| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
Summary:
Specially crafted SMB requests on
authenticated SMB connections can send smbd
into a 100% CPU loop, causing a DoS on the
Samba server.
(cherry picked from commit e2dff319a6d5c0c54acdba3d4fec05477ca60f11)
|
|
|
|
|
| |
Karolin
(cherry picked from commit 802d964da98628b1d243fdd766cf0c86ae287713)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
===========================================================
== Subject: Misconfigured /etc/passwd file may share folders unexpectedly
==
== CVE ID#: CVE-2009-2813
==
== Versions: All versions of Samba later than 3.0.11
==
== Summary: If a user in /etc/passwd is misconfigured to have
== an empty home directory then connecting to the home
== share of this user will use the root of the filesystem
== as the home directory.
===========================================================
(cherry picked from commit 6fd272875d27c6974a194d0cb2cde39a98ca4af2)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When running mount.cifs with the --verbose option, it'll print out the
option string that it passes to the kernel...including the mount
password if there is one. Print a placeholder string instead to help
ensure that this info can't be used for nefarious purposes.
Also, the --verbose option printed the option string before it was
completely assembled anyway. This patch should also make sure that
the complete option string is printed out.
Finally, strndup passwords passed in on the command line to ensure that
they aren't shown by --verbose as well. Passwords used this way can
never be truly kept private from other users on the machine of course,
but it's simple enough to do it this way for completeness sake.
Reported-by: Ronald Volgers <r.c.volgers@student.utwente.nl>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Acked-by: Steve French <sfrench@us.ibm.com>
Part 2/2 of a fix for CVE-2009-2948.
(cherry picked from commit acfc9978afbde87dde3b70daccdbfd7e0a1d52e4)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's possible for an unprivileged user to pass a setuid mount.cifs a
credential or password file to which he does not have access. This can cause
mount.cifs to open the file on his behalf and possibly leak the info in the
first few lines of the file.
Check the access permissions of the file before opening it.
Reported-by: Ronald Volgers <r.c.volgers@student.utwente.nl>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Acked-by: Steve French <sfrench@us.ibm.com>
Part 1/2 of a fix for CVE-2009-2948.
(cherry picked from commit b656deb5d7e97176c32b61b7659258846db16887)
|
|
|
|
|
| |
Karolin
(cherry picked from commit fb513bdacaeaef7e3edb49d5b77661adf3a912bb)
|
|
|
|
|
| |
Karolin
(cherry picked from commit ab4af60c8311b0f60f18390b670f01e1296c5141)
|
|
|
|
|
|
| |
This reverts commit 6a91468853d9c37993d109b079eb042d1b33cba9.
Forgot for a second that there won't be any 3.2 maintenance releases...
|
|
|
|
|
|
|
|
| |
Patch from TAKEDA Yasuma <yasuma@osstech.co.jp>.
Guenther
(cherry picked from commit 9fa042bb9f71057fc869e37d4cc180e8a772b1bb)
(cherry picked from commit a01f0a4025d382c1bc82f4992ea4566db4df3818)
|
|
|
|
| |
Karolin
|
|
|
|
| |
Karolin
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
samu_set_unix() does not use the rid allocator, but forces to use the
algoritmic allocator unconditionally, this is wrong and inconsistent.
Use samu_alloc_rid_unix() instead.
(If we create a new user we should do it in a way consistent with all
other commands like pdbedit -a and net rpc user add.)
(cherry picked from commit e1d4db8f55b25c7e9c408cb334fb89ccfd4c6565)
Signed-off-by: Michael Adam <obnox@samba.org>
This fixes bug #6628.
|
|
|
|
| |
Karolin
|
|
|
|
|
|
|
| |
metze
(similar to commit 1e1445bc7672b17a1d689fa0f0732b05b6e04da5)
Fixes bug #6627.
|
|
|
|
| |
Karolin
|
|
|
|
|
|
| |
With the previous code, the cache can never have been hit at all.
Michael
|
|
|
|
| |
Karolin
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes a crash bug hit when multiple mappings were found by
the ldap search. This crash was caused by an ldap asssertion
in ldap_next_entry because was set to NULL in each iteration.
The corresponding fix was applied to the idmap_ldap_sids_to_unixids()
by Jerry in 2007 (b066668b74768d9ed547f16bf7b6ba6aea5df20a).
This fixes the crash part of bug #6387.
There is a logic part, too:
The problem currently only occurs when multiple mappings are found
for one given unixid. Now winbindd does not crash any more but
it does not correctly handle this situation. It just returns the
last mapping from the ldap search results.
This needs fixing.
Michael
(cherry picked from commit e9010fa366746ec1ae948dbcf3493d446e23b14c)
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
|
|
| |
Karolin
|
|
|
|
| |
Karolin
|
|
|
|
| |
Karolin
|
|
|
|
|
|
| |
Karolin
(cherry picked from commit 54dffbea663ecf4542d6c5e30da6e346d5d60424)
(cherry picked from commit 2538df1ea3229ea6d8242b5ae6fdd3d453395609)
|
|
|
|
|
|
|
| |
to what we're giving Everyone. Jeremy.
Fixes bug #6504.
(cherry picked from commit 4e854cb52cfb4f3c25c92324c6e7505f1c8290b3)
|
|
|
|
|
|
|
|
|
| |
Thanks to OPC oota <t-oota@dh.jp.nec.com> for reporting!
Karolin
(cherry picked from commit 7ee7ec3fdba2ef6a6cc3e1f96a5d2154290cdb18)
(cherry picked from commit c94d3183a8e4c7e03c0dd2771cb7b9f4665198ce)
(cherry picked from commit 1310ba934b87b804f435cef2c21e6e65590e4a83)
|
|
|
|
|
|
|
|
|
| |
lookupname failed, cannot find domain when attempt
to change password.
This addresses bug #6560.
Signed-off-by: Bo Yang <boyang@samba.org>
|
|
|
|
|
|
|
|
|
| |
metze
(cherry picked from commit a14efbadd53ac9678d75e6029f947d63cfa0c4e5)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This addresses bug #6526.
|
|
|
|
|
|
|
|
|
| |
E.g. last mod time is not preserved when "unix extensions=yes" are set - and u
Cancel out any pending "sticky" writes or "last write" changes when
doing a UNIX info level set.
Jeremy.
(cherry picked from commit 5b03af33ad45368bea7cf6cabc91f62e2503de99)
|
|
|
|
|
|
|
| |
This fixes bug #6519.
(cherry picked from commit 4fb1f8e8fe46b3e77c06612ac3fc3d67cf650a11)
(cherry picked from commit 39bfcc5d50892ad0c387f0ca3932e961e77fdc39)
(cherry picked from commit 408cc7ec9f4119aa9a768474152a83ef796309a9)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
stopped working when "modify properties" permissions were not granted (meaning you had to be allowed to disable the account that you were about to delete).
Libnetapi should not delete machine accounts, as this does not
happen on win32. The WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE flag
really means "disable" (both in practice and docs).
However, to keep the functionality in "net ads leave", we
will still try to do the delete. If this fails, we try
to do the disable.
Additionally, it is possible in windows to not disable or
delete the account, but just tell the local machine that it
is no longer in the account. libnet can now do this as well.
Don't use ads realm name for non-ads case. #6481
Also check that the connection to ads worked.
|
|
|
|
| |
Guenther
|
|
|
|
|
| |
Karolin
(cherry picked from commit c5a0590a2efb9c0e8565e822dfc7cea92af0bece)
|
|
|
|
|
| |
Karolin
(cherry picked from commit d85b881d66841a5dac66a98a94f251f58d66d1c4)
|
|
|
|
|
| |
Karolin
(cherry picked from commit 0239c6555dbf515935fed7b958cfcce24810f07f)
|
|
|
|
|
| |
This is the part of checkin cfee2025 that is relevant to this bug.
(cherry picked from commit 91ea0d3fa11fc209dc653dd09dfab6244fb80f0d)
|
|
|
|
|
|
| |
This addresses bug #6498.
(cherry picked from commit a702dea5a86f22e0b7857b67447152a06b3bbea2)
(cherry picked from commit aa769edfcef6937927201f765509c10b60764817)
|
|
|
|
|
|
|
|
|
|
| |
This fixes bug #6412.
Thanks to Carsten Dumke <carsten [at] cdumke.de> for reporting!
Karolin
(cherry picked from commit 4ad43a21344b43f1c9fe459165098bcab1695711)
(cherry picked from commit 84750d556d0a42b5d8b134308311e2cb9a533b58)
(cherry picked from commit 304c25a518aba988c3d36e78f6a8416a340b3b33)
|
|
|
|
|
|
| |
be retrieved.
Guenther
|
|
|
|
|
|
| |
uninitialized variable.
(cherry picked from commit f92195e3a1baaddda47a5d496f9488c8445b41ad)
|
|
|
|
|
|
| |
commit 1a0005e1c508cf3b170d1c7e43b94a47b2820506)
(cherry picked from commit 133cdb46be154eeceb080fa9db88a38d9f87c919)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a NULL sid_array since 3.2.0.
Found by torture test.
This makes it possible to search for users while adding them to groups via
windows usermanager.
Fixes bug #6484.
Guenther
(cherry picked from commit 0cfe59f1b580371f445b50151ceae5aef02bf0c4)
|
|
|
|
|
|
|
| |
We weren't reaping children in the [x]inetd case.
Jeremy.
(cherry picked from commit 7e51314f2e18241876b049642fcb133df7e44c70)
|
|
|
|
|
|
|
| |
This is part of a fix for bug #6328.
Karolin
(cherry picked from commit a5a31512de9d9b9ed7eed906487dd154fde7e483)
|
|
|
|
|
|
| |
Karolin
(cherry picked from commit 13494c0f8f9459c51b520a7cf60790e9e2f475b4)
(cherry picked from commit 3c44cd7a10948454fea58f521164fdbe7e20d959)
|
|
|
|
|
|
| |
to smbd/trans2.c opens up SETFILEINFO calls to POSIX_OPEN only. The change to first smbd/open.c closes 2 holes that would have been exposed by allowing POSIX_OPENS on readonly shares, and their ability to set arbitrary flags permutations. The O_CREAT -> O_CREAT|O_EXCL change removes an illegal combination (O_EXCL without O_CREAT) that previously was being passed down to the open syscall. Jeremy.
(cherry picked from commit 79f26472b4ae561ec00c30f31dd63ccab6dfc0c4)
|
|
|
|
|
|
|
|
| |
Thanks to Herb Lewis <hlewis [at] panasas.com> for noticing!
Was commit 095f66b0 in master.
Karolin
|
|
|
|
|
|
| |
Karolin
(cherry picked from commit 6e45c21384b8845422967ff1fa46e48de9fee1ab)
(cherry picked from commit aa97504f0358dcc23de7a65f39a1c4d24f0709b7)
|
|
|
|
| |
Karolin
|
|
|
|
| |
Signed-off-by: Andreas Schneider <mail@cynapses.org>
|
|
|
|
|
|
|
| |
Signed-off-by: Andreas Schneider <mail@cynapses.org>
(cherry picked from commit 59ab1574e41993d24733affbca07d3f7da245fc7)
(cherry picked from commit d547aab1511c72e1cab034e2945f6ad63bda6659)
(cherry picked from commit c9b89676983c5fd0ec12df121fc5d9e06facdd80)
|
|
|
|
|
|
|
| |
Signed-off-by: Andreas Schneider <mail@cynapses.org>
(cherry picked from commit 1809ff4b2339bd3066532abccea0944da45edf64)
(cherry picked from commit 5d2dfba6d1699c6e417cc21233a1cc871f3c0ad1)
(cherry picked from commit 282682c989a8008de5f8d30c48c9a740b315a230)
|