summaryrefslogtreecommitdiff
path: root/lib
Commit message (Collapse)AuthorAgeFilesLines
* Allow NULL queue to writev_sendVolker Lendecke2011-04-141-6/+16
| | | | Fix bug #8086 - null pointer reference crashes winbind.
* Fix denial of service - memory corruption.Jeremy Allison2011-02-282-0/+15
| | | | | | | | | | | | | | | | | | | | | | | CVE-2011-0719 Fix bug #7949 (DoS in Winbind and smbd with many file descriptors open). All current released versions of Samba are vulnerable to a denial of service caused by memory corruption. Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption. This can cause the Samba code to crash or to loop attempting to select on a bad file descriptor set. A connection to a file share, or a local account is needed to exploit this problem, either authenticated or unauthenticated (guest connection). Currently we do not believe this flaw is exploitable beyond a crash or causing the code to loop, but on the advice of our security reviewers we are releasing fixes in case an exploit is discovered at a later date. (cherry picked from commit 43babef991feedbe2acb77d27254d302ab107fa8)
* lib/util: move TIME_T_MIN/MAX defines into header file (cherry picked from ↵Björn Jacke2010-04-122-14/+14
| | | | commit 571ee54b791b93ad46e09ed563ef4a5582dcf0c8)
* s3: signals are processed twice in child.Bo Yang2010-04-013-5/+36
| | | | | | | | Signed-off-by: Bo Yang <boyang@samba.org> (cherry picked from commit 8c8bb51de1ac2baa46ac0736fae12c034288e5d4) Fix bug #7206 (duplicate signal handler, signals are processed twice in child process).
* util: added binsearch.h for binary array searchesAndrew Tridgell2010-02-111-0/+68
| | | | | | | | | | | | This was moved from the schema_query code. It will now be used in more than one place, so best to make it a library macro. I think there are quite a few places that could benefit from this. (cherry picked from commit 71943e8858943718affb6a3c0ded2127f07057f0) Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 448b8f35d7a7cff73d35304673302178f593c9d0) Signed-off-by: Stefan Metzmacher <metze@samba.org>
* Fix bug 6861 - rfc1738_unescape converts '+' characters to spaces. Stop ↵Jeremy Allison2009-11-101-5/+0
| | | | rfc1738_unescape() from mangling '+' characters to spaces. Noticed by Andrew Bartlett. Jeremy.
* s3: Fix Bug #6869: Various annoying build warnings.Günther Deschner2009-11-092-3/+3
| | | | Guenther
* Fix bug 6796 - Deleting an event context on shutdown can cause smbd to crash.Jeremy Allison2009-10-121-8/+2
| | | | | | | Sync's tevent signal code with 3.5.x tree. Protects against ev pointer being NULL. Jeremy
* tevent: make sure we don't set errno within the signal handler function.Stefan Metzmacher2009-10-081-0/+3
| | | | | metze (cherry picked from commit d13dfbeb6c6ab5b20277439da5b95f1a7f2850eb)
* Fixing timeval calculationSimo Sorce2009-10-021-1/+1
| | | | | | The code was always doubling microseconds when attempting to round up. Fix bug #6764.
* tevent: change version to 0.9.8 after some critical bugs have been fixedStefan Metzmacher2009-09-091-1/+1
| | | | | metze (cherry picked from commit 1bb68402a2e37f39118eaaaa039ac69e03ba66f2)
* Another part of the fix for bug 6651 - smbd SIGSEGV when breaking oplocks. ↵Jeremy Allison2009-09-091-2/+6
| | | | SA_INFO_QUEUE_COUNT *MUST* be a power of 2, in order for the ring buffer wrap to work correctly at the 32 bit boundary. Thanks to Petr Vandrovec <petr@vandrovec.name> for this. (cherry picked from commit c97698e762b1ea8d7133f04ae822225676a6f135)
* tevent: Fix a segfault upon the first signalVolker Lendecke2009-09-091-0/+6
| | | | | | | | | | | | | | When the first signal arrives, tevent_common_signal_handler() crashed: "ev" is initialized to NULL, so the first "write(ev->pipe_fds[1], &c, 1);" dereferences NULL. Rusty, Tridge, please check. Also, can you tell me a bit more about the environment you tested this in? I'd be curious to see where this survived. Thanks, Volker (cherry picked from commit 23abcd2318c69753aa2a144e1dc0f9cf9efdb705)
* lib/tevent: close pipe_fds on event_context destructionRusty Russell2009-09-091-0/+2
| | | | | | | | The "hack_fds" were never closed before; now they're inside event_context they should be closed when that is destroyed. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (cherry picked from commit 76d91156c82e20bbd68c752376cb814d71759033)
* lib/tevent: handle tevent_common_add_signal on different event contexts.Rusty Russell2009-09-092-14/+31
| | | | | | | | | | | I don't know if this is a problem in real life. The code assumes there's only one tevent_context; all signals will notify the first event context. That's counter-intuitive if you ever use more than one, and there's nothing else in this code which prevents it AFAICT. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (cherry picked from commit be4ac227842530d484659f2db683453366326d8b)
* lib/tevent: fix race with signals and tevent_common_add_signalRusty Russell2009-09-091-20/+20
| | | | | | | | | | | | We carefully preserve the old signal handler, but we replace it before we've set up everything; in particular, if we fail setting up the pipe_hack we could write a NUL char to stdout (fd 0), instead of calling the old signal handler. Replace the signal handler as the very last thing we do. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (cherry picked from commit 6abb637e3e0d23635fdbbb91c163731b325d696d)
* lib/tevent: remove spectacularly complicated manual subtractionRusty Russell2009-09-091-4/+1
| | | | | | | | | | | | To be completely honest, I don't quite know whether to laugh or cry at this one: 1 + (0xFFFFFFFF & ~(s.seen - s.count)) == 1 + (~(s.seen - s.count)) # s.seen, s.count are uint32_t == s.count - s.seen # -A == ~A + 1 Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (cherry picked from commit 4279879c9847ca069527e11ca934b8906009cad8)
* tevent: avoid using reserved c++ word.Günther Deschner2009-09-091-1/+1
| | | | | Guenther (cherry picked from commit 965a079535bd11a7870d45991a0d0628d6579b3b)
* Fix for bug 6651 - smbd SIGSEGV when breaking oplocks. Based on a patch ↵Jeremy Allison2009-09-091-17/+54
| | | | submitted by Petr Vandrovec <petr@vandrovec.name>. Multiple pending signals with siginfo_t's weren't being handled correctly leading to smbd abort with kernel oplock signals. Jeremy (cherry picked from commit ba52f18bfecfd7b0ba22c4ad9e9b5bfd18f34c93)
* tevent: fix a commentMichael Adam2009-09-091-1/+1
| | | | | Michael (cherry picked from commit 5270efab1a8dd06158aa45467958939b677e4b7b)
* tevent: change version to 0.9.7 after adding tevent_req_cancel infrastructureStefan Metzmacher2009-09-091-1/+1
| | | | | metze (cherry picked from commit 97a1ed53ca4255ac7fc5643292019ad30c276de5)
* tevent: add tevent_req_cancel() infrastructureStefan Metzmacher2009-09-093-0/+70
| | | | | | | | This offers a generic way for callers to cancel an async request. metze (cherry picked from commit 45e4be0d96abdc729252df1e97bb9a56302e5a4a)
* tevent: add some more doxygen comments for tevent_req functionsStefan Metzmacher2009-09-091-0/+38
| | | | | metze (cherry picked from commit 95c3d3b5d8fdc05f20c826a48312f1230f036029)
* tevent: try to fix the build on QNX qnx18 6.4.1 it doesn't have SA_RESTART ↵Stefan Metzmacher2009-09-091-1/+11
| | | | | | | defined metze (cherry picked from commit 39684d2cbe1c8c69dc9ca5c6e05861e24091bb83)
* Change to talloc_zero_size instead of extra memset. Jeremy. (cherry picked ↵Jeremy Allison2009-09-091-2/+1
| | | | from commit 5927ca7067a0ead65c00042a62545b0d940f2b2a)
* When tallocing a memory block for the state in a tevent_req struct, ensure ↵Jeremy Allison2009-09-091-0/+1
| | | | it's zeroed out. Vl & Metze please check. Jeremy. (cherry picked from commit 7be1d727a31b34debbcf8faa1e0bea911112d145)
* Sort the signature files (cherry picked from commit ↵Stefan Metzmacher2009-09-092-45/+45
| | | | 7119241c0d12768b31ebdb489aa0bbba6ca21e40)
* Expose functions need by backend writersSimo Sorce2009-09-095-52/+67
| | | | | | | | move publicly needed structures and functions in the public header. Stop installing internal headers. Update the signature and exports files with the new exposed function. (cherry picked from commit 30b2014a01b31d66dd76e0562c5d769dfacf167b)
* Revert "For tevent to install tevent_util.h"Simo Sorce2009-09-091-1/+0
| | | | | | | This reverts commit b112cc5503350b248949bdbcce8072f5523ce877. tevent_util.h is a private header. Must not be installed. (cherry picked from commit c92505817d6453c100ed52c9c3ab289f5589ce25)
* For tevent to install tevent_util.hEric Sandall2009-09-091-0/+1
| | | | | | | | Patch for bug #6270 This patch is for the future when samba4 builds using external libraries. With this patch, tevent now installs tevent_util.h which is required by samba4. (cherry picked from commit b112cc5503350b248949bdbcce8072f5523ce877)
* Add exports file and abi checker for teventSimo Sorce2009-09-097-2/+157
| | | | | | | | | This is a first attempt at exporting symbols only for public functions We also provide a rudimentary ABI checker that tries to check that function signatures are not changed by mistake. Given our use of macros this is not an API checker. It's all based on tevent.h contents and the gcc -aux-info option (cherry picked from commit efccef09aec93180a06955b5e03f1ceb99dc39e8)
* Increase tevent version for tevent_req_notify_callback() (cherry picked from ↵Stefan Metzmacher2009-09-091-1/+1
| | | | commit d0aedeb46e5d2da582b5c030114186f8d755b528)
* Add tevent_req_notify_callbackVolker Lendecke2009-09-092-4/+13
| | | | | | This is necessary for requests that have multiple results. Examples would be SMBEcho and ldap_search. (cherry picked from commit c6f39b46a7b0505331612a1bee15a82f97009f0d)
* tevent/python: Makefile was still trying to build some non AC_SUBST python ↵Jelmer Vernooij2009-09-091-7/+1
| | | | | | targets Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>(cherry picked from commit cf9636ea99bb5063a8c7d771c1e29f684b4b753a)
* tevent: Define TALLOC_FREE() if it's not defined yet, to allow building with ↵Jelmer Vernooij2009-09-091-0/+6
| | | | released versions of talloc. (cherry picked from commit 72b744f38ebb9f9576c05c7bb0a00de26697ec8f)
* tevent: Remove python module.Stefan Metzmacher2009-09-096-219/+0
| | | | | | | | | | This module didn't have any functionality that we actually used yet, and it was quite small. Tevent is quite low level and perhaps doesn't make much sense to expose directly as a Python module. It was also causing build problems when used with a system-tevent. We can always back later if necessary. (cherry picked from commit 5065cf70f8bf41193d6d33413f2285f62bba0502)
* tevent: Install tevent_internal.h in the standalone build.Jelmer Vernooij2009-09-092-1/+4
| | | | | | This is not ideal, but at least it fixes the build of samba-gtk for now. I've also added a warning about API guarantees at the top of the header. (cherry picked from commit 857c3f8322005efd460c2f516a9486a2de059e9f)
* Update copies of config.guess and config.sub. (cherry picked from commit ↵Jelmer Vernooij2009-09-098-304/+1128
| | | | 6230eb94af2305f479db3b76479a0dc841c3d1d5)
* tevent: Don't install headers, since we don't install a shared lib either ↵Jelmer Vernooij2009-09-091-5/+0
| | | | (from Samba). (cherry picked from commit 06864b4469f5f3d77637f8e6c97ec0558289cd29)
* tevent: fix typo async_req_done() => tevent_req_done()Stefan Metzmacher2009-09-091-1/+1
| | | | | metze (cherry picked from commit 6f7cd213dd38e770224cf131054862b76069aed8)
* tevent: fix the nesting logicStefan Metzmacher2009-09-091-7/+7
| | | | | | | | | | | | | | Only tevent_loop_once and tevent_loop_until() should care about the nesting level. This fixes the samba3 printing code where we use tevent_loop_wait() and don't allow nested events. We still call the nesting hook for all levels, we need to decide if we really want this... metze (cherry picked from commit 36e7045340bbc7d6567008bdd87c4cdf717835bd)
* fixed a logic bug in the tevent nesting codeAndrew Tridgell2009-09-091-1/+13
| | | | | | | | | | | The event nesting code never triggered as nesting.level was never greater than 1. The main event loop needs to increase the nesting level by 1. I also added a paranoia check to the nesting setup call. The API as currently written cannot support multiple nesting hooks, so we need to abort if multiple hooks are tried. (cherry picked from commit 13b6663e23a424473d14324ac229a21e1e90580a)
* libreplace: undef AI_ADDRCONFIG on QNX 6.3.0 (fix bug #6630)Matt Kraai2009-08-171-0/+14
| | | | | | | | | | | | | | Some of the functions in source3/lib/util_sock.c use AI_ADDRCONFIG. On QNX 6.3.0, this macro is defined but, if it's used, getaddrinfo will fail. This prevents smbd from opening any sockets. If I undefine AI_ADDRCONFIG on such systems and allow lib/replace/system/network.h to define it to be 0, this works around the issue. Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 91d13b68be55728a85b3832e2da9267dbf4f2464) Fixes bug #6630.
* tdb: Reimplementation of Metze's "lib/tdb: if we know pwrite and pread are ↵Rusty Russell2009-08-141-5/+10
| | | | | | | | | | | | | | | | | | | | | | thread/fork safe tdb_reopen_all() should be a noop". This version just wraps the reopen code, so we still re-grab the lock and do the normal sanity checks. The reason we do this at all is to avoid global fd limits, see: http://forums.fedoraforum.org/showthread.php?t=210393 Note also that this whole reopen concept is fundamentally racy: if the parent goes away before the child calls tdb_reopen_all, the database can be left without an active lock and another TDB_CLEAR_IF_FIRST opener will clear it. A fork_with_tdbs() wrapper could use a pipe to solve this, but it's hardly elegant (what if there are other independent things which have similar needs?). Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 3b2f074bda8734a0b30a3e31117c0217d890809c) Addresses bug #6601.
* tdb: Revert "lib/tdb: if we know pwrite and pread are thread/fork safe ↵Rusty Russell2009-08-141-5/+0
| | | | | | | | | | | tdb_reopen_all() should be a noop" This reverts commit e17df483fbedb81aededdef5fbb6ae1d034bc2dd. tdb_reopen_all also restores the active lock, required for TDB_CLEAR_IF_FIRST. Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit fa91bc67199f0d45a0e570b43aeafd816a5491bf)
* lib/util: fix order of includes in tevent_ntstatus.cMichael Adam2009-07-011-1/+1
| | | | | | | | | | | replace.h needs to be included first. Michael (cherry picked from commit 8d982d91f231abbf003473d09433fca2cfa240ac) Signed-off-by: Michael Adam <obnox@samba.org> This addresses bug #6521.
* lib/util: fix building tevent_ntstatus without config.hMichael Adam2009-06-301-1/+0
| | | | | | | | | (when called from places with "#define NO_CONFIG_H" set, such as configure) This fixes bug #6521. Michael (cherry picked from commit e4e855563bcbeb7be54de57d8c1d41d35ddc5e7a)
* nss_wrapper: fix nss_wrapper build for solaris.Günther Deschner2009-05-291-0/+2
| | | | | Guenther (cherry picked from commit 136b2a3eb21eda28e7a18547751ee20f097e7492)
* nss_wrapper: remove re-structuring leftovers (unused variables).Günther Deschner2009-05-291-6/+0
| | | | | Guenther (cherry picked from commit 37e4c92b383397a2c77db7e5d8adf2fa4a24d398)
* nss_wrapper: support member add and delete for groups in nss_wrapper.pl.Günther Deschner2009-05-291-21/+141
| | | | | Guenther (cherry picked from commit ebf8df35c9583619a012e85964f2ad5187a199fe)
View Lorry Controller Status