Lendecke [Mon, 4 Apr 2016 11:43:02 +0000 (13:43 +0200)]
nwrap: Fix the build on Solaris
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11816
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Apr 5 08:57:06 CEST 2016 on sn-devel-144
(cherry picked from commit
ff6b49beeb5df30f4e243a97d2e6218ec497e9ad)
Uri Simchoni [Mon, 18 Apr 2016 20:08:38 +0000 (23:08 +0300)]
libads: record session expiry for spnego sasl binds
With the move to gensec-based spnego, record the session expiry
in tgs_expire, so that libads users such as winbindd can use this info
to determine how long to keep the connection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11852
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Tue Apr 19 16:53:57 CEST 2016 on sn-devel-144
(cherry picked from commit
34482eb7cc3d74c8de510309332e8ab176d0f3c0)
Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Tue Apr 26 12:00:48 CEST 2016 on sn-devel-104
Andrew Bartlett [Thu, 21 Apr 2016 01:03:19 +0000 (13:03 +1200)]
build: mark explicit dependencies on pytalloc-util
All subsystems that include pytalloc.h need to link against
pytalloc-util.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11789
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(similar to
7b431eba22444d2e0d872de781a8193dcfa6d252)
Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Thu Apr 21 11:46:43 CEST 2016 on sn-devel-104
Stefan Metzmacher [Tue, 15 Mar 2016 15:59:51 +0000 (16:59 +0100)]
s3:wscript: pylibsmb depends on pycredentials
The need for pytalloc-util was based on the fact that
pycredentials depends on pytalloc-util.
As pylibsmb only used pycredentials and not pytalloc-util directly,
we should depend on pycredentials.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11789
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
74ca470739e0128556d8d20010464df07f2f0ac8)
Günther Deschner [Mon, 1 Feb 2016 22:11:13 +0000 (23:11 +0100)]
libsmb/pysmb: add pytalloc-util dependency to fix the build.
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Feb 2 15:49:14 CET 2016 on sn-devel-144
(cherry picked from commit
943e69ca8fd4491004eafbf29ed2ca748b0b7480)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11789
Andrew Bartlett [Tue, 16 Feb 2016 02:15:44 +0000 (15:15 +1300)]
pydsdb: Fix returning of ldb.MessageElement.
This object is not based on pytalloc_Object and so this causes
a segfault (later a failure) when the struct definitions diverge.
We must also not reuse the incoming ldb_message_element as a talloc
context and overwrite the values, instead we should create a new
object and return that.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
(cherry picked from commit
b96b1e88f760c92c7d9bb7e732f72d7e73a68907)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11789
Andrew Bartlett [Tue, 22 Sep 2015 03:25:30 +0000 (15:25 +1200)]
pydsdb: Also accept ldb.MessageElement values to dsdb routines
This shows the correct way to accept a value that may be a list of strings
or a proper ldb.MessageElement.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
(cherry picked from commit
b48776d78b446ad4abd4a6bc2ba6b488a29b11d2)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11789
Volker Lendecke [Sun, 10 Apr 2016 10:51:15 +0000 (12:51 +0200)]
vfs_catia: Fix bug 11827, memleak
add_srt should add the mappings to the linked list even if
mappings==NULL (the default)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11827
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Apr 11 14:25:59 CEST 2016 on sn-devel-144
(cherry picked from commit
3e2af1568d150de1cb12fef40580f4880ac787ff)
Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Mon Apr 18 15:44:50 CEST 2016 on sn-devel-104
Stefan Metzmacher [Fri, 19 Feb 2016 10:46:03 +0000 (11:46 +0100)]
tevent: version 0.9.28
* Fix memory leak when old signal action restored (bug #11742)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11771
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Feb 19 19:12:25 CET 2016 on sn-devel-144
(cherry picked from commit
da74d0c317be9ce67eb5d00d232167d466f68a1e)
The last 12 patches addressed bug #11771:
Backport tevent-0.9.28.
Jeremy Allison [Tue, 16 Feb 2016 22:23:53 +0000 (14:23 -0800)]
lib: tevent: Fix memory leak reported by Pavel Březina <pbrezina@redhat.com> when old signal action restored.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11742
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11771
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Feb 18 01:42:50 CET 2016 on sn-devel-144
(cherry picked from commit
833a2f474367624dd9980abb28227850e95fe976)
Stefan Metzmacher [Mon, 15 Feb 2016 10:40:34 +0000 (11:40 +0100)]
tevent: version 0.9.27
* Fix bug in poll backend - poll_event_loop_poll()
exits the for loop on POLLNVAL instead of
continuing to find an event that is ready.
* Fix ETIME handling for Solaris event ports (bug #11728).
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11771
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Feb 16 00:00:51 CET 2016 on sn-devel-144
(cherry picked from commit
2267faddfa9863b205dfad580fbd45182916cb32)
Nathan Huff [Fri, 5 Feb 2016 20:35:07 +0000 (13:35 -0700)]
Fix ETIME handling for Solaris event ports.
It is possible for port_getn to return -1 with errno set to ETIME and
still return events. If those events aren't processed the association is
lost by samba since the kernel dissacociated them and samba never
processed them so never reassociated them with the event port. The
patch checks the nget return value in the case of ETIME and if it is non
0 it doesn't return and goes through the event processing loop.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11771
Signed-off-by: Nathan Huff <nhuff@acm.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sun Feb 7 11:26:35 CET 2016 on sn-devel-144
(cherry picked from commit
4953b1f73f8ec9387516be1058434d71937e1447)
Jelmer Vernooij [Mon, 4 Jan 2016 23:01:26 +0000 (23:01 +0000)]
tevent: Only set public headers field when installing as a public library.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11771
Signed-off-by: Jelmer Vernooij <jelmer@jelmer.uk>
(cherry picked from commit
2cba4918dbe82fb9d0455c73d35aa551dccc924f)
Jelmer Vernooij [Sat, 9 Jan 2016 20:25:17 +0000 (20:25 +0000)]
Simplify handling of dependencies on external libraries in test_headers.
Signed-off-by: Jelmer Vernooij <jelmer@jelmer.uk>
(cherry picked from commit
3123e2c66a29aaabad7408107bcf4a0e841a93ec)
Jeremy Allison [Tue, 17 Nov 2015 17:13:41 +0000 (09:13 -0800)]
lib: tevent: Whitespace cleanup.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11771
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Nov 18 15:54:03 CET 2015 on sn-devel-104
(cherry picked from commit
39d0a81ed87c58836335ec10af22b36c9961f91e)
Jeremy Allison [Tue, 17 Nov 2015 18:28:50 +0000 (10:28 -0800)]
lib: tevent: Fix bug in poll backend - poll_event_loop_poll()
If the (pfd->revents & POLLNVAL) case is triggered,
we do DLIST_REMOVE(ev->fd_events, fde); and then
use fde->next in the loop above.
Save off fde->next for loop interation before
this so we can't use a deleted ->next value.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11771
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
2be3dd1407eabe3df360ede2eab178848e34733c)
Stefan Metzmacher [Mon, 24 Aug 2015 13:47:51 +0000 (15:47 +0200)]
tevent: version 0.9.26
* New tevent_thread_proxy API
* Minor build fixes
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11771
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
9884a8fa58ffc8ddff0977c069aedda3beb6415f)
Jeremy Allison [Wed, 22 Jul 2015 18:52:06 +0000 (11:52 -0700)]
lib: tevent: docs: Add tutorial on thread usage.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11771
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
68077c617b0a456baea56349fbf502307318c487)
Jeremy Allison [Fri, 24 Jul 2015 16:27:21 +0000 (09:27 -0700)]
lib: tevent: tests: Add a second thread test that does request/reply.
Both tests run cleanly with valgrind --tool=drd and
valgrind --tool=helgrind
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11771
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
a132320b4c434ae9c2188377951d092f7309e63c)
Jeremy Allison [Fri, 24 Jul 2015 15:50:31 +0000 (08:50 -0700)]
lib: tevent: Initial test of tevent threaded context code.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11771
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
187aebb25b970a3679a72109def8e8b85622722e)
Jeremy Allison [Thu, 23 Jul 2015 22:23:50 +0000 (15:23 -0700)]
lib: tevent: Initial checkin of threaded tevent context calling code.
Adds 2 new functions:
struct tevent_thread_proxy *tevent_thread_proxy_create(
struct tevent_context *dest_ev_ctx);
void tevent_thread_proxy_schedule(struct tevent_thread_proxy *tp,
struct tevent_immediate **pp_im,
tevent_immediate_handler_t handler,
void *pp_private_data);
Brief doc included. Tests, docs and tutorial to follow.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11771
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
49bddd8e4756ef52b05b850aec4864749fcf31cb)
Stefan Metzmacher [Tue, 12 Apr 2016 19:17:20 +0000 (21:17 +0200)]
VERSION: Bump version up to 4.2.12
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 12 Apr 2016 19:16:50 +0000 (21:16 +0200)]
Merge tag 'samba-4.2.11' into v4-2-test
samba: tag release samba-4.2.11
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Mon, 11 Apr 2016 07:20:37 +0000 (09:20 +0200)]
VERSION: Disable git snapshots for the 4.2.11 release.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Mon, 11 Apr 2016 07:16:44 +0000 (09:16 +0200)]
WHATSNEW: Add release notes for Samba 4.2.11.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11744
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Fri, 8 Apr 2016 08:05:38 +0000 (10:05 +0200)]
s3:libads: sasl wrapped LDAP connections against with kerberos and arcfour-hmac-md5
This fixes a regression in commit
2cb07ba50decdfd6d08271cd2b3d893ff95f5af9
(s3:libads: make use of ads_sasl_spnego_gensec_bind() for GSS-SPNEGO with Kerberos)
that prevents things like 'net ads join' from working against a Windows 2003 domain.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 8 Apr 2016 11:57:51 +0000 (13:57 +0200)]
VERSION: Bump version up to 4.2.11...
and re-enable git snapshots.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Mon, 28 Mar 2016 22:36:56 +0000 (00:36 +0200)]
VERSION: Disable git snapshots for the 4.2.10 release.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Mon, 28 Mar 2016 22:26:48 +0000 (00:26 +0200)]
WHATSNEW: Add release notes for Samba 4.2.10.
o CVE-2015-5370 (Multiple errors in DCE-RPC code)
o CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP)
o CVE-2016-2111 (NETLOGON Spoofing Vulnerability)
o CVE-2016-2112 (LDAP client and server don't enforce integrity)
o CVE-2016-2113 (Missing TLS certificate validation)
o CVE-2016-2114 ("server signing = mandatory" not enforced)
o CVE-2016-2115 (SMB IPC traffic is not integrity protected)
o CVE-2016-2118 (SAMR and LSA man in the middle attacks possible)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11744
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Fri, 26 Jun 2015 19:05:53 +0000 (21:05 +0200)]
CVE-2015-5370: s4:selftest: run samba.tests.dcerpc.raw_protocol against plugin_s4_dc
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 26 Mar 2014 21:42:19 +0000 (22:42 +0100)]
CVE-2015-5370: python/samba/tests: add some dcerpc raw_protocol tests
These are independent from our client library and allow
testing of invalid pdus.
It can be used like this in standalone mode:
SMB_CONF_PATH=/dev/null SERVER=172.31.9.188 python/samba/tests/dcerpc/raw_protocol.py
or
SMB_CONF_PATH=/dev/null SERVER=172.31.9.188 python/samba/tests/dcerpc/raw_protocol.py -v -f TestDCERPC_BIND.test_invalid_auth_noctx
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 26 Mar 2014 21:42:19 +0000 (22:42 +0100)]
CVE-2015-5370: python/samba/tests: add infrastructure to do raw protocol tests for DCERPC
These are independent from our client library and allow
testing of invalid pdus.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 22 Dec 2015 20:13:41 +0000 (21:13 +0100)]
CVE-2015-5370: s4:librpc/rpc: call dcerpc_connection_dead() on protocol errors
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 22 Dec 2015 20:23:14 +0000 (21:23 +0100)]
CVE-2015-5370: s3:rpc_client: disconnect connection on protocol errors
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 23 Dec 2015 10:05:45 +0000 (11:05 +0100)]
CVE-2015-5370: libcli/smb: use a max timeout of 1 second in tstream_smbXcli_np_destructor()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 7 Jul 2015 22:01:37 +0000 (00:01 +0200)]
CVE-2015-5370: s3:rpc_server: verify auth_context_id in api_pipe_{bind_auth3,alter_context}
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 7 Jul 2015 20:51:18 +0000 (22:51 +0200)]
CVE-2015-5370: s3:rpc_client: verify auth_context_id in rpc_pipe_bind_step_one_done()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 7 Jul 2015 22:01:37 +0000 (00:01 +0200)]
CVE-2015-5370: s3:librpc/rpc: verify auth_context_id in dcerpc_check_auth()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 7 Jul 2015 22:01:37 +0000 (00:01 +0200)]
CVE-2015-5370: s3:librpc/rpc: make use of auth->auth_context_id in dcerpc_add_auth_footer()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 7 Jul 2015 22:01:37 +0000 (00:01 +0200)]
CVE-2015-5370: s3:rpc_server: make use of pipe_auth_data->auth_context_id
This is better than using hardcoded values.
We need to use the value the client used in the BIND request.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 7 Jul 2015 22:01:37 +0000 (00:01 +0200)]
CVE-2015-5370: s3:rpc_client: make use of pipe_auth_data->auth_context_id
This is better than using hardcoded values.
We need to use auth_context_id = 1 for authenticated
connections, as old Samba server (before this patchset)
will use a hardcoded value of 1.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 7 Jul 2015 22:01:37 +0000 (00:01 +0200)]
CVE-2015-5370: s3:librpc/rpc: add auth_context_id to struct pipe_auth_data
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 7 Jul 2015 22:01:37 +0000 (00:01 +0200)]
CVE-2015-5370: s3:rpc_client: pass struct pipe_auth_data to create_rpc_{bind_auth3,alter_context}()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 7 Jul 2015 11:05:01 +0000 (13:05 +0200)]
CVE-2015-5370: s3:rpc_server: don't allow an existing context to be changed in check_bind_req()
An alter context can't change the syntax of an existing context,
a new context_id will be used for that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 7 Jul 2015 11:05:01 +0000 (13:05 +0200)]
CVE-2015-5370: s3:rpc_server: check the transfer syntax in check_bind_req() first
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Sat, 11 Jul 2015 08:58:07 +0000 (10:58 +0200)]
CVE-2015-5370: s3:librpc/rpc: remove unused dcerpc_pull_dcerpc_auth()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 23 Dec 2015 11:38:55 +0000 (12:38 +0100)]
CVE-2015-5370: s3:rpc_server: use DCERPC_NCA_S_PROTO_ERROR FAULTs for protocol errors
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 23 Dec 2015 11:38:55 +0000 (12:38 +0100)]
CVE-2015-5370: s3:rpc_server: let a failing BIND mark the connection as broken
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 23 Dec 2015 11:40:58 +0000 (12:40 +0100)]
CVE-2015-5370: s3:rpc_server: disconnect the connection after a fatal FAULT pdu
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 7 Jul 2015 14:06:59 +0000 (16:06 +0200)]
CVE-2015-5370: s3:rpc_server: make use of dcerpc_verify_ncacn_packet_header() to verify incoming pdus
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 7 Jul 2015 14:06:59 +0000 (16:06 +0200)]
CVE-2015-5370: s3:rpc_server: verify presentation context arrays
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 7 Jul 2015 14:06:59 +0000 (16:06 +0200)]
CVE-2015-5370: s3:rpc_server: use 'alter' instead of 'bind' for variables in api_pipe_alter_context()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Jeremy Allison [Tue, 7 Jul 2015 07:15:39 +0000 (09:15 +0200)]
CVE-2015-5370: s3:rpc_server: ensure that the message ordering doesn't violate the spec
The first pdu is always a BIND.
REQUEST pdus are only allowed once the authentication
is finished.
A simple anonymous authentication is finished after the BIND.
Real authentication may need additional ALTER or AUTH3 exchanges.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 7 Jul 2015 11:05:01 +0000 (13:05 +0200)]
CVE-2015-5370: s3:rpc_server: make sure auth_level isn't changed by alter_context or auth3
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 14 Jul 2015 14:18:45 +0000 (16:18 +0200)]
CVE-2015-5370: s3:rpc_server: let a failing auth3 mark the authentication as invalid
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 7 Jul 2015 11:05:01 +0000 (13:05 +0200)]
CVE-2015-5370: s3:rpc_server: don't allow auth3 if the authentication was already finished
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 7 Jul 2015 11:05:01 +0000 (13:05 +0200)]
CVE-2015-5370: s3:rpc_server: don't ignore failures of dcerpc_push_ncacn_packet()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>