summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* VERSION: Disable GIT_SNAPSHOTS for the 4.4.16 release.samba-4.4.16v4-4-stableKarolin Seeger2017-09-131-1/+1
| | | | Signed-off-by: Karolin Seeger <kseeger@samba.org>
* WHATSNEW: Add release notes for Samba 4.4.16.Karolin Seeger2017-09-131-2/+82
| | | | Signed-off-by: Karolin Seeger <kseeger@samba.org>
* CVE-2017-12163: s3:smbd: Prevent client short SMB1 write from writing server ↵Jeremy Allison2017-09-131-0/+50
| | | | | | | | | memory to file. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13020 Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* CVE-2017-12151: s3:libsmb: make use of cli_state_is_encryption_on()Stefan Metzmacher2017-09-132-3/+3
| | | | | | | | This will keep enforced encryption across dfs referrals. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12996 Signed-off-by: Stefan Metzmacher <metze@samba.org>
* CVE-2017-12151: s3:libsmb: add cli_state_is_encryption_on() helper functionStefan Metzmacher2017-09-132-0/+14
| | | | | | | | | This allows to check if the current cli_state uses encryption (either via unix extentions or via SMB3). BUG: https://bugzilla.samba.org/show_bug.cgi?id=12996 Signed-off-by: Stefan Metzmacher <metze@samba.org>
* CVE-2017-12150: s3:libsmb: only fallback to anonymous if authentication was ↵Stefan Metzmacher2017-09-131-0/+2
| | | | | | | | | | not requested With forced encryption or required signing we should also don't fallback. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997 Signed-off-by: Stefan Metzmacher <metze@samba.org>
* CVE-2017-12150: libcli/smb: add smbXcli_conn_signing_mandatory()Stefan Metzmacher2017-09-132-0/+6
| | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997 Signed-off-by: Stefan Metzmacher <metze@samba.org>
* CVE-2017-12150: auth/credentials: cli_credentials_authentication_requested() ↵Stefan Metzmacher2017-09-131-0/+16
| | | | | | | | should check for NTLM_CCACHE/SIGN/SEAL BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997 Signed-off-by: Stefan Metzmacher <metze@samba.org>
* CVE-2017-12150: libgpo: make use of SMB_SIGNING_REQUIRED in gpo_connect_server()Stefan Metzmacher2017-09-131-1/+1
| | | | | | | | It's important that we use a signed connection to get the GPOs! BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997 Signed-off-by: Stefan Metzmacher <metze@samba.org>
* CVE-2017-12150: s3:pylibsmb: make use of SMB_SIGNING_DEFAULT for ↵Stefan Metzmacher2017-09-131-1/+1
| | | | | | | | 'samba.samba3.libsmb_samba_internal' BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997 Signed-off-by: Stefan Metzmacher <metze@samba.org>
* CVE-2017-12150: s3:lib: get_cmdline_auth_info_signing_state smb_encrypt ↵Stefan Metzmacher2017-09-131-0/+3
| | | | | | | | | | | | SMB_SIGNING_REQUIRED This is an addition to the fixes for CVE-2015-5296. It applies to smb2mount -e, smbcacls -e and smbcquotas -e. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997 Signed-off-by: Stefan Metzmacher <metze@samba.org>
* VERSION: Bump version up to 4.5.16...Karolin Seeger2017-09-131-2/+2
| | | | | | and re-enable GIT_SNAPSHOTS. Signed-off-by: Karolin Seeger <kseeger@samba.org>
* s3: smbd: Fix a read after free if a chained SMB1 call goes async.Jeremy Allison2017-07-251-1/+1
| | | | | | | | | | | | | | | | | | | Reported to the Samba Team by Yihan Lian <lianyihan@360.cn>, a security researcher of Qihoo 360 GearTeam. Thanks a lot! smb1_parse_chain() incorrectly used talloc_tos() for the memory context of the chained smb1 requests. This gets freed between requests so if a chained request goes async, the saved request array also is freed, which causes a crash on resume. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12836 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 5fe76a5474823ed7602938a07c9c43226a7882a3) Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-4-test): Tue Jul 25 01:31:58 CEST 2017 on sn-devel-144
* s3/smbd: let non_widelink_open() chdir() to directories directlyRalph Boehme2017-07-241-5/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the caller passes O_DIRECTORY we just try to chdir() to smb_fname directly, not to the parent directory. The security check in check_reduced_name() will continue to work, but this fixes the case of an open() for a previous version of a subdirectory that contains snapshopt. Eg: [share] path = /shares/test vfs objects = shadow_copy2 shadow:snapdir = .snapshots shadow:snapdirseverywhere = yes Directory tree with fake snapshots: $ tree -a /shares/test/ /shares/test/ ├── dir │   ├── file │   └── .snapshots │   └── @GMT-2017.07.04-04.30.12 │   └── file ├── dir2 │   └── file ├── file ├── .snapshots │   └── @GMT-2001.01.01-00.00.00 │   ├── dir2 │   │   └── file │   └── file └── testfsctl.dat ./bin/smbclient -U slow%x //localhost/share -c 'ls @GMT-2017.07.04-04.30.12/dir/*' NT_STATUS_OBJECT_NAME_NOT_FOUND listing \@GMT-2017.07.04-04.30.12\dir\* Bug: https://bugzilla.samba.org/show_bug.cgi?id=12885 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit b886a9443d49f6e27fa3863d87c9e24d12e62874) Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-4-test): Mon Jul 24 04:25:45 CEST 2017 on sn-devel-144
* VERSION: Release Samba 4.4.15 for CVE-2017-11103samba-4.4.15Bob Campbell2017-07-121-1/+1
| | | | | Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* WHATSNEW: Add release notes for Samba 4.4.15Bob Campbell2017-07-121-2/+54
| | | | | Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* CVE-2017-11103: Orpheus' Lyre KDC-REP service name validationJeffrey Altman2017-07-121-2/+2
| | | | | | | | | | | | | | | | | | In _krb5_extract_ticket() the KDC-REP service name must be obtained from encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unecrypted version provides an opportunity for successful server impersonation and other attacks. Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams. Change-Id: I45ef61e8a46e0f6588d64b5bd572a24c7432547c BUG: https://bugzilla.samba.org/show_bug.cgi?id=12894 (based on heimdal commit 6dd3eb836bbb80a00ffced4ad57077a1cdf227ea) Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* Revert "s3: locking: Move two leases functions into a new file."Stefan Metzmacher2017-07-126-65/+32
| | | | | | | | | | | | | This reverts commit 419f5cca88fa31d723f4bfe243d72398d4445801. This should not have been in 4-4-test, see https://bugzilla.samba.org/show_bug.cgi?id=12628#c6 v4-4-test is in the security fixes only mode. This also introduces a regression that's fixed in v4-5 and higer only, see https://bugzilla.samba.org/show_bug.cgi?id=12798 Signed-off-by: Stefan Metzmacher <metze@samba.org>
* Revert "s3: locking: Update oplock optimization for the leases era !"Stefan Metzmacher2017-07-121-13/+9
| | | | | | | | | | | | | This reverts commit 2e00feb278e174fd28d003c4d5a576f91c0bd7d0. This should not have been in 4-4-test, see https://bugzilla.samba.org/show_bug.cgi?id=12628#c6 v4-4-test is in the security fixes only mode. This also introduces a regression that's fixed in v4-5 and higer only, see https://bugzilla.samba.org/show_bug.cgi?id=12798 Signed-off-by: Stefan Metzmacher <metze@samba.org>
* VERSION: Bump version up to 4.4.15.Karolin Seeger2017-05-241-1/+1
| | | | Signed-off-by: Karolin Seeger <kseeger@samba.org>
* Merge tag 'samba-4.4.14' into v4-4-testKarolin Seeger2017-05-242-3/+60
|\ | | | | | | samba: tag release samba-4.4.14
| * VERSION: Disable GIT_SNAPSHOT for the 4.4.14 release.samba-4.4.14Karolin Seeger2017-05-231-1/+1
| | | | | | | | Signed-off-by: Karolin Seeger <kseeger@samba.org>
| * WHATSNEW: Add release notes for Samba 4.4.14.Karolin Seeger2017-05-231-3/+55
| | | | | | | | Signed-off-by: Karolin Seeger <kseeger@samba.org>
| * CVE-2017-7494: rpc_server3: Refuse to open pipe names with / insideVolker Lendecke2017-05-191-0/+5
| | | | | | | | | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=12780 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
| * VERSION: Re-enable GIT_SNAPSHOTS.Karolin Seeger2017-05-191-1/+1
| | | | | | | | Signed-off-by: Karolin Seeger <kseeger@samba.org>
| * VERSION: Bump version up to 4.4.14.Karolin Seeger2017-05-191-1/+1
| | | | | | | | | | Signed-off-by: Karolin Seeger <kseeger@samba.org> (cherry picked from commit dea32007147c1e392a06bf6202ce5361a21ba9fb)
* | VERSION: Bump version up to 4.4.14.Karolin Seeger2017-03-311-1/+1
| | | | | | | | Signed-off-by: Karolin Seeger <kseeger@samba.org>
* | Merge tag 'samba-4.4.13' into v4-4-testKarolin Seeger2017-03-311-3/+44
|\ \ | |/ | | | | samba: tag release samba-4.4.13
| * VERSION: Disable GIT_SNAPSHOTS for the 4.4.13 release.samba-4.4.13Karolin Seeger2017-03-311-1/+1
| | | | | | | | Signed-off-by: Karolin Seeger <kseeger@samba.org>
| * WHATSNEW: Add release notes for Samba 4.4.13.Karolin Seeger2017-03-311-3/+44
| | | | | | | | Signed-off-by: Karolin Seeger <kseeger@samba.org>
| * s3: Test for CVE-2017-2619 regression with "follow symlinks = no" - part 2Jeremy Allison2017-03-311-0/+37
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Add tests for regular access. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Tue Mar 28 17:05:27 CEST 2017 on sn-devel-144 (cherry picked from commit 4e734fcd1bf82c08aa303ce44e9735acccffcf06)
| * s3: smbd: Fix "follow symlink = no" regression part 2.Jeremy Allison2017-03-311-0/+23
| | | | | | | | | | | | | | | | | | | | | | Use the cwd_name parameter to reconstruct the original client name for symlink testing. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit e182a4d39e86c9694e255efdf6ee2ea3ccb9af4a)
| * s3: smbd: Fix "follow symlink = no" regression part 2.Jeremy Allison2017-03-314-4/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add an extra paramter to cwd_name to check_reduced_name(). If cwd_name == NULL then fname is a client given path relative to the root path of the share. If cwd_name != NULL then fname is a client given path relative to cwd_name. cwd_name is relative to the root path of the share. Not yet used, logic added in the next commit. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 83e30cb48859b412b76572b6a3ba84d8fde167af)
| * s3: Fixup test for CVE-2017-2619 regression with "follow symlinks = no"Jeremy Allison2017-03-311-4/+5
| | | | | | | | | | | | | | | | | | | | | | Use correct bash operators (not string operators). Add missing "return". BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 037297a1c50e90a0092e3b94f472623f41ccc015)
| * s3: Test for CVE-2017-2619 regression with "follow symlinks = no".Jeremy Allison2017-03-312-0/+80
| | | | | | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org> Back-ported from commit 782172a9bef0040981d20e49519b13dd744df6a0
| * s3: smbd: Fix incorrect logic exposed by fix for the security bug 12496 ↵Jeremy Allison2017-03-311-2/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | (CVE-2017-2619). In a UNIX filesystem, the names "." and ".." by definition can *never* be symlinks - they are already reserved names. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org> (cherry picked from commit ae17bebd250bdde5614b2ac17e53512f19fe9b68)
| * VERSION: Re-enable GIT_SNAPSHOTS.Karolin Seeger2017-03-311-1/+1
| | | | | | | | Signed-off-by: Karolin Seeger <kseeger@samba.org>
| * VERSION: Bump version up to 4.4.13.Karolin Seeger2017-03-291-1/+1
| | | | | | | | | | Signed-off-by: Karolin Seeger <kseeger@samba.org> (cherry picked from commit 7086fb6a4d509d2f740ddc61276f25c43c3a5567)
* | s3: Test for CVE-2017-2619 regression with "follow symlinks = no" - part 2Jeremy Allison2017-03-291-0/+37
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add tests for regular access. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Tue Mar 28 17:05:27 CEST 2017 on sn-devel-144 (cherry picked from commit 4e734fcd1bf82c08aa303ce44e9735acccffcf06) Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-4-test): Wed Mar 29 13:57:56 CEST 2017 on sn-devel-144
* | s3: smbd: Fix "follow symlink = no" regression part 2.Jeremy Allison2017-03-291-0/+23
| | | | | | | | | | | | | | | | | | | | | | Use the cwd_name parameter to reconstruct the original client name for symlink testing. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit e182a4d39e86c9694e255efdf6ee2ea3ccb9af4a)
* | s3: smbd: Fix "follow symlink = no" regression part 2.Jeremy Allison2017-03-294-4/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add an extra paramter to cwd_name to check_reduced_name(). If cwd_name == NULL then fname is a client given path relative to the root path of the share. If cwd_name != NULL then fname is a client given path relative to cwd_name. cwd_name is relative to the root path of the share. Not yet used, logic added in the next commit. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 83e30cb48859b412b76572b6a3ba84d8fde167af)
* | s3: Fixup test for CVE-2017-2619 regression with "follow symlinks = no"Jeremy Allison2017-03-291-4/+5
| | | | | | | | | | | | | | | | | | | | | | Use correct bash operators (not string operators). Add missing "return". BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 037297a1c50e90a0092e3b94f472623f41ccc015)
* | s3: Test for CVE-2017-2619 regression with "follow symlinks = no".Jeremy Allison2017-03-292-0/+80
| | | | | | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org> Back-ported from commit 782172a9bef0040981d20e49519b13dd744df6a0
* | s3: smbd: Fix incorrect logic exposed by fix for the security bug 12496 ↵Jeremy Allison2017-03-291-2/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | (CVE-2017-2619). In a UNIX filesystem, the names "." and ".." by definition can *never* be symlinks - they are already reserved names. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org> (cherry picked from commit ae17bebd250bdde5614b2ac17e53512f19fe9b68)
* | s3: locking: Update oplock optimization for the leases era !Jeremy Allison2017-03-241-9/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12628 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Wed Mar 15 20:04:32 CET 2017 on sn-devel-144 (cherry picked from commit 1c4b15aa5f6707e7bcfc21435e26929fb7f45c0f) Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-4-test): Fri Mar 24 12:35:06 CET 2017 on sn-devel-144
* | s3: locking: Move two leases functions into a new file.Jeremy Allison2017-03-246-32/+65
| | | | | | | | | | | | | | | | | | | | map_oplock_to_lease_type(), fsp_lease_type(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=12628 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (back ported from commit 125c78ad0b8f9caaef1ba2f1aeb5ec593375fccd)
* | VERSION: Bump version up to 4.4.13.Karolin Seeger2017-03-231-1/+1
| | | | | | | | Signed-off-by: Karolin Seeger <kseeger@samba.org>
* | Merge tag 'samba-4.4.12' into v4-4-testKarolin Seeger2017-03-235-65/+496
|\ \ | |/ | | | | samba: tag release samba-4.4.12
| * VERSION: Disable GIT_SNAPSHOTS for the 4.4.12 releasesamba-4.4.12Karolin Seeger2017-03-231-1/+1
| | | | | | | | | | | | | | CVE-2017-2619: Symlink race allows access outside share definition. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Karolin Seeger <kseeger@samba.org>
| * WHATSNEW: Add release notes for Samba 4.4.12.Karolin Seeger2017-03-231-2/+73
| | | | | | | | | | | | | | CVE-2017-2619: Symlink race allows access outside share definition. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Karolin Seeger <kseeger@samba.org>
View Lorry Controller Status