diff --git a/.gitignore b/.gitignore
index cc0a52b..c73d00b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/samba-4.2.3.tar.xz
+SOURCES/samba-4.2.10.tar.xz
diff --git a/.samba.metadata b/.samba.metadata
index e9f61cc..c7c6b4f 100644
--- a/.samba.metadata
+++ b/.samba.metadata
@@ -1 +1 @@
-a60c3eb82b235415d3bc19c3497261922ff73b8d SOURCES/samba-4.2.3.tar.xz
+764564720be36081414c4632710bc0fba6d5b1d0 SOURCES/samba-4.2.10.tar.xz
diff --git a/SOURCES/CVE-2015-7560-v4-2.patch b/SOURCES/CVE-2015-7560-v4-2.patch
deleted file mode 100644
index 687ee8a..0000000
--- a/SOURCES/CVE-2015-7560-v4-2.patch
+++ /dev/null
@@ -1,1144 +0,0 @@
-From a91cf9a5648184d39aa87e06d484b3d533aeefdb Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Tue, 5 Jan 2016 11:18:12 -0800
-Subject: [PATCH 01/12] CVE-2015-7560: s3: smbd: Add refuse_symlink() function
- that can be used to prevent operations on a symlink.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
-Reviewed-by: Volker Lendecke <vl@samba.org>
----
- source3/smbd/trans2.c | 28 ++++++++++++++++++++++++++++
- 1 file changed, 28 insertions(+)
-
-diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
-index 41e1bb1..b9865fd 100644
---- a/source3/smbd/trans2.c
-+++ b/source3/smbd/trans2.c
-@@ -54,6 +54,34 @@ static char *store_file_unix_basic_info2(connection_struct *conn,
- files_struct *fsp,
- const SMB_STRUCT_STAT *psbuf);
-
-+/****************************************************************************
-+ Check if an open file handle or pathname is a symlink.
-+****************************************************************************/
-+
-+static NTSTATUS refuse_symlink(connection_struct *conn,
-+ const files_struct *fsp,
-+ const char *name)
-+{
-+ SMB_STRUCT_STAT sbuf;
-+ const SMB_STRUCT_STAT *pst = NULL;
-+
-+ if (fsp) {
-+ pst = &fsp->fsp_name->st;
-+ } else {
-+ int ret = vfs_stat_smb_basename(conn,
-+ name,
-+ &sbuf);
-+ if (ret == -1) {
-+ return map_nt_error_from_unix(errno);
-+ }
-+ pst = &sbuf;
-+ }
-+ if (S_ISLNK(pst->st_ex_mode)) {
-+ return NT_STATUS_ACCESS_DENIED;
-+ }
-+ return NT_STATUS_OK;
-+}
-+
- /********************************************************************
- The canonical "check access" based on object handle or path function.
- ********************************************************************/
---
-1.9.1
-
-
-From cd950ca41df5076c8622cdf9be0e0db165b992f1 Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Tue, 5 Jan 2016 10:38:28 -0800
-Subject: [PATCH 02/12] CVE-2015-7560: s3: smbd: Refuse to get an ACL from a
- POSIX file handle on a symlink.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
-Reviewed-by: Volker Lendecke <vl@samba.org>
----
- source3/smbd/nttrans.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
-index 4423a44..8113909 100644
---- a/source3/smbd/nttrans.c
-+++ b/source3/smbd/nttrans.c
-@@ -1905,6 +1905,13 @@ NTSTATUS smbd_do_query_security_desc(connection_struct *conn,
- return NT_STATUS_ACCESS_DENIED;
- }
-
-+ if (S_ISLNK(fsp->fsp_name->st.st_ex_mode)) {
-+ DEBUG(10, ("ACL get on symlink %s denied.\n",
-+ fsp_str_dbg(fsp)));
-+ TALLOC_FREE(frame);
-+ return NT_STATUS_ACCESS_DENIED;
-+ }
-+
- if (security_info_wanted & (SECINFO_DACL|SECINFO_OWNER|
- SECINFO_GROUP|SECINFO_SACL)) {
- /* Don't return SECINFO_LABEL if anything else was
---
-1.9.1
-
-
-From b95ded07aec97c31c69f49f691d5f90fdee40f92 Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Tue, 5 Jan 2016 10:52:50 -0800
-Subject: [PATCH 03/12] CVE-2015-7560: s3: smbd: Refuse to set an ACL from a
- POSIX file handle on a symlink.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
-Reviewed-by: Volker Lendecke <vl@samba.org>
----
- source3/smbd/nttrans.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
-index 8113909..372d420 100644
---- a/source3/smbd/nttrans.c
-+++ b/source3/smbd/nttrans.c
-@@ -875,6 +875,12 @@ NTSTATUS set_sd(files_struct *fsp, struct security_descriptor *psd,
- return NT_STATUS_OK;
- }
-
-+ if (S_ISLNK(fsp->fsp_name->st.st_ex_mode)) {
-+ DEBUG(10, ("ACL set on symlink %s denied.\n",
-+ fsp_str_dbg(fsp)));
-+ return NT_STATUS_ACCESS_DENIED;
-+ }
-+
- if (psd->owner_sid == NULL) {
- security_info_sent &= ~SECINFO_OWNER;
- }
---
-1.9.1
-
-
-From 35abb608ce57efea1bc197b7d65f9347f9533f23 Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Tue, 5 Jan 2016 11:22:12 -0800
-Subject: [PATCH 04/12] CVE-2015-7560: s3: smbd: Refuse to set a POSIX ACL on a
- symlink.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
-Reviewed-by: Volker Lendecke <vl@samba.org>
----
- source3/smbd/trans2.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
-index b9865fd..a5eeda8 100644
---- a/source3/smbd/trans2.c
-+++ b/source3/smbd/trans2.c
-@@ -6745,6 +6745,7 @@ static NTSTATUS smb_set_posix_acl(connection_struct *conn,
- uint16 num_def_acls;
- bool valid_file_acls = True;
- bool valid_def_acls = True;
-+ NTSTATUS status;
-
- if (total_data < SMB_POSIX_ACL_HEADER_SIZE) {
- return NT_STATUS_INVALID_PARAMETER;
-@@ -6772,6 +6773,11 @@ static NTSTATUS smb_set_posix_acl(connection_struct *conn,
- return NT_STATUS_INVALID_PARAMETER;
- }
-
-+ status = refuse_symlink(conn, fsp, smb_fname->base_name);
-+ if (!NT_STATUS_IS_OK(status)) {
-+ return status;
-+ }
-+
- DEBUG(10,("smb_set_posix_acl: file %s num_file_acls = %u, num_def_acls = %u\n",
- smb_fname ? smb_fname_str_dbg(smb_fname) : fsp_str_dbg(fsp),
- (unsigned int)num_file_acls,
---
-1.9.1
-
-
-From 95c3bf9102440cf299312acc0d0a89afebf0474e Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Tue, 5 Jan 2016 11:24:36 -0800
-Subject: [PATCH 05/12] CVE-2015-7560: s3: smbd: Refuse to get a POSIX ACL on a
- symlink.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
-Reviewed-by: Volker Lendecke <vl@samba.org>
----
- source3/smbd/trans2.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
-index a5eeda8..8ea49f1e 100644
---- a/source3/smbd/trans2.c
-+++ b/source3/smbd/trans2.c
-@@ -5248,6 +5248,13 @@ NTSTATUS smbd_do_qfilepathinfo(connection_struct *conn,
- uint16 num_file_acls = 0;
- uint16 num_def_acls = 0;
-
-+ status = refuse_symlink(conn,
-+ fsp,
-+ smb_fname->base_name);
-+ if (!NT_STATUS_IS_OK(status)) {
-+ return status;
-+ }
-+
- if (fsp && fsp->fh->fd != -1) {
- file_acl = SMB_VFS_SYS_ACL_GET_FD(fsp,
- talloc_tos());
---
-1.9.1
-
-
-From c7ea0914d3b4a3deaf31a742c6edf4c6e7a91939 Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Tue, 5 Jan 2016 11:05:48 -0800
-Subject: [PATCH 06/12] CVE-2015-7560: s3: smbd: Set return values early,
- allows removal of code duplication.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
-Reviewed-by: Volker Lendecke <vl@samba.org>
----
- source3/smbd/trans2.c | 13 +++++--------
- 1 file changed, 5 insertions(+), 8 deletions(-)
-
-diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
-index 8ea49f1e..35a0ba2 100644
---- a/source3/smbd/trans2.c
-+++ b/source3/smbd/trans2.c
-@@ -238,11 +238,12 @@ NTSTATUS get_ea_names_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn,
- size_t num_names;
- ssize_t sizeret = -1;
-
-+ if (pnames) {
-+ *pnames = NULL;
-+ }
-+ *pnum_names = 0;
-+
- if (!lp_ea_support(SNUM(conn))) {
-- if (pnames) {
-- *pnames = NULL;
-- }
-- *pnum_names = 0;
- return NT_STATUS_OK;
- }
-
-@@ -292,10 +293,6 @@ NTSTATUS get_ea_names_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn,
-
- if (sizeret == 0) {
- TALLOC_FREE(names);
-- if (pnames) {
-- *pnames = NULL;
-- }
-- *pnum_names = 0;
- return NT_STATUS_OK;
- }
-
---
-1.9.1
-
-
-From 142a3050ec9875501b4f5693792d133bc5c3331a Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Tue, 5 Jan 2016 11:29:38 -0800
-Subject: [PATCH 07/12] CVE-2015-7560: s3: smbd: Silently return no EA's
- available on a symlink.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
-Reviewed-by: Volker Lendecke <vl@samba.org>
----
- source3/smbd/trans2.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
-index 35a0ba2..29e28bd 100644
---- a/source3/smbd/trans2.c
-+++ b/source3/smbd/trans2.c
-@@ -237,6 +237,7 @@ NTSTATUS get_ea_names_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn,
- char **names, **tmp;
- size_t num_names;
- ssize_t sizeret = -1;
-+ NTSTATUS status;
-
- if (pnames) {
- *pnames = NULL;
-@@ -247,6 +248,14 @@ NTSTATUS get_ea_names_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn,
- return NT_STATUS_OK;
- }
-
-+ status = refuse_symlink(conn, fsp, fname);
-+ if (!NT_STATUS_IS_OK(status)) {
-+ /*
-+ * Just return no EA's on a symlink.
-+ */
-+ return NT_STATUS_OK;
-+ }
-+
- /*
- * TALLOC the result early to get the talloc hierarchy right.
- */
---
-1.9.1
-
-
-From 08cf63d886b2f59f94a749089b73599330cee0e7 Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Tue, 5 Jan 2016 11:33:48 -0800
-Subject: [PATCH 08/12] CVE-2015-7560: s3: smbd: Refuse to set EA's on a
- symlink.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
-Reviewed-by: Volker Lendecke <vl@samba.org>
----
- source3/smbd/trans2.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
-index 29e28bd..aaaa5f4 100644
---- a/source3/smbd/trans2.c
-+++ b/source3/smbd/trans2.c
-@@ -659,6 +659,11 @@ NTSTATUS set_ea(connection_struct *conn, files_struct *fsp,
- return NT_STATUS_EAS_NOT_SUPPORTED;
- }
-
-+ status = refuse_symlink(conn, fsp, smb_fname->base_name);
-+ if (!NT_STATUS_IS_OK(status)) {
-+ return status;
-+ }
-+
- status = check_access(conn, fsp, smb_fname, FILE_WRITE_EA);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
---
-1.9.1
-
-
-From 259fec336cee663044d7e107a3dfce6264f20e84 Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Wed, 6 Jan 2016 17:17:24 -0800
-Subject: [PATCH 09/12] CVE-2015-7560: s3: libsmb: Rename cli_posix_getfaclXX()
- functions to cli_posix_getacl() as they operate on pathnames.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
-Reviewed-by: Volker Lendecke <vl@samba.org>
----
- source3/client/client.c | 2 +-
- source3/libsmb/clifile.c | 30 +++++++++++++++---------------
- source3/libsmb/proto.h | 6 +++---
- 3 files changed, 19 insertions(+), 19 deletions(-)
-
-diff --git a/source3/client/client.c b/source3/client/client.c
-index 67cc359..a8e5338 100644
---- a/source3/client/client.c
-+++ b/source3/client/client.c
-@@ -3376,7 +3376,7 @@ static int cmd_getfacl(void)
- return 1;
- }
-
-- status = cli_posix_getfacl(targetcli, targetname, ctx, &rb_size, &retbuf);
-+ status = cli_posix_getacl(targetcli, targetname, ctx, &rb_size, &retbuf);
- if (!NT_STATUS_IS_OK(status)) {
- d_printf("%s getfacl file %s\n",
- nt_errstr(status), src);
-diff --git a/source3/libsmb/clifile.c b/source3/libsmb/clifile.c
-index 61cb8b5..ff646e4 100644
---- a/source3/libsmb/clifile.c
-+++ b/source3/libsmb/clifile.c
-@@ -590,25 +590,25 @@ NTSTATUS cli_posix_hardlink(struct cli_state *cli,
- }
-
- /****************************************************************************
-- Do a POSIX getfacl (UNIX extensions).
-+ Do a POSIX getacl - pathname based ACL get (UNIX extensions).
- ****************************************************************************/
-
--struct getfacl_state {
-+struct getacl_state {
- uint32_t num_data;
- uint8_t *data;
- };
-
--static void cli_posix_getfacl_done(struct tevent_req *subreq);
-+static void cli_posix_getacl_done(struct tevent_req *subreq);
-
--struct tevent_req *cli_posix_getfacl_send(TALLOC_CTX *mem_ctx,
-+struct tevent_req *cli_posix_getacl_send(TALLOC_CTX *mem_ctx,
- struct tevent_context *ev,
- struct cli_state *cli,
- const char *fname)
- {
- struct tevent_req *req = NULL, *subreq = NULL;
-- struct getfacl_state *state = NULL;
-+ struct getacl_state *state = NULL;
-
-- req = tevent_req_create(mem_ctx, &state, struct getfacl_state);
-+ req = tevent_req_create(mem_ctx, &state, struct getacl_state);
- if (req == NULL) {
- return NULL;
- }
-@@ -617,16 +617,16 @@ struct tevent_req *cli_posix_getfacl_send(TALLOC_CTX *mem_ctx,
- if (tevent_req_nomem(subreq, req)) {
- return tevent_req_post(req, ev);
- }
-- tevent_req_set_callback(subreq, cli_posix_getfacl_done, req);
-+ tevent_req_set_callback(subreq, cli_posix_getacl_done, req);
- return req;
- }
-
--static void cli_posix_getfacl_done(struct tevent_req *subreq)
-+static void cli_posix_getacl_done(struct tevent_req *subreq)
- {
- struct tevent_req *req = tevent_req_callback_data(
- subreq, struct tevent_req);
-- struct getfacl_state *state = tevent_req_data(
-- req, struct getfacl_state);
-+ struct getacl_state *state = tevent_req_data(
-+ req, struct getacl_state);
- NTSTATUS status;
-
- status = cli_qpathinfo_recv(subreq, state, &state->data,
-@@ -638,12 +638,12 @@ static void cli_posix_getfacl_done(struct tevent_req *subreq)
- tevent_req_done(req);
- }
-
--NTSTATUS cli_posix_getfacl_recv(struct tevent_req *req,
-+NTSTATUS cli_posix_getacl_recv(struct tevent_req *req,
- TALLOC_CTX *mem_ctx,
- size_t *prb_size,
- char **retbuf)
- {
-- struct getfacl_state *state = tevent_req_data(req, struct getfacl_state);
-+ struct getacl_state *state = tevent_req_data(req, struct getacl_state);
- NTSTATUS status;
-
- if (tevent_req_is_nterror(req, &status)) {
-@@ -654,7 +654,7 @@ NTSTATUS cli_posix_getfacl_recv(struct tevent_req *req,
- return NT_STATUS_OK;
- }
-
--NTSTATUS cli_posix_getfacl(struct cli_state *cli,
-+NTSTATUS cli_posix_getacl(struct cli_state *cli,
- const char *fname,
- TALLOC_CTX *mem_ctx,
- size_t *prb_size,
-@@ -679,7 +679,7 @@ NTSTATUS cli_posix_getfacl(struct cli_state *cli,
- goto fail;
- }
-
-- req = cli_posix_getfacl_send(frame,
-+ req = cli_posix_getacl_send(frame,
- ev,
- cli,
- fname);
-@@ -693,7 +693,7 @@ NTSTATUS cli_posix_getfacl(struct cli_state *cli,
- goto fail;
- }
-
-- status = cli_posix_getfacl_recv(req, mem_ctx, prb_size, retbuf);
-+ status = cli_posix_getacl_recv(req, mem_ctx, prb_size, retbuf);
-
- fail:
- TALLOC_FREE(frame);
-diff --git a/source3/libsmb/proto.h b/source3/libsmb/proto.h
-index 2efb208..f5f35e0 100644
---- a/source3/libsmb/proto.h
-+++ b/source3/libsmb/proto.h
-@@ -256,15 +256,15 @@ NTSTATUS cli_posix_hardlink(struct cli_state *cli,
- const char *newname);
- uint32_t unix_perms_to_wire(mode_t perms);
- mode_t wire_perms_to_unix(uint32_t perms);
--struct tevent_req *cli_posix_getfacl_send(TALLOC_CTX *mem_ctx,
-+struct tevent_req *cli_posix_getacl_send(TALLOC_CTX *mem_ctx,
- struct tevent_context *ev,
- struct cli_state *cli,
- const char *fname);
--NTSTATUS cli_posix_getfacl_recv(struct tevent_req *req,
-+NTSTATUS cli_posix_getacl_recv(struct tevent_req *req,
- TALLOC_CTX *mem_ctx,
- size_t *prb_size,
- char **retbuf);
--NTSTATUS cli_posix_getfacl(struct cli_state *cli,
-+NTSTATUS cli_posix_getacl(struct cli_state *cli,
- const char *fname,
- TALLOC_CTX *mem_ctx,
- size_t *prb_size,
---
-1.9.1
-
-
-From d9054880d4bdbcb05c677e494906a26d62afa3a1 Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Wed, 6 Jan 2016 17:02:52 -0800
-Subject: [PATCH 10/12] CVE-2015-7560: s3: libsmb: Add SMB1-only POSIX
- cli_posix_setacl() functions. Needed for tests.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
-Reviewed-by: Volker Lendecke <vl@samba.org>
----
- source3/libsmb/clifile.c | 100 +++++++++++++++++++++++++++++++++++++++++++++++
- source3/libsmb/proto.h | 11 ++++++
- 2 files changed, 111 insertions(+)
-
-diff --git a/source3/libsmb/clifile.c b/source3/libsmb/clifile.c
-index ff646e4..e4480c6 100644
---- a/source3/libsmb/clifile.c
-+++ b/source3/libsmb/clifile.c
-@@ -701,6 +701,106 @@ NTSTATUS cli_posix_getacl(struct cli_state *cli,
- }
-
- /****************************************************************************
-+ Do a POSIX setacl - pathname based ACL set (UNIX extensions).
-+****************************************************************************/
-+
-+struct setacl_state {
-+ uint8_t *data;
-+};
-+
-+static void cli_posix_setacl_done(struct tevent_req *subreq);
-+
-+struct tevent_req *cli_posix_setacl_send(TALLOC_CTX *mem_ctx,
-+ struct tevent_context *ev,
-+ struct cli_state *cli,
-+ const char *fname,
-+ const void *data,
-+ size_t num_data)
-+{
-+ struct tevent_req *req = NULL, *subreq = NULL;
-+ struct setacl_state *state = NULL;
-+
-+ req = tevent_req_create(mem_ctx, &state, struct setacl_state);
-+ if (req == NULL) {
-+ return NULL;
-+ }
-+ state->data = talloc_memdup(state, data, num_data);
-+ if (tevent_req_nomem(state->data, req)) {
-+ return tevent_req_post(req, ev);
-+ }
-+
-+ subreq = cli_setpathinfo_send(state,
-+ ev,
-+ cli,
-+ SMB_SET_POSIX_ACL,
-+ fname,
-+ state->data,
-+ num_data);
-+ if (tevent_req_nomem(subreq, req)) {
-+ return tevent_req_post(req, ev);
-+ }
-+ tevent_req_set_callback(subreq, cli_posix_setacl_done, req);
-+ return req;
-+}
-+
-+static void cli_posix_setacl_done(struct tevent_req *subreq)
-+{
-+ NTSTATUS status = cli_setpathinfo_recv(subreq);
-+ tevent_req_simple_finish_ntstatus(subreq, status);
-+}
-+
-+NTSTATUS cli_posix_setacl_recv(struct tevent_req *req)
-+{
-+ return tevent_req_simple_recv_ntstatus(req);
-+}
-+
-+NTSTATUS cli_posix_setacl(struct cli_state *cli,
-+ const char *fname,
-+ const void *acl_buf,
-+ size_t acl_buf_size)
-+{
-+ TALLOC_CTX *frame = talloc_stackframe();
-+ struct tevent_context *ev = NULL;
-+ struct tevent_req *req = NULL;
-+ NTSTATUS status = NT_STATUS_OK;
-+
-+ if (smbXcli_conn_has_async_calls(cli->conn)) {
-+ /*
-+ * Can't use sync call while an async call is in flight
-+ */
-+ status = NT_STATUS_INVALID_PARAMETER;
-+ goto fail;
-+ }
-+
-+ ev = samba_tevent_context_init(frame);
-+ if (ev == NULL) {
-+ status = NT_STATUS_NO_MEMORY;
-+ goto fail;
-+ }
-+
-+ req = cli_posix_setacl_send(frame,
-+ ev,
-+ cli,
-+ fname,
-+ acl_buf,
-+ acl_buf_size);
-+ if (req == NULL) {
-+ status = NT_STATUS_NO_MEMORY;
-+ goto fail;
-+ }
-+
-+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
-+ goto fail;
-+ }
-+
-+ status = cli_posix_setacl_recv(req);
-+
-+ fail:
-+ TALLOC_FREE(frame);
-+ return status;
-+}
-+
-+/****************************************************************************
- Stat a file (UNIX extensions).
- ****************************************************************************/
-
-diff --git a/source3/libsmb/proto.h b/source3/libsmb/proto.h
-index f5f35e0..08dda96 100644
---- a/source3/libsmb/proto.h
-+++ b/source3/libsmb/proto.h
-@@ -269,6 +269,17 @@ NTSTATUS cli_posix_getacl(struct cli_state *cli,
- TALLOC_CTX *mem_ctx,
- size_t *prb_size,
- char **retbuf);
-+struct tevent_req *cli_posix_setacl_send(TALLOC_CTX *mem_ctx,
-+ struct tevent_context *ev,
-+ struct cli_state *cli,
-+ const char *fname,
-+ const void *acl_buf,
-+ size_t acl_buf_size);
-+NTSTATUS cli_posix_setacl_recv(struct tevent_req *req);
-+NTSTATUS cli_posix_setacl(struct cli_state *cli,
-+ const char *fname,
-+ const void *acl_buf,
-+ size_t acl_buf_size);
- struct tevent_req *cli_posix_stat_send(TALLOC_CTX *mem_ctx,
- struct tevent_context *ev,
- struct cli_state *cli,
---
-1.9.1
-
-
-From 5de774189a4e7be050c67d06f450a498d90d4368 Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Thu, 7 Jan 2016 12:58:34 -0800
-Subject: [PATCH 11/12] CVE-2015-7560: s3: torture3: Add new POSIX-SYMLINK-ACL
- test.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
-Reviewed-by: Volker Lendecke <vl@samba.org>
----
- selftest/knownfail | 1 +
- source3/selftest/tests.py | 2 +-
- source3/torture/torture.c | 198 ++++++++++++++++++++++++++++++++++++++++++++++
- 3 files changed, 200 insertions(+), 1 deletion(-)
-
-diff --git a/selftest/knownfail b/selftest/knownfail
-index fd41263..6696ba3 100644
---- a/selftest/knownfail
-+++ b/selftest/knownfail
-@@ -16,6 +16,7 @@
- ^samba3.smbtorture_s3.plain\(dc\).UID-REGRESSION-TEST # Fails against the s4 ntvfs server
- ^samba3.smbtorture_s3.plain\(dc\).SHORTNAME-TEST # Fails against the s4 ntvfs server
- ^samba3.smbtorture_s3.plain\(dc\).POSIX-APPEND # Fails against the s4 ntvfs server
-+^samba3.smbtorture_s3.plain\(ad_dc_ntvfs\).POSIX-SYMLINK-ACL # Fails against the s4 ntvfs server
- ^samba3.smbtorture_s3.plain\(dc\).NTTRANS-FSCTL # Fails against the s4 ntvfs server
- ^samba3.smbtorture_s3.plain\(dc\).SMB2-NEGPROT # Fails against the s4 ntvfs server
- ^samba3.smbtorture_s3.plain\(dc\).BAD-NBT-SESSION # Fails against the s4 ntvfs server
-diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
-index 7279927..e66ddbc 100755
---- a/source3/selftest/tests.py
-+++ b/source3/selftest/tests.py
-@@ -78,7 +78,7 @@ tests = ["RW1", "RW2", "RW3"]
- for t in tests:
- plantestsuite("samba3.smbtorture_s3.vfs_aio_fork(simpleserver).%s" % t, "simpleserver", [os.path.join(samba3srcdir, "script/tests/test_smbtorture_s3.sh"), t, '//$SERVER_IP/vfs_aio_fork', '$USERNAME', '$PASSWORD', smbtorture3, "", "-l $LOCAL_PATH"])
-
--posix_tests = ["POSIX", "POSIX-APPEND"]
-+posix_tests = ["POSIX", "POSIX-APPEND", "POSIX-SYMLINK-ACL"]
-
- for t in posix_tests:
- plantestsuite("samba3.smbtorture_s3.plain(s3dc).%s" % t, "s3dc", [os.path.join(samba3srcdir, "script/tests/test_smbtorture_s3.sh"), t, '//$SERVER_IP/posix_share', '$USERNAME', '$PASSWORD', smbtorture3, "", "-l $LOCAL_PATH"])
-diff --git a/source3/torture/torture.c b/source3/torture/torture.c
-index 0b37e5c..6c0ab17 100644
---- a/source3/torture/torture.c
-+++ b/source3/torture/torture.c
-@@ -5820,6 +5820,203 @@ static bool run_simple_posix_open_test(int dummy)
- return correct;
- }
-
-+/*
-+ Test POSIX and Windows ACLs are rejected on symlinks.
-+ */
-+static bool run_acl_symlink_test(int dummy)
-+{
-+ static struct cli_state *cli;
-+ const char *fname = "posix_file";
-+ const char *sname = "posix_symlink";
-+ uint16_t fnum = (uint16_t)-1;
-+ bool correct = false;
-+ NTSTATUS status;
-+ char *posix_acl = NULL;
-+ size_t posix_acl_len = 0;
-+ char *posix_acl_sym = NULL;
-+ size_t posix_acl_len_sym = 0;
-+ struct security_descriptor *sd = NULL;
-+ struct security_descriptor *sd_sym = NULL;
-+ TALLOC_CTX *frame = NULL;
-+
-+ frame = talloc_stackframe();
-+
-+ printf("Starting acl symlink test\n");
-+
-+ if (!torture_open_connection(&cli, 0)) {
-+ TALLOC_FREE(frame);
-+ return false;
-+ }
-+
-+ smbXcli_conn_set_sockopt(cli->conn, sockops);
-+
-+ status = torture_setup_unix_extensions(cli);
-+ if (!NT_STATUS_IS_OK(status)) {
-+ TALLOC_FREE(frame);
-+ return false;
-+ }
-+
-+ cli_setatr(cli, fname, 0, 0);
-+ cli_posix_unlink(cli, fname);
-+ cli_setatr(cli, sname, 0, 0);
-+ cli_posix_unlink(cli, sname);
-+
-+ status = cli_ntcreate(cli,
-+ fname,
-+ 0,
-+ READ_CONTROL_ACCESS,
-+ 0,
-+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
-+ FILE_CREATE,
-+ 0x0,
-+ 0x0,
-+ &fnum,
-+ NULL);
-+
-+ if (!NT_STATUS_IS_OK(status)) {
-+ printf("cli_ntcreate of %s failed (%s)\n",
-+ fname,
-+ nt_errstr(status));
-+ goto out;
-+ }
-+
-+ /* Get the Windows ACL on the file. */
-+ status = cli_query_secdesc(cli,
-+ fnum,
-+ frame,
-+ &sd);
-+ if (!NT_STATUS_IS_OK(status)) {
-+ printf("cli_query_secdesc failed (%s)\n",
-+ nt_errstr(status));
-+ goto out;
-+ }
-+
-+ /* Get the POSIX ACL on the file. */
-+ status = cli_posix_getacl(cli,
-+ fname,
-+ frame,
-+ &posix_acl_len,
-+ &posix_acl);
-+
-+ if (!NT_STATUS_IS_OK(status)) {
-+ printf("cli_posix_getacl failed (%s)\n",
-+ nt_errstr(status));
-+ goto out;
-+ }
-+
-+ status = cli_close(cli, fnum);
-+ if (!NT_STATUS_IS_OK(status)) {
-+ printf("close failed (%s)\n", nt_errstr(status));
-+ goto out;
-+ }
-+ fnum = (uint16_t)-1;
-+
-+ /* Now create a symlink. */
-+ status = cli_posix_symlink(cli, fname, sname);
-+ if (!NT_STATUS_IS_OK(status)) {
-+ printf("cli_posix_symlink of %s -> %s failed (%s)\n",
-+ sname,
-+ fname,
-+ nt_errstr(status));
-+ goto out;
-+ }
-+
-+ /* Open a handle on the symlink. */
-+ status = cli_ntcreate(cli,
-+ sname,
-+ 0,
-+ READ_CONTROL_ACCESS|SEC_STD_WRITE_DAC,
-+ 0,
-+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
-+ FILE_OPEN,
-+ 0x0,
-+ 0x0,
-+ &fnum,
-+ NULL);
-+
-+ if (!NT_STATUS_IS_OK(status)) {
-+ printf("cli_posix_open of %s failed (%s)\n",
-+ sname,
-+ nt_errstr(status));
-+ goto out;
-+ }
-+
-+ /* Get the Windows ACL on the symlink handle. Should fail */
-+ status = cli_query_secdesc(cli,
-+ fnum,
-+ frame,
-+ &sd_sym);
-+
-+ if (!NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
-+ printf("cli_query_secdesc on a symlink gave %s. "
-+ "Should be NT_STATUS_ACCESS_DENIED.\n",
-+ nt_errstr(status));
-+ goto out;
-+ }
-+
-+ /* Get the POSIX ACL on the symlink pathname. Should fail. */
-+ status = cli_posix_getacl(cli,
-+ sname,
-+ frame,
-+ &posix_acl_len_sym,
-+ &posix_acl_sym);
-+
-+ if (!NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
-+ printf("cli_posix_getacl on a symlink gave %s. "
-+ "Should be NT_STATUS_ACCESS_DENIED.\n",
-+ nt_errstr(status));
-+ goto out;
-+ }
-+
-+ /* Set the Windows ACL on the symlink handle. Should fail */
-+ status = cli_set_security_descriptor(cli,
-+ fnum,
-+ SECINFO_DACL,
-+ sd);
-+
-+ if (!NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
-+ printf("cli_query_secdesc on a symlink gave %s. "
-+ "Should be NT_STATUS_ACCESS_DENIED.\n",
-+ nt_errstr(status));
-+ goto out;
-+ }
-+
-+ /* Set the POSIX ACL on the symlink pathname. Should fail. */
-+ status = cli_posix_setacl(cli,
-+ sname,
-+ posix_acl,
-+ posix_acl_len);
-+
-+ if (!NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
-+ printf("cli_posix_getacl on a symlink gave %s. "
-+ "Should be NT_STATUS_ACCESS_DENIED.\n",
-+ nt_errstr(status));
-+ goto out;
-+ }
-+
-+ printf("ACL symlink test passed\n");
-+ correct = true;
-+
-+ out:
-+
-+ if (fnum != (uint16_t)-1) {
-+ cli_close(cli, fnum);
-+ fnum = (uint16_t)-1;
-+ }
-+
-+ cli_setatr(cli, sname, 0, 0);
-+ cli_posix_unlink(cli, sname);
-+ cli_setatr(cli, fname, 0, 0);
-+ cli_posix_unlink(cli, fname);
-+
-+ if (!torture_close_connection(cli)) {
-+ correct = false;
-+ }
-+
-+ TALLOC_FREE(frame);
-+ return correct;
-+}
-+
-
- static uint32 open_attrs_table[] = {
- FILE_ATTRIBUTE_NORMAL,
-@@ -9647,6 +9844,7 @@ static struct {
- {"OPEN", run_opentest, 0},
- {"POSIX", run_simple_posix_open_test, 0},
- {"POSIX-APPEND", run_posix_append, 0},
-+ {"POSIX-SYMLINK-ACL", run_acl_symlink_test, 0},
- {"CASE-INSENSITIVE-CREATE", run_case_insensitive_create, 0},
- {"ASYNC-ECHO", run_async_echo, 0},
- { "UID-REGRESSION-TEST", run_uid_regression_test, 0},
---
-1.9.1
-
-
-From 6149e7297d9279df3b535e72eabbede7bd235925 Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Thu, 7 Jan 2016 14:26:35 -0800
-Subject: [PATCH 12/12] CVE-2015-7560: s3: torture3: Add new POSIX-SYMLINK-EA
- test.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
-Reviewed-by: Volker Lendecke <vl@samba.org>
----
- selftest/knownfail | 1 +
- source3/selftest/tests.py | 2 +-
- source3/torture/torture.c | 179 ++++++++++++++++++++++++++++++++++++++++++++++
- 3 files changed, 181 insertions(+), 1 deletion(-)
-
-diff --git a/selftest/knownfail b/selftest/knownfail
-index 6696ba3..c919a6a 100644
---- a/selftest/knownfail
-+++ b/selftest/knownfail
-@@ -17,6 +17,7 @@
- ^samba3.smbtorture_s3.plain\(dc\).SHORTNAME-TEST # Fails against the s4 ntvfs server
- ^samba3.smbtorture_s3.plain\(dc\).POSIX-APPEND # Fails against the s4 ntvfs server
- ^samba3.smbtorture_s3.plain\(ad_dc_ntvfs\).POSIX-SYMLINK-ACL # Fails against the s4 ntvfs server
-+^samba3.smbtorture_s3.plain\(ad_dc_ntvfs\).POSIX-SYMLINK-EA # Fails against the s4 ntvfs server
- ^samba3.smbtorture_s3.plain\(dc\).NTTRANS-FSCTL # Fails against the s4 ntvfs server
- ^samba3.smbtorture_s3.plain\(dc\).SMB2-NEGPROT # Fails against the s4 ntvfs server
- ^samba3.smbtorture_s3.plain\(dc\).BAD-NBT-SESSION # Fails against the s4 ntvfs server
-diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
-index e66ddbc..830753c 100755
---- a/source3/selftest/tests.py
-+++ b/source3/selftest/tests.py
-@@ -78,7 +78,7 @@ tests = ["RW1", "RW2", "RW3"]
- for t in tests:
- plantestsuite("samba3.smbtorture_s3.vfs_aio_fork(simpleserver).%s" % t, "simpleserver", [os.path.join(samba3srcdir, "script/tests/test_smbtorture_s3.sh"), t, '//$SERVER_IP/vfs_aio_fork', '$USERNAME', '$PASSWORD', smbtorture3, "", "-l $LOCAL_PATH"])
-
--posix_tests = ["POSIX", "POSIX-APPEND", "POSIX-SYMLINK-ACL"]
-+posix_tests = ["POSIX", "POSIX-APPEND", "POSIX-SYMLINK-ACL", "POSIX-SYMLINK-EA"]
-
- for t in posix_tests:
- plantestsuite("samba3.smbtorture_s3.plain(s3dc).%s" % t, "s3dc", [os.path.join(samba3srcdir, "script/tests/test_smbtorture_s3.sh"), t, '//$SERVER_IP/posix_share', '$USERNAME', '$PASSWORD', smbtorture3, "", "-l $LOCAL_PATH"])
-diff --git a/source3/torture/torture.c b/source3/torture/torture.c
-index 6c0ab17..34c1a37 100644
---- a/source3/torture/torture.c
-+++ b/source3/torture/torture.c
-@@ -6017,6 +6017,183 @@ static bool run_acl_symlink_test(int dummy)
- return correct;
- }
-
-+/*
-+ Test setting EA's are rejected on symlinks.
-+ */
-+static bool run_ea_symlink_test(int dummy)
-+{
-+ static struct cli_state *cli;
-+ const char *fname = "posix_file_ea";
-+ const char *sname = "posix_symlink_ea";
-+ const char *ea_name = "testea_name";
-+ const char *ea_value = "testea_value";
-+ uint16_t fnum = (uint16_t)-1;
-+ bool correct = false;
-+ NTSTATUS status;
-+ size_t i, num_eas;
-+ struct ea_struct *eas = NULL;
-+ TALLOC_CTX *frame = NULL;
-+
-+ frame = talloc_stackframe();
-+
-+ printf("Starting EA symlink test\n");
-+
-+ if (!torture_open_connection(&cli, 0)) {
-+ TALLOC_FREE(frame);
-+ return false;
-+ }
-+
-+ smbXcli_conn_set_sockopt(cli->conn, sockops);
-+
-+ status = torture_setup_unix_extensions(cli);
-+ if (!NT_STATUS_IS_OK(status)) {
-+ TALLOC_FREE(frame);
-+ return false;
-+ }
-+
-+ cli_setatr(cli, fname, 0, 0);
-+ cli_posix_unlink(cli, fname);
-+ cli_setatr(cli, sname, 0, 0);
-+ cli_posix_unlink(cli, sname);
-+
-+ status = cli_ntcreate(cli,
-+ fname,
-+ 0,
-+ READ_CONTROL_ACCESS,
-+ 0,
-+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
-+ FILE_CREATE,
-+ 0x0,
-+ 0x0,
-+ &fnum,
-+ NULL);
-+
-+ if (!NT_STATUS_IS_OK(status)) {
-+ printf("cli_ntcreate of %s failed (%s)\n",
-+ fname,
-+ nt_errstr(status));
-+ goto out;
-+ }
-+
-+ status = cli_close(cli, fnum);
-+ if (!NT_STATUS_IS_OK(status)) {
-+ printf("close failed (%s)\n",
-+ nt_errstr(status));
-+ goto out;
-+ }
-+ fnum = (uint16_t)-1;
-+
-+ /* Set an EA on the path. */
-+ status = cli_set_ea_path(cli,
-+ fname,
-+ ea_name,
-+ ea_value,
-+ strlen(ea_value)+1);
-+
-+ if (!NT_STATUS_IS_OK(status)) {
-+ printf("cli_set_ea_path failed (%s)\n",
-+ nt_errstr(status));
-+ goto out;
-+ }
-+
-+ /* Now create a symlink. */
-+ status = cli_posix_symlink(cli, fname, sname);
-+ if (!NT_STATUS_IS_OK(status)) {
-+ printf("cli_posix_symlink of %s -> %s failed (%s)\n",
-+ sname,
-+ fname,
-+ nt_errstr(status));
-+ goto out;
-+ }
-+
-+ /* Get the EA list on the path. Should return value set. */
-+ status = cli_get_ea_list_path(cli,
-+ fname,
-+ frame,
-+ &num_eas,
-+ &eas);
-+
-+ if (!NT_STATUS_IS_OK(status)) {
-+ printf("cli_get_ea_list_path failed (%s)\n",
-+ nt_errstr(status));
-+ goto out;
-+ }
-+
-+ /* Ensure the EA we set is there. */
-+ for (i=0; i<num_eas; i++) {
-+ if (strcmp(eas[i].name, ea_name) == 0 &&
-+ eas[i].value.length == strlen(ea_value)+1 &&
-+ memcmp(eas[i].value.data,
-+ ea_value,
-+ eas[i].value.length) == 0) {
-+ break;
-+ }
-+ }
-+
-+ if (i == num_eas) {
-+ printf("Didn't find EA on pathname %s\n",
-+ fname);
-+ goto out;
-+ }
-+
-+ num_eas = 0;
-+ TALLOC_FREE(eas);
-+
-+ /* Get the EA list on the symlink. Should return empty list. */
-+ status = cli_get_ea_list_path(cli,
-+ sname,
-+ frame,
-+ &num_eas,
-+ &eas);
-+
-+ if (!NT_STATUS_IS_OK(status)) {
-+ printf("cli_get_ea_list_path failed (%s)\n",
-+ nt_errstr(status));
-+ goto out;
-+ }
-+
-+ if (num_eas != 0) {
-+ printf("cli_get_ea_list_path failed (%s)\n",
-+ nt_errstr(status));
-+ goto out;
-+ }
-+
-+ /* Set an EA on the symlink. Should fail. */
-+ status = cli_set_ea_path(cli,
-+ sname,
-+ ea_name,
-+ ea_value,
-+ strlen(ea_value)+1);
-+
-+ if (!NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
-+ printf("cli_set_ea_path on a symlink gave %s. "
-+ "Should be NT_STATUS_ACCESS_DENIED.\n",
-+ nt_errstr(status));
-+ goto out;
-+ }
-+
-+ printf("EA symlink test passed\n");
-+ correct = true;
-+
-+ out:
-+
-+ if (fnum != (uint16_t)-1) {
-+ cli_close(cli, fnum);
-+ fnum = (uint16_t)-1;
-+ }
-+
-+ cli_setatr(cli, sname, 0, 0);
-+ cli_posix_unlink(cli, sname);
-+ cli_setatr(cli, fname, 0, 0);
-+ cli_posix_unlink(cli, fname);
-+
-+ if (!torture_close_connection(cli)) {
-+ correct = false;
-+ }
-+
-+ TALLOC_FREE(frame);
-+ return correct;
-+}
-
- static uint32 open_attrs_table[] = {
- FILE_ATTRIBUTE_NORMAL,
-@@ -9845,6 +10022,8 @@ static struct {
- {"POSIX", run_simple_posix_open_test, 0},
- {"POSIX-APPEND", run_posix_append, 0},
- {"POSIX-SYMLINK-ACL", run_acl_symlink_test, 0},
-+ {"POSIX-SYMLINK-ACL", run_acl_symlink_test, 0},
-+ {"POSIX-SYMLINK-EA", run_ea_symlink_test, 0},
- {"CASE-INSENSITIVE-CREATE", run_case_insensitive_create, 0},
- {"ASYNC-ECHO", run_async_echo, 0},
- { "UID-REGRESSION-TEST", run_uid_regression_test, 0},
---
-1.9.1
-
diff --git a/SOURCES/samba-4.2-auth-credentials-if-credentials-have-principal-set-t.patch b/SOURCES/samba-4.2-auth-credentials-if-credentials-have-principal-set-t.patch
deleted file mode 100644
index f6ae63a..0000000
--- a/SOURCES/samba-4.2-auth-credentials-if-credentials-have-principal-set-t.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 97d7bc19bb463cfbb9d45b69cec1e668eb15b4a1 Mon Sep 17 00:00:00 2001
-From: Alexander Bokovoy <ab@samba.org>
-Date: Thu, 7 May 2015 14:12:03 +0000
-Subject: [PATCH] auth/credentials: if credentials have principal set, they are
- not anonymous anymore
-
-When dealing with Kerberos, we cannot consider credentials anonymous
-if credentials were obtained properly.
-
-Signed-off: Alexander Bokovoy <ab@samba.org>
----
- auth/credentials/credentials.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
-index 78b5955..b1ccc5a 100644
---- a/auth/credentials/credentials.c
-+++ b/auth/credentials/credentials.c
-@@ -921,6 +921,13 @@ _PUBLIC_ bool cli_credentials_is_anonymous(struct cli_credentials *cred)
- cred->machine_account_pending_lp_ctx);
- }
-
-+ if (cli_credentials_get_kerberos_state(cred) != CRED_DONT_USE_KERBEROS) {
-+ /* if principal is set, it's not anonymous */
-+ if (cred->principal && cred->principal_obtained >= cred->username_obtained) {
-+ return false;
-+ }
-+ }
-+
- username = cli_credentials_get_username(cred);
-
- /* Yes, it is deliberate that we die if we have a NULL pointer
---
-2.4.0
-
diff --git a/SOURCES/samba-4.2.10-ldap-sasl-win2003.patch b/SOURCES/samba-4.2.10-ldap-sasl-win2003.patch
new file mode 100644
index 0000000..379596f
--- /dev/null
+++ b/SOURCES/samba-4.2.10-ldap-sasl-win2003.patch
@@ -0,0 +1,39 @@
+From 7a73e56dfa2ca8569ffdda0b9738516081889523 Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Fri, 8 Apr 2016 10:05:38 +0200
+Subject: [PATCH] s3:libads: sasl wrapped LDAP connections against with
+ kerberos and arcfour-hmac-md5
+
+This fixes a regression in commit 2cb07ba50decdfd6d08271cd2b3d893ff95f5af9
+(s3:libads: make use of ads_sasl_spnego_gensec_bind() for GSS-SPNEGO with Kerberos)
+that prevents things like 'net ads join' from working against a Windows 2003 domain.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+---
+ source3/libads/sasl.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
+index 4fcd733..22aa9cf 100644
+--- a/source3/libads/sasl.c
++++ b/source3/libads/sasl.c
+@@ -312,7 +312,13 @@ static ADS_STATUS ads_sasl_spnego_gensec_bind(ADS_STRUCT *ads,
+ ads->ldap.out.max_unwrapped = gensec_max_input_size(auth_generic_state->gensec_security);
+
+ ads->ldap.out.sig_size = max_wrapped - ads->ldap.out.max_unwrapped;
+- ads->ldap.in.min_wrapped = ads->ldap.out.sig_size;
++ /*
++ * Note that we have to truncate this to 0x2C
++ * (taken from a capture with LDAP unbind), as the
++ * signature size is not constant for Kerberos with
++ * arcfour-hmac-md5.
++ */
++ ads->ldap.in.min_wrapped = MIN(ads->ldap.out.sig_size, 0x2C);
+ ads->ldap.in.max_wrapped = max_wrapped;
+ status = ads_setup_sasl_wrapping(ads, &ads_sasl_gensec_ops, auth_generic_state->gensec_security);
+ if (!ADS_ERR_OK(status)) {
+--
+1.9.1
+
diff --git a/SOURCES/samba-4.2.10-s3-parm-clean-up-defaults-when-removing-global-param.patch b/SOURCES/samba-4.2.10-s3-parm-clean-up-defaults-when-removing-global-param.patch
new file mode 100644
index 0000000..272c855
--- /dev/null
+++ b/SOURCES/samba-4.2.10-s3-parm-clean-up-defaults-when-removing-global-param.patch
@@ -0,0 +1,71 @@
+From 137649fc01e6914bbb86a2f5f16c7e03a2fa132d Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <ab@samba.org>
+Date: Fri, 22 Jan 2016 11:44:03 +0200
+Subject: [PATCH] s3-parm: clean up defaults when removing global parameters
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=11693
+
+When globals are re-initialized, they are cleared and globals' talloc
+context is freed. However, parm_table still contains a reference to the
+global value in the defaults. This confuses lpcfg_string_free() after
+commit 795c543d858b2452f062a02846c2f908fe4cffe4 because it tries to
+free already freed pointer which is passed by lp_save_defaults():
+
+....
+ case P_STRING:
+ case P_USTRING:
+ lpcfg_string_set(Globals.ctx,
+ &parm_table[i].def.svalue,
+ *(char **)lp_parm_ptr(NULL, &parm_table[i]));
+....
+
+here &parm_table[i].def.svalue is passed to lpcfg_string_free() but it
+is a pointer to a value allocated with previous Globals.ctx which
+already was freed.
+
+This specifically affects registry backend of smb.conf in lp_load_ex()
+where init_globals() called explicitly to re-init globals after
+lp_save_defaults() if we have registry backend defined.
+
+Reviewed-by: Uri Simchoni <uri@samba.org>
+Signed-off-by: Alexander Bokovoy <ab@samba.org>
+
+Autobuild-User(master): Uri Simchoni <uri@samba.org>
+Autobuild-Date(master): Mon Jan 25 23:58:42 CET 2016 on sn-devel-144
+---
+ source3/param/loadparm.c | 17 +++++++++++++++++
+ 1 file changed, 17 insertions(+)
+
+diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
+index 94de252..9bd47dc 100644
+--- a/source3/param/loadparm.c
++++ b/source3/param/loadparm.c
+@@ -402,8 +402,25 @@ static void free_parameters_by_snum(int snum)
+ */
+ static void free_global_parameters(void)
+ {
++ uint32_t i;
++ struct parm_struct *parm;
++
+ free_param_opts(&Globals.param_opt);
+ free_parameters_by_snum(GLOBAL_SECTION_SNUM);
++
++ /* Reset references in the defaults because the context is going to be freed */
++ for (i=0; parm_table[i].label; i++) {
++ parm = &parm_table[i];
++ if ((parm->type == P_STRING) ||
++ (parm->type == P_USTRING)) {
++ if ((parm->def.svalue != NULL) &&
++ (*(parm->def.svalue) != '\0')) {
++ if (talloc_parent(parm->def.svalue) == Globals.ctx) {
++ parm->def.svalue = NULL;
++ }
++ }
++ }
++ }
+ TALLOC_FREE(Globals.ctx);
+ }
+
+--
+2.5.5
+
diff --git a/SOURCES/samba-4.2.10-s3-winbind-make-sure-domain-member-can-talk-to-trust.patch b/SOURCES/samba-4.2.10-s3-winbind-make-sure-domain-member-can-talk-to-trust.patch
new file mode 100644
index 0000000..3d092ff
--- /dev/null
+++ b/SOURCES/samba-4.2.10-s3-winbind-make-sure-domain-member-can-talk-to-trust.patch
@@ -0,0 +1,60 @@
+From b89f28556ad0d1caf9cf41c56a0d67440098358f Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <abokovoy@redhat.com>
+Date: Tue, 12 Apr 2016 09:36:12 +0300
+Subject: [PATCH] s3-winbind: make sure domain member can talk to trusted
+ domains DCs
+
+ Allow cm_connect_netlogon() to talk to trusted domains' DCs when
+ running in a domain member configuration.
+
+Signed-off-by: Alexander Bokovoy <ab@samba.org>
+---
+ source3/winbindd/winbindd_cm.c | 15 +++++++++------
+ 1 file changed, 9 insertions(+), 6 deletions(-)
+
+diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
+index 63175e5..1ef3d17 100644
+--- a/source3/winbindd/winbindd_cm.c
++++ b/source3/winbindd/winbindd_cm.c
+@@ -2578,9 +2578,10 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
+ anonymous:
+
+ /* Finally fall back to anonymous. */
+- if (lp_winbind_sealed_pipes() || lp_require_strong_key()) {
++ if ((lp_winbind_sealed_pipes() || lp_require_strong_key()) &&
++ (IS_DC || domain->primary)) {
+ status = NT_STATUS_DOWNGRADE_DETECTED;
+- DEBUG(1, ("Unwilling to make SAMR connection to domain %s"
++ DEBUG(1, ("Unwilling to make SAMR connection to domain %s "
+ "without connection level security, "
+ "must set 'winbind sealed pipes = false' and "
+ "'require strong key = false' to proceed: %s\n",
+@@ -2811,9 +2812,10 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
+
+ anonymous:
+
+- if (lp_winbind_sealed_pipes() || lp_require_strong_key()) {
++ if ((lp_winbind_sealed_pipes() || lp_require_strong_key()) &&
++ (IS_DC || domain->primary)) {
+ result = NT_STATUS_DOWNGRADE_DETECTED;
+- DEBUG(1, ("Unwilling to make LSA connection to domain %s"
++ DEBUG(1, ("Unwilling to make LSA connection to domain %s "
+ "without connection level security, "
+ "must set 'winbind sealed pipes = false' and "
+ "'require strong key = false' to proceed: %s\n",
+@@ -2978,9 +2980,10 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
+
+ no_schannel:
+ if (!(conn->netlogon_flags & NETLOGON_NEG_AUTHENTICATED_RPC)) {
+- if (lp_winbind_sealed_pipes() || lp_require_strong_key()) {
++ if ((lp_winbind_sealed_pipes() || lp_require_strong_key()) &&
++ (IS_DC || domain->primary)) {
+ result = NT_STATUS_DOWNGRADE_DETECTED;
+- DEBUG(1, ("Unwilling to make connection to domain %s"
++ DEBUG(1, ("Unwilling to make connection to domain %s "
+ "without connection level security, "
+ "must set 'winbind sealed pipes = false' and "
+ "'require strong key = false' to proceed: %s\n",
+--
+2.5.5
+
diff --git a/SOURCES/samba-4.2.3-fix_dfree_command.patch b/SOURCES/samba-4.2.3-fix_dfree_command.patch
deleted file mode 100644
index 6ed3da6..0000000
--- a/SOURCES/samba-4.2.3-fix_dfree_command.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-From 80d7fe6f06c820253d0c687153a3c781bc55cb0c Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@samba.org>
-Date: Fri, 17 Jul 2015 09:35:11 +0200
-Subject: [PATCH] s3-smbd: Leave sys_disk_free() if dfree command is used
-
-If we have a broken system which reports incorrect sizes we provide the
-'dfree command'. This command makes sure Samba gets the correct values.
-However after that we call the quota command which then reports the
-broken values. The dfree command should take care to provide the correct
-values and in case of quota's it should also calculate the quote
-correctly.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11403
-
-Pair-Programmed-With: Michael Adam <obnox@samba.org>
-Signed-off-by: Andreas Schneider <asn@samba.org>
-Signed-off-by: Michael Adam <obnox@samba.org>
-Reviewed-by: Ralph Boehme <slow@samba.org>
-(cherry picked from commit 48a4d5a4078ff2a66dd753323d6e5d76d34b9828)
----
- source3/smbd/dfree.c | 29 +++++++++++++----------------
- 1 file changed, 13 insertions(+), 16 deletions(-)
-
-diff --git a/source3/smbd/dfree.c b/source3/smbd/dfree.c
-index d02c1bd..09b00f4 100644
---- a/source3/smbd/dfree.c
-+++ b/source3/smbd/dfree.c
-@@ -98,7 +98,7 @@ uint64_t sys_disk_free(connection_struct *conn, const char *path, bool small_que
- DEBUG (3, ("disk_free: Running command '%s'\n", syscmd));
-
- lines = file_lines_pload(syscmd, NULL);
-- if (lines) {
-+ if (lines != NULL) {
- char *line = lines[0];
-
- DEBUG (3, ("Read input from dfree, \"%s\"\n", line));
-@@ -122,22 +122,18 @@ uint64_t sys_disk_free(connection_struct *conn, const char *path, bool small_que
- *dsize = 2048;
- if (!*dfree)
- *dfree = 1024;
-- } else {
-- DEBUG (0, ("disk_free: file_lines_load() failed for "
-- "command '%s'. Error was : %s\n",
-- syscmd, strerror(errno) ));
-- if (sys_fsusage(path, dfree, dsize) != 0) {
-- DEBUG (0, ("disk_free: sys_fsusage() failed. Error was : %s\n",
-- strerror(errno) ));
-- return (uint64_t)-1;
-- }
-- }
-- } else {
-- if (sys_fsusage(path, dfree, dsize) != 0) {
-- DEBUG (0, ("disk_free: sys_fsusage() failed. Error was : %s\n",
-- strerror(errno) ));
-- return (uint64_t)-1;
-+
-+ goto dfree_done;
- }
-+ DEBUG (0, ("disk_free: file_lines_load() failed for "
-+ "command '%s'. Error was : %s\n",
-+ syscmd, strerror(errno) ));
-+ }
-+
-+ if (sys_fsusage(path, dfree, dsize) != 0) {
-+ DEBUG (0, ("disk_free: sys_fsusage() failed. Error was : %s\n",
-+ strerror(errno) ));
-+ return (uint64_t)-1;
- }
-
- if (disk_quotas(path, &bsize_q, &dfree_q, &dsize_q)) {
-@@ -161,6 +157,7 @@ uint64_t sys_disk_free(connection_struct *conn, const char *path, bool small_que
- *dfree = MAX(1,*dfree);
- }
-
-+dfree_done:
- disk_norm(small_query,bsize,dfree,dsize);
-
- if ((*bsize) < 1024) {
---
-2.4.5
-
diff --git a/SOURCES/samba-4.2.3-fix_force_group.patch b/SOURCES/samba-4.2.3-fix_force_group.patch
deleted file mode 100644
index 224141d..0000000
--- a/SOURCES/samba-4.2.3-fix_force_group.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From ee554fe5bd412d1faa6f59bdf8e8662ce6fb9b1a Mon Sep 17 00:00:00 2001
-From: Justin Maggard <jmaggard@netgear.com>
-Date: Tue, 21 Jul 2015 15:17:30 -0700
-Subject: [PATCH] s3-passdb: Respect LOOKUP_NAME_GROUP flag in sid lookup.
-
-Somewhere along the line, a config line like "valid users = @foo"
-broke when "foo" also exists as a user.
-
-user_ok_token() already does the right thing by adding the LOOKUP_NAME_GROUP
-flag; but lookup_name() was not respecting that flag, and went ahead and looked
-for users anyway.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11320
-
-Signed-off-by: Justin Maggard <jmaggard@netgear.com>
-Reviewed-by: Jeremy Allison <jra@samba.org>
-Reviewed-by: Marc Muehlfeld <mmuehlfeld@samba.org>
-
-Autobuild-User(master): Jeremy Allison <jra@samba.org>
-Autobuild-Date(master): Tue Jul 28 21:35:58 CEST 2015 on sn-devel-104
-
-(cherry picked from commit dc99d451bf23668d73878847219682fced547622)
----
- source3/passdb/lookup_sid.c | 4 ++--
- source3/passdb/lookup_sid.h | 2 +-
- 2 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
-index fe07bea..714061e 100644
---- a/source3/passdb/lookup_sid.c
-+++ b/source3/passdb/lookup_sid.c
-@@ -120,7 +120,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
- goto ok;
- }
-
-- if (((flags & LOOKUP_NAME_NO_NSS) == 0)
-+ if (((flags & (LOOKUP_NAME_NO_NSS|LOOKUP_NAME_GROUP)) == 0)
- && strequal(domain, unix_users_domain_name())) {
- if (lookup_unix_user_name(name, &sid)) {
- type = SID_NAME_USER;
-@@ -293,7 +293,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
- /* 11. Ok, windows would end here. Samba has two more options:
- Unmapped users and unmapped groups */
-
-- if (((flags & LOOKUP_NAME_NO_NSS) == 0)
-+ if (((flags & (LOOKUP_NAME_NO_NSS|LOOKUP_NAME_GROUP)) == 0)
- && lookup_unix_user_name(name, &sid)) {
- domain = talloc_strdup(tmp_ctx, unix_users_domain_name());
- type = SID_NAME_USER;
-diff --git a/source3/passdb/lookup_sid.h b/source3/passdb/lookup_sid.h
-index 872f4ef..8b5edf6 100644
---- a/source3/passdb/lookup_sid.h
-+++ b/source3/passdb/lookup_sid.h
-@@ -31,7 +31,7 @@ struct unixid;
- #define LOOKUP_NAME_NONE 0x00000000
- #define LOOKUP_NAME_ISOLATED 0x00000001 /* Look up unqualified names */
- #define LOOKUP_NAME_REMOTE 0x00000002 /* Ask others */
--#define LOOKUP_NAME_GROUP 0x00000004 /* (unused) This is a NASTY hack for
-+#define LOOKUP_NAME_GROUP 0x00000004 /* This is a NASTY hack for
- valid users = @foo where foo also
- exists in as user. */
- #define LOOKUP_NAME_NO_NSS 0x00000008 /* no NSS calls to avoid
---
-2.5.0.rc2.392.g76e840b
-
diff --git a/SOURCES/samba-4.2.3-fix_map_to_guest_bad_uid.patch b/SOURCES/samba-4.2.3-fix_map_to_guest_bad_uid.patch
deleted file mode 100644
index 7b7a474..0000000
--- a/SOURCES/samba-4.2.3-fix_map_to_guest_bad_uid.patch
+++ /dev/null
@@ -1,191 +0,0 @@
-From 4438a33e0e3621e9b178620ba0e543069bf85012 Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@samba.org>
-Date: Wed, 19 Aug 2015 16:11:47 +0200
-Subject: [PATCH 1/3] s3-auth: Fix 'map to guest = Bad Uid' support
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=9862
-
-Signed-off-by: Andreas Schneider <asn@samba.org>
-Reviewed-by: Guenther Deschner <gd@samba.org>
-(cherry picked from commit 34965d4d98d172e848e2b96fad8a9e0b99288ba7)
----
- source3/auth/auth_util.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
-index 1c2cf80..dcf173d 100644
---- a/source3/auth/auth_util.c
-+++ b/source3/auth/auth_util.c
-@@ -1397,6 +1397,14 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
- &username_was_mapped);
-
- if (!NT_STATUS_IS_OK(nt_status)) {
-+ /* Handle 'map to guest = Bad Uid */
-+ if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER) &&
-+ (lp_security() == SEC_ADS || lp_security() == SEC_DOMAIN) &&
-+ lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_UID) {
-+ DEBUG(2, ("Try to map %s to guest account",
-+ nt_username));
-+ return make_server_info_guest(mem_ctx, server_info);
-+ }
- return nt_status;
- }
-
---
-2.5.0
-
-
-From e0cfca754ed1c540f3b8a5adcea3bd85aac74930 Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@samba.org>
-Date: Wed, 19 Aug 2015 16:24:08 +0200
-Subject: [PATCH 2/3] s3-auth: Pass nt_username to check_account()
-
-We set nt_username above but do not use it in this function.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=9862
-
-Signed-off-by: Andreas Schneider <asn@samba.org>
-Reviewed-by: Guenther Deschner <gd@samba.org>
-(cherry picked from commit e8c76932e4ac192a00afa3b9731f5921c4b37da6)
----
- source3/auth/auth_util.c | 9 ++++++---
- 1 file changed, 6 insertions(+), 3 deletions(-)
-
-diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
-index dcf173d..688072e 100644
---- a/source3/auth/auth_util.c
-+++ b/source3/auth/auth_util.c
-@@ -1392,9 +1392,12 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
-
- /* this call will try to create the user if necessary */
-
-- nt_status = check_account(mem_ctx, nt_domain, sent_nt_username,
-- &found_username, &pwd,
-- &username_was_mapped);
-+ nt_status = check_account(mem_ctx,
-+ nt_domain,
-+ nt_username,
-+ &found_username,
-+ &pwd,
-+ &username_was_mapped);
-
- if (!NT_STATUS_IS_OK(nt_status)) {
- /* Handle 'map to guest = Bad Uid */
---
-2.5.0
-
-
-From 2b31b935a824d340876af24568c84bab6d4462cc Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@samba.org>
-Date: Wed, 19 Aug 2015 16:19:30 +0200
-Subject: [PATCH 3/3] s3-auth: Fix a memory leak in make_server_info_info3()
-
-We call make_server_info(NULL) and it is possible that we do not free
-it, because server_info is not allocated on the memory context we pass
-to the function.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=9862
-
-Signed-off-by: Andreas Schneider <asn@samba.org>
-Reviewed-by: Guenther Deschner <gd@samba.org>
-(cherry picked from commit 6363c0232c2238e1a782e9c22ef762e3ff9b7563)
----
- source3/auth/auth_util.c | 35 +++++++++++++++++++++++------------
- 1 file changed, 23 insertions(+), 12 deletions(-)
-
-diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
-index 688072e..2b355e4 100644
---- a/source3/auth/auth_util.c
-+++ b/source3/auth/auth_util.c
-@@ -1349,6 +1349,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
- bool username_was_mapped;
- struct passwd *pwd;
- struct auth_serversupplied_info *result;
-+ TALLOC_CTX *tmp_ctx = talloc_stackframe();
-
- /*
- Here is where we should check the list of
-@@ -1357,15 +1358,17 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
- */
-
- if (!sid_compose(&user_sid, info3->base.domain_sid, info3->base.rid)) {
-- return NT_STATUS_INVALID_PARAMETER;
-+ nt_status = NT_STATUS_INVALID_PARAMETER;
-+ goto out;
- }
-
- if (!sid_compose(&group_sid, info3->base.domain_sid,
- info3->base.primary_gid)) {
-- return NT_STATUS_INVALID_PARAMETER;
-+ nt_status = NT_STATUS_INVALID_PARAMETER;
-+ goto out;
- }
-
-- nt_username = talloc_strdup(mem_ctx, info3->base.account_name.string);
-+ nt_username = talloc_strdup(tmp_ctx, info3->base.account_name.string);
- if (!nt_username) {
- /* If the server didn't give us one, just use the one we sent
- * them */
-@@ -1392,7 +1395,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
-
- /* this call will try to create the user if necessary */
-
-- nt_status = check_account(mem_ctx,
-+ nt_status = check_account(tmp_ctx,
- nt_domain,
- nt_username,
- &found_username,
-@@ -1406,15 +1409,19 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
- lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_UID) {
- DEBUG(2, ("Try to map %s to guest account",
- nt_username));
-- return make_server_info_guest(mem_ctx, server_info);
-+ nt_status = make_server_info_guest(tmp_ctx, &result);
-+ if (NT_STATUS_IS_OK(nt_status)) {
-+ *server_info = talloc_move(mem_ctx, &result);
-+ }
- }
-- return nt_status;
-+ goto out;
- }
-
-- result = make_server_info(NULL);
-+ result = make_server_info(tmp_ctx);
- if (result == NULL) {
- DEBUG(4, ("make_server_info failed!\n"));
-- return NT_STATUS_NO_MEMORY;
-+ nt_status = NT_STATUS_NO_MEMORY;
-+ goto out;
- }
-
- result->unix_name = talloc_strdup(result, found_username);
-@@ -1422,8 +1429,8 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
- /* copy in the info3 */
- result->info3 = copy_netr_SamInfo3(result, info3);
- if (result->info3 == NULL) {
-- TALLOC_FREE(result);
-- return NT_STATUS_NO_MEMORY;
-+ nt_status = NT_STATUS_NO_MEMORY;
-+ goto out;
- }
-
- /* Fill in the unix info we found on the way */
-@@ -1453,9 +1460,13 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
-
- result->guest = (info3->base.user_flags & NETLOGON_GUEST);
-
-- *server_info = result;
-+ *server_info = talloc_move(mem_ctx, &result);
-
-- return NT_STATUS_OK;
-+ nt_status = NT_STATUS_OK;
-+out:
-+ talloc_free(tmp_ctx);
-+
-+ return nt_status;
- }
-
- /*****************************************************************************
---
-2.5.0
-
diff --git a/SOURCES/samba-4.2.3-fix_nss_wins.patch b/SOURCES/samba-4.2.3-fix_nss_wins.patch
deleted file mode 100644
index 835d988..0000000
--- a/SOURCES/samba-4.2.3-fix_nss_wins.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 5ae47e9173931fedd6b3adb04ff94b772587fa2a Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@samba.org>
-Date: Fri, 23 Oct 2015 15:28:23 +0200
-Subject: [PATCH] nss_wins: Use lp_global_no_reinit()
-
-This avoids that we run into use after free issues when we access memory
-allocated on the globals and the global being reinitialized.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11563
-
-Signed-off-by: Andreas Schneider <asn@samba.org>
-Reviewed-by: Volker Lendecke <vl@samba.org>
-
-(cherry picked from commit 0abbfb2e4d5bcd847983ef7981840f1eab7b917c)
----
- nsswitch/wins.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/nsswitch/wins.c b/nsswitch/wins.c
-index d63968b..6b5c3e2 100644
---- a/nsswitch/wins.c
-+++ b/nsswitch/wins.c
-@@ -53,7 +53,7 @@ static void nss_wins_init(void)
-
- TimeInit();
- setup_logging("nss_wins",False);
-- lp_load(get_dyn_CONFIGFILE(),True,False,False,True);
-+ lp_load_global_no_reinit(get_dyn_CONFIGFILE());
- load_interfaces();
- }
-
---
-2.6.2
-
diff --git a/SOURCES/samba-4.2.3-fix_smbX_segfault.patch b/SOURCES/samba-4.2.3-fix_smbX_segfault.patch
deleted file mode 100644
index fc282fa..0000000
--- a/SOURCES/samba-4.2.3-fix_smbX_segfault.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From c638ce839bb7ac754c1cbb61afcc700bac8788fc Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Wed, 10 Jun 2015 17:07:15 +0200
-Subject: [PATCH] s3-smbd: reset protocol in smbXsrv_connection_init_tables
- failure paths.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11373
-
-Guenther
-
-Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
-Pair-Programmed-With: Michael Adam <obnox@samba.org>
-
-Signed-off-by: Guenther Deschner <gd@samba.org>
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-Signed-off-by: Michael Adam <obnox@samba.org>
-Reviewed-by: Andreas Schneider <asn@samba.org>
----
- source3/smbd/process.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/source3/smbd/process.c b/source3/smbd/process.c
-index 958c82b..c83f3bc 100644
---- a/source3/smbd/process.c
-+++ b/source3/smbd/process.c
-@@ -3464,36 +3464,41 @@ NTSTATUS smbXsrv_connection_init_tables(struct smbXsrv_connection *conn,
- {
- NTSTATUS status;
-
-- set_Protocol(protocol);
- conn->protocol = protocol;
-
- if (protocol >= PROTOCOL_SMB2_02) {
- status = smb2srv_session_table_init(conn);
- if (!NT_STATUS_IS_OK(status)) {
-+ conn->protocol = PROTOCOL_NONE;
- return status;
- }
-
- status = smb2srv_open_table_init(conn);
- if (!NT_STATUS_IS_OK(status)) {
-+ conn->protocol = PROTOCOL_NONE;
- return status;
- }
- } else {
- status = smb1srv_session_table_init(conn);
- if (!NT_STATUS_IS_OK(status)) {
-+ conn->protocol = PROTOCOL_NONE;
- return status;
- }
-
- status = smb1srv_tcon_table_init(conn);
- if (!NT_STATUS_IS_OK(status)) {
-+ conn->protocol = PROTOCOL_NONE;
- return status;
- }
-
- status = smb1srv_open_table_init(conn);
- if (!NT_STATUS_IS_OK(status)) {
-+ conn->protocol = PROTOCOL_NONE;
- return status;
- }
- }
-
-+ set_Protocol(protocol);
- return NT_STATUS_OK;
- }
-
---
-2.4.3
-
diff --git a/SOURCES/samba-CVE-2015-3223.patch b/SOURCES/samba-CVE-2015-3223.patch
deleted file mode 100644
index eebe5e3..0000000
--- a/SOURCES/samba-CVE-2015-3223.patch
+++ /dev/null
@@ -1,219 +0,0 @@
-From 7a4129ad1075b54e902af703d2582ffb79b99c49 Mon Sep 17 00:00:00 2001
-From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
-Date: Tue, 24 Nov 2015 13:47:16 +1300
-Subject: [PATCH 5/9] CVE-2015-5330: Fix handling of unicode near string
- endings
-
-Until now next_codepoint_ext() and next_codepoint_handle_ext() were
-using strnlen(str, 5) to determine how much string they should try to
-decode. This ended up looking past the end of the string when it was not
-null terminated and the final character looked like a multi-byte encoding.
-The fix is to let the caller say how long the string can be.
-
-Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599
-
-Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
-Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
-Reviewed-by: Ralph Boehme <slow@samba.org>
----
- lib/util/charset/charset.h | 9 +++++----
- lib/util/charset/codepoints.c | 24 ++++++++++++++++--------
- lib/util/charset/util_str.c | 3 ++-
- lib/util/charset/util_unistr.c | 3 ++-
- 4 files changed, 25 insertions(+), 14 deletions(-)
-
-diff --git a/lib/util/charset/charset.h b/lib/util/charset/charset.h
-index e4297e4..060f1cf 100644
---- a/lib/util/charset/charset.h
-+++ b/lib/util/charset/charset.h
-@@ -171,15 +171,16 @@ smb_iconv_t get_conv_handle(struct smb_iconv_handle *ic,
- charset_t from, charset_t to);
- const char *charset_name(struct smb_iconv_handle *ic, charset_t ch);
-
--codepoint_t next_codepoint_ext(const char *str, charset_t src_charset,
-- size_t *size);
-+codepoint_t next_codepoint_ext(const char *str, size_t len,
-+ charset_t src_charset, size_t *size);
- codepoint_t next_codepoint(const char *str, size_t *size);
- ssize_t push_codepoint(char *str, codepoint_t c);
-
- /* codepoints */
- codepoint_t next_codepoint_handle_ext(struct smb_iconv_handle *ic,
-- const char *str, charset_t src_charset,
-- size_t *size);
-+ const char *str, size_t len,
-+ charset_t src_charset,
-+ size_t *size);
- codepoint_t next_codepoint_handle(struct smb_iconv_handle *ic,
- const char *str, size_t *size);
- ssize_t push_codepoint_handle(struct smb_iconv_handle *ic,
-diff --git a/lib/util/charset/codepoints.c b/lib/util/charset/codepoints.c
-index 0984164..542eeae 100644
---- a/lib/util/charset/codepoints.c
-+++ b/lib/util/charset/codepoints.c
-@@ -319,7 +319,8 @@ smb_iconv_t get_conv_handle(struct smb_iconv_handle *ic,
- */
- _PUBLIC_ codepoint_t next_codepoint_handle_ext(
- struct smb_iconv_handle *ic,
-- const char *str, charset_t src_charset,
-+ const char *str, size_t len,
-+ charset_t src_charset,
- size_t *bytes_consumed)
- {
- /* it cannot occupy more than 4 bytes in UTF16 format */
-@@ -339,7 +340,7 @@ _PUBLIC_ codepoint_t next_codepoint_handle_ext(
- * we assume that no multi-byte character can take more than 5 bytes.
- * This is OK as we only support codepoints up to 1M (U+100000)
- */
-- ilen_orig = strnlen(str, 5);
-+ ilen_orig = MIN(len, 5);
- ilen = ilen_orig;
-
- descriptor = get_conv_handle(ic, src_charset, CH_UTF16);
-@@ -395,9 +396,16 @@ _PUBLIC_ codepoint_t next_codepoint_handle_ext(
- return INVALID_CODEPOINT if the next character cannot be converted
- */
- _PUBLIC_ codepoint_t next_codepoint_handle(struct smb_iconv_handle *ic,
-- const char *str, size_t *size)
-+ const char *str, size_t *size)
- {
-- return next_codepoint_handle_ext(ic, str, CH_UNIX, size);
-+ /*
-+ * We assume that no multi-byte character can take more than 5 bytes
-+ * thus avoiding walking all the way down a long string. This is OK as
-+ * Unicode codepoints only go up to (U+10ffff), which can always be
-+ * encoded in 4 bytes or less.
-+ */
-+ return next_codepoint_handle_ext(ic, str, strnlen(str, 5), CH_UNIX,
-+ size);
- }
-
- /*
-@@ -459,11 +467,11 @@ _PUBLIC_ ssize_t push_codepoint_handle(struct smb_iconv_handle *ic,
- return 5 - olen;
- }
-
--_PUBLIC_ codepoint_t next_codepoint_ext(const char *str, charset_t src_charset,
-- size_t *size)
-+_PUBLIC_ codepoint_t next_codepoint_ext(const char *str, size_t len,
-+ charset_t src_charset, size_t *size)
- {
-- return next_codepoint_handle_ext(get_iconv_handle(), str,
-- src_charset, size);
-+ return next_codepoint_handle_ext(get_iconv_handle(), str, len,
-+ src_charset, size);
- }
-
- _PUBLIC_ codepoint_t next_codepoint(const char *str, size_t *size)
-diff --git a/lib/util/charset/util_str.c b/lib/util/charset/util_str.c
-index d2e6cbb..2653bfc 100644
---- a/lib/util/charset/util_str.c
-+++ b/lib/util/charset/util_str.c
-@@ -210,7 +210,8 @@ _PUBLIC_ size_t strlen_m_ext_handle(struct smb_iconv_handle *ic,
-
- while (*s) {
- size_t c_size;
-- codepoint_t c = next_codepoint_handle_ext(ic, s, src_charset, &c_size);
-+ codepoint_t c = next_codepoint_handle_ext(ic, s, strnlen(s, 5),
-+ src_charset, &c_size);
- s += c_size;
-
- switch (dst_charset) {
-diff --git a/lib/util/charset/util_unistr.c b/lib/util/charset/util_unistr.c
-index e4ae650..f299269 100644
---- a/lib/util/charset/util_unistr.c
-+++ b/lib/util/charset/util_unistr.c
-@@ -112,7 +112,8 @@ _PUBLIC_ char *strupper_talloc_n_handle(struct smb_iconv_handle *iconv_handle,
-
- while (n-- && *src) {
- size_t c_size;
-- codepoint_t c = next_codepoint_handle(iconv_handle, src, &c_size);
-+ codepoint_t c = next_codepoint_handle_ext(iconv_handle, src, n,
-+ CH_UNIX, &c_size);
- src += c_size;
-
- c = toupper_m(c);
---
-2.5.0
-
-
-From 382a9146a88b7aac7db4c64519b3da5611c817ef Mon Sep 17 00:00:00 2001
-From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
-Date: Tue, 24 Nov 2015 13:49:09 +1300
-Subject: [PATCH 6/9] CVE-2015-5330: strupper_talloc_n_handle(): properly count
- characters
-
-When a codepoint eats more than one byte we really want to know,
-especially if the string is not NUL terminated.
-
-Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599
-
-Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
-Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
-Reviewed-by: Ralph Boehme <slow@samba.org>
----
- lib/util/charset/util_unistr.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/lib/util/charset/util_unistr.c b/lib/util/charset/util_unistr.c
-index f299269..2cc8718 100644
---- a/lib/util/charset/util_unistr.c
-+++ b/lib/util/charset/util_unistr.c
-@@ -110,11 +110,12 @@ _PUBLIC_ char *strupper_talloc_n_handle(struct smb_iconv_handle *iconv_handle,
- return NULL;
- }
-
-- while (n-- && *src) {
-+ while (n && *src) {
- size_t c_size;
- codepoint_t c = next_codepoint_handle_ext(iconv_handle, src, n,
- CH_UNIX, &c_size);
- src += c_size;
-+ n -= c_size;
-
- c = toupper_m(c);
-
---
-2.5.0
-
-
-From f317c31922a9ee8ae5ee9c0895a72ee6828d2c81 Mon Sep 17 00:00:00 2001
-From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
-Date: Tue, 24 Nov 2015 13:54:09 +1300
-Subject: [PATCH 7/9] CVE-2015-5330: next_codepoint_handle_ext: don't
- short-circuit UTF16 low bytes
-
-UTF16 contains zero bytes when it is encoding ASCII (for example), so we
-can't assume the absense of the 0x80 bit means a one byte encoding. No
-current callers use UTF16.
-
-Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599
-
-Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
-Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
-Reviewed-by: Ralph Boehme <slow@samba.org>
----
- lib/util/charset/codepoints.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/lib/util/charset/codepoints.c b/lib/util/charset/codepoints.c
-index 542eeae..19d084f 100644
---- a/lib/util/charset/codepoints.c
-+++ b/lib/util/charset/codepoints.c
-@@ -331,7 +331,10 @@ _PUBLIC_ codepoint_t next_codepoint_handle_ext(
- size_t olen;
- char *outbuf;
-
-- if ((str[0] & 0x80) == 0) {
-+
-+ if (((str[0] & 0x80) == 0) && (src_charset == CH_DOS ||
-+ src_charset == CH_UNIX ||
-+ src_charset == CH_UTF8)) {
- *bytes_consumed = 1;
- return (codepoint_t)str[0];
- }
---
-2.5.0
-
-
-
diff --git a/SOURCES/samba-CVE-2015-5252.patch b/SOURCES/samba-CVE-2015-5252.patch
deleted file mode 100644
index d33a3c6..0000000
--- a/SOURCES/samba-CVE-2015-5252.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From 5801fe1f6ca8ea03af5b485872097e5c9a1689b4 Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Thu, 9 Jul 2015 10:58:11 -0700
-Subject: [PATCH] CVE-2015-5252: s3: smbd: Fix symlink verification (file
- access outside the share).
-
-Ensure matching component ends in '/' or '\0'.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11395
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
-Reviewed-by: Volker Lendecke <vl@samba.org>
----
- source3/smbd/vfs.c | 13 ++++++++++---
- 1 file changed, 10 insertions(+), 3 deletions(-)
-
-diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c
-index 1281322..7138759 100644
---- a/source3/smbd/vfs.c
-+++ b/source3/smbd/vfs.c
-@@ -996,6 +996,7 @@ NTSTATUS check_reduced_name_with_privilege(connection_struct *conn,
- struct smb_filename *smb_fname_cwd = NULL;
- struct privilege_paths *priv_paths = NULL;
- int ret;
-+ bool matched;
-
- DEBUG(3,("check_reduced_name_with_privilege [%s] [%s]\n",
- fname,
-@@ -1090,7 +1091,10 @@ NTSTATUS check_reduced_name_with_privilege(connection_struct *conn,
- }
-
- rootdir_len = strlen(conn_rootdir);
-- if (strncmp(conn_rootdir, resolved_name, rootdir_len) != 0) {
-+ matched = (strncmp(conn_rootdir, resolved_name, rootdir_len) == 0);
-+
-+ if (!matched || (resolved_name[rootdir_len] != '/' &&
-+ resolved_name[rootdir_len] != '\0')) {
- DEBUG(2, ("check_reduced_name_with_privilege: Bad access "
- "attempt: %s is a symlink outside the "
- "share path\n",
-@@ -1230,6 +1234,7 @@ NTSTATUS check_reduced_name(connection_struct *conn, const char *fname)
- if (!allow_widelinks || !allow_symlinks) {
- const char *conn_rootdir;
- size_t rootdir_len;
-+ bool matched;
-
- conn_rootdir = SMB_VFS_CONNECTPATH(conn, fname);
- if (conn_rootdir == NULL) {
-@@ -1240,8 +1245,10 @@ NTSTATUS check_reduced_name(connection_struct *conn, const char *fname)
- }
-
- rootdir_len = strlen(conn_rootdir);
-- if (strncmp(conn_rootdir, resolved_name,
-- rootdir_len) != 0) {
-+ matched = (strncmp(conn_rootdir, resolved_name,
-+ rootdir_len) == 0);
-+ if (!matched || (resolved_name[rootdir_len] != '/' &&
-+ resolved_name[rootdir_len] != '\0')) {
- DEBUG(2, ("check_reduced_name: Bad access "
- "attempt: %s is a symlink outside the "
- "share path\n", fname));
---
-2.5.0
-
diff --git a/SOURCES/samba-CVE-2015-5296.patch b/SOURCES/samba-CVE-2015-5296.patch
deleted file mode 100644
index 8196104..0000000
--- a/SOURCES/samba-CVE-2015-5296.patch
+++ /dev/null
@@ -1,175 +0,0 @@
-From 02c216582331ee4bafc6f558c3c7de65d08c655f Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Wed, 30 Sep 2015 21:17:02 +0200
-Subject: [PATCH 1/3] CVE-2015-5296: s3:libsmb: force signing when requiring
- encryption in do_connect()
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Jeremy Allison <jra@samba.org>
----
- source3/libsmb/clidfs.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c
-index b823370..5dfddee 100644
---- a/source3/libsmb/clidfs.c
-+++ b/source3/libsmb/clidfs.c
-@@ -114,6 +114,11 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx,
- const char *domain;
- NTSTATUS status;
- int flags = 0;
-+ int signing_state = get_cmdline_auth_info_signing_state(auth_info);
-+
-+ if (force_encrypt) {
-+ signing_state = SMB_SIGNING_REQUIRED;
-+ }
-
- /* make a copy so we don't modify the global string 'service' */
- servicename = talloc_strdup(ctx,share);
-@@ -152,7 +157,7 @@ static NTSTATUS do_connect(TALLOC_CTX *ctx,
-
- status = cli_connect_nb(
- server, NULL, port, name_type, NULL,
-- get_cmdline_auth_info_signing_state(auth_info),
-+ signing_state,
- flags, &c);
-
- if (!NT_STATUS_IS_OK(status)) {
---
-2.5.0
-
-
-From 9e607c8fd3dfb6091477a34b1bbdfa18526c9f98 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Wed, 30 Sep 2015 21:17:02 +0200
-Subject: [PATCH 2/3] CVE-2015-5296: s3:libsmb: force signing when requiring
- encryption in SMBC_server_internal()
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Jeremy Allison <jra@samba.org>
----
- source3/libsmb/libsmb_server.c | 15 ++++++++++++---
- 1 file changed, 12 insertions(+), 3 deletions(-)
-
-diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_server.c
-index 5410099..0a58d8c 100644
---- a/source3/libsmb/libsmb_server.c
-+++ b/source3/libsmb/libsmb_server.c
-@@ -273,6 +273,7 @@ SMBC_server_internal(TALLOC_CTX *ctx,
- char *newserver, *newshare;
- int flags = 0;
- struct smbXcli_tcon *tcon = NULL;
-+ int signing_state = SMB_SIGNING_DEFAULT;
-
- ZERO_STRUCT(c);
- *in_cache = false;
-@@ -439,6 +440,10 @@ SMBC_server_internal(TALLOC_CTX *ctx,
- flags |= CLI_FULL_CONNECTION_USE_NT_HASH;
- }
-
-+ if (context->internal->smb_encryption_level != SMBC_ENCRYPTLEVEL_NONE) {
-+ signing_state = SMB_SIGNING_REQUIRED;
-+ }
-+
- if (port == 0) {
- if (share == NULL || *share == '\0' || is_ipc) {
- /*
-@@ -446,7 +451,7 @@ SMBC_server_internal(TALLOC_CTX *ctx,
- */
- status = cli_connect_nb(server_n, NULL, NBT_SMB_PORT, 0x20,
- smbc_getNetbiosName(context),
-- SMB_SIGNING_DEFAULT, flags, &c);
-+ signing_state, flags, &c);
- }
- }
-
-@@ -456,7 +461,7 @@ SMBC_server_internal(TALLOC_CTX *ctx,
- */
- status = cli_connect_nb(server_n, NULL, port, 0x20,
- smbc_getNetbiosName(context),
-- SMB_SIGNING_DEFAULT, flags, &c);
-+ signing_state, flags, &c);
- }
-
- if (!NT_STATUS_IS_OK(status)) {
-@@ -745,6 +750,7 @@ SMBC_attr_server(TALLOC_CTX *ctx,
- ipc_srv = SMBC_find_server(ctx, context, server, "*IPC$",
- pp_workgroup, pp_username, pp_password);
- if (!ipc_srv) {
-+ int signing_state = SMB_SIGNING_DEFAULT;
-
- /* We didn't find a cached connection. Get the password */
- if (!*pp_password || (*pp_password)[0] == '\0') {
-@@ -766,6 +772,9 @@ SMBC_attr_server(TALLOC_CTX *ctx,
- if (smbc_getOptionUseCCache(context)) {
- flags |= CLI_FULL_CONNECTION_USE_CCACHE;
- }
-+ if (context->internal->smb_encryption_level != SMBC_ENCRYPTLEVEL_NONE) {
-+ signing_state = SMB_SIGNING_REQUIRED;
-+ }
-
- nt_status = cli_full_connection(&ipc_cli,
- lp_netbios_name(), server,
-@@ -774,7 +783,7 @@ SMBC_attr_server(TALLOC_CTX *ctx,
- *pp_workgroup,
- *pp_password,
- flags,
-- SMB_SIGNING_DEFAULT);
-+ signing_state);
- if (! NT_STATUS_IS_OK(nt_status)) {
- DEBUG(1,("cli_full_connection failed! (%s)\n",
- nt_errstr(nt_status)));
---
-2.5.0
-
-
-From 289cbf6636e02c1e5125de990e0b22bbb30a0504 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Wed, 30 Sep 2015 21:23:25 +0200
-Subject: [PATCH 3/3] CVE-2015-5296: libcli/smb: make sure we require signing
- when we demand encryption on a session
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Jeremy Allison <jra@samba.org>
----
- libcli/smb/smbXcli_base.c | 11 +++++++++++
- 1 file changed, 11 insertions(+)
-
-diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
-index 69599bd..b00afbc 100644
---- a/libcli/smb/smbXcli_base.c
-+++ b/libcli/smb/smbXcli_base.c
-@@ -5085,6 +5085,9 @@ uint8_t smb2cli_session_security_mode(struct smbXcli_session *session)
- if (conn->mandatory_signing) {
- security_mode |= SMB2_NEGOTIATE_SIGNING_REQUIRED;
- }
-+ if (session->smb2->should_sign) {
-+ security_mode |= SMB2_NEGOTIATE_SIGNING_REQUIRED;
-+ }
-
- return security_mode;
- }
-@@ -5383,6 +5386,14 @@ NTSTATUS smb2cli_session_set_channel_key(struct smbXcli_session *session,
-
- NTSTATUS smb2cli_session_encryption_on(struct smbXcli_session *session)
- {
-+ if (!session->smb2->should_sign) {
-+ /*
-+ * We need required signing on the session
-+ * in order to prevent man in the middle attacks.
-+ */
-+ return NT_STATUS_INVALID_PARAMETER_MIX;
-+ }
-+
- if (session->smb2->should_encrypt) {
- return NT_STATUS_OK;
- }
---
-2.5.0
-
diff --git a/SOURCES/samba-CVE-2015-5299.patch b/SOURCES/samba-CVE-2015-5299.patch
deleted file mode 100644
index 2d9a956..0000000
--- a/SOURCES/samba-CVE-2015-5299.patch
+++ /dev/null
@@ -1,96 +0,0 @@
-From 9588c4950c9b3dd6c16b899156e6d985c7b43187 Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra@samba.org>
-Date: Fri, 23 Oct 2015 14:54:31 -0700
-Subject: [PATCH] CVE-2015-5299: s3-shadow-copy2: fix missing access check on
- snapdir
-
-Fix originally from <partha@exablox.com>
-
-https://bugzilla.samba.org/show_bug.cgi?id=11529
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
-Reviewed-by: David Disseldorp <ddiss@samba.org>
----
- source3/modules/vfs_shadow_copy2.c | 45 ++++++++++++++++++++++++++++++++++++++
- 1 file changed, 45 insertions(+)
-
-diff --git a/source3/modules/vfs_shadow_copy2.c b/source3/modules/vfs_shadow_copy2.c
-index 439df5d..c5c2015 100644
---- a/source3/modules/vfs_shadow_copy2.c
-+++ b/source3/modules/vfs_shadow_copy2.c
-@@ -30,6 +30,7 @@
- */
-
- #include "includes.h"
-+#include "smbd/smbd.h"
- #include "system/filesys.h"
- #include "include/ntioctl.h"
- #include <ccan/hash/hash.h>
-@@ -1179,6 +1180,42 @@ static char *have_snapdir(struct vfs_handle_struct *handle,
- return NULL;
- }
-
-+static bool check_access_snapdir(struct vfs_handle_struct *handle,
-+ const char *path)
-+{
-+ struct smb_filename smb_fname;
-+ int ret;
-+ NTSTATUS status;
-+
-+ ZERO_STRUCT(smb_fname);
-+ smb_fname.base_name = talloc_asprintf(talloc_tos(),
-+ "%s",
-+ path);
-+ if (smb_fname.base_name == NULL) {
-+ return false;
-+ }
-+
-+ ret = SMB_VFS_NEXT_STAT(handle, &smb_fname);
-+ if (ret != 0 || !S_ISDIR(smb_fname.st.st_ex_mode)) {
-+ TALLOC_FREE(smb_fname.base_name);
-+ return false;
-+ }
-+
-+ status = smbd_check_access_rights(handle->conn,
-+ &smb_fname,
-+ false,
-+ SEC_DIR_LIST);
-+ if (!NT_STATUS_IS_OK(status)) {
-+ DEBUG(0,("user does not have list permission "
-+ "on snapdir %s\n",
-+ smb_fname.base_name));
-+ TALLOC_FREE(smb_fname.base_name);
-+ return false;
-+ }
-+ TALLOC_FREE(smb_fname.base_name);
-+ return true;
-+}
-+
- /**
- * Find the snapshot directory (if any) for the given
- * filename (which is relative to the share).
-@@ -1328,6 +1365,7 @@ static int shadow_copy2_get_shadow_copy_data(
- const char *snapdir;
- struct dirent *d;
- TALLOC_CTX *tmp_ctx = talloc_stackframe();
-+ bool ret;
-
- snapdir = shadow_copy2_find_snapdir(tmp_ctx, handle, fsp->fsp_name);
- if (snapdir == NULL) {
-@@ -1337,6 +1375,13 @@ static int shadow_copy2_get_shadow_copy_data(
- talloc_free(tmp_ctx);
- return -1;
- }
-+ ret = check_access_snapdir(handle, snapdir);
-+ if (!ret) {
-+ DEBUG(0,("access denied on listing snapdir %s\n", snapdir));
-+ errno = EACCES;
-+ talloc_free(tmp_ctx);
-+ return -1;
-+ }
-
- p = SMB_VFS_NEXT_OPENDIR(handle, snapdir, NULL, 0);
-
---
-2.5.0
-
diff --git a/SPECS/samba.spec b/SPECS/samba.spec
index 003b3e3..1017055 100644
--- a/SPECS/samba.spec
+++ b/SPECS/samba.spec
@@ -6,9 +6,9 @@
# ctdb is enabled by default, you can disable it with: --without clustering
%bcond_without clustering
-%define main_release 12
+%define main_release 6
-%define samba_version 4.2.3
+%define samba_version 4.2.10
%define talloc_version 2.1.2
%define ntdb_version 1.0
%define tdb_version 1.3.4
@@ -109,19 +109,11 @@ Source6: samba.pamd
Source200: README.dc
Source201: README.downgrade
-Patch0: samba-4.2-auth-credentials-if-credentials-have-principal-set-t.patch
-Patch1: samba-4.2.3-fix_smbX_segfault.patch
-Patch2: samba-4.2.3-fix_dfree_command.patch
+Patch1: samba-4.2.10-ldap-sasl-win2003.patch
Patch3: samba-4.2.3-document_netbios_length.patch
Patch4: samba-4.2.3-fix_net_ads_keytab_segfault.patch
-Patch5: samba-4.2.3-fix_force_group.patch
-Patch6: samba-4.2.3-fix_map_to_guest_bad_uid.patch
-Patch7: samba-4.2.3-fix_nss_wins.patch
-Patch8: samba-CVE-2015-3223.patch
-Patch9: samba-CVE-2015-5299.patch
-Patch10: samba-CVE-2015-5252.patch
-Patch11: samba-CVE-2015-5296.patch
-Patch12: CVE-2015-7560-v4-2.patch
+Patch5: samba-4.2.10-s3-parm-clean-up-defaults-when-removing-global-param.patch
+Patch6: samba-4.2.10-s3-winbind-make-sure-domain-member-can-talk-to-trust.patch
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
@@ -694,19 +686,11 @@ and use CTDB instead.
%prep
%setup -q -n samba-%{version}%{pre_release}
-%patch0 -p1 -b .samba-4.2-auth-credentials-if-credentials-have-principal-set-t.patch
-%patch1 -p1 -b .samba-4.2.3-fix_smbX_segfault.patch
-%patch2 -p1 -b .samba-4.2.3-fix_dfree_command.patch
+%patch1 -p1 -b .samba-4.2.10-ldap-sasl-win2003.patch
%patch3 -p1 -b .samba-4.2.3-document_netbios_length.patch
%patch4 -p1 -b .samba-4.2.3-fix_net_ads_keytab_segfault.patch
-%patch5 -p1 -b .samba-4.2.3-fix_force_group.patch
-%patch6 -p1 -b .samba-4.2.3-fix_map_to_guest_bad_uid.patch
-%patch7 -p1 -b .samba-4.2.3-fix_nss_wins.patch
-%patch8 -p1 -b .samba-CVE-2015-3223.patch
-%patch9 -p1 -b .samba-CVE-2015-5299.patch
-%patch10 -p1 -b .samba-CVE-2015-5252.patch
-%patch11 -p1 -b .samba-CVE-2015-5296.patch
-%patch12 -p1 -b .CVE-2015-7560-v4-2.patch
+%patch5 -p1 -b .samba-4.2.10-s3-parm-clean-up-defaults-when-removing-global-param.patch
+%patch6 -p1 -b .samba-4.2.10-s3-winbind-make-sure-domain-member-can-talk-to-trust.patch
%build
%global _talloc_lib ,talloc,pytalloc,pytalloc-util
@@ -881,6 +865,17 @@ install -m 0755 packaging/NetworkManager/30-winbind-systemd \
install -d -m 0755 %{buildroot}%{_libdir}/krb5/plugins/libkrb5
touch %{buildroot}%{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so
+%if ! %with_dc
+for i in %{_libdir}/samba/libdfs-server-ad-samba4.so \
+ %{_libdir}/samba/libdnsserver-common-samba4.so \
+ %{_mandir}/man8/samba.8 \
+ %{_mandir}/man8/samba-tool.8 \
+ %{_libdir}/samba/ldb/ildap.so \
+ %{_libdir}/samba/ldb/ldbsamba_extensions.so ; do
+ rm -f %{buildroot}$i
+done
+%endif
+
# This makes the right links, as rpmlint requires that
# the ldconfig-created links be recorded in the RPM.
/sbin/ldconfig -N -n %{buildroot}%{_libdir}
@@ -1357,6 +1352,7 @@ rm -rf %{buildroot}
%config(noreplace) %{_sysconfdir}/logrotate.d/samba
%attr(0700,root,root) %dir /var/log/samba
%attr(0700,root,root) %dir /var/log/samba/old
+%attr(0755,root,root) %dir /var/lib/samba
%ghost %dir /var/run/samba
%ghost %dir /var/run/winbindd
%attr(700,root,root) %dir /var/lib/samba/private
@@ -1469,11 +1465,6 @@ rm -rf %{buildroot}
%{_mandir}/man8/samba-tool.8*
%else # with_dc
%doc packaging/README.dc
-%exclude %{_mandir}/man8/samba.8*
-%exclude %{_mandir}/man8/samba-tool.8*
-%exclude %{_libdir}/samba/ldb/ildap.so
-%exclude %{_libdir}/samba/ldb/ldbsamba_extensions.so
-
%endif # with_dc
### DC-LIBS
@@ -1512,8 +1503,6 @@ rm -rf %{buildroot}
%{_libdir}/samba/bind9/dlz_bind9_9.so
%else
%doc packaging/README.dc-libs
-%exclude %{_libdir}/samba/libdfs-server-ad-samba4.so
-%exclude %{_libdir}/samba/libdnsserver-common-samba4.so
%endif # with_dc
### DEVEL
@@ -2003,6 +1992,29 @@ rm -rf %{buildroot}
%endif # with_clustering_support
%changelog
+* Tue Apr 12 2016 Alexander Bokovoy <abokovoy@redhat.com> - 4.2.10-6
+- Fix domain member winbind not being able to talk to trusted domains' DCs
+- relates: #1322690
+
+* Mon Apr 11 2016 Alexander Bokovoy <abokovoy@redhat.com> - 4.2.10-5
+- Fix crash in smb.conf processing
+- relates: #1322690
+
+* Fri Apr 08 2016 Alexander Bokovoy <abokovoy@redhat.com> - 4.2.10-4
+- Fix LDAP SASL bind with arcfour-hmac-md5
+- resolves: #1322690
+
+* Thu Apr 07 2016 Alexander Bokovoy <abokovoy@redhat.com> - 4.2.10-3
+- Make sure the package owns /var/lib/samba and uses it for cache purposes
+- resolves: #1322690
+
+* Wed Apr 06 2016 Alexander Bokovoy <abokovoy@redhat.com> - 4.2.10-2
+- Remove ldb modules and internal libraries for DC when not packaging DC build
+- resolves: #1322690
+
+* Mon Apr 04 2016 Alexander Bokovoy <abokovoy@redhat.com> - 4.2.10-1
+- resolves: #1322690
+
* Fri Mar 04 2016 Andreas Schneider <asn@redhat.com> - 4.2.3-12
- resolves: #1314672 - Fix CVE-2015-7560