r13183: Final touches on 3.0.21b.

* Add new commits to release notes, fix incorrect attributions,
  correct typos, etc...
* Merge fixes from jra (swat, NTLMv2, false credentials error message)

The tree is basically current with SAMBA_3_0 as of r13132

6 files changed, 36 insertions, 12 deletions

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 53f9b835d23..dd9c060da6c 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -8,13 +8,13 @@ that production Samba servers should be running for all current
 bug-fixes.  Please read the following important changes in this
 release.
 
-
 Common bugs fixed in 3.0.21b include:
 
-  o Server crashes in smbd
-  o Compile issues on 64-bit platforms
-  o Crash bugs on big-endian systems
+  o Server crashes in smbd.
+  o Compile issues on 64-bit platforms.
+  o Crash bugs on big-endian systems.
   o Packaging fixes for RHEL/Fedora, Solaris, & Debian.
+  o Over 30 bugzilla reports closed.
 
 
 ######################################################################
@@ -41,6 +41,7 @@ o   Jeremy Allison <jra@samba.org>
     * Force smbd to exit if the guest account internal setup fails.
     * BUG 3419: vfs_full_audit fixes for multiple connections.
     * Ensure SWAT lists running processes.
+    * Fix NTLMv2 interoperability bug between Samba servers.
 
 
 o   Andrew Bartlett <abartlet@samba.org>
@@ -89,8 +90,6 @@ o   Guenther Deschner <gd@samba.org>
     * Prevent 'net rpc' from dumping clear text password at high log 
       levels unless built with DEBUG_PASSWORD.
     * Fix 'net ads user add' with a Windows 2003 SP1 DC.
-    * Convert net command touse stderr for error messages rather than
-      stdout.
     * Fix python build.
     * Fix segfault in pdb_nds.c.
     * Don't write null sid mappings into the winbindd_cache.tdb.
@@ -189,6 +188,8 @@ o   Lars Müller <lmuelle@samba.org>
     * BUG 3264: Support backwards compatible setups using 
       'idmap backend = idmap_rid'.
     * Add %w macro for the winbind separator.
+    * Convert net command to use stderr for error messages rather 
+      than stdout.
 
 
 o   James Peach <jpeach@sgi.com>
diff --git a/source/libsmb/credentials.c b/source/libsmb/credentials.c
index edb242df7e8..ad06cd9015f 100644
--- a/source/libsmb/credentials.c
+++ b/source/libsmb/credentials.c
@@ -156,7 +156,7 @@ BOOL creds_server_check(const struct dcinfo *dc, const DOM_CHAL *rcv_cli_chal_in
 	if (memcmp(dc->clnt_chal.data, rcv_cli_chal_in->data, 8)) {
 		DEBUG(5,("creds_server_check: challenge : %s\n", credstr(rcv_cli_chal_in->data)));
 		DEBUG(5,("calculated: %s\n", credstr(dc->clnt_chal.data)));
-		DEBUG(0,("creds_server_check: credentials check failed.\n"));
+		DEBUG(2,("creds_server_check: credentials check failed.\n"));
 		return False;
 	}
 	DEBUG(10,("creds_server_check: credentials check OK.\n"));
diff --git a/source/libsmb/spnego.c b/source/libsmb/spnego.c
index 6cc4436a0cf..f6a66200bac 100644
--- a/source/libsmb/spnego.c
+++ b/source/libsmb/spnego.c
@@ -341,4 +341,3 @@ BOOL free_spnego_data(SPNEGO_DATA *spnego)
 out:
 	return ret;
 }
-
diff --git a/source/rpc_server/srv_netlog_nt.c b/source/rpc_server/srv_netlog_nt.c
index d0d47be9f29..643921f5963 100644
--- a/source/rpc_server/srv_netlog_nt.c
+++ b/source/rpc_server/srv_netlog_nt.c
@@ -470,7 +470,7 @@ NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *
 
 	/* Step the creds chain forward. */
 	if (!creds_server_step(p->dc, &q_u->clnt_id.cred, &cred_out)) {
-		DEBUG(0,("_net_srv_pwset: creds_server_step failed. Rejecting auth "
+		DEBUG(2,("_net_srv_pwset: creds_server_step failed. Rejecting auth "
 			"request from client %s machine account %s\n",
 			p->dc->remote_machine, p->dc->mach_acct ));
 		return NT_STATUS_ACCESS_DENIED;
@@ -573,7 +573,7 @@ NTSTATUS _net_sam_logoff(pipes_struct *p, NET_Q_SAM_LOGOFF *q_u, NET_R_SAM_LOGOF
 
 	/* checks and updates credentials.  creates reply credentials */
 	if (!creds_server_step(p->dc, &q_u->sam_id.client.cred, &r_u->srv_creds)) {
-		DEBUG(0,("_net_sam_logoff: creds_server_step failed. Rejecting auth "
+		DEBUG(2,("_net_sam_logoff: creds_server_step failed. Rejecting auth "
 			"request from client %s machine account %s\n",
 			p->dc->remote_machine, p->dc->mach_acct ));
 		return NT_STATUS_ACCESS_DENIED;
@@ -662,7 +662,7 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
 
 	/* checks and updates credentials.  creates reply credentials */
 	if (!creds_server_step(p->dc, &q_u->sam_id.client.cred,  &r_u->srv_creds)) {
-		DEBUG(0,("_net_sam_logon: creds_server_step failed. Rejecting auth "
+		DEBUG(2,("_net_sam_logon: creds_server_step failed. Rejecting auth "
 			"request from client %s machine account %s\n",
 			p->dc->remote_machine, p->dc->mach_acct ));
 		return NT_STATUS_ACCESS_DENIED;
diff --git a/source/rpc_server/srv_pipe.c b/source/rpc_server/srv_pipe.c
index 8084e7673a5..ecf79d0c1f3 100644
--- a/source/rpc_server/srv_pipe.c
+++ b/source/rpc_server/srv_pipe.c
@@ -1188,12 +1188,17 @@ static BOOL pipe_spnego_auth_bind_negotiate(pipes_struct *p, prs_struct *rpc_in_
 static BOOL pipe_spnego_auth_bind_continue(pipes_struct *p, prs_struct *rpc_in_p,
 					RPC_HDR_AUTH *pauth_info, prs_struct *pout_auth)
 {
-	DATA_BLOB spnego_blob, auth_blob, auth_reply;
+	RPC_HDR_AUTH auth_info;
+	DATA_BLOB spnego_blob;
+	DATA_BLOB auth_blob;
+	DATA_BLOB auth_reply;
+	DATA_BLOB response;
 	AUTH_NTLMSSP_STATE *a = p->auth.a_u.auth_ntlmssp_state;
 
 	ZERO_STRUCT(spnego_blob);
 	ZERO_STRUCT(auth_blob);
 	ZERO_STRUCT(auth_reply);
+	ZERO_STRUCT(response);
 
 	if (p->auth.auth_type != PIPE_AUTH_TYPE_SPNEGO_NTLMSSP || !a) {
 		DEBUG(0,("pipe_spnego_auth_bind_continue: not in NTLMSSP auth state.\n"));
@@ -1230,7 +1235,24 @@ static BOOL pipe_spnego_auth_bind_continue(pipes_struct *p, prs_struct *rpc_in_p
 
 	data_blob_free(&spnego_blob);
 	data_blob_free(&auth_blob);
+
+	/* Generate the spnego "accept completed" blob - no incoming data. */
+	response = spnego_gen_auth_response(&auth_reply, NT_STATUS_OK, OID_NTLMSSP);
+
+	/* Copy the blob into the pout_auth parse struct */
+	init_rpc_hdr_auth(&auth_info, RPC_SPNEGO_AUTH_TYPE, pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1);
+	if(!smb_io_rpc_hdr_auth("", &auth_info, pout_auth, 0)) {
+		DEBUG(0,("pipe_spnego_auth_bind_continue: marshalling of RPC_HDR_AUTH failed.\n"));
+		goto err;
+	}
+
+	if (!prs_copy_data_in(pout_auth, (char *)response.data, response.length)) {
+		DEBUG(0,("pipe_spnego_auth_bind_continue: marshalling of data blob failed.\n"));
+		goto err;
+	}
+
 	data_blob_free(&auth_reply);
+	data_blob_free(&response);
 
 	p->pipe_bound = True;
 
@@ -1241,6 +1263,7 @@ static BOOL pipe_spnego_auth_bind_continue(pipes_struct *p, prs_struct *rpc_in_p
 	data_blob_free(&spnego_blob);
 	data_blob_free(&auth_blob);
 	data_blob_free(&auth_reply);
+	data_blob_free(&response);
 
 	free_pipe_ntlmssp_auth_data(&p->auth);
 	p->auth.a_u.auth_ntlmssp_state = NULL;
diff --git a/source/web/swat.c b/source/web/swat.c
index 3806291a6ad..372d473bdb5 100644
--- a/source/web/swat.c
+++ b/source/web/swat.c
@@ -1373,6 +1373,7 @@ static void printers_page(void)
 
 	setup_logging(argv[0],False);
 	load_config(True);
+	load_interfaces();
 	iNumNonAutoPrintServices = lp_numservices();
 	load_printers();