summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Fix for CVE-2009-2906.v3-0-testJeremy Allison2009-10-012-4/+17
| | | | | | | | | Summary: Specially crafted SMB requests on authenticated SMB connections can send smbd into a 100% CPU loop, causing a DoS on the Samba server. (cherry picked from commit dff54f716bdd76e3d167dc96bba6e168ef58cadd)
* WHATSNEW: Update release notes.Karolin Seeger2009-10-011-2/+24
| | | | | Karolin (cherry picked from commit 42c537c845f48149cb8492cb0eaa114fe64694f1)
* Fix for CVE-2009-2813.Karolin Seeger2009-10-012-2/+16
| | | | | | | | | | | | | | | | =========================================================== == Subject: Misconfigured /etc/passwd file may share folders unexpectedly == == CVE ID#: CVE-2009-2813 == == Versions: All versions of Samba later than 3.0.11 == == Summary: If a user in /etc/passwd is misconfigured to have == an empty home directory then connecting to the home == share of this user will use the root of the filesystem == as the home directory. =========================================================== (cherry picked from commit c1a4a99f8cc5803682a94060efee1adf330c4f02)
* mount.cifs: don't leak passwords with verbose optionJeff Layton2009-10-011-20/+34
| | | | | | | | | | | | | | | | | | | | | | | When running mount.cifs with the --verbose option, it'll print out the option string that it passes to the kernel...including the mount password if there is one. Print a placeholder string instead to help ensure that this info can't be used for nefarious purposes. Also, the --verbose option printed the option string before it was completely assembled anyway. This patch should also make sure that the complete option string is printed out. Finally, strndup passwords passed in on the command line to ensure that they aren't shown by --verbose as well. Passwords used this way can never be truly kept private from other users on the machine of course, but it's simple enough to do it this way for completeness sake. Reported-by: Ronald Volgers <r.c.volgers@student.utwente.nl> Signed-off-by: Jeff Layton <jlayton@redhat.com> Acked-by: Steve French <sfrench@us.ibm.com> Part 2/2 of a fix for CVE-2009-2948. (cherry picked from commit 1c2a816df9fd9e3a3839a679a72b3041b0217dc3)
* mount.cifs: check access of credential files before openingJeff Layton2009-10-011-0/+11
| | | | | | | | | | | | | | | | It's possible for an unprivileged user to pass a setuid mount.cifs a credential or password file to which he does not have access. This can cause mount.cifs to open the file on his behalf and possibly leak the info in the first few lines of the file. Check the access permissions of the file before opening it. Reported-by: Ronald Volgers <r.c.volgers@student.utwente.nl> Signed-off-by: Jeff Layton <jlayton@redhat.com> Acked-by: Steve French <sfrench@us.ibm.com> Part 1/2 of a fix for CVE-2009-2948. (cherry picked from commit 87fe29ca3239492126a99e1562db673ea7ca208b)
* WHATSNEW: Prepare release notes for Samba 3.0.37.Karolin Seeger2009-10-011-2/+42
| | | | | Karolin (cherry picked from commit 493ee2c888c4eb54dfa4063ac9fb3f19323a7b4c)
* Raise version number up to 3.0.37.Karolin Seeger2009-10-011-1/+1
| | | | | Karolin (cherry picked from commit 4e6a1f8a6b1382504699b94e24809704dd3952bb)
* Makefile.in: Fix installation of cifs.upcall.Karolin Seeger2009-08-041-3/+3
| | | | | | INSTALLPERMS_BIN does not exist. Karolin
* WHATSNEW: Start WHATSNEW for 3.0.36.Karolin Seeger2009-07-301-3/+106
| | | | Karolin
* VERSION: Raise version number up to 3.0.36.Karolin Seeger2009-06-291-1/+1
| | | | Karolin
* VERSION: Raise version number to 3.0.35.Karolin Seeger2009-06-291-1/+1
| | | | | Karolin (cherry picked from commit 857b6fb063b9968134cc664430ff5d33a992da4a)
* WHATSNEW: Update changes since 3.0.34.Karolin Seeger2009-06-291-2/+51
| | | | | Karolin (cherry picked from commit 21d184a8b1b335ff9e8e0515fd70f4a16c00be5a)
* Fix bug #6488.Jeremy Allison2009-06-291-0/+2
| | | | (cherry picked from commit 689b313404971bb884566710b1468b9bd4091caa)
* Workaround for KB932762Volker Lendecke2009-06-271-1/+3
|
* s3/docs: Correct version number.Karolin Seeger2009-05-271-1/+1
| | | | Karolin
* s3/docs: Fix typo.Karolin Seeger2009-05-041-1/+3
| | | | | | | Karolin (cherry picked from commit c2eb0d87a2436614741119ebd14fda05b42a2ddd) (cherry picked from commit 98c238a54dbe3e64262252a9fb38b382c53c1bcf) (cherry picked from commit b118a70a9fc96e8ae5e51ebc8abc9076b07fdf27)
* s3/docs: Fix typos.Karolin Seeger2009-05-031-4/+5
| | | | | | | | | | That fixes bug #4247. Thanks to David McNeill <davemc [at] mcpond.co.nz> for reporting! Karolin (cherry picked from commit eaf949947c2eb03363c4b6f588f87b70110d6ff7) (cherry picked from commit cea79d1fbf44b0d5bff5aa12962fb3d3cb61c367) (cherry picked from commit 226620d0ed221da983b4f662fcef14906588f1bd)
* s3/docs: Fix typo.Karolin Seeger2009-05-031-1/+1
| | | | | | | | | | | This fixes bug #4245. Thanks to David McNeill <davemc [at] mcpond.co.nz> for reporting! Karolin (cherry picked from commit 579c91581f5b6d5341a12923fe6cde377223caff) (cherry picked from commit 49caab4044e47236594c6688f202aed555b9da61) (cherry picked from commit 139f95c85f96e7ccba024283608f9ee5990f6676) (cherry picked from commit 148aa12c89df78718addd7b72c79a8005e680509)
* s3/docs: Fix serveral typos.Karolin Seeger2009-04-291-5/+5
| | | | | | | | | | | This fixes bug #4315. Thanks to Felipe Augusto van de Wiel <faw [at] cathedrallabs [dot] org>! Karolin (cherry picked from commit 3422b9c546cdd262bd747e1e737c2b6479b4d21e) (cherry picked from commit 3da62734fffa99cde1084beeb69e94a7bc623dde) (cherry picked from commit b487a48c876fcaf88ec3fb4b05bacdd9b0bd8cd0) (cherry picked from commit ccea7f24879265291615802982b67451ddb818ad)
* Add comment explaining the previous fix. (and fix the previous patch :-).Jeremy Allison2009-04-221-1/+8
| | | | | By-hand merge error :-). Jeremy.
* Fix bug #6279 - winbindd crash. Cope with LDAP libraries returning ↵Jeremy Allison2009-04-221-0/+4
| | | | | | LDAP_SUCCESS but not returning a result. Jeremy
* s3-examples: Fix Bug #6205. Correct sample smb.conf share configuration.Günther Deschner2009-04-061-1/+1
| | | | | | | Thanks to Jeffrey Riaboy <dakusan@castledragmire.com>. Guenther (cherry picked from commit 2b1fe2c98f4e0013dee4cbae62dc36cdd4085c7d)
* prevent segmentation fault on joining a very long domain name in samba-3.0.32Bhaskar Jain (bhajain)2009-03-201-1/+1
| | | | | For a detailed explanation, see http://lists.samba.org/archive/samba-technical/2009-March/063626.html
* Get the sense of the integer wrap test the right way around. Sorry.Jeremy Allison2009-03-051-1/+1
| | | | Jeremy.
* Now we're allowing a lower bound for auth_len, ensure weJeremy Allison2009-03-051-1/+5
| | | | | also check for an upper one (integer wrap). Jeremy.
* Complete the fix for bug 6100Volker Lendecke2009-03-051-1/+1
| | | | | | | | | | | | | | | | | | According to [MS-RPCE].pdf, section 2.2.2.11: ---- A client or a server that (during composing of a PDU) has allocated more space for the authentication token than the security provider fills in SHOULD fill in the rest of the allocated space with zero octets. These zero octets are still considered to belong to the authentication token part of the PDU.<36> ---- RPC implementations are allowed to send padding bytes at the end of an auth footer. Windows 7 makes use of this. Thanks to Nick Meier <nmeier@microsoft.com> Volker
* Fix bug in processing of open modes in POSIX open.Jeremy Allison2009-02-251-0/+2
| | | | | | | | | | Was missing case of "If file exists open. If file doesn't exist error." Damn damn damn. CIFSFS client will have to have fallback cases for this error for a long time. Make test for open modes more robust against other bits. Jeremy.
* Fix guest mountsSteve French2009-02-241-1/+3
| | | | | | | | | guest session setup, login (user id) as anonymous. This patch is for samba bugzilla bug 4640. Signed-off-by: Shirish Pargaonkar <shirishp@us.ibm.com> Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@samba.org>
* Fix mount.cifs handling of -V option (to display version)Steve French2009-02-241-196/+228
| | | | | | | Also sync with current mount.cifs Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@samba.org>
* prefer gssapi header files from subdirectoryBjörn Jacke2009-02-242-6/+6
| | | | | | this fixes some compile time noise on FreeBSD 7 (cherry picked from commit 1bfdbb093f7c5e434ea3e653d389e1ccec578af6) (cherry picked from commit de96e1a82d6e92c00a0ab3020db8d7c0284aadb1)
* s3/docs: Fix typo in man mount.cifs.Karolin Seeger2009-02-231-1/+1
| | | | | | | | | Thanks to Tobias Stoeckmann for reporting! Karolin (cherry picked from commit 09a7f93f6be66a8f2a124e49b4effe2b5863f01d) (cherry picked from commit fdb5c65fc51784b6a159748ec4df3953b7d2c1cb) (cherry picked from commit b19f58ccd088a10e487a1261cadb4f3f41987391)
* Attempt to fix bug #6099. According to MicrosoftJeremy Allison2009-02-152-26/+83
| | | | | | | | | | Windows 7 looks at the negotiate_flags returned in this structure *even if the call fails with access denied ! So in order to allow Win7 to connect to a Samba NT style PDC we set the flags before we know if it's an error or not. Jeremy.
* Noted by Vericode analysis. Correctly use chroot().Jeremy Allison2009-02-131-2/+9
| | | | Jeremy.
* Fix bug #6098 - When the DNS server is invalid, the ads_find_dc() does not ↵Yasuma Takeda2009-02-111-2/+2
| | | | | | | | | | | work correctly with "security = domain" 1. If DNS server is invalid, the get_sorted_dc_list() is called with realm(FQDN) and it fails. 2. On the next step, the get_sorted_dc_list() is called with realm(FQDN) again. I think "again" is wrong place. On the 2nd step, get_sorted_dc_list() should be called with realm(WORKGROUP).
* Fix bug #5906 - Winbindd crash on 'getent group' (INTERNAL ERROR: Signal 11).Jeremy Allison2009-02-111-2/+2
| | | | | Was missed in the last maintenence release. Jeremy.
* mount.cifs: add fakemount (-f) and nomtab (-n) flags to mount.cifsShirish Pargaonkar2009-02-061-5/+10
| | | | ...so that these options work correctly when passed in by mount(8).
* docs: fix two typos in the mount.cifs manpageMichael Adam2009-02-061-2/+2
| | | | | | | Michael (cherry picked from commit 145fe37766cf1ecffb16a03b58b44d08f7ed7558) Signed-off-by: Michael Adam <obnox@samba.org>
* Don't try and delete a default ACL from a file.Günter Kukkukk2009-02-051-4/+8
|
* umount.cifs: clean-up entries in /etc/mtab after unmountShirish Pargaonkar2009-02-051-1/+33
| | | | | | | | This patch removes the remaining entry in /etc/mtab after a filesystem is unmounted by canonicalizing the mountpoint supplied on the command line. Please refer to bug 4370 in samba bugzilla.
* Fix bug #6085 - In vfs_default.c change utime( ) call.Miguel Suarez2009-02-031-1/+1
|
* Probably fixes a crash during name resolution when log level >= 10Ted Percival2009-02-031-1/+1
| | | | | and libc segfaults if printf is passed NULL for a "%s" arg (eg. Solaris).
* Adjust regex to match variable names including underscoresLars Müller2009-02-021-1/+1
| | | | | This is required to get the CIFSUPCALL_PROGS setting extracted from config.log.
* Conditional install of the cifs.upcall man pageLars Müller2009-02-021-0/+1
| | | | | Only install the cifs.upcall man page if CIFSUPCALL_PROGS was set while configure.
* build: don't install the cifs.upcall binary twice.Günther Deschner2009-02-021-1/+1
| | | | Guenther
* docs: Describe "service" in man mount.cifs.Karolin Seeger2009-02-021-4/+7
| | | | | | | | | | | This fixes bug #5346. Thanks to the Debian Samba package maintainers for reporting and providing a patch! Karolin (cherry picked from commit 73f4fc1f802f31459b70dba4777d142d00fcdd92) (cherry picked from commit ab4768452811e67f6606253b5a79101184f777d0) (cherry picked from commit 876b0b001976226a7c1887570c08178d72842a48)
* libreplace: fix detection of netinet/ip.h on solaris 8Michael Adam2009-01-271-1/+5
| | | | | | (The test needs to additionally include <netinet/in_systm.h>.) Michael
* libreplace: fix bug #6066 - netinet/ip.h present but cannot be compiledMichael Adam2009-01-271-1/+4
| | | | | | under solaris Michael
* build-docs: cleanup exit of the scriptMichael Adam2009-01-271-6/+14
| | | | | | | | | exit in the directory where it was called using pushd/popd. Michael (cherry picked from commit b319549f129b1c79afc9bfd4a84f2730b96d69a3) Signed-off-by: Michael Adam <obnox@samba.org>
* s3:docs: clean build/catalog.xml in "make clean"Michael Adam2009-01-271-0/+1
| | | | | | | Michael (cherry picked from commit 5e21fc3506f2ba7b1135b1acad2697dfb86b5df0) Signed-off-by: Michael Adam <obnox@samba.org>
* s3:docs: clean generated .png images in "make clean"Michael Adam2009-01-271-1/+2
| | | | | | | Michael (cherry picked from commit 9b32e839bec8611c30745607a3a6b124d5b34c01) Signed-off-by: Michael Adam <obnox@samba.org>
View Lorry Controller Status