samba: import rpc server and client fixes.

should fix: #11110 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2026-04-10 02:55:55 +02:00 · 2016-04-28 17:04:58 +02:00
parent 57bf762069
commit c0119cfb37
4 changed files with 142 additions and 1 deletions
--- a/lfs/samba
+++ b/lfs/samba
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = samba
-PAK_VER    = 61
+PAK_VER    = 62

 DEPS       = "cups krb5"

@@ -88,6 +88,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2016-2118-v3-6.patch
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2015-5370-v3-6.patch

+	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/1-samba.git-82fa625540abf8b8ec23d43c41e2ca906a9928a5.patch
+	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/2-samba.git-0abef6992dc342d443137f8a2ac6c01f490cecee.patch
+	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/3-samba.git-2d0424e7bb2c30bf9049529b207c73b55370dfc8.patch
+
 	cd $(DIR_APP)/source3 && ./autogen.sh
 	cd $(DIR_APP)/source3 && ./configure \
 		--prefix=/usr \
--- a/src/patches/samba/1-samba.git-82fa625540abf8b8ec23d43c41e2ca906a9928a5.patch
+++ b/src/patches/samba/1-samba.git-82fa625540abf8b8ec23d43c41e2ca906a9928a5.patch
@@ -0,0 +1,39 @@
+From 82fa625540abf8b8ec23d43c41e2ca906a9928a5 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Fri, 15 Apr 2016 11:56:08 +0200
+Subject: [PATCH] s3:rpc_server: Fix a regression verifying the security
+ trailer
+
+We do not support header signing so we should not check verify it if a
+client sends the flag.
+
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Guenther Deschner <gd@samba.org>
+---
+ source3/rpc_server/srv_pipe.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
+index d659705..fa354a6 100644
+--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
+@@ -1552,7 +1552,6 @@ static bool srv_pipe_check_verification_trailer(struct pipes_struct *p,
+ {
+ 	TALLOC_CTX *frame = talloc_stackframe();
+ 	struct dcerpc_sec_verification_trailer *vt = NULL;
+-	const uint32_t bitmask1 = 0;
+ 	const struct dcerpc_sec_vt_pcontext pcontext = {
+ 		.abstract_syntax = pipe_fns->syntax,
+ 		.transfer_syntax = ndr_transfer_syntax,
+@@ -1573,7 +1572,7 @@ static bool srv_pipe_check_verification_trailer(struct pipes_struct *p,
+ 		goto done;
+ 	}
+ 
+-	ret = dcerpc_sec_verification_trailer_check(vt, &bitmask1,
+	ret = dcerpc_sec_verification_trailer_check(vt, NULL,
+ 						    &pcontext, &header2);
+ done:
+ 	TALLOC_FREE(frame);
+-- 
+1.9.1
+
--- a/src/patches/samba/2-samba.git-0abef6992dc342d443137f8a2ac6c01f490cecee.patch
+++ b/src/patches/samba/2-samba.git-0abef6992dc342d443137f8a2ac6c01f490cecee.patch
@@ -0,0 +1,40 @@
+From 0abef6992dc342d443137f8a2ac6c01f490cecee Mon Sep 17 00:00:00 2001
+From: Christian Ambach <ambi@samba.org>
+Date: Wed, 20 Feb 2013 16:59:05 +0100
+Subject: [PATCH] s3:rpc_client fix a crash
+
+state->cli->dc does not have to be set (e.g. when running
+net rpc join against an older Samba PDC), so check it before dereferencing it
+
+This fixes Bug 9669 - net rpc join crashes against a Samba 3.0.33 PDC
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=9669
+
+Signed-off-by: Christian Ambach <ambi@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+
+Autobuild-User(master): Christian Ambach <ambi@samba.org>
+Autobuild-Date(master): Wed Feb 20 19:00:52 CET 2013 on sn-devel-104
+(cherry picked from commit 3d29bb2d37b02909ecb500e864f3c13e06957a86)
+
+(cherry picked from commit ff658bb36c28c9db91fc80a68725e893ffe300aa)
+---
+ source3/rpc_client/cli_pipe.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
+index 5ddabb7..a211d92 100644
+--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
+@@ -2136,7 +2136,7 @@ static void rpc_pipe_bind_step_two_done(struct tevent_req *subreq)
+ 	status = dcerpc_netr_LogonGetCapabilities_r_recv(subreq, talloc_tos());
+ 	TALLOC_FREE(subreq);
+ 	if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) {
+-		if (state->cli->dc->negotiate_flags &
+		if (state->cli->dc && state->cli->dc->negotiate_flags &
+ 		    NETLOGON_NEG_SUPPORTS_AES) {
+ 			DEBUG(5, ("AES is not supported and the error was %s\n",
+ 				  nt_errstr(status)));
+-- 
+1.9.1
+
--- a/src/patches/samba/3-samba.git-2d0424e7bb2c30bf9049529b207c73b55370dfc8.patch
+++ b/src/patches/samba/3-samba.git-2d0424e7bb2c30bf9049529b207c73b55370dfc8.patch
@@ -0,0 +1,58 @@
+From 2d0424e7bb2c30bf9049529b207c73b55370dfc8 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Tue, 10 Jan 2012 16:38:16 +0100
+Subject: [PATCH] s3-rpc_client: Fix updating netlogon credentials.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: GÃ¼nther Deschner <gd@samba.org>
+(cherry picked from commit 33206b1e240e55acedad606aed4f1952f7496b35)
+---
+ source3/rpc_client/cli_pipe.c | 15 +++++++--------
+ 1 file changed, 7 insertions(+), 8 deletions(-)
+
+diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
+index a211d92..92ca494 100644
+--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
+@@ -2128,9 +2128,6 @@ static void rpc_pipe_bind_step_two_done(struct tevent_req *subreq)
+ 	struct rpc_pipe_bind_state *state =
+ 		tevent_req_data(req,
+ 				struct rpc_pipe_bind_state);
+-	struct schannel_state *schannel_auth =
+-		talloc_get_type_abort(state->cli->auth->auth_ctx,
+-				      struct schannel_state);
+ 	NTSTATUS status;
+ 
+ 	status = dcerpc_netr_LogonGetCapabilities_r_recv(subreq, talloc_tos());
+@@ -2188,8 +2185,8 @@ static void rpc_pipe_bind_step_two_done(struct tevent_req *subreq)
+ 		return;
+ 	}
+ 
+-	TALLOC_FREE(schannel_auth->creds);
+-	schannel_auth->creds = talloc_steal(state->cli, state->creds);
+	TALLOC_FREE(state->cli->dc);
+	state->cli->dc = talloc_steal(state->cli, state->creds);
+ 
+ 	if (!NT_STATUS_IS_OK(state->r.out.result)) {
+ 		DEBUG(0, ("dcerpc_netr_LogonGetCapabilities_r_recv failed with %s\n",
+@@ -3385,10 +3382,12 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
+ 	 * The credentials on a new netlogon pipe are the ones we are passed
+ 	 * in - copy them over
+ 	 */
+-	result->dc = netlogon_creds_copy(result, *pdc);
+ 	if (result->dc == NULL) {
+-		TALLOC_FREE(result);
+-		return NT_STATUS_NO_MEMORY;
+		result->dc = netlogon_creds_copy(result, *pdc);
+		if (result->dc == NULL) {
+			TALLOC_FREE(result);
+			return NT_STATUS_NO_MEMORY;
+		}
+ 	}
+ 
+ 	DEBUG(10,("cli_rpc_pipe_open_schannel_with_key: opened pipe %s to machine %s "
+-- 
+1.9.1
+