[samba/f19] Fix winbind cache keysize limitations.

Tue Nov 26 11:47:38 UTC 2013

commit 7a0ccdd37dbfdf7846fa863139ebc110379c1dc6
Author: Günther Deschner <gd at samba.org>
Date:   Tue Nov 26 12:47:01 2013 +0100

    Fix winbind cache keysize limitations.
    
    resolves: #1030964
    
    Guenther

 samba-4.1.2-winbind_cache_keysize.patch |   41 +++++++++++++++++++++++++++++++
 samba.spec                              |    7 ++++-
 2 files changed, 47 insertions(+), 1 deletions(-)
---

diff --git a/samba-4.1.2-winbind_cache_keysize.patch b/samba-4.1.2-winbind_cache_keysize.patch
new file mode 100644
index 0000000..fd4b505
--- /dev/null
+++ b/samba-4.1.2-winbind_cache_keysize.patch
@@ -0,0 +1,41 @@
+From 944e9fbc20f125b52e047484dca1792d75561ed9 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd at samba.org>
+Date: Wed, 13 Nov 2013 15:10:33 +0100
+Subject: [PATCH] s3-winbindd: Fix #10264, cache_traverse_validate_fn failure
+ for NDR cache entries.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+We need to increase the keysize limit for NDR queries. A wbint_LookupSids query
+for just 20 sids already hits the older limit.
+
+Guenther
+
+https://bugzilla.samba.org/show_bug.cgi?id=10264
+Signed-off-by: Günther Deschner <gd at samba.org>
+Reviewed-by: Michael Adam <obnox at samba.org>
+
+Autobuild-User(master): Michael Adam <obnox at samba.org>
+Autobuild-Date(master): Wed Nov 13 19:33:46 CET 2013 on sn-devel-104
+---
+ source3/winbindd/winbindd_cache.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
+index 91c19fa..267cefc 100644
+--- a/source3/winbindd/winbindd_cache.c
++++ b/source3/winbindd/winbindd_cache.c
+@@ -4065,7 +4065,8 @@ static int cache_traverse_validate_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_D
+ 	struct tdb_validation_status *v_state = (struct tdb_validation_status *)state;
+ 
+ 	/* Paranoia check. */
+-	if (strncmp("UA/", (const char *)kbuf.dptr, 3) == 0) {
++	if (strncmp("UA/", (const char *)kbuf.dptr, 3) == 0 ||
++	    strncmp("NDR/", (const char *)kbuf.dptr, 4) == 0) {
+ 		max_key_len = 1024 * 1024;
+ 	}
+ 	if (kbuf.dsize > max_key_len) {
+-- 
+1.8.3.1
+
diff --git a/samba.spec b/samba.spec
index 99c1c36..fe4b1af 100644
--- a/samba.spec
+++ b/samba.spec
@@ -1,7 +1,7 @@
 # Set --with testsuite or %bcond_without to run the Samba torture testsuite.
 %bcond_with testsuite
 
-%define main_release 1
+%define main_release 2
 
 %define samba_version 4.0.11
 %define talloc_version 2.0.7
@@ -79,6 +79,7 @@ Source200: README.dc
 Source201: README.downgrade
 
 Patch3: samba-4.1.0rc1-fix_wbinfo_krb5ccname.patch
+Patch4: samba-4.1.2-winbind_cache_keysize.patch
 
 BuildRoot:      %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 
@@ -471,6 +472,7 @@ module necessary to communicate to the Winbind Daemon
 %prep
 %setup -q -n samba-%{version}%{pre_release}
 %patch3 -p1
+%patch4 -p1 -b .samba-4.1.2-winbind_cache_keysize.patch
 
 %build
 %global _talloc_lib ,talloc,pytalloc,pytalloc-util
@@ -1524,6 +1526,9 @@ rm -rf %{buildroot}
 %{_mandir}/man8/pam_winbind.8*
 
 %changelog
+* Tue Nov 26 2013 - Guenther Deschner <gdeschner at redhat.com> 2:4.0.11-2
+- resolves: #1030964 - Fix winbind cache keysize limitations.
+
 * Mon Nov 11 2013 - Andreas Schneider <asn at redhat.com> 2:4.0.11-1
 - resolves: #1024544 - Fix CVE-2013-4475.
 
