diff options
author | Gerald Carter <jerry@samba.org> | 2006-01-27 13:23:52 +0000 |
---|---|---|
committer | Gerald Carter <jerry@samba.org> | 2006-01-27 13:23:52 +0000 |
commit | 997ac38da4244c6c666880b76e91f83575e31071 (patch) | |
tree | 06cb493cf220200baa1c2983804ffafa133056b5 | |
parent | a1d56aec948e89c5dc3fb00ca7d1485c9406c046 (diff) | |
download | samba-997ac38da4244c6c666880b76e91f83575e31071.tar.gz |
r13183: Final touches on 3.0.21b.
* Add new commits to release notes, fix incorrect attributions,
correct typos, etc...
* Merge fixes from jra (swat, NTLMv2, false credentials error message)
The tree is basically current with SAMBA_3_0 as of r13132
-rw-r--r-- | WHATSNEW.txt | 13 | ||||
-rw-r--r-- | source/libsmb/credentials.c | 2 | ||||
-rw-r--r-- | source/libsmb/spnego.c | 1 | ||||
-rw-r--r-- | source/rpc_server/srv_netlog_nt.c | 6 | ||||
-rw-r--r-- | source/rpc_server/srv_pipe.c | 25 | ||||
-rw-r--r-- | source/web/swat.c | 1 |
6 files changed, 36 insertions, 12 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 53f9b835d23..dd9c060da6c 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -8,13 +8,13 @@ that production Samba servers should be running for all current bug-fixes. Please read the following important changes in this release. - Common bugs fixed in 3.0.21b include: - o Server crashes in smbd - o Compile issues on 64-bit platforms - o Crash bugs on big-endian systems + o Server crashes in smbd. + o Compile issues on 64-bit platforms. + o Crash bugs on big-endian systems. o Packaging fixes for RHEL/Fedora, Solaris, & Debian. + o Over 30 bugzilla reports closed. ###################################################################### @@ -41,6 +41,7 @@ o Jeremy Allison <jra@samba.org> * Force smbd to exit if the guest account internal setup fails. * BUG 3419: vfs_full_audit fixes for multiple connections. * Ensure SWAT lists running processes. + * Fix NTLMv2 interoperability bug between Samba servers. o Andrew Bartlett <abartlet@samba.org> @@ -89,8 +90,6 @@ o Guenther Deschner <gd@samba.org> * Prevent 'net rpc' from dumping clear text password at high log levels unless built with DEBUG_PASSWORD. * Fix 'net ads user add' with a Windows 2003 SP1 DC. - * Convert net command touse stderr for error messages rather than - stdout. * Fix python build. * Fix segfault in pdb_nds.c. * Don't write null sid mappings into the winbindd_cache.tdb. @@ -189,6 +188,8 @@ o Lars Müller <lmuelle@samba.org> * BUG 3264: Support backwards compatible setups using 'idmap backend = idmap_rid'. * Add %w macro for the winbind separator. + * Convert net command to use stderr for error messages rather + than stdout. o James Peach <jpeach@sgi.com> diff --git a/source/libsmb/credentials.c b/source/libsmb/credentials.c index edb242df7e8..ad06cd9015f 100644 --- a/source/libsmb/credentials.c +++ b/source/libsmb/credentials.c @@ -156,7 +156,7 @@ BOOL creds_server_check(const struct dcinfo *dc, const DOM_CHAL *rcv_cli_chal_in if (memcmp(dc->clnt_chal.data, rcv_cli_chal_in->data, 8)) { DEBUG(5,("creds_server_check: challenge : %s\n", credstr(rcv_cli_chal_in->data))); DEBUG(5,("calculated: %s\n", credstr(dc->clnt_chal.data))); - DEBUG(0,("creds_server_check: credentials check failed.\n")); + DEBUG(2,("creds_server_check: credentials check failed.\n")); return False; } DEBUG(10,("creds_server_check: credentials check OK.\n")); diff --git a/source/libsmb/spnego.c b/source/libsmb/spnego.c index 6cc4436a0cf..f6a66200bac 100644 --- a/source/libsmb/spnego.c +++ b/source/libsmb/spnego.c @@ -341,4 +341,3 @@ BOOL free_spnego_data(SPNEGO_DATA *spnego) out: return ret; } - diff --git a/source/rpc_server/srv_netlog_nt.c b/source/rpc_server/srv_netlog_nt.c index d0d47be9f29..643921f5963 100644 --- a/source/rpc_server/srv_netlog_nt.c +++ b/source/rpc_server/srv_netlog_nt.c @@ -470,7 +470,7 @@ NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET * /* Step the creds chain forward. */ if (!creds_server_step(p->dc, &q_u->clnt_id.cred, &cred_out)) { - DEBUG(0,("_net_srv_pwset: creds_server_step failed. Rejecting auth " + DEBUG(2,("_net_srv_pwset: creds_server_step failed. Rejecting auth " "request from client %s machine account %s\n", p->dc->remote_machine, p->dc->mach_acct )); return NT_STATUS_ACCESS_DENIED; @@ -573,7 +573,7 @@ NTSTATUS _net_sam_logoff(pipes_struct *p, NET_Q_SAM_LOGOFF *q_u, NET_R_SAM_LOGOF /* checks and updates credentials. creates reply credentials */ if (!creds_server_step(p->dc, &q_u->sam_id.client.cred, &r_u->srv_creds)) { - DEBUG(0,("_net_sam_logoff: creds_server_step failed. Rejecting auth " + DEBUG(2,("_net_sam_logoff: creds_server_step failed. Rejecting auth " "request from client %s machine account %s\n", p->dc->remote_machine, p->dc->mach_acct )); return NT_STATUS_ACCESS_DENIED; @@ -662,7 +662,7 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * /* checks and updates credentials. creates reply credentials */ if (!creds_server_step(p->dc, &q_u->sam_id.client.cred, &r_u->srv_creds)) { - DEBUG(0,("_net_sam_logon: creds_server_step failed. Rejecting auth " + DEBUG(2,("_net_sam_logon: creds_server_step failed. Rejecting auth " "request from client %s machine account %s\n", p->dc->remote_machine, p->dc->mach_acct )); return NT_STATUS_ACCESS_DENIED; diff --git a/source/rpc_server/srv_pipe.c b/source/rpc_server/srv_pipe.c index 8084e7673a5..ecf79d0c1f3 100644 --- a/source/rpc_server/srv_pipe.c +++ b/source/rpc_server/srv_pipe.c @@ -1188,12 +1188,17 @@ static BOOL pipe_spnego_auth_bind_negotiate(pipes_struct *p, prs_struct *rpc_in_ static BOOL pipe_spnego_auth_bind_continue(pipes_struct *p, prs_struct *rpc_in_p, RPC_HDR_AUTH *pauth_info, prs_struct *pout_auth) { - DATA_BLOB spnego_blob, auth_blob, auth_reply; + RPC_HDR_AUTH auth_info; + DATA_BLOB spnego_blob; + DATA_BLOB auth_blob; + DATA_BLOB auth_reply; + DATA_BLOB response; AUTH_NTLMSSP_STATE *a = p->auth.a_u.auth_ntlmssp_state; ZERO_STRUCT(spnego_blob); ZERO_STRUCT(auth_blob); ZERO_STRUCT(auth_reply); + ZERO_STRUCT(response); if (p->auth.auth_type != PIPE_AUTH_TYPE_SPNEGO_NTLMSSP || !a) { DEBUG(0,("pipe_spnego_auth_bind_continue: not in NTLMSSP auth state.\n")); @@ -1230,7 +1235,24 @@ static BOOL pipe_spnego_auth_bind_continue(pipes_struct *p, prs_struct *rpc_in_p data_blob_free(&spnego_blob); data_blob_free(&auth_blob); + + /* Generate the spnego "accept completed" blob - no incoming data. */ + response = spnego_gen_auth_response(&auth_reply, NT_STATUS_OK, OID_NTLMSSP); + + /* Copy the blob into the pout_auth parse struct */ + init_rpc_hdr_auth(&auth_info, RPC_SPNEGO_AUTH_TYPE, pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1); + if(!smb_io_rpc_hdr_auth("", &auth_info, pout_auth, 0)) { + DEBUG(0,("pipe_spnego_auth_bind_continue: marshalling of RPC_HDR_AUTH failed.\n")); + goto err; + } + + if (!prs_copy_data_in(pout_auth, (char *)response.data, response.length)) { + DEBUG(0,("pipe_spnego_auth_bind_continue: marshalling of data blob failed.\n")); + goto err; + } + data_blob_free(&auth_reply); + data_blob_free(&response); p->pipe_bound = True; @@ -1241,6 +1263,7 @@ static BOOL pipe_spnego_auth_bind_continue(pipes_struct *p, prs_struct *rpc_in_p data_blob_free(&spnego_blob); data_blob_free(&auth_blob); data_blob_free(&auth_reply); + data_blob_free(&response); free_pipe_ntlmssp_auth_data(&p->auth); p->auth.a_u.auth_ntlmssp_state = NULL; diff --git a/source/web/swat.c b/source/web/swat.c index 3806291a6ad..372d473bdb5 100644 --- a/source/web/swat.c +++ b/source/web/swat.c @@ -1373,6 +1373,7 @@ static void printers_page(void) setup_logging(argv[0],False); load_config(True); + load_interfaces(); iNumNonAutoPrintServices = lp_numservices(); load_printers(); |