Stefan Metzmacher [Thu, 15 Mar 2012 12:07:47 +0000 (13:07 +0100)]
pidl/NDR/Parser: use ParseArrayPullGetLength() to get the number of array elements (bug #8815 / CVE-2012-1182)
An anonymous researcher and Brian Gorenc (HP DVLabs) working
with HP's Zero Day Initiative program have found this and notified us.
metze
(cherry picked from commit
586c3fab85cde3bd6a5141fbba3bb5fcb6b67ab5)
Stefan Metzmacher [Thu, 15 Mar 2012 12:05:39 +0000 (13:05 +0100)]
pidl/NDR/Parser: split off ParseArrayPullGetSize() and ParseArrayPullGetLength()
metze
(cherry picked from commit
eb8240ecb0d82a8f9b3b7c7d317c57f1aff74296)
Stefan Metzmacher [Thu, 15 Mar 2012 12:12:04 +0000 (13:12 +0100)]
pidl/NDR/Parser: simplify logic in DeclareArrayVariables*()
metze
(cherry picked from commit
102e9956316bbbbac2b440bb75eb039b184a2886)
Stefan Metzmacher [Thu, 15 Mar 2012 12:09:51 +0000 (13:09 +0100)]
pidl/NDR/Parser: declare all union helper variables in ParseUnionPull()
metze
(cherry picked from commit
45245f10c3bd476bcb49be25bc56bb7811b85d3c)
Stefan Metzmacher [Tue, 21 Sep 2010 03:41:37 +0000 (05:41 +0200)]
pidl:NDR/Parser: fix range() for arrays
metze
(cherry picked from commit
bea4948acb4bbee2fbf886adeb53edbc84de96da)
(cherry picked from commit
b48e41cb5541bec34333f94fc21bcd6c47018869)
Stefan Metzmacher [Mon, 27 Jul 2009 15:34:37 +0000 (17:34 +0200)]
pidl: allow foo being on the wire after [length_is(foo)] uint8 *buffer
metze
(cherry picked from commit
92791ce9a8439ac06a22afdbeb0d0fc66c32cb31)
(cherry picked from commit
dd5faa13873fbdd92fa4ddd82dc69d34a73e4d1f)
Stefan Metzmacher [Mon, 27 Jul 2009 13:52:16 +0000 (15:52 +0200)]
pidl: add support for [string] on fixed size arrays.
midl also supports this:
struct {
long l1;
[string] wchar_t str[16];
long l2;
};
Where the wire size of str is encoded like a length_is() header:
4-byte offset == 0;
4-byte array length;
The strings are zero terminated.
metze
(cherry picked from commit
7ccc9a6ef563cc855752b4e74152420b9be5af43)
(cherry picked from commit
75aeb61c38efe28503991834fb5181537cdffc68)
Karolin Seeger [Sat, 7 Apr 2012 14:24:33 +0000 (16:24 +0200)]
WHATSNEW: Prepare release notes for 3.4.16.
Karolin
(cherry picked from commit
0cc91c98f6d311a92aa308e9fcbac252c96d590d)
Karolin Seeger [Tue, 23 Aug 2011 18:21:23 +0000 (20:21 +0200)]
WHATSNEW: Start release notes for 3.4.16.
Karolin
Karolin Seeger [Tue, 23 Aug 2011 18:19:39 +0000 (20:19 +0200)]
VERSION: Bump version up to 3.4.16.
Karolin
Karolin Seeger [Thu, 18 Aug 2011 19:39:52 +0000 (21:39 +0200)]
WHATSNEW: Prepare release notes for 3.4.15.
Karolin
Karolin Seeger [Sun, 24 Jul 2011 19:24:27 +0000 (21:24 +0200)]
WHATSNEW: Update release notes.
Karolin
(cherry picked from commit
315437d3d5a503b2d17c8a01f0e2c088febb041a)
Björn Jacke [Thu, 4 Aug 2011 14:25:08 +0000 (16:25 +0200)]
s3/swat: use strlcat instead of strncat to fix build on old Linux distros
SLES 9's glibc for example had weird macros where the use of strncat resulted
in the use of strcat which we don't allow.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Björn Jacke <bj@sernet.de>
Autobuild-Date: Thu Aug 4 17:50:24 CEST 2011 on sn-devel-104
(cherry picked from commit
d3b4d75364210e2d2a4a1cd806f28b0021f22909)
Fix bug #8362 (build issue on old glibc systems).
(cherry picked from commit
87fa72a5202fe3780d4a61289bf755027cd078f4)
(cherry picked from commit
552ccc6588b0744ae9b3731b1406749baea03d5a)
Stefan Metzmacher [Fri, 5 Aug 2011 17:48:38 +0000 (19:48 +0200)]
s3:web/swat: use strtoll() instead of atoi/atol/atoll
This is more portable, as we have a strtoll replacement
in lib/replace.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sat Aug 6 11:55:45 CEST 2011 on sn-devel-104
(cherry picked from commit
a6be0820d09b3f3eabfbb5f4356add303aa8a494)
Fix bug #8347 (CVE-2011-2522 regression for HP-UX, AIX and OSF).
Karolin Seeger [Tue, 26 Jul 2011 18:35:15 +0000 (20:35 +0200)]
WHATSNEW: Start release notes for 3.4.15.
Karolin
(cherry picked from commit
999514b140c5f85497109da558d5e8630d59b57e)
Karolin Seeger [Tue, 26 Jul 2011 18:32:21 +0000 (20:32 +0200)]
VERSION: Bump version up to 3.4.15.
Karolin
(cherry picked from commit
eff1c775066938267c44ab0bd25de99363c1d569)
Karolin Seeger [Sun, 24 Jul 2011 19:09:38 +0000 (21:09 +0200)]
s3-swat: Fix typo.
Thanks to Simo for reporting!
Karolin
(cherry picked from commit
40787695a1a3200421c9409eef9e520b849ee3a1)
Kai Blin [Tue, 12 Jul 2011 06:08:24 +0000 (08:08 +0200)]
s3 swat: Create random nonce in CGI mode
In CGI mode, we don't get access to the user's password, which would
reduce the hash used so far to parameters an attacker can easily guess.
To work around this, read the nonce from secrets.tdb or generate one if
it's not there.
Also populate the C_user field so we can use that for token creation.
Signed-off-by: Kai Blin <kai@samba.org>
The last 12 patches address bug #8290 (CSRF vulnerability in SWAT).
This addresses CVE-2011-2522 (Cross-Site Request Forgery in SWAT).
(cherry picked from commit
a4922192d9b95e79bb31c54ca820a9b876a1bbe9)
Kai Blin [Sat, 9 Jul 2011 07:52:07 +0000 (09:52 +0200)]
s3 swat: Add time component to XSRF token
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit
0b811f5b825637b2ecb0450d24dc6b3425ad05a8)
Kai Blin [Fri, 8 Jul 2011 13:06:13 +0000 (15:06 +0200)]
s3 swat: Add XSRF protection to printer page
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit
deb66470413780c93656294a1dca40f8cc1bada8)
Kai Blin [Fri, 8 Jul 2011 13:05:38 +0000 (15:05 +0200)]
s3 swat: Add XSRF protection to password page
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit
e4e6195701d761326ad5f2dbb63aeb71b0dc7971)
Kai Blin [Fri, 8 Jul 2011 13:04:48 +0000 (15:04 +0200)]
s3 swat: Add XSRF protection to shares page
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit
9839935c29ec0ab522994436e6e89939696409de)
Kai Blin [Fri, 8 Jul 2011 13:04:12 +0000 (15:04 +0200)]
s3 swat: Add XSRF protection to globals page
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit
6ea5fac27f2fef35ea12c24250948e00245aacee)
Kai Blin [Fri, 8 Jul 2011 13:03:44 +0000 (15:03 +0200)]
s3 swat: Add XSRF protection to wizard page
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit
d499c09fc7bf6d86e9694bc8dc60b96c80d94c35)
Kai Blin [Fri, 8 Jul 2011 13:03:15 +0000 (15:03 +0200)]
s3 swat: Add XSRF protection to wizard_params page
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit
4b64b7e57d729df996d0734444415f12c066b89f)
Kai Blin [Fri, 8 Jul 2011 13:02:53 +0000 (15:02 +0200)]
s3 swat: Add XSRF protection to viewconfig page
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit
b25d00e3c1ff91e7ec5f56ec2ad0d6b3d635d1e3)
Kai Blin [Fri, 8 Jul 2011 10:58:53 +0000 (12:58 +0200)]
s3 swat: Add XSRF protection to status page
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit
8af2d4c60a9bad18ef1b37d4034f11c6008efcfa)
Kai Blin [Fri, 8 Jul 2011 10:57:43 +0000 (12:57 +0200)]
s3 swat: Add support for anti-XSRF token
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit
69ebd0eee88b1b4b8e29a7620e01c8d9c89b452a)
Kai Blin [Fri, 8 Jul 2011 10:56:21 +0000 (12:56 +0200)]
s3 swat: Allow getting the user's HTTP auth password
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit
dffaf0ed0bb7f38c23f15b0b128a5eb39a55a813)
Kai Blin [Thu, 7 Jul 2011 08:03:33 +0000 (10:03 +0200)]
s3 swat: Fix possible XSS attack (bug #8289)
Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack
against SWAT, the Samba Web Administration Tool. The attack uses reflection to
insert arbitrary content into the "change password" page.
This patch fixes the reflection issue by not printing user-specified content on
the website anymore.
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit
05fa09be5a801baa5d35014e2f54b46c1ff5466b)
Stefan Metzmacher [Thu, 30 Jun 2011 07:56:06 +0000 (09:56 +0200)]
s3:nmbd_packets: return the used number of sockets in create_listen_fdset() (bug #8276)
Fix bug #7949 (DoS in Winbind and smbd with many file descriptors open)
(commit
feb3fcd0fa4bda0967b881315595d7702f4d1752) changed the bahavior,
so that we skipped some sockets.
This should work for v3-4-test.
metze
David Disseldorp [Wed, 16 Feb 2011 16:23:25 +0000 (17:23 +0100)]
s3: increase the log level for missing PIDs on SIGCHLD
Since the fix for bso#7836, the parent smbd is responsible for
maintaining an up-to-date printcap cache. It does this by forking a
child process to asynchronously fetch printcap data from CUPS.
When the child process exits after fetching all printcap data, the
parent smbd is sent SIGCHLD. This triggers smbd_sig_chld_handler() which
looks for the exited process PID on a "children" list.
Child smbd process PIDs are added to the "children" list to ensure
cleanup on unclean shutdown and log level change notification messages.
Printcap update process PIDs are not added to the list as they do not
maintain any state that requires cleanup, nor do they wait on tevent for
messages.
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Thu Feb 17 11:11:45 CET 2011 on sn-devel-104
(cherry picked from commit
9c12232f1ae36e00d04114ad73edd8ba3c2c6a5c)
Fix bug #8269 (smbd spams log with "Could not find child X -- ignoring"
messages).
(cherry picked from commit
ba118ac287d49267dd2f346d4ddd2e590ebbe653)
Jim McDonough [Thu, 26 May 2011 18:30:33 +0000 (20:30 +0200)]
s3-libnet: fix bug #6364: Pull realm from supplied username on libnet join
David Disseldorp [Tue, 24 May 2011 09:50:12 +0000 (11:50 +0200)]
s3-printing: remove duplicate cups response processing code
There is currently a lot of duplicate code included for processing
responses to CUPS_GET_PRINTERS and CUPS_GET_CLASSES requests. This
change splits this code into a separate function.
Signed-off-by: Günther Deschner <gd@samba.org>
David Disseldorp [Tue, 24 May 2011 09:46:25 +0000 (11:46 +0200)]
s3-printing: use printcap IDL for IPC
Use printcap IDL for marshalling and unmarshalling messages between cups
child and parent smbd processes. This simplifies the IPC and ensures
the parent is notified of cups errors encountered by the child.
https://bugzilla.samba.org/show_bug.cgi?id=7994
Signed-off-by: Günther Deschner <gd@samba.org>
David Disseldorp [Tue, 24 May 2011 09:41:27 +0000 (11:41 +0200)]
idl: define printcap IPC message format
Signed-off-by: Günther Deschner <gd@samba.org>
David Disseldorp [Tue, 24 May 2011 09:34:59 +0000 (11:34 +0200)]
s3-printing: an empty cups printer list is treated as an error
cups_async_callback() is called to receive new printcap data from a
child process which requests the information from cupsd.
Newly received printcap information is stored in a temporary printcap
cache (tmp_pcap_cache). Once the child process closes the printcap IPC
file descriptor, the system printcap cache is replaced with the newly
populated tmp_pcap_cache, however this only occurs if tmp_pcap_cache is
non null (has at least one printer).
If the printcap cache is empty, which is the case when cups is not
exporting any printers, the printcap cache is not replaced resulting in
stale data.
Signed-off-by: Günther Deschner <gd@samba.org>
David Disseldorp [Mon, 17 Jan 2011 15:09:32 +0000 (16:09 +0100)]
s3-printing: remove pcap_cache_loaded asserts
pcap_cache_loaded() assertions were added to the (re)load_printers()
functions, to ensure the caller had called pcap_cache_reload() prior to
reloading printer shares.
The problem is, pcap_cache_loaded() returns false if the the pcap_cache
contains no printer entries. i.e. pcap_cache_reload() has run but not
detected any printers.
Remove these assertions, correct call ordering is already enforced.
Signed-off-by: Günther Deschner <gd@samba.org>
The last 3 patches address bug #7836 (A newly added printer isn't visbile to
clients).
David Disseldorp [Thu, 19 May 2011 09:29:12 +0000 (11:29 +0200)]
Revert "Revert "s3-printing: update parent smbd pcap cache""
This reverts commit
ad450870eacb114b3f15941a4478ba25701e035a.
Signed-off-by: Günther Deschner <gd@samba.org>
David Disseldorp [Thu, 19 May 2011 09:26:18 +0000 (11:26 +0200)]
Revert "Revert "s3-printing: reload shares after pcap cache fill""
This reverts commit
36ea03bbe28122ce03de4969e254dd276cfe5a79.
Signed-off-by: Günther Deschner <gd@samba.org>
Karolin Seeger [Thu, 21 Apr 2011 08:08:19 +0000 (10:08 +0200)]
WHATSNEW: Start release notes for Samba 3.4.14.
Karolin
Karolin Seeger [Thu, 21 Apr 2011 08:06:36 +0000 (10:06 +0200)]
VERSION: Bump version number up to 3.4.14.
Karolin
Karolin Seeger [Wed, 20 Apr 2011 18:51:26 +0000 (20:51 +0200)]
WHATSNEW: Update changes since 3.4.12.
Karolin
Sergey Korsak [Tue, 19 Apr 2011 16:51:32 +0000 (18:51 +0200)]
s3: Fix bug 8099 - setpwent() actually does endpwent() on FreeBSD
(cherry picked from commit
2167ac2cd42c9ed5aaae0086dbd27e29d1d77686)
Karolin Seeger [Mon, 18 Apr 2011 13:00:14 +0000 (15:00 +0200)]
WHATSNEW: Prepare 3.4.13 release notes.
Karolin
Günther Deschner [Wed, 13 Apr 2011 15:41:36 +0000 (17:41 +0200)]
s3-cli_pipe: fix timeout in rpc_pipe_open_tcp_port().
Make sure we use a timeout of 60 seconds, not 60 milliseconds...
This prevented us from successfully using the ncacn_ip_tcp client in a lot of
places, I guess.
Guenther
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Apr 13 18:59:19 CEST 2011 on sn-devel-104
(cherry picked from commit
4b3fe5247a6e16b1ad9f05269e9aa00e3120e36a)
Fix bug #8085 - incorrect timeout handling in ncacn_ip_tcp client code.
(cherry picked from commit
d7d39c723e1855a3d18813e8a79fcca9770b0142)
Volker Lendecke [Sun, 10 May 2009 08:49:18 +0000 (10:49 +0200)]
Allow NULL queue to writev_send
Fix bug #8086 - null pointer reference crashes winbind.
Karolin Seeger [Mon, 28 Feb 2011 13:51:37 +0000 (14:51 +0100)]
WHATSNEW: Start 3.4.13 release notes.
Karolin
(cherry picked from commit
c32b64f22e0ed14d686cb88554e618f2d63acebe)
Karolin Seeger [Mon, 28 Feb 2011 13:49:44 +0000 (14:49 +0100)]
VERSION: Bump version number up to 3.4.13.
Karolin
(cherry picked from commit
7afb216d1d25c1269dcf63f845bebde9a989caa2)
Karolin Seeger [Sun, 27 Feb 2011 17:44:10 +0000 (18:44 +0100)]
WHATSNEW: Fix typo.
Karolin
(cherry picked from commit
2aa648e4e9c530a4c9e8d1389fa16e775ac91e54)
Karolin Seeger [Sun, 27 Feb 2011 17:21:38 +0000 (18:21 +0100)]
VERSION: Bump version number up to 3.4.12.
Karolin
(cherry picked from commit
8da98df066bcfc8a47a83615788a55206075ad2b)
Karolin Seeger [Sun, 27 Feb 2011 17:20:42 +0000 (18:20 +0100)]
WHATSNEW: Prepare 3.4.12 release notes.
Karolin
(cherry picked from commit
da478595190a4a6634b6fc1654fcac58c73e66de)
Jeremy Allison [Sun, 27 Feb 2011 17:16:20 +0000 (18:16 +0100)]
Fix denial of service - memory corruption.
CVE-2011-0719
Fix bug #7949 (DoS in Winbind and smbd with many file descriptors open).
All current released versions of Samba are vulnerable to
a denial of service caused by memory corruption. Range
checks on file descriptors being used in the FD_SET macro
were not present allowing stack corruption. This can cause
the Samba code to crash or to loop attempting to select
on a bad file descriptor set.
A connection to a file share, or a local account is needed
to exploit this problem, either authenticated or unauthenticated
(guest connection).
Currently we do not believe this flaw is exploitable
beyond a crash or causing the code to loop, but on the
advice of our security reviewers we are releasing fixes
in case an exploit is discovered at a later date.
(cherry picked from commit
43babef991feedbe2acb77d27254d302ab107fa8)
Karolin Seeger [Sun, 23 Jan 2011 19:14:52 +0000 (20:14 +0100)]
WHATSNEW: Fix typo.
Karolin
Karolin Seeger [Sun, 23 Jan 2011 18:54:47 +0000 (19:54 +0100)]
WHATSNEW: Add changes since 3.4.10.
Karolin
Volker Lendecke [Sat, 22 Jan 2011 15:22:42 +0000 (16:22 +0100)]
s3: Fix connecting to port-139 only servers
When the TCP RST came before the 5 msecs timeout kicked in, we
viewed this as final, as state->req_139 was not set yet.
Fix bug introduced by a fix for bug #7881 (winbind flaky against w2k8).
(cherry picked from commit
f2a19b87725f9318e983dff6358a3eee721bff08)
Karolin Seeger [Sat, 22 Jan 2011 18:43:40 +0000 (19:43 +0100)]
WHATSNEW: Start release notes for Samba 3.4.11.
Karolin
Karolin Seeger [Sat, 22 Jan 2011 18:41:28 +0000 (19:41 +0100)]
VERSION: Raise version number up to 3.4.11.
Karolin
Karolin Seeger [Wed, 19 Jan 2011 14:14:45 +0000 (15:14 +0100)]
WHATSNEW: Add major enhancements.
Karolin
Karolin Seeger [Mon, 17 Jan 2011 17:16:03 +0000 (18:16 +0100)]
WHATSNEW: Update changes since 3.4.9.
Karolin
Karolin Seeger [Sat, 15 Jan 2011 18:06:42 +0000 (19:06 +0100)]
Revert "s3-printing: update parent smbd pcap cache"
This reverts commit
2c2ce9caead5a13edb582313b7d36c7eb12a09fb.
Karolin Seeger [Sat, 15 Jan 2011 18:06:16 +0000 (19:06 +0100)]
Revert "s3-printing: reload shares after pcap cache fill"
This reverts commit
9bc0cd243ac66126d42905dd8710d078094e0cd7.
This commit seems to break 'make test'.
Björn Baumbach [Wed, 22 Dec 2010 14:20:29 +0000 (15:20 +0100)]
s3-rpcclient: Fix bug #7880: cmd_spoolss_deletedriver() returned without checking all architectures.
Continues now with next architecture if no driver is available.
Because of the broken behavior of the rpccli_*() functions,
we need special error code handling.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
f5af66e67d7c6d62315671c0cf57f47973316226)
(cherry picked from commit
dc63f45b523deb5c3d0c4be4239507e5fc4f6a40)
David Disseldorp [Mon, 10 Jan 2011 13:08:07 +0000 (14:08 +0100)]
s3-printing: update parent smbd pcap cache
If a client connects to a samba share and while connected a printer is
added, the client will see the new printer share after a maximum of
'printcap cache time' seconds.
smbd's forked for new client connections inherit printcap information
from the parent (listener) smbd, which does not perform updates on
printcap cache time expiry. Therefore newly connected clients may
initially be presented with stale printer shares.
Add a housekeeping function to the parent smbd to ensure newly connected
clients see up to date printer shares.
The last 2 patches address bug #7836 (A newly added printer isn't visbile to
clients).
David Disseldorp [Sun, 19 Dec 2010 18:52:08 +0000 (19:52 +0100)]
s3-printing: reload shares after pcap cache fill
Since commit
eada8f8a, updates to the cups pcap cache are performed
asynchronously - cups_cache_reload() forks a child process to request
cups printer information and notify the parent smbd on completion.
Currently printer shares are reloaded immediately following the call to
cups_cache_reload(), this occurs prior to smbd receiving new cups pcap
information from the child process. Such behaviour can result in stale
print shares as outlined in bug 7836.
This fix ensures print shares are only reloaded after new pcap data has
been received.
Pair-Programmed-With: Lars Müller <lars@samba.org>
Andrew Bartlett [Fri, 10 Dec 2010 04:32:08 +0000 (15:32 +1100)]
s3-dns Don't use DELEG_FLAG in DNS update, Windows 2008R2 does not like it (cherry picked from commit
280caa6b3bb1199939f9349ea5a436a491c81791)
The last 2 patches address bug #7356 (net ads dns register fails in 2008 R2
domain).
(cherry picked from commit
6857b749229cc72c604ab5646a4bae5f09b72e11)
Andrew Bartlett [Fri, 10 Dec 2010 04:30:22 +0000 (15:30 +1100)]
s3-dns Don't use SEQUENCE_FLAG in DNS update, Windows 2008R2 does not like it
Andrew Bartlett
(cherry picked from commit
0f1cc889a26477e9a98629f120fe5890b2e106fa)
(cherry picked from commit
2b463484cc7bb80cdfb6727ab9e5a873faff5ec8)
Karolin Seeger [Thu, 13 Jan 2011 17:36:26 +0000 (18:36 +0100)]
WHATSNEW: Start to add changes since 3.4.9.
Karolin
Karolin Seeger [Tue, 11 Jan 2011 20:49:30 +0000 (21:49 +0100)]
WHATSNEW: Start release notes for Samba 3.4.10.
Karolin
Karolin Seeger [Tue, 11 Jan 2011 20:44:50 +0000 (21:44 +0100)]
VERSION: Bump version number.
Karolin
Björn Baumbach [Fri, 7 Jan 2011 14:53:13 +0000 (15:53 +0100)]
s3-nmbd: Fix bug #7875
nmbd --port didn't work
(cherry picked from commit
79280c99f67c3a3bfb1873b373ec181fa402f18c)
Stefan Metzmacher [Wed, 29 Dec 2010 11:08:19 +0000 (12:08 +0100)]
s3:lib/netapi: don't set SAMR_FIELD_FULL_NAME if we just want to set the account name (bug #7896)
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Dec 30 18:09:13 CET 2010 on sn-devel-104
(cherry picked from commit
f1d15ea54c313e71fc032b2ed191bdecad868858)
(cherry picked from commit
c6a0971b3790253a906b370562237479d273bb94)
Volker Lendecke [Sat, 18 Dec 2010 15:02:09 +0000 (16:02 +0100)]
s3: Fix bug 7066 -- wbcAuthenticateEx gives unix times
We might eventually want to change this, but right now we get unix times
out of the winbind pipe struct
(cherry picked from commit
993923880e213136de89b5b8d59f6f32a51b94b7)
Björn Jacke [Fri, 26 Nov 2010 00:32:53 +0000 (01:32 +0100)]
ѕ3/configue: set Tru64 cc's PIC switch right (none)
-fPIC made shared library builds fail there
Fixes #7821
(cherry picked from commit
dbcf73c45782c310cb7ff1f2177d410399e2f06d)
(cherry picked from commit
83eb2e9aef40e5e838d2654298e281ad3ec98af3)
Jeremy Allison [Wed, 29 Dec 2010 02:11:33 +0000 (18:11 -0800)]
Fix bug #7892 - open_file_fchmod() leaves a stale lock.
Volker Lendecke [Tue, 21 Dec 2010 20:55:01 +0000 (21:55 +0100)]
s3: Use smbsock_any_connect in winbind
The last 8 patches address bug #7881 (winbind flaky against w2k8).
Volker Lendecke [Tue, 21 Dec 2010 17:52:53 +0000 (18:52 +0100)]
s3: Retry *SMBSERVER in nb_connect
Volker Lendecke [Mon, 13 Dec 2010 16:17:51 +0000 (17:17 +0100)]
s3: Add smbsock_any_connect
Volker Lendecke [Sun, 12 Dec 2010 17:55:06 +0000 (18:55 +0100)]
s3: Add an async smbsock_connect
This connects to 445 and after 5 milliseconds also to 139. It treats a netbios
session setup failure as equivalent as a TCP connect failure. So if 139 is
faster but fails the nb session setup, the 445 still has the chance to succeed.
Volker Lendecke [Wed, 22 Dec 2010 14:21:27 +0000 (15:21 +0100)]
v3-4-test: Pull in tevent_req_poll_ntstatus from master
Volker Lendecke [Sun, 12 Dec 2010 17:54:31 +0000 (18:54 +0100)]
s3: Add async cli_session_request
This does not do the redirects, but I think that might be obsolete anyway
Volker Lendecke [Wed, 22 Dec 2010 14:15:47 +0000 (15:15 +0100)]
v3-4-test: Pull in read_smb_send from master
Volker Lendecke [Sun, 12 Dec 2010 17:53:49 +0000 (18:53 +0100)]
s3: Add some const to name_mangle()
Volker Lendecke [Wed, 17 Nov 2010 15:56:28 +0000 (08:56 -0700)]
s3: Make winbind recover from a signing error
When winbind sees a signing error on the smb connection to a DC (for whatever
reason, our bug, network glitch, etc) it should recover properly. The "old"
code in clientgen.c just closed the socket in this case. This is the right
thing to do, this connection is spoiled anyway. The new, async code did not do
this so far, which led to the code in winbindd_cm.c not detect that we need to
reconnect.
Fix bug #7800 (winbind does not recover from smb signing errors).
Volker Lendecke [Sat, 2 Oct 2010 15:07:00 +0000 (17:07 +0200)]
s3: Stop using the write cache after an oplock break
Fix bug #7715 (Setting Samba Write Cache Size Can Cause File Corruption).
(cherry picked from commit
9f8292e5f765dff586bfbb261b54da4d4b27a837)
Karolin Seeger [Wed, 15 Sep 2010 18:55:30 +0000 (20:55 +0200)]
WHATSNEW: Prepare 3.4.9 release notes.
Karolin
Jeremy Allison [Thu, 9 Sep 2010 13:48:23 +0000 (15:48 +0200)]
Fix bug #7669.
Fix bug #7669 (buffer overflow in sid_parse() in Samba3 and dom_sid_parse in
Samba4).
CVE-2010-3069:
===========
Description
===========
All current released versions of Samba are vulnerable to
a buffer overrun vulnerability. The sid_parse() function
(and related dom_sid_parse() function in the source4 code)
do not correctly check their input lengths when reading a
binary representation of a Windows SID (Security ID). This
allows a malicious client to send a sid that can overflow
the stack variable that is being used to store the SID in the
Samba smbd server.
A connection to a file share is needed to exploit this
vulnerability, either authenticated or unauthenticated
(guest connection).
(cherry picked from commit
df20a300758bc12286820e31fcf573bdfc2147bc)
Jeremy Allison [Mon, 23 Aug 2010 23:30:53 +0000 (16:30 -0700)]
Fix bug 7636 - winbind internal error, backtrace.
Jeremy.
Jim McDonough [Mon, 23 Aug 2010 09:14:47 +0000 (11:14 +0200)]
s3-printing: fix BUG 7280 - auto printers not loading with registry config
Jeremy Allison [Tue, 27 Jul 2010 08:54:01 +0000 (01:54 -0700)]
Fix bug 7590 - offline login fails because winbind deletes cache on every startup.
Sync lib/tdb_validate.c with the change in current master.
Change tdb_validate_open() to always use O_RDWR instead of O_RDONLY,
as (from the bug report): "db_check() will always return failure for a read-only database.
Silently, without any log output, when _tdb_lockall() fails."
Jeremy.
(cherry picked from commit
39cb903463d8a3fcabd9e148112bf5cf81744130)
Stefan Metzmacher [Mon, 9 Aug 2010 09:26:03 +0000 (11:26 +0200)]
rerun: make samba3-idl
metze
Stefan Metzmacher [Mon, 9 Aug 2010 09:14:52 +0000 (11:14 +0200)]
pidl: Samba3/ClientNDR - Correctly copy arrays, if r.out.size < r.in.size.
metze
Signed-off-by: Andreas Schneider <asn@samba.org>
(similar to commit
33d1879d5b50e2d98c1bb13b835e7cfb178e3336)
(similar to commit
d1e92cd2944983ecabd0511ff7c8221c1033a3a8)
Fixes bug #7607.
Jeremy Allison [Thu, 12 Aug 2010 21:24:01 +0000 (14:24 -0700)]
Fix bug #7617 - smbd coredump due to uninitialized variables in the performance counter code.
In the file rpc_server.c, function _winreg_QueryValue()
uint8_t *outbuf
Should be :
uint8_t *outbuf = NULL;
As it is later freed by
if (free_buf) SAFE_FREE(outbuf);
in some cases, this frees the unintialized outbuf, which causes a coredump.
(cherry picked from commit
84fd910c347ddfad6f01edbe7f6e25546c8382ee)
(cherry picked from commit
80e65236158d6f1690bf9f153c0eb12d81d56b8a)
Günther Deschner [Mon, 9 Aug 2010 12:31:24 +0000 (14:31 +0200)]
s3-winbind: Fix Bug #7568: Make sure cm_connect_lsa_tcp does not reset the secure channel.
This is an important fix as the following could and is happening:
* winbind authenticates a user via schannel secured netlogon samlogonex call,
current secure channel cred state is stored in winbind state, winbind
sucessfully decrypts session key from the info3
* winbind sets up a new schannel ncacn_ip_tcp lsa pipe (and thereby resets the
secure channel on the dc)
* subsequent samlogonex calls use the new secure channel creds on the dc to
encrypt info3 session key, while winbind tries to use old schannel creds for
decryption
Guenther
(cherry picked from commit
be396411a4e1f3a174f8a44b6c062d834135e70a)
Jeremy Allison [Tue, 27 Jul 2010 06:47:14 +0000 (08:47 +0200)]
s3-libsmb: Fix bug #7577.
SPNEGO auth fails when contacting Win7 system using Microsoft Live Sign-in
Assistant.
Andrew Tridgell [Thu, 10 Dec 2009 00:22:20 +0000 (11:22 +1100)]
librpc: split out a separate GUID_from_ndr_blob() function
This will simplify many of the places that deal with NDR formatted
GUIDs
(cherry picked from commit
effff544265c63c95cf630d426b630bfe4d25aec)
This patch is part of a fix for bug #7538 (Backport fixes for
GUID_from_data_blob).
(cherry picked from commit
e8ed2b596627e8704e3384d5997020059b47144a)
Volker Lendecke [Sun, 4 Jul 2010 08:01:42 +0000 (10:01 +0200)]
s3: Fix bug 7336: Enable idmap_passdb module build as shared
(cherry picked from commit
8c0fbc410798512b7a4b7db73bcb24cde6fa7849)
(cherry picked from commit
b4803af11525823ea508d0ca4e58402d55901194)
Andreas Schneider [Mon, 28 Jun 2010 19:00:30 +0000 (21:00 +0200)]
s3-librpc: Fixed GUID_from_data_blob() with length of 32.
If we hit the case that the blob length is 32. The code goes to the end
of the function and generates a GUID with garbage.
So try to convert the blob to the GUID and return.
Fix bug #7538 (Backport fixes for GUID_from_data_blob).
(cherry picked from commit
3c4353d2aa15db278bb87c949cce2deb3a5072ca)
Günther Deschner [Thu, 1 Jul 2010 11:58:56 +0000 (13:58 +0200)]
s3-printing: Fix Bug #7541, %D in "printer admin" causing smbd crash.
Guenther
Karolin Seeger [Mon, 21 Jun 2010 08:30:25 +0000 (10:30 +0200)]
s3-docs: Add missing whitespace.
Karolin
(cherry picked from commit
2352538362977e456e8d05783f2732ff650cea41)
(cherry picked from commit
9d9a9a0f79ad6fa894f72a4678f59fb40c9fce94)
(cherry picked from commit
fb5b75d26b882c48ac073b6425dfce15873c243e)