summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* WHATSNEW: Add release notes for Samba 3.5.22.samba-3.5.22v3-5-stableKarolin Seeger2013-07-241-2/+58
| | | | Signed-off-by: Karolin Seeger <kseeger@samba.org>
* Fix bug #10010 - Missing integer wrap protection in EA list reading can ↵Jeremy Allison2013-07-241-0/+12
| | | | | | | | | cause server to loop with DOS. Ensure we never wrap whilst adding client provided input. CVE-2013-4124 Signed-off-by: Jeremy Allison <jra@samba.org>
* VERSION: Bump Version number up to 3.5.22.Karolin Seeger2013-01-301-1/+1
| | | | Karolin
* swat: Use additional nonce on XSRF protectionsamba-3.5.21Kai Blin2013-01-293-13/+29
| | | | | | | | | | | | | If the user had a weak password on the root account of a machine running SWAT, there still was a chance of being targetted by an XSRF on a malicious web site targetting the SWAT setup. Use a random nonce stored in secrets.tdb to close this possible attack window. Thanks to Jann Horn for reporting this issue. Signed-off-by: Kai Blin <kai@samba.org> Fix bug #9577: CVE-2013-0214: Potential XSRF in SWAT.
* swat: Use X-Frame-Options header to avoid clickjackingKai Blin2013-01-291-1/+2
| | | | | | | | | | | | | Jann Horn reported a potential clickjacking vulnerability in SWAT where the SWAT page could be embedded into an attacker's page using a frame or iframe and then used to trick the user to change Samba settings. Avoid this by telling the browser to refuse the frame embedding via the X-Frame-Options: DENY header. Signed-off-by: Kai Blin <kai@samba.org> Fix bug #9576 - CVE-2013-0213: Clickjacking issue in SWAT.
* WHATSNEW: Prepare release notes for Samba 3.5.21.Karolin Seeger2013-01-291-9/+34
| | | | | | | | This is a Security Release in order to address CVE-2013-0213 (Clickjacking issue in SWAT) and CVE-2013-0214 (Potential XSRF in SWAT). Karolin
* WHATSNEW: Start release notes for Samba 3.5.21.Karolin Seeger2012-12-181-2/+43
| | | | | Karolin (cherry picked from commit 26a043a0997e199701a1bd72f91edc607471e700)
* VERSION: Bump version number up to 3.5.21.Karolin Seeger2012-12-181-1/+1
| | | | | Karolin (cherry picked from commit f80704321ffe22ed3a5dfab02e0ebaa1cc104c22)
* WHATSNEW: Prepare release notes for Samba 3.5.20.samba-3.5.20Karolin Seeger2012-12-141-1/+16
| | | | | Karolin (cherry picked from commit 31292e6fbedef78126435c92d6e687a4844847d9)
* Fix bug #9455 munmap called for an address location not mapped by samba.Jeremy Allison2012-12-141-0/+3
| | | | | Signed-off-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 06e3c65af559baaee7fa61ed3df1287b786d1858)
* source3/libaddns: don't depend on the order in resp->answers[]Stefan Metzmacher2012-12-141-3/+12
| | | | | | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit eecc1d294256210ee8c2f6ab79d21b835258a6d4) The last 2 patches address bug #9402 - lib/addns doesn't work samba4 with a bind9 server. (cherry picked from commit cf4773f929b2ac01bfe22e8113ccd3843c92bf56)
* source3/libaddns: remove pointless check for resp->num_additionals != 1Stefan Metzmacher2012-12-141-2/+1
| | | | | | | | | | | | We never use resp->additionals, so there's no reason to check. This fixes dns updates against BIND9 (used in a Samba4 domain). Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit b59c5db5f74f56c0536635a41ae51c389109ceb5) (cherry picked from commit 4bb99f454cea8a0c37422f1e64cabe96543ca6e8)
* lib/replace: replace all *printf function if we replace snprintf (bug #9390)Stefan Metzmacher2012-12-143-17/+34
| | | | | | | | | | | | | | This fixes segfaults in log level = 10 on Solaris. Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Björn Jacke <bj@sernet.de> Autobuild-User(master): Björn Jacke <bj@sernet.de> Autobuild-Date(master): Wed Nov 14 19:41:14 CET 2012 on sn-devel-104 (cherry picked from commit a15da3625850d97b3da1b02308c870f820007c52) The last 5 patches address bug #9390 - Solaris printf doesn't allow %s, NULL. (cherry picked from commit 05f151c041e407514c1b35619b2f2454aa4d614b)
* libreplace: Fix symbol names for snprintf/asprintf/vasprintf.Jelmer Vernooij2012-12-141-6/+6
| | | | | | | Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sun May 13 05:16:28 CEST 2012 on sn-devel-104 (cherry picked from commit cf67da70c9a63c4dc63f287059321d6c36d1e19e) (cherry picked from commit 27405fb8cfaa56f3a39cdcd2fd635fd37af629f9)
* libreplace: fixed declaration of dprintf() on FreeBSD (cherry picked from ↵Andrew Tridgell2012-12-142-2/+12
| | | | | | commit a599319d0a389ff0c31dae8068cd7a78352aa9e7) (cherry picked from commit fa16d0e4c2329fad8edde5a5e8d626a90caba6d9)
* libreplace: added replacements for dprintf() and vdprintf()Andrew Tridgell2012-12-142-1/+32
| | | | | | | | these are very useful for writing files with formatted writes Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit d6fb64c51244529388b1f79ba8220ff608e1e4de) (cherry picked from commit 4bf8dc438318e06ee96dc1b6084dddd8700739e7)
* libreplace: some systems don't have memmem()Andrew Tridgell2012-12-144-0/+68
| | | | | | added rep_memmem() and a testsuite (cherry picked from commit fef3c910da421e890925e5e61275fc457da87f6e) (cherry picked from commit 42057793ebb3ccdc4e63f59753bca8dd677e9748)
* Another fix needed for bug #9236 - ACL masks incorrectly applied when ↵Jeremy Allison2012-12-141-4/+10
| | | | | | | | | | | | | | setting ACLs. Not caught by make test as it's an extreme edge case for strange incoming ACLs. I only found this as I'm making raw.acls and smb2.acls pass against 3.6.x with acl_xattr mapped onto a POSIX backend (which isn't tested in make test). An incoming inheritable ACE entry containing only one permission, WRITE_DATA maps into a POSIX owner perm of "-w-", which violates the principle that the owner of a file/directory can always read. (cherry picked from commit 92292ac55144521824610a5d4b09f8dc1ff19a8a)
* docs-xml: fix use of <smbconfoption> tag (fix bug #9345)Björn Baumbach2012-12-141-5/+8
| | | | | | | | | | | | | | | Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Karolin Seeger <ks@samba.org> Autobuild-User(master): Karolin Seeger <kseeger@samba.org> Autobuild-Date(master): Fri Nov 2 12:37:42 CET 2012 on sn-devel-104 (cherry picked from commit 3ecbe8c83a003825fc58f6dcb9e02a35aad2d86e) Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-0-test): Mon Nov 5 13:09:12 CET 2012 on sn-devel-104 (cherry picked from commit 6195cb667b1c162436bfbf5d4f499bdc776f83b4) (cherry picked from commit a6dea8e6556bd5e391cd709b86664fb7cc34433a) (cherry picked from commit 9a8d7ab3773e1d4d1981f8b45998d689180a4cbf)
* Second part of fix for bug #7781 - Samba transforms ShareName to lowercase ↵Jeremy Allison2012-12-141-0/+4
| | | | | | | | (sharename) when adding new share via MMC Ensure safe_strcpy is safe when src == dest. This probably needs porting to master/3.6.x/4.0.x. (cherry picked from commit e81b3c9a2aa58cbf5e12ef129fa63aab784c9598)
* Fix bug #7781 (Samba transforms "ShareName" to lowercase when adding new ↵Jeremy Allison2012-12-1412-70/+79
| | | | | | | share via MMC) Signed-off-by: Michael Adam <obnox@samba.org> (cherry picked from commit 3b1528dcd67d62f20313094be9b5d609a1ca4f25)
* WHATSNEW: Start release notes for Samba 3.5.20.Karolin Seeger2012-11-051-3/+44
| | | | | | | And fix a typo. Karolin (cherry picked from commit 6b03743f3f342a874971b9fc8be1eb1f520b74da)
* VERSION: Bump version number up to 3.5.20.Karolin Seeger2012-11-051-1/+1
| | | | | Karolin (cherry picked from commit 6048e80e1f3ca0d603d5e7458c91f9e5c43f8b67)
* WHATSNEW: Prepare release notes for Samba 3.5.19.samba-3.5.19Karolin Seeger2012-11-011-1/+26
| | | | | Karolin (cherry picked from commit 4067d192f62d6fc20e1cdf8820656b03aa9f5931)
* Revert "Fix bug #7781 (Samba transforms "ShareName" to lowercase when adding ↵Karolin Seeger2012-11-0112-79/+70
| | | | | | | | | | | new share via MMC)" This reverts commit 157b88da4db727eafa682c7fc7eab11d5955f57b. This one seems to break make test on my system. Karolin (cherry picked from commit 92bd768ed56585c2a45d0ca41eec9e6a1e3701ae)
* s3: fix compile of krb5 locator on SolarisBjörn Jacke2012-11-011-1/+1
| | | | | | | | | | the krb5 locator plugin on Solaris needs LIBREPLACE_LIBS (bug #8732) Autobuild-User: Björn Jacke <bj@sernet.de> Autobuild-Date: Tue May 29 09:58:42 CEST 2012 on sn-devel-104 (cherry picked from commit 3085225e72c75abf84d7740334459cd971ee4c56) (cherry picked from commit 7ca265423a36c114ac9216a780e005956967eae7) (cherry picked from commit 31518a6acd3399a29499b5f758e36115cf3db78b)
* lib-addns: ensure that allocated buffer are pre set to 0 (bug #9259)Matthieu Patou2012-11-011-12/+12
| | | | | | | | It avoid bugs when one of the buffer is supposed to contain a string that is not null terminated (ie. label->label) and that we don't force the last byte to 0. (similar to commit 03c4dceaab82ca2c60c9ce0e09fddd071f98087b) (cherry picked from commit ee5a100eaa7cef525a8bc9d1390d7bbdbbfc84fa)
* Fix bug #9117 - smbclient can't connect to a Windows 7 server using NTLMv2 ↵Jeremy Allison2012-11-012-1/+5
| | | | | | | | (crypto code changes domain case). Simple fix for 3.5.x, tested and confirmed as working by original reporter "Blohm, Guntram (I/FP-37, extern)" <extern.guntram.blohm@audi.de>. (cherry picked from commit c13c6eb11f49b1fd3b3be95c7265cf9c0738b4e8)
* s3-libsmb: Initialise ticket to ensure we do not invalid memoryAndrew Bartlett2012-11-011-0/+1
| | | | | | | | | | | | | | | | | The free is however a talloc_free(), which has additional protection against freeing the wrong thing. Andrew Bartlett Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Fri Mar 2 01:45:19 CET 2012 on sn-devel-104 (cherry picked from commit f1452a296429b79755235f4a480f0d5ea38ce178) Fix bug #8788 - spnego_parse_krb5_wrap() frees invalid memory. (cherry picked from commit e96f50c9bb145a6af2c023e8ff4c3e8888c5a4a6) (cherry picked from commit 8013e2e96fd54446584cb91c0120acf41d9e8d46)
* autoconf: fix --with(out)-sendfile-support option handlingBjörn Jacke2012-11-011-15/+20
| | | | | | this fixes bug #8344 (cherry picked from commit a1db9aada46e2e7eefc989f888d22650320533de) (cherry picked from commit f156a357e6af0aaa6b1bcddc521761d43409e70f)
* When setting a non-default ACL, don't forget to apply masks to SMB_ACL_USER ↵Jeremy Allison2012-11-011-0/+10
| | | | | | | and SMB_ACL_GROUP entries. Fix bug #9236 - ACL masks incorrectly applied when setting ACLs. (cherry picked from commit 7dcb017fc1d8e8af5878b2b0139686829c0c1594)
* Only apply masks on non-default ACL entries when setting the ACL.Jeremy Allison2012-11-011-9/+19
| | | | (cherry picked from commit 580f61622c449aee8420e3519e764706d11c20fc)
* Use is_default_acl variable in canonicalise_acl().Jeremy Allison2012-11-011-2/+3
| | | | (cherry picked from commit 9647be9699b464ee5060e8ccc8328adef6d6641d)
* Reformat spacing to be even.Jeremy Allison2012-11-011-6/+6
| | | | (cherry picked from commit 4ed5deae7b9e155d4bd085d4a36ae05abe0aa0ef)
* html docs: Remove link to Using Samba.Karolin Seeger2012-11-011-4/+0
| | | | | | | | | | | | | Thanks to Christian Perrier <bubulle@debian.org> for reporting! Fix bug #7826 - HTML docs index file still points to Using Samba. Karolin Autobuild-User(master): Karolin Seeger <kseeger@samba.org> Autobuild-Date(master): Thu Oct 4 13:48:00 CEST 2012 on sn-devel-104 (cherry picked from commit 1bf209dd7e5a0f0001b3d1e3798093772bbd3fd3) (cherry picked from commit e521734eda77b483594452a878acfadabbd08c2d)
* Fix bug #7781 (Samba transforms "ShareName" to lowercase when adding new ↵Jeremy Allison2012-11-0112-70/+79
| | | | | | | share via MMC) Signed-off-by: Michael Adam <obnox@samba.org> (cherry picked from commit 157b88da4db727eafa682c7fc7eab11d5955f57b)
* s3-smbd: Don't segfault if user specified ports out for range.Andreas Schneider2012-11-011-11/+12
| | | | | | | | | (cherry picked from commit 50d324b7e070de4672eff3fb6231923e6dca807a) Signed-off-by: Andreas Schneider <asn@samba.org> Fix bug #9218 - Samba panics if a user specifies an invalid port number. (cherry picked from commit 60b15f3b646d10e027e8288132db5b942261de8f)
* Fix bug #9213 - Bad ASN.1 NegTokenInit packet can cause invalid free.Jeremy Allison2012-11-011-0/+4
| | | | | | | | | | | Not the correct fix for the specific issue, but a general fix to make sure this can never happen again. Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Sep 26 04:07:57 CEST 2012 on sn-devel-104 (cherry picked from commit 83f60672e1b3069e6b1b90b376460da895e37df3) (cherry picked from commit d0b872ea7ca112d047b9ee2d10d1a75a2ee4aed3) (cherry picked from commit 1b85990b833fe4ef2007e82ffe26ee18f87cb464)
* Fix bug #9016 - Connection to outbound trusted domain goes offline.Jeremy Allison2012-11-011-6/+0
| | | | | | | | | | | | | | | By the time we've gotten to init_dc_connection_network() we shouldn't be second guessing the caller by calling winbindd_can_contact_domain(). If for some reason we do need to restrict the contact list here we can add a condition to only contact the primary domain or domains listed in the tdc cache, but I don't think that's neccessary. Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Jul 14 03:17:57 CEST 2012 on sn-devel-104 (cherry picked from commit 726ecf6a915ff534af4076e9d0cdebf8b5435d61) (cherry picked from commit d4faae3dbdfdd600bbf9bddb2589b8a6dc8434b6) (cherry picked from commit 265ff5579b2671db250928b631b35e4df3b9a7f6)
* quota: add supprt for gfs2Björn Jacke2012-11-011-0/+2
| | | | | | | | | | | | | | | gfs2 uses the same generic quota interface as xfs and it has the same base block/quota block size ratio and seems to work nice with the xfs quota module. (People using gfs should be aware that quota reporting is lagging quite a bit on gfs. If you copy a file on a gfs volume the quota values are being updated with a delay of 30s here with kernel 3.5. This reporting can lead to data corruption if a client thinks he can write but actually he suddently can't.) (cherry picked from commit 0b57d1c07520f4995412f224945324fef29f5989) Fix bug #9172 - quota on gfs2 being reported wrong. (cherry picked from commit 16a3b6e02d1bb8345984ab6a8c81e446d8de2f54) (cherry picked from commit bea45125fc10d0eef02c5cedb5585f70eebe9450)
* WHATSNEW: Start release notes for Samba 3.5.19.Karolin Seeger2012-09-241-2/+43
| | | | | Karolin (cherry picked from commit 48d90a8eae8873081dcce28c17f483ae07ddb8f6)
* VERSION: Bump version up to 3.5.19.Karolin Seeger2012-09-241-1/+1
| | | | | Karolin (cherry picked from commit 3262322e686dadf6cb25b93177b0d16076ca7e06)
* WHWATSNEW: Prepare release notes for Samba 3.5.18.samba-3.5.18Karolin Seeger2012-09-211-2/+42
| | | | | Karolin (cherry picked from commit e9e21faae567370f05432462cf25a3df6cf8e07f)
* docs: clarify the idmap_rid manpage (bug #7788)Michael Adam2012-09-211-0/+18
| | | | | | | | | | The idmap_rid module should not be used as a default backend. Also mention that the old snytax "idmap backend = rid:domain=range ..." is not supported any more. Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Tue Dec 7 19:07:57 CET 2010 on sn-devel-104 (cherry picked from commit a4f48b3da0081845336c55ff230179caeab5195c)
* s3:winbindd: make sure we only call static_init_idmap onceBjörn Jacke2012-09-211-4/+17
| | | | | | | this is a backport of 3f14d03adbda03b821210115af4fae044a9b4a3e Fix bug #8402 - winbind log spammed with idmap messages. (cherry picked from commit 04e4325642d029e604c31b371811fafdf2b61cf8)
* quota: fix build of sysquote_xfs onBjörn Jacke2012-09-211-0/+12
| | | | | | | linux header files renamed some XFS_* defines to FS_* around kernel v2.6.36 This fixes bug #7814 (cherry picked from commit a3eb8d765e48bcbe86458791ec61325a517bd7dd)
* nsswitch: fix crash on null pam change pw responseLuca Lorenzetto2012-09-211-1/+1
| | | | | | | | | | | | | The function _pam_winbind_change_pwd crashes due to a null value passed to the function strcasecmp and denies to login via graphical login manager. Check for a null value before doing a strcasecmp. Bug-Ubuntu: https://bugs.launchpad.net/bugs/1003296 Bug: https://bugzilla.samba.org/show_bug.cgi?id=9013 (Desktop Managers (xdm, gdm, lightdm...) crashes with SIGSEGV in _pam_winbind_change_pwd() when password is expiring) (cherry picked from commit 47f2211f137688a7c46c4a38571a9f94e59dbf6a) (cherry picked from commit 25bf057288d5e77c07a5ed3d3c3fb7f5f33f62b6)
* Fix bug #9147 - winbind can't fetch user or group info from AD via LDAPJeremy Allison2012-09-212-4/+18
| | | | | | Don't use "isprint" in ldb_binary_encode(). This is locale specific. Restrict to ASCII only, hex encode everything else. (cherry picked from commit 9258a7b9cfd5fb85e5361d1b49c3bb8655e97159)
* s3: delete requests are not specialVolker Lendecke2012-09-211-11/+2
| | | | | | | | | | | The only difference between batch and exclusive oplocks is the time of the check: Batch is checked before the share mode check, exclusive after. Signed-off-by: Jeremy Allison <jra@samba.org> Fix bug #9150 - Valid open requests can cause smbd assert due to incorrect oplock handling on delete requests. (cherry picked from commit b20ca77e2a9d111eb2e77d0b804fe7505b07e418)
* s3: Fix bug #9085.hargagan2012-09-211-1/+1
| | | | | | NMB registration for a duplicate workstation fails with registration refuse. (cherry picked from commit 71c4227fd0a741984fb273ad1973ad1724ecb04b) (cherry picked from commit 30567b8f9bc0f5a39a3a65039277aa5f839622cd)
View Lorry Controller Status