| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Karolin Seeger <kseeger@samba.org>
|
|
|
|
| |
Signed-off-by: Karolin Seeger <kseeger@samba.org>
|
|
|
|
|
|
|
|
|
| |
memory to file.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13020
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
|
|
| |
This will keep enforced encryption across dfs referrals.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12996
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
|
|
|
| |
This allows to check if the current cli_state uses encryption
(either via unix extentions or via SMB3).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12996
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
|
|
|
|
| |
not requested
With forced encryption or required signing we should also don't fallback.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
| |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
|
|
| |
should check for NTLM_CCACHE/SIGN/SEAL
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
|
|
| |
It's important that we use a signed connection to get the GPOs!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
|
|
| |
'samba.samba3.libsmb_samba_internal'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
SMB_SIGNING_REQUIRED
This is an addition to the fixes for CVE-2015-5296.
It applies to smb2mount -e, smbcacls -e and smbcquotas -e.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
| |
and re-enable GIT_SNAPSHOTS.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reported to the Samba Team by Yihan Lian <lianyihan@360.cn>, a security
researcher of Qihoo 360 GearTeam. Thanks a lot!
smb1_parse_chain() incorrectly used talloc_tos() for the memory
context of the chained smb1 requests. This gets freed between
requests so if a chained request goes async, the saved request
array also is freed, which causes a crash on resume.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12836
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 5fe76a5474823ed7602938a07c9c43226a7882a3)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Tue Jul 25 01:31:58 CEST 2017 on sn-devel-144
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the caller passes O_DIRECTORY we just try to chdir() to smb_fname
directly, not to the parent directory.
The security check in check_reduced_name() will continue to work, but
this fixes the case of an open() for a previous version of a
subdirectory that contains snapshopt.
Eg:
[share]
path = /shares/test
vfs objects = shadow_copy2
shadow:snapdir = .snapshots
shadow:snapdirseverywhere = yes
Directory tree with fake snapshots:
$ tree -a /shares/test/
/shares/test/
├── dir
│ ├── file
│ └── .snapshots
│ └── @GMT-2017.07.04-04.30.12
│ └── file
├── dir2
│ └── file
├── file
├── .snapshots
│ └── @GMT-2001.01.01-00.00.00
│ ├── dir2
│ │ └── file
│ └── file
└── testfsctl.dat
./bin/smbclient -U slow%x //localhost/share -c 'ls @GMT-2017.07.04-04.30.12/dir/*'
NT_STATUS_OBJECT_NAME_NOT_FOUND listing \@GMT-2017.07.04-04.30.12\dir\*
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12885
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit b886a9443d49f6e27fa3863d87c9e24d12e62874)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Mon Jul 24 04:25:45 CEST 2017 on sn-devel-144
|
|
|
|
|
| |
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
| |
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In _krb5_extract_ticket() the KDC-REP service name must be obtained from
encrypted version stored in 'enc_part' instead of the unencrypted version
stored in 'ticket'. Use of the unecrypted version provides an
opportunity for successful server impersonation and other attacks.
Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams.
Change-Id: I45ef61e8a46e0f6588d64b5bd572a24c7432547c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12894
(based on heimdal commit 6dd3eb836bbb80a00ffced4ad57077a1cdf227ea)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 419f5cca88fa31d723f4bfe243d72398d4445801.
This should not have been in 4-4-test, see
https://bugzilla.samba.org/show_bug.cgi?id=12628#c6
v4-4-test is in the security fixes only mode.
This also introduces a regression that's fixed in v4-5 and higer only,
see https://bugzilla.samba.org/show_bug.cgi?id=12798
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 2e00feb278e174fd28d003c4d5a576f91c0bd7d0.
This should not have been in 4-4-test, see
https://bugzilla.samba.org/show_bug.cgi?id=12628#c6
v4-4-test is in the security fixes only mode.
This also introduces a regression that's fixed in v4-5 and higer only,
see https://bugzilla.samba.org/show_bug.cgi?id=12798
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
| |
Signed-off-by: Karolin Seeger <kseeger@samba.org>
|
|\
| |
| |
| | |
samba: tag release samba-4.4.14
|
| |
| |
| |
| | |
Signed-off-by: Karolin Seeger <kseeger@samba.org>
|
| |
| |
| |
| | |
Signed-off-by: Karolin Seeger <kseeger@samba.org>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12780
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
| |
| |
| |
| | |
Signed-off-by: Karolin Seeger <kseeger@samba.org>
|
| |
| |
| |
| |
| | |
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit dea32007147c1e392a06bf6202ce5361a21ba9fb)
|
| |
| |
| |
| | |
Signed-off-by: Karolin Seeger <kseeger@samba.org>
|
|\ \
| |/
| |
| | |
samba: tag release samba-4.4.13
|
| |
| |
| |
| | |
Signed-off-by: Karolin Seeger <kseeger@samba.org>
|
| |
| |
| |
| | |
Signed-off-by: Karolin Seeger <kseeger@samba.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add tests for regular access.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Mar 28 17:05:27 CEST 2017 on sn-devel-144
(cherry picked from commit 4e734fcd1bf82c08aa303ce44e9735acccffcf06)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Use the cwd_name parameter to reconstruct the original
client name for symlink testing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit e182a4d39e86c9694e255efdf6ee2ea3ccb9af4a)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add an extra paramter to cwd_name to check_reduced_name().
If cwd_name == NULL then fname is a client given path relative
to the root path of the share.
If cwd_name != NULL then fname is a client given path relative
to cwd_name. cwd_name is relative to the root path of the share.
Not yet used, logic added in the next commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 83e30cb48859b412b76572b6a3ba84d8fde167af)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Use correct bash operators (not string operators).
Add missing "return".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 037297a1c50e90a0092e3b94f472623f41ccc015)
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Back-ported from commit 782172a9bef0040981d20e49519b13dd744df6a0
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
(CVE-2017-2619).
In a UNIX filesystem, the names "." and ".." by definition can *never*
be symlinks - they are already reserved names.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit ae17bebd250bdde5614b2ac17e53512f19fe9b68)
|
| |
| |
| |
| | |
Signed-off-by: Karolin Seeger <kseeger@samba.org>
|
| |
| |
| |
| |
| | |
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit 7086fb6a4d509d2f740ddc61276f25c43c3a5567)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add tests for regular access.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Mar 28 17:05:27 CEST 2017 on sn-devel-144
(cherry picked from commit 4e734fcd1bf82c08aa303ce44e9735acccffcf06)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Wed Mar 29 13:57:56 CEST 2017 on sn-devel-144
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Use the cwd_name parameter to reconstruct the original
client name for symlink testing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit e182a4d39e86c9694e255efdf6ee2ea3ccb9af4a)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add an extra paramter to cwd_name to check_reduced_name().
If cwd_name == NULL then fname is a client given path relative
to the root path of the share.
If cwd_name != NULL then fname is a client given path relative
to cwd_name. cwd_name is relative to the root path of the share.
Not yet used, logic added in the next commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 83e30cb48859b412b76572b6a3ba84d8fde167af)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Use correct bash operators (not string operators).
Add missing "return".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 037297a1c50e90a0092e3b94f472623f41ccc015)
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Back-ported from commit 782172a9bef0040981d20e49519b13dd744df6a0
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
(CVE-2017-2619).
In a UNIX filesystem, the names "." and ".." by definition can *never*
be symlinks - they are already reserved names.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit ae17bebd250bdde5614b2ac17e53512f19fe9b68)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12628
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Mar 15 20:04:32 CET 2017 on sn-devel-144
(cherry picked from commit 1c4b15aa5f6707e7bcfc21435e26929fb7f45c0f)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Fri Mar 24 12:35:06 CET 2017 on sn-devel-144
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
map_oplock_to_lease_type(), fsp_lease_type().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12628
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(back ported from commit 125c78ad0b8f9caaef1ba2f1aeb5ec593375fccd)
|
| |
| |
| |
| | |
Signed-off-by: Karolin Seeger <kseeger@samba.org>
|
|\ \
| |/
| |
| | |
samba: tag release samba-4.4.12
|
| |
| |
| |
| |
| |
| |
| | |
CVE-2017-2619: Symlink race allows access outside share definition.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Karolin Seeger <kseeger@samba.org>
|
| |
| |
| |
| |
| |
| |
| | |
CVE-2017-2619: Symlink race allows access outside share definition.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Karolin Seeger <kseeger@samba.org>
|