[Pkg-samba-maint] r3413 - in branches/samba/lenny/debian: . patches

bubulle at alioth.debian.org bubulle at alioth.debian.org
Sun Apr 4 15:00:56 UTC 2010 

tags 575951 pending
thanks

Author: bubulle
Date: 2010-04-04 15:00:50 +0000 (Sun, 04 Apr 2010)
New Revision: 3413

Added:
   branches/samba/lenny/debian/patches/bug_575951_upstream_6697.patch
Modified:
   branches/samba/lenny/debian/changelog
   branches/samba/lenny/debian/patches/series
Log:
Fix interdomain trust with w2k8r2 servers. This is a backport of
upstream bug #6697 fix.
Planned for s-p-u


Modified: branches/samba/lenny/debian/changelog
===================================================================
--- branches/samba/lenny/debian/changelog	2010-03-31 20:20:22 UTC (rev 3412)
+++ branches/samba/lenny/debian/changelog	2010-04-04 15:00:50 UTC (rev 3413)
@@ -1,3 +1,10 @@
+samba (2:3.2.5-4lenny10) stable-proposed-updates-UNRELEASED; urgency=low
+
+  * Fix interdomain trust with w2k8r2 servers. This makes lenny's
+    samba unusable in some situations. Closes: #575951
+
+ -- Christian Perrier <bubulle at debian.org>  Sun, 04 Apr 2010 16:58:49 +0200
+
 samba (2:3.2.5-4lenny9) stable-security; urgency=low
 
   * Security update, fixing the following issues in mount.cifs:

Added: branches/samba/lenny/debian/patches/bug_575951_upstream_6697.patch
===================================================================
--- branches/samba/lenny/debian/patches/bug_575951_upstream_6697.patch	                        (rev 0)
+++ branches/samba/lenny/debian/patches/bug_575951_upstream_6697.patch	2010-04-04 15:00:50 UTC (rev 3413)
@@ -0,0 +1,39 @@
+Goal: Interdomain trusts with Windows 2008 R2 DCs.
+
+Fixes: #575951
+
+Status wrt upstream: Fixed in 3.3 and 3.4.1
+
+Author: Günther Deschner <gd at samba.org>
+
+Details:
+ The Schannel verifier (aka NL_AUTH_SIGNATURE) structure (32 byte) sent from a
+ W2k8r2 DC is passed in a buffer with the size of a NL_AUTH_SHA2_SIGNATURE (56
+ byte). We should just ignore the remaining 12 zeroed bytes and proceed.
+
+Index: lenny/source/include/rpc_dce.h
+===================================================================
+--- lenny.orig/source/include/rpc_dce.h
++++ lenny/source/include/rpc_dce.h
+@@ -150,7 +150,7 @@
+ };
+ 
+ /* Maximum size of the signing data in a fragment. */
+-#define RPC_MAX_SIGN_SIZE 0x20 /* 32 */
++#define RPC_MAX_SIGN_SIZE 0x38 /* 56 */
+ 
+ /* Maximum PDU fragment size. */
+ /* #define MAX_PDU_FRAG_LEN 0x1630		this is what wnt sets */
+Index: lenny/source/rpc_client/cli_pipe.c
+===================================================================
+--- lenny.orig/source/rpc_client/cli_pipe.c
++++ lenny/source/rpc_client/cli_pipe.c
+@@ -349,7 +349,7 @@
+ 		return NT_STATUS_OK;
+ 	}
+ 
+-	if (auth_len != RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN) {
++	if (auth_len < RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN) {
+ 		DEBUG(0,("cli_pipe_verify_schannel: auth_len %u.\n", (unsigned int)auth_len ));
+ 		return NT_STATUS_INVALID_PARAMETER;
+ 	}

Modified: branches/samba/lenny/debian/patches/series
===================================================================
--- branches/samba/lenny/debian/patches/series	2010-03-31 20:20:22 UTC (rev 3412)
+++ branches/samba/lenny/debian/patches/series	2010-04-04 15:00:50 UTC (rev 3413)
@@ -41,3 +41,4 @@
 bug_561545_upstream_7005.patch
 security-CVE-2009-3297.patch
 security-CVE-2010-0547.patch
+bug_575951_upstream_6697.patch

More information about the Pkg-samba-maint mailing list