summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Fix for CVE-2009-2906.samba-3.0.37v3-0-stableJeremy Allison2009-09-302-4/+17
| | | | | | | | Summary: Specially crafted SMB requests on authenticated SMB connections can send smbd into a 100% CPU loop, causing a DoS on the Samba server.
* WHATSNEW: Update release notes.Karolin Seeger2009-09-301-2/+24
| | | | Karolin
* Fix for CVE-2009-2813.Karolin Seeger2009-09-282-2/+16
| | | | | | | | | | | | | | | =========================================================== == Subject: Misconfigured /etc/passwd file may share folders unexpectedly == == CVE ID#: CVE-2009-2813 == == Versions: All versions of Samba later than 3.0.11 == == Summary: If a user in /etc/passwd is misconfigured to have == an empty home directory then connecting to the home == share of this user will use the root of the filesystem == as the home directory. ===========================================================
* mount.cifs: don't leak passwords with verbose optionJeff Layton2009-09-281-20/+34
| | | | | | | | | | | | | | | | | | | | | | When running mount.cifs with the --verbose option, it'll print out the option string that it passes to the kernel...including the mount password if there is one. Print a placeholder string instead to help ensure that this info can't be used for nefarious purposes. Also, the --verbose option printed the option string before it was completely assembled anyway. This patch should also make sure that the complete option string is printed out. Finally, strndup passwords passed in on the command line to ensure that they aren't shown by --verbose as well. Passwords used this way can never be truly kept private from other users on the machine of course, but it's simple enough to do it this way for completeness sake. Reported-by: Ronald Volgers <r.c.volgers@student.utwente.nl> Signed-off-by: Jeff Layton <jlayton@redhat.com> Acked-by: Steve French <sfrench@us.ibm.com> Part 2/2 of a fix for CVE-2009-2948.
* mount.cifs: check access of credential files before openingJeff Layton2009-09-281-0/+11
| | | | | | | | | | | | | | | It's possible for an unprivileged user to pass a setuid mount.cifs a credential or password file to which he does not have access. This can cause mount.cifs to open the file on his behalf and possibly leak the info in the first few lines of the file. Check the access permissions of the file before opening it. Reported-by: Ronald Volgers <r.c.volgers@student.utwente.nl> Signed-off-by: Jeff Layton <jlayton@redhat.com> Acked-by: Steve French <sfrench@us.ibm.com> Part 1/2 of a fix for CVE-2009-2948.
* WHATSNEW: Prepare release notes for Samba 3.0.37.Karolin Seeger2009-09-281-2/+42
| | | | Karolin
* Raise version number up to 3.0.37.Karolin Seeger2009-09-241-1/+1
| | | | Karolin
* Makefile.in: Fix installation of cifs.upcall.samba-3.0.36Karolin Seeger2009-08-041-3/+3
| | | | | | | INSTALLPERMS_BIN does not exist. Karolin (cherry picked from commit 3bcbe4a70ee07c688c3b6a286aeeacc634659545)
* WHATSNEW: Start WHATSNEW for 3.0.36.Karolin Seeger2009-07-301-3/+106
| | | | | Karolin (cherry picked from commit 0fd1c6370f8d163edd9d3a99f00e2a6e5e322ba9)
* VERSION: Raise version number up to 3.0.36.Karolin Seeger2009-07-301-1/+1
| | | | | Karolin (cherry picked from commit d6c81c70c45348c86433dd64297e1a659535c155)
* Workaround for KB932762Volker Lendecke2009-07-301-1/+3
| | | | (cherry picked from commit a15c816ba5fd4dcedd68beb1fcb0540de325c1cb)
* s3/docs: Correct version number.Karolin Seeger2009-07-301-1/+1
| | | | | Karolin (cherry picked from commit ccded3263ad1135cc707e24cc78d0fd95e2e88d3)
* s3/docs: Fix typo.Karolin Seeger2009-07-301-1/+3
| | | | | | | | Karolin (cherry picked from commit c2eb0d87a2436614741119ebd14fda05b42a2ddd) (cherry picked from commit 98c238a54dbe3e64262252a9fb38b382c53c1bcf) (cherry picked from commit b118a70a9fc96e8ae5e51ebc8abc9076b07fdf27) (cherry picked from commit 4d569a5bcdf7549daa5f8be7a7006c296f8a35ea)
* s3/docs: Fix typos.Karolin Seeger2009-07-301-4/+5
| | | | | | | | | | | That fixes bug #4247. Thanks to David McNeill <davemc [at] mcpond.co.nz> for reporting! Karolin (cherry picked from commit eaf949947c2eb03363c4b6f588f87b70110d6ff7) (cherry picked from commit cea79d1fbf44b0d5bff5aa12962fb3d3cb61c367) (cherry picked from commit 226620d0ed221da983b4f662fcef14906588f1bd) (cherry picked from commit e0eb78298e63c8dafbee9dea27a4e5f2150a4807)
* s3/docs: Fix typo.Karolin Seeger2009-07-301-1/+1
| | | | | | | | | | | | This fixes bug #4245. Thanks to David McNeill <davemc [at] mcpond.co.nz> for reporting! Karolin (cherry picked from commit 579c91581f5b6d5341a12923fe6cde377223caff) (cherry picked from commit 49caab4044e47236594c6688f202aed555b9da61) (cherry picked from commit 139f95c85f96e7ccba024283608f9ee5990f6676) (cherry picked from commit 148aa12c89df78718addd7b72c79a8005e680509) (cherry picked from commit c36d3dae4740529427ea5ee5b77ad687de371d9c)
* s3/docs: Fix serveral typos.Karolin Seeger2009-07-301-5/+5
| | | | | | | | | | | | This fixes bug #4315. Thanks to Felipe Augusto van de Wiel <faw [at] cathedrallabs [dot] org>! Karolin (cherry picked from commit 3422b9c546cdd262bd747e1e737c2b6479b4d21e) (cherry picked from commit 3da62734fffa99cde1084beeb69e94a7bc623dde) (cherry picked from commit b487a48c876fcaf88ec3fb4b05bacdd9b0bd8cd0) (cherry picked from commit ccea7f24879265291615802982b67451ddb818ad) (cherry picked from commit 3ba226109c01ee7f96be1592874aff4b930e2793)
* Add comment explaining the previous fix. (and fix the previous patch :-).Jeremy Allison2009-07-301-1/+8
| | | | | | By-hand merge error :-). Jeremy. (cherry picked from commit 869b56a24a1408ea798682b45f9c297341f88ad5)
* Fix bug #6279 - winbindd crash. Cope with LDAP libraries returning ↵Jeremy Allison2009-07-301-0/+4
| | | | | | | LDAP_SUCCESS but not returning a result. Jeremy (cherry picked from commit 448d6cd32c793d04c3c509200bfaa75f466a0ee5)
* s3-examples: Fix Bug #6205. Correct sample smb.conf share configuration.Günther Deschner2009-07-301-1/+1
| | | | | | | | Thanks to Jeffrey Riaboy <dakusan@castledragmire.com>. Guenther (cherry picked from commit 2b1fe2c98f4e0013dee4cbae62dc36cdd4085c7d) (cherry picked from commit cb29ca98bb1c166ecd806e82c9d13865ae502a65)
* prevent segmentation fault on joining a very long domain name in samba-3.0.32Bhaskar Jain (bhajain)2009-07-301-1/+1
| | | | | | For a detailed explanation, see http://lists.samba.org/archive/samba-technical/2009-March/063626.html (cherry picked from commit a92280537071b5a9a9bc56fbeead14c6874d5a55)
* Get the sense of the integer wrap test the right way around. Sorry.Jeremy Allison2009-07-301-1/+1
| | | | | Jeremy. (cherry picked from commit bdf46ea491801cdf8ff6f42c0a1ef51080cfc410)
* Now we're allowing a lower bound for auth_len, ensure weJeremy Allison2009-07-301-1/+5
| | | | | | also check for an upper one (integer wrap). Jeremy. (cherry picked from commit f03bacbf695f877d27186a39755ae726a22a61c8)
* Complete the fix for bug 6100Volker Lendecke2009-07-301-1/+1
| | | | | | | | | | | | | | | | | | | According to [MS-RPCE].pdf, section 2.2.2.11: ---- A client or a server that (during composing of a PDU) has allocated more space for the authentication token than the security provider fills in SHOULD fill in the rest of the allocated space with zero octets. These zero octets are still considered to belong to the authentication token part of the PDU.<36> ---- RPC implementations are allowed to send padding bytes at the end of an auth footer. Windows 7 makes use of this. Thanks to Nick Meier <nmeier@microsoft.com> Volker (cherry picked from commit 7274d5691a339087f2770acf2f954830506f5cdc)
* Fix bug in processing of open modes in POSIX open.Jeremy Allison2009-07-301-0/+2
| | | | | | | | | | | Was missing case of "If file exists open. If file doesn't exist error." Damn damn damn. CIFSFS client will have to have fallback cases for this error for a long time. Make test for open modes more robust against other bits. Jeremy. (cherry picked from commit ac11d94f36e1878f3f5d86f2e7197fd8ecdd196b)
* Fix guest mountsSteve French2009-07-301-1/+3
| | | | | | | | | | guest session setup, login (user id) as anonymous. This patch is for samba bugzilla bug 4640. Signed-off-by: Shirish Pargaonkar <shirishp@us.ibm.com> Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@samba.org> (cherry picked from commit a8f10f4469b31565e33669560657c2b3df68c13b)
* Fix mount.cifs handling of -V option (to display version)Steve French2009-07-301-196/+228
| | | | | | | | Also sync with current mount.cifs Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@samba.org> (cherry picked from commit 510619be1897f1610d1a033c4e318002e077fdb2)
* prefer gssapi header files from subdirectoryBjörn Jacke2009-07-302-6/+6
| | | | | | | this fixes some compile time noise on FreeBSD 7 (cherry picked from commit 1bfdbb093f7c5e434ea3e653d389e1ccec578af6) (cherry picked from commit de96e1a82d6e92c00a0ab3020db8d7c0284aadb1) (cherry picked from commit b4fc28ddffa4f9a74ca72ee6c2d30f544de5360c)
* s3/docs: Fix typo in man mount.cifs.Karolin Seeger2009-07-301-1/+1
| | | | | | | | | | Thanks to Tobias Stoeckmann for reporting! Karolin (cherry picked from commit 09a7f93f6be66a8f2a124e49b4effe2b5863f01d) (cherry picked from commit fdb5c65fc51784b6a159748ec4df3953b7d2c1cb) (cherry picked from commit b19f58ccd088a10e487a1261cadb4f3f41987391) (cherry picked from commit eebc7e7ff0e6580b55ca0964a1f38096e11caa78)
* Attempt to fix bug #6099. According to MicrosoftJeremy Allison2009-07-302-26/+83
| | | | | | | | | | | Windows 7 looks at the negotiate_flags returned in this structure *even if the call fails with access denied ! So in order to allow Win7 to connect to a Samba NT style PDC we set the flags before we know if it's an error or not. Jeremy. (cherry picked from commit 194fdee65f91e8ea88196d2cff1c678f868bb3df)
* Noted by Vericode analysis. Correctly use chroot().Jeremy Allison2009-07-301-2/+9
| | | | | Jeremy. (cherry picked from commit 3086400b61ee3dda639c5520b539d4ff76e4d9c5)
* Fix bug #6098 - When the DNS server is invalid, the ads_find_dc() does not ↵Yasuma Takeda2009-07-301-2/+2
| | | | | | | | | | | | work correctly with "security = domain" 1. If DNS server is invalid, the get_sorted_dc_list() is called with realm(FQDN) and it fails. 2. On the next step, the get_sorted_dc_list() is called with realm(FQDN) again. I think "again" is wrong place. On the 2nd step, get_sorted_dc_list() should be called with realm(WORKGROUP). (cherry picked from commit 58331a118dd6a7fb56e70afe6cf93ef7cfff7e81)
* Fix bug #5906 - Winbindd crash on 'getent group' (INTERNAL ERROR: Signal 11).Jeremy Allison2009-07-301-2/+2
| | | | | | Was missed in the last maintenence release. Jeremy. (cherry picked from commit db4a435d235bedf48d668a0f4418dd46f38044ed)
* mount.cifs: add fakemount (-f) and nomtab (-n) flags to mount.cifsShirish Pargaonkar2009-07-301-5/+10
| | | | | ...so that these options work correctly when passed in by mount(8). (cherry picked from commit a894bd4504f070233dd2785a62483090581f5bf3)
* docs: fix two typos in the mount.cifs manpageMichael Adam2009-07-301-2/+2
| | | | | | | | Michael (cherry picked from commit 145fe37766cf1ecffb16a03b58b44d08f7ed7558) Signed-off-by: Michael Adam <obnox@samba.org> (cherry picked from commit 45699a287d27cce24e883384a72441d310c8ee28)
* Don't try and delete a default ACL from a file.Günter Kukkukk2009-07-301-4/+8
| | | | (cherry picked from commit 04fc826efb290ba4b1f173752efb37a4b87281f2)
* umount.cifs: clean-up entries in /etc/mtab after unmountShirish Pargaonkar2009-07-301-1/+33
| | | | | | | | | This patch removes the remaining entry in /etc/mtab after a filesystem is unmounted by canonicalizing the mountpoint supplied on the command line. Please refer to bug 4370 in samba bugzilla. (cherry picked from commit df341bd2b83cc67e31d5b91ae39b4f4f7619ffd0)
* Fix bug #6085 - In vfs_default.c change utime( ) call.Miguel Suarez2009-07-301-1/+1
| | | | (cherry picked from commit 7a1408f89f1addff993d1e2dfb7462d12d0a2f48)
* Probably fixes a crash during name resolution when log level >= 10Ted Percival2009-07-301-1/+1
| | | | | | and libc segfaults if printf is passed NULL for a "%s" arg (eg. Solaris). (cherry picked from commit d3220d9d58477f2a6ef7a78c3cf05cb232b57aff)
* Adjust regex to match variable names including underscoresLars Müller2009-07-301-1/+1
| | | | | | This is required to get the CIFSUPCALL_PROGS setting extracted from config.log. (cherry picked from commit dbfdfd047e8e69942b3289733d300d716cdbec53)
* Conditional install of the cifs.upcall man pageLars Müller2009-07-301-0/+1
| | | | | | Only install the cifs.upcall man page if CIFSUPCALL_PROGS was set while configure. (cherry picked from commit fda450e4d6f9d2661235a3422c0db644a6c686b3)
* build: don't install the cifs.upcall binary twice.Günther Deschner2009-07-301-1/+1
| | | | | Guenther (cherry picked from commit 5202fa31b227d8dd9a3ddfab26f7933bfd349281)
* docs: Describe "service" in man mount.cifs.Karolin Seeger2009-07-301-4/+7
| | | | | | | | | | | | This fixes bug #5346. Thanks to the Debian Samba package maintainers for reporting and providing a patch! Karolin (cherry picked from commit 73f4fc1f802f31459b70dba4777d142d00fcdd92) (cherry picked from commit ab4768452811e67f6606253b5a79101184f777d0) (cherry picked from commit 876b0b001976226a7c1887570c08178d72842a48) (cherry picked from commit 72655775487617e2f76836a7b16bee81e430f6f1)
* libreplace: fix detection of netinet/ip.h on solaris 8Michael Adam2009-07-301-1/+5
| | | | | | | (The test needs to additionally include <netinet/in_systm.h>.) Michael (cherry picked from commit 1868bfd40f7bf4caf9a31116111fa3a5169f4735)
* libreplace: fix bug #6066 - netinet/ip.h present but cannot be compiledMichael Adam2009-07-301-1/+4
| | | | | | | under solaris Michael (cherry picked from commit d09c9b459638242b9df53cc82a8849699d572486)
* build-docs: cleanup exit of the scriptMichael Adam2009-07-301-6/+14
| | | | | | | | | | exit in the directory where it was called using pushd/popd. Michael (cherry picked from commit b319549f129b1c79afc9bfd4a84f2730b96d69a3) Signed-off-by: Michael Adam <obnox@samba.org> (cherry picked from commit 84433b32a9339662ddad9443b90beafdcd8a2044)
* s3:docs: clean build/catalog.xml in "make clean"Michael Adam2009-07-301-0/+1
| | | | | | | | Michael (cherry picked from commit 5e21fc3506f2ba7b1135b1acad2697dfb86b5df0) Signed-off-by: Michael Adam <obnox@samba.org> (cherry picked from commit 12116d757e2d9e3472dcccecc83ba77e09767d52)
* s3:docs: clean generated .png images in "make clean"Michael Adam2009-07-301-1/+2
| | | | | | | | Michael (cherry picked from commit 9b32e839bec8611c30745607a3a6b124d5b34c01) Signed-off-by: Michael Adam <obnox@samba.org> (cherry picked from commit c6c1ab779c50c24c362132d4a5f26bee198a8a1a)
* s3:docs: fix ommission in fix of (real)distclean targetsMichael Adam2009-07-301-1/+1
| | | | | | | | Michael (cherry picked from commit 37412017c5dd2f05a7f4bbe0410a6e00ce4805e5) Signed-off-by: Michael Adam <obnox@samba.org> (cherry picked from commit 892ab9ce709a478fad31f552a70a4b5992a386ed)
* s3:create-tarball: also include the VENDOR_PATCH in the versionMichael Adam2009-07-301-0/+4
| | | | | | | | Michael (cherry picked from commit ce3e34d37ce5592e0268be5d16240387d971585a) Signed-off-by: Michael Adam <obnox@samba.org> (cherry picked from commit 347cc7f911cdbbe04aa3254444f7060cb0d2038e)
* s3:docs: fix distclean target and add realdistclean targetMichael Adam2009-07-301-1/+4
| | | | | | | | | | | - remove stuff created by configure in distclean - remove stuff created by autoconf in realdistclean Michael (cherry picked from commit 65c92fea3d18c3520ff2a1e53a0c5c8825c9788f) Signed-off-by: Michael Adam <obnox@samba.org> (cherry picked from commit 4976a8737700aff1772126375b60566046f29ec4)
View Lorry Controller Status