From 12476223c6aa7473c55bcf529639eefce8450680 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 28 Apr 2011 17:26:40 +0200 Subject: s3-tsocket: only include ../lib/tsocket/tsocket.h where needed. Guenther --- source3/smbd/sesssetup.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/smbd/sesssetup.c') diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 3cf6758e29..3631d589f5 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -23,6 +23,7 @@ */ #include "includes.h" +#include "../lib/tsocket/tsocket.h" #include "smbd/smbd.h" #include "smbd/globals.h" #include "../libcli/auth/spnego.h" -- cgit From 02af3075858814811bc30f03623eb6715f9b7a78 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 5 May 2011 14:22:11 -0700 Subject: More simple const fixes. --- source3/smbd/sesssetup.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/smbd/sesssetup.c') diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 3631d589f5..026380e3e6 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -1043,7 +1043,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req) file_save("negotiate.dat", blob1.data, blob1.length); #endif - p2 = (char *)req->buf + blob1.length; + p2 = (const char *)req->buf + blob1.length; p2 += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p2, STR_TERMINATE); @@ -1685,7 +1685,7 @@ void reply_sesssetup_and_X(struct smb_request *req) data_blob_free(&lm_resp); SSVAL(req->outbuf,smb_uid,sess_vuid); - SSVAL(req->inbuf,smb_uid,sess_vuid); + SSVAL(discard_const_p(char, req->inbuf),smb_uid,sess_vuid); req->vuid = sess_vuid; if (!sconn->smb1.sessions.done_sesssetup) { -- cgit From e05c9cdcb6bf710ddb7d683916ca26857a3bce18 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 26 May 2011 16:48:42 -0700 Subject: Fix bug #6911 - Kerberos authentication from vista to samba fails when security blob size is greater than 16 kB We were not correctly checking the output of asn1_start_tag(). asn1_start_tag() returns -1 and sets data->has_error if the remaining blob size is too short to contain the tag length. We were checking data->has_error and returning NT_STATUS_OK (to allow the second asn.1 parse to fail in that case). We should not be checking data->has_error in this case, but falling through to the code that already checks the length. Thanks to Jim for reproducing this for me. We don't get bitten by this as we announce a max buffer size of 16k, greater than Windows's 4k, which means that most krb5 spnego packets already fit. Jeremy. Autobuild-User: Jeremy Allison Autobuild-Date: Fri May 27 02:57:27 CEST 2011 on sn-devel-104 --- source3/smbd/sesssetup.c | 28 +++++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) (limited to 'source3/smbd/sesssetup.c') diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 026380e3e6..ee305c478e 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -930,13 +930,28 @@ static NTSTATUS check_spnego_blob_complete(struct smbd_server_connection *sconn, } asn1_load(data, *pblob); - asn1_start_tag(data, pblob->data[0]); - if (data->has_error || data->nesting == NULL) { + if (asn1_start_tag(data, pblob->data[0])) { + /* asn1_start_tag checks if the given + length of the blob is enough to complete + the tag. If it returns true we know + there is nothing to do - the blob is + complete. */ asn1_free(data); - /* Let caller catch. */ return NT_STATUS_OK; } + if (data->nesting == NULL) { + /* Incorrect tag, allocation failed, + or reading the tag length failed. + Let the caller catch. */ + asn1_free(data); + return NT_STATUS_OK; + } + + /* Here we know asn1_start_tag() has set data->has_error to true. + asn1_tag_remaining() will have failed due to the given blob + being too short. We need to work out how short. */ + /* Integer wrap paranoia.... */ if (data->nesting->taglen + data->nesting->start < data->nesting->taglen || @@ -965,6 +980,13 @@ static NTSTATUS check_spnego_blob_complete(struct smbd_server_connection *sconn, if (needed_len <= pblob->length) { /* Nothing to do - blob is complete. */ + /* THIS SHOULD NOT HAPPEN - asn1_start_tag() + above should have caught this !!! */ + DEBUG(0,("check_spnego_blob_complete: logic " + "error (needed_len = %u, " + "pblob->length = %u).\n", + (unsigned int)needed_len, + (unsigned int)pblob->length )); return NT_STATUS_OK; } -- cgit From 16b1c77644217796f70a3a0bf1d95c245f9ee2d9 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 8 Jun 2011 14:05:55 +1000 Subject: lib/util Bring procid_str() into lib/util as server_id_string() This is needed for OpenChange, which prints Samba struct server_id values in debug messages. Andrew Bartlett --- source3/smbd/sesssetup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/sesssetup.c') diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index ee305c478e..98bed880df 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -1223,7 +1223,7 @@ static int shutdown_other_smbds(const struct connections_key *key, struct shutdown_state *state = (struct shutdown_state *)private_data; DEBUG(10, ("shutdown_other_smbds: %s, %s\n", - procid_str(talloc_tos(), &crec->pid), crec->addr)); + server_id_str(talloc_tos(), &crec->pid), crec->addr)); if (!process_exists(crec->pid)) { DEBUG(10, ("process does not exist\n")); -- cgit From 74eed8f3ed5c333728350df1d23a4318e9104909 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 9 Jun 2011 15:31:03 +1000 Subject: s3-param Remove special case for global_myname(), rename to lp_netbios_name() There is no reason this can't be a normal constant string in the loadparm system, now that we have lp_set_cmdline() to handle overrides correctly. Andrew Bartlett --- source3/smbd/sesssetup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/smbd/sesssetup.c') diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 98bed880df..dda4ef296e 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -194,7 +194,7 @@ static bool make_krb5_skew_error(DATA_BLOB *pblob_out) return False; } /* Create server principal. */ - asprintf(&host_princ_s, "%s$@%s", global_myname(), lp_realm()); + asprintf(&host_princ_s, "%s$@%s", lp_netbios_name(), lp_realm()); if (!host_princ_s) { goto out; } -- cgit