summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Fix for CVE-2009-2906.v3-2-testJeremy Allison2009-10-012-3/+26
| | | | | | | | | Summary: Specially crafted SMB requests on authenticated SMB connections can send smbd into a 100% CPU loop, causing a DoS on the Samba server. (cherry picked from commit e2dff319a6d5c0c54acdba3d4fec05477ca60f11)
* WHATSNEW: Update release notes.Karolin Seeger2009-10-011-2/+8
| | | | | Karolin (cherry picked from commit 802d964da98628b1d243fdd766cf0c86ae287713)
* Fix for CVE-2009-2813.Jeremy Allison2009-10-012-2/+11
| | | | | | | | | | | | | | | | =========================================================== == Subject: Misconfigured /etc/passwd file may share folders unexpectedly == == CVE ID#: CVE-2009-2813 == == Versions: All versions of Samba later than 3.0.11 == == Summary: If a user in /etc/passwd is misconfigured to have == an empty home directory then connecting to the home == share of this user will use the root of the filesystem == as the home directory. =========================================================== (cherry picked from commit 6fd272875d27c6974a194d0cb2cde39a98ca4af2)
* mount.cifs: don't leak passwords with verbose optionJeff Layton2009-10-011-20/+34
| | | | | | | | | | | | | | | | | | | | | | | When running mount.cifs with the --verbose option, it'll print out the option string that it passes to the kernel...including the mount password if there is one. Print a placeholder string instead to help ensure that this info can't be used for nefarious purposes. Also, the --verbose option printed the option string before it was completely assembled anyway. This patch should also make sure that the complete option string is printed out. Finally, strndup passwords passed in on the command line to ensure that they aren't shown by --verbose as well. Passwords used this way can never be truly kept private from other users on the machine of course, but it's simple enough to do it this way for completeness sake. Reported-by: Ronald Volgers <r.c.volgers@student.utwente.nl> Signed-off-by: Jeff Layton <jlayton@redhat.com> Acked-by: Steve French <sfrench@us.ibm.com> Part 2/2 of a fix for CVE-2009-2948. (cherry picked from commit acfc9978afbde87dde3b70daccdbfd7e0a1d52e4)
* mount.cifs: check access of credential files before openingJeff Layton2009-10-011-0/+11
| | | | | | | | | | | | | | | | It's possible for an unprivileged user to pass a setuid mount.cifs a credential or password file to which he does not have access. This can cause mount.cifs to open the file on his behalf and possibly leak the info in the first few lines of the file. Check the access permissions of the file before opening it. Reported-by: Ronald Volgers <r.c.volgers@student.utwente.nl> Signed-off-by: Jeff Layton <jlayton@redhat.com> Acked-by: Steve French <sfrench@us.ibm.com> Part 1/2 of a fix for CVE-2009-2948. (cherry picked from commit b656deb5d7e97176c32b61b7659258846db16887)
* WHATSNEW: Prepare release notes for 3.2.15.Karolin Seeger2009-10-011-2/+62
| | | | | Karolin (cherry picked from commit fb513bdacaeaef7e3edb49d5b77661adf3a912bb)
* Raise version number up to 3.2.15.Karolin Seeger2009-10-011-1/+1
| | | | | Karolin (cherry picked from commit ab4af60c8311b0f60f18390b670f01e1296c5141)
* Revert "s3-ldap: Fix Bug #5879. Update LDAP schema for Netscape DS 5."Karolin Seeger2009-08-171-6/+1
| | | | | | This reverts commit 6a91468853d9c37993d109b079eb042d1b33cba9. Forgot for a second that there won't be any 3.2 maintenance releases...
* s3-ldap: Fix Bug #5879. Update LDAP schema for Netscape DS 5.Günther Deschner2009-08-171-1/+6
| | | | | | | | Patch from TAKEDA Yasuma <yasuma@osstech.co.jp>. Guenther (cherry picked from commit 9fa042bb9f71057fc869e37d4cc180e8a772b1bb) (cherry picked from commit a01f0a4025d382c1bc82f4992ea4566db4df3818)
* WHATSNEW: Actually it was Simo's patch...Karolin Seeger2009-08-121-0/+2
| | | | Karolin
* WHATSNEW: Update changes.Karolin Seeger2009-08-121-0/+2
| | | | Karolin
* Fix bug #6628 - "smbpassdb -a" using rid algorithm with tdbsam passdbSimo Sorce2009-08-121-1/+1
| | | | | | | | | | | | | samu_set_unix() does not use the rid allocator, but forces to use the algoritmic allocator unconditionally, this is wrong and inconsistent. Use samu_alloc_rid_unix() instead. (If we create a new user we should do it in a way consistent with all other commands like pdbedit -a and net rpc user add.) (cherry picked from commit e1d4db8f55b25c7e9c408cb334fb89ccfd4c6565) Signed-off-by: Michael Adam <obnox@samba.org> This fixes bug #6628.
* WHATSNEW: Update changes.Karolin Seeger2009-08-111-0/+1
| | | | Karolin
* s3:winbindd: raise the timeout for lsa_Lookup*() calls from 10 to 35 seconds.Stefan Metzmacher2009-08-112-1/+57
| | | | | | | metze (similar to commit 1e1445bc7672b17a1d689fa0f0732b05b6e04da5) Fixes bug #6627.
* WHATSNEW: Update changes since 3.2.13.Karolin Seeger2009-08-111-0/+1
| | | | Karolin
* s3:passdb: fix bug #6509: use gid (not uid) cache in fetch_gid_from_cache().Michael Adam2009-08-111-1/+1
| | | | | | With the previous code, the cache can never have been hit at all. Michael
* WHATSNEW: Update changes.Karolin Seeger2009-08-111-0/+2
| | | | Karolin
* s3:winbind:idmap_ldap: fix a crash bug in idmap_ldap_unixids_to_sids (#6387)Michael Adam2009-08-111-1/+1
| | | | | | | | | | | | | | | | | | | | | | | This fixes a crash bug hit when multiple mappings were found by the ldap search. This crash was caused by an ldap asssertion in ldap_next_entry because was set to NULL in each iteration. The corresponding fix was applied to the idmap_ldap_sids_to_unixids() by Jerry in 2007 (b066668b74768d9ed547f16bf7b6ba6aea5df20a). This fixes the crash part of bug #6387. There is a logic part, too: The problem currently only occurs when multiple mappings are found for one given unixid. Now winbindd does not crash any more but it does not correctly handle this situation. It just returns the last mapping from the ldap search results. This needs fixing. Michael (cherry picked from commit e9010fa366746ec1ae948dbcf3493d446e23b14c) Signed-off-by: Michael Adam <obnox@samba.org>
* WHATSNEW: Update WHATSNEW.Karolin Seeger2009-08-111-2/+7
| | | | Karolin
* WHATSNEW: Start WHATSNEW for 3.2.14.Karolin Seeger2009-08-101-2/+124
| | | | Karolin
* VERSION: Raise version up to 3.2.14.Karolin Seeger2009-08-101-1/+1
| | | | Karolin
* s3/smbldap: Fix typo in debug message.Karolin Seeger2009-08-061-1/+1
| | | | | | Karolin (cherry picked from commit 54dffbea663ecf4542d6c5e30da6e346d5d60424) (cherry picked from commit 2538df1ea3229ea6d8242b5ae6fdd3d453395609)
* Fix SAMR server for winbindd access. Ensure we allow MAX_ACCESS to be mapped ↵Jeremy Allison2009-08-041-2/+2
| | | | | | | to what we're giving Everyone. Jeremy. Fixes bug #6504. (cherry picked from commit 4e854cb52cfb4f3c25c92324c6e7505f1c8290b3)
* s3/docs: Fix typos.Karolin Seeger2009-08-031-2/+2
| | | | | | | | | Thanks to OPC oota <t-oota@dh.jp.nec.com> for reporting! Karolin (cherry picked from commit 7ee7ec3fdba2ef6a6cc3e1f96a5d2154290cdb18) (cherry picked from commit c94d3183a8e4c7e03c0dd2771cb7b9f4665198ce) (cherry picked from commit 1310ba934b87b804f435cef2c21e6e65590e4a83)
* handling upn nameBo Yang2009-07-273-3/+21
| | | | | | | | | lookupname failed, cannot find domain when attempt to change password. This addresses bug #6560. Signed-off-by: Bo Yang <boyang@samba.org>
* s3:util: let parent_dirname() correctly return toplevel filenamesStefan Metzmacher2009-07-031-1/+1
| | | | | | | | | metze (cherry picked from commit a14efbadd53ac9678d75e6029f947d63cfa0c4e5) Signed-off-by: Stefan Metzmacher <metze@samba.org> This addresses bug #6526.
* Fix bug #6520 time stamps.Jeremy Allison2009-07-021-3/+32
| | | | | | | | | E.g. last mod time is not preserved when "unix extensions=yes" are set - and u Cancel out any pending "sticky" writes or "last write" changes when doing a UNIX info level set. Jeremy. (cherry picked from commit 5b03af33ad45368bea7cf6cabc91f62e2503de99)
* s3/docs: Fix typo.Matt Kraai2009-07-011-1/+1
| | | | | | | This fixes bug #6519. (cherry picked from commit 4fb1f8e8fe46b3e77c06612ac3fc3d67cf650a11) (cherry picked from commit 39bfcc5d50892ad0c387f0ca3932e961e77fdc39) (cherry picked from commit 408cc7ec9f4119aa9a768474152a83ef796309a9)
* Don't require "Modify property" perms to unjoin (bug #6481) "net ads leave" ↵Jim McDonough2009-06-306-21/+55
| | | | | | | | | | | | | | | | | | | | stopped working when "modify properties" permissions were not granted (meaning you had to be allowed to disable the account that you were about to delete). Libnetapi should not delete machine accounts, as this does not happen on win32. The WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE flag really means "disable" (both in practice and docs). However, to keep the functionality in "net ads leave", we will still try to do the delete. If this fails, we try to do the disable. Additionally, it is possible in windows to not disable or delete the account, but just tell the local machine that it is no longer in the account. libnet can now do this as well. Don't use ads realm name for non-ads case. #6481 Also check that the connection to ads worked.
* s3-test: add RPC-SAMR-MACHINE-AUTH to list of tests to run against s3.Günther Deschner2009-06-291-0/+2
| | | | Guenther
* WHATSNEW: Update changes.Karolin Seeger2009-06-291-3/+9
| | | | | Karolin (cherry picked from commit c5a0590a2efb9c0e8565e822dfc7cea92af0bece)
* WHATSNEW: Update changes since 3.2.12.Karolin Seeger2009-06-291-2/+1686
| | | | | Karolin (cherry picked from commit d85b881d66841a5dac66a98a94f251f58d66d1c4)
* VERSION: Raise version number up to 3.2.13.Karolin Seeger2009-06-291-1/+1
| | | | | Karolin (cherry picked from commit 0239c6555dbf515935fed7b958cfcce24810f07f)
* Fix bug 6478Volker Lendecke2009-06-291-20/+20
| | | | | This is the part of checkin cfee2025 that is relevant to this bug. (cherry picked from commit 91ea0d3fa11fc209dc653dd09dfab6244fb80f0d)
* s3/lanman: Workaround for KB932762.Volker Lendecke2009-06-271-0/+1
| | | | | | This addresses bug #6498. (cherry picked from commit a702dea5a86f22e0b7857b67447152a06b3bbea2) (cherry picked from commit aa769edfcef6937927201f765509c10b60764817)
* s3/docs: Fix typo.Karolin Seeger2009-06-191-1/+1
| | | | | | | | | | This fixes bug #6412. Thanks to Carsten Dumke <carsten [at] cdumke.de> for reporting! Karolin (cherry picked from commit 4ad43a21344b43f1c9fe459165098bcab1695711) (cherry picked from commit 84750d556d0a42b5d8b134308311e2cb9a533b58) (cherry picked from commit 304c25a518aba988c3d36e78f6a8416a340b3b33)
* s3-net: Fix bug 6340: don't segfault when cleartext trustdom pwd could not ↵Günther Deschner2009-06-191-1/+1
| | | | | | be retrieved. Guenther
* Bug 6488: acl_group_override() call in posix acls references an ↵Jeremy Allison2009-06-191-12/+10
| | | | | | uninitialized variable. (cherry picked from commit f92195e3a1baaddda47a5d496f9488c8445b41ad)
* Fix bug #6487: Missing DFS call in trans2 mkdir call. (cherry picked from ↵Jeremy Allison2009-06-191-0/+15
| | | | | | commit 1a0005e1c508cf3b170d1c7e43b94a47b2820506) (cherry picked from commit 133cdb46be154eeceb080fa9db88a38d9f87c919)
* s3-lsa: Fix _lsa_LookupNames2() server implementation which always returned ↵Günther Deschner2009-06-181-0/+1
| | | | | | | | | | | | | | a NULL sid_array since 3.2.0. Found by torture test. This makes it possible to search for users while adding them to groups via windows usermanager. Fixes bug #6484. Guenther (cherry picked from commit 0cfe59f1b580371f445b50151ceae5aef02bf0c4)
* Fix bug #6476 - more then 3000 smbd-zombies in memoryJeremy Allison2009-06-181-4/+15
| | | | | | | We weren't reaping children in the [x]inetd case. Jeremy. (cherry picked from commit 7e51314f2e18241876b049642fcb133df7e44c70)
* s3/docs: Add documentation for 'net sam rights'.Karolin Seeger2009-06-181-0/+27
| | | | | | | This is part of a fix for bug #6328. Karolin (cherry picked from commit a5a31512de9d9b9ed7eed906487dd154fde7e483)
* s3/packaging: pam_winbind has been moved to section 8.Karolin Seeger2009-06-171-1/+1
| | | | | | Karolin (cherry picked from commit 13494c0f8f9459c51b520a7cf60790e9e2f475b4) (cherry picked from commit 3c44cd7a10948454fea58f521164fdbe7e20d959)
* Fix bug #6421 - POSIX read-only open fails on read-only shares. The change ↵Jeremy Allison2009-06-172-8/+12
| | | | | | to smbd/trans2.c opens up SETFILEINFO calls to POSIX_OPEN only. The change to first smbd/open.c closes 2 holes that would have been exposed by allowing POSIX_OPENS on readonly shares, and their ability to set arbitrary flags permutations. The O_CREAT -> O_CREAT|O_EXCL change removes an illegal combination (O_EXCL without O_CREAT) that previously was being passed down to the open syscall. Jeremy. (cherry picked from commit 79f26472b4ae561ec00c30f31dd63ccab6dfc0c4)
* s3/libsmb: Fix typo in error message.Karolin Seeger2009-06-171-1/+1
| | | | | | | | Thanks to Herb Lewis <hlewis [at] panasas.com> for noticing! Was commit 095f66b0 in master. Karolin
* s3/docs: Fix typo.Karolin Seeger2009-06-161-1/+1
| | | | | | Karolin (cherry picked from commit 6e45c21384b8845422967ff1fa46e48de9fee1ab) (cherry picked from commit aa97504f0358dcc23de7a65f39a1c4d24f0709b7)
* WHATSNEW: Fix typo.Karolin Seeger2009-06-151-1/+1
| | | | Karolin
* Fix the section of the pam_winbind manpage.Andreas Schneider2009-06-152-4/+4
| | | | Signed-off-by: Andreas Schneider <mail@cynapses.org>
* Move pam_winbind to the right manpage section (8).Andreas Schneider2009-06-151-0/+0
| | | | | | | Signed-off-by: Andreas Schneider <mail@cynapses.org> (cherry picked from commit 59ab1574e41993d24733affbca07d3f7da245fc7) (cherry picked from commit d547aab1511c72e1cab034e2945f6ad63bda6659) (cherry picked from commit c9b89676983c5fd0ec12df121fc5d9e06facdd80)
* Dcoument the PAM data exports in the pam_winbind manpage.Andreas Schneider2009-06-151-0/+44
| | | | | | | Signed-off-by: Andreas Schneider <mail@cynapses.org> (cherry picked from commit 1809ff4b2339bd3066532abccea0944da45edf64) (cherry picked from commit 5d2dfba6d1699c6e417cc21233a1cc871f3c0ad1) (cherry picked from commit 282682c989a8008de5f8d30c48c9a740b315a230)
generated by cgit (git 2.34.1) at 2024-05-01 02:27:49 +0000