summaryrefslogtreecommitdiff
path: root/source3
Commit message (Collapse)AuthorAgeFilesLines
* s3 swat: Fix possible XSS attack (bug #8289)Kai Blin2011-07-241-12/+2
| | | | | | | | | | | Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack against SWAT, the Samba Web Administration Tool. The attack uses reflection to insert arbitrary content into the "change password" page. This patch fixes the reflection issue by not printing user-specified content on the website anymore. Signed-off-by: Kai Blin <kai@samba.org>
* VERSION: Bump version number up to 3.4.14.Karolin Seeger2011-04-211-1/+1
| | | | | Karolin (cherry picked from commit 2c72a084ec5eb8d368e34962b39278eb3b2176c6)
* s3-cli_pipe: fix timeout in rpc_pipe_open_tcp_port().Günther Deschner2011-04-181-1/+1
| | | | | | | | | | | | | | | | | Make sure we use a timeout of 60 seconds, not 60 milliseconds... This prevented us from successfully using the ncacn_ip_tcp client in a lot of places, I guess. Guenther Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Wed Apr 13 18:59:19 CEST 2011 on sn-devel-104 (cherry picked from commit 4b3fe5247a6e16b1ad9f05269e9aa00e3120e36a) Fix bug #8085 - incorrect timeout handling in ncacn_ip_tcp client code. (cherry picked from commit d7d39c723e1855a3d18813e8a79fcca9770b0142) (cherry picked from commit f7a175f47ee65c58363615541577db65d8b9fa76)
* VERSION: Bump version number up to 3.4.13.Karolin Seeger2011-02-281-1/+1
| | | | Karolin
* VERSION: Bump version number up to 3.4.12.Karolin Seeger2011-02-271-1/+1
| | | | Karolin
* Fix denial of service - memory corruption.Jeremy Allison2011-02-2715-8/+117
| | | | | | | | | | | | | | | | | | | | | | CVE-2011-0719 Fix bug #7949 (DoS in Winbind and smbd with many file descriptors open). All current released versions of Samba are vulnerable to a denial of service caused by memory corruption. Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption. This can cause the Samba code to crash or to loop attempting to select on a bad file descriptor set. A connection to a file share, or a local account is needed to exploit this problem, either authenticated or unauthenticated (guest connection). Currently we do not believe this flaw is exploitable beyond a crash or causing the code to loop, but on the advice of our security reviewers we are releasing fixes in case an exploit is discovered at a later date.
* s3: Fix connecting to port-139 only serversVolker Lendecke2011-01-231-3/+5
| | | | | | | | | When the TCP RST came before the 5 msecs timeout kicked in, we viewed this as final, as state->req_139 was not set yet. Fix bug introduced by a fix for bug #7881 (winbind flaky against w2k8). (cherry picked from commit f2a19b87725f9318e983dff6358a3eee721bff08) (cherry picked from commit 569be63e727e69e7e52ec39f40e60903c6826614)
* VERSION: Raise version number up to 3.4.11.Karolin Seeger2011-01-221-1/+1
| | | | | Karolin (cherry picked from commit fa8af888f7c701ec95febdb90c57aee1e418ad2e)
* s3-rpcclient: Fix bug #7880: cmd_spoolss_deletedriver() returned without ↵Björn Baumbach2011-01-171-1/+5
| | | | | | | | | | | | | | checking all architectures. Continues now with next architecture if no driver is available. Because of the broken behavior of the rpccli_*() functions, we need special error code handling. Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit f5af66e67d7c6d62315671c0cf57f47973316226) (cherry picked from commit dc63f45b523deb5c3d0c4be4239507e5fc4f6a40) (cherry picked from commit fbcecec057bc05d6fcbdab3ef90d32c56335e833)
* s3-dns Don't use DELEG_FLAG in DNS update, Windows 2008R2 does not like it ↵Andrew Bartlett2011-01-171-1/+1
| | | | | | | | | (cherry picked from commit 280caa6b3bb1199939f9349ea5a436a491c81791) The last 2 patches address bug #7356 (net ads dns register fails in 2008 R2 domain). (cherry picked from commit 6857b749229cc72c604ab5646a4bae5f09b72e11) (cherry picked from commit 7cca44fa97762ccde7166a80bec91a7849f029c1)
* s3-dns Don't use SEQUENCE_FLAG in DNS update, Windows 2008R2 does not like itAndrew Bartlett2011-01-171-1/+1
| | | | | | | Andrew Bartlett (cherry picked from commit 0f1cc889a26477e9a98629f120fe5890b2e106fa) (cherry picked from commit 2b463484cc7bb80cdfb6727ab9e5a873faff5ec8) (cherry picked from commit 1d2f3742fcb47e4a13e21b8e3b7e22a9ddeba49c)
* VERSION: Bump version number.Karolin Seeger2011-01-131-1/+1
| | | | | Karolin (cherry picked from commit f4762c74c0be61cd3c733d82767878fbb25835ac)
* s3-nmbd: Fix bug #7875Björn Baumbach2011-01-131-2/+2
| | | | | | nmbd --port didn't work (cherry picked from commit 79280c99f67c3a3bfb1873b373ec181fa402f18c) (cherry picked from commit 2b1a5fad6c681d8ff8e592ee92d8251040c0760d)
* s3:lib/netapi: don't set SAMR_FIELD_FULL_NAME if we just want to set the ↵Stefan Metzmacher2011-01-131-3/+0
| | | | | | | | | | | | account name (bug #7896) metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Dec 30 18:09:13 CET 2010 on sn-devel-104 (cherry picked from commit f1d15ea54c313e71fc032b2ed191bdecad868858) (cherry picked from commit c6a0971b3790253a906b370562237479d273bb94) (cherry picked from commit b46ec13a9a548cf1bc4ada47751f9e6945306bc7)
* s3: Fix bug 7066 -- wbcAuthenticateEx gives unix timesVolker Lendecke2011-01-131-3/+3
| | | | | | | We might eventually want to change this, but right now we get unix times out of the winbind pipe struct (cherry picked from commit 993923880e213136de89b5b8d59f6f32a51b94b7) (cherry picked from commit 15075858886ee208f800f9bfdcfaf6a56d8653de)
* ѕ3/configue: set Tru64 cc's PIC switch right (none)Björn Jacke2011-01-131-1/+3
| | | | | | | | | | -fPIC made shared library builds fail there Fixes #7821 (cherry picked from commit dbcf73c45782c310cb7ff1f2177d410399e2f06d) (cherry picked from commit 83eb2e9aef40e5e838d2654298e281ad3ec98af3) (cherry picked from commit d28ba1d46c226c8c611816393cdf8eba393300f5)
* Fix bug #7892 - open_file_fchmod() leaves a stale lock.Jeremy Allison2011-01-134-47/+11
| | | | (cherry picked from commit 023aa6f4aae29ba22b3d42c815027ba6a66f8ee2)
* s3: Use smbsock_any_connect in winbindVolker Lendecke2011-01-131-45/+13
| | | | | The last 8 patches address bug #7881 (winbind flaky against w2k8). (cherry picked from commit 1a929d8f4c6bae302e5cc53d81117a05eae5fede)
* s3: Retry *SMBSERVER in nb_connectVolker Lendecke2011-01-131-2/+47
| | | | (cherry picked from commit ee2534c18b5afa609ff17d9da7ea10bcf7654fc6)
* s3: Add smbsock_any_connectVolker Lendecke2011-01-132-1/+232
| | | | (cherry picked from commit 198b6d673787ee40c0ac389ece99cee1844dd585)
* s3: Add an async smbsock_connectVolker Lendecke2011-01-133-0/+320
| | | | | | | This connects to 445 and after 5 milliseconds also to 139. It treats a netbios session setup failure as equivalent as a TCP connect failure. So if 139 is faster but fails the nb session setup, the 445 still has the chance to succeed. (cherry picked from commit 35bbc2231760badaf0debc9f8f39ebdf00cfe8ad)
* v3-4-test: Pull in tevent_req_poll_ntstatus from masterVolker Lendecke2011-01-132-0/+14
| | | | (cherry picked from commit 9b79de1553cfa57d24d1ac0316b814933ef3d33d)
* s3: Add async cli_session_requestVolker Lendecke2011-01-132-0/+132
| | | | | This does not do the redirects, but I think that might be obsolete anyway (cherry picked from commit e2296e23a8546e249d1b26f4da6277792923bef4)
* v3-4-test: Pull in read_smb_send from masterVolker Lendecke2011-01-131-0/+87
| | | | (cherry picked from commit 02c4649674d3bd0f54e71910f11d6aff2cdb6c9d)
* s3: Add some const to name_mangle()Volker Lendecke2011-01-132-2/+2
| | | | (cherry picked from commit 56c760ab41b9b4cb9680d873b8f9955be21434f4)
* s3: Make winbind recover from a signing errorVolker Lendecke2011-01-131-0/+2
| | | | | | | | | | | | When winbind sees a signing error on the smb connection to a DC (for whatever reason, our bug, network glitch, etc) it should recover properly. The "old" code in clientgen.c just closed the socket in this case. This is the right thing to do, this connection is spoiled anyway. The new, async code did not do this so far, which led to the code in winbindd_cm.c not detect that we need to reconnect. Fix bug #7800 (winbind does not recover from smb signing errors). (cherry picked from commit 8c2493ff2e646928035ec7296f4451f09390f6aa)
* s3: Stop using the write cache after an oplock breakVolker Lendecke2011-01-131-0/+1
| | | | | | Fix bug #7715 (Setting Samba Write Cache Size Can Cause File Corruption). (cherry picked from commit 9f8292e5f765dff586bfbb261b54da4d4b27a837) (cherry picked from commit e18ef6cdf042a73e7f08b792e4a9901b071b1f67)
* Fix bug 7636 - winbind internal error, backtrace.Jeremy Allison2011-01-131-0/+1
| | | | | Jeremy. (cherry picked from commit 995e7e500327e662b7ef2b37c83c92e75f2360bf)
* s3-printing: fix BUG 7280 - auto printers not loading with registry configJim McDonough2011-01-131-0/+4
| | | | (cherry picked from commit 9c3537b6d8b2ea36265d3a69f7e90278cb86dbfb)
* Fix bug 7590 - offline login fails because winbind deletes cache on every ↵Jeremy Allison2011-01-131-1/+1
| | | | | | | | | | | | | startup. Sync lib/tdb_validate.c with the change in current master. Change tdb_validate_open() to always use O_RDWR instead of O_RDONLY, as (from the bug report): "db_check() will always return failure for a read-only database. Silently, without any log output, when _tdb_lockall() fails." Jeremy. (cherry picked from commit 39cb903463d8a3fcabd9e148112bf5cf81744130) (cherry picked from commit 9812b1a601c9ccc2a3e6c06b98c32730a32c787a)
* Fix bug #7617 - smbd coredump due to uninitialized variables in the ↵Jeremy Allison2011-01-131-2/+2
| | | | | | | | | | | | | | | | | | | | | performance counter code. In the file rpc_server.c, function _winreg_QueryValue() uint8_t *outbuf Should be : uint8_t *outbuf = NULL; As it is later freed by if (free_buf) SAFE_FREE(outbuf); in some cases, this frees the unintialized outbuf, which causes a coredump. (cherry picked from commit 84fd910c347ddfad6f01edbe7f6e25546c8382ee) (cherry picked from commit 80e65236158d6f1690bf9f153c0eb12d81d56b8a) (cherry picked from commit 78d1a15920de4ef3f230511257ee2f334f89a642)
* s3-winbind: Fix Bug #7568: Make sure cm_connect_lsa_tcp does not reset the ↵Günther Deschner2011-01-131-7/+13
| | | | | | | | | | | | | | | | | | | | | secure channel. This is an important fix as the following could and is happening: * winbind authenticates a user via schannel secured netlogon samlogonex call, current secure channel cred state is stored in winbind state, winbind sucessfully decrypts session key from the info3 * winbind sets up a new schannel ncacn_ip_tcp lsa pipe (and thereby resets the secure channel on the dc) * subsequent samlogonex calls use the new secure channel creds on the dc to encrypt info3 session key, while winbind tries to use old schannel creds for decryption Guenther (cherry picked from commit be396411a4e1f3a174f8a44b6c062d834135e70a) (cherry picked from commit e647f5b5409502ec329e24f09202b036cfb357ae)
* s3-libsmb: Fix bug #7577.Jeremy Allison2011-01-131-2/+42
| | | | | | SPNEGO auth fails when contacting Win7 system using Microsoft Live Sign-in Assistant. (cherry picked from commit 8564193ca6e023574764676088cafb7215f796f5)
* s3: Fix bug 7336: Enable idmap_passdb module build as sharedVolker Lendecke2011-01-131-0/+4
| | | | | | (cherry picked from commit 8c0fbc410798512b7a4b7db73bcb24cde6fa7849) (cherry picked from commit b4803af11525823ea508d0ca4e58402d55901194) (cherry picked from commit 1b22e942aa869d51dc9e50b74c44ece004c30947)
* s3-printing: Fix Bug #7541, %D in "printer admin" causing smbd crash.Günther Deschner2011-01-132-8/+18
| | | | | Guenther (cherry picked from commit 094e8643e50c382a0703fb87b1ad469323d0b89e)
* s3: Fix EnumDomainAliases when no aliases are in LDAPVolker Lendecke2011-01-131-6/+4
| | | | | | | | | | | | We used to return NT_STATUS_ACCESS_DENIED, now we just return 0 entries, just like W2k8 does. usrmgr.exe was pretty unhappy with the NT_STATUS_ACCESS_DENIED (cherry picked from commit f66cc827096c53d4d16b8c850c83a3b5664e9725) Fix bug #7262 (Unable to maintain users' groups via UsrMgr). (cherry picked from commit 1439a1d7ff406dd5dce885100349751151c14bf6) (cherry picked from commit bd6a48e687636d5d9489129faff00e45d50d0d31)
* s3:pdb_ldap: fix bug 7507 - init_sam_from_ldap stores group in sid2uid cacheMichael Adam2011-01-131-1/+1
| | | | | | (cherry picked from commit ba809ecb8ab217e4376bf75d2300e146b62b88eb) (cherry picked from commit cc740fb5eb56a0875703753d4a116d2fe33ec186) (cherry picked from commit b206d75ca5ba04a866a22dfca5b7441fb49078d8)
* s3-netdomjoin-gui: Fix Bug #7500. Fix 'not a string literal' warning in ↵Günther Deschner2011-01-131-1/+1
| | | | | | | | | | | | | netdomjoin-gui. Patch from Buchan Milne <bgmilne@mandriva.org>. Thanks! Guenther (cherry picked from commit 575b1018c65312e9eab562cf4851524cf2f8f24a) (cherry picked from commit 1419c154d67b8ffaf0d6e2e3ba103121ab3736f5) (cherry picked from commit 5fbf50d351bf3d14b495a5aa586b0cee68ab0cae)
* s3-kerberos: temporary fix for ipv6 in print_kdc_line().Günther Deschner2011-01-131-5/+20
| | | | | | | | | | | | | | Currently no krb5 lib supports "kdc = ipv6 address" at all, so for now just fill in just the kdc_name if we have it and let the krb5 lib figure out the appropriate ipv6 address ipv6 gurus, please check. Guenther (cherry picked from commit dd5a4e23f8c24564d3fd21bb8d01172321087362) The last 3 patches fix bug #7341 (winbind not working over IPv6). (cherry picked from commit 22de0639efe63def87e32e5c18a82ea56c2984ef)
* s3-kerberos: pass down kdc_name to create_local_private_krb5_conf_for_domain().Günther Deschner2011-01-134-12/+22
| | | | | | Guenther (cherry picked from commit e3bdff3d67b46277ee59685218bd90f3788b487d) (cherry picked from commit 69e1fc797dc34be03d771ec017ef27c6aa87a155)
* s3-winbind: make the getpeername() checks in cm_prepare_connection IPv6 aware.Günther Deschner2011-01-131-5/+25
| | | | | | | | | | | | | Note that this failure was hard to track, as winbind did only log a super helpful "cm_prepare_connection: Success" debug message. IPv6 gurus, please check Successfully tested in two independent IPv6 networks now. Guenther (cherry picked from commit 14ac2bb36ee22be6133ca1d069dc5de6c1891f47) (cherry picked from commit 43e4323d4a009c2b18be090f183dfd8c9f561fed)
* s3-spoolss: Added EN ISO 216, A0 and A1 to builtin forms.Andreas Schneider2011-01-131-0/+2
| | | | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit 0953087f82ddbd580e9807e0e8d780e78686c03c) Fix bug #7423 (Large Formats at printing not available). (cherry picked from commit 6d851e16cf67832ad1749a63ec69faf865d9ed45)
* work around AIX6.1 name space pollution rename mod_name to module_nameOlaf Flebbe2011-01-131-8/+8
| | | | | Fix bug #7421 (samba 3.4.7 does not compile on AIX 6.1). (cherry picked from commit 231760282dcb1232019f62025e1e5918a940bb5b)
* s3-spoolss: Fix _spoolss_EnumPrinters servername handling.Günther Deschner2011-01-131-1/+1
| | | | | | | | | | Guenther (cherry picked from commit b3c2b2260a503079b9abf22f6b35b56c61c2b372) The last two patches address bug #7418 ("net rpc printer list" command is inoperative). (cherry picked from commit df5f448fe371a1227a507cedc2642fa1a4b77e65) (cherry picked from commit df75d920edaad2ef113fe6c46b3e9b36fa0930a8)
* s3-spoolss: in spoolss_EnumPrinters r->in.server is a *unique* pointer!Günther Deschner2011-01-131-3/+5
| | | | | | | Guenther (cherry picked from commit 8ce66fba03f782c0b9948a9835bb488cfa74acf9) (cherry picked from commit cb6fcb9b16b36fcdc68bef382dbd7ecf89521d4e) (cherry picked from commit bd76c22f4c7ab39b79f5cf381d39bff1b974363f)
* s3-net: Fix Bug #7417. 'net rpc user password' can set the wrong password.Günther Deschner2011-01-131-1/+4
| | | | | | Guenther (cherry picked from commit 7887d99a60387e93ce5ce4a3bfe9117939d1e4c8) (cherry picked from commit fb4d896217183b0ea2b97016aa84c2d83f7f1323)
* Fix bug #7669.Jeremy Allison2010-09-094-5/+23
| | | | | | | | | | | | | | | | | | | | | | | | Fix bug #7669 (buffer overflow in sid_parse() in Samba3 and dom_sid_parse in Samba4). CVE-2010-3069: =========== Description =========== All current released versions of Samba are vulnerable to a buffer overrun vulnerability. The sid_parse() function (and related dom_sid_parse() function in the source4 code) do not correctly check their input lengths when reading a binary representation of a Windows SID (Security ID). This allows a malicious client to send a sid that can overflow the stack variable that is being used to store the SID in the Samba smbd server. A connection to a file share is needed to exploit this vulnerability, either authenticated or unauthenticated (guest connection).
* VERSION: Bump version up to 3.4.9.Karolin Seeger2010-05-111-1/+1
| | | | | Karolin (cherry picked from commit de8118220224160f9f6a05112aa578500b11d1d5)
* s3:winbind: Fix bug 5626Volker Lendecke2010-05-063-29/+23
| | | | | Apparently the AIX compiler can't deal with sizeless array declarations (cherry picked from commit 5444adaf59bc6b9bd8f339de21ab66da9e684073)
* s3:winbindd: make sure we don't try rpc requests against unaccessable domainsStefan Metzmacher2010-05-061-5/+28
| | | | | | | | | | | | This makes sure we don't crash while trying to dereference domain->conn.cli->foo while trying to establish a rpc connection to the server. This fixes bug #7316. metze (cherry picked from commit d930904b997d310aeff781bde1e7e3ce47dde8a1) (cherry picked from commit 01b60b113869f526dcf3bb478d70df21dbb207c8) (cherry picked from commit edb02e57a3ef83a16bdbd158da4c1290d4ab8240)
View Lorry Controller Status