Stefan Metzmacher [Fri, 22 Apr 2016 08:04:38 +0000 (10:04 +0200)]
auth/spnego: only try to verify the mechListMic if signing was negotiated.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11847
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
65462958522baee6eedcedd4193cfcc8cf0f510e)
Stefan Metzmacher [Tue, 19 Apr 2016 05:33:03 +0000 (07:33 +0200)]
s3:libsmb: use anonymous authentication via spnego if possible
This makes the authentication consistent between
SMB1 with CAP_EXTENDED_SECURITY (introduced in Windows 2000)
and SNB2.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
e72ad193a53e20b769f798d02c0610f91859bd38)
Stefan Metzmacher [Tue, 19 Apr 2016 05:20:28 +0000 (07:20 +0200)]
s3:libsmb: don't finish the gensec handshake for guest logins
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
fa5799207e55ee8e329f36f784d027845eaf0e34)
Stefan Metzmacher [Tue, 19 Apr 2016 05:19:19 +0000 (07:19 +0200)]
s3:libsmb: record the session setup action flags
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
02c902103521e5a2b1d221db83e6c59d0ce31099)
Stefan Metzmacher [Mon, 18 Apr 2016 15:38:46 +0000 (17:38 +0200)]
libcli/smb: add smbXcli_session_is_guest() helper function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
8f4a4bec089b46bbeb0e0f37bb682acb88702bf2)
Stefan Metzmacher [Mon, 18 Apr 2016 15:34:21 +0000 (17:34 +0200)]
libcli/smb: add SMB1 session setup action flags
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
cceaa61cf064926baca6db4b303d34ea90d40d52)
Stefan Metzmacher [Mon, 18 Apr 2016 15:33:11 +0000 (17:33 +0200)]
libcli/smb: add smb1cli_session_set_action() helper function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
e6f9e176f2bb0e3e7451ac58e84ff55328219fcd)
Günther Deschner [Wed, 20 Apr 2016 18:09:53 +0000 (20:09 +0200)]
libcli/smb: fix NULL pointer derreference in smbXcli_session_is_authenticated().
Guenther
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
8e016ffeb01167bb8dec66cf9e4bc8605461c15a)
Stefan Metzmacher [Tue, 19 Apr 2016 05:31:50 +0000 (07:31 +0200)]
s3:libsmb: use password = NULL for anonymous connections
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11858
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
53be47410236ef7c90fe895f49f300e3fe47a8bf)
Stefan Metzmacher [Wed, 20 Apr 2016 16:44:21 +0000 (18:44 +0200)]
auth/ntlmssp: don't require NTLMSSP_SIGN for smb connections
Enforcement of SMB signing is done at the SMB layer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11850
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
d97b347d041f9b5c0aa71f35526cbefd56f3500b)
Stefan Metzmacher [Wed, 20 Apr 2016 16:44:21 +0000 (18:44 +0200)]
auth/ntlmssp: don't require any flags in the ccache_resume code
ntlmssp_client_challenge() already checks for required flags
before asking winbindd.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11850
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
5041adb6657596399049a33e6a739a040b4df0db)
Stefan Metzmacher [Sat, 23 Apr 2016 03:17:25 +0000 (05:17 +0200)]
auth/spnego: handle broken mechListMIC response from Windows 2000
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11870
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
032c2733dea834e2c95178cdd0deb73e7bb13621)
Stefan Metzmacher [Thu, 28 Apr 2016 10:26:16 +0000 (12:26 +0200)]
auth/spnego: change log level for 'Failed to setup SPNEGO negTokenInit request: NT_STATUS_INTERNAL_ERROR'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11872
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
9930bd17f2d39e4be1e125f83f7de489a94ea1d1)
Günther Deschner [Thu, 28 Apr 2016 10:58:33 +0000 (12:58 +0200)]
s3:librpc:crypto:gse: increase debug level for gse_init_client().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11872
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
b6595037f3fcaafb957d9c08edfb89c72cded987)
Günther Deschner [Thu, 28 Apr 2016 10:58:10 +0000 (12:58 +0200)]
lib:krb5_wrap:krb5_samba: increase debug level for smb_krb5_get_default_realm_from_ccache().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11872
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
95b8b020626ba58a77a21e3da804bac2f0cf90b1)
Stefan Metzmacher [Fri, 22 Apr 2016 14:31:55 +0000 (16:31 +0200)]
s3:libads/sasl: allow wrapped messages up to a size of 0xfffffff
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11872
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
795e796658e6da0149c9c00ece7cca4ccc457717)
Stefan Metzmacher [Fri, 22 Apr 2016 14:18:24 +0000 (16:18 +0200)]
s4:gensec_tstream: allow wrapped messages up to a size of 0xfffffff
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11872
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
8704958fb3b212b401a8e7d94fdd9c627adbde0d)
Karolin Seeger [Thu, 28 Apr 2016 09:06:43 +0000 (11:06 +0200)]
WHATSNEW: Start release notes for Samba 4.2.12.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Thu Apr 28 15:26:50 CEST 2016 on sn-devel-104
Jorge Schrauwen [Sun, 3 Apr 2016 09:43:50 +0000 (11:43 +0200)]
configure: Don't check for inotify on illumos
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11816
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
94f31295b12b20a68d596929ea428eb36f8c0d82)
Volker Lendecke [Mon, 4 Apr 2016 11:43:02 +0000 (13:43 +0200)]
nwrap: Fix the build on Solaris
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11816
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Apr 5 08:57:06 CEST 2016 on sn-devel-144
(cherry picked from commit
ff6b49beeb5df30f4e243a97d2e6218ec497e9ad)
Uri Simchoni [Mon, 18 Apr 2016 20:08:38 +0000 (23:08 +0300)]
libads: record session expiry for spnego sasl binds
With the move to gensec-based spnego, record the session expiry
in tgs_expire, so that libads users such as winbindd can use this info
to determine how long to keep the connection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11852
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Tue Apr 19 16:53:57 CEST 2016 on sn-devel-144
(cherry picked from commit
34482eb7cc3d74c8de510309332e8ab176d0f3c0)
Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Tue Apr 26 12:00:48 CEST 2016 on sn-devel-104
Andrew Bartlett [Thu, 21 Apr 2016 01:03:19 +0000 (13:03 +1200)]
build: mark explicit dependencies on pytalloc-util
All subsystems that include pytalloc.h need to link against
pytalloc-util.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11789
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(similar to
7b431eba22444d2e0d872de781a8193dcfa6d252)
Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Thu Apr 21 11:46:43 CEST 2016 on sn-devel-104
Stefan Metzmacher [Tue, 15 Mar 2016 15:59:51 +0000 (16:59 +0100)]
s3:wscript: pylibsmb depends on pycredentials
The need for pytalloc-util was based on the fact that
pycredentials depends on pytalloc-util.
As pylibsmb only used pycredentials and not pytalloc-util directly,
we should depend on pycredentials.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11789
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit
74ca470739e0128556d8d20010464df07f2f0ac8)
Günther Deschner [Mon, 1 Feb 2016 22:11:13 +0000 (23:11 +0100)]
libsmb/pysmb: add pytalloc-util dependency to fix the build.
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Feb 2 15:49:14 CET 2016 on sn-devel-144
(cherry picked from commit
943e69ca8fd4491004eafbf29ed2ca748b0b7480)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11789
Andrew Bartlett [Tue, 16 Feb 2016 02:15:44 +0000 (15:15 +1300)]
pydsdb: Fix returning of ldb.MessageElement.
This object is not based on pytalloc_Object and so this causes
a segfault (later a failure) when the struct definitions diverge.
We must also not reuse the incoming ldb_message_element as a talloc
context and overwrite the values, instead we should create a new
object and return that.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
(cherry picked from commit
b96b1e88f760c92c7d9bb7e732f72d7e73a68907)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11789
Andrew Bartlett [Tue, 22 Sep 2015 03:25:30 +0000 (15:25 +1200)]
pydsdb: Also accept ldb.MessageElement values to dsdb routines
This shows the correct way to accept a value that may be a list of strings
or a proper ldb.MessageElement.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
(cherry picked from commit
b48776d78b446ad4abd4a6bc2ba6b488a29b11d2)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11789
Volker Lendecke [Sun, 10 Apr 2016 10:51:15 +0000 (12:51 +0200)]
vfs_catia: Fix bug 11827, memleak
add_srt should add the mappings to the linked list even if
mappings==NULL (the default)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11827
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Apr 11 14:25:59 CEST 2016 on sn-devel-144
(cherry picked from commit
3e2af1568d150de1cb12fef40580f4880ac787ff)
Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Mon Apr 18 15:44:50 CEST 2016 on sn-devel-104
Stefan Metzmacher [Fri, 19 Feb 2016 10:46:03 +0000 (11:46 +0100)]
tevent: version 0.9.28
* Fix memory leak when old signal action restored (bug #11742)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11771
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Feb 19 19:12:25 CET 2016 on sn-devel-144
(cherry picked from commit
da74d0c317be9ce67eb5d00d232167d466f68a1e)
The last 12 patches addressed bug #11771:
Backport tevent-0.9.28.
Jeremy Allison [Tue, 16 Feb 2016 22:23:53 +0000 (14:23 -0800)]
lib: tevent: Fix memory leak reported by Pavel Březina <pbrezina@redhat.com> when old signal action restored.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11742
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11771
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Feb 18 01:42:50 CET 2016 on sn-devel-144
(cherry picked from commit
833a2f474367624dd9980abb28227850e95fe976)
Stefan Metzmacher [Mon, 15 Feb 2016 10:40:34 +0000 (11:40 +0100)]
tevent: version 0.9.27
* Fix bug in poll backend - poll_event_loop_poll()
exits the for loop on POLLNVAL instead of
continuing to find an event that is ready.
* Fix ETIME handling for Solaris event ports (bug #11728).
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11771
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Feb 16 00:00:51 CET 2016 on sn-devel-144
(cherry picked from commit
2267faddfa9863b205dfad580fbd45182916cb32)
Nathan Huff [Fri, 5 Feb 2016 20:35:07 +0000 (13:35 -0700)]
Fix ETIME handling for Solaris event ports.
It is possible for port_getn to return -1 with errno set to ETIME and
still return events. If those events aren't processed the association is
lost by samba since the kernel dissacociated them and samba never
processed them so never reassociated them with the event port. The
patch checks the nget return value in the case of ETIME and if it is non
0 it doesn't return and goes through the event processing loop.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11771
Signed-off-by: Nathan Huff <nhuff@acm.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sun Feb 7 11:26:35 CET 2016 on sn-devel-144
(cherry picked from commit
4953b1f73f8ec9387516be1058434d71937e1447)
Jelmer Vernooij [Mon, 4 Jan 2016 23:01:26 +0000 (23:01 +0000)]
tevent: Only set public headers field when installing as a public library.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11771
Signed-off-by: Jelmer Vernooij <jelmer@jelmer.uk>
(cherry picked from commit
2cba4918dbe82fb9d0455c73d35aa551dccc924f)
Jelmer Vernooij [Sat, 9 Jan 2016 20:25:17 +0000 (20:25 +0000)]
Simplify handling of dependencies on external libraries in test_headers.
Signed-off-by: Jelmer Vernooij <jelmer@jelmer.uk>
(cherry picked from commit
3123e2c66a29aaabad7408107bcf4a0e841a93ec)
Jeremy Allison [Tue, 17 Nov 2015 17:13:41 +0000 (09:13 -0800)]
lib: tevent: Whitespace cleanup.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11771
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Nov 18 15:54:03 CET 2015 on sn-devel-104
(cherry picked from commit
39d0a81ed87c58836335ec10af22b36c9961f91e)
Jeremy Allison [Tue, 17 Nov 2015 18:28:50 +0000 (10:28 -0800)]
lib: tevent: Fix bug in poll backend - poll_event_loop_poll()
If the (pfd->revents & POLLNVAL) case is triggered,
we do DLIST_REMOVE(ev->fd_events, fde); and then
use fde->next in the loop above.
Save off fde->next for loop interation before
this so we can't use a deleted ->next value.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11771
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
2be3dd1407eabe3df360ede2eab178848e34733c)
Stefan Metzmacher [Mon, 24 Aug 2015 13:47:51 +0000 (15:47 +0200)]
tevent: version 0.9.26
* New tevent_thread_proxy API
* Minor build fixes
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11771
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
9884a8fa58ffc8ddff0977c069aedda3beb6415f)
Jeremy Allison [Wed, 22 Jul 2015 18:52:06 +0000 (11:52 -0700)]
lib: tevent: docs: Add tutorial on thread usage.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11771
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
68077c617b0a456baea56349fbf502307318c487)
Jeremy Allison [Fri, 24 Jul 2015 16:27:21 +0000 (09:27 -0700)]
lib: tevent: tests: Add a second thread test that does request/reply.
Both tests run cleanly with valgrind --tool=drd and
valgrind --tool=helgrind
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11771
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
a132320b4c434ae9c2188377951d092f7309e63c)
Jeremy Allison [Fri, 24 Jul 2015 15:50:31 +0000 (08:50 -0700)]
lib: tevent: Initial test of tevent threaded context code.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11771
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
187aebb25b970a3679a72109def8e8b85622722e)
Jeremy Allison [Thu, 23 Jul 2015 22:23:50 +0000 (15:23 -0700)]
lib: tevent: Initial checkin of threaded tevent context calling code.
Adds 2 new functions:
struct tevent_thread_proxy *tevent_thread_proxy_create(
struct tevent_context *dest_ev_ctx);
void tevent_thread_proxy_schedule(struct tevent_thread_proxy *tp,
struct tevent_immediate **pp_im,
tevent_immediate_handler_t handler,
void *pp_private_data);
Brief doc included. Tests, docs and tutorial to follow.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11771
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
49bddd8e4756ef52b05b850aec4864749fcf31cb)
Stefan Metzmacher [Tue, 12 Apr 2016 19:17:20 +0000 (21:17 +0200)]
VERSION: Bump version up to 4.2.12
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 12 Apr 2016 19:16:50 +0000 (21:16 +0200)]
Merge tag 'samba-4.2.11' into v4-2-test
samba: tag release samba-4.2.11
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Mon, 11 Apr 2016 07:20:37 +0000 (09:20 +0200)]
VERSION: Disable git snapshots for the 4.2.11 release.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Mon, 11 Apr 2016 07:16:44 +0000 (09:16 +0200)]
WHATSNEW: Add release notes for Samba 4.2.11.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11744
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Fri, 8 Apr 2016 08:05:38 +0000 (10:05 +0200)]
s3:libads: sasl wrapped LDAP connections against with kerberos and arcfour-hmac-md5
This fixes a regression in commit
2cb07ba50decdfd6d08271cd2b3d893ff95f5af9
(s3:libads: make use of ads_sasl_spnego_gensec_bind() for GSS-SPNEGO with Kerberos)
that prevents things like 'net ads join' from working against a Windows 2003 domain.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 8 Apr 2016 11:57:51 +0000 (13:57 +0200)]
VERSION: Bump version up to 4.2.11...
and re-enable git snapshots.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Mon, 28 Mar 2016 22:36:56 +0000 (00:36 +0200)]
VERSION: Disable git snapshots for the 4.2.10 release.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Mon, 28 Mar 2016 22:26:48 +0000 (00:26 +0200)]
WHATSNEW: Add release notes for Samba 4.2.10.
o CVE-2015-5370 (Multiple errors in DCE-RPC code)
o CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP)
o CVE-2016-2111 (NETLOGON Spoofing Vulnerability)
o CVE-2016-2112 (LDAP client and server don't enforce integrity)
o CVE-2016-2113 (Missing TLS certificate validation)
o CVE-2016-2114 ("server signing = mandatory" not enforced)
o CVE-2016-2115 (SMB IPC traffic is not integrity protected)
o CVE-2016-2118 (SAMR and LSA man in the middle attacks possible)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11744
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Fri, 26 Jun 2015 19:05:53 +0000 (21:05 +0200)]
CVE-2015-5370: s4:selftest: run samba.tests.dcerpc.raw_protocol against plugin_s4_dc
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 26 Mar 2014 21:42:19 +0000 (22:42 +0100)]
CVE-2015-5370: python/samba/tests: add some dcerpc raw_protocol tests
These are independent from our client library and allow
testing of invalid pdus.
It can be used like this in standalone mode:
SMB_CONF_PATH=/dev/null SERVER=172.31.9.188 python/samba/tests/dcerpc/raw_protocol.py
or
SMB_CONF_PATH=/dev/null SERVER=172.31.9.188 python/samba/tests/dcerpc/raw_protocol.py -v -f TestDCERPC_BIND.test_invalid_auth_noctx
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 26 Mar 2014 21:42:19 +0000 (22:42 +0100)]
CVE-2015-5370: python/samba/tests: add infrastructure to do raw protocol tests for DCERPC
These are independent from our client library and allow
testing of invalid pdus.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 22 Dec 2015 20:13:41 +0000 (21:13 +0100)]
CVE-2015-5370: s4:librpc/rpc: call dcerpc_connection_dead() on protocol errors
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 22 Dec 2015 20:23:14 +0000 (21:23 +0100)]
CVE-2015-5370: s3:rpc_client: disconnect connection on protocol errors
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 23 Dec 2015 10:05:45 +0000 (11:05 +0100)]
CVE-2015-5370: libcli/smb: use a max timeout of 1 second in tstream_smbXcli_np_destructor()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 7 Jul 2015 22:01:37 +0000 (00:01 +0200)]
CVE-2015-5370: s3:rpc_server: verify auth_context_id in api_pipe_{bind_auth3,alter_context}
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 7 Jul 2015 20:51:18 +0000 (22:51 +0200)]
CVE-2015-5370: s3:rpc_client: verify auth_context_id in rpc_pipe_bind_step_one_done()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 7 Jul 2015 22:01:37 +0000 (00:01 +0200)]
CVE-2015-5370: s3:librpc/rpc: verify auth_context_id in dcerpc_check_auth()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 7 Jul 2015 22:01:37 +0000 (00:01 +0200)]
CVE-2015-5370: s3:librpc/rpc: make use of auth->auth_context_id in dcerpc_add_auth_footer()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 7 Jul 2015 22:01:37 +0000 (00:01 +0200)]
CVE-2015-5370: s3:rpc_server: make use of pipe_auth_data->auth_context_id
This is better than using hardcoded values.
We need to use the value the client used in the BIND request.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 7 Jul 2015 22:01:37 +0000 (00:01 +0200)]
CVE-2015-5370: s3:rpc_client: make use of pipe_auth_data->auth_context_id
This is better than using hardcoded values.
We need to use auth_context_id = 1 for authenticated
connections, as old Samba server (before this patchset)
will use a hardcoded value of 1.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 7 Jul 2015 22:01:37 +0000 (00:01 +0200)]
CVE-2015-5370: s3:librpc/rpc: add auth_context_id to struct pipe_auth_data
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 7 Jul 2015 22:01:37 +0000 (00:01 +0200)]
CVE-2015-5370: s3:rpc_client: pass struct pipe_auth_data to create_rpc_{bind_auth3,alter_context}()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 7 Jul 2015 11:05:01 +0000 (13:05 +0200)]
CVE-2015-5370: s3:rpc_server: don't allow an existing context to be changed in check_bind_req()
An alter context can't change the syntax of an existing context,
a new context_id will be used for that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 7 Jul 2015 11:05:01 +0000 (13:05 +0200)]
CVE-2015-5370: s3:rpc_server: check the transfer syntax in check_bind_req() first
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Sat, 11 Jul 2015 08:58:07 +0000 (10:58 +0200)]
CVE-2015-5370: s3:librpc/rpc: remove unused dcerpc_pull_dcerpc_auth()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 23 Dec 2015 11:38:55 +0000 (12:38 +0100)]
CVE-2015-5370: s3:rpc_server: use DCERPC_NCA_S_PROTO_ERROR FAULTs for protocol errors
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 23 Dec 2015 11:38:55 +0000 (12:38 +0100)]
CVE-2015-5370: s3:rpc_server: let a failing BIND mark the connection as broken
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 23 Dec 2015 11:40:58 +0000 (12:40 +0100)]
CVE-2015-5370: s3:rpc_server: disconnect the connection after a fatal FAULT pdu
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 7 Jul 2015 14:06:59 +0000 (16:06 +0200)]
CVE-2015-5370: s3:rpc_server: make use of dcerpc_verify_ncacn_packet_header() to verify incoming pdus
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 7 Jul 2015 14:06:59 +0000 (16:06 +0200)]
CVE-2015-5370: s3:rpc_server: verify presentation context arrays
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 7 Jul 2015 14:06:59 +0000 (16:06 +0200)]
CVE-2015-5370: s3:rpc_server: use 'alter' instead of 'bind' for variables in api_pipe_alter_context()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Jeremy Allison [Tue, 7 Jul 2015 07:15:39 +0000 (09:15 +0200)]
CVE-2015-5370: s3:rpc_server: ensure that the message ordering doesn't violate the spec
The first pdu is always a BIND.
REQUEST pdus are only allowed once the authentication
is finished.
A simple anonymous authentication is finished after the BIND.
Real authentication may need additional ALTER or AUTH3 exchanges.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 7 Jul 2015 11:05:01 +0000 (13:05 +0200)]
CVE-2015-5370: s3:rpc_server: make sure auth_level isn't changed by alter_context or auth3
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 14 Jul 2015 14:18:45 +0000 (16:18 +0200)]
CVE-2015-5370: s3:rpc_server: let a failing auth3 mark the authentication as invalid
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 7 Jul 2015 11:05:01 +0000 (13:05 +0200)]
CVE-2015-5370: s3:rpc_server: don't allow auth3 if the authentication was already finished
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 7 Jul 2015 11:05:01 +0000 (13:05 +0200)]
CVE-2015-5370: s3:rpc_server: don't ignore failures of dcerpc_push_ncacn_packet()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 7 Jul 2015 11:05:01 +0000 (13:05 +0200)]
CVE-2015-5370: s3:rpc_server: just call pipe_auth_generic_bind() in api_pipe_bind_req()
pipe_auth_generic_bind() does all the required checks already
and an explicit DCERPC_AUTH_TYPE_NONE is not supported.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 23 Dec 2015 11:38:55 +0000 (12:38 +0100)]
CVE-2015-5370: s3:rpc_server: let a failing sec_verification_trailer mark the connection as broken
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 7 Jul 2015 11:05:01 +0000 (13:05 +0200)]
CVE-2015-5370: s3:rpc_server: make use of dcerpc_pull_auth_trailer() in api_pipe_{bind_req,alter_context,bind_auth3}()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 7 Jul 2015 20:51:18 +0000 (22:51 +0200)]
CVE-2015-5370: s3:rpc_client: verify auth_{type,level} in rpc_pipe_bind_step_one_done()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 10 Jul 2015 12:48:38 +0000 (14:48 +0200)]
CVE-2015-5370: s3:rpc_client: protect rpc_api_pipe_got_pdu() against too large payloads
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 7 Jul 2015 11:05:01 +0000 (13:05 +0200)]
CVE-2015-5370: s3:rpc_client: make use of dcerpc_verify_ncacn_packet_header() in cli_pipe_validate_current_pdu()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 7 Jul 2015 11:05:01 +0000 (13:05 +0200)]
CVE-2015-5370: s3:rpc_client: make use of dcerpc_pull_auth_trailer()
The does much more validation than dcerpc_pull_dcerpc_auth().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Thu, 9 Jul 2015 05:59:24 +0000 (07:59 +0200)]
CVE-2015-5370: s3:librpc/rpc: let dcerpc_check_auth() auth_{type,level} against the expected values.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Thu, 9 Jul 2015 05:59:24 +0000 (07:59 +0200)]
CVE-2015-5370: s3:librpc/rpc: remove auth trailer and possible padding within dcerpc_check_auth()
This simplifies the callers a lot.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Sat, 27 Jun 2015 23:19:57 +0000 (01:19 +0200)]
CVE-2015-5370: librpc/rpc: don't allow pkt->auth_length == 0 in dcerpc_pull_auth_trailer()
All callers should have already checked that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 15 Jul 2015 08:18:13 +0000 (10:18 +0200)]
CVE-2015-5370: s4:rpc_server: reject DCERPC_PFC_FLAG_PENDING_CANCEL with DCERPC_FAULT_NO_CALL_ACTIVE
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 15 Jul 2015 08:18:13 +0000 (10:18 +0200)]
CVE-2015-5370: s4:rpc_server: the assoc_group is relative to the connection (association)
All presentation contexts of a connection use the same association group.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 17 Jul 2015 03:01:26 +0000 (05:01 +0200)]
CVE-2015-5370: s4:rpc_server: only allow one fragmented call_id at a time
It's a protocol error if the client doesn't send all fragments of
a request in one go.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 29 Jun 2015 12:18:09 +0000 (14:18 +0200)]
CVE-2015-5370: s4:rpc_server: limit allocation and alloc_hint to 4 MByte
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 15 Jul 2015 15:21:05 +0000 (17:21 +0200)]
CVE-2015-5370: s4:rpc_server: check frag_length for requests
Note this is not the negotiated fragment size, but a hardcoded maximum.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 10 Jul 2015 11:55:27 +0000 (13:55 +0200)]
CVE-2015-5370: s4:rpc_server: give the correct reject reasons for invalid auth_level values
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 26 Jun 2015 06:10:46 +0000 (08:10 +0200)]
CVE-2015-5370: s4:rpc_server: disconnect after a failing dcesrv_auth_request()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 14 Jul 2015 14:18:45 +0000 (16:18 +0200)]
CVE-2015-5370: s4:rpc_server: let a failing auth3 mark the authentication as invalid
Following requests will generate a fault with ACCESS_DENIED.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 26 Jun 2015 06:10:46 +0000 (08:10 +0200)]
CVE-2015-5370: s4:rpc_server: failing authentication should generate a SEC_PKG_ERROR
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 26 Jun 2015 06:10:46 +0000 (08:10 +0200)]
CVE-2015-5370: s4:rpc_server: fix the order of error checking in dcesrv_alter()
The basically matches Windows 2012R2, it's not 100%
but it's enough for our raw protocol tests to pass.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 26 Jun 2015 06:10:46 +0000 (08:10 +0200)]
CVE-2015-5370: s4:rpc_server: changing an existing presentation context via alter_context is a protocol error
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 26 Jun 2015 06:10:46 +0000 (08:10 +0200)]
CVE-2015-5370: s4:rpc_server: don't derefence an empty ctx_list array in dcesrv_alter()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 26 Jun 2015 06:10:46 +0000 (08:10 +0200)]
CVE-2015-5370: s4:rpc_server: remove pointless dcesrv_find_context() from dcesrv_bind()
BIND is the first pdu, which means the list of contexts is always empty.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 26 Jun 2015 06:10:46 +0000 (08:10 +0200)]
CVE-2015-5370: s4:rpc_server: let invalid request fragments disconnect the connection with a protocol error
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
git.samba.org / samba.git / log