summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* CVE-2016-0771: tests/dns: prepare script for further testingGarming Sam2016-02-241-0/+5
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2016-0771: tests/dns: Modify dns tests to match new IDLGarming Sam2016-02-241-17/+20
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2016-0771: dns.idl: make use of dnsp_hinfoStefan Metzmacher2016-02-241-8/+1
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2016-0771: s4:dns_server: fix idl for dns_txt_recordStefan Metzmacher2016-02-245-39/+43
| | | | | | | | | | | | | | | | | | | | | | | | | | From RFC 1035: 3.3.14. TXT RDATA format +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ / TXT-DATA / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ where: TXT-DATA One or more <character-string>s. TXT RRs are used to hold descriptive text. The semantics of the text depends on the domain where it is found. Each record contains an array of strings instead of just one string. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2016-0771: librpc: add ndr_dnsp_string_list_copy() helper functionStefan Metzmacher2016-02-242-0/+28
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2016-0771: librpc: add RPC_NDR_DNSSERVER to dcerpc-samba libraryStefan Metzmacher2016-02-241-14/+4
| | | | | | | | | | | | RPC_NDR_DNSSERVER is the client interface NDR_DNSP contains just marshalling helpers. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2016-0771: s4:librpc: python_dns and python_dcerpc_dnsp doesn't require ↵Stefan Metzmacher2016-02-243-5/+5
| | | | | | | | | | | client bindings BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2015-7560: s3: torture3: Add new POSIX-SYMLINK-EA test.Jeremy Allison2016-02-243-1/+180
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* CVE-2015-7560: s3: torture3: Add new POSIX-SYMLINK-ACL test.Jeremy Allison2016-02-243-1/+200
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* CVE-2015-7560: s3: libsmb: Add SMB1-only POSIX cli_posix_setacl() functions. ↵Jeremy Allison2016-02-242-0/+111
| | | | | | | | | Needed for tests. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* CVE-2015-7560: s3: libsmb: Rename cli_posix_getfaclXX() functions to ↵Jeremy Allison2016-02-243-19/+19
| | | | | | | | | cli_posix_getacl() as they operate on pathnames. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* CVE-2015-7560: s3: smbd: Refuse to set EA's on a symlink.Jeremy Allison2016-02-241-0/+5
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* CVE-2015-7560: s3: smbd: Silently return no EA's available on a symlink.Jeremy Allison2016-02-241-0/+9
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* CVE-2015-7560: s3: smbd: Set return values early, allows removal of code ↵Jeremy Allison2016-02-241-8/+5
| | | | | | | | | duplication. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* CVE-2015-7560: s3: smbd: Refuse to get a POSIX ACL on a symlink.Jeremy Allison2016-02-241-0/+7
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* CVE-2015-7560: s3: smbd: Refuse to set a POSIX ACL on a symlink.Jeremy Allison2016-02-241-0/+6
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* CVE-2015-7560: s3: smbd: Refuse to set an ACL from a POSIX file handle on a ↵Jeremy Allison2016-02-241-0/+6
| | | | | | | | | symlink. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* CVE-2015-7560: s3: smbd: Refuse to get an ACL from a POSIX file handle on a ↵Jeremy Allison2016-02-241-0/+7
| | | | | | | | | symlink. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* CVE-2015-7560: s3: smbd: Add refuse_symlink() function that can be used to ↵Jeremy Allison2016-02-241-0/+28
| | | | | | | | | prevent operations on a symlink. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* VERSION: Bump version up to 4.1.23...Karolin Seeger2016-02-241-2/+2
| | | | | | | and re-enable git snapshots. Signed-off-by: Karolin Seeger <kseeger@samba.org> (cherry picked from commit 08cff9ca228a3d7714768eb5727201895cd1dd41)
* VERSION: Disable git snapshots for the 4.1.22 release.samba-4.1.22Karolin Seeger2015-12-101-1/+1
| | | | Signed-off-by: Karolin Seeger <kseeger@samba.org>
* WHATSNEW: Add release notes for Samba 4.1.22.Karolin Seeger2015-12-101-3/+159
| | | | | | | | This is a security to address CVE-2015-7540, CVE-2015-3223, CVE-2015-5252, CVE-2015-5299, CVE-2015-5296, CVE-2015-8467, CVE-2015-5330. Signed-off-by: Karolin Seeger <kseeger@samba.org>
* CVE-2015-8467: samdb: Match MS15-096 behaviour for userAccountControlAndrew Bartlett2015-12-101-2/+22
| | | | | | | | | | Swapping between account types is now restricted Bug: https://bugzilla.samba.org/show_bug.cgi?id=11552 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* CVE-2015-5296: libcli/smb: make sure we require signing when we demand ↵Stefan Metzmacher2015-12-101-0/+11
| | | | | | | | | encryption on a session BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* CVE-2015-5296: s3:libsmb: force signing when requiring encryption in ↵Stefan Metzmacher2015-12-101-3/+12
| | | | | | | | | SMBC_server_internal() BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* CVE-2015-5296: s3:libsmb: force signing when requiring encryption in ↵Stefan Metzmacher2015-12-101-1/+6
| | | | | | | | | do_connect() BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* CVE-2015-5299: s3-shadow-copy2: fix missing access check on snapdirJeremy Allison2015-12-101-0/+45
| | | | | | | | | Fix originally from <partha@exablox.com> https://bugzilla.samba.org/show_bug.cgi?id=11529 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* CVE-2015-5252: s3: smbd: Fix symlink verification (file access outside the ↵Jeremy Allison2015-12-101-3/+10
| | | | | | | | | | | share). Ensure matching component ends in '/' or '\0'. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11395 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* CVE-2015-7540: lib: util: Check *every* asn1 return call and early return.Jeremy Allison2015-12-101-61/+45
| | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=9187 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Sep 19 01:29:00 CEST 2014 on sn-devel-104 (cherry picked from commit b9d3fd4cc551df78a7b066ee8ce43bbaa3ff994a)
* CVE-2015-7540: s4: libcli: ldap message - Ensure all asn1_XX returns are ↵Jeremy Allison2015-12-103-395/+401
| | | | | | | | | | | | | | checked. BUG: https://bugzilla.samba.org/show_bug.cgi?id=9187 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ronnie Sahlberg <ronniesahlberg@gmail.com> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Sep 26 03:15:00 CEST 2014 on sn-devel-104 (cherry picked from commit 69a7e3cfdc8dbba9c8dcfdfae82d2894c7247e15)
* ldb: bump version of the required system ldb to 1.1.24Ralph Boehme2015-12-092-3/+4
| | | | | | | | | | | | | | | This is needed to ensure we build against a system ldb library that contains the fixes for CVE-2015-5330 and CVE-2015-3223. autobuild must still be able to build against the older version 1.1.17 including the patches. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11325 Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599 Bug: https://bugzilla.samba.org/show_bug.cgi?id=11636 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* CVE-2015-5330: ldb_dn_explode: copy strings by length, not terminatorsDouglas Bagnall2015-12-091-2/+7
| | | | | | | | | | | | | | | | | | That is, memdup(), not strdup(). The terminators might not be there. But, we have to make sure we put the terminator on, because we tend to assume the terminator is there in other places. Use talloc_set_name_const() on the resulting chunk so talloc_report() remains unchanged. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Pair-programmed-with: Andrew Bartlett <abartlet@samba.org> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Pair-programmed-with: Stefan Metzmacher <metze@samba.org> Pair-programmed-with: Ralph Boehme <slow@samba.org>
* CVE-2015-5330: next_codepoint_handle_ext: don't short-circuit UTF16 low bytesDouglas Bagnall2015-12-091-1/+4
| | | | | | | | | | | | UTF16 contains zero bytes when it is encoding ASCII (for example), so we can't assume the absense of the 0x80 bit means a one byte encoding. No current callers use UTF16. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Pair-programmed-with: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* CVE-2015-5330: strupper_talloc_n_handle(): properly count charactersDouglas Bagnall2015-12-091-1/+2
| | | | | | | | | | | When a codepoint eats more than one byte we really want to know, especially if the string is not NUL terminated. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Pair-programmed-with: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* CVE-2015-5330: Fix handling of unicode near string endingsDouglas Bagnall2015-12-094-14/+25
| | | | | | | | | | | | | | Until now next_codepoint_ext() and next_codepoint_handle_ext() were using strnlen(str, 5) to determine how much string they should try to decode. This ended up looking past the end of the string when it was not null terminated and the final character looked like a multi-byte encoding. The fix is to let the caller say how long the string can be. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Pair-programmed-with: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* CVE-2015-5330: ldb_dn_escape_value: use known string length, not strlen()Douglas Bagnall2015-12-091-4/+8
| | | | | | | | | | | | ldb_dn_escape_internal() reports the number of bytes it copied, so lets use that number, rather than using strlen() and hoping a zero got in the right place. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Pair-programmed-with: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* CVE-2015-5330: ldb_dn: simplify and fix ldb_dn_escape_internal()Douglas Bagnall2015-12-091-28/+18
| | | | | | | | | | | | | | Previously we relied on NUL terminated strings and jumped back and forth between copying escaped bytes and memcpy()ing un-escaped chunks. This simple version is easier to reason about and works with unterminated strings. It may also be faster as it avoids reading the string twice (first with strcspn, then with memcpy). Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Pair-programmed-with: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* CVE-2015-3223: lib: ldb: Use memmem binary search, not strstr text search.Jeremy Allison2015-12-091-4/+13
| | | | | | | | | Values might have embedded zeros. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11325 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* CVE-2015-3223: lib: ldb: Cope with canonicalise_fn returning string "", ↵Jeremy Allison2015-12-091-1/+15
| | | | | | | | | length 0. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11325 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* VERSION: Bump version up to 4.1.22...Karolin Seeger2015-10-131-2/+2
| | | | | | and re-enable git snapshots. Signed-off-by: Karolin Seeger <kseeger@samba.org>
* VERSION: Disable git snapshots for the 4.1.21 release.samba-4.1.21Karolin Seeger2015-10-131-1/+1
| | | | Signed-off-by: Karolin Seeger <kseeger@samba.org>
* WHATSNEW: Add release notes for Samba 4.1.21.Karolin Seeger2015-10-131-3/+43
| | | | Signed-off-by: Karolin Seeger <kseeger@samba.org>
* samr4: Use <SID=%s> in GetGroupsForUserVolker Lendecke2015-09-081-2/+8
| | | | | | | | | | | | | | | | This way we avoid quoting problems in user's DNs Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Sep 1 23:49:14 CEST 2015 on sn-devel-104 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11488 (cherry picked from commit 841845dea35089a187fd1626c9752d708989ac7b) Autobuild-User(v4-1-test): Stefan Metzmacher <metze@samba.org> Autobuild-Date(v4-1-test): Tue Sep 8 21:05:56 CEST 2015 on sn-devel-104
* VERSION: Bump version up to 4.1.21...Karolin Seeger2015-09-011-2/+2
| | | | | | and re-enable git snapshots. Signed-off-by: Karolin Seeger <kseeger@samba.org>
* VERSION: Disable git snapshots for the 4.1.20 release.samba-4.1.20Karolin Seeger2015-09-011-1/+1
| | | | Signed-off-by: Karolin Seeger <kseeger@samba.org>
* WHATSNEW: Add release notes for Samba 4.1.20.Karolin Seeger2015-09-011-3/+89
| | | | Signed-off-by: Karolin Seeger <kseeger@samba.org>
* s3: winbindd: Fix TALLOC_FREE of uninitialized groups variable.Jeremy Allison2015-08-311-1/+1
| | | | | | | | | | | | | Fix created by by: wei zhong <wweyeww@gmail.com> Only for 4.2.x and below, master code already fixed. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10823 Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User(v4-1-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-1-test): Mon Aug 31 23:35:54 CEST 2015 on sn-devel-104
* s3-util: Compare the maximum allowed length of a NetBIOS nameRoel van Meer2015-08-311-1/+1
| | | | | | | | | | | | | | This fixes a problem where is_myname() returns true if one of our names is a substring of the specified name. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11427 Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 4e178ed498c594ffcd5592d0b792d47b064b9586) Autobuild-User(v4-1-test): Stefan Metzmacher <metze@samba.org> Autobuild-Date(v4-1-test): Mon Aug 31 14:39:49 CEST 2015 on sn-devel-104
* s3-net: use talloc array in share allowedusersRalph Boehme2015-08-171-4/+20
| | | | | | | | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=11426 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Tue Aug 4 16:48:36 CEST 2015 on sn-devel-104 (cherry picked from commit 95eb6db580678a29b1f5f30a9567ea449a43d75a) Autobuild-User(v4-1-test): Stefan Metzmacher <metze@samba.org> Autobuild-Date(v4-1-test): Mon Aug 17 20:01:19 CEST 2015 on sn-devel-104
* s3-passdb: Respect LOOKUP_NAME_GROUP flag in sid lookup.Justin Maggard2015-08-032-3/+3
| | | | | | | | | | | | | | | | | | | | | | | Somewhere along the line, a config line like "valid users = @foo" broke when "foo" also exists as a user. user_ok_token() already does the right thing by adding the LOOKUP_NAME_GROUP flag; but lookup_name() was not respecting that flag, and went ahead and looked for users anyway. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11320 Signed-off-by: Justin Maggard <jmaggard@netgear.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Marc Muehlfeld <mmuehlfeld@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Jul 28 21:35:58 CEST 2015 on sn-devel-104 (cherry picked from commit dc99d451bf23668d73878847219682fced547622) Autobuild-User(v4-1-test): Stefan Metzmacher <metze@samba.org> Autobuild-Date(v4-1-test): Mon Aug 3 20:03:05 CEST 2015 on sn-devel-104
View Lorry Controller Status