summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* WHATSNEW: Update release date.samba-3.4.9Karolin Seeger2010-09-091-1/+1
| | | | Karolin
* WHATSNEW: Fix typo.Karolin Seeger2010-09-091-2/+2
| | | | Karolin
* WHATSNEW: Prepare release notes for Samba 3.4.9.Karolin Seeger2010-09-091-6/+20
| | | | Karolin
* Fix bug #7669.Jeremy Allison2010-09-096-5/+31
| | | | | | | | | | | | | | | | | | | | | | | | Fix bug #7669 (buffer overflow in sid_parse() in Samba3 and dom_sid_parse in Samba4). CVE-2010-3069: =========== Description =========== All current released versions of Samba are vulnerable to a buffer overrun vulnerability. The sid_parse() function (and related dom_sid_parse() function in the source4 code) do not correctly check their input lengths when reading a binary representation of a Windows SID (Security ID). This allows a malicious client to send a sid that can overflow the stack variable that is being used to store the SID in the Samba smbd server. A connection to a file share is needed to exploit this vulnerability, either authenticated or unauthenticated (guest connection).
* WHATSNEW: Start release notes for Samba 3.4.9.Karolin Seeger2010-05-111-2/+43
| | | | | Karolin (cherry picked from commit 1d441b897b3aa2e8c55001b57fd50622a36c266e)
* VERSION: Bump version up to 3.4.9.Karolin Seeger2010-05-111-1/+1
| | | | | Karolin (cherry picked from commit de8118220224160f9f6a05112aa578500b11d1d5)
* WHATSNEW: Update changes since 3.4.7.samba-3.4.8Karolin Seeger2010-05-101-1/+77
| | | | | Karolin (cherry picked from commit d95ce71d5f450283b0fed52dd10c3995f682a690)
* s3:winbind: Fix bug 5626Volker Lendecke2010-05-063-29/+23
| | | | | Apparently the AIX compiler can't deal with sizeless array declarations (cherry picked from commit 5444adaf59bc6b9bd8f339de21ab66da9e684073)
* s3:winbindd: make sure we don't try rpc requests against unaccessable domainsStefan Metzmacher2010-05-061-5/+28
| | | | | | | | | | | | This makes sure we don't crash while trying to dereference domain->conn.cli->foo while trying to establish a rpc connection to the server. This fixes bug #7316. metze (cherry picked from commit d930904b997d310aeff781bde1e7e3ce47dde8a1) (cherry picked from commit 01b60b113869f526dcf3bb478d70df21dbb207c8) (cherry picked from commit edb02e57a3ef83a16bdbd158da4c1290d4ab8240)
* s3:winbindd: never mark external domains as internal!Stefan Metzmacher2010-05-061-4/+1
| | | | | | | | | | | This way we can endup with silently using builtin_passdb_methods for an ad domain without an inbound trust. This fixes bug #7170. metze (cherry picked from commit f924b7749280b31ece19885de1c3ad1bd71942ac) (cherry picked from commit 1ea768baa9bb38533d4bd273d6c4e7b1f5fd12bd)
* Fix one of the valgrind warnings from bug #6814 - Fixes for problems ↵Roel van Meer2010-05-062-0/+17
| | | | | | | | reported by valgrind The timeval passed to event_add_to_select_args() must be initialized as event_add_to_select_args() uses a timeval_min() on this and next_event. (cherry picked from commit a0254fa053cbaa8689de4f13893c50014085f7c8)
* s3-spoolss: fix fstrings in convert_devicemode() function.Günther Deschner2010-05-061-2/+5
| | | | | | | | Guenther (cherry picked from commit 753b9c6d566fafee9724a84fbd91316767c1c7a2) Fix bug #7176 (incorrect format of device mode strings). (cherry picked from commit 19623b2cd90cb2e5b028e2154bc3abea49ddcbe9)
* s3: Fix bug 5198 -- parse chfn(1)-change gecos fieldVolker Lendecke2010-05-061-1/+34
| | | | | | (cherry picked from commit 2ea2d2a81e0666f478c5daf1469c8447a3096e8e) (cherry picked from commit 52a3ebc3a4ec54a427e54fa331251fd495c3c6aa) (cherry picked from commit 4178dc4ed4b160a8f9ec08b1c729deae47b8368a)
* mount.cifs: directly include sys/stat.h in mtab.cJeff Layton2010-05-061-0/+1
| | | | | | | | | This file is mysteriously getting included when built via the makefile, but when you try to build mtab.o by hand it fails to build. Directly include it to remove any ambiguity. Signed-off-by: Jeff Layton <jlayton@redhat.com> (cherry picked from commit fa722e20c9f5712571f9009afed8c4e44ac11cdc)
* mount.cifs: check for invalid characters in device name and mountpointJeff Layton2010-05-061-0/+34
| | | | | | | | | | | | | It's apparently possible to corrupt the mtab if you pass embedded newlines to addmntent. Apparently tabs are also a problem with certain earlier glibc versions. Backslashes are also a minor issue apparently, but we can't reasonably filter those. Make sure that neither the devname or mountpoint contain any problematic characters before allowing the mount to proceed. Signed-off-by: Jeff Layton <jlayton@redhat.com> (cherry picked from commit 5532a5d5cf7cec0bb758a80e9ee74b5807088661)
* mount.cifs: take extra care that mountpoint isn't changed during mountJeff Layton2010-05-061-8/+26
| | | | | | | | | | | | | It's possible to trick mount.cifs into mounting onto the wrong directory by replacing the mountpoint with a symlink to a directory. mount.cifs attempts to check the validity of the mountpoint, but there's still a possible race between those checks and the mount(2) syscall. To guard against this, chdir to the mountpoint very early, and only deal with it as "." from then on out. Signed-off-by: Jeff Layton <jlayton@redhat.com> (cherry picked from commit c4a342cec1ced80128f82758c7a2192b23f4017a)
* mount.cifs: don't allow it to be run as setuid root programJeff Layton2010-05-061-1/+38
| | | | | | | | | | | | | | | | | | | | | mount.cifs has been the subject of several "security" fire drills due to distributions installing it as a setuid root program. This program has not been properly audited for security and the Samba team highly recommends that it not be installed as a setuid root program at this time. To make that abundantly clear, this patch forcibly disables the ability for mount.cifs to run as a setuid root program. People are welcome to trivially patch this out, but they do so at their own peril. A security audit and redesign of this program is in progress and we hope that we'll be able to remove this in the near future. Signed-off-by: Jeff Layton <jlayton@redhat.com> The last 5 patches address bug #6853 (mount.cifs race that allows user to replace mountpoint with a symlink). (cherry picked from commit f94a377fb58f7b104aa633236f3391c9af6a7b12)
* mount.cifs: properly check for mount being in fstab when running setuid root ↵Jeff Layton2010-05-061-40/+162
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (try#3) This is the third attempt to clean up the checks when a setuid mount.cifs is run by an unprivileged user. The main difference in this patch from the last one is that it fixes a bug where the mount might have failed if unnecessarily if CIFS_LEGACY_SETUID_CHECK was set. When mount.cifs is installed setuid root and run as an unprivileged user, it does some checks to limit how the mount is used. It checks that the mountpoint is owned by the user doing the mount. These checks however do not match those that /bin/mount does when it is called by an unprivileged user. When /bin/mount is called by an unprivileged user to do a mount, it checks that the mount in question is in /etc/fstab, that it has the "user" option set, etc. This means that it's currently not possible to set up user mounts the standard way (by the admin, in /etc/fstab) and simultaneously protect from an unprivileged user calling mount.cifs directly to mount a share on any directory that that user owns. Fix this by making the checks in mount.cifs match those of /bin/mount itself. This is a necessary step to make mount.cifs safe to be installed as a setuid binary, but not sufficient. For that, we'd need to give mount.cifs a proper security audit. Since some users may be depending on the legacy behavior, this patch also adds the ability to build mount.cifs with the older behavior. Signed-off-by: Jeff Layton <jlayton@redhat.com> (cherry picked from commit 396eb03109400fe603c57a0a0d4bdc37c7131cf5)
* s3-spoolss: fix rpcclient after setprinter IDL fixes.Günther Deschner2010-05-061-2/+2
| | | | | | Guenther (cherry picked from commit 31cf2b086a9275955b0480b4b9035dc12671761d) (cherry picked from commit 99b9698c5e3be282f4300143032deacc493b93e0)
* spoolss: more mork on SetPrinterInfo() levels.Günther Deschner2010-05-064-82/+98
| | | | | | Guenther (cherry picked from commit be95cb6f8357334af08d1502910a429328b85bc5) (cherry picked from commit f9da274b53197968417843340d586931728cf3a9)
* s3-rpcclient: Fix Bug #7277. rpcclient was sending invalid data, causing ↵Günther Deschner2010-05-061-4/+23
| | | | | | | | cupsaddsmb to fail. Guenther (cherry picked from commit 9cc10e6a5742f09261f01a2c0b3a94b7b772e573) (cherry picked from commit 068df077bfccf1899772e1f65f3c0ede1a9a09d2)
* s3-net_conf: Display an error on net conf import failures.Jim McDonough2010-05-061-0/+3
| | | | | | | | | When something goes wrong, such as a typo in a parameter name, we'll now display the failure instead of just returning with -1 and no message. Fix bug #7378 ("net conf import" fails silently on parameter typo). (cherry picked from commit d983085cee01fcf6e6176d395400075e6d5df937)
* s3-libsmbclient: Fix incomplete description of function return values in ↵Derrell Lipman2010-05-061-8/+14
| | | | | | | | libsmbclient.h. Fix bug #7345. (cherry picked from commit ce565b0498608714e2c4f7c9f9373dddcbfba568) (cherry picked from commit 8dd1f920fb74d62a8f841a81f38feb0b0d689cc8)
* s3-docs: Improve "winbind nss info" section in man smb.conf.Karolin Seeger2010-05-061-10/+8
| | | | | | | Karolin (cherry picked from commit 20fc769179377bf037f4d5efe1afbaf77d4c9292) (cherry picked from commit fb1b0901ec93afe998145bb7a7549bbdb13c712c) (cherry picked from commit d73fa06540ba1b08815a7b15ce7ef3b14cf668cf)
* Fix bug #7288 - SMB job IDs in CUPS job names wrong.Jeremy Allison2010-05-064-22/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | Based on a patch from Michael Karcher <samba@mkarcher.dialup.fu-berlin.de>. I think this is the correct fix. It causes cups_job_submit to use print_parse_jobid(), which I've moved into printing/lpq_parse.c (to allow the link to work). It turns out the old print_parse_jobid() was *broken*, in that the pjob filename was set as an absolute path - not relative to the sharename (due to it not going through the VFS calls). This meant that the original code doing a strncmp on the first part of the filename would always fail - it starts with a "/", not the relative pathname of PRINT_SPOOL_PREFIX ("smbprn."). This fix could fix some other mysterious printing bugs - probably the ones Guenther noticed where job control fails on non-cups backends. Contains c79ca41baf15b4ef7eb287d343b17a53ba41e852 and 92332fb2368c641db1552d1f2a2f7b3deaa11519 from master. Jeremy. (cherry picked from commit 12936bfeb36ae867b52fe48d0f6d3d17d5c8b110) (cherry picked from commit 302e9b1c027ff3bddbdeb16f97aa6159311e439d)
* libwbclient: Re-Fix a bug that was fixed with e5741e27c4cVolker Lendecke2010-05-064-26/+53
| | | | | | | | | | | | | | | | | | > r21878: Fix a bug with smbd serving a windows terminal server: If winbind > decides smbd to be idle it might happen that smbd needs to do a winbind > operation (for example sid2name) as non-root. This then fails to get the > privileged pipe. When later on on the same connection another authentication > request comes in, we try to do the CRAP auth via the non-privileged pipe. > > This adds a winbindd_priv_request_response() request that kills the existing > winbind pipe connection if it's not privileged. The fix for this was lost during the conversion to libwbclient. Thanks to Ira Cooper <samba@ira.wakeful.net> for pointing this out! Volker (cherry picked from commit 3dab33103f4eddabdb908498200d888dfa6ae5a9)
* s3:winbindd: make "smbcontrol winbindd validate-cache" reliable againStefan Metzmacher2010-05-061-0/+3
| | | | | | | | | | commit 73577205cf81644e7fe853eaf3e6459f7f443096 (s3:winbindd: fix problems with SIGCHLD handling (bug #7317)) broke this. metze (cherry picked from commit eb9b7d0363669574de8ec380089407890f15eac2) (cherry picked from commit 7f8741da4e713f657e876f66c3f31455aea8a729)
* s3:winbindd: remove unused variablesStefan Metzmacher2010-05-061-2/+0
| | | | | | | metze (cherry picked from commit e18ddb6036f5e0a2211e89a7c9b5514c30a653cf) (cherry picked from commit c64c867c307d32b8ec17d6e079395e0e9b604f00) (cherry picked from commit 18f8b48a1143f7b39572de63362b6c30b81709cb)
* s3:winbindd: fix problems with SIGCHLD handling (bug #7317)Stefan Metzmacher2010-05-063-17/+6
| | | | | | | | | | | | | | | | | | | | | | | | The main problem is that we call CatchChild() within the parent winbindd, which overwrites the signal handler that was registered by winbindd_setup_sig_chld_handler(). That means winbindd_sig_chld_handler() and winbind_child_died() are never triggered when a winbindd domain child dies. As a result will get "broken pipe" for all requests to that domain. To reduce the risk of similar bugs in future we call CatchChild() in winbindd_reinit_after_fork() now. We also use a full winbindd_reinit_after_fork() in the cache validation child now instead instead of just resetting the SIGCHLD handler by hand. This will also fix possible tdb problems on systems without pread/pwrite and disabled mmap as we now correctly reopen the tdb handle for the child. metze (cherry picked from commit 73577205cf81644e7fe853eaf3e6459f7f443096) (cherry picked from commit e0ece652956292cc67383535a0fa174b5015d91e) (cherry picked from commit 26bdc249310b71dc45e087347e456c9f5b0f4f9b)
* s3:winbindd: correctly retry if the netlogon pipe gets disconnected during a ↵Stefan Metzmacher2010-05-061-2/+2
| | | | | | | | | | | | | logon call This fixes hopefully the last part of bug #7295. metze (cherry picked from commit 4c6cde99c0751a073120d8bc36d40922d8027344) (cherry picked from commit 482518fcafb18bda1f084ebf1906a2ad02436b80) Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 6d24f28f52fb0e21943a1639c426cf7f825d15e7)
* s3:winbindd_reconnect: don't only reconnect on NT_STATUS_UNSUCCESSFULStefan Metzmacher2010-05-061-14/+59
| | | | | | | | | metze (cherry picked from commit 6bd5a2a3739938f95fce23ab2da652c9b5a48111) (cherry picked from commit 169628fcb656ba5987a99bd50c7f588b731eae51) Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 30c048c124ece9648e0ec00991780b57af90201e)
* s3:winbindd_cm: invalidate connection if cm_connect_netlogon() failsStefan Metzmacher2010-05-061-2/+2
| | | | | | | | | metze (cherry picked from commit 94a4bcd2f0c0464e192556679c6636639cb307ea) (cherry picked from commit c046ae8428fb62ff2749689e7c738f1a2e8f8251) Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 61a353807ccefef98fa83e5abcebfe879cdf4337)
* s3:winbindd: consistently use TALLOC_FREE(conn->foo_pipe) is we create a new ↵Stefan Metzmacher2010-05-061-0/+5
| | | | | | | | | | | connection metze (cherry picked from commit 4f391fedac7111683d13f2d79fee7c0dbc27f86e) (cherry picked from commit c462e54142c00fdd81c2847d16a75119b1cc89fc) Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 4ef6370eaaa307ccfd74012a4b9397312ff747eb)
* s3:winbindd_cm: use rpccli_is_connected() helper functionStefan Metzmacher2010-05-061-4/+5
| | | | | | | | | metze (cherry picked from commit d980c06a994d032a833adc8d56d2f2c037f8fdaf) (cherry picked from commit aa7d54ed04585a183a88363406ed7f3244b24d85) Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit ff9277fb804e7d99a7e80d67c70b962b6199a4e3)
* s3:winbindd_cm: use cli_state_is_connected() helper functionStefan Metzmacher2010-05-061-14/+4
| | | | | | | | | metze (cherry picked from commit 408a3eb35a0e61b5d66a3b48ebbd1a6796672d0f) (cherry picked from commit 00a93190d2cae31cd2213b810ea348c055670399) Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 21afa222ab9502ecb33decd16fe540d6d855ff13)
* s3:rpc_client: return at least 10 sec as old timeout in rpccli_set_timeout() ↵Stefan Metzmacher2010-05-061-3/+12
| | | | | | | | | | | instead of 0 metze (cherry picked from commit 3e70da3f470eeb122f95477fb48d89939f501b3e) (cherry picked from commit 60861fba533027b6c9a0ff704b95dcf631ea3ca3) Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 5ae76f3beac43e7064b0304df24be84642882372)
* s3:rpc_client: add set_timeout hook to rpc_cli_transportStefan Metzmacher2010-05-065-3/+65
| | | | | | | | | metze (cherry picked from commit 99664ad15460530b6fb44957b6c57823f09884bf) (cherry picked from commit 89164eb8363ffc0b951256578be48d37ddba46b1) Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit b462bc1724b3bdf9052566e683f9748ea6730169)
* s3:rpc_client: add rpccli_is_connected()Stefan Metzmacher2010-05-066-18/+193
| | | | | | | | | metze (cherry picked from commit 4f41b53487ac9bc96c7960e8edab464558656373) (similar to commit 958b49323968740e2cbf69dc2a0a5dd57d5bcf87) Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit a8a1a6c77a2148a729f6b285f3f945ffd5501256)
* s3:rpc_client: don't mix layers and keep a reference to cli_state in the callerStefan Metzmacher2010-05-061-8/+17
| | | | | | | | | | | | | We should not rely on the backend to have a reference to the cli_state. This will make it possible for the backend to set its cli_state reference to NULL, when the transport is dead. metze (cherry picked from commit dc09b12681ea0e6d4c2b0f1c99dfeb1f23019c65) (cherry picked from commit 1e2e47da82aeb249dce431541738a62cb139aebb) Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 582b1cdeb6c0b2145b55930421e8d48ad4754d04)
* s3:rpc_transport_np: use cli_state_is_connected() helperStefan Metzmacher2010-05-061-1/+1
| | | | | | | | | metze (cherry picked from commit b862351da8624df893ec77e020a456c1d23c58ed) (cherry picked from commit 8c2f4426ce178ac33748cfba01532ec2fd205710) Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 3ea35cd6bb61806ed502e4cd3f386c35a6f58156)
* s3:libsmb: add cli_state_is_connected() functionStefan Metzmacher2010-05-062-0/+19
| | | | | | | | | metze (cherry picked from commit d7bf30ef92031ffddcde3680b38e602510bcae24) (cherry picked from commit 589f73924273e8a9b54669f42a92381661dcb33f) Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 5a4bdb706b97857da67c791b81039b4bc4031c76)
* s3:libsmb: don't let cli_shutdown() segfault with a NULL cli_stateStefan Metzmacher2010-05-061-0/+4
| | | | | | | | | metze (similar to commit 47e10ab9a85960c78af807b66b99bcd139713644) (cherry picked from commit 957c0d4a5ee67ac70e576155a0f2f6f84cdb1596) Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit e6d5238c8403e848a43e6c7a2d3ca6422e8becd4)
* s3:rpc_transport_np: handle trans rdata like the output of a normal readStefan Metzmacher2010-05-061-0/+17
| | | | | | | | | | | Inspired by bug #7159. metze (cherry picked from commit 911287285cc4c8485b75edfad3c1ece901a69b0b) (cherry picked from commit e2739a2bf37e654c37cbea6e510f63a7ce4adfea) Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 2ce1bcd4e4430f311decb73b659c9b615d5bb4e9)
* s3: Fix infinite loop in NCACN_IP_TCP asa there is no timeout. Assume ↵Stefan Metzmacher2010-05-061-0/+16
| | | | | | | | | | lsa_pipe_tcp is ok but network is down, then send request is ok, but select() on writeable fds loops forever since there is no response. Signed-off-by: Bo Yang <boyang@samba.org> (cherry picked from commit 36493bf2f6634b84c57107bcb86bcbf3e82e80fc) (similar to commit b58b359881c91ec382cfa1d6ba3007b8354b29cb) Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 6166e1809516e6ab5911b56b20a4128b088828cf)
* Fix broken pipe handlingStefan Metzmacher2010-05-061-2/+2
| | | | | | | | | | | | Metze is right: If we have *any* error at the socket level, we just can not continue. Also, apply some defensive programming: With this async stuff someone else might already have closed the socket. (cherry picked from commit f140bf2e6578e45b8603d4a6c5feef9a3b735804) Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 67b51cc9e773fcbbc2b942a1de256e2c5b695008)
* s3:rpc_client: close the socket when pipe is brokenStefan Metzmacher2010-05-061-1/+24
| | | | | | | Signed-off-by: Bo Yang <boyang@samba.org> (similar to commit aa70e44cd0576e5280e24cf35000369a47dd958f) Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 407b9577febff6dfbe29106d783d64c41d6fe4e4)
* s3: fix crash in winbindd (similar to commit ↵Stefan Metzmacher2010-05-062-2/+15
| | | | | | | f8cc0e88fbbb082ead023e0cb437b1e12cf35459) Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit be9a46c9cae2d05a7eb54e871e05480bd8caa609)
* s3-docs: Fix typo in man idmap_ad.Karolin Seeger2010-05-061-1/+1
| | | | | | | Karolin (cherry picked from commit 6389fac6db2f54d148222009b5e209cef5c6bdd7) (cherry picked from commit 39dbf73a6fb4ad45eac259124b70042994d4f215) (cherry picked from commit 1038d91f3c6d2be0a594226059c5379d3e2ffe58)
* s3:lib/time: remove TIME_T_MIN/MAX definesBjörn Jacke2010-05-061-8/+0
| | | | | | | | we already get them from lib/util/time.h (cherry picked from commit f5729dbb6e720cb6076ea053f1ad0680259e6b39) The last two patches address bug #7352 (TIME_T_MAX defines inconsistent). (cherry picked from commit be86206167acb55bee2722c48a5ea09535cf2b99)
* lib/util: move TIME_T_MIN/MAX defines into header file (cherry picked from ↵Björn Jacke2010-05-062-14/+14
| | | | | | commit 571ee54b791b93ad46e09ed563ef4a5582dcf0c8) (cherry picked from commit 32b0c2c2c1d0e8f69de264f2c3c3b1d473f9ec4f)
View Lorry Controller Status