summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* s3:winbind: Fix an uninitialized variable (cherry picked from commit ↵Volker Lendecke2009-10-201-1/+1
| | | | | | 0724649a8a7c04d015317d9dc2ae43ee87c1bd25) (cherry picked from commit d6af2a5ff4e4f723e521a3f708751b3155f870fc)
* s3-winbindd: Fix Bug #6711: trusts to windows 2008 (2008 r2) not working.Günther Deschner2009-10-203-5/+63
| | | | | | | | | | | | | Winbindd should always try to use LSA via an schannel authenticated ncacn_ip_tcp connection when talking to AD for LSA lookup calls. In Samba <-> W2k8 interdomain trust scenarios, LookupSids3 and LookupNames4 via an schannel ncacn_ip_tcp LSA connection are the *only* options to successfully resolve sids and names. Guenther (cherry picked from commit 6a8ef6c424c52be861ed2a9806f917a64ec892a6) (cherry picked from commit 3bd36630e402b6215a46f8b0ba98e9e2b18b44eb)
* s3-winbindd: add cm_connect_lsa_tcp().Günther Deschner2009-10-203-0/+63
| | | | | | Guenther (cherry picked from commit 58f2deb94024f002e3c3df47f45454edc97f47e1) (cherry picked from commit b35d5cf97fd610874583f0d03c6cda4def0cf0f5)
* s3-rpc_client: fix non initialized structure in rpccli_lsa_lookup_sids_noalloc.Günther Deschner2009-10-201-0/+2
| | | | | | Guenther (cherry picked from commit a4b5c792c55ef90648a528d279beec32f86a9b22) (cherry picked from commit 27219ada4ec86544ceb8488850293b07f1ea7a10)
* s3-rpc_client: add rpccli_lsa_lookup_sids3 wrapper.Günther Deschner2009-10-202-17/+82
| | | | | | Guenther (cherry picked from commit 2f9adf04e4b3e16c046cb371a428a8a70d5de041) (cherry picked from commit e867d3d9bb6494cde621f8f951f7aece5798f5fe)
* s3-rpc_client: add rpccli_lsa_lookup_names4 wrapper.Günther Deschner2009-10-202-23/+84
| | | | | | Guenther (cherry picked from commit ff968712bab6c2635ef74723c6f52b0fdac4b424) (cherry picked from commit 99627d8e38a28759095b6704e8314c931ca638a0)
* s3-winbindd: add and use winbindd_lookup_names().Günther Deschner2009-10-202-20/+47
| | | | | | Guenther (cherry picked from commit 99c3fc19587431efda1ae6161453d84673b32071) (cherry picked from commit 6bcf24a2affb4798840e5cc49aeeb6c78d0265d0)
* s3-winbindd: add and use winbindd_lookup_sids().Günther Deschner2009-10-203-96/+78
| | | | | | Guenther (cherry picked from commit f0b52b8c3133e3696db361d9d0e7d1fff0fab991) (cherry picked from commit faa6a8de595ea38d3291dc7fb80d314a3b3f05cc)
* s3-rpc_client: add dcerpc_transport_t to cli_rpc_pipe_open_schannel().Günther Deschner2009-10-208-11/+21
| | | | | | Guenther (cherry picked from commit bea8e5fa6038d5abd2ec1e12f9005c4a04abb79f) (cherry picked from commit 5b44f54a18b60fe3814623f351025335a0273916)
* s3-rpc_client: add dcerpc_transport_t to cli_rpc_pipe_open_spnego_ntlmssp ↵Günther Deschner2009-10-208-4/+19
| | | | | | | | and cli_rpc_pipe_open_ntlmssp. Guenther (cherry picked from commit 032e01e7c13724d057b5744d7d79613449c2f24f) (cherry picked from commit cd8874214dba810e60faca155611dbcf2f1351f7)
* s3-rpc_client: add cli_rpc_pipe_open_noauth_transport.Günther Deschner2009-10-202-14/+30
| | | | | | Guenther (cherry picked from commit 87f61a144b8d25c90b847940ca03ced1f77b036c) (cherry picked from commit 18b8928c8cb12d2f56efcc61df5b74db3caec29c)
* s3-rpc_client: add enum dcerpc_transport_t to rpc_cli_transport struct.Günther Deschner2009-10-202-0/+10
| | | | | | Guenther (cherry picked from commit 393a1f594d5f03a51448cdc465f92c599a93904c) (cherry picked from commit ef11ccb47db899603a100e67c3ca9ecd3298e347)
* Second part of a fix for bug #6235.Jeremy Allison2009-10-201-1/+1
| | | | | Domain enumeration breaks if master browser has space in name. (cherry picked from commit f3f9dfd667526611b1fed3d47dc60eb45932eee0)
* Fix bug #6532.Derrell Lipman2009-10-201-1/+2
| | | | | Domain enumeration breaks if master browser has space in name. (cherry picked from commit 6b4b66c0cbf6147c693a84e6aec0b5cd07fd2e54)
* Fixing timeval calculationSimo Sorce2009-10-201-1/+1
| | | | | | | The code was always doubling microseconds when attempting to round up. Fix bug #6764. (cherry picked from commit 7f8e6b98822df2ea813e6a7da6a8f14c503935d9)
* s3: Document the "share:fake_fscaps" parameter, fix bug 6765Volker Lendecke2009-10-201-0/+20
| | | | | (cherry picked from commit 21794b0dd28a80b149342b3218d7ebb4c8791e09) (cherry picked from commit d046ab32094caa9511862144df1c00e64c234487)
* s3:smbd: Add a "hidden" parameter "share:fake_fscaps"Volker Lendecke2009-10-201-0/+3
| | | | | | | | | | | | | | | This is needed to support some special app I've just come across where I had to set the SPARSE_FILES bit (0x40) to make it work against Samba at all. There might be others to fake. This is definitely a "Don't touch if you don't know what you're doing" thing, so I decided to make this an undocumented parametric parameter. I know this sucks, so feel free to beat me up on this. But I don't think it will hurt. (cherry picked from commit a5cace128d1dcabd6cc90dda71a09dfa8ee8c6f6) Fix bug #6765. (cherry picked from commit af0c2b78f7b697fae0fae6f88a5c9922abc7c514)
* Adjust regex to match variable names including underscoresLars Müller2009-10-201-1/+1
| | | | | | | | | This is required to get the CIFSUPCALL_PROGS setting extracted from config.log. (cherry picked from commit 5148eefe1ea6e215dcbf4ffaa642860bd8dab45f) Fix for bug #6710. (cherry picked from commit f142ae80e344f098fb01a4c154a9fe46ed9a4eae)
* s3: Don't overwrite password in pam_winbind, subsequent pam modules might ↵Bo Yang2009-10-201-4/+0
| | | | | | | | | use the old password and new password. Signed-off-by: Bo Yang <boyang@samba.org> Fix bug #6735. (cherry picked from commit 2a2779bb752d83ff51161a7e5d62ca21c4e6c909)
* s3: Fix reading beyond the end of a named stream in xattr_streamsVolker Lendecke2009-10-201-2/+1
| | | | | | | | | This was found thanks to a test by Sivani from Microsoft against Samba at the SDC plugfest (cherry picked from commit 444a05c28df693a745809fef73ae583a78be7c8f) Fix bug #6731. (cherry picked from commit ff9355149c9af7ca0e31b36690b270a03cb787fc)
* s3: BSD needs sys/sysctl.h included to build properlyBjörn Jacke2009-10-203-1/+10
| | | | | | | | | FreeBSD (and other BSDs, too) need sys/sysctl.h inclueded to use sysctlbyname(). Thanks to Timur Bakeyev for that. Fix bug #6728. (cherry picked from commit 9c86a96af381f2826456f91eb99073c9fca633de)
* s3:smbstatus: Fix bug 6703, allow smbstatus as non-rootVolker Lendecke2009-10-201-11/+13
| | | | | | We only require a ctdb connection when clustering is enabled. This limits the restriction for only-root smbstatus to the clustering case. (cherry picked from commit b22713717422b822c3b8fcba611fc01e262d52c9)
* s3: QNX doesn't know uint - replace with uint_tBjörn Jacke2009-10-202-8/+8
| | | | | (cherry picked from commit a28596964b44f20d794999541d38fe4bae64b56b) (cherry picked from commit 47c2dc4eee5f7644601db0c24dca0ca30b482940)
* s3/libsmb: SIVAL should have been an SVAL.Jeremy Allison2009-10-201-1/+1
| | | | | Fix bug #6726. (cherry picked from commit 7ec7440fc2f78ef49cebdc819ff81db5ce9d143c)
* Fix bug 6707 - 3.4.1 segfault in parsing configs.Marc Aurele La France2009-10-201-4/+4
| | | | | | Fixes an occasional segfault caused by an out-of-bounds reference in config file parsing. (cherry picked from commit 7c00227f00a83345035c4c0a6716b46864f2da8d) (cherry picked from commit 0241ba8ce2b6da049fb3cc512508a9e9c5732781)
* Fix bug 6529 - Offline files conflict with Vista and Office 2003. Jeremy.Jeremy Allison2009-10-208-71/+182
| | | | (cherry picked from commit e971428f137dcb42e8b735386d79f1b3a6effe34)
* Conditional install of the cifs.upcall man pageLars Müller2009-10-201-0/+1
| | | | | | | Only install the cifs.upcall man page if CIFSUPCALL_PROGS was set while configure. (cherry picked from commit e9e2414e798a2eb447de45803e61cc0a49752f11) (cherry picked from commit 5cd771b964aa36082716352522a68c962e1aaba8)
* s3:configure: fix syntax error in avahi configure testBjörn Jacke2009-10-201-1/+1
| | | | | | | (cherry picked from commit b54e48b830dbc3d66f9de5d2711a57a1630809e2) Should fix bug #6704. (cherry picked from commit 686439599ad78c6f4d5609129113e6da51fb4a57)
* umount.cifs: do not attempt to update /etc/mtab if it is symbolic linkShirish Pargaonkar2009-10-201-3/+4
| | | | | | | | | | | | If /etc/mtab is a symbolic link to e.g. /proc/mounts, do not update it. This is a fix for a bug reported in 4675 on samba bugzilla Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> (cherry picked from commit a869e4253a87f9a5e13dbe87b2799f8683d238d7) Fixes bug #4675. (cherry picked from commit f710535e947008a083b49d8a3faa117208616d7f)
* Fix for CVE-2009-2906.samba-3.4.2Jeremy Allison2009-09-302-5/+26
| | | | | | | | Summary: Specially crafted SMB requests on authenticated SMB connections can send smbd into a 100% CPU loop, causing a DoS on the Samba server.
* WHATSNEW: Update release notes.Karolin Seeger2009-09-301-2/+8
| | | | Karolin
* WHATSNEW: Update release date.Karolin Seeger2009-09-291-1/+1
| | | | Karolin
* Fix for CVE-2009-2813.Jeremy Allison2009-09-282-2/+11
| | | | | | | | | | | | | | | =========================================================== == Subject: Misconfigured /etc/passwd file may share folders unexpectedly == == CVE ID#: CVE-2009-2813 == == Versions: All versions of Samba later than 3.0.11 == == Summary: If a user in /etc/passwd is misconfigured to have == an empty home directory then connecting to the home == share of this user will use the root of the filesystem == as the home directory. ===========================================================
* mount.cifs: don't leak passwords with verbose optionJeff Layton2009-09-281-20/+34
| | | | | | | | | | | | | | | | | | | | | | When running mount.cifs with the --verbose option, it'll print out the option string that it passes to the kernel...including the mount password if there is one. Print a placeholder string instead to help ensure that this info can't be used for nefarious purposes. Also, the --verbose option printed the option string before it was completely assembled anyway. This patch should also make sure that the complete option string is printed out. Finally, strndup passwords passed in on the command line to ensure that they aren't shown by --verbose as well. Passwords used this way can never be truly kept private from other users on the machine of course, but it's simple enough to do it this way for completeness sake. Reported-by: Ronald Volgers <r.c.volgers@student.utwente.nl> Signed-off-by: Jeff Layton <jlayton@redhat.com> Acked-by: Steve French <sfrench@us.ibm.com> Part 2/2 of a fix for CVE-2009-2948.
* mount.cifs: check access of credential files before openingJeff Layton2009-09-281-0/+11
| | | | | | | | | | | | | | | It's possible for an unprivileged user to pass a setuid mount.cifs a credential or password file to which he does not have access. This can cause mount.cifs to open the file on his behalf and possibly leak the info in the first few lines of the file. Check the access permissions of the file before opening it. Reported-by: Ronald Volgers <r.c.volgers@student.utwente.nl> Signed-off-by: Jeff Layton <jlayton@redhat.com> Acked-by: Steve French <sfrench@us.ibm.com> Part 1/2 of a fix for CVE-2009-2948.
* WHATSNEW: Prepare release notes for 3.4.2.Karolin Seeger2009-09-281-3/+61
| | | | Karolin
* Raise version number up to 3.4.2.Karolin Seeger2009-09-241-1/+1
| | | | Karolin
* WHATSNEW: Update changes.samba-3.4.1Karolin Seeger2009-09-091-1/+2
| | | | | Karolin (cherry picked from commit a87116873bdbb4301f35b1d3f6bc8596f96be975)
* s3:libsmb: Correctly chew keepalive packetsVolker Lendecke2009-09-091-0/+6
| | | | | | | | | | | | Thanks a *lot* to Günther to send me the relevant traces! Volker Signed-off-by: Günther Deschner <gd@samba.org> Fixes bug #6646 (Winbind authentication issue on 3.2.13/14 and 3.4.0 (was: [Samba] Crazied NTLM_AUTH on samba 3.4.0)). (cherry picked from commit a4f9583ce364fad963cc154f0229cb57ec0043d2)
* WHATSNEW: Update changes since 3.4.0.Karolin Seeger2009-09-091-0/+11
| | | | | Karolin (cherry picked from commit abc676bcd5eec40946c2e851345a6e973bf2cbea)
* Fix bug 6496 - libsmbclient: MS-DFS: cannot follow multibyte char link name. ↵SATOH Fumiyasu2009-09-092-15/+39
| | | | | | A server returns a byte of consumed path in UCS2, not UNIX charset. (cherry picked from commit ee70079d08acf23cf7c342f09a7db4f5fc7ca95e)
* Fix bug 6673 - smbpasswd does not work with "unix password sync = yes". ↵Jeremy Allison2009-09-095-22/+30
| | | | | | Revert change from 3.3 -> 3.4 with read_socket_with_timeout changed from sys_read() to sys_recv(). read_socket_with_timeout() is called with non-fd's (with a pty in chgpasswd.c and with a disk file in lib/dbwrap_file.c via read_data()). recv works for the disk file, but not the pty. Change the name of read_socket_with_timeout() to read_fd_with_timeout() to make this clear (and add comments). Jeremy. (cherry picked from commit 91a5b8561e2f13f77fa5648f7cc373aff1701954)
* Hopefully last part of the fix for bug 6651 - smbd SIGSEGV when breaking ↵Jeremy Allison2009-09-091-2/+2
| | | | | | oplocks. This one is subtle. There is a race condition where a signal can be queued for oplock break, and then the file can be closed by the client before the signal can be processed. Currently if this occurs we panic (we can't match an incoming signal fd with a fsp pointer). Simply log the error (at debug level 10 right now, might be too much) and then return without processing the break request. It looks like there is another race condition with this fix, but here's why it won't happen. If the signal was pending (caused by a kernel oplock break from a local file open), and the client closed the file and then re-opened another file which happened to use the same file descriptor as the file just closed, then theoretically the oplock break requests could be processed on the wrong fd. Here's why this should be very rare.. Processing a pending signal always take precedence over an incoming network request, so as long as the client close request is non-chained then the break signal should always be harmlessly processed *before* the open can be called. If the open is chained onto the close, and the fd on the new open is the same as the old closed fd, then it's possible this race will occur. However, all that will happen is that we'll lose the oplock on this file. A shame, but not a fatal event. Jeremy. (cherry picked from commit bdc7bdb0d3e02d04477906dbda8995bc5789ce22) (cherry picked from commit 95cc5af5fd6150f3c54cd344b66393dbc186c2df)
* Help debug for bug 6651 - smbd SIGSEGV when breaking oplocks. Should help ↵Jeremy Allison2009-09-091-0/+4
| | | | | | track if we get invoked with an invalid fd from the signal handler. Jeremy. (cherry picked from commit 213546103749c30dbb3ad8472872b9a8fad34205) (cherry picked from commit 6b9d518b9f1244c99fbaa2812886d02635caff14)
* tevent: change version to 0.9.8 after some critical bugs have been fixedStefan Metzmacher2009-09-091-1/+1
| | | | | | metze (cherry picked from commit 1bb68402a2e37f39118eaaaa039ac69e03ba66f2) (cherry picked from commit a9890fb49d2372edbf2050134bb21450d98ff7f6)
* Another part of the fix for bug 6651 - smbd SIGSEGV when breaking oplocks. ↵Jeremy Allison2009-09-091-2/+6
| | | | | | SA_INFO_QUEUE_COUNT *MUST* be a power of 2, in order for the ring buffer wrap to work correctly at the 32 bit boundary. Thanks to Petr Vandrovec <petr@vandrovec.name> for this. (cherry picked from commit c97698e762b1ea8d7133f04ae822225676a6f135) (cherry picked from commit 161e20843054ecc5745e967da2a9d08ed09229d0)
* tevent: Fix a segfault upon the first signalVolker Lendecke2009-09-091-0/+6
| | | | | | | | | | | | | | | When the first signal arrives, tevent_common_signal_handler() crashed: "ev" is initialized to NULL, so the first "write(ev->pipe_fds[1], &c, 1);" dereferences NULL. Rusty, Tridge, please check. Also, can you tell me a bit more about the environment you tested this in? I'd be curious to see where this survived. Thanks, Volker (cherry picked from commit 23abcd2318c69753aa2a144e1dc0f9cf9efdb705) (cherry picked from commit 1108225c1316521bf2bb59c9b99b030440af0002)
* lib/tevent: close pipe_fds on event_context destructionRusty Russell2009-09-091-0/+2
| | | | | | | | | The "hack_fds" were never closed before; now they're inside event_context they should be closed when that is destroyed. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (cherry picked from commit 76d91156c82e20bbd68c752376cb814d71759033) (cherry picked from commit 5cc105ac513164d66d4661a41d1daa99f28ab928)
* lib/tevent: handle tevent_common_add_signal on different event contexts.Rusty Russell2009-09-092-14/+31
| | | | | | | | | | | | I don't know if this is a problem in real life. The code assumes there's only one tevent_context; all signals will notify the first event context. That's counter-intuitive if you ever use more than one, and there's nothing else in this code which prevents it AFAICT. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (cherry picked from commit be4ac227842530d484659f2db683453366326d8b) (cherry picked from commit 792ab5c34a20bd2b292b642dc96cae62e5ad1ce0)
* lib/tevent: fix race with signals and tevent_common_add_signalRusty Russell2009-09-091-20/+20
| | | | | | | | | | | | | We carefully preserve the old signal handler, but we replace it before we've set up everything; in particular, if we fail setting up the pipe_hack we could write a NUL char to stdout (fd 0), instead of calling the old signal handler. Replace the signal handler as the very last thing we do. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (cherry picked from commit 6abb637e3e0d23635fdbbb91c163731b325d696d) (cherry picked from commit bd28ae54a635667096e4a0d1010a1c3cce59712f)
generated by cgit (git 2.34.1) at 2025-09-26 10:48:49 +0000