| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
Summary:
Specially crafted SMB requests on
authenticated SMB connections can send smbd
into a 100% CPU loop, causing a DoS on the
Samba server.
(cherry picked from commit dff54f716bdd76e3d167dc96bba6e168ef58cadd)
|
|
|
|
|
| |
Karolin
(cherry picked from commit 42c537c845f48149cb8492cb0eaa114fe64694f1)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
===========================================================
== Subject: Misconfigured /etc/passwd file may share folders unexpectedly
==
== CVE ID#: CVE-2009-2813
==
== Versions: All versions of Samba later than 3.0.11
==
== Summary: If a user in /etc/passwd is misconfigured to have
== an empty home directory then connecting to the home
== share of this user will use the root of the filesystem
== as the home directory.
===========================================================
(cherry picked from commit c1a4a99f8cc5803682a94060efee1adf330c4f02)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When running mount.cifs with the --verbose option, it'll print out the
option string that it passes to the kernel...including the mount
password if there is one. Print a placeholder string instead to help
ensure that this info can't be used for nefarious purposes.
Also, the --verbose option printed the option string before it was
completely assembled anyway. This patch should also make sure that
the complete option string is printed out.
Finally, strndup passwords passed in on the command line to ensure that
they aren't shown by --verbose as well. Passwords used this way can
never be truly kept private from other users on the machine of course,
but it's simple enough to do it this way for completeness sake.
Reported-by: Ronald Volgers <r.c.volgers@student.utwente.nl>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Acked-by: Steve French <sfrench@us.ibm.com>
Part 2/2 of a fix for CVE-2009-2948.
(cherry picked from commit 1c2a816df9fd9e3a3839a679a72b3041b0217dc3)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's possible for an unprivileged user to pass a setuid mount.cifs a
credential or password file to which he does not have access. This can cause
mount.cifs to open the file on his behalf and possibly leak the info in the
first few lines of the file.
Check the access permissions of the file before opening it.
Reported-by: Ronald Volgers <r.c.volgers@student.utwente.nl>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Acked-by: Steve French <sfrench@us.ibm.com>
Part 1/2 of a fix for CVE-2009-2948.
(cherry picked from commit 87fe29ca3239492126a99e1562db673ea7ca208b)
|
|
|
|
|
| |
Karolin
(cherry picked from commit 493ee2c888c4eb54dfa4063ac9fb3f19323a7b4c)
|
|
|
|
|
| |
Karolin
(cherry picked from commit 4e6a1f8a6b1382504699b94e24809704dd3952bb)
|
|
|
|
|
|
| |
INSTALLPERMS_BIN does not exist.
Karolin
|
|
|
|
| |
Karolin
|
|
|
|
| |
Karolin
|
|
|
|
|
| |
Karolin
(cherry picked from commit 857b6fb063b9968134cc664430ff5d33a992da4a)
|
|
|
|
|
| |
Karolin
(cherry picked from commit 21d184a8b1b335ff9e8e0515fd70f4a16c00be5a)
|
|
|
|
| |
(cherry picked from commit 689b313404971bb884566710b1468b9bd4091caa)
|
| |
|
|
|
|
| |
Karolin
|
|
|
|
|
|
|
| |
Karolin
(cherry picked from commit c2eb0d87a2436614741119ebd14fda05b42a2ddd)
(cherry picked from commit 98c238a54dbe3e64262252a9fb38b382c53c1bcf)
(cherry picked from commit b118a70a9fc96e8ae5e51ebc8abc9076b07fdf27)
|
|
|
|
|
|
|
|
|
|
| |
That fixes bug #4247. Thanks to David McNeill <davemc [at] mcpond.co.nz>
for reporting!
Karolin
(cherry picked from commit eaf949947c2eb03363c4b6f588f87b70110d6ff7)
(cherry picked from commit cea79d1fbf44b0d5bff5aa12962fb3d3cb61c367)
(cherry picked from commit 226620d0ed221da983b4f662fcef14906588f1bd)
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes bug #4245. Thanks to David McNeill <davemc [at] mcpond.co.nz>
for reporting!
Karolin
(cherry picked from commit 579c91581f5b6d5341a12923fe6cde377223caff)
(cherry picked from commit 49caab4044e47236594c6688f202aed555b9da61)
(cherry picked from commit 139f95c85f96e7ccba024283608f9ee5990f6676)
(cherry picked from commit 148aa12c89df78718addd7b72c79a8005e680509)
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes bug #4315.
Thanks to Felipe Augusto van de Wiel <faw [at] cathedrallabs [dot] org>!
Karolin
(cherry picked from commit 3422b9c546cdd262bd747e1e737c2b6479b4d21e)
(cherry picked from commit 3da62734fffa99cde1084beeb69e94a7bc623dde)
(cherry picked from commit b487a48c876fcaf88ec3fb4b05bacdd9b0bd8cd0)
(cherry picked from commit ccea7f24879265291615802982b67451ddb818ad)
|
|
|
|
|
| |
By-hand merge error :-).
Jeremy.
|
|
|
|
|
|
| |
LDAP_SUCCESS but not returning a result.
Jeremy
|
|
|
|
|
|
|
| |
Thanks to Jeffrey Riaboy <dakusan@castledragmire.com>.
Guenther
(cherry picked from commit 2b1fe2c98f4e0013dee4cbae62dc36cdd4085c7d)
|
|
|
|
|
| |
For a detailed explanation, see
http://lists.samba.org/archive/samba-technical/2009-March/063626.html
|
|
|
|
| |
Jeremy.
|
|
|
|
|
| |
also check for an upper one (integer wrap).
Jeremy.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to [MS-RPCE].pdf, section 2.2.2.11:
----
A client or a server that (during composing of a PDU) has allocated more space
for the authentication token than the security provider fills in SHOULD fill in
the rest of the allocated space with zero octets. These zero octets are still
considered to belong to the authentication token part of the PDU.<36>
----
RPC implementations are allowed to send padding bytes at the end of an auth
footer. Windows 7 makes use of this.
Thanks to Nick Meier <nmeier@microsoft.com>
Volker
|
|
|
|
|
|
|
|
|
|
| |
Was missing case of "If file exists open. If file doesn't exist error."
Damn damn damn. CIFSFS client will have to have fallback cases
for this error for a long time.
Make test for open modes more robust against other bits.
Jeremy.
|
|
|
|
|
|
|
|
|
| |
guest session setup, login (user id) as anonymous.
This patch is for samba bugzilla bug 4640.
Signed-off-by: Shirish Pargaonkar <shirishp@us.ibm.com>
Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@samba.org>
|
|
|
|
|
|
|
| |
Also sync with current mount.cifs
Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@samba.org>
|
|
|
|
|
|
| |
this fixes some compile time noise on FreeBSD 7
(cherry picked from commit 1bfdbb093f7c5e434ea3e653d389e1ccec578af6)
(cherry picked from commit de96e1a82d6e92c00a0ab3020db8d7c0284aadb1)
|
|
|
|
|
|
|
|
|
| |
Thanks to Tobias Stoeckmann for reporting!
Karolin
(cherry picked from commit 09a7f93f6be66a8f2a124e49b4effe2b5863f01d)
(cherry picked from commit fdb5c65fc51784b6a159748ec4df3953b7d2c1cb)
(cherry picked from commit b19f58ccd088a10e487a1261cadb4f3f41987391)
|
|
|
|
|
|
|
|
|
|
| |
Windows 7 looks at the negotiate_flags
returned in this structure *even if the
call fails with access denied ! So in order
to allow Win7 to connect to a Samba NT style
PDC we set the flags before we know if it's
an error or not.
Jeremy.
|
|
|
|
| |
Jeremy.
|
|
|
|
|
|
|
|
|
|
|
| |
work correctly with "security = domain"
1. If DNS server is invalid, the get_sorted_dc_list() is called with
realm(FQDN) and it fails.
2. On the next step, the get_sorted_dc_list() is called with realm(FQDN) again.
I think "again" is wrong place.
On the 2nd step, get_sorted_dc_list() should be called with realm(WORKGROUP).
|
|
|
|
|
| |
Was missed in the last maintenence release.
Jeremy.
|
|
|
|
| |
...so that these options work correctly when passed in by mount(8).
|
|
|
|
|
|
|
| |
Michael
(cherry picked from commit 145fe37766cf1ecffb16a03b58b44d08f7ed7558)
Signed-off-by: Michael Adam <obnox@samba.org>
|
| |
|
|
|
|
|
|
|
|
| |
This patch removes the remaining entry in /etc/mtab after a filesystem
is unmounted by canonicalizing the mountpoint supplied on the command
line.
Please refer to bug 4370 in samba bugzilla.
|
| |
|
|
|
|
|
| |
and libc segfaults if printf is passed NULL for a "%s" arg
(eg. Solaris).
|
|
|
|
|
| |
This is required to get the CIFSUPCALL_PROGS setting extracted from
config.log.
|
|
|
|
|
| |
Only install the cifs.upcall man page if CIFSUPCALL_PROGS was set while
configure.
|
|
|
|
| |
Guenther
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes bug #5346.
Thanks to the Debian Samba package maintainers for reporting and providing a
patch!
Karolin
(cherry picked from commit 73f4fc1f802f31459b70dba4777d142d00fcdd92)
(cherry picked from commit ab4768452811e67f6606253b5a79101184f777d0)
(cherry picked from commit 876b0b001976226a7c1887570c08178d72842a48)
|
|
|
|
|
|
| |
(The test needs to additionally include <netinet/in_systm.h>.)
Michael
|
|
|
|
|
|
| |
under solaris
Michael
|
|
|
|
|
|
|
|
|
| |
exit in the directory where it was called using pushd/popd.
Michael
(cherry picked from commit b319549f129b1c79afc9bfd4a84f2730b96d69a3)
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
|
|
|
|
|
| |
Michael
(cherry picked from commit 5e21fc3506f2ba7b1135b1acad2697dfb86b5df0)
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
|
|
|
|
|
| |
Michael
(cherry picked from commit 9b32e839bec8611c30745607a3a6b124d5b34c01)
Signed-off-by: Michael Adam <obnox@samba.org>
|