diff --git a/SOURCES/samba-4.2.x-fix_netlogon_wo_winbind.patch b/SOURCES/samba-4.2.x-fix_netlogon_wo_winbind.patch new file mode 100644 index 0000000..604c281 --- /dev/null +++ b/SOURCES/samba-4.2.x-fix_netlogon_wo_winbind.patch @@ -0,0 +1,69 @@ +From 91e4cbc46f0f54570f27a829b7c7c71da657030b Mon Sep 17 00:00:00 2001 +From: Stefan Metzmacher +Date: Mon, 9 Feb 2015 10:33:01 +0100 +Subject: [PATCH] s3:auth_domain: fix talloc problem in + connect_to_domain_password_server() + +return values of connect_to_domain_password_server() need to be exported +to the callers memory context. + +Signed-off-by: Stefan Metzmacher +Reviewed-by: Guenther Deschner +--- + source3/auth/auth_domain.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c +index 373b596..e29330d 100644 +--- a/source3/auth/auth_domain.c ++++ b/source3/auth/auth_domain.c +@@ -53,6 +53,7 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli_ret, + const char *dc_name, + const struct sockaddr_storage *dc_ss, + struct rpc_pipe_client **pipe_ret, ++ TALLOC_CTX *mem_ctx, + struct netlogon_creds_cli_context **creds_ret) + { + TALLOC_CTX *frame = talloc_stackframe(); +@@ -209,7 +210,7 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli_ret, + + *cli_ret = cli; + *pipe_ret = netlogon_pipe; +- *creds_ret = netlogon_creds; ++ *creds_ret = talloc_move(mem_ctx, &netlogon_creds); + + TALLOC_FREE(frame); + return NT_STATUS_OK; +@@ -230,6 +231,7 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx, + const struct sockaddr_storage *dc_ss) + + { ++ TALLOC_CTX *frame = talloc_stackframe(); + struct netr_SamInfo3 *info3 = NULL; + struct cli_state *cli = NULL; + struct rpc_pipe_client *netlogon_pipe = NULL; +@@ -255,11 +257,13 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx, + dc_name, + dc_ss, + &netlogon_pipe, ++ frame, + &netlogon_creds); + } + + if ( !NT_STATUS_IS_OK(nt_status) ) { + DEBUG(0,("domain_client_validate: Domain password server not available.\n")); ++ TALLOC_FREE(frame); + if (NT_STATUS_EQUAL(nt_status, NT_STATUS_ACCESS_DENIED)) { + return NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE; + } +@@ -324,6 +328,7 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx, + these pointers are no longer valid..... */ + + cli_shutdown(cli); ++ TALLOC_FREE(frame); + return nt_status; + } + +-- +2.1.0 + diff --git a/SPECS/samba.spec b/SPECS/samba.spec index 50dc153..ffc65b7 100644 --- a/SPECS/samba.spec +++ b/SPECS/samba.spec @@ -6,7 +6,7 @@ # ctdb is enabled by default, you can disable it with: --without clustering %bcond_without clustering -%define main_release 23 +%define main_release 24 %define samba_version 4.1.12 %define talloc_version 2.1.1 @@ -127,6 +127,7 @@ Patch24: samba-4.1.x-CVE-2015-0240.patch Patch100: samba-4.2.x-fix_gecos_field_with_samlogon.patch Patch101: samba-4.2.x-fix_net_rpc_join_schannel.patch +Patch102: samba-4.2.x-fix_netlogon_wo_winbind.patch BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) @@ -577,6 +578,7 @@ module necessary to communicate to the Winbind Daemon # schannel support from 4.2.x %patch100 -p1 -b .samba-4.1.13-fix_gecos_field_with_samlogon.patch %patch101 -p1 -b .samba-4.2.x-fix_net_rpc_join_schannel.patch +%patch102 -p1 -b .samba-4.2.x-fix_netlogon_wo_winbind.patch %build %global _talloc_lib ,talloc,pytalloc,pytalloc-util @@ -1677,6 +1679,9 @@ rm -rf %{buildroot} %{_mandir}/man8/pam_winbind.8* %changelog +* Mon Aug 31 2015 - Guenther Deschner - 4.1.12-24 +- resolves: #1258317 - Fix NETLOGON authentication without winbindd. + * Thu Apr 09 2015 Andreas Schneider - 4.1.12-23 - related: #1208495 - Rebuild Samba with new binutils package.