summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Fix for CVE-2009-2906.samba-3.2.15v3-2-stableJeremy Allison2009-09-302-3/+26
| | | | | | | | Summary: Specially crafted SMB requests on authenticated SMB connections can send smbd into a 100% CPU loop, causing a DoS on the Samba server.
* WHATSNEW: Update release notes.Karolin Seeger2009-09-301-2/+8
| | | | Karolin
* Fix for CVE-2009-2813.Jeremy Allison2009-09-282-2/+11
| | | | | | | | | | | | | | | =========================================================== == Subject: Misconfigured /etc/passwd file may share folders unexpectedly == == CVE ID#: CVE-2009-2813 == == Versions: All versions of Samba later than 3.0.11 == == Summary: If a user in /etc/passwd is misconfigured to have == an empty home directory then connecting to the home == share of this user will use the root of the filesystem == as the home directory. ===========================================================
* mount.cifs: don't leak passwords with verbose optionJeff Layton2009-09-281-20/+34
| | | | | | | | | | | | | | | | | | | | | | When running mount.cifs with the --verbose option, it'll print out the option string that it passes to the kernel...including the mount password if there is one. Print a placeholder string instead to help ensure that this info can't be used for nefarious purposes. Also, the --verbose option printed the option string before it was completely assembled anyway. This patch should also make sure that the complete option string is printed out. Finally, strndup passwords passed in on the command line to ensure that they aren't shown by --verbose as well. Passwords used this way can never be truly kept private from other users on the machine of course, but it's simple enough to do it this way for completeness sake. Reported-by: Ronald Volgers <r.c.volgers@student.utwente.nl> Signed-off-by: Jeff Layton <jlayton@redhat.com> Acked-by: Steve French <sfrench@us.ibm.com> Part 2/2 of a fix for CVE-2009-2948.
* mount.cifs: check access of credential files before openingJeff Layton2009-09-281-0/+11
| | | | | | | | | | | | | | | It's possible for an unprivileged user to pass a setuid mount.cifs a credential or password file to which he does not have access. This can cause mount.cifs to open the file on his behalf and possibly leak the info in the first few lines of the file. Check the access permissions of the file before opening it. Reported-by: Ronald Volgers <r.c.volgers@student.utwente.nl> Signed-off-by: Jeff Layton <jlayton@redhat.com> Acked-by: Steve French <sfrench@us.ibm.com> Part 1/2 of a fix for CVE-2009-2948.
* WHATSNEW: Prepare release notes for 3.2.15.Karolin Seeger2009-09-281-2/+62
| | | | Karolin
* Raise version number up to 3.2.15.Karolin Seeger2009-09-241-1/+1
| | | | Karolin
* WHATSNEW: Actually it was Simo's patch...samba-3.2.14Karolin Seeger2009-08-121-0/+2
| | | | | Karolin (cherry picked from commit bdccf9831ae530b55d1819c040a3ee5448b24ac3)
* WHATSNEW: Update changes.Karolin Seeger2009-08-121-0/+2
| | | | | Karolin (cherry picked from commit 93de86c490d5da0d0b3ecf363148ba3174997800)
* Fix bug #6628 - "smbpassdb -a" using rid algorithm with tdbsam passdbSimo Sorce2009-08-121-1/+1
| | | | | | | | | | | | | | samu_set_unix() does not use the rid allocator, but forces to use the algoritmic allocator unconditionally, this is wrong and inconsistent. Use samu_alloc_rid_unix() instead. (If we create a new user we should do it in a way consistent with all other commands like pdbedit -a and net rpc user add.) (cherry picked from commit e1d4db8f55b25c7e9c408cb334fb89ccfd4c6565) Signed-off-by: Michael Adam <obnox@samba.org> This fixes bug #6628. (cherry picked from commit 0a1b125ae4260de3cee6a92b19e3977d922a8c11)
* s3:passdb: fix bug #6509: use gid (not uid) cache in fetch_gid_from_cache().Michael Adam2009-08-111-1/+1
| | | | | | | With the previous code, the cache can never have been hit at all. Michael (cherry picked from commit 12277e145f4dcc589e84e4a90b2497728d2317b6)
* WHATSNEW: Update changes.Karolin Seeger2009-08-111-0/+1
| | | | | Karolin (cherry picked from commit 9bcfbccad5d5983cfa42f31f6394f03c4678e79a)
* s3:winbindd: raise the timeout for lsa_Lookup*() calls from 10 to 35 seconds.Stefan Metzmacher2009-08-112-1/+57
| | | | | | | | metze (similar to commit 1e1445bc7672b17a1d689fa0f0732b05b6e04da5) Fixes bug #6627. (cherry picked from commit 91ac57e6b443732f64c92788d7a18ae568601763)
* WHATSNEW: Update changes since 3.2.13.Karolin Seeger2009-08-111-0/+1
| | | | | Karolin (cherry picked from commit 2a955d009e714d28017a3043d294ad37289f6718)
* WHATSNEW: Update changes.Karolin Seeger2009-08-111-0/+2
| | | | | Karolin (cherry picked from commit 6ee6e122fd81ab0b208e9f69cc1bd651e328d97c)
* s3:winbind:idmap_ldap: fix a crash bug in idmap_ldap_unixids_to_sids (#6387)Michael Adam2009-08-111-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | This fixes a crash bug hit when multiple mappings were found by the ldap search. This crash was caused by an ldap asssertion in ldap_next_entry because was set to NULL in each iteration. The corresponding fix was applied to the idmap_ldap_sids_to_unixids() by Jerry in 2007 (b066668b74768d9ed547f16bf7b6ba6aea5df20a). This fixes the crash part of bug #6387. There is a logic part, too: The problem currently only occurs when multiple mappings are found for one given unixid. Now winbindd does not crash any more but it does not correctly handle this situation. It just returns the last mapping from the ldap search results. This needs fixing. Michael (cherry picked from commit e9010fa366746ec1ae948dbcf3493d446e23b14c) Signed-off-by: Michael Adam <obnox@samba.org> (cherry picked from commit 15652ee4259201a6d794c735d7e81631338f1050)
* WHATSNEW: Update WHATSNEW.Karolin Seeger2009-08-111-2/+7
| | | | | Karolin (cherry picked from commit a49a3bdc1aa0c66edc00e11b470a3c3ccca79f6d)
* s3-net: Fix bug 6340: don't segfault when cleartext trustdom pwd could not ↵Günther Deschner2009-08-101-1/+1
| | | | | | | be retrieved. Guenther (cherry picked from commit 1fb3ee26df3271dca802df07e20ea5b30da660e4)
* Fix bug #6487: Missing DFS call in trans2 mkdir call. (cherry picked from ↵Jeremy Allison2009-08-101-0/+15
| | | | | | | commit 1a0005e1c508cf3b170d1c7e43b94a47b2820506) (cherry picked from commit 133cdb46be154eeceb080fa9db88a38d9f87c919) (cherry picked from commit 1acc2a976a9ede216d2ad4bb241c3f3babef2637)
* Fix bug #6476 - more then 3000 smbd-zombies in memoryJeremy Allison2009-08-101-4/+15
| | | | | | | | We weren't reaping children in the [x]inetd case. Jeremy. (cherry picked from commit 7e51314f2e18241876b049642fcb133df7e44c70) (cherry picked from commit a0626827c820cad082001ab76f1f7e37f1a7307b)
* Fix bug #6421 - POSIX read-only open fails on read-only shares. The change ↵Jeremy Allison2009-08-102-8/+12
| | | | | | | to smbd/trans2.c opens up SETFILEINFO calls to POSIX_OPEN only. The change to first smbd/open.c closes 2 holes that would have been exposed by allowing POSIX_OPENS on readonly shares, and their ability to set arbitrary flags permutations. The O_CREAT -> O_CREAT|O_EXCL change removes an illegal combination (O_EXCL without O_CREAT) that previously was being passed down to the open syscall. Jeremy. (cherry picked from commit 79f26472b4ae561ec00c30f31dd63ccab6dfc0c4) (cherry picked from commit fedc34b47664439b0d066c087d9bfa5a34c81fff)
* s3/lanman: Workaround for KB932762.Volker Lendecke2009-08-101-0/+1
| | | | | | | This addresses bug #6498. (cherry picked from commit a702dea5a86f22e0b7857b67447152a06b3bbea2) (cherry picked from commit aa769edfcef6937927201f765509c10b60764817) (cherry picked from commit 471f905f788209d0e76ca2d327d30f830ce4648c)
* s3-lsa: Fix _lsa_LookupNames2() server implementation which always returned ↵Günther Deschner2009-08-101-0/+1
| | | | | | | | | | | | | | | a NULL sid_array since 3.2.0. Found by torture test. This makes it possible to search for users while adding them to groups via windows usermanager. Fixes bug #6484. Guenther (cherry picked from commit 0cfe59f1b580371f445b50151ceae5aef02bf0c4) (cherry picked from commit b653d1b1186e1c43f1ad0a64d19ee2fc015594a6)
* s3/libsmb: Fix typo in error message.Karolin Seeger2009-08-101-1/+1
| | | | | | | | | Thanks to Herb Lewis <hlewis [at] panasas.com> for noticing! Was commit 095f66b0 in master. Karolin (cherry picked from commit 0839aeb2c583272b041c5a3ebe762c33bc8245f4)
* s3/docs: Fix typo.Karolin Seeger2009-08-101-1/+1
| | | | | | | | | | | This fixes bug #6412. Thanks to Carsten Dumke <carsten [at] cdumke.de> for reporting! Karolin (cherry picked from commit 4ad43a21344b43f1c9fe459165098bcab1695711) (cherry picked from commit 84750d556d0a42b5d8b134308311e2cb9a533b58) (cherry picked from commit 304c25a518aba988c3d36e78f6a8416a340b3b33) (cherry picked from commit df9c7dba85859bdafb7265b24275ed3ac6d4957d)
* s3/packaging: pam_winbind has been moved to section 8.Karolin Seeger2009-08-101-1/+1
| | | | | | | Karolin (cherry picked from commit 13494c0f8f9459c51b520a7cf60790e9e2f475b4) (cherry picked from commit 3c44cd7a10948454fea58f521164fdbe7e20d959) (cherry picked from commit 1457541f35d50b58b3e322ae69092190634a236d)
* s3/docs: Add documentation for 'net sam rights'.Karolin Seeger2009-08-101-0/+27
| | | | | | | | This is part of a fix for bug #6328. Karolin (cherry picked from commit a5a31512de9d9b9ed7eed906487dd154fde7e483) (cherry picked from commit 8fdb612155e36980249b7dd0daf5c57fb4d80f8c)
* WHATSNEW: Start WHATSNEW for 3.2.14.Karolin Seeger2009-08-101-2/+124
| | | | | Karolin (cherry picked from commit 32fdc5cef5c7aaea61228037f8c417369328e4d4)
* VERSION: Raise version up to 3.2.14.Karolin Seeger2009-08-101-1/+1
| | | | | Karolin (cherry picked from commit 623a625ebe701d67b0547152e186721c7aa6d6e7)
* s3/smbldap: Fix typo in debug message.Karolin Seeger2009-08-101-1/+1
| | | | | | | Karolin (cherry picked from commit 54dffbea663ecf4542d6c5e30da6e346d5d60424) (cherry picked from commit 2538df1ea3229ea6d8242b5ae6fdd3d453395609) (cherry picked from commit 85f3b70d4aca641339b86f71b551156fa9aa27cb)
* Fix SAMR server for winbindd access. Ensure we allow MAX_ACCESS to be mapped ↵Jeremy Allison2009-08-101-2/+2
| | | | | | | | to what we're giving Everyone. Jeremy. Fixes bug #6504. (cherry picked from commit 4e854cb52cfb4f3c25c92324c6e7505f1c8290b3) (cherry picked from commit eb1c74737e5d40ae85102613a4dfcd89a3235feb)
* s3/docs: Fix typos.Karolin Seeger2009-08-101-2/+2
| | | | | | | | | | Thanks to OPC oota <t-oota@dh.jp.nec.com> for reporting! Karolin (cherry picked from commit 7ee7ec3fdba2ef6a6cc3e1f96a5d2154290cdb18) (cherry picked from commit c94d3183a8e4c7e03c0dd2771cb7b9f4665198ce) (cherry picked from commit 1310ba934b87b804f435cef2c21e6e65590e4a83) (cherry picked from commit 0c75e4da04b27df3c079c22676b5fbf05521d93f)
* handling upn nameBo Yang2009-08-103-3/+21
| | | | | | | | | | lookupname failed, cannot find domain when attempt to change password. This addresses bug #6560. Signed-off-by: Bo Yang <boyang@samba.org> (cherry picked from commit 87b52c1b2062fc8e23c6d3cf630eac5cb9fbaecf)
* s3:util: let parent_dirname() correctly return toplevel filenamesStefan Metzmacher2009-08-101-1/+1
| | | | | | | | | | metze (cherry picked from commit a14efbadd53ac9678d75e6029f947d63cfa0c4e5) Signed-off-by: Stefan Metzmacher <metze@samba.org> This addresses bug #6526. (cherry picked from commit 92bb02adbc808ed3180ab66b45fb717c9dad03b4)
* Fix bug #6520 time stamps.Jeremy Allison2009-08-101-3/+32
| | | | | | | | | | E.g. last mod time is not preserved when "unix extensions=yes" are set - and u Cancel out any pending "sticky" writes or "last write" changes when doing a UNIX info level set. Jeremy. (cherry picked from commit 5b03af33ad45368bea7cf6cabc91f62e2503de99) (cherry picked from commit 00aaf9a46a202d7cd0a8cd3b8e2f9d95238a761a)
* s3/docs: Fix typo.Matt Kraai2009-08-101-1/+1
| | | | | | | | This fixes bug #6519. (cherry picked from commit 4fb1f8e8fe46b3e77c06612ac3fc3d67cf650a11) (cherry picked from commit 39bfcc5d50892ad0c387f0ca3932e961e77fdc39) (cherry picked from commit 408cc7ec9f4119aa9a768474152a83ef796309a9) (cherry picked from commit 8fe47789306605c174a800e549991027b9203f4c)
* Don't require "Modify property" perms to unjoin (bug #6481) "net ads leave" ↵Jim McDonough2009-08-106-21/+55
| | | | | | | | | | | | | | | | | | | | | stopped working when "modify properties" permissions were not granted (meaning you had to be allowed to disable the account that you were about to delete). Libnetapi should not delete machine accounts, as this does not happen on win32. The WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE flag really means "disable" (both in practice and docs). However, to keep the functionality in "net ads leave", we will still try to do the delete. If this fails, we try to do the disable. Additionally, it is possible in windows to not disable or delete the account, but just tell the local machine that it is no longer in the account. libnet can now do this as well. Don't use ads realm name for non-ads case. #6481 Also check that the connection to ads worked. (cherry picked from commit 880d1a3f83a0834225d5a7c0f179c236b0e59ef8)
* s3-test: add RPC-SAMR-MACHINE-AUTH to list of tests to run against s3.Günther Deschner2009-08-101-0/+2
| | | | | Guenther (cherry picked from commit db7c5d175ba2d733df445f7d0dc570a79a417f49)
* Bug 6488: acl_group_override() call in posix acls references an ↵samba-3.2.13Jeremy Allison2009-06-221-12/+10
| | | | uninitialized variable. (cherry picked from commit f92195e3a1baaddda47a5d496f9488c8445b41ad)
* WHATSNEW: Update changes.Karolin Seeger2009-06-221-3/+9
| | | | Karolin
* WHATSNEW: Update changes since 3.2.12.Karolin Seeger2009-06-191-2/+1686
| | | | Karolin
* VERSION: Raise version number up to 3.2.13.Karolin Seeger2009-06-181-1/+1
| | | | Karolin
* Fix bug 6478Volker Lendecke2009-06-181-20/+20
| | | | This is the part of checkin cfee2025 that is relevant to this bug.
* s3/docs: Fix typo.samba-3.2.12Karolin Seeger2009-06-161-1/+1
| | | | | | | Karolin (cherry picked from commit 6e45c21384b8845422967ff1fa46e48de9fee1ab) (cherry picked from commit aa97504f0358dcc23de7a65f39a1c4d24f0709b7) (cherry picked from commit 57a019524d0d2bd434ac7382ed355f69c510ff14)
* Fix the section of the pam_winbind manpage.Andreas Schneider2009-06-162-4/+4
| | | | | Signed-off-by: Andreas Schneider <mail@cynapses.org> (cherry picked from commit cce2cdf3041bedf14e08b1f839ab8ddfa88dd3d3)
* Move pam_winbind to the right manpage section (8).Andreas Schneider2009-06-161-0/+0
| | | | | | | | Signed-off-by: Andreas Schneider <mail@cynapses.org> (cherry picked from commit 59ab1574e41993d24733affbca07d3f7da245fc7) (cherry picked from commit d547aab1511c72e1cab034e2945f6ad63bda6659) (cherry picked from commit c9b89676983c5fd0ec12df121fc5d9e06facdd80) (cherry picked from commit f0d073d4e787516ae6e1a005e145ef2adf6a6e5d)
* Dcoument the PAM data exports in the pam_winbind manpage.Andreas Schneider2009-06-161-0/+44
| | | | | | | | Signed-off-by: Andreas Schneider <mail@cynapses.org> (cherry picked from commit 1809ff4b2339bd3066532abccea0944da45edf64) (cherry picked from commit 5d2dfba6d1699c6e417cc21233a1cc871f3c0ad1) (cherry picked from commit 282682c989a8008de5f8d30c48c9a740b315a230) (cherry picked from commit 15892ce595ea050b58756130b6bc6031ae0752ca)
* Document the try_first_pass option in the pam_winbind manpage.Andreas Schneider2009-06-161-5/+8
| | | | | | | | Signed-off-by: Andreas Schneider <mail@cynapses.org> (cherry picked from commit 779eea49de3f53040fe792de4b74b73a0c51ecb3) (cherry picked from commit 24d6f697844bc85a03c047e5470abcfdd53735a2) (cherry picked from commit 2ed85b0ebfc50cad847050cc6b5269c470956ea3) (cherry picked from commit 0619c29d3b0bb59cd31ed48df47878170d4cfd9b)
* Add a synopsis section to the pam_winbind manpage.Andreas Schneider2009-06-161-0/+25
| | | | | | | | Signed-off-by: Andreas Schneider <mail@cynapses.org> (cherry picked from commit 24f9f32fedb92f881658db856db15173e57af0bd) (cherry picked from commit 55df96313c5b966f41b0b5c426cf6a420cafa855) (cherry picked from commit f738862d9f419fec27c9fb15c880a452aff333d9) (cherry picked from commit 0669d66d81be3f265eab442c22b2881615d502db)
* WHATSNEW: Fix typo.Karolin Seeger2009-06-151-1/+1
| | | | | Karolin (cherry picked from commit 26b5cb2df0fbf2d0c004da4872c3733f3b75fd62)
View Lorry Controller Status