[Pkg-samba-maint] [Git][samba-team/samba][bookworm] 2 commits: fix-unsupported-netr_LogonGetCapabilities-l2.patch

Michael Tokarev (@mjt) gitlab at salsa.debian.org
Fri Jul 14 10:53:29 BST 2023 


Michael Tokarev pushed to branch bookworm at Debian Samba Team / samba


Commits:
2571b885 by Michael Tokarev at 2023-07-14T12:33:32+03:00
fix-unsupported-netr_LogonGetCapabilities-l2.patch

- - - - -
dec07df1 by Michael Tokarev at 2023-07-14T12:34:33+03:00
update changelog; upload version 4.17.9+dfsg-0+deb12u3 to bookworm

- - - - -


3 changed files:

- debian/changelog
- + debian/patches/fix-unsupported-netr_LogonGetCapabilities-l2.patch
- debian/patches/series


Changes:

=====================================
debian/changelog
=====================================
@@ -1,3 +1,11 @@
+samba (2:4.17.9+dfsg-0+deb12u3) bookworm; urgency=medium
+
+  * +fix-unsupported-netr_LogonGetCapabilities-l2.patch
+    Fix windows logon/trust issues with 2023-07 windows updates:
+    https://bugzilla.samba.org/show_bug.cgi?id=15418
+
+ -- Michael Tokarev <mjt at tls.msk.ru>  Fri, 14 Jul 2023 12:34:30 +0300
+
 samba (2:4.17.9+dfsg-0+deb12u2) bookworm; urgency=medium
 
   * link with -latomic explicitly on a few architectures where gcc misses it


=====================================
debian/patches/fix-unsupported-netr_LogonGetCapabilities-l2.patch
=====================================
@@ -0,0 +1,68 @@
+From af355243e55a4baf17126339eb66432d438c4f16 Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze at samba.org>
+Date: Fri, 14 Jul 2023 10:20:05 +0200
+Subject: [PATCH] s3+s3/rpc_server: fix unsupported netr_LogonGetCapabilities
+ level 2
+Origin: upstream, https://bugzilla.samba.org/attachment.cgi?id=17983
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15418
+---
+ source3/rpc_server/netlogon/srv_netlog_nt.c   | 9 +++++----
+ source4/rpc_server/netlogon/dcerpc_netlogon.c | 8 ++++----
+ 2 files changed, 9 insertions(+), 8 deletions(-)
+
+diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
+index 3ba58e61206f..2018dc28eb67 100644
+--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
++++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
+@@ -2284,6 +2284,11 @@ NTSTATUS _netr_LogonGetCapabilities(struct pipes_struct *p,
+ 	struct netlogon_creds_CredentialState *creds;
+ 	NTSTATUS status;
+ 
++	if (r->in.query_level != 1) {
++		p->fault_state = DCERPC_NCA_S_FAULT_INVALID_TAG;
++		return NT_STATUS_NOT_SUPPORTED;
++	}
++
+ 	become_root();
+ 	status = dcesrv_netr_creds_server_step_check(p->dce_call,
+ 						p->mem_ctx,
+@@ -2296,10 +2301,6 @@ NTSTATUS _netr_LogonGetCapabilities(struct pipes_struct *p,
+ 		return status;
+ 	}
+ 
+-	if (r->in.query_level != 1) {
+-		return NT_STATUS_NOT_SUPPORTED;
+-	}
+-
+ 	r->out.capabilities->server_capabilities = creds->negotiate_flags;
+ 
+ 	return NT_STATUS_OK;
+diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
+index 6ccba65d3bf0..c869a6d3c791 100644
+--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
++++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
+@@ -2364,6 +2364,10 @@ static NTSTATUS dcesrv_netr_LogonGetCapabilities(struct dcesrv_call_state *dce_c
+ 	struct netlogon_creds_CredentialState *creds;
+ 	NTSTATUS status;
+ 
++	if (r->in.query_level != 1) {
++		DCESRV_FAULT(DCERPC_NCA_S_FAULT_INVALID_TAG);
++	}
++
+ 	status = dcesrv_netr_creds_server_step_check(dce_call,
+ 						     mem_ctx,
+ 						     r->in.computer_name,
+@@ -2375,10 +2379,6 @@ static NTSTATUS dcesrv_netr_LogonGetCapabilities(struct dcesrv_call_state *dce_c
+ 	}
+ 	NT_STATUS_NOT_OK_RETURN(status);
+ 
+-	if (r->in.query_level != 1) {
+-		return NT_STATUS_NOT_SUPPORTED;
+-	}
+-
+ 	r->out.capabilities->server_capabilities = creds->negotiate_flags;
+ 
+ 	return NT_STATUS_OK;
+-- 
+2.41.0


=====================================
debian/patches/series
=====================================
@@ -24,3 +24,4 @@ meaningful-error-if-no-samba-ad-provision.patch
 meaningful-error-if-no-python3-markdown.patch
 ctdb-use-run-instead-of-var-run.patch
 heimdal-to-support-KEYRING-ccache.patch
+fix-unsupported-netr_LogonGetCapabilities-l2.patch



View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/728732b61c04d16c4d1682c13d651a038f713875...dec07df126e2163d7d9c85f9ad7dcc23b4e6d0ae

-- 
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/728732b61c04d16c4d1682c13d651a038f713875...dec07df126e2163d7d9c85f9ad7dcc23b4e6d0ae
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20230714/2fe177c7/attachment-0001.htm>

More information about the Pkg-samba-maint mailing list