Andreas Schneider [Tue, 3 Jan 2012 15:55:25 +0000 (16:55 +0100)]
s3-winbind: Fix segfault if we can't map the last user.
This fixes bug #8678.
The issue is caused by bug #8608.
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Wed Jan 4 18:30:53 CET 2012 on sn-devel-104
(cherry picked from commit
b9d208bdaa9da2a5ae534481865efc881b851b01)
(cherry picked from commit
23db6e7cf65bdd3974a4857dda0be6ad7d758b9a)
Jeremy Allison [Fri, 2 Dec 2011 18:55:40 +0000 (10:55 -0800)]
Fix bug #8644 - vfs_acl_xattr and vfs_acl_tdb modules can fail to add inheritable entries on a directory with no stored ACL.
If referring to an fsp sbuf can be left as an uninitialized variable,
causing the 'is_directory' variable to be false when it should be true.
(cherry picked from commit
16c0d52842386fc2ebf975166b57b888d36796c5)
Andreas Schneider [Sat, 3 Dec 2011 00:19:34 +0000 (16:19 -0800)]
s3-winbind: Add an update function for winbind cache.
With
57b3d32 we changed the format for the winbind cache database and
the code deleted the database for the upgrade. As this database holds
also cached credentials, removing it is not an option. We need to update
from version 1 to version 2.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Dec 3 03:47:58 CET 2011 on sn-devel-104
(cherry picked from commit
a3f600521122d1a6d74d16668bd1ea4447c5c867)
The last 3 patches address bug #8658 (Negative / positive winbind cache won't
expire till opposite type of query is made).
Jeremy Allison [Wed, 12 Oct 2011 16:43:18 +0000 (09:43 -0700)]
Fix bug #8521 - winbindd cache timeout expiry test was reversed
Found and fix reported by Micha Lenk <micha@lenk.info>. Thanks !
(cherry picked from commit
1e4761d05978b7a495d121acc1deaa7049f3911c)
Christian Ambach [Thu, 4 Nov 2010 16:10:25 +0000 (17:10 +0100)]
s3:winbind add timeouts to winbind cache
This adds a timeout value to cache entries and the NDR records
in the winbind cache.
The previous approach of just comparing the sequence number has some issues,
e.g. when retrying a wbinfo -n operation for a user in a not yet trusted
domain was always failing even after the trusted domain was added.
The new approach compares sequence number and timeout value to
determine if a cache entry is still valid or not.
I increased the cache version number so an old cache will be wiped
automatically after upgrade.
(cherry picked from commit
57b3d32c8d87c4273d30d73fe2bfd3de0178945d)
Björn Jacke [Sat, 10 Dec 2011 12:53:42 +0000 (13:53 +0100)]
s3/doc: document the ignore system acls option of vfs_acl_xattr and vfs_acl_tdb
Autobuild-User: Björn Jacke <bj@sernet.de>
Autobuild-Date: Sat Dec 10 15:30:46 CET 2011 on sn-devel-104
(cherry picked from commit
f452add2231906742c9fd119371cd4fd81a1bdd6)
Fix bug #8652 (vfs_acl man pages miss "ignore system acls" option).
(cherry picked from commit
ceeab5c66cef2c5aa7931329a9976c8173f44467)
Jeff Layton [Tue, 6 Dec 2011 14:32:18 +0000 (09:32 -0500)]
manpage: add more undocumented options to mount.cifs manpage
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Fix bug #8648 (document more undocumented mount.cifs options).
Andreas Schneider [Mon, 5 Dec 2011 17:12:12 +0000 (18:12 +0100)]
docs: Add missing prefixpath options for mount.cifs.
Signed-off-by: Andreas Schneider <asn@samba.org>
Fix bug #8645 (mount.cifs misses documentation for the prefixpath= option).
Volker Lendecke [Wed, 30 Nov 2011 17:51:27 +0000 (18:51 +0100)]
s3: Attempt to fix the vfs_commit module
This bug went in in 2007. I wonder how much this module is actually used....
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Nov 30 21:46:09 CET 2011 on sn-devel-104
(cherry picked from commit
b638abf70a3c9b2815344454946c0931295551be)
(cherry picked from commit
33a8e161401b889feca19b2bb9222509cf77c37d)
Fix bug #8639 (vfs_commit is broken (.open_fs doesn't return a file descriptor).
Jeremy Allison [Tue, 29 Nov 2011 19:55:39 +0000 (11:55 -0800)]
Fix bug 8631 - POSIX ACE x permission becomes rx following mapping to and from a DACL Reported by David Disseldorp. Fix based on a patch by David.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Nov 29 22:32:27 CET 2011 on sn-devel-104
(cherry picked from commit
6bf97ea3bc70745f64f82251cbce443f2637c703)
(cherry picked from commit
28fa8d8d777f3da40fde2fb57cd06659f76cf658)
Richard Sharpe [Mon, 14 Nov 2011 15:47:38 +0000 (07:47 -0800)]
Improve configure.in so it can be used outside the Samba source tree.
Autobuild-User: Richard Sharpe <sharpe@samba.org>
Autobuild-Date: Thu Nov 17 07:00:38 CET 2011 on sn-devel-104
(cherry picked from commit
f50aa988c201c2fe78e467f1a419bedc741e1d31)
Fix bug #8607 (The configure.in in examples/VFS does not easily allow building
modules outside the Samba source tree).
(cherry picked from commit
7db7ea684a17b70ecae31c70c1b2e647ea0fafa1)
Andreas Schneider [Mon, 14 Nov 2011 09:01:31 +0000 (10:01 +0100)]
s3-winbind: Don't fail on users without a uid.
This fixes bug #8608.
If you join samba with idmap_ad backend to an AD. When you try to
enumerate users with 'getent passwd' and the user doesn't have a uid
set, then getent is aborted cause of NT_STATUS_NONE_MAPPED. If we can't
map a user we should not stop but continue enumerating users.
This normally happens with the default user 'krbtgt' with idmap_ad but
could also happen with other backends.
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Tue Nov 15 16:52:04 CET 2011 on sn-devel-104
(backported from commit
10b285ccc29b106f164a6c18116e237634867717)
Signed-off-by: Andreas Schneider <asn@samba.org>
Karolin Seeger [Thu, 17 Nov 2011 20:23:09 +0000 (21:23 +0100)]
s3/packaging: Fix rpm build issues on RHEL4.
Second part of a fix for bug #7705 (RHEL samba.spec broken - and fix).
Based on patches of Jason Haar and Daniël van Eeden. Thanks a lot!
Karolin
Autobuild-User: Karolin Seeger <kseeger@samba.org>
Autobuild-Date: Fri Nov 18 22:13:06 CET 2011 on sn-devel-104
(cherry picked from commit
1d471ee393b0a0c1f9cc4256217acabcd98a5dbf)
(cherry picked from commit
b0e5fb69df8b66544afc29d0b3dac5454d04fe3e)
Karolin Seeger [Thu, 17 Nov 2011 20:02:30 +0000 (21:02 +0100)]
s3/packaging: Fix rpm build issues on RHEL.
Fix bug #7705 (RHEL samba.spec broken - and fix).
Based on patches of Jason Haar and Daniël van Eeden. Thanks a lot!
Karolin
Autobuild-User: Karolin Seeger <kseeger@samba.org>
Autobuild-Date: Thu Nov 17 23:05:28 CET 2011 on sn-devel-104
(cherry picked from commit
32e825d60df26fa1d4cf5c8c7cb37ca0523847ca)
(cherry picked from commit
f89cdef51633402006dcad17b49e596a41905a40)
Stefan Metzmacher [Fri, 11 Nov 2011 01:10:00 +0000 (02:10 +0100)]
s3:libsmb: consistently use state->size in cli_write_andx_create() (bug #5326)
Otherwise we may get unexpected results.
This is a fix that was missing in commit
95595dd93fd04999fcf56ecaab7c29b064d021f8
(s3:libsmb: fix cli_write_and_x() against OS/2 print shares (bug #5326))
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Nov 9 10:13:32 CET 2011 on sn-devel-104
(cherry picked from commit
4b31c4273c45faa639445614061f3da548eb8505)
Stefan Metzmacher [Tue, 8 Nov 2011 07:25:16 +0000 (08:25 +0100)]
s3:libsmb: fix cli_write_and_x() against OS/2 print shares (bug #5326)
Print shares doesn't support CAP_LARGE_WRITEX, while it's negotiated
by the file server part.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Nov 8 17:01:36 CET 2011 on sn-devel-104
(cherry picked from commit
95595dd93fd04999fcf56ecaab7c29b064d021f8)
Jeremy Allison [Tue, 15 Nov 2011 21:30:22 +0000 (13:30 -0800)]
Fix bug #8561 - Password change settings not fully observed.
Günther Deschner [Thu, 3 Nov 2011 19:55:08 +0000 (20:55 +0100)]
examples: Fix perl path.
Fix bug #8176 (wall.perl example uses /usr/loca/bin for pat to perl binary).
Stefan Metzmacher [Wed, 2 Nov 2011 09:58:26 +0000 (10:58 +0100)]
s3:rpc_server/srv_netlogon: make sure we don't use an unitialized variable
metze
The last 3 patches address bug #8562 (talloc: double free error).
Stefan Metzmacher [Wed, 2 Nov 2011 09:57:09 +0000 (10:57 +0100)]
libcli/auth: only expose creds to the caller on success
metze
Stefan Metzmacher [Wed, 2 Nov 2011 09:55:27 +0000 (10:55 +0100)]
libcli/auth: debug the given computer name creds might be NULL
metze
Karolin Seeger [Thu, 3 Nov 2011 19:40:38 +0000 (20:40 +0100)]
WHATSNEW: Start release notes for 3.5.13.
Karolin
Karolin Seeger [Thu, 3 Nov 2011 19:37:28 +0000 (20:37 +0100)]
VERSION: Bump version up to 3.5.13.
Karolin
Karolin Seeger [Tue, 1 Nov 2011 18:51:08 +0000 (19:51 +0100)]
WHATSNEW: Update changes since 3.5.11.
Karolin
Jeremy Allison [Sat, 22 Oct 2011 01:08:46 +0000 (18:08 -0700)]
Fix bug #8542 - smbclient posix_open command fails to return correct info on open file.
(cherry picked from commit
d27f5a277ef47c5ff94e402930680b37e8f4d592)
Jeremy Allison [Sat, 22 Oct 2011 01:35:15 +0000 (18:35 -0700)]
Third part of fix for bug #8541 - readlink() on Linux clients fails if the symlink target is outside of the share.
Missed passing ucf_flags instead of hard coded flags in findfirst call.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Oct 22 06:30:16 CEST 2011 on sn-devel-104
(cherry picked from commit
f4593181876f7a9ef55ceee8d1a20369197a63ba)
Jeremy Allison [Mon, 24 Oct 2011 22:34:27 +0000 (15:34 -0700)]
Second part of fix for bug #8541 - readlink() on Linux clients fails if the symlink target is outside of the share.
The statcache has to do lstat instead of stat when returning cached
posix pathnames.
Jeremy Allison [Mon, 24 Oct 2011 22:24:04 +0000 (15:24 -0700)]
Fix bug #8541 - readlink() on Linux clients fails if the symlink target is outside of the share.
The key is to only allow the lookup to succeed if it's a UNIX level lookup or readlink,
but disallow all other operations.
Jeremy Allison [Mon, 25 Jul 2011 23:12:45 +0000 (16:12 -0700)]
Use existing ISDOT and ISDOTDOT macros.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Jul 28 02:09:20 CEST 2011 on sn-devel-104
(cherry picked from commit
d82256ca119eb8315cc69ba725ba71c386caa901)
Günther Deschner [Wed, 26 Oct 2011 11:44:49 +0000 (13:44 +0200)]
s3-netapi: remove pointless use_memory_krb5_ccache.
This breaks the ABI.
Guenther
See bug #7465 for more details.
Karolin Seeger [Mon, 24 Oct 2011 17:59:21 +0000 (19:59 +0200)]
WHATSNEW: Add changes since 3.5.11.
Karolin
Björn Jacke [Thu, 20 Oct 2011 19:39:38 +0000 (21:39 +0200)]
s3:Makefile: make DSO_EXPORTS_CMD more portable (#8531)
It sems like every not completely trivial sed expression should be tested with
Solaris' sed. Its regexp engine is way more limited than the one of GNU
sed. Thanks to Michael Pelletier for finding this! This fixes bug #8531
Autobuild-User: Björn Jacke <bj@sernet.de>
Autobuild-Date: Thu Oct 20 23:15:05 CEST 2011 on sn-devel-104
(cherry picked from commit
37be1df3d7534c2cc8e1e25614164c2178372b94)
(cherry picked from commit
763ad499aa4423c5e68a75f20f2ba8ee967e5984)
Jeremy Allison [Wed, 12 Oct 2011 00:00:08 +0000 (17:00 -0700)]
Add new contributing FAQ announcing acceptance of corporate (C).
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Oct 12 03:46:41 CEST 2011 on sn-devel-104
(cherry picked from commit
bd01ae227bc567fd7953e446236364fc4d110a48)
(cherry picked from commit
f165b54828f451943b172b8d2d1bfd15f37b7fdf)
Karolin Seeger [Tue, 18 Oct 2011 18:39:49 +0000 (20:39 +0200)]
s3-docs: Adapt version...
in man vfs_aio_fork.
Karolin
Björn Jacke [Tue, 18 Oct 2011 08:54:56 +0000 (10:54 +0200)]
s3/doc: add man page for aio_fork vfs module
thanks to Volker for the content
Autobuild-User: Björn Jacke <bj@sernet.de>
Autobuild-Date: Tue Oct 18 12:24:35 CEST 2011 on sn-devel-104
(cherry picked from commit
56328a4d61c8d0a52f6841097bf8fc4ffd46bfb6)
(cherry picked from commit
51f87fce55d160abed6b04ea27f53f254d2db474)
Fix bug #8256 (vfs_aio_fork is undocumented).
Volodymyr Khomenko [Wed, 12 Oct 2011 16:57:57 +0000 (09:57 -0700)]
Fix bug #8515 - Empty CIFS share can be blocked for other clients by deleting it via empty path (DELETE_PENDING until the last client)
Disallow "." in can_set_delete_on_close().
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Oct 12 21:07:27 CEST 2011 on sn-devel-104
(cherry picked from commit
bd260f03ab492d03c2890db47dc6fb4f1b824a1a)
Bram [Thu, 29 Sep 2011 09:28:03 +0000 (11:28 +0200)]
Bug 7551: Return error of cli_push when 'put - /some/file' is used
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Sep 29 23:47:02 CEST 2011 on sn-devel-104
(cherry picked from commit
d883cc664cac81633a60e5b04f99f23a3577ae65)
Jeremy Allison [Sat, 8 Oct 2011 18:18:34 +0000 (20:18 +0200)]
Bug 7551: Return error of cli_push when 'put - /some/file' is used.
Jeremy Allison [Tue, 4 Oct 2011 23:40:58 +0000 (16:40 -0700)]
Fix bug #8507 - smbd doesn't correctly honor the "force create mode" bits from a cifsfs create.
Don't manipulate the new_dos_attributes bits until we know it's not a POSIX open.
Jeremy Allison [Thu, 8 Sep 2011 21:10:16 +0000 (14:10 -0700)]
Second part of fix for bug #8443 - Default user entry is set to minimal permissions on incoming ACL change with no user specified.
Be smarter about setting default permissions when a ACL_USER_OBJ isn't given. Use the principle of least surprises for the user.
Jeremy Allison [Thu, 8 Sep 2011 20:56:06 +0000 (13:56 -0700)]
First part of fix for bug #8443 - Default user entry is set to minimal permissions on incoming ACL change with no user specified.
create_default_mode() is not needed - it's taken care of by code
inside ensure_canon_entry_valid().
Jeremy Allison [Fri, 2 Sep 2011 22:08:42 +0000 (15:08 -0700)]
Part 3 of bugfix for bug #7509 - smb_acl_to_posix: ACL is invalid for set (Invalid argument)
Don't call check_owning_objs() to convert ACL_USER->ACL_USER_OBJ and
AC_GROUP->ACL_GROUP_OBJ for default (directory) ACLs, we do this separately
inside ensure_canon_entry_valid().
Jeremy Allison [Fri, 2 Sep 2011 22:07:48 +0000 (15:07 -0700)]
Part 2 of bugfix for bug #7509 - smb_acl_to_posix: ACL is invalid for set (Invalid argument)
Only map CREATOR_OWNER/CREATOR_GROUP to ACL_USER_OBJ/ACL_GROUP_OBJ in
a default(directory) ACL set.
Jeremy Allison [Fri, 2 Sep 2011 21:59:31 +0000 (14:59 -0700)]
Part 1 of bugfix for bug #7509 - smb_acl_to_posix: ACL is invalid for set (Invalid argument)
Remove the code I added for bug "6878 - Cannot change ACL's inherit flag". It is incorrect
and causes the POSIX ACL ACL_USER_OBJ duplication.
Jeremy Allison [Fri, 7 Oct 2011 15:56:59 +0000 (08:56 -0700)]
Fix bug #8458 - IE9 on Windows 7 cannot download files to samba 3.5.11 share
Handle the SECINFO_LABEL flag in the same way as Win2k3.
Jeremy Allison [Fri, 30 Sep 2011 20:35:59 +0000 (13:35 -0700)]
Fix bug #8493 - DFS breaks zip file extracting unless "follow symlinks = no" set
If a client sends a mangled name as part of a DFS path, use the
post-mangled name for the pathname walk, not the mangled name.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Oct 1 00:45:59 CEST 2011 on sn-devel-104
(cherry picked from commit
149875f887287dbbf016d2252962b023b0bae967)
Karolin Seeger [Wed, 28 Sep 2011 18:17:42 +0000 (20:17 +0200)]
s3-docs: Remove "experimental" label on VFS ACL modules
in the documentation also (bug #8494).
Karolin
(cherry picked from commit
bd5d9d9fba23ea585b701c41ec27482a0076729e)
Jeremy Allison [Fri, 20 May 2011 21:43:50 +0000 (14:43 -0700)]
Patch for bug #8156 - net ads join fails to use the user's kerberos ticket.
If kerberos_get_realm_from_hostname() or kerberos_get_default_realm_from_ccache() fails due to
a misconfigured krb5.conf, try the "realm =" from smb.conf as a fallcback before going back to
NTLMSSP (which we'll do anyway).
(cherry picked from commit
ccab9efb653cfacdd357986f7a8a85c17df7abbb)
Pierre Carrier [Tue, 14 Sep 2010 23:43:39 +0000 (16:43 -0700)]
Allows changing the maximum number of simultaneous clients in winbindd through an smb.conf option.
Signed-off-by: Jeremy Allison <jra@samba.org>
Fix bug #8186 (Allows changing the maximum number of simultaneous clients in
winbindd through an smb.conf option).
Günther Deschner [Wed, 28 Sep 2011 16:12:49 +0000 (18:12 +0200)]
s3-winbind: Fix bug 7888 -- deal with buggy 3.0 based PDCs.
Guenther
Günther Deschner [Thu, 4 Aug 2011 15:28:05 +0000 (17:28 +0200)]
s3-nmbd: fix memleak in create_listen_fdset().
Guenther
The last 2 patches address bug #8491 (fix some coverity issues).
Stefan Metzmacher [Wed, 1 Dec 2010 23:40:01 +0000 (00:40 +0100)]
libcli/auth: let spnego_write_mech_types() check the asn1_load() return
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Dec 7 18:23:41 CET 2010 on sn-devel-104
David Disseldorp [Wed, 28 Sep 2011 00:46:29 +0000 (17:46 -0700)]
Fix bug 8480 - acl_xattr can free an invalid pointer if no blob is loaded.
Günther Deschner [Wed, 21 Sep 2011 15:47:27 +0000 (17:47 +0200)]
s3-netapi: allow to use default krb5 credential cache for libnetapi users.
Guenther
Günther Deschner [Wed, 21 Sep 2011 15:28:58 +0000 (17:28 +0200)]
s3-libnet: allow to use default krb5 ccache in libnet_Join/libnet_Unjoin.
We force using a MEMORY ccache though in the wkssvc server.
Guenther
Volker Lendecke [Mon, 6 Dec 2010 20:01:35 +0000 (21:01 +0100)]
s3: Fix bug 7844: Race in winbind
If a child dies, the parent process right away closes the socket.
This is wrong, with tevent we still have events pending. This works
fine for epoll but does not for at least the FreeBSD select variant.
Tevent sticks a closed socket into the select masks. This then
returns an error EBADF. When this happens, the parent winbind dies
instead of forking a new child.
This moves the socket close from the SIGCHLD cleanup function to
the socket receiver. I could not reproduce the parent death anymore
and it did not create an obvious fd leak.
Stefan Metzmacher [Mon, 12 Sep 2011 19:10:54 +0000 (12:10 -0700)]
s3:libsmb: check the wct of the incoming SMBnegprot responses
metze
Fix bug #8452 (negprot reply needs to check vwv vector length).
The corresponding commit in master is
85332eb1c721d585e1a33101bddafdca4073e10f.
Volker Lendecke [Thu, 25 Aug 2011 18:13:09 +0000 (20:13 +0200)]
v3-5-test: Fix getent group if trusted domains are not reachable
Fix bug #8420 (wb_group_members: non-resistance against garbage).
Jeremy Allison [Mon, 29 Aug 2011 23:53:04 +0000 (16:53 -0700)]
Fix bug Bug 8422 - Infinite loop in ACL module code.
Missing assignment means this loop will never terminate. Need to be applied
to 3.5.x and 3.6.1.
Jeremy Allison [Sat, 20 Aug 2011 18:49:59 +0000 (20:49 +0200)]
s3-vfs: Fix vfs_chown_fsp.
Fix bug #8370 (vfs_chown_fsp broken -- returns in the wrong directory).
Volker Lendecke [Thu, 11 Aug 2011 14:52:22 +0000 (16:52 +0200)]
s3: Fix bug 8360
OS/2 sends an unexpected write&x/read&x chain
(cherry picked from commit
2aca833308049d005c647aabcd9d894f59698ef4)
Volker Lendecke [Fri, 29 Jul 2011 22:43:46 +0000 (15:43 -0700)]
s3: Add a fallback for missing open&x support in OS/X Lion
The last 4 patches address bug #8338 (MAC Lion - smbclient "Open AndX
Request->STATUS_NOT_SUPPORTED).
Volker Lendecke [Fri, 29 Jul 2011 22:03:03 +0000 (15:03 -0700)]
s3: Make map_open_params_to_ntcreate() available in lib/
Volker Lendecke [Fri, 29 Jul 2011 21:41:10 +0000 (14:41 -0700)]
s3: Make is_executable() available in lib/
Volker Lendecke [Fri, 29 Jul 2011 21:26:58 +0000 (14:26 -0700)]
s3: We only need base_name in map_open_params_to_ntcreate
Björn Jacke [Thu, 4 Aug 2011 14:25:08 +0000 (16:25 +0200)]
s3/swat: use strlcat instead of strncat to fix build on old Linux distros
SLES 9's glibc for example had weird macros where the use of strncat resulted
in the use of strcat which we don't allow.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Björn Jacke <bj@sernet.de>
Autobuild-Date: Thu Aug 4 17:50:24 CEST 2011 on sn-devel-104
(cherry picked from commit
d3b4d75364210e2d2a4a1cd806f28b0021f22909)
Fix bug #8362 (build issue on old glibc systems).
(cherry picked from commit
87fa72a5202fe3780d4a61289bf755027cd078f4)
Stefan Metzmacher [Fri, 5 Aug 2011 17:48:38 +0000 (19:48 +0200)]
s3:web/swat: use strtoll() instead of atoi/atol/atoll
This is more portable, as we have a strtoll replacement
in lib/replace.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sat Aug 6 11:55:45 CEST 2011 on sn-devel-104
(cherry picked from commit
a6be0820d09b3f3eabfbb5f4356add303aa8a494)
Fix bug #8347 (CVE-2011-2522 regression for HP-UX, AIX and OSF).
Karolin Seeger [Sun, 7 Aug 2011 18:50:50 +0000 (20:50 +0200)]
WHATSNEW: Fix typo.
Karolin
Karolin Seeger [Thu, 4 Aug 2011 19:40:47 +0000 (21:40 +0200)]
WHATSNEW: Remove wrong entry.
This one was added by accident, sorry!
Karolin
Karolin Seeger [Thu, 4 Aug 2011 19:38:26 +0000 (21:38 +0200)]
WHATSNEW: Start release notes for 3.5.12.
Karolin
Karolin Seeger [Thu, 4 Aug 2011 19:35:51 +0000 (21:35 +0200)]
VERSION: Bump version up to 3.5.12.
Karolin
Karolin Seeger [Wed, 3 Aug 2011 18:20:58 +0000 (20:20 +0200)]
WHATSNEW: Add changes since 3.5.10.
Karolin
Karolin Seeger [Tue, 2 Aug 2011 19:19:36 +0000 (21:19 +0200)]
WHATSNEW: Sync with v3-5-stable.
Karolin
Jeremy Allison [Tue, 2 Aug 2011 18:49:46 +0000 (20:49 +0200)]
Fix bug 7462 - Non-standard SA_RESETHAND is used in ...lib/tevent/tevent_sig
Make SA_RESETHAND conditional on its existance.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Mon Aug 1 22:03:45 CEST 2011 on sn-devel-104
(cherry picked from commit
0c67efdd68b9808542c090b9fd9920e4e37d85d0)
Volker Lendecke [Mon, 10 May 2010 09:53:03 +0000 (11:53 +0200)]
s3: Test for "__attribute__((destructor))"
(cherry picked from commit
36e736871e28665ffcbbc4d0c87e1a2b60fcf0e0)
Fix bug #8322 (HAVE_FUNCTION_ATTRIBUTE_DESTRUCTOR is missing from 3.5.x).
Karolin Seeger [Tue, 26 Jul 2011 18:39:28 +0000 (20:39 +0200)]
WHATSNEW: Start release notes for 3.5.11.
Karolin
(cherry picked from commit
6ab1dc24d77a58d4c37cb816ce04762c1df7521c)
Karolin Seeger [Tue, 26 Jul 2011 18:36:37 +0000 (20:36 +0200)]
VERSION: Bump version up to 3.5.11.
Karolin
(cherry picked from commit
b6678d3dbcba6a2ee4961d2565477d362035e1b3)
Karolin Seeger [Sun, 24 Jul 2011 19:09:38 +0000 (21:09 +0200)]
s3-swat: Fix typo.
Thanks to Simo for reporting!
Karolin
(cherry picked from commit
9f73c1990a19daa899fa5345530a867e69a5be94)
Kai Blin [Tue, 12 Jul 2011 06:08:24 +0000 (08:08 +0200)]
s3 swat: Create random nonce in CGI mode
In CGI mode, we don't get access to the user's password, which would
reduce the hash used so far to parameters an attacker can easily guess.
To work around this, read the nonce from secrets.tdb or generate one if
it's not there.
Also populate the C_user field so we can use that for token creation.
Signed-off-by: Kai Blin <kai@samba.org>
The last 12 patches address bug #8290 (CSRF vulnerability in SWAT).
This addresses CVE-2011-2522 (Cross-Site Request Forgery in SWAT).
(cherry picked from commit
0e17d8ef7e4004a0d35011c322b93b6da5811951)
Kai Blin [Sat, 9 Jul 2011 07:52:07 +0000 (09:52 +0200)]
s3 swat: Add time component to XSRF token
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit
227921871146563c1d57f9a8faa3b8354058740c)
Kai Blin [Fri, 8 Jul 2011 13:06:13 +0000 (15:06 +0200)]
s3 swat: Add XSRF protection to printer page
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit
c287fe37acc8d8cd64ffc5227498f5950df64c2b)
Kai Blin [Fri, 8 Jul 2011 13:05:38 +0000 (15:05 +0200)]
s3 swat: Add XSRF protection to password page
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit
01dec3486857243151a63c8f877a4258d5864869)
Kai Blin [Fri, 8 Jul 2011 13:04:48 +0000 (15:04 +0200)]
s3 swat: Add XSRF protection to shares page
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit
ecf5f0e613ca7f908cc961e406033bcc842b097a)
Kai Blin [Fri, 8 Jul 2011 13:04:12 +0000 (15:04 +0200)]
s3 swat: Add XSRF protection to globals page
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit
9482f46dd0e961145345bd2cdbb01fa35ec9f048)
Kai Blin [Fri, 8 Jul 2011 13:03:44 +0000 (15:03 +0200)]
s3 swat: Add XSRF protection to wizard page
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit
02a58bf633f7cd0cb04747d09a8b0a720b5b39b5)
Kai Blin [Fri, 8 Jul 2011 13:03:15 +0000 (15:03 +0200)]
s3 swat: Add XSRF protection to wizard_params page
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit
19a697f189156fed86d9d78e8bb6667e764075af)
Kai Blin [Fri, 8 Jul 2011 13:02:53 +0000 (15:02 +0200)]
s3 swat: Add XSRF protection to viewconfig page
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit
eae32a3f33c7c555663f917d5fba71033c968511)
Kai Blin [Fri, 8 Jul 2011 10:58:53 +0000 (12:58 +0200)]
s3 swat: Add XSRF protection to status page
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit
587002c21aa4e944bf6422d77ec3bc6240bf04d5)
Kai Blin [Fri, 8 Jul 2011 10:57:43 +0000 (12:57 +0200)]
s3 swat: Add support for anti-XSRF token
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit
abaccc2a7b45f9c778c00597b2d927222a118f27)
Kai Blin [Fri, 8 Jul 2011 10:56:21 +0000 (12:56 +0200)]
s3 swat: Allow getting the user's HTTP auth password
Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit
988f59f7eb512fbae5a6cab6ed1dbf32a5737fe7)
Kai Blin [Thu, 7 Jul 2011 08:03:33 +0000 (10:03 +0200)]
s3 swat: Fix possible XSS attack (bug #8289)
Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack
against SWAT, the Samba Web Administration Tool. The attack uses reflection to
insert arbitrary content into the "change password" page.
This patch fixes the reflection issue by not printing user-specified content on
the website anymore.
Signed-off-by: Kai Blin <kai@samba.org>
CVE-2011-2694.
(cherry picked from commit
4cd5237ed156bb5a288e865b5afc88a966e1f386)
Karolin Seeger [Wed, 6 Jul 2011 14:12:27 +0000 (16:12 +0200)]
WHATSNEW: Add changes since 3.5.9.
Karolin
Stefan Metzmacher [Mon, 4 Jul 2011 09:47:24 +0000 (11:47 +0200)]
s3:librpc/gen_ndr: regen after wbint.idl changes
metze
Part of a fix for bug #7841 (WINBINDD_LOOKUPRIDS asks the wrong domain).
Stefan Metzmacher [Thu, 30 Jun 2011 08:09:56 +0000 (10:09 +0200)]
s3:nmbd_subnetdb: close all sockets attached to a subnet in close_subnet() (bug #8276)
metze
(cherry picked from commit
75e9f2110876137a57632d223248ac51dbfc4569)
Stefan Metzmacher [Thu, 30 Jun 2011 07:56:06 +0000 (09:56 +0200)]
s3:nmbd_packets: make sure create_listen_fdset() returns initialized data (bug #8276)
Fix bug #7949 (DoS in Winbind and smbd with many file descriptors open)
(commit
feb3fcd0fa4bda0967b881315595d7702f4d1752) changed the bahavior,
so that we skipped some sockets.
This should work for v3-5-test.
metze
Gregor Beck [Tue, 21 Jun 2011 06:16:56 +0000 (08:16 +0200)]
s3:smbldap: make smbldap_connect_system self contained
The last 5 patches address bug #8253 (winbindd panics if verify_idpool() fails).
Gregor Beck [Tue, 21 Jun 2011 06:06:28 +0000 (08:06 +0200)]
s3:smbldap: add a destructor to smbldap_state, just in case
Gregor Beck [Tue, 21 Jun 2011 06:02:53 +0000 (08:02 +0200)]
s3:smbldap: let smbldap_free_struct do what it claims to
Gregor Beck [Tue, 21 Jun 2011 06:00:59 +0000 (08:00 +0200)]
s3:smbldap: free the idle event scheduled in smbldap_open in smbldap_close
Gregor Beck [Tue, 21 Jun 2011 05:51:41 +0000 (07:51 +0200)]
s3:smbldap: use smbldap_state as memory context for idle event
ensure the event is canceled if the smbldap_state gets freed
this fixes a panic of winbindd if verify_idpool fails