Jeremy Allison [Fri, 19 Nov 2010 00:13:28 +0000 (16:13 -0800)]
Add SeSecurityPrivilige.
Jeremy.
(cherry picked from commit
f11da60f3189bc70eb82259435e108f40b2bb333)
Jeremy Allison [Fri, 22 Oct 2010 23:14:28 +0000 (16:14 -0700)]
Ensure we have correct parameters to use Windows ACL modules.
(cherry picked from commit
117d14f108cded28ac2868d5040f633856cca923)
Jeremy Allison [Sat, 23 Oct 2010 00:28:58 +0000 (17:28 -0700)]
Add acl_xattr:ignore system acls boolean (normally false) to allow Samba ACL module to ignore mapping to lower POSIX layer. With this fix Samba 3.6.x now passes RAW-ACLs (with certain smb.conf parameters set).
Jeremy.
(cherry picked from commit
7c892ed58f816985e58b9cef2ff4cd2a81d16995)
Jeremy Allison [Fri, 22 Oct 2010 23:04:53 +0000 (16:04 -0700)]
Add make_default_filesystem_acl() function to be used in following change to acl_xattr and acl_tdb module.
(cherry picked from commit
2d84fce8f20c4eac70b02f0fc4333b15e278edfc)
Jeremy Allison [Fri, 22 Oct 2010 22:56:31 +0000 (15:56 -0700)]
Fix handling of "NULL" DACL. Map to u/g/w - rwx.
(cherry picked from commit
84b2a3d013390c01ef27d10085a0bf10137c857f)
Jeremy Allison [Sat, 23 Oct 2010 00:23:13 +0000 (17:23 -0700)]
Fix "force unknown ACL user" to strip out foreign SIDs from POSIX ACLs if they can't be mapped.
(cherry picked from commit
3fcceb6c5ae55f5e3a66f71e44b5caa665596832)
Jeremy Allison [Fri, 22 Oct 2010 21:55:52 +0000 (14:55 -0700)]
Add debug message to get_nt_acl_internal() to see what we got.
(cherry picked from commit
514e3e786f999979f9fd85a9c08de9e06e50938b)
Jeremy Allison [Fri, 22 Oct 2010 21:54:19 +0000 (14:54 -0700)]
Fix valgrind "uninitialized read" error on "info" when returning !NT_STATUS_OK.
(cherry picked from commit
9b615ce8706f4f4c59055fe155446f1fdac36323)
Jeremy Allison [Fri, 15 Oct 2010 21:12:04 +0000 (14:12 -0700)]
Fix bug #7734 - When creating files with "inherit ACLs" set to true, we neglect to apply appropriate create masks.
Jeremy.
(cherry picked from commit
8cad5e23b6e2440a566def6fb138d484e3b47643)
(cherry picked from commit
e675462b3cfc53d7fe0c6e07c13a386599c5afd9)
Jeremy Allison [Fri, 15 Oct 2010 20:30:07 +0000 (13:30 -0700)]
Fix bug #7733 - Invalid client DOS attributes on create can cause incorrect unix mode_t to be generated.
It turns out a client can send an NTCreateX call for a new file, but specify
FILE_ATTRIBUTE_DIRECTORY in the attribute list. Windows silently strips this,
but we don't - causing the unix_mode() function to go through the "mode bits
for new directory" codepath, instead of the "mode bits for new file" codepath.
Jeremy.
(cherry picked from commit
92adb686372a9b67e47efb5b051bc351212f1780)
(cherry picked from commit
6b4141e92151adaa0d2ef036657783a99ef517c6)
Jeremy Allison [Sat, 23 Oct 2010 00:18:45 +0000 (17:18 -0700)]
Make the vfs_acl_xattr and other modules work with NULL SD's. Fix the "protected" inheritance problem (bleeding up from the POSIX layer).
Jeremy
(cherry picked from commit
fe5b8a9dc994d3020537f4e68f2105c806cd103b)
Jeremy Allison [Sat, 23 Oct 2010 00:11:17 +0000 (17:11 -0700)]
Canonicalize incoming and outgoing ACLs.
Jeremy.
(cherry picked from commit
b01501af60d364ce7e7c96b7e4b93502c453ac6d)
Jeremy Allison [Sat, 23 Oct 2010 00:07:10 +0000 (17:07 -0700)]
Make the posix ACL module cope with a NULL incoming DACL and a missing owner/group.
Jeremy.
(cherry picked from commit
09ee42d774c0b0f8cf9a67feb80426c19b4ce24c)
Jeremy Allison [Tue, 23 Nov 2010 19:16:31 +0000 (11:16 -0800)]
Fix bug #7785 - atime limit.
On a 64-bit time_t system make MAX_TIME_T the max value that
can be represented in a struct tm. This allows applications to
set times in the future beyond the 32-bit time_t limit (2037).
This is only in source3/configure.in, needs adding to the waf
configure/build system (but I'll need help with that).
Jeremy.
(cherry picked from commit
ff6c598f7f18e6ba945a3fe082b01255a0a42325)
Samba-JP oota [Tue, 23 Nov 2010 16:06:48 +0000 (17:06 +0100)]
s3-docs: Update 3.2 features.
(cherry picked from commit
aa54713615c5d0367528733ff2c3a5650eed96f7)
(cherry picked from commit
55754e2c1f620eee662319a0bcb89f8620014d56)
Jeremy Allison [Thu, 11 Nov 2010 17:44:21 +0000 (09:44 -0800)]
Fix bug #7791 - gvfsd-smb (Gnome vfs) fails to copy files from a SMB share using SMB signing.
The underlying problem is that the old code invoked by cli_write() increments
cli->mid directly when issuing outstanding writes. This should now be done only
in libsmb/clientgen.c to make metze's new signing engine works correctly. Just
deleting this code fixes the problem.
Jeremy.
(cherry picked from commit
9a02a38d9783b0d7dc172cc5bdc2380bc5d107cf)
Jeremy Allison [Fri, 5 Nov 2010 19:13:38 +0000 (12:13 -0700)]
Second part of fix for bug #7777 - When requesting lookups for BUILTIN sids, winbindd allocates new uids/gids in error.
Ensure we return after calling passdb for SID lookups for which we are
authoritative.
Jeremy.
(cherry picked from commit
b5c8b1bbb53caa0ceabb4a5180ff7deb1e58b538)
Jeremy Allison [Fri, 5 Nov 2010 19:11:53 +0000 (12:11 -0700)]
First part of fix for bug #7777 - When requesting lookups for BUILTIN sids, winbindd allocates new uids/gids in error.
Ensure idmap_init_passdb_domain() correctly initialized the default
domain first.
Jeremy.
(cherry picked from commit
32a5aa62cb54e90947bd027e72871ffc07c3dbcf)
Volker Lendecke [Sat, 6 Nov 2010 20:18:35 +0000 (21:18 +0100)]
s3: Fix bug 7779, crash in expand_msdfs
(cherry picked from commit
82e15a5ee335ac87ab473899b333056a02bf15b3)
Volker Lendecke [Wed, 3 Nov 2010 12:08:37 +0000 (13:08 +0100)]
s3: Fix a getgrent crash with many groups
Fix bug #7774.
(cherry picked from commit
d070359ca01c1b340a610dd2cf9ce60b33c256e4)
Jeremy Allison [Wed, 20 Oct 2010 20:58:15 +0000 (13:58 -0700)]
Fix bug #7744 - "dfree cache time" doesn't work.
There is a bug in processing the dfree cache time, which is associated with the
smbd idle timer. The idle timer call conn_idle_all(), which updates the
conn->lastused timestamp. The dfree cache time code in smbd/dfree.c depends on
conn->lastused being up to date to refresh the cached dfree value.
Unfortunately the conn_idle_all() returns early if any of the connection
structs is not idle, never updating any further conn->lastused timestamps. If
(as is common due to an IPC$ connection) there are more than one used
connection struct, then the conn->lastused timestamps after the IPC$ connection
in the connection list will never be updated.
Ensure we always update conn->lastused for all connections when calling
conn_idle_all().
Jeremy.
(cherry picked from commit
47841952936e28916a738105194d662207477285)
Jeremy Allison [Wed, 20 Oct 2010 18:22:57 +0000 (11:22 -0700)]
Fix bug #7743 - Inconsistent use of system name lookup can cause a domain joined machine to fail to find users.
Ensure all username lookups go through Get_Pwnam_alloc(), which is the
correct wrapper function. We were using it *some* of the time anyway,
so this just makes us properly consistent.
Jeremy.
(cherry picked from commit
6e9d95f753b2b127268f1eb9a40d601002484bd1)
Volker Lendecke [Fri, 15 Oct 2010 14:37:47 +0000 (16:37 +0200)]
s3: Fix bug 7730 -- crash in winbindd_dsgetdcname.c
(cherry picked from commit
f1b04a210074546d4e4347b62b4f7f5b879454d9)
Jeremy Allison [Thu, 7 Oct 2010 21:26:13 +0000 (14:26 -0700)]
Fix bug 7716 - acl_xattr and acl_tdb modules don't store unmodified copies of security descriptors.
As pointed out by an OEM, the code within smbd/posix_acl.c, even though passed
a const pointer to a security descriptor, still modifies the ACE entries within
it (which are not const pointers).
This means ACLs stored in the extended attribute by the acl_xattr module have
already been modified by the POSIX acl layer, and are not the original intent
of storing the "unmodified" ACL from the client.
Use dup_sec_desc to make a copy of the incoming ACL on talloc_tos() - that
is what is then modified inside smbd/posix_acl.c, leaving the original ACL
to be correctly stored in the xattr.
Jeremy.
(cherry picked from commit
02dd1fc3c777a49e4fa51982956dcdcc8761e0c9)
Volker Lendecke [Sat, 2 Oct 2010 09:50:26 +0000 (11:50 +0200)]
s3: Attempt to fix bug 7665
Quite a few of our internal routines put stuff on talloc_tos() these days.
In top-level netapi routines, properly allocate a stackframe and clean it
again. Also, don't leak memory in the rpccli_ callers onto the libnetapi
context.
(cherry picked from commit
c4421a287c7e613c0c8da188a6ae8db37e90c8fc)
Michael Adam [Sun, 31 Oct 2010 00:04:25 +0000 (02:04 +0200)]
s3:librpc/ndr: use new strlen_m_ext_term() in ndr_charset_length(): fix bug #7594
This fixes the calculation of needed space for destination unicode charset.
The last 4 patches address bug #7594 ("wbinfo -u" and "wbinfo -g" gives no
output (log=>ndr_pull_error)).
(cherry picked from commit
8e46bff8b88103f4a5b0d3920ab6e3901decaf22)
Stefan Metzmacher [Wed, 25 Aug 2010 08:05:15 +0000 (10:05 +0200)]
librpc/ndr: correctly implement ndr_charset_length()
Before we ignored the charset type.
metze
Signed-off-by: Michael Adam <obnox@samba.org>
(cherry picked from commit
9fd5cc6d85d3179972d7567bad95538ab2873c30)
Michael Adam [Sun, 31 Oct 2010 00:02:16 +0000 (02:02 +0200)]
s3:lib/util_str: add strlen_m_ext_term() - variant of strlen_m_ext() counting terminator
(cherry picked from commit
f7928a0e0b2be27e83bf26644c45ac554c5acec2)
Michael Adam [Mon, 1 Nov 2010 15:28:43 +0000 (16:28 +0100)]
s3:lib/util_str: add strlen_m_ext() that takes the dest charset as a parameter.
(cherry picked from commit
054cd7ec30a3289443c97d36ea416d37f19d6b0b)
Jeremy Allison [Mon, 13 Sep 2010 23:51:59 +0000 (16:51 -0700)]
Fix bug 7409 - Thousands of reduce_name: couldn't get realpath.
Don't log this at level 1 - every EACCES will generate one.
Thanks to muehlfeld@medizinische-genetik.de for pointing this out.
Jeremy.
(cherry picked from commit
7effd963691f8a1307b658b029c4f7f255399bb6)
Karolin Seeger [Mon, 28 Feb 2011 13:46:28 +0000 (14:46 +0100)]
WHATSNEW: Start release notes for 3.5.8.
Karolin
Karolin Seeger [Mon, 28 Feb 2011 13:44:31 +0000 (14:44 +0100)]
VERSION: Bump version number up to 3.5.8.
Karolin
Karolin Seeger [Sun, 27 Feb 2011 17:42:19 +0000 (18:42 +0100)]
WHATSNEW: Prepare 3.5.7 release notes.
Karolin
Jeremy Allison [Sun, 27 Feb 2011 16:58:06 +0000 (17:58 +0100)]
Fix denial of service - memory corruption.
CVE-2011-0719
Fix bug #7949 (DoS in Winbind and smbd with many file descriptors open).
All current released versions of Samba are vulnerable to
a denial of service caused by memory corruption. Range
checks on file descriptors being used in the FD_SET macro
were not present allowing stack corruption. This can cause
the Samba code to crash or to loop attempting to select
on a bad file descriptor set.
A connection to a file share, or a local account is needed
to exploit this problem, either authenticated or unauthenticated
(guest connection).
Currently we do not believe this flaw is exploitable
beyond a crash or causing the code to loop, but on the
advice of our security reviewers we are releasing fixes
in case an exploit is discovered at a later date.
Karolin Seeger [Fri, 8 Oct 2010 12:36:50 +0000 (14:36 +0200)]
WHATASNEW: Start 3.5.7 release notes.
Karolin
(cherry picked from commit
34aa6f4b920fee5adf4376d7626efb4782ae039a)
Karolin Seeger [Fri, 8 Oct 2010 12:35:23 +0000 (14:35 +0200)]
VERSION: Bump version number up to 3.5.7.
Karolin
(cherry picked from commit
7e0ae1b5538da956d2d301cf0fe01f82f98fe024)
Karolin Seeger [Thu, 7 Oct 2010 16:21:32 +0000 (18:21 +0200)]
WHATSNEW: Update release notes.
Karolin
(cherry picked from commit
2c88eee4a311a9d62d121063051c0e3adf145000)
Volker Lendecke [Sat, 2 Oct 2010 15:07:00 +0000 (17:07 +0200)]
s3: Stop using the write cache after an oplock break
Fix bug #7715 (Setting Samba Write Cache Size Can Cause File Corruption).
(cherry picked from commit
9f8292e5f765dff586bfbb261b54da4d4b27a837)
Jeremy Allison [Sun, 26 Sep 2010 11:59:31 +0000 (04:59 -0700)]
Fix bug 7694 - Crash bug with invalid SPNEGO token.
Found by the CodeNomicon test suites at the SNIA plugfest.
http://www.codenomicon.com/
If an invalid SPNEGO packet contains no OIDs we crash in the SMB1/SMB2 server
as we indirect the first returned value OIDs[0], which is returned as NULL.
Modified for 3.5.x.
Jeremy.
(cherry picked from commit
5e7e402320ebce06957e85f35d478615b2210a87)
Karolin Seeger [Wed, 6 Oct 2010 19:24:30 +0000 (21:24 +0200)]
WHATSNEW: Update release notes.
Karolin
(cherry picked from commit
b19f866f2285da5ecc3982b2c9c0ccd005dd41cc)
Jeremy Allison [Sun, 26 Sep 2010 11:49:29 +0000 (04:49 -0700)]
Fix bug #7698 - Assert causes smbd to panic on invalid NetBIOS session request.
Found by the CodeNomicon test suites at the SNIA plugfest.
http://www.codenomicon.com/
If an invalid NetBIOS session request is received the code in name_len() in
libsmb/nmblib.c can hit an assert.
Re-write name_len() and name_extract() to use "buf/len" pairs and
always limit reads.
(Modified for 3.5.x)
Jeremy.
(cherry picked from commit
08bb0fb61580cf528109ebd061a91e4fa5be5a2b)
Volker Lendecke [Sat, 25 Sep 2010 17:56:58 +0000 (10:56 -0700)]
s3: Fix bug 7470
S_IREAD and S_IWRITE are not standard.
Thanks to Joachim Schmitz <schmitz@hp.com> for reporting!
(cherry picked from commit
f1f260c018bfb5b2269731bb806176da1db12db8)
Karolin Seeger [Mon, 27 Sep 2010 20:04:27 +0000 (22:04 +0200)]
WHATSNEW: Update changes since 3.5.5.
Karolin
(cherry picked from commit
ca69f9665441f51a59b215f466311dac5fc1bc88)
Volker Lendecke [Sat, 18 Sep 2010 14:37:04 +0000 (07:37 -0700)]
s3: Fix bug 7688, rpcclient command line completion crashing
We've grown more than 100 rpcclient commands by now, so this would overwrite
the array of 100 completions. There's nicer ways to fix this problem, but 1000
rpcclient commands should be at least a bit away.
(cherry picked from commit
ec3bca61a10d8dcaa6a94046120dd414e39289b1)
Volker Lendecke [Tue, 21 Sep 2010 22:41:23 +0000 (15:41 -0700)]
s3: Remove a global variable in bugfix for bug 7665
(cherry picked from commit
cf364274cbae996fbe186b2c2792b212f189e26a)
Günther Deschner [Tue, 21 Sep 2010 04:05:37 +0000 (21:05 -0700)]
s3-libnetapi: Fix Bug #7665, memory leak in netapi connection manager.
Guenther
(cherry picked from commit
6f47a24bc55be0ea907594a748774675a105b5e3)
(cherry picked from commit
f9f54825238d4e30827dea897456ff8cf4e6730c)
Volker Lendecke [Mon, 6 Sep 2010 13:13:48 +0000 (15:13 +0200)]
s3: Fix the charset_pull routine
In the push routine we do the SVAL, so we should do the SSVAL here.
Fix bug #7531 (3.5.3 unusable on solaris 10).
(cherry picked from commit
73a7100a21a50873d09cef7a100ed75c4095863f)
Björn Jacke [Mon, 7 Jun 2010 21:06:28 +0000 (23:06 +0200)]
s3: fix build on platforms without st_blocks and st_blksize stat struct members
This fixes bug 7474.
(cherry picked from commit
18516e062c9c4fc2a61a7ef7c8b173683c02e2e8)
Jeremy Allison [Wed, 22 Sep 2010 19:26:13 +0000 (12:26 -0700)]
Fix bug #7693 - smbd changing mode of files on rename
When using "map archive", don't change the archive bit on
renames or writes with UNIX extensions turned on.
Jeremy.
(cherry picked from commit
24f9210fe1e2280e08a7b2dd2cb33e7af4c1c002)
Chere Zhou [Tue, 6 Jul 2010 00:18:35 +0000 (17:18 -0700)]
s3:smbd: Align change notify replies on 4-byte boundary
MS-CIFS section 2.2.7.4.2 states this is mandatory. WinXP clients
don't seem to care, but a Win7 client will send an immediate Close()
to the directory handle when receiving an incorrectly aligned
change notify response.
Fix bug #7662 (Change notify replies must be aligned on 4-byte boundary for
Win7.)
(cherry picked from commit
2ee2ea9fa5b839a4395895872f1ed149226dd06f)
Volker Lendecke [Mon, 10 May 2010 10:05:01 +0000 (12:05 +0200)]
libwbclient: Fix a fd-leak at dlclose-time
__attribute__((destructor)) makes winbind_close_sock() being called at
dlclose() time.
Found while testing apache on Linux with mod_auth_pam.
Other platforms will have to find a different fix. One possibility would be to
always close the socket after each operation, but this badly sucks
performance-wise.
Fix bug #7684 (fd leak in libwbclient.so).
(cherry picked from commit
f7e7fa50ec3aef60b72a34988825e314b7228c23)
Günther Deschner [Thu, 3 Jun 2010 14:30:55 +0000 (16:30 +0200)]
s3-spoolss: add and use spoolss_printerinfo2_to_setprinterinfo2().
This fixes some invalid typecasts.
Guenther
The last 3 patches address bug #7658 (fix some "dereferencing type-punned
pointer will break strict-aliasing rules" warnings).
(cherry picked from commit
1a4a8e9bfb146276174a3723e3f20897e0443542)
Günther Deschner [Mon, 10 May 2010 12:44:30 +0000 (14:44 +0200)]
s3-rpcclient: fix two more invalid typecasts in spoolss commands.
Guenther
(cherry picked from commit
83736066a3f94eaadb422016c9f22cb18bec2cd7)
(cherry picked from commit
589bb48af5708501ab47335c84a59f0923ccb20b)
Günther Deschner [Tue, 25 May 2010 10:43:00 +0000 (12:43 +0200)]
s3-net: fix a "dereferencing type-punned pointer will break strict-aliasing rules" warning.
Guenther
(cherry picked from commit
f12028a3fd5c64bc8e13996cb9a18a19ec0929e0)
(cherry picked from commit
a88f1bddbc348075c322834153040b57f5eb6ab0)
Volker Lendecke [Fri, 27 Aug 2010 12:44:16 +0000 (14:44 +0200)]
s3: Cache results of finding printer names
With hundreds of printers or on a slow machine, this can become expensive.
Problem reported and patch sponsored by DESY, Hamburg (www.desy.de)
Fix bug #7656 (Scalability problem with hundreds of printers).
(cherry picked from commit
de445e29ce944985651cbd62c8203cc9ace51a25)
Jeremy Allison [Thu, 26 Aug 2010 23:49:21 +0000 (16:49 -0700)]
Fix bug #7651 - mknod and mkfifo fails with "No such file or directory"
Ensure we check the correct stat struct once we've created the
special fix. Thanks to izh1979@gmail.com for pointing out the
bug.
Jeremy.
(cherry picked from commit
3ced147b6e0ba872b6b49a27f30e4a44695d42f3)
Günther Deschner [Mon, 23 Aug 2010 14:02:23 +0000 (16:02 +0200)]
s3-dcerpc: avoid talloc_move on schannel creds in cli_rpc_pipe_open_schannel_with_key().
Initially, the schannel creds were talloc memduped, then, during the netlogon
creds client merge (
baf7274fed2f1ae7a9e3a57160bf5471566e636c) they were first
talloc_referenced and then later (
53765c81f726a8c056cc4e57004592dd489975c9)
talloc_moved.
The issue with using talloc_move here is that users of that function in winbind
will only be able to have two schanneled connections, as the cached schannel
credentials pointer from the netlogon pipe will be set to NULL. Do a deep copy
of the struct instead.
Guenther
(cherry picked from commit
898c6123355a3a11ec17f0396c4cb3018c75c184)
(cherry picked from commit
68e83f9fedf0a0f0fa412d3ecec8ee853bf82bac)
Jeremy Allison [Mon, 23 Aug 2010 20:05:56 +0000 (13:05 -0700)]
Final part of fix for bug #7636 - winbind internal error, backtrace.
Ensure cm_get_schannel_creds() returns NTSTATUS.
Jeremy.
(cherry picked from commit
33060f67be100836d381a74bced351c6579cc58d)
(cherry picked from commit
ab96b398a5afc7e877cffd9d7c749a72916c6b5c)
Björn Jacke [Thu, 12 Aug 2010 14:18:45 +0000 (16:18 +0200)]
s3: fall back to cups-config for underlinked libs
some OpenBSD systems have underlinked cups libraries. If linking against cups
alone fails, try to link against all the cups-config --libs cruft, which we
usually don't want. (bugzila #7244)
(cherry picked from commit
616e187d68e3e7b202413a96518b31d029e9563a)
(cherry picked from commit
fd43cc698a7f03c4d6c48d21e88097cc5050ca8e)
Volker Lendecke [Sat, 21 Aug 2010 09:32:58 +0000 (11:32 +0200)]
s3: Fix bug 7635
smbclient -M not sending due to NT_STATUS_PIPE_BROKEN
(cherry picked from commit
fe4dcd44ec581afb631125b1d0bade055ca97e30)
Jeremy Allison [Thu, 29 Jul 2010 20:44:35 +0000 (13:44 -0700)]
Fix bug #7589 - ntlm_auth fails to use cached credentials.
In handling the WINBINDD_PAM_AUTH message winbindd canonicalizes a *copy*
of the mapped username, but fails to canonicalize the actual username
sent to the backend domain process. When "winbind default domain"
is set this can lead to credentials being cached with an index of
user: user, not DOMAIN\user. All other code paths that use
canonicalize_username() (WINBINDD_PAM_CHAUTHTOK, WINBINDD_PAM_LOGOFF)
correctly canonicalize the data sent to the backend. All calls
the can cause credentials to be looked up (PAM_CHAUTHTOK etc.)
correctly call canonicalize_username() to create the credential
lookup key.
Jeremy.
(cherry picked from commit
c3f2015075ff1e523536cdd242ba0ec5b26f081c)
Jeremy Allison [Fri, 13 Aug 2010 00:02:30 +0000 (17:02 -0700)]
Fix bug 7581 - Users in "admin users" in smb.conf file are unable to read/write all files when the acl_xattr vfs module is used.
Correctly check admin users in smb1_file_se_access_check().
Jeremy.
(cherry picked from commit
383477789445d42d0d7451fea770c456625f16e1)
Jim McDonough [Mon, 23 Aug 2010 09:13:06 +0000 (11:13 +0200)]
s3-printing: fix BUG 7280 - auto printers not loading with registry config
(cherry picked from commit
bb92b0e1571e4766ab20bb3eea53f9e7f9567a5f)
Jeremy Allison [Tue, 27 Jul 2010 08:54:01 +0000 (01:54 -0700)]
Fix bug 7590 - offline login fails because winbind deletes cache on every startup.
Sync lib/tdb_validate.c with the change in current master.
Change tdb_validate_open() to always use O_RDWR instead of O_RDONLY,
as (from the bug report): "db_check() will always return failure for a read-only database.
Silently, without any log output, when _tdb_lockall() fails."
Jeremy.
(cherry picked from commit
39cb903463d8a3fcabd9e148112bf5cf81744130)
Stefan Metzmacher [Mon, 9 Aug 2010 09:26:59 +0000 (11:26 +0200)]
rerun: make samba3-idl
metze
(cherry picked from commit
5dff580fb710c9fe95a77afdb543203c4a6e5645)
Stefan Metzmacher [Thu, 5 Aug 2010 08:04:57 +0000 (10:04 +0200)]
pidl: Samba3/ClientNDR - Correctly copy arrays, if r.out.size < r.in.size.
metze
Signed-off-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
33d1879d5b50e2d98c1bb13b835e7cfb178e3336)
(cherry picked from commit
d1e92cd2944983ecabd0511ff7c8221c1033a3a8)
Fixes bug #7607.
(cherry picked from commit
614e9504a98a3a484a14c89b814952aeddc43dac)
Jeremy Allison [Thu, 12 Aug 2010 21:24:01 +0000 (14:24 -0700)]
Fix bug #7617 - smbd coredump due to uninitialized variables in the performance counter code.
In the file rpc_server.c, function _winreg_QueryValue()
uint8_t *outbuf
Should be :
uint8_t *outbuf = NULL;
As it is later freed by
if (free_buf) SAFE_FREE(outbuf);
in some cases, this frees the unintialized outbuf, which causes a coredump.
(cherry picked from commit
84fd910c347ddfad6f01edbe7f6e25546c8382ee)
(cherry picked from commit
80e65236158d6f1690bf9f153c0eb12d81d56b8a)
Günther Deschner [Mon, 9 Aug 2010 12:31:24 +0000 (14:31 +0200)]
s3-winbind: Fix Bug #7568: Make sure cm_connect_lsa_tcp does not reset the secure channel.
This is an important fix as the following could and is happening:
* winbind authenticates a user via schannel secured netlogon samlogonex call,
current secure channel cred state is stored in winbind state, winbind
sucessfully decrypts session key from the info3
* winbind sets up a new schannel ncacn_ip_tcp lsa pipe (and thereby resets the
secure channel on the dc)
* subsequent samlogonex calls use the new secure channel creds on the dc to
encrypt info3 session key, while winbind tries to use old schannel creds for
decryption
Guenther
(cherry picked from commit
be396411a4e1f3a174f8a44b6c062d834135e70a)
(cherry picked from commit
afe0e73b7bb640428396c9f40dbbcba5c311fcd9)
(cherry picked from commit
179399401ccae7ae2579b94420d0386531ad2686)
Jeremy Allison [Tue, 27 Jul 2010 08:05:16 +0000 (10:05 +0200)]
s3: Fix bug 7578
'net idmap restore' fails to set HWM, causing duplicates
(cherry picked from commit
de7cb260e2145674bd5428c3e08b885fb0450659)
Jeremy Allison [Tue, 27 Jul 2010 06:45:46 +0000 (08:45 +0200)]
s3-libsmb: Fix bug #7577.
SPNEGO auth fails when contacting Win7 system using Microsoft Live Sign-in
Assistant.
(cherry picked from commit
97e0238d0e8b1573a408648bff29958a2e1a89e8)
Jeremy Allison [Tue, 27 Jul 2010 06:40:58 +0000 (08:40 +0200)]
s3-libsmb: Fix bug #7583.
Smbclient fails to kerberos connect to a Alfresco JLAN
CIFS Server.
(cherry picked from commit
3b3670e329f1e0e5f76adfbdbbcadd9ee0202328)
Andrew Tridgell [Thu, 10 Dec 2009 00:22:20 +0000 (11:22 +1100)]
librpc: split out a separate GUID_from_ndr_blob() function
This will simplify many of the places that deal with NDR formatted
GUIDs
(cherry picked from commit
effff544265c63c95cf630d426b630bfe4d25aec)
This patch is part of a fix for bug #7538 (Backport fixes for
GUID_from_data_blob).
(cherry picked from commit
e8ed2b596627e8704e3384d5997020059b47144a)
Volker Lendecke [Sun, 4 Jul 2010 08:01:42 +0000 (10:01 +0200)]
s3: Fix bug 7336: Enable idmap_passdb module build as shared
(cherry picked from commit
8c0fbc410798512b7a4b7db73bcb24cde6fa7849)
(cherry picked from commit
b4803af11525823ea508d0ca4e58402d55901194)
Günther Deschner [Thu, 1 Jul 2010 11:58:56 +0000 (13:58 +0200)]
s3-printing: Fix Bug #7541, %D in "printer admin" causing smbd crash.
Guenther
(cherry picked from commit
f3c852eb5f771fc8a48aa674d39e1a4547e2eb3e)
Andreas Schneider [Mon, 28 Jun 2010 19:00:30 +0000 (21:00 +0200)]
s3-librpc: Fixed GUID_from_data_blob() with length of 32.
If we hit the case that the blob length is 32. The code goes to the end
of the function and generates a GUID with garbage.
So try to convert the blob to the GUID and return.
Fix bug #7538 (Backport fixes for GUID_from_data_blob).
(cherry picked from commit
3c4353d2aa15db278bb87c949cce2deb3a5072ca)
Karolin Seeger [Sat, 25 Sep 2010 13:21:17 +0000 (15:21 +0200)]
VERSION: Bump version number up to 3.5.6.
Karolin
(cherry picked from commit
dcb31fa3e3ebf2d5ca7517dc664ebc94df5d04d1)
Karolin Seeger [Sat, 25 Sep 2010 13:20:26 +0000 (15:20 +0200)]
WHATSNEW: Prepare release notes for Samba 3.5.6.
Karolin
(cherry picked from commit
eb895e3b281ca3ece57e7c97f24a73a061daccda)
Karolin Seeger [Thu, 9 Sep 2010 14:22:50 +0000 (16:22 +0200)]
WHATSNEW: Update release date.
Karolin
Karolin Seeger [Thu, 9 Sep 2010 13:57:36 +0000 (15:57 +0200)]
WHATSNEW: Prepare 3.5.5 release notes.
Karolin
Jeremy Allison [Thu, 9 Sep 2010 13:54:23 +0000 (15:54 +0200)]
Fix bug #7669.
Fix bug #7669 (buffer overflow in sid_parse() in Samba3 and dom_sid_parse in
Samba4).
CVE-2010-3069:
===========
Description
===========
All current released versions of Samba are vulnerable to
a buffer overrun vulnerability. The sid_parse() function
(and related dom_sid_parse() function in the source4 code)
do not correctly check their input lengths when reading a
binary representation of a Windows SID (Security ID). This
allows a malicious client to send a sid that can overflow
the stack variable that is being used to store the SID in the
Samba smbd server.
A connection to a file share is needed to exploit this
vulnerability, either authenticated or unauthenticated
(guest connection).
Karolin Seeger [Thu, 24 Jun 2010 06:15:24 +0000 (08:15 +0200)]
WHATSNEW: Start release notes for 3.5.5.
Karolin
(cherry picked from commit
28f6e4144b092bd21f49ca989d36df19ce002231)
Karolin Seeger [Thu, 24 Jun 2010 06:13:33 +0000 (08:13 +0200)]
VERSION: Bump version number up to 3.5.5.
Karolin
(cherry picked from commit
6e2b68fef3e0851e1564921d1c4285c8d4a9b550)
Karolin Seeger [Mon, 21 Jun 2010 08:30:25 +0000 (10:30 +0200)]
s3-docs: Add missing whitespace.
Karolin
(cherry picked from commit
2352538362977e456e8d05783f2732ff650cea41)
(cherry picked from commit
9d9a9a0f79ad6fa894f72a4678f59fb40c9fce94)
Karolin Seeger [Fri, 18 Jun 2010 11:59:30 +0000 (13:59 +0200)]
WHATSNEW: Update changes since 3.5.3.
Karolin
(cherry picked from commit
656160ef0643aeba28c7db499ddb1e840c78e4bb)
Günther Deschner [Wed, 16 Jun 2010 15:08:36 +0000 (17:08 +0200)]
s3-docs: Fix some of ntlm_auth ntlm-server-1 protocol documentation.
Guenther
(cherry picked from commit
cfb67b1a169350a8316532eb5d53de4a3f2bacb3)
(cherry picked from commit
b3ccbcb83650cea627ad97e920d3f73659ffa6a0)
Björn Jacke [Wed, 16 Jun 2010 21:36:38 +0000 (23:36 +0200)]
s3:configure: use cc for linking on IRIX and fix shlib usage
The last two patches address bug #7504 (numerous build glitches to be fixed).
(cherry picked from commit
fe9dde3a629db9ae98ff6d94be145aa7e7c2d9ce)
Björn Jacke [Wed, 3 Feb 2010 22:28:38 +0000 (23:28 +0100)]
s3:vfs_scannedonly: fix a build issue on IRIX and HP-UX
this is a cherry-pick of
ae95e8028c294ee1e2dc66a7a62d006572142629
(cherry picked from commit
4a7f1c92f7a1471f5edf06736835a5dc979af3f7)
Olaf Flebbe [Tue, 25 May 2010 11:22:56 +0000 (13:22 +0200)]
check if LD_AS_NEEDED breaks linking with libreadline fixes #7209
Signed-off-by: Simo Sorce <idra@samba.org>
(cherry picked from commit
7aa8af144efc6d57f33b90ac856096aa7089468d)
(cherry picked from commit
f2330cc029243c70043b18554241363d890c96e7)
Günther Deschner [Wed, 16 Jun 2010 12:18:45 +0000 (14:18 +0200)]
s3-auth: in make_user_info_for_reply_enc make sure to check length and data pointer of nt and lm hash.
This fixes kernel cifs client with sec=ntlmv2.
Guenther
(cherry picked from commit
b4364add896d1657263a66c55d867d28bf5ceb1b)
Fix bug #7517 (session setup from linux kernel cifs client fails with
sec=ntlmv2).
(cherry picked from commit
a95df865d474b0ba59ad95dcb8c20c923c66f4ba)
Günther Deschner [Fri, 23 Apr 2010 00:34:43 +0000 (02:34 +0200)]
s3-spoolss: fix some crash bugs and missing error codes in AddDriver paths.
Found by torture test.
Guenther
(cherry picked from commit
413ffe9adb8eea488133da0249dcb2eca08fd69d)
Addresses bug #7459 (after upgrade to samba 3.4 and 3.5 lose ability to control duplex
for normal domain user).
(cherry picked from commit
286f4b53993fab0ffc53e5619e2987dfb13b0ec2)
Björn Jacke [Wed, 16 Jun 2010 11:48:53 +0000 (13:48 +0200)]
s3:Makefile: fix a typo in flag variable name
This is the backport of
60cba59ff8ee75e3d476c1b293ca2f545b7f9e49 and fixes
another build error on AIX.
see also bug #7504 (numerous build glitches to be fixed)
(cherry picked from commit
be585bb0cd81f5ddd3345f04990eaddfa1e13eda)
Björn Jacke [Wed, 12 May 2010 17:05:37 +0000 (19:05 +0200)]
s3:build: remove CFLAGS from Solaris LDSHFLAGS, SHLD has them already
The last 9 patches address bug #7504 (numerous build glitches to be fixed).
(cherry picked from commit
6c78aca691a9951a5a5c27e538df8c8376a74db1)
Björn Jacke [Sun, 30 May 2010 22:26:01 +0000 (00:26 +0200)]
s3: final test for working shlib support requires PICFLAG
(cherry picked from commit
85cbb1a6b371e2282f0115e87e803c6fdc03c07c)
Björn Jacke [Sun, 30 May 2010 21:50:48 +0000 (23:50 +0200)]
s3: use autoconf macro to get some debug output in config.log
(cherry picked from commit
87a0f216eb6929e48b1c3c234426d29fdab38dc8)
Björn Jacke [Fri, 28 May 2010 23:40:21 +0000 (01:40 +0200)]
s3: fix check for pie compiler flags
some compilers (HP and Sun e.g.) output warning messages on stderr for unknown
options and we ended up partly using some unwanted random compile flags we
did't intend to use.
(cherry picked from commit
e8468ab02b201885b6a211c4b27913014ee9a5a2)
Björn Jacke [Fri, 28 May 2010 23:39:16 +0000 (01:39 +0200)]
s3: add m4 macro to check if stderr is empty or not
(cherry picked from commit
6f2bf6cf9d2b5ed3ca2992e26f442035764e0762)
Björn Jacke [Mon, 24 May 2010 21:28:44 +0000 (23:28 +0200)]
s3:configure: add Werror_FLAGS for IBM's xlc
(cherry picked from commit
8c4cdf30ae254b4c5ff9eff221529abc98855857)
Björn Jacke [Wed, 26 May 2010 15:22:24 +0000 (17:22 +0200)]
s3:Makefile: add missing linker flags for smbfilter
this should fix the AIX build
(cherry picked from commit
634577b29d8eea085c79e35d34d6e242a0a9f5a2)
Björn Jacke [Mon, 24 May 2010 10:21:40 +0000 (12:21 +0200)]
s3:Makefile: position independency is also needed for shared libs
(cherry picked from commit
6a9aa4c2b3bebe06de97524a5c5ca577aaa3d14c)
Björn Jacke [Sat, 22 May 2010 14:48:16 +0000 (16:48 +0200)]
s3:build: don't use pieflags twice - ldflags already have them
(cherry picked from commit
60ad93f074d83a65df080b85e43ea61722340a1c)